extensible and scalable network monitoring using opensafe
play

Extensible and Scalable Network Monitoring Using OpenSAFE Jeffrey - PowerPoint PPT Presentation

Aug 21, 2023 •453 likes •817 views

Background OpenSAFE and ALARMS Implementation Conclusion Extensible and Scalable Network Monitoring Using OpenSAFE Jeffrey R. Ballard Ian Rae Aditya Akella Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network

  1. Background OpenSAFE and ALARMS Implementation Conclusion Extensible and Scalable Network Monitoring Using OpenSAFE Jeffrey R. Ballard Ian Rae Aditya Akella Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  2. Background OpenSAFE and ALARMS Implementation Conclusion Outline 1 Background Network monitoring How monitoring is done today 2 OpenSAFE and ALARMS OpenSAFE ALARMS Rule Aggregation Distribution 3 Implementation Mapping to OpenFlow Switch Example 4 Conclusion Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE Related Work

  3. Background OpenSAFE and ALARMS Network monitoring Implementation How monitoring is done today Conclusion Motivation We want to monitor the network. Specifically, we want to allow administrators to easily : • collect network usage statistics • detect intrusions • provide forensic evidence Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  4. Background OpenSAFE and ALARMS Network monitoring Implementation How monitoring is done today Conclusion Challenges Middleboxes are commonly used, however, they present challenges. . . 1 Speed 2 Cost 3 Flexibility 1 Setup: rewire 2 Change: rewire 3 Add new middlebox: rewire . . . making them ill suited for network monitoring. Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  5. Background OpenSAFE and ALARMS Network monitoring Implementation How monitoring is done today Conclusion Example: College of Engineering Campus Connections to the College: Backbone Red links = 10 Gbps 2 x 10 Gbps links Routers White links = 1 Gbps 22 x 1 Gbps links Router 1 Router 2 x2 Building 1 Building 7 x5 x2 x2 x2 x2 x2 Building 2 Building 6 Building 3 Building 4 Building 5 Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  6. Background OpenSAFE and ALARMS Network monitoring Implementation How monitoring is done today Conclusion How do people actually do it? Mirror (or tap) an interesting network interface to another switch port, then listen to that port with something like Snort. Advantage over a middlebox: monitoring has no impact on the production traffic and routes. Disadvantages: the traffic can run you over, and it’s still hard to add new detectors. Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  7. Background OpenSAFE and ALARMS Network monitoring Implementation How monitoring is done today Conclusion What it looks like today Network A Network B Firewall Monitoring Device Network B Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  8. Background OpenSAFE and ALARMS Network monitoring Implementation How monitoring is done today Conclusion What we want to do Network A Monitoring Device 1 Network B Firewall Monitoring Programmable Device 2 Network Layer ... Monitoring Network B Device n Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  9. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution OpenSAFE OpenSAFE uses a programmable network fabric to. . . • Selectively match network flows • Arbitrarily direct network flows to other switch ports at line rate • Direct exceptions to a software component • Enable the use of commodity network hardware Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  10. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Why not implement it in software? We could use something like Click to dynamically manage detectors. Major problem: software is not fast enough! Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  11. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Solution: Hardware! Easiest: Custom ASICs 1 Expensive 2 Non-standard 3 Potentially hard to configure But we have something that can do this. . . Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  12. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Programmable Network Fabric While OpenSAFE would be compatible with any programmable network fabric, we implemented OpenSAFE in OpenFlow since it is available today. The key elements are: 1 speed 2 heterogeneity 3 flexibility 4 cost Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  13. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Example OpenSAFE Layout Network A OpenFlow Controller Snort Network B Firewall OpenFlow dSniff Decryption Network B Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  14. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution ALARMS ALARMS: A Language for Arbitrary Route Management for Security Basic building blocks are paths of: • Inputs: copy of traffic from a mirror switch port • Selects: restricts the set of traffic for this rule • Filters: pass the traffic through an application • Sinks: where to finally direct the traffic Combining these gives us a rich set of configurations. Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  15. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Simple Example We will use the following example over the next few slides: TCP Mirror Counter Dump Port: 80 Take all TCP port 80 traffic, send it to a counter, and then send it to a machine running tcpdump . Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  16. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Paths Filters Input Select Sinks A path is: A source switch port with selection criteria . . . which goes into zero or more filters . . . then out to one or more sinks Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  17. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution OpenSAFE Schematic OpenFlow Controller Sink 1 OpenFlow Input ... Switch Sink n ... Filter 1 Filter m Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  18. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Policy naming In OpenSAFE all switch ports are named. Logically, ALARMS articulates paths of named switch ports. Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  19. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Revisiting our example TCP Mirror Counter Dump Port: 80 . . . becomes . . . Port 80 Mirror Counter TCP Dump mirror[http] -> counter -> tcpdump; Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  20. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Let’s get some more paths Mirror Port 80 Counter TCP Dump mirror[http] -> counter -> tcpdump; Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  21. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Let’s get some more paths Mirror Port 80 Counter TCP Dump mirror[http] -> counter -> tcpdump; Port 443 Mirror Decryption Counter TCP Dump mirror[https] -> decrypt -> counter -> tcpdump; Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  22. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Waypoints As more rules are added, often the rules follow the same paths making rule management difficult. Solution: Waypoint Waypoints are virtual destinations for paths. Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  23. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Waypoint example Mirror Port 443 Decryption Web Counter TCP Dump Mirror Port 80 mirror[https] -> decrypt -> web; mirror[http] -> web; web -> counter -> tcpdump; Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

