21 research outputs found
Mining Network Events using Traceroute Empathy
In the never-ending quest for tools that enable an ISP to smooth
troubleshooting and improve awareness of network behavior, very much effort has
been devoted in the collection of data by active and passive measurement at the
data plane and at the control plane level. Exploitation of collected data has
been mostly focused on anomaly detection and on root-cause analysis. Our
objective is somewhat in the middle. We consider traceroutes collected by a
network of probes and aim at introducing a practically applicable methodology
to quickly spot measurements that are related to high-impact events happened in
the network. Such filtering process eases further in- depth human-based
analysis, for example with visual tools which are effective only when handling
a limited amount of data. We introduce the empathy relation between traceroutes
as the cornerstone of our formal characterization of the traceroutes related to
a network event. Based on this model, we describe an algorithm that finds
traceroutes related to high-impact events in an arbitrary set of measurements.
Evidence of the effectiveness of our approach is given by experimental results
produced on real-world data.Comment: 8 pages, 7 figures, extended version of Discovering High-Impact
Routing Events using Traceroutes, in Proc. 20th International Symposium on
Computers and Communications (ISCC 2015
The Fault-Finding Capacity of the Cable Network When Measured Along Complete Paths
We look into whether or not it is possible to find the exact location of a broken node in a communication network by using the binary state (normal or failed) of each link in the chain. To find out where failures are in a group of nodes of interest, it is necessary to link the different states of the routes to the different failures at the nodes. Due to the large number of possible node failures that need to be listed, it may be hard to check this condition on large networks. The first important thing we've added is a set of criteria that are both enough and necessary for testing in polynomial time whether or not a set of nodes has a limited number of failures. As part of our requirements, we take into account not only the architecture of the network but also the positioning of the monitors. We look at three different types of probing methods. Each one is different depending on the nature of the measurement paths, which can be random, controlled but not cycle-free, or uncontrolled (depending on the default routing protocol). Our second contribution is an analysis of the greatest number of failures (anywhere in the network) for which failures within a particular node set can be uniquely localized and the largest node set within which failures can be uniquely localized under a given constraint on the overall number of failures in the network. Both of these results are based on the fact that failures can be uniquely localized only if there is a constraint on the overall number of failures. When translated into functions of a per-node attribute, the sufficient and necessary conditions that came before them make it possible for an efficient calculation of both measurements
SRLG: To Finding the Packet Loss in Peer to Peer Network
We introduce the ideas of watching methods (MPs) and watching cycles (MCs) for distinctive localization of shared risk connected cluster (SRLG) failures in all-optical networks. An SRLG failure causes multiple links to interrupt at the same time due to the failure of a typical resource. MCs (MPs) begin and finish at identical (distinct) watching location(s).They are constructed such any SRLG failure leads to the failure of a unique combination of methods and cycles. We tend to derive necessary and ample conditions on the set of MCs and MPs required for localizing associate single SRLG failure in a capricious graph. We determine the minimum range of optical splitters that area unit needed to watch all SRLG failures within the network. Extensive simulations area unit won�t to demonstrate the effectiveness of the planned watching technique
Fundamental limits of failure identifiability by Boolean Network Tomography
Boolean network tomography is a powerful tool to infer the state (working/failed) of individual nodes from path-level measurements obtained by egde-nodes. We consider the problem of optimizing the capability of identifying network failures through the design of monitoring schemes. Finding an optimal solution is NP-hard and a large body of work has been devoted to heuristic approaches providing lower bounds. Unlike previous works, we provide upper bounds on the maximum number of identifiable nodes, given the number of monitoring paths and different constraints on the network topology, the routing scheme, and the maximum path length. The proposed upper bounds represent a fundamental limit on the identifiability of failures via Boolean network tomography. This analysis provides insights on how to design topologies and related monitoring schemes to achieve the maximum identifiability under various network settings. Through analysis and experiments we demonstrate the tightness of the bounds and efficacy of the design insights for engineered as well as real network
CAIR: Using Formal Languages to Study Routing, Leaking, and Interception in BGP
The Internet routing protocol BGP expresses topological reachability and
policy-based decisions simultaneously in path vectors. A complete view on the
Internet backbone routing is given by the collection of all valid routes, which
is infeasible to obtain due to information hiding of BGP, the lack of
omnipresent collection points, and data complexity. Commonly, graph-based data
models are used to represent the Internet topology from a given set of BGP
routing tables but fall short of explaining policy contexts. As a consequence,
routing anomalies such as route leaks and interception attacks cannot be
explained with graphs.
