gradientgraph analytics identifying small yet high impact
play

GradientGraph Analytics: Identifying Small Yet High Impact Flows - PowerPoint PPT Presentation

Nov 08, 2022 •130 likes •424 views

GradientGraph Analytics: Identifying Small Yet High Impact Flows Using Zeek to Optimize Network Performance ZeekWeek 2019 Reservoir Labs Jordi Ros-Giralt, Sruthi Yellamraju, Peter Cullen, Troy Hanson, James Ezick, Alison Ryan, Erik Mogus,

  1. GradientGraph Analytics: Identifying Small Yet High Impact Flows Using Zeek to Optimize Network Performance ZeekWeek 2019 Reservoir Labs Jordi Ros-Giralt, Sruthi Yellamraju, Peter Cullen, Troy Hanson, James Ezick, Alison Ryan, Erik Mogus, Richard Lethin 1

  2. GradientGraph Analytics • Tackles critical network operations objective: Bringing today's network utilization from below 30% to above 90%. • Leverages Zeek for a (1) seamless and (2) scalable integration with (3) full visibility. [ spoiler alert - open sourcing a new Zeek analyzer ] ZeekWeek 2019 2

  3. Are all Elephant Flows Heavy Hitters? • Suppose N is a network with 6 TCP flows that receive this rate allocation vector: Mbps • Which is the largest (elephant) flow? ZeekWeek 2019 3

  4. Are all Elephant Flows Heavy Hitters? • Suppose N is a network with 6 TCP flows that receive this rate allocation vector: Mbps • Which is the largest (elephant) flow? ZeekWeek 2019 4

  5. Are all Elephant Flows Heavy Hitters? • Suppose N is a network with 6 TCP flows that receive this rate allocation vector: Mbps • Which is the largest (elephant) flow? ZeekWeek 2019 5

  6. Are all Elephant Flows Heavy Hitters? To the naked eye Are all Elephant Flows Heavy Hitters? it is, but not when you look at it close up • Suppose N is a network with 6 TCP flows that receive this rate allocation vector: Mbps • Which is the largest (elephant) flow? Flow Gradient Graph: ZeekWeek 2019 6

  7. Are all Elephant Flows Heavy Hitters? To the naked eye Are all Elephant Flows Heavy Hitters? it is, but not when you look at it close up Flow Gradient Graph: ZeekWeek 2019 7

  8. Problem Scope and Relevance [Slide taken from Bill Johnston's talk at ASCAC19: "ESnet: Advanced Networking for Data-Intensive Science"] ZeekWeek 2019 8

  9. Naked eye view is nice… But insufficient to understand bottlenecks and flows ZeekWeek 2019 9

  10. Towards an intimate understanding of bottlenecks and flows Water at 1 mile below Mars' surface ZeekWeek 2019 10

  11. Bottleneck Structure of Google's SDN WAN B4 Network • Google's B4 Network: (from ACM SIGCOMM paper) ZeekWeek 2019 11

  12. Bottleneck Structure of Google's SDN WAN B4 Network • Bottleneck Structure of B4 • Google's B4 Network: (shortest path full mesh configuration): (from ACM SIGCOMM paper) ZeekWeek 2019 12

  13. Theory of Bottleneck Ordering ZeekWeek 2019 13

  14. Theory of Bottleneck Ordering Mathematics? Let's not go there today… Full details will be presented at ACM SIGMETRICS 2020 ZeekWeek 2019 14

  15. ACM SIGMETRICS 2020 for full Math and Algorithms ZeekWeek 2019 15

  16. GradientGraph Analytics: Features and Functions • Interactive analytical dashboards • Computation of bottleneck structures • Real-time traffic engineering recommendations • Offline capacity planning suggestions • Network performance troubleshooting congestion analysis • Locating routing misconfigurations • Replay bottleneck structures ZeekWeek 2019 16

