failure isolation in the wide area
play

Failure Isolation in the Wide Area Ethan Katz-Bassett, David - PowerPoint PPT Presentation

Mar 22, 2023 •43 likes •463 views

Failure Isolation in the Wide Area Ethan Katz-Bassett, David Choffnes, Colin Scott, Harsha Madhyastha, Arvind Krishnamurthy and Tom Anderson University of Washington *funded by NSF Outages happen. Theyre expensive, embarrassing and

  1. Failure Isolation in the Wide Area Ethan Katz-Bassett, David Choffnes, Colin Scott, Harsha Madhyastha, Arvind Krishnamurthy and Tom Anderson University of Washington *funded by NSF

  2. Outages happen. • They’re expensive, embarrassing and annoying • They take a long time to fix – Alert – Troubleshoot – Repair • Lack of good tools for wide-area isolation • Some examples… Isolating Failures in the Wide Area 2

  3. Many outages and most are partial Outages grouped by number of witnessing VPs 6000 Approx 90% are partial 5000 4000 3000 # events 2000 1000 0 1 2 3 4 Number of VPs Isolating Failures in the Wide Area 3

  4. And can be surprisingly long-lasting Approx 10% last 10 minutes or longer Isolating Failures in the Wide Area 4

  5. Improving outage response time • Move from human to computer timescale – Detection • Hubble, NEWS – Isolation – Remediation Isolating Failures in the Wide Area 5

  6. What we know about outages • Hubble told us they can be … – Frequent and long-lasting • confirmed with EC2 study – Invisible to BGP feeds – Partial – Unidirectional – In ASes outside of source and destination Isolating Failures in the Wide Area 6

  7. But where are the outages? • Can’t fix a problem if you don’t know where • State of the art: traceroute – Only tells part of the story – Even with control of source and destination – Especially without control of destination Isolating Failures in the Wide Area 7

  8. Example confusion (12/16/10) “It seems traffic attempting to pass through Level3's network in the Washington, DC area is getting lost in the abyss. Here's a trace from VZ residential FIOS to www.level3.com :” – Outages.org list User 1 User 1: Broken link is in DC 1 Wireless_Broadband_Router.home [192.168.3.254] 2 L100.BLTMMD-VFTTP-40.verizon-gni.net [96.244.79.1] 3 G10-0-1-440.BLTMMD-LCR-04.verizon-gni.net [130.81.110.158] 4 so-2-0-0-0.PHIL-BB-RTR2.verizon-gni.net [130.81.28.82] 5 so-7-1-0-0.RES-BB-RTR2.verizon-gni.net [130.81.19.106] 6 0.ae2.BR2.IAD8.ALTER.NET [152.63.34.73] 7 ae7.edge1.washingtondc4.level3.net [4.68.62.137] 8 vlan80.csw3.Washington1.Level3.net [4.69.149.190] 9 ae-92-92.ebr2.Washington1.Level3.net [4.69.134.157] 10 * * * Request timed out. Isolating Failures in the Wide Area 8

  9. Example confusion (12/16/10) “It seems traffic attempting to pass through Level3's network in the Washington, DC area is getting lost in the abyss. Here's a trace from VZ residential FIOS to www.level3.com :” – Outages.org list User 2 User 1: Broken link is in DC 1 192.168.1.1 (192.168.1.1) 2 l100.washdc-vfttp-47.verizon-gni.net (96.255.98.1) 3 g4-0-1-747.washdc-lcr-07.verizon-gni.net (130.81.59.152) 4 so-3-0-0-0.lcc1-res-bb-rtr1-re1.verizon-gni.net (130.81.29.0) User 2: It’s in Denver? 5 0.ae1.br1.iad8.alter.net (152.63.32.141) 6 ae6.edge1.washingtondc4.level3.net (4.68.62.133) 7 vlan90.csw4.washington1.level3.net (4.69.149.254) 8 ae-71-71.ebr1.washington1.level3.net (4.69.134.133) 9 ae-8-8.ebr1.washington12.level3.net (4.69.143.218) 10 ae-1-100.ebr2.washington12.level3.net (4.69.143.214) Is this even the same problem? 11 ae-6-6.ebr2.chicago2.level3.net (4.69.148.146) 12 ae-1-100.ebr1.chicago2.level3.net (4.69.132.113) What if it’s on the reverse path? 13 ae-3-3.ebr2.denver1.level3.net (4.69.132.61) 14 ge-9-1.hsa1.denver1.level3.net (4.68.107.99) (and paths aren’t symmetric) 15 4.68.94.27 (4.68.94.27) 16 4.68.94.33 (4.68.94.33) 17 * * * Isolating Failures in the Wide Area 9