  24. Background OpenSAFE OpenSAFE and ALARMS ALARMS Implementation Rule Aggregation Conclusion Distribution Multiple Destinations In ALARMS, multiple destinations are easy: TCP Dump 1 Mirror Port 80 TCP Dump 2 mirror[http] -> { ALL, tcpdump1, tcpdump2 } ; Jeffrey R. Ballard, Ian Rae, Aditya Akella Extensible and Scalable Network Monitoring Using OpenSAFE

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

goProbe: A Scalable Distributed Network Monitoring Solution Christian Decker Lennart Elsen

goProbe: A Scalable Distributed Network Monitoring Solution Christian Decker Lennart Elsen

goProbe: A Scalable Distributed Network Monitoring Solution Christian Decker Lennart Elsen Fabian Kohn Roger Wattenhofer Goal Enable quick and efficient retrieval of key pieces of information about traffic patterns in global networks Goal

559 views • 45 slides
The CASE of FEMU: Cheap, Accurate, Scalable and Extensible Flash Emulator Huaicheng Li , Mingzhe

The CASE of FEMU: Cheap, Accurate, Scalable and Extensible Flash Emulator Huaicheng Li , Mingzhe

The CASE of FEMU: Cheap, Accurate, Scalable and Extensible Flash Emulator Huaicheng Li , Mingzhe Hao, Michael Hao Tong, + Swaminatahan Sundararaman*, Matias Bjrling , Haryadi S. Gunawi + * ceres.cs.uchicago.edu 2 FEMU @ FAST 18 What

239 views • 20 slides
An Extensible Architecture for Run-time Monitoring of Conversational Web Services Konstantinos

An Extensible Architecture for Run-time Monitoring of Conversational Web Services Konstantinos

An Extensible Architecture for Run-time Monitoring of Conversational Web Services Konstantinos Bratanis, Dimitris Dranidis, Anthony J.H. Simons South East European Research Centre (SEERC) Research Centre of the University of Sheffield and CITY

748 views • 50 slides
An extensible light-weight XML-based monitoring system for sequence databases Dieter Van de Craen

An extensible light-weight XML-based monitoring system for sequence databases Dieter Van de Craen

Motivation Introduction to XML and XPath System Overview Evaluation Experiments Incremental Maintenance Conclusion An extensible light-weight XML-based monitoring system for sequence databases Dieter Van de Craen 1 Frank Neven 1 Kerstin Koch

753 views • 64 slides
When simplicity becomes complex On the road to a scalable and dynamic SURFnet7 network Terena

When simplicity becomes complex On the road to a scalable and dynamic SURFnet7 network Terena

When simplicity becomes complex On the road to a scalable and dynamic SURFnet7 network Terena Network Architects Workshop, Copenhagen Wouter Huisman What do we want from a network? Scalable Flexible Cost efficient Endusers

347 views • 31 slides
Scalable Interconnection Networks 1 Scalable, High Performance Network At Core of Parallel

Scalable Interconnection Networks 1 Scalable, High Performance Network At Core of Parallel

