Mining Network Events using Traceroute Empathy

In the never-ending quest for tools that enable an ISP to smooth troubleshooting and improve awareness of network behavior, very much effort has been devoted in the collection of data by active and passive measurement at the data plane and at the control plane level. Exploitation of collected data has been mostly focused on anomaly detection and on root-cause analysis. Our objective is somewhat in the middle. We consider traceroutes collected by a network of probes and aim at introducing a practically applicable methodology to quickly spot measurements that are related to high-impact events happened in the network. Such filtering process eases further in- depth human-based analysis, for example with visual tools which are effective only when handling a limited amount of data. We introduce the empathy relation between traceroutes as the cornerstone of our formal characterization of the traceroutes related to a network event. Based on this model, we describe an algorithm that finds traceroutes related to high-impact events in an arbitrary set of measurements. Evidence of the effectiveness of our approach is given by experimental results produced on real-world data.Comment: 8 pages, 7 figures, extended version of Discovering High-Impact Routing Events using Traceroutes, in Proc. 20th International Symposium on Computers and Communications (ISCC 2015

The Fault-Finding Capacity of the Cable Network When Measured Along Complete Paths

We look into whether or not it is possible to find the exact location of a broken node in a communication network by using the binary state (normal or failed) of each link in the chain. To find out where failures are in a group of nodes of interest, it is necessary to link the different states of the routes to the different failures at the nodes. Due to the large number of possible node failures that need to be listed, it may be hard to check this condition on large networks. The first important thing we've added is a set of criteria that are both enough and necessary for testing in polynomial time whether or not a set of nodes has a limited number of failures. As part of our requirements, we take into account not only the architecture of the network but also the positioning of the monitors. We look at three different types of probing methods. Each one is different depending on the nature of the measurement paths, which can be random, controlled but not cycle-free, or uncontrolled (depending on the default routing protocol). Our second contribution is an analysis of the greatest number of failures (anywhere in the network) for which failures within a particular node set can be uniquely localized and the largest node set within which failures can be uniquely localized under a given constraint on the overall number of failures in the network. Both of these results are based on the fact that failures can be uniquely localized only if there is a constraint on the overall number of failures. When translated into functions of a per-node attribute, the sufficient and necessary conditions that came before them make it possible for an efficient calculation of both measurements

SRLG: To Finding the Packet Loss in Peer to Peer Network

We introduce the ideas of watching methods (MPs) and watching cycles (MCs) for distinctive localization of shared risk connected cluster (SRLG) failures in all-optical networks. An SRLG failure causes multiple links to interrupt at the same time due to the failure of a typical resource. MCs (MPs) begin and finish at identical (distinct) watching location(s).They are constructed such any SRLG failure leads to the failure of a unique combination of methods and cycles. We tend to derive necessary and ample conditions on the set of MCs and MPs required for localizing associate single SRLG failure in a capricious graph. We determine the minimum range of optical splitters that area unit needed to watch all SRLG failures within the network. Extensive simulations area unit won�t to demonstrate the effectiveness of the planned watching technique

Fundamental limits of failure identifiability by Boolean Network Tomography

Boolean network tomography is a powerful tool to infer the state (working/failed) of individual nodes from path-level measurements obtained by egde-nodes. We consider the problem of optimizing the capability of identifying network failures through the design of monitoring schemes. Finding an optimal solution is NP-hard and a large body of work has been devoted to heuristic approaches providing lower bounds. Unlike previous works, we provide upper bounds on the maximum number of identifiable nodes, given the number of monitoring paths and different constraints on the network topology, the routing scheme, and the maximum path length. The proposed upper bounds represent a fundamental limit on the identifiability of failures via Boolean network tomography. This analysis provides insights on how to design topologies and related monitoring schemes to achieve the maximum identifiability under various network settings. Through analysis and experiments we demonstrate the tightness of the bounds and efficacy of the design insights for engineered as well as real network

CAIR: Using Formal Languages to Study Routing, Leaking, and Interception in BGP

The Internet routing protocol BGP expresses topological reachability and policy-based decisions simultaneously in path vectors. A complete view on the Internet backbone routing is given by the collection of all valid routes, which is infeasible to obtain due to information hiding of BGP, the lack of omnipresent collection points, and data complexity. Commonly, graph-based data models are used to represent the Internet topology from a given set of BGP routing tables but fall short of explaining policy contexts. As a consequence, routing anomalies such as route leaks and interception attacks cannot be explained with graphs. In this paper, we use formal languages to represent the global routing system in a rigorous model. Our CAIR framework translates BGP announcements into a finite route language that allows for the incremental construction of minimal route automata. CAIR preserves route diversity, is highly efficient, and well-suited to monitor BGP path changes in real-time. We formally derive implementable search patterns for route leaks and interception attacks. In contrast to the state-of-the-art, we can detect these incidents. In practical experiments, we analyze public BGP data over the last seven years

Consistent SDNs through Network State Fuzzing

The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Nevertheless, bugs, misconfigurations, faults or attacks can introduce inconsistencies that undermine correct operation. Previous work in this area, however, lacks a holistic methodology to tackle this problem and thus, addresses only certain parts of the problem. Yet, the consistency of the overall system is only as good as its least consistent part. Motivated by an analogy of network consistency checking with program testing, we propose to add active probe-based network state fuzzing to our consistency check repertoire. Hereby, our system, PAZZ, combines production traffic with active probes to continuously test if the actual forwarding path and decision elements (on the data plane) correspond to the expected ones (on the control plane). Our insight is that active traffic covers the inconsistency cases beyond the ones identified by passive traffic. PAZZ prototype was built and evaluated on topologies of varying scale and complexity. Our results show that PAZZ requires minimal network resources to detect persistent data plane faults through fuzzing and localize them quickly

Consistent SDNs through Network State Fuzzing

The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Unfortunately, bugs, misconfigurations, faults or attacks can introduce inconsistencies that undermine correct operation. Previous work in this area, however, lacks a holistic methodology to tackle this problem and thus, addresses only certain parts of the problem. Yet, the consistency of the overall system is only as good as its least consistent part. Motivated by an analogy of network consistency checking with program testing, we propose to add active probe-based network state fuzzing to our consistency check repertoire. Hereby, our system, PAZZ, combines production traffic with active probes to periodically test if the actual forwarding path and decision elements (on the data plane) correspond to the expected ones (on the control plane). Our insight is that active traffic covers the inconsistency cases beyond the ones identified by passive traffic. PAZZ prototype was built and evaluated on topologies of varying scale and complexity. Our results show that PAZZ requires minimal network resources to detect persistent data plane faults through fuzzing and localize them quickly while outperforming baseline approaches.Comment: Added three extra relevant references, the arXiv later was accepted in IEEE Transactions of Network and Service Management (TNSM), 2019 with the title "Towards Consistent SDNs: A Case for Network State Fuzzing

A New Enhanced Technique for Identify Node Failure With Optimal Path In Network

We examine the skill of limiting node failures in communication networks from binary states of end-to-end paths. Specified a set of nodes of curiosity, inimitably localizing failures within this set necessitates that un a like apparent path states secondary with different node failure events. Though, this disorder is tough to test on large networks due to the necessity to compute all thinkable node failures. Our first input is a set of appropriate/compulsory conditions for detecting a bounded number of letdowns within a random node set that can be verified in polynomial time. In adding to network topology and locations of monitors, our circumstances also join constraints compulsory by the searching device used. Both measures can be rehabilitated into purposes of a per-node stuff, which can be calculated professionally based on the above enough/essential circumstances