  10. System for wide-area failure isolation • Goal: Detect and isolate outages online • What kind of outages? – Long lasting, partial and avoidable • What kind of isolation? – IP link or ASN • How quickly? – Within seconds or small numbers of minutes Isolating Failures in the Wide Area 10

  11. Overview • Detection – Target selection – Implementation • Isolation Isolating Failures in the Wide Area 11

  12. Types of outages we detect • Focus on long-lasting, avoidable and high-impact outages – Long-lasting: not fixing itself (needs some help) – Avoidable: requires path diversity, no stub ASes – High impact: outages in PoPs affecting many paths Isolating Failures in the Wide Area 12

  13. Experimentation platform • Monitoring VPs: geographically diverse (~12) • CloudFront PoP (16) – Correlate with app-layer outages • Popular PoPs wrt # intersecting paths (83) – And targets on “other” side of PoPs (185) • PlanetLab hosts (76) – Ground-truth isolation Isolating Failures in the Wide Area 13

  14. Detection implementation • Partial outages – 2+ sources reach the destination – 2+ sources see no ping response 4 consecutive times (8 minutes) • Reducing noise – Destination is consistently reachable from 1+ sources (filter out lossy links) – 1+ sources without connectivity has seen at least one ping response from destination in the past Isolating Failures in the Wide Area 14

  15. Overview • Detection • Isolation – Approach – System design – Early results Isolating Failures in the Wide Area 15

  16. What we want out of isolation • Direction (forward or reverse) • Narrowly determine location (link or ASN) • Online (allow for immediate action) Isolating Failures in the Wide Area 16

  17. Isolation approach • When outage between two endpoints occurs: – What were the previously working paths ? – What are the current working hops ? – Combine to infer likely problem links/networks Isolating Failures in the Wide Area 17

  18. Enabling isolation during outages • Atlas of path information to “seed” isolation – Rapidly refreshed, historical path information – Forward & reverse traceroute (intermediate hops) – Historical alternative paths • Measurements during outages – Forward hops: spoofed forward traceroute – Pings to historical hops (fwd and rev) – Reverse hops: reverse traceroute Isolating Failures in the Wide Area 18

  19. Isolation system VPs Targets Isolating Failures in the Wide Area 19

  20. Traceroute atlas • Forward traceroutes to all targets – Updated every 5 minutes Isolating Failures in the Wide Area 20

  21. Each host traceroutes each target VPs Targets Isolating Failures in the Wide Area 21

  22. Traceroute atlas • Forward traceroutes to all targets – Updated every 5 minutes • Traceroutes toward measurement sources – Rounds start every 5 minutes – Maximum staleness: 15 minutes • Opportunities for optimization – Great motivation for work on path-measurement efficiency Isolating Failures in the Wide Area 22

  23. All VPs traceroute each other VPs Targets Isolating Failures in the Wide Area 23

  24. Traceroute atlas • Forward traceroutes to all targets – Updated every 5 minutes • Traceroutes toward measurement sources – Rounds start every 5 minutes – Maximum staleness: 15 minutes • Reverse path measurements – Use reverse traceroute technique… Isolating Failures in the Wide Area 24

  25. Each VP measures reverse paths VPs Targets Isolating Failures in the Wide Area 25

  26. Reverse traceroutes • Reverse path info generally requires – IP options support along the path – Limited spoofing – A lot of trial and error • Comparison – Fwd traceroute • 10s of measurements • Usually done in a few seconds (less than a minute at most) – Reverse traceroute (unoptimized) • ~40 measurements • 100s of seconds (median: 851 seconds when done in bulk) Isolating Failures in the Wide Area 26