  17. GradientGraph Analytics: Operational Workflow Zeek ZeekWeek 2019 17

  18. Using Zeek for a (1) Seamless and (2) Scalable Integration with (3) Full Visibility • Shadow regions • No shadow regions • Disrupts existing operations • Scales well • Scalability challenges • No disruption ZeekWeek 2019 18

  19. New sFlow Analyzer • BinPAC: Really cool domain specific language: • Almost like writing an IETF RFC. • Full base parser up and running in a few days of work. • Great to leverage the 80/20 rule. • Basic functionality: • Populates 'service' field in conn.log with 'sflow' tag. • Two new events: • sflow_event: Issued for each sFlow datagram • sflow_pkt_sample: Issued for each sFlow sample • Two new logs: • sflow.log: A record for each sFlow datagram • sflow_sample.log: A record for each sFlow sample • We just open sourced it! https://github.com/zeek/packages/blob/master/reservoirlabs/bro-pkg.index ZeekWeek 2019 19

  20. New sFlow Analyzer: events.bif ## Generated for each sFlow datagram ## Reports one or more samples from a connection ## ## ## c: The sFlow connection ## c: The sFlow connection reporting the samples ## version: sFlow version ## addr_src: Source IP address of the sampled connection ## ip_version: agent's IP version (v4 or v6) -- ## addr_dst: destination IP address of the sampled connection ## see https://www.ietf.org/rfc/rfc3176.txt ## port_src: source port number of the sampled connection ## agent_addr: agent's IP address ## port_dst: destination port number of the sampled connection ## subagent_id: Sub-agent ID ## proto: Transport protocol ## seq_num: This datagram's sequence number ## srate: Current sampling rate ## sys_uptime: System up time ## num_samples: number of samples reported for this connection ## num_samples: Number of sFlow samples in this datagram ## ## event sflow_pkt_sample%(c: connection, event sflow_event%(c: connection, addr_src: count, version: count, addr_dst: count, ip_version: count, port_src: count, agent_addr: count, port_dst: count, subagent_id: count, proto: count, seq_num: count, srate: count, sys_uptime: count, num_samples: count%); num_samples: count%); ZeekWeek 2019 20

  21. New sFlow Analyzer: sflow-analyzer.pac refine flow SFLOW_Flow += { function proc_sflow_message(msg: SFLOW_PDU): bool %{ // Report first the general sflow event BifEvent::generate_sflow_event(connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), msg->header()->version(), msg->header()->ip_version(), msg->header()->agent_addr(), msg->header()->subagent_id(), msg->header()->seq_num(), msg->header()->sys_uptime(), msg->header()->num_samples()); (...) for (int i = 0; i < msg->samples()->size(); i++) { (...) BifEvent::generate_sflow_pkt_sample( connection()->bro_analyzer(), connection()->bro_analyzer()->Conn(), addr_src, addr_dst, port_src, port_dst, ip_pkt->ip_hdr()->proto(), fsample->srate(), 1); ZeekWeek 2019 21

  22. New sFlow Analyzer: sflow-protocol.pac (...) type FLOW_SAMPLE = record { sample_seqnum: uint32; src_type_idx: uint32; srate: uint32; spool: uint32; pkt_drops: uint32; snmp_if_in: uint32; snmp_if_out: uint32; num_flow_rec: uint32; flow_recs: FLOW_RECORDS(num_flow_rec); }; (...) type SFLOW_SAMPLE = record { enterprise_format: uint32; sample_len: uint32; # The last 12 bits of enterprise_format determine the format sample_body: case enterprise_format & 0xfff of { 1 -> flow_sample: FLOW_SAMPLE; 2 -> count_sample: UNSUPPORTED_SAMPLE(sample_len); default -> unsupported_sample: UNSUPPORTED_SAMPLE(sample_len); }; }; type SFLOW_SAMPLES(nsamples: uint32) = SFLOW_SAMPLE[nsamples]; type SFLOW_PDU(is_orig: bool) = record { header: SFLOW_HEADER; samples: SFLOW_SAMPLES(header.nsamples); } &byteorder=bigendian; ZeekWeek 2019 22