In this paper, we use formal languages to represent the global routing system
in a rigorous model. Our CAIR framework translates BGP announcements into a
finite route language that allows for the incremental construction of minimal
route automata. CAIR preserves route diversity, is highly efficient, and
well-suited to monitor BGP path changes in real-time. We formally derive
implementable search patterns for route leaks and interception attacks. In
contrast to the state-of-the-art, we can detect these incidents. In practical
experiments, we analyze public BGP data over the last seven years
Consistent SDNs through Network State Fuzzing
The conventional wisdom is that a software-defined network (SDN) operates under the premise that the logically centralized control plane has an accurate representation of the actual data plane state. Nevertheless, bugs, misconfigurations, faults or attacks can introduce inconsistencies that undermine correct operation. Previous work in this area, however, lacks a holistic methodology to tackle this problem and thus, addresses only certain parts of the problem. Yet, the consistency of the overall system is only as good as its least consistent part. Motivated by an analogy of network consistency checking with program testing, we propose to add active probe-based network state fuzzing to our consistency check repertoire. Hereby, our system, PAZZ, combines production traffic with active probes to continuously test if the actual forwarding path and decision elements (on the data plane) correspond to the expected ones (on the control plane). Our insight is that active traffic covers the inconsistency cases beyond the ones identified by passive traffic. PAZZ prototype was built and evaluated on topologies of varying scale and complexity. Our results show that PAZZ requires minimal network resources to detect persistent data plane faults through fuzzing and localize them quickly
Consistent SDNs through Network State Fuzzing
The conventional wisdom is that a software-defined network (SDN) operates
under the premise that the logically centralized control plane has an accurate
representation of the actual data plane state. Unfortunately, bugs,
misconfigurations, faults or attacks can introduce inconsistencies that
undermine correct operation. Previous work in this area, however, lacks a
holistic methodology to tackle this problem and thus, addresses only certain
parts of the problem. Yet, the consistency of the overall system is only as
good as its least consistent part. Motivated by an analogy of network
consistency checking with program testing, we propose to add active probe-based
network state fuzzing to our consistency check repertoire. Hereby, our system,
PAZZ, combines production traffic with active probes to periodically test if
the actual forwarding path and decision elements (on the data plane) correspond
to the expected ones (on the control plane). Our insight is that active traffic
covers the inconsistency cases beyond the ones identified by passive traffic.
PAZZ prototype was built and evaluated on topologies of varying scale and
complexity. Our results show that PAZZ requires minimal network resources to
detect persistent data plane faults through fuzzing and localize them quickly
while outperforming baseline approaches.Comment: Added three extra relevant references, the arXiv later was accepted
in IEEE Transactions of Network and Service Management (TNSM), 2019 with the
title "Towards Consistent SDNs: A Case for Network State Fuzzing
A New Enhanced Technique for Identify Node Failure With Optimal Path In Network
We examine the skill of limiting node failures in communication networks from binary states of end-to-end paths. Specified a set of nodes of curiosity, inimitably localizing failures within this set necessitates that un a like apparent path states secondary with different node failure events. Though, this disorder is tough to test on large networks due to the necessity to compute all thinkable node failures. Our first input is a set of appropriate/compulsory conditions for detecting a bounded number of letdowns within a random node set that can be verified in polynomial time. In adding to network topology and locations of monitors, our circumstances also join constraints compulsory by the searching device used. Both measures can be rehabilitated into purposes of a per-node stuff, which can be calculated professionally based on the above enough/essential circumstances