  27. Scaling reverse traceroute • Feedback loop for retaining path knowledge – Path-segment caching layer – Batching/staging measurements – Clearing bottlenecks • Determining when to spoof • Identifying successful spoofers • Avoiding probes to unresponsive routers • Results (amortized averages) – Without optimizations: 53 seconds per revtr – With optimizations: 1-2 seconds (15 meas per revtr) Isolating Failures in the Wide Area 27

  28. Atlas VPs Destinations Isolating Failures in the Wide Area 28

  29. Measurements during outages VPs Target Isolating Failures in the Wide Area 29

  30. Spoofed forward traceroutes • Problem: traceroute can’t measure working forward path during reverse path outage – Need tool that avoids reverse path • SFT: TTL-limited probes spoofed as another VP – Select VPs that are likely to be reachable – Yields forward hops during reverse-path outage – Can provide more information than traceroute, even during forward/bidirectional failures Isolating Failures in the Wide Area 30

  31. Simple (real) example plgmu4.ite.gmu.edu to pl2.bit.uoit.ca Normal traceroute Spoofed traceroute 1. 199.26.254.65 1. 199.26.254.65 2. 10.255.255.250 2. 10.255.255.250 3. 192.70.138.121 3. 192.70.138.121 4. 192.70.138.110 4. 192.70.138.110 5. 216.24.186.86 5. 216.24.186.86 6. 216.24.186.84 6. 216.24.186.84 7. 216.24.184.46 7. 216.24.184.46 8. * * * 8. 205.189.32.229 9. * * * 9. 66.97.16.57 10. * * * 10. 66.97.23.238 11. * * * 11. pl2.bit.uoit.ca (205.211.183.4) 12. * * * Isolating Failures in the Wide Area 31

  32. SFT during a failure VP VP Ping Target from S, spoofing as each VP Target Source VP VP Isolating Failures in the Wide Area 32

  33. SFT during a failure VP If they reach spoofers, failure Spoof receiver must be on reverse path Target Source VP VP Isolating Failures in the Wide Area 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lube : Mitigating Bottlenecks in Hao Wang* Wide Area Data Analytics Baochun Li i Qua Wide Area

Lube : Mitigating Bottlenecks in Hao Wang* Wide Area Data Analytics Baochun Li i Qua Wide Area

HotCloud17 Lube : Mitigating Bottlenecks in Hao Wang* Wide Area Data Analytics Baochun Li i Qua Wide Area Data Analytics DC Master Namenode Workers Datanodes 2 Wide Area Data Analytics Why wide area data analytics? Data Volume

557 views • 19 slides
1 Outline Economics in Mariposa Apply a microeconomic paradigm for 1. Assumptions for DDBMS

1 Outline Economics in Mariposa Apply a microeconomic paradigm for 1. Assumptions for DDBMS

Why is Mariposa Important? Mariposa: A wide-area distributed database Wide-area ( WAN ) differ from Local-area ( LAN ) databases. Each individual site is set up differently: with different access methods. with different data

332 views • 5 slides
Wide-Area Modeling, Analysis and Control of Large-Scale Power Systems using Synchrophasors

Wide-Area Modeling, Analysis and Control of Large-Scale Power Systems using Synchrophasors

Wide-Area Modeling, Analysis and Control of Large-Scale Power Systems using Synchrophasors Aranya Chakrabortty North Carolina State University, Raleigh, NC Information Trust Institute at UIUC 7 th October, 2011 Wide Area Measurements (WAMS)

973 views • 56 slides
Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable

Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable

Serializable Snapshot Isolation Making ISOLATION LEVEL SERIALIZABLE Provide Serializable Isolation Dan Ports Kevin Grittner MIT Wisconsin Court System Saturday, May 21, 2011 1 Overview Serializable isolation makes it easier to reason

922 views • 60 slides
Area Network Schematic Storage Ppt Presentation Wide Area Network (WAN), Connect computers over a

Area Network Schematic Storage Ppt Presentation Wide Area Network (WAN), Connect computers over a

Area Network Schematic Storage Ppt Presentation Wide Area Network (WAN), Connect computers over a large area such as a town, city or country. Describe the bus topology, Single main cable to which computers are connected. Data storage is measured

363 views • 3 slides
Wide Area Networking A short introduction to High-Speed Wide-Area-Networking August 31, 2005 1