  23. New sFlow Analyzer: conn.log proto field [rscope-logs] /rscope_logs/logs# column -t ./current/conn.log | less -S #separator \x09 #set_separator , #empty_field (empty) #unset_field - #path conn #open 2019-10-09-02-52-16 #fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp #types time string addr port addr port enum string interval count count string bool bool 1570614672.117856 CMgQscmWr0fCGtQu fe80::f87b:bff:fe5e:c79d 133 ff02::2 134 icmp - 3.999985 16 0 OTH F F 0 1570614717.632911 CV4KU5zkYFHuyThv9 10.1.1.250 41224 10.1.1.224 6343 udp sflow 6.999701 26304 0 S0 T T 0 ZeekWeek 2019 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Small Business Development Center Mission: Provide high impact, quality counseling services and

Small Business Development Center Mission: Provide high impact, quality counseling services and

Yavapai College Small Business Development Center Mission: Provide high impact, quality counseling services and training to help small business owners achieve their goals, strengthening the Arizona economy. Americas Small Business

174 views • 14 slides
FINAL Green elements of the EU s Common Agriculture Policy and their special impact on small

FINAL Green elements of the EU s Common Agriculture Policy and their special impact on small

FINAL Green elements of the EU s Common Agriculture Policy and their special impact on small scale farming CEEweb agri-environment and Rural Development working group What do small-scale farmers produce? Why support them? HIGH QUALITY

954 views • 27 slides
Aligning HR Analytics to Business Objectives 1 4 June 2015 Agenda Identifying what

Aligning HR Analytics to Business Objectives 1 4 June 2015 Agenda Identifying what

Aligning HR Analytics to Business Objectives 1 4 June 2015 Agenda Identifying what matters in your organisation and tailoring your analyses to add value to the business Finding the link between business problems and workforce trends to

753 views • 36 slides
Environmental Baseline Study Project Description (EBS) Identifying the Impacts Impact

Environmental Baseline Study Project Description (EBS) Identifying the Impacts Impact

Environmental Baseline Study Project Description (EBS) Identifying the Impacts Impact Assessment &amp; Analysis Rapid Impact Ecological Capability Eco-Mapping Assessment Matrix Evaluation Conclusion Environmental Management Plan

530 views • 15 slides
EWB Network 4 22/01/2020 Identifying need and monitoring impact Welcome and cake Introductions

EWB Network 4 22/01/2020 Identifying need and monitoring impact Welcome and cake Introductions

EWB Network 4 22/01/2020 Identifying need and monitoring impact Welcome and cake Introductions Agenda 1. Feedback regarding action point 3 2. Few updates 3. Re-introduce the 8 Model Whole School Approach 4. Public Health BREAK AND NETWORK

324 views • 17 slides
Spark &amp; Spark SQL High-Speed In-Memory Analytics over

Spark &amp; Spark SQL High-Speed In-Memory Analytics over

CSE 6242 / CX 4242 Data and Visual Analytics | Georgia Tech Spark &amp; Spark SQL High-Speed In-Memory Analytics over Hadoop and Hive Data Instructor: Duen Horng (Polo) Chau 1 Slides adopted

792 views • 64 slides
Research s role in helping society cope with high impact weather events High Impact Weather

Research s role in helping society cope with high impact weather events High Impact Weather

Research s role in helping society cope with high impact weather events High Impact Weather Events High Impact Weather is weather that can result in significant impacts on safety, property and/or socioeconomic activity (Sills 2009)

765 views • 31 slides
Identifying and Treating Your High Risk Patient Population Beth Hickerson Quality Improvement

Identifying and Treating Your High Risk Patient Population Beth Hickerson Quality Improvement

