broker
play

Broker Matthias Vallentin UC Berkeley International Computer - PowerPoint PPT Presentation

Mar 14, 2024 •345 likes •755 views

Broker Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16 Communication in Bro Tap Internal Internet Firewall Tap Network Frontend Nodes Manager + Proxy + ... ... Proxy Backend Nodes

  1. Broker Matthias Vallentin UC Berkeley International Computer Science Institute (ICSI) BroCon '16

  2. Communication in Bro Tap Internal Internet Firewall Tap Network Frontend Nodes Manager + Proxy + ... ... Proxy Backend Nodes Broccoli, Python Ruby & Perl Bro Independent Bindings Bindings Cluster Broccoli Broccoli State 2005 2007 2008 2011

  3. Communication in Bro Exploiting Independent State For Network Intrusion Detection Tap Internal Internet Firewall Tap Network Robin Sommer Vern Paxson Frontend Nodes TU M¨ unchen ICSI/LBNL Manager sommer@in.tum.de vern@icir.org + Proxy + coming ... ... Proxy Backend Nodes soon! Broccoli, Abstract in the context of a single process is a minor subset of the Python Ruby & Perl NIDS process’s full state: either higher-level results (often Bro just alerts) sent between processes to facilitate correlation or Broker Broker Network intrusion detection systems (NIDSs) critically Independent Bindings Bindings aggregation, or log files written to disk for processing in the rely on processing a great deal of state. Often much of this future. The much richer (and bulkier) internal state of the state resides solely in the volatile processor memory acces- Cluster Broccoli Broccoli 0.4 1.0 NIDS remains exactly that, internal. It cannot be accessed State sible to a single user-level process on a single machine. In by other processes unless a special means is provided for this work we highlight the power of independent state , i.e., doing so, and it is permanently lost upon termination of the internal fine-grained state that can be propagated from one 2005 2007 2008 2015 2016/17 2011

  4. Outline • Overview • API • Performance • Outlook

  5. Overview

  6. Broker = Bro'ish data model + publish/subscribe communication + distributed key-value stores

  7. Publish/Subscribe Communication Organization Internet

  8. Publish/Subscribe Communication C++ C++ C++ Organization Internet

  9. Publish/Subscribe Communication C++ Model Model Model C++ C++ Organization Internet

  10. Publish/Subscribe Communication C++ Model Model Model C++ C++ Organization Internet

  11. Publish/Subscribe Communication C++ C++ C++ Organization Internet Model Model Model

  12. Publish/Subscribe Communication C++ C++ C++ Organization Internet

  13. Publish/Subscribe Communication C++ C++ C++ File File File Organization Internet

  14. Publish/Subscribe Communication C++ C++ C++ File File File Organization Internet

  15. Publish/Subscribe Communication C++ File C++ File C++ File Organization Internet

  16. Publish/Subscribe Communication C++ C++ C++ Result Organization Internet

  17. Publish/Subscribe Communication C++ C++ C++ Result Organization Internet

  18. Publish/Subscribe Communication C++ Result C++ C++ Organization Internet

  19. Distributed Key-Value Stores M C C C M endpoint master M C C clone C

  20. Broker's Data Model Arithmetic Network Container Other Time none address vector boolean interval port set string count timestamp subnet table integer real

  21. API

  22. Lessons Learned • Functionality : It Just Works • Usability : no native type support, lots of "data wrapping" • Semantics : no support for nonblocking processing

  23. Current API using&namespace&broker; Initialize the Broker library. (Only one broker instance per process allowed.) init(); endpoint&ep{"sender"}; Create a local endpoint. ep.peer("127.0.0.1",&9999); Block until connection status changes. ep.outgoing_connection_status().need_pop(); auto&msg&=&message{ When communicating with Bro, the first &&"my_event", argument must be a string identifying the event &&"Hello&C++&Broker!", name. The remaining values represent the event &&42u arguments. }; Publish the event under topic bro/event . ep.send("bro/event",&msg); Block until connection status changes. ep.outgoing_connection_status().need_pop();