Scalable Interconnection Networks 1 Scalable, High Performance Network At Core of Parallel Computer Architecture Requirements and trade-offs at many levels Elegant mathematical structure Deep relationships to algorithm structure

691 views • 52 slides
Auto configuration and management mechanism for the robotics self extensible WiFi network Keiichi

Auto configuration and management mechanism for the robotics self extensible WiFi network Keiichi

Auto configuration and management mechanism for the robotics self extensible WiFi network Keiichi Shima 1,2 Yojiro Uo 2 Sho Fujita 3 1 Nara Institute of Science and Technology 2 Internet Initiative Japan 3 University of Tokyo Problems Most of

234 views • 8 slides
WIFI FIRE: A A Scalable e Da Data-Driven M Monitoring, D Dynamic Prediction and R an Res

WIFI FIRE: A A Scalable e Da Data-Driven M Monitoring, D Dynamic Prediction and R an Res

WIFI FIRE: A A Scalable e Da Data-Driven M Monitoring, D Dynamic Prediction and R an Res esil ilie ience C Cyb yberin infrastructure for Wild ildfir ires Monitoring Visualization Fire Modeling Data CA F Fires 10/2017 t 2017

447 views • 11 slides
Network Services on Service Extensible Routers Lukas Ruf Computer Engineering and Networks

Network Services on Service Extensible Routers Lukas Ruf Computer Engineering and Networks

Network Services on Service Extensible Routers Lukas Ruf Computer Engineering and Networks Laboratory (TIK) Swiss Federal Institute of Technology (ETH) Z urich IWAN 2005, Sophia-Antipolis. 22. November 2005 Generously supported by IBM

340 views • 21 slides
Scalable data store and analy/cs pla1orm for monitoring WLCG,

Scalable data store and analy/cs pla1orm for monitoring WLCG,

Scalable data store and analy/cs pla1orm for monitoring WLCG, a distributed data-intensive scien/fic infrastructure Uthay Suthakar Brunel University

223 views • 19 slides
Cache Coherence in Scalable Machines Scalable Cache Coherent Systems Scalable, distributed

Cache Coherence in Scalable Machines Scalable Cache Coherent Systems Scalable, distributed

Cache Coherence in Scalable Machines Scalable Cache Coherent Systems Scalable, distributed memory plus coherent replication Scalable distributed memory machines P-C-M nodes connected by network communication assist interprets

1.13k views • 87 slides
STAR: Self-Tuning Aggregation for Scalable Monitoring [On job market next year] Navendu Jain,

STAR: Self-Tuning Aggregation for Scalable Monitoring [On job market next year] Navendu Jain,

STAR: Self-Tuning Aggregation for Scalable Monitoring [On job market next year] Navendu Jain, Dmitry Kit, Prince Mahajan, Praveen Yalagandula , Mike Dahlin, and Yin Zhang University of Texas at Austin HP Labs Motivating Application

643 views • 28 slides
Toward S Scalable M Monitoring on L Large-Sc Scale e Storage for S Softw tware D Defi

Toward S Scalable M Monitoring on L Large-Sc Scale e Storage for S Softw tware D Defi

Toward S Scalable M Monitoring on L Large-Sc Scale e Storage for S Softw tware D Defi fined Cyb yberinfrastr tructu ture Arnab K. Paul , Ryan Chard , Kyle Chard , Steven Tuecke , Ali R. Butt , Ian Foster

582 views • 24 slides
Exploiting Constraints to Build a Flexible and Extensible Data Stream Processing Middleware

Exploiting Constraints to Build a Flexible and Extensible Data Stream Processing Middleware

Exploiting Constraints to Build a Flexible and Extensible Data Stream Processing Middleware Workshop on Scalable Stream Processing Systems (SSPS) IPDPS 2010, Atlanta/Georgia, USA 19.04.2010 Nazario Cipriani, Carlos Lbbe, Alexander

450 views • 24 slides
Reliable Adaptive Lightweight Multicast Protocol Ken Tang, Scalable Network Technologies Katia

Reliable Adaptive Lightweight Multicast Protocol Ken Tang, Scalable Network Technologies Katia

Reliable Adaptive Lightweight Multicast Protocol Ken Tang, Scalable Network Technologies Katia Obraczka, UC Santa Cruz Sung-Ju Lee, Hewlett-Packard Laboratories Mario Gerla, UCLA Overview Ad hoc network introduction QualNet network