Identifying and Treating Your High Risk Patient Population Beth Hickerson Quality Improvement Advisor August 15, 2017 HIGH RISK PATIENTS What and Why? What is a high-risk patient? High level of resource use (e.g., visits, meds, treatments)

509 views • 19 slides
Interactive Model Learning from High-Dimensional Data: A Visual Analytics Approach Klaus

Interactive Model Learning from High-Dimensional Data: A Visual Analytics Approach Klaus

Interactive Model Learning from High-Dimensional Data: A Visual Analytics Approach Klaus Mueller Klaus Mueller Computer Science Lab for Visual Analytics and Imaging (VAI) Stony Brook University Visual Analytics Visual Analytics (Laymans

1.18k views • 97 slides
Preterm and small for gestational Pregnancy: a stress test age (SGA) delivery Preterm

Preterm and small for gestational Pregnancy: a stress test age (SGA) delivery Preterm

Why hypertension in midlife women? Impact of Prior Preterm or Term Small for Gestational Age Birth Extent of awareness, treatment, and control of high BP Cardiovascular disease among women 40 years in the U.S (%) on Maternal Blood

347 views • 6 slides
CSE 255 Lecture 6 Data Mining and Predictive Analytics Community Detection Dimensionality

CSE 255 Lecture 6 Data Mining and Predictive Analytics Community Detection Dimensionality

CSE 255 Lecture 6 Data Mining and Predictive Analytics Community Detection Dimensionality reduction Goal: take high-dimensional data, and describe it compactly using a small number of dimensions Assumption: Data lies (approximately) on

1.08k views • 62 slides
The use of DRG for identifying clinical trials centres with high recruitment potential: a

The use of DRG for identifying clinical trials centres with high recruitment potential: a

The use of DRG for identifying clinical trials centres with high recruitment potential: a feasability study Philippe Aegerter 1,2 , Noelle Bendersky 2 , Thi-Chien Tran 1,2 , Jacques Ropers 2 , Namik Taright 3 and Gilles Chatellier 4 1. Univ.

349 views • 15 slides
Summary of RED-IMPACT results on the Impact of P&amp;T on the High Level Waste Management E.M.

Summary of RED-IMPACT results on the Impact of P&amp;T on the High Level Waste Management E.M.

Summary of RED-IMPACT results on the Impact of P&amp;T on the High Level Waste Management E.M. Gonzalez (CIEMAT), on behalf of the RED-IMPACT collaboration 10 th International Exchange Meeting on Partitioning and Transmutation, IEMPT10 Mito

655 views • 34 slides
Increasing the impact of HR by using HR Analytics Tom Haak Director HR Trend Institute

Increasing the impact of HR by using HR Analytics Tom Haak Director HR Trend Institute

Increasing the impact of HR by using HR Analytics Tom Haak Director HR Trend Institute Question: what do you think of this product/ service? My background in HR 13 Network Analysis Joy &amp; pride Hitachi Business Microscope 22 A

360 views • 35 slides
Identifying Genes that Impact Methamphetamine Use Disorder Tamara J. Phillips, Ph.D. Professor

Identifying Genes that Impact Methamphetamine Use Disorder Tamara J. Phillips, Ph.D. Professor

VA Senior Research Career Scientist Identifying Genes that Impact Methamphetamine Use Disorder Tamara J. Phillips, Ph.D. Professor of Behavioral Neuroscience Director Scientific Director Methamphetamine (MA) Speed, ice, crystal

874 views • 42 slides
CSE 190 Lecture 16 Data Mining and Predictive Analytics Small-world phenomena Six degrees of

CSE 190 Lecture 16 Data Mining and Predictive Analytics Small-world phenomena Six degrees of

CSE 190 Lecture 16 Data Mining and Predictive Analytics Small-world phenomena Six degrees of separation Another famous study Stanley Milgram wanted to test the (already popular) hypothesis that people in social networks are

438 views • 31 slides
Where are we going? Choose to be Present; Be Intentional Know you are loved; remember the