  24. New API using&namespace&broker; A context encapsulates global state for a set of context&ctx; endpoints (e.g., worker threads, scheduler, etc.) auto&ep&=&ctx.spawn<blocking>(); Create a local endpoint with blocking API. ep.peer("127.0.0.1",&9999); auto&v&=&vector{ Create a vector of data. &&"my_event", New semantics: a message is a topic plus data , not a sequence of data. &&"Hello&C++&Broker!", &&42u }; Publish the event under topic bro/event . ep.publish("bro/event",&v);

  25. Blocking vs. Non-Blocking API context&ctx; context&ctx; auto&ep&=&ctx.spawn<blocking>(); auto&ep&=&ctx.spawn<nonblocking>(); ep.subscribe("foo"); //&Called&asynchronously&by&the&runtime. ep.subscribe("bar"); ep.subscribe( &&"foo", //&Block&and&wait. &&[=](const&topic&&t,&const&data&&d)&{ auto&msg&=&ep.receive(); &&&&cout&<<&t&<<&"&Q>&"&<<&d&<<&endl; cout&<<&msg.topic() &&} &&&&&<<&"&Q>&" ); &&&&&<<&msg.data() &&&&&<<&endl; //&As&above,&just&for&a&different&topic. ep.subscribe( //&Equivalent&semantics;&functional&API.& &&"bar", ep.receive( &&[=](const&topic&&t,&const&data&&d)&{ &&[&](const&topic&&t,&const&data&&d)&{ &&&&cout&<<&t&<<&"&Q>&"&<<&d&<<&endl; &&&&scout&<<&t&<<&"&Q>&"&<<&d&<<&endl; &&} &&} ); )

  26. Available backends: Data Store APIs 1. In-memory 2. SQLite 3. RocksDB //&Setup&endpoint&topology. context&ctx; auto&ep0&=&ctx.spawn<blocking>(); auto&ep1&=&ctx.spawn<blocking>(); auto&ep2&=&ctx.spawn<blocking>(); M ep0.peer(ep1); ep0.peer(ep2); //&Attach&stores. auto&m&=&ep0.attach<master,&memory>("lord"); auto&c0&=&ep1.attach<clone>("lord"); auto&c1&=&ep2.attach<clone>("lord"); //&Write&to&the&master&directly. mQ>put("foo",&42); mQ>put("bar",&"baz"); C C //&After&propagation,&query&the&clones. sleep(propagation_delay); auto&v0&=&c0Q>get("key");& auto&v1&=&c1Q>get("key"); assert(v0&&&&v1&&&&*v0&==&*v1);

  27. Data Store APIs // Blocking API. Returns expected<data>. auto v = c->get<blocking>("key"); // Non-blocking API. // Runtime invokes callback. M c->get<nonblocking>("key").then( [=](data& d) { cout << "got it: " << d << endl; }, [=](error& e) { cerr << "uh, this went wrong: " << e << endl; } C C );

  28. Performance

  29. Simple Benchmark • Throughput analysis • Two endpoints: sender & receiver • Message = conn.log entry • System: MacBook Pro • 16 GB RAM • 4 x 2.8 GHz Core i7

  30. Throughput 60K 40% Throughput (msg/sec) 40K 20K 0 new old Version

  31. Outlook

  32. Roadmap to 1.0 function &lookup(key:&string)&:&any;& 1. Finish Python bindings when&(& local &x&=&lookup("key")&)& &&{& && local &result&=&"";& 2. Implement Bro endpoint && switch (&x&)& &&&&{& &&&& case &addr:& 3. Pattern matching in Bro &&&&&& if &(&x&in&10.0.0.0/8&)& &&&&&&&&result&=&"contained";& &&&& case &string:& 4. Flow control &&&&&&result&=&"error:&lookup()&failed:&"&+&x;& &&&&}& &&}

