mille feuille putting isp traffic under the scalpel
play

Mille-Feuille: Putting ISP traffic under the scalpel Olivier Tilmans - PowerPoint PPT Presentation

Nov 15, 2023 •206 likes •543 views

Mille-Feuille: Putting ISP traffic under the scalpel Olivier Tilmans UCLouvain HotNets-XV Nov. 9, 2016 Joint work with T. Bhler (ETH Zrich), S. Vissicchio (UCL) and L. Vanbever (ETH Zrich) Picture: Georges Seguin CC BY-SA 3.0, via

  1. Mille-Feuille: Putting ISP traffic under the scalpel Olivier Tilmans UCLouvain HotNets-XV Nov. 9, 2016 Joint work with T. Bühler (ETH Zürich), S. Vissicchio (UCL) and L. Vanbever (ETH Zürich) Picture: Georges Seguin CC BY-SA 3.0, via Wikimedia Commons

  2. “What happens to the Skype traffic in my network?”

  3. ISP operators only have access to poor and coarse-grained visibility over their network. � Netflow, sFLOW, provide aggregated statistics over random packet sampling. � Active probing scales poorly. � Router Configuration/syslog analysis only covers a fraction of the control-plane. 3

  4. ISP operators only have access to poor and coarse-grained visibility over their network. � Netflow, sFLOW, provide aggregated statistics over random packet sampling. � Active probing scales poorly. � Router Configuration/syslog analysis only covers a fraction of the control-plane. These techniques cannot provide real time information about the network state. 3

  5. Research to provide complete traffic visibility in DC networks, leverages degrees of freedom unavailable in ISP networks. ISP networks present unique challenges: � No control on the end hosts. � Geographically distributed. � Wide-range of heterogeneous network equipments. 4

  6. We aim to provide ISP operators a fine-grained visibility over their networks.

  7. Consider the following part of an ISP network. Router Link 6

  8. Consider the following part of an ISP network. Router A B Link C D 6

  9. Consider the following part of an ISP network. A B 2/8 Skype C D Destination Expected prefix traffic flow 6

  10. Mille-Feuille improves ISP monitoring with a traffic slicing primitive. A B Skype 10 9 8 C 7 6 5 4 3 D 2 1 packet #10 towards 2/8 7

  11. Mille-Feuille improves ISP monitoring with a traffic slicing primitive. A B Skype 10 9 8 C 7 6 5 4 3 D 2 1 7 Mirrored packet 6 encapsulated towards the collector 5 Traffic slice collector 7

  12. Mille-Feuille improves ISP monitoring with a traffic slicing primitive. A B Skype 10 9 8 C 7 6 5 4 3 D 2 1 7 Traffic slice target prefix: 2/8 6 duration: 3 packets 5 Traffic slice collector 7

  13. By concurrently capturing slices at different routers for the same prefix, Mille-Feuille can infer measurements about the traffic. A B Skype 10 9 8 C 7 6 5 4 3 D 2 1 3 5 2 4 3 2 1 8

  14. By concurrently capturing slices at different routers for the same prefix, Mille-Feuille can infer measurements about the traffic. A B Skype 10 9 8 C 7 6 5 4 3 D 2 1 3 5 2 4 2 packets match 3 2 1 Path (C D) is alive 8

  15. Capturing traffic slices is powerful. � Slices contain the complete packet payload. Can remotely dissect traffic. � Concurrent slices enable to trace a packet across the network and compute properties. e.g., proof of traversal, upper-bound on queuing delays. � Fine-grained control on duration, point of capture and target prefix of slices. Explicit control on measurement overhead. 9

  16. We implemented a collector prototype. � Uses hardware-based mirroring features available in commercial routers. e.g., Cisco ERSPAN. � Dynamically program the intra-domain routing protocol (OSPF) using Fibbing. can capture a traffic slice for any subprefix, network-wide. 10

  17. We statically provision a mirroring VLAN on all links that must be monitored. C Default VLAN Default VLAN : 0/0: - - forward to IP NH A B Mirroring VLAN : encapsulate to collector forward to IP NH Mirroring VLAN 11

  18. By default, all traffic is forwarded on the default VLAN. C Destination prefix 0/0: - - A B 11

  19. The collector sends an OSPF message to start a traffic slice. Set NH: Mirroring VLAN For prefix: red prefix C 0/0: - - A B 11

  20. The OSPF message is flooded and reaches A, which then forwards traffic on the mirroring VLAN. C red: - - 0/0: - - A B 11

  21. B then mirrors the packets towards the red prefix to the collector C red: - - 0/0: - - A B 11

  22. The collector stops the traffic slice similarly Set NH: Default VLAN For prefix: red prefix C red: - - 0/0: - - A B 11