Wide Area Networking A short introduction to High-Speed Wide-Area-Networking August 31, 2005 1

Wide Area Networking A short introduction to High-Speed Wide-Area-Networking August 31, 2005 1 Wide Area Networking Quick introduction to the OSI model Quick introduction to TCP(/IP) Problems of TCP on a high speed WAN link

465 views • 21 slides
Optimizing Shuffle in Wide-Area Data Analytics Shuhao Liu * , Hao Wang, Baochun Li Department of

Optimizing Shuffle in Wide-Area Data Analytics Shuhao Liu * , Hao Wang, Baochun Li Department of

Optimizing Shuffle in Wide-Area Data Analytics Shuhao Liu * , Hao Wang, Baochun Li Department of Electrical & Computer Engineering University of Toronto What is: - Wide-Area Data Analytics? - Shuffle? 2 Wide-Area Data Analytics

482 views • 21 slides
Multi-Query Optimization in Wide-Area Streaming Analytics Albert Jonathan, Abhishek Chandra, Jon

Multi-Query Optimization in Wide-Area Streaming Analytics Albert Jonathan, Abhishek Chandra, Jon

Multi-Query Optimization in Wide-Area Streaming Analytics Albert Jonathan, Abhishek Chandra, Jon Weissman University of Minnesota Wide-Area Streaming Analytics Real-time analysis over large continuous data streams generated at the edge

316 views • 19 slides
TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation Han Song

TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation Han Song

TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation TenantGuard: Scalable Runtime Verification of Cloud-Wide VM-Level Network Isolation Han Song SJTU May 24, 2017 Han Song TenantGuard: Scalable Runtime

747 views • 54 slides
Pangaea: Wide-area File System Taming Aggressive Replication in the Pangaea o Support the daily

Pangaea: Wide-area File System Taming Aggressive Replication in the Pangaea o Support the daily

Pangaea: Wide-area File System Taming Aggressive Replication in the Pangaea o Support the daily Wide-area File System storage needs of distributed users. Y. Saito, C. Kaamanolis, M. Karlsson, M. Mahalingam o Enable ad-hoc data sharing.

622 views • 14 slides
Wide-Area Storage Stores: Stores: Stores: Status Updates

Wide-Area Storage Stores: Stores: Stores: Status Updates

Dont Se$le for Eventual : Scalable Causal Consistency for Wide-Area Storage

424 views • 41 slides
Risk and Security Assessment Zbigniew Kalbarczyk | 1 TCIPG Cluster Arrangement Communication and

Risk and Security Assessment Zbigniew Kalbarczyk | 1 TCIPG Cluster Arrangement Communication and

Risk and Security Assessment Zbigniew Kalbarczyk | 1 TCIPG Cluster Arrangement Communication and Data Delivery for Wide-Area Monitoring and Control Trustworthy cyber infrastructure and Wide-Area Monitoring and technologies for wide-area

296 views • 12 slides
Efficient wide-area sky monitoring Olaf Wucknitz wucknitz@mpifr-bonn.mpg.de Future Trends in

Efficient wide-area sky monitoring Olaf Wucknitz wucknitz@mpifr-bonn.mpg.de Future Trends in

Efficient wide-area sky monitoring Olaf Wucknitz wucknitz@mpifr-bonn.mpg.de Future Trends in Radio Astronomy Instrumentation Bonn/online, 2122 September 2020 Efficient wide-area sky monitoring Motivation: Lensed FRBs Need for

561 views • 21 slides
ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating

ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating

ADAPTED SPAULDING PYRAMID Making Isolation: How does it work? Patient Isolation- Creating auxiliary isolation rooms (CDC) SCRUBBERS - 1 ea to serve patient room, and 1 for Airlock Typically deployed on supplied wheel platform

144 views • 3 slides
W orkload Generation for ns Sim ulations of Wide Area Net w orks and the

W orkload Generation for ns Sim ulations of Wide Area Net w orks and the

W orkload Generation for ns Sim ulations of Wide Area Net w orks and the In ternet y z z y M Y uksel B Sikdar K S V astola and B Szymanski y Departmen t of Computer Science z