  33. Flow Control

  34. Flow Control Intermediate buffer

  35. Flow Control STILL OVERFLOWING

  36. Flow Control

  37. Flow Control Reject at the boundary

  38. CAF: Messaging Building Block • CAF = C ++ A ctor F ramework • Implementation of the Actor Model • Light-weight, type-safe, scalable • Network transparency

  39. Bro Data Flows Master Events Workers Logs write(2) Packets

  40. Questions? Docs: &https://bro.github.io/broker& Chat: https://gitter.im/bro/broker& Code: https://github.com/bro/broker

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Who is Broker Direct? Broker Direct is a blend of Underwriting Agency, Wholesale Broker and Third

Who is Broker Direct? Broker Direct is a blend of Underwriting Agency, Wholesale Broker and Third

Who is Broker Direct? Broker Direct is a blend of Underwriting Agency, Wholesale Broker and Third Party Administrator focussed on the UK Personal and Commercial Lines market. The brand was established in 1997 with a unique proposition: a general

234 views • 8 slides
Broker Seminar Oct 17 Agenda Broker Solutions Manufacturer &amp; Wholesaler of Investment

Broker Seminar Oct 17 Agenda Broker Solutions Manufacturer &amp; Wholesaler of Investment

Broker Seminar Oct 17 Agenda Broker Solutions Manufacturer &amp; Wholesaler of Investment Product 100% Broker focused Broker FX A new FX and International Payments Platform MiFID II &amp; the New Consumer Protection

1.07k views • 80 slides
DRAFT DRAFT A service of Maryland Health Benefit Exchange Broker Information DRAFT DRAFT 2

DRAFT DRAFT A service of Maryland Health Benefit Exchange Broker Information DRAFT DRAFT 2

Broker &amp; TPA JAD May 23, 2013 DRAFT DRAFT A service of Maryland Health Benefit Exchange Broker Information DRAFT DRAFT 2 Broker Topics Transaction files Broker XSD Group file 834 Individual initial enrollment with broker

730 views • 25 slides
K.SKOURAS CUSTOMS BROKER (AEOF CERTIFIED AGENT) Brief Company Presentation K.Skouras Customs

K.SKOURAS CUSTOMS BROKER (AEOF CERTIFIED AGENT) Brief Company Presentation K.Skouras Customs

K.SKOURAS CUSTOMS BROKER (AEOF CERTIFIED AGENT) Brief Company Presentation K.Skouras Customs Broker K.SKOURAS Customs Broker Kyriakos Skouras Customs Broker, is one of the leading agencies in the customs brokers industry in Greece, operating

534 views • 12 slides
ASN Broker Public Company Limited Opportunity Day 26 November 2018 ASN Broker Public Company

ASN Broker Public Company Limited Opportunity Day 26 November 2018 ASN Broker Public Company

ASN Broker Public Company Limited ASN Broker Public Company Limited Opportunity Day 26 November 2018 ASN Broker Public Company Limited Agenda Company Overview I Q3 2018 Financial Performance II Q3 2018 Key Developments III 2 ASN Broker Public

542 views • 16 slides
Broker/Navigator Changes 4.1 Washington Healthplanfinder System Re l e as e April 11, 2017 65

Broker/Navigator Changes 4.1 Washington Healthplanfinder System Re l e as e April 11, 2017 65

Washington Health Benefit Exchange Broker/Navigator Changes 4.1 Washington Healthplanfinder System Re l e as e April 11, 2017 65 Broker/Navigator Changes Broker/Navigator Partnership Enhancements Navigators can Terminate Partnership with

512 views • 12 slides
Software Engineering and Architecture Broker IPC over HTTP History In the 1990, there was a

Software Engineering and Architecture Broker IPC over HTTP History In the 1990, there was a

Software Engineering and Architecture Broker IPC over HTTP History In the 1990, there was a lot of hype about building distributed systems in the OO paradigm / Broker based CORBA Version 1 - 1991 Microsoft DCOM About the same

554 views • 22 slides
Mortgage Broker Mortgage Broker 1. Brokers teach you how to buy. Good brokers will guide you

Mortgage Broker Mortgage Broker 1. Brokers teach you how to buy. Good brokers will guide you