  23. The collector stops the traffic slice similarly Captured traffic slice C 0/0: - - A B 11

  24. Our preliminary tests show that Mille-Feuille can work in practice. � We were able to capture traffic slices as thin as 14 ms � We control the slice duration through the delay between the activation and deactivation message. � We were able to concurrently (de)activate 1000 mirroring rules in 0.93 ms , and 10 000 in 30 ms. 12

  25. Mille-Feuille is a measurement framework realizing a deterministic sampling of the network in real time. §3, §4 Inputs Mille-Feuille Output B Violation A p1 ▁▂▃▅▂▇ Selection Scheduling Analysis + + p2 ▃▁▇▁▁█ C 11 ms (>10 ms) for traffic to p1 (Google) 
 Reqs Topology Statistics mirror p2 for y ms p1 mirrored traffic between A and C §2 (optional) A C mirror p1 for x ms 11ms 13

  26. In Mille-Feuille, operators specify high-level measurement requirements and an associated measurement budget. 1/8 Google A B 2/8 Skype C D ( Path (C A B) for Google; Path (*) within (20 ms) for Skype; ) every (1 s) in (30 ms) using (1 Gbps) 14

  27. What? From traffic estimates, Mille-Feuille iteratively selects subprefixes to monitor. 1/8 Traffic distribution A B Google 1/8 15 Gbps 15Gbps 2/8 C D Skype 1Gbps 2/8 1 Gbps Traffic demand 15

  28. What? From traffic estimates, Mille-Feuille iteratively selects subprefixes to monitor. 1/8 Traffic distribution A B Google 1/8 15 Gbps 1/24 .5 Gbps 15Gbps 2/8 C D Skype 1Gbps 2/8 1 Gbps 2/16 .1 Gbps Traffic demand Target prefixes for schedule #1: 1.0.0.0/24, 2.0.0.0/16 15

  29. What? From traffic estimates, Mille-Feuille iteratively selects subprefixes to monitor. 1/8 Traffic distribution A B Google 1/8 15 Gbps 1/24 .5 Gbps 15Gbps 2/8 C D Skype 1Gbps 2/8 1 Gbps 2/16 .1 Gbps Traffic demand Target prefixes for schedule #1: 1.0.0.0/24, 2.0.0.0/16 Target prefixes for schedule #2: 1.0.1.0/24, 2.0.1.0/16 ... 15

  30. Where? Mille-Feuille creates mirroring rules and assigns them to one or more routers. Mirror Mirror 1.0.0.0/24 1.0.0.0/24 1/8 Google A B 15Gbps 2/8 Skype C D 1Gbps Mirror Mirror 2.0.0.0/16 2.0.0.0/16 16

  31. When? Mille-Feuille spreads the measurement campaign across time to meet the budget 0 ms � t < 15 ms 1/8 Google A A B B Mirror: 1.0.0.0/8 Traffic: 0.5 Gbps 15Gbps 2/8 Skype C D 1Gbps 15 ms � t < 30 ms 1/8 A B Google 15Gbps 2/8 C C D D Skype 1Gbps Mirror: 2.0.0.0/16 Traffic: 0.1 Gbps 17

  32. Mille-Feuille: Putting ISP traffic under the scalpel � We collect thin traffic slices by programming the intra-domain routing protocol. � We realize a deterministic sampling of the state of the network. � We limit the measurement overhead according to a budget .

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Etre bay esien quand on a trop de donn ees Pr ec ed e dune introduction au

Etre bay esien quand on a trop de donn ees Pr ec ed e dune introduction au

Etre bay esien quand on a trop de donn ees Pr ec ed e dune introduction au mille-feuille CRIStAL emi Bardenet 1 R 1 CNRS &amp; CRIStAL, Univ. Lille, France R emi Bardenet CRIStAL, DatIng, SigMA, Bayes et les tall data

529 views • 32 slides
Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Roger Dingledine The

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Roger Dingledine The

Putting the P back in VPN: An Overlay Network to Resist Traffic Analysis Roger Dingledine The Free Haven Project http://freehaven.net/tor/ July 29, Black Hat 2004 Talk Outline Motivation: Why anonymous communication? Personal privacy

788 views • 57 slides
Integrated-Circuit Surgery: getting to the heart of the problem with the smallest scalpel John

Integrated-Circuit Surgery: getting to the heart of the problem with the smallest scalpel John

Integrated-Circuit Surgery: getting to the heart of the problem with the smallest scalpel John Walker Hardware.io The Hague, Netherlands 1 September 2019 The need for secure hardware Software, Firmware and Hardware. All can contribute to

571 views • 30 slides
Pe te Pe te rso n c o ntrib utio n to Pa ne l c ha ire d b y T o dd Mille r 4:00 PM ON WE D: A