246 views • 21 slides
Network La Unin Hace La Fuerza Comite Civico del Valle Coachella Valley Air Monitoring Network

Network La Unin Hace La Fuerza Comite Civico del Valle Coachella Valley Air Monitoring Network

Coachella Valley Air Monitoring Network La Unin Hace La Fuerza Comite Civico del Valle Coachella Valley Air Monitoring Network Proposed Sites of Monitors in the Coachella Valley Air Monitoring Network Desert Mirage High School

398 views • 16 slides
Applying QM Standards: The Process and Product of a Program Review Rae Mancilla, Ed.D. &

Applying QM Standards: The Process and Product of a Program Review Rae Mancilla, Ed.D. &

Applying QM Standards: The Process and Product of a Program Review Rae Mancilla, Ed.D. & Barbara Frey, D.Ed. Agenda Introductions Program background Review process Report critique Discussion Q/A Session Objectives

654 views • 16 slides
MCMCT Group of 25 social service agencies and community members working together with parents to

MCMCT Group of 25 social service agencies and community members working together with parents to

MCMCT Group of 25 social service agencies and community members working together with parents to increase access to high quality out-of-school-time programs* for all children ages 6 12 in Toronto. * (before and afterschool, holidays and

609 views • 27 slides
High-Performance Transaction Processing in SAP HANA Presentation by Young-Rae Kim What is SAP

High-Performance Transaction Processing in SAP HANA Presentation by Young-Rae Kim What is SAP

High-Performance Transaction Processing in SAP HANA Presentation by Young-Rae Kim What is SAP HANA? An in-memory, column-oriented, RDBMS marketed by SAP SE. [1] HANA is not an acronym. What is SAP HANA? An in-memory/main

424 views • 13 slides
AEZ ... Y 1 Y m v. 4 C 1 C 1 C m C m Viet Tung Hoang Phillip Rogaway Ted Krovetz

AEZ ... Y 1 Y m v. 4 C 1 C 1 C m C m Viet Tung Hoang Phillip Rogaway Ted Krovetz

M 1 M 1 M m M m Some thoughts on X 1 X m S S AEZ ... Y 1 Y m v. 4 C 1 C 1 C m C m Viet Tung Hoang Phillip Rogaway Ted Krovetz Florida State University Univ of California, Davis Sacramento State USA USA USA DIAC

468 views • 19 slides
Identifying Relevant Sources for Data Linking using a Semantic Web Index Andriy Nikolov Mathieu

Identifying Relevant Sources for Data Linking using a Semantic Web Index Andriy Nikolov Mathieu

Identifying Relevant Sources for Data Linking using a Semantic Web Index Andriy Nikolov Mathieu dAquin Knowledge Media Institute The Open University, UK How to link a new dataset? What other repositories contain relevant data which I

546 views • 16 slides
How much meaning can you pack into a real-valued vector? Semantic similarity measuring using

How much meaning can you pack into a real-valued vector? Semantic similarity measuring using

How much meaning can you pack into a real-valued vector? Semantic similarity measuring using recursive auto-encoders Wojciech Walczak Samsung R&D Institute Poland, 2016 Agenda Why are we here? Why is paraphrase detection important?

483 views • 22 slides
RIV and Resilient Authenticated Encryption Farzaneh Abed 1 , Christian Forler 2 , Eik List 1 ,

RIV and Resilient Authenticated Encryption Farzaneh Abed 1 , Christian Forler 2 , Eik List 1 ,

RIV and Resilient Authenticated Encryption Farzaneh Abed 1 , Christian Forler 2 , Eik List 1 , Stefan Lucks 1 , Jakob Wenzel 1 1 Bauhaus-Universitt Weimar 2 Hochschule Schmalkalden Dagstuhl, Jan 10-15, 2016 Section 1 RIV Dagstuhl, Jan 10-15,

1.16k views • 40 slides
Combining Teaching and Research in Text-Mining from Social and Cultural Data Claire Brierley and

Combining Teaching and Research in Text-Mining from Social and Cultural Data Claire Brierley and

School of something FACULTY OF OTHER Combining Teaching and Research in Text-Mining from Social and Cultural Data Claire Brierley and Eric Atwell School of Games Computing and Creative Technologies, University of Bolton and School of

551 views • 17 slides

More recommend