8 Powerful Reasons 8 Powerful Reasons You Need A You Need A Mortgage Broker Mortgage Broker 1. Brokers teach you how to buy. Good brokers will guide you through the home buying process, from application, liaising with your solicitor,

674 views • 10 slides
The profitability analysis of the multi-band spectrum broker Marcin PARZY Poznan University of

The profitability analysis of the multi-band spectrum broker Marcin PARZY Poznan University of

The profitability analysis of the multi-band spectrum broker Marcin PARZY Poznan University of Technology Spectrum crunch 2 New licensing scheme DVB-T PMSE DVB-T PMSE BROKER BROKER Trading and auctioning

417 views • 13 slides
ASN Broker Public Company Limited Opportunity Day 11 November 2016 ASN Broker Public Company

ASN Broker Public Company Limited Opportunity Day 11 November 2016 ASN Broker Public Company

ASN Broker Public Company Limited ASN Broker Public Company Limited Opportunity Day 11 November 2016 ASN Broker Public Company Limited Agenda I II III IV 2 ASN Broker Public Company Limited Company Overview 3 Company structure ASN

644 views • 21 slides
SEC Fiduciary Rule Initiative HISTORICAL DISTINCTION BETWEEN ADVISERS AND BROKER-DEALERS In

SEC Fiduciary Rule Initiative HISTORICAL DISTINCTION BETWEEN ADVISERS AND BROKER-DEALERS In

SEC Fiduciary Rule Initiative HISTORICAL DISTINCTION BETWEEN ADVISERS AND BROKER-DEALERS In the aftermath of the Great Depression, the U.S. securities industry was reorganized and regulated based on a fundamental premise that broker-dealers

447 views • 11 slides
Latest Case Law Developments Navigating the Evolving Scope and Breadth of a Broker's Duties and

Latest Case Law Developments Navigating the Evolving Scope and Breadth of a Broker's Duties and

Presenting a live 90-minute webinar with interactive Q&amp;A Insurance Broker Liability to Policyholders for Denied Claims: Latest Case Law Developments Navigating the Evolving Scope and Breadth of a Broker's Duties and Obligations WEDNESDAY,

745 views • 51 slides
Finders and Unregistered Broker-Dealers: Understanding the Risks and Recent Developments Avoiding

Finders and Unregistered Broker-Dealers: Understanding the Risks and Recent Developments Avoiding

Presenting a 90-Minute Encore Presentation of the Webinar with Live, Interactive Q&amp;A Finders and Unregistered Broker-Dealers: Understanding the Risks and Recent Developments Avoiding the Pitfalls of Broker-Dealer Registration Violations,

1.14k views • 58 slides
The USAs Only All -Asia Broker Who We Are Decker is the ONLY Asian emerging and frontier

The USAs Only All -Asia Broker Who We Are Decker is the ONLY Asian emerging and frontier

The USAs Only All -Asia Broker Who We Are Decker is the ONLY Asian emerging and frontier specialist broker in the United States. Launched in 2013 at the request of 5 of the USAs largest emerging market investment funds Decker now

199 views • 18 slides
ASKET Ltd Simon broker@asket.co.uk 00971 528 333 164 0044 782 7012 195 www.asket.co.uk ASKET

ASKET Ltd Simon broker@asket.co.uk 00971 528 333 164 0044 782 7012 195 www.asket.co.uk ASKET

ASKET Ltd Simon broker@asket.co.uk 00971 528 333 164 0044 782 7012 195 www.asket.co.uk ASKET Ltd Worlds leading independent security broker founded in 2013 Fully independent and integrated service working directly for the shipping

334 views • 22 slides
WHOLESALE BROKER TRAINING SUMMARY OF Thank you for choosing to partner up with Nations Direct

WHOLESALE BROKER TRAINING SUMMARY OF Thank you for choosing to partner up with Nations Direct