Pe te Pe te rso n c o ntrib utio n to Pa ne l c ha ire d b y T o dd Mille r 4:00 PM ON WE D: A

Pe te Pe te rso n c o ntrib utio n to Pa ne l c ha ire d b y T o dd Mille r 4:00 PM ON WE D: A ST RAT E GI C BL UE PRI NT F OR NC COAST AL E CONOMY Be c k e t a l. (2011): Oyste r Re e fs a t Risk In many bays, mor e than 99%

248 views • 5 slides
Feuille de route 2008-2013 : la perspective fransaskoise Favoriser un avenir prometteur pour les

Feuille de route 2008-2013 : la perspective fransaskoise Favoriser un avenir prometteur pour les

Feuille de route 2008-2013 : la perspective fransaskoise Favoriser un avenir prometteur pour les organismes et les institutions de la communaut fransaskoise dans le cadre de la dualit linguistique au Canada est un engagement concret au

696 views • 27 slides
Putting Customers First KEVIN MANSELL Chairman, Chief Executive Officer &amp; President AGENDA

Putting Customers First KEVIN MANSELL Chairman, Chief Executive Officer &amp; President AGENDA

Putting Customers First KEVIN MANSELL Chairman, Chief Executive Officer &amp; President AGENDA Holiday Update Putting Priorities Update Customers Driving Traffic Operational Excellence First Financial Priorities Q&amp;A 2017 Momentum in

415 views • 19 slides
We lc ome to W.C. Mille r Gra de 8 Orie nta tio n Se ssio n In the ne xt hour you will le a

We lc ome to W.C. Mille r Gra de 8 Orie nta tio n Se ssio n In the ne xt hour you will le a

We lc ome to W.C. Mille r Gra de 8 Orie nta tio n Se ssio n In the ne xt hour you will le a rn wha t s F UN a t MIL L E R the diffe re nc e b e twe e n JUNIOR HIGH a nd HIGH SCHOOL wha t CRE S a re &amp; why the y a re

649 views • 27 slides
Prepare red b by Mille ller &amp; &amp; Newberg ( (MN) C ) Consult ltin ing Actuarie ries

Prepare red b by Mille ller &amp; &amp; Newberg ( (MN) C ) Consult ltin ing Actuarie ries

Prepare red b by Mille ller &amp; &amp; Newberg ( (MN) C ) Consult ltin ing Actuarie ries Project Manager: Michael Brown, FSA, MAAA, Managing Director Gene Blobaum, FSA, MAAA, Senior Actuary Spencer Loudon, Actuarial Analyst

810 views • 63 slides
Putting out a HIT Putting out a HIT Crowdsourcing Malware Installs Stephen Checkoway Keaton

Putting out a HIT Putting out a HIT Crowdsourcing Malware Installs Stephen Checkoway Keaton

Putting out a HIT Putting out a HIT Crowdsourcing Malware Installs Stephen Checkoway Keaton Mowery Chris Kanich UC San Diego 1 Mechanical Turk Crowdsourcing platform Requesters post tasks paying 1 $10 Workers perform HITs

381 views • 18 slides
Unit 12: Putting it All Together: Briefly talk about system Digital Circuits Graphics

Unit 12: Putting it All Together: Briefly talk about system Digital Circuits Graphics

This Unit: Putting It All Together Application Anatomy of a game console OS Microsoft XBox 360 Compiler Firmware CIS 501: Computer Architecture Focus mostly on CPU chip CPU I/O Memory Unit 12: Putting it All Together: Briefly

374 views • 5 slides
BC Government &amp; BCTF Putting the Students First BC Government &amp; BCTF Putting the

BC Government &amp; BCTF Putting the Students First BC Government &amp; BCTF Putting the

BC Government &amp; BCTF Putting the Students First BC Government &amp; BCTF Putting the Students First BC Publi lic c Schools ools have e 40,000 0 teache hers s and ov over er 500,000 00 stud uden ents s in 60 school ool distric

472 views • 13 slides
Traffic signal optimization and traffic assignment Traffic signals Traffic signal optimization

Traffic signal optimization and traffic assignment Traffic signals Traffic signal optimization

Dagstuhl, October 2015 Traffic Signals and User Equilibria Martin Strehler , Ekkehard K ohler BTU Cottbus-Senftenberg { martin.strehler,ekkehard.koehler } @b-tu.de Traffic signal optimization and traffic assignment Traffic signals Traffic

577 views • 55 slides
Putting tec Putting tech h at the t the hear heart of t of an activ an active city e city

Putting tec Putting tech h at the t the hear heart of t of an activ an active city e city

Putting tec Putting tech h at the t the hear heart of t of an activ an active city e city Chris Scott Head of Corporate Communications, London Sport March 17 August 16 March 15 January 16 November 16 17 years ago