409 views • 15 slides
Towards Efficient Stream Processing in the Wide Area Matvey

Towards Efficient Stream Processing in the Wide Area Matvey

Towards Efficient Stream Processing in the Wide Area Matvey Arye Siddhartha Sen, Ariel Rabkin, Michael J. Freedman Princeton University Our

529 views • 40 slides
Identity and Streams Washington DC, Martin Thomson requestIdentity Reminder:

Identity and Streams Washington DC, Martin Thomson requestIdentity Reminder:

W3C stuff 2014-05 Interim, Identity and Streams Washington DC, Martin Thomson requestIdentity Reminder: RTCConfiguration parameter with three values: yes, ifconfigured, no. Originally included in support of

282 views • 11 slides
& Privacy Paul Ratazzi ,Ashok Bommisetti, Nian Ji, and Prof. Wenliang (Kevin) Du Department

& Privacy Paul Ratazzi ,Ashok Bommisetti, Nian Ji, and Prof. Wenliang (Kevin) Du Department

PINPOINT: Efficient & Effective Resource Isolation for Mobile Security & Privacy Paul Ratazzi ,Ashok Bommisetti, Nian Ji, and Prof. Wenliang (Kevin) Du Department of Electrical Engineering & Computer Science Syracuse University,

1.36k views • 21 slides
Notary: A Device for Secure Transaction Approval Anish Athalye Adam Belay Frans Kaashoek

Notary: A Device for Secure Transaction Approval Anish Athalye Adam Belay Frans Kaashoek

Notary: A Device for Secure Transaction Approval Anish Athalye Adam Belay Frans Kaashoek Robert Morris Nickolai Zeldovich MIT CSAIL 1 How to securely approve transactions? Users perform sensitjve transactjonal operatjons Bank

760 views • 49 slides
Fault Isolation and Quick Recovery in Isolation File Systems Lanyue Lu Andrea C. Arpaci-Dusseau

Fault Isolation and Quick Recovery in Isolation File Systems Lanyue Lu Andrea C. Arpaci-Dusseau

Fault Isolation and Quick Recovery in Isolation File Systems Lanyue Lu Andrea C. Arpaci-Dusseau Remzi H. Arpaci-Dusseau University of Wisconsin - Madison 1 File-System Availability Is Critical 2 File-System Availability Is Critical Main

1.76k views • 171 slides
FSU DEPARTMENT OF COMPUTER SCIENCE Isolation and Analysis of Optimization Errors by Mickey R.

FSU DEPARTMENT OF COMPUTER SCIENCE Isolation and Analysis of Optimization Errors by Mickey R.

FSU DEPARTMENT OF COMPUTER SCIENCE Isolation and Analysis of Optimization Errors by Mickey R. Boyd David B. Whalley Florida State University 1 FSU DEPARTMENT OF COMPUTER SCIENCE Motivation much time and effort spent during testing

744 views • 19 slides
Qubes OS Towards Secure & Trustworthy Personal Computing Joanna Rutkowska Invisible Things

Qubes OS Towards Secure & Trustworthy Personal Computing Joanna Rutkowska Invisible Things

Qubes OS Towards Secure & Trustworthy Personal Computing Joanna Rutkowska Invisible Things Lab and Qubes OS Project Qubes OS A reasonably secure OS for personal computers (currently: laptops & desktops) Security by Compartmentalization

1.16k views • 43 slides
CS-527 Software Security OS Security Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security OS Security Asst. Prof. Mathias Payer Department of Computer Science

CS-527 Software Security OS Security Asst. Prof. Mathias Payer Department of Computer Science Purdue University TA: Kyriakos Ispoglou https://nebelwelt.net/teaching/17-527-SoftSec/ Spring 2017 Unix security model Table of Contents Unix

463 views • 28 slides
Intent Semantics in the ABI Sergey Bratus, Julian Bangert Outline From faulty classic

Intent Semantics in the ABI Sergey Bratus, Julian Bangert Outline From faulty classic

Intent Semantics in the ABI Sergey Bratus, Julian Bangert Outline From faulty classic policies to a new sweet spot ABI-level objects and security policy ABI-level policy examples Why this works on x86 Future directions

499 views • 26 slides

More recommend