WHOLESALE BROKER TRAINING SUMMARY OF Thank you for choosing to partner up with Nations Direct Mortgage for your Wholesale Lending needs. We are CONTENTS 100% commited to our Broker partner's success. OUR MAIN - Important Info TOPICS TODAY

474 views • 23 slides
Policy Options to Promote IPv6 Deployment Internet Week Guyana/LACNIC On The Move 12 October

Policy Options to Promote IPv6 Deployment Internet Week Guyana/LACNIC On The Move 12 October

Policy Options to Promote IPv6 Deployment Internet Week Guyana/LACNIC On The Move 12 October 2017 kevon@lacnic.net The new, larger version of the Internet: IPv6 Video url: https://www.youtube.com/watch?v=- Uwjt32NvVA Trends Available

365 views • 19 slides
non-traditional provider issues - policy and economic Mark Johnson MCNC Private, Not for profit

non-traditional provider issues - policy and economic Mark Johnson MCNC Private, Not for profit

non-traditional provider issues - policy and economic Mark Johnson MCNC Private, Not for profit Organization Established in 1980 as Microelectronics Center of North Carolina; Became MCNC in 1990 Founded by NC General Assembly as

81 views • 5 slides
Actors for the Internet of Things Pushing CAF to RIOT Raphael Hiesgen

Actors for the Internet of Things Pushing CAF to RIOT Raphael Hiesgen

Actors for the Internet of Things Pushing CAF to RIOT Raphael Hiesgen raphael.hiesgen@haw-hamburg.de Internet Technologies Group Hamburg University of Applied Sciences Agenda 1. General Background 2. Actors for the IoT 3. CAF on RIOT 4.

692 views • 38 slides
Introduction Textbook: Network Security: Private Communication in a Public World, 2nd

Introduction Textbook: Network Security: Private Communication in a Public World, 2nd

8.10.2019 Books Introduction Textbook: Network Security: Private Communication in a Public World, 2nd Ahmet Burak Can Edition. C. Kaufman, R. Perlman, and M. Speciner, Prentice-Hall Hacettepe University Computer Security and the

506 views • 5 slides
CWB Network Information exChange Environment (NICE) Mark Cheng Central Weather Bureau, Taiwan,

CWB Network Information exChange Environment (NICE) Mark Cheng Central Weather Bureau, Taiwan,

CWB Network Information exChange Environment (NICE) Mark Cheng Central Weather Bureau, Taiwan, R.O.C. CWB NICE - Mark Cheng 1 2011/4/1 NICE A network based application framework for real time distributed data processing 1. Roles and

247 views • 23 slides
NIS Breakfast Briefing Secure Your Supply Chain Thursday 6 th September 2018 Agenda Welcome

NIS Breakfast Briefing Secure Your Supply Chain Thursday 6 th September 2018 Agenda Welcome

NIS Breakfast Briefing Secure Your Supply Chain Thursday 6 th September 2018 Agenda Welcome David Duke, Gemserv An Introduction to NIS Ian Davis, Gemserv Case Study National Energy Generator and Distributor Andy Green, Aprose

572 views • 44 slides
MEETING JANUARY 10, 2018 JANUARY AGENDA Call to Order 12:00 Roll Call and Introductions,

MEETING JANUARY 10, 2018 JANUARY AGENDA Call to Order 12:00 Roll Call and Introductions,

EHEALTH COMMISSION MEETING JANUARY 10, 2018 JANUARY AGENDA Call to Order 12:00 Roll Call and Introductions, Approval of November minutes, and January Agenda and Objectives Announcements 12:05 OeHI Updates State Agency, Community Partner,

785 views • 39 slides
Supercomputers and Supercomputers and Clusters and Grids, Clusters and Grids, Oh My! Oh My!

Supercomputers and Supercomputers and Clusters and Grids, Clusters and Grids, Oh My! Oh My!

OSC Statewide Users Group Distinguished Lecture Series and OSC Statewide Users Group Distinguished Lecture Series and Ralph Regula Regula School of Computational Science Lecture Series School of Computational Science Lecture Series Ralph

468 views • 19 slides

More recommend