606 views • 46 slides
Traffic Shaping, Traffic Policing Peter Puschner, Institut fr Technische Informatik Traffic

Traffic Shaping, Traffic Policing Peter Puschner, Institut fr Technische Informatik Traffic

Traffic Shaping, Traffic Policing Peter Puschner, Institut fr Technische Informatik Traffic Shaping, Traffic Policing Enforce compliance of traffic to a given traffic profile (e.g., rate limiting) By delaying or dropping certain

389 views • 11 slides
A Histo ric al Ove rvie w Why the DMCA? 1998: Co ng re ss e na c ts Dig ita l Mille nnium Co

A Histo ric al Ove rvie w Why the DMCA? 1998: Co ng re ss e na c ts Dig ita l Mille nnium Co

Se c tio n 512 o f the DMCA: A Histo ric al Ove rvie w Why the DMCA? 1998: Co ng re ss e na c ts Dig ita l Mille nnium Co pyrig ht Ac t to re so lve uniq ue c o pyrig ht e nfo rc e me nt pro b le ms c a use d b y wide spre a d use o f

396 views • 15 slides
using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis

Website Fingerprinting using Traffic Analysis Attacks Salini S K What is Traffic Analysis What is Traffic Analysis Wiki says What is Traffic Analysis Wiki says Process of intercepting and examining messages in order to deduce

1.15k views • 41 slides
Come forth into the light of things William Wordsworths Human Challenge to Economic

Come forth into the light of things William Wordsworths Human Challenge to Economic

Come forth into the light of things William Wordsworths Human Challenge to Economic Thinking Lynn Stuart Parramore, Oct 21, 2017 Adam Smith is the worst critic, David Hume not excepted, that Scotland, a soil to which this sort

325 views • 7 slides
THE COLD WAR RESEARCH PAPER AND PRESENTATION 2018 The

THE COLD WAR RESEARCH PAPER AND PRESENTATION 2018 The

THE COLD WAR RESEARCH PAPER AND PRESENTATION 2018 The Cold War is one of the three areas of focus and concentration for our IB History

199 views • 5 slides
Software Aesthetics: Human Flourishing in the Making of Software Systems Dr. Joe Hoffert

Software Aesthetics: Human Flourishing in the Making of Software Systems Dr. Joe Hoffert

Software Aesthetics: Human Flourishing in the Making of Software Systems Dr. Joe Hoffert www.kingsu.ca joe.hoffert@kingsu.ca Outline Context: Teaching software development at Christian colleges Problem: Christianity vs. software

472 views • 14 slides
Researching Your Presentation Topic Research is a complex skill requiring diverse sub-skills. For

Researching Your Presentation Topic Research is a complex skill requiring diverse sub-skills. For

Researching Your Presentation Topic Research is a complex skill requiring diverse sub-skills. For example, some of those skills are very procedural, while others involve critical thinking. Still others require strategic thinking (e.g., knowing

436 views • 4 slides
Twitchs Chat Architecture John Rizzo Sr Software Engineer www.twitch.tv About Me

Twitchs Chat Architecture John Rizzo Sr Software Engineer www.twitch.tv About Me

Twitch Plays Pokmon: Twitchs Chat Architecture John Rizzo Sr Software Engineer www.twitch.tv About Me www.twitch.tv Twitch Introduction www.twitch.tv Twitch Introduction www.twitch.tv Twitch Introduction Over 800k concurrent

850 views • 83 slides
BMS reporting Dr Jo Horne Cellular Pathology University Hospital Southampton NHS Foundation

BMS reporting Dr Jo Horne Cellular Pathology University Hospital Southampton NHS Foundation

BMS reporting Dr Jo Horne Cellular Pathology University Hospital Southampton NHS Foundation Trust Friday 1 st November 2019 Contents A bit about me Structure of training and assessment at each stage Work involved to gain the

911 views • 27 slides
PORT OF STOCKTON - OWL PROGRAM Community/Educational Outreach The Port of Stockton (Port) is

PORT OF STOCKTON - OWL PROGRAM Community/Educational Outreach The Port of Stockton (Port) is

PORT OF STOCKTON - OWL PROGRAM Community/Educational Outreach The Port of Stockton (Port) is passionate about giving back to the City of Stockton and the greater region. As part of this mission, the Port regularly undertakes educational

446 views • 3 slides
Equinox Global Limited Fraud and Accounting Scandals By Joseph McNamara Vice President of Credit

Equinox Global Limited Fraud and Accounting Scandals By Joseph McNamara Vice President of Credit

Equinox Global Limited Fraud and Accounting Scandals By Joseph McNamara Vice President of Credit &amp; Political Risk Corporate Collapses and Scandals Corporate collapses and scandals may or may not affect you and your company, however the

780 views • 23 slides

More recommend