Where are we going? Choose to be Present; Be Intentional Know you are loved; remember the

Where are we going? Choose to be Present; Be Intentional Know you are loved; remember the reason for your hope Your destiny is in heaven, not on earth Choose to Pray Take time in silence Choose to forgive - yourself

636 views • 59 slides
Mobile and Ubiquitous Computing CS 525M: Input devices and Mobile HCI Baoyuan, Xing Computer

Mobile and Ubiquitous Computing CS 525M: Input devices and Mobile HCI Baoyuan, Xing Computer

Mobile and Ubiquitous Computing CS 525M: Input devices and Mobile HCI Baoyuan, Xing Computer Science Dept. Worcester Polytechnic Institute (WPI) Human Phone Interaction : EyePhone http://www.youtube.com/watch?v=lyBZgfAdNlg Human Phone Interaction

517 views • 12 slides
Safety Data Sheet Page 1 of 4 SDS No. 2101 January 2016 Supersedes: December 2015 PCN No. 3660

Safety Data Sheet Page 1 of 4 SDS No. 2101 January 2016 Supersedes: December 2015 PCN No. 3660

Safety Data Sheet Page 1 of 4 SDS No. 2101 January 2016 Supersedes: December 2015 PCN No. 3660 SECTION 1 PRODUCT AND COMPANY IDENTIFICATION PRODUCT NAME: Substrate Slides PRODUCT CODE: 2120, 2120 6, 2120 8, 2123, 2124, 2125, 2125 4,

291 views • 4 slides
Signal Processing in the Pure Programming Signal Processing in Pure Language Albert Grf Dept.

Signal Processing in the Pure Programming Signal Processing in Pure Language Albert Grf Dept.

Signal Processing in the Pure Programming Signal Processing in Pure Language Albert Grf Dept. of Music Informatics Full paper, slides, examples at: http://pure-lang.googlecode.com/svn/docs/ Pure, the programming language Signal

155 views • 14 slides
Learning to Predict Gaze in Egocentric Videos Yin Li, Alireza Fathi, James M. Rehg Outline: -

Learning to Predict Gaze in Egocentric Videos Yin Li, Alireza Fathi, James M. Rehg Outline: -

Learning to Predict Gaze in Egocentric Videos Yin Li, Alireza Fathi, James M. Rehg Outline: - What is visual saliency (through Itti Koch &amp; Torralba methods) - Gaze distributions for GTEA Gaze + dataset (per user and per task) - Local

580 views • 21 slides
Species Identification Iceland Gull (Thayers) Northern Pintail (G. Sorenson) Herring Gull

Species Identification Iceland Gull (Thayers) Northern Pintail (G. Sorenson) Herring Gull

Species Identification Iceland Gull (Thayers) Northern Pintail (G. Sorenson) Herring Gull American Wigeon, female on right (G. Sorenson) TheWildernessAlternative (eBird) Gulls Iceland Challenging to ID, but IDs to species are important for

441 views • 30 slides
Some Results and Open Problems Giuseppe (Beppe) Liotta (University of Perugia) Outline Graph

Some Results and Open Problems Giuseppe (Beppe) Liotta (University of Perugia) Outline Graph

Graph Drawing Beyond Planarity: Some Results and Open Problems Giuseppe (Beppe) Liotta (University of Perugia) Outline Graph Drawing (GD) beyond planarity Combinatorial relationships Optimization trade-offs and algorithms Open

1.02k views • 63 slides
112Gbps Serial Transmission over Copper Topic: o Nam elementum commodo mattis. Pellentesque

112Gbps Serial Transmission over Copper Topic: o Nam elementum commodo mattis. Pellentesque

TITLE 112Gbps Serial Transmission over Copper Topic: o Nam elementum commodo mattis. Pellentesque PAM4 vs PAM8 Signaling malesuada blandit euismod. Topic: o Nam elementum commodo mattis. Pellentesque Speaker: malesuada blandit

627 views • 28 slides

More recommend