Mille-Feuille: Putting ISP traffic under the scalpel Olivier Tilmans - - PowerPoint PPT Presentation

mille feuille putting isp traffic under the scalpel
SMART_READER_LITE
LIVE PREVIEW

Mille-Feuille: Putting ISP traffic under the scalpel Olivier Tilmans - - PowerPoint PPT Presentation

Nov 15, 2023 206 likes •547 views

Mille-Feuille: Putting ISP traffic under the scalpel Olivier Tilmans UCLouvain HotNets-XV Nov. 9, 2016 Joint work with T. Bhler (ETH Zrich), S. Vissicchio (UCL) and L. Vanbever (ETH Zrich) Picture: Georges Seguin CC BY-SA 3.0, via

slide-1
SLIDE 1

Mille-Feuille: Putting ISP traffic under the scalpel

Olivier Tilmans

UCLouvain

HotNets-XV

  • Nov. 9, 2016

Joint work with

  • T. Bühler (ETH Zürich), S. Vissicchio (UCL) and L. Vanbever (ETH Zürich)

Picture: Georges Seguin CC BY-SA 3.0, via Wikimedia Commons

slide-2
SLIDE 2

“What happens to the Skype traffic in my network?”

slide-3
SLIDE 3

ISP operators only have access to poor and coarse-grained visibility over their network.

Netflow, sFLOW, provide aggregated statistics over random packet sampling. Active probing scales poorly. Router Configuration/syslog analysis only covers a fraction of the control-plane.

3

slide-4
SLIDE 4

ISP operators only have access to poor and coarse-grained visibility over their network.

Netflow, sFLOW, provide aggregated statistics over random packet sampling. Active probing scales poorly. Router Configuration/syslog analysis only covers a fraction of the control-plane. These techniques cannot provide real time information about the network state.

3

slide-5
SLIDE 5

Research to provide complete traffic visibility in DC networks, leverages degrees of freedom unavailable in ISP networks.

ISP networks present unique challenges: No control on the end hosts. Geographically distributed. Wide-range of heterogeneous network equipments.

4

slide-6
SLIDE 6

We aim to provide ISP operators a fine-grained visibility over their networks.

slide-7
SLIDE 7

Consider the following part of an ISP network.

Router Link

6

slide-8
SLIDE 8

Consider the following part of an ISP network.

Router A C B D Link

6

slide-9
SLIDE 9

Consider the following part of an ISP network.

A C B D Skype

2/8

Destination prefix Expected traffic flow

6

slide-10
SLIDE 10

Mille-Feuille improves ISP monitoring with a traffic slicing primitive.

1 2 3 4 5 6 7 8 9 10 A C B D Skype packet #10 towards 2/8

7

slide-11
SLIDE 11

Mille-Feuille improves ISP monitoring with a traffic slicing primitive.

1 2 3 4 5 6 7 8 9 10 A C B D Skype Traffic slice collector 5 6 7 Mirrored packet encapsulated towards the collector

7

slide-12
SLIDE 12

Mille-Feuille improves ISP monitoring with a traffic slicing primitive.

1 2 3 4 5 6 7 8 9 10 A C B D Skype Traffic slice collector 5 6 7 Traffic slice target prefix: 2/8 duration: 3 packets

7

slide-13
SLIDE 13

By concurrently capturing slices at different routers for the same prefix, Mille-Feuille can infer measurements about the traffic.

1 2 3 4 5 6 7 8 9 10 A C B D Skype 5 4 3 2 3 2 1

8

slide-14
SLIDE 14

By concurrently capturing slices at different routers for the same prefix, Mille-Feuille can infer measurements about the traffic.

1 2 3 4 5 6 7 8 9 10 A C B D Skype 5 4 3 2 3 2 1 2 packets match Path(C D) is alive

8

slide-15
SLIDE 15

Capturing traffic slices is powerful.

Slices contain the complete packet payload. Can remotely dissect traffic. Concurrent slices enable to trace a packet across the network and compute properties. e.g., proof of traversal, upper-bound on queuing delays. Fine-grained control on duration, point of capture and target prefix of slices. Explicit control on measurement overhead.

9

slide-16
SLIDE 16

We implemented a collector prototype.

Uses hardware-based mirroring features available in commercial routers. e.g., Cisco ERSPAN. Dynamically program the intra-domain routing protocol (OSPF) using Fibbing. can capture a traffic slice for any subprefix, network-wide.

10

slide-17
SLIDE 17

We statically provision a mirroring VLAN

  • n all links that must be monitored.

A B C

0/0: - -

Mirroring VLAN Default VLAN Default VLAN: forward to IP NH Mirroring VLAN: encapsulate to collector forward to IP NH

11

slide-18
SLIDE 18

By default, all traffic is forwarded

  • n the default VLAN.

A B C

0/0: - -

Destination prefix

11

slide-19
SLIDE 19

The collector sends an OSPF message to start a traffic slice.

Set NH: Mirroring VLAN For prefix: red prefix A B C

0/0: - -

11

slide-20
SLIDE 20

The OSPF message is flooded and reaches A, which then forwards traffic on the mirroring VLAN.

A B C

red: - - 0/0: - -

11

slide-21
SLIDE 21

B then mirrors the packets towards the red prefix to the collector

A B C

red: - - 0/0: - -

11

slide-22
SLIDE 22

The collector stops the traffic slice similarly

Set NH: Default VLAN For prefix: red prefix A B C

red: - - 0/0: - -

11

slide-23
SLIDE 23

The collector stops the traffic slice similarly

Captured traffic slice A B C

0/0: - -

11

slide-24
SLIDE 24

Our preliminary tests show that Mille-Feuille can work in practice.

We were able to capture traffic slices as thin as 14 ms We control the slice duration through the delay between the activation and deactivation message. We were able to concurrently (de)activate 1000 mirroring rules in 0.93 ms, and 10 000 in 30 ms.

12

slide-25
SLIDE 25

Mille-Feuille is a measurement framework realizing a deterministic sampling of the network in real time.

Statistics (optional)

▁▂▃▅▂▇ ▃▁▇▁▁█

p1 p2

+ +

Violation Output mirror p1 for x ms mirror p2 for y ms

A C B C

p1 mirrored traffic

A

Inputs Mille-Feuille Reqs Topology

11ms

11 ms (>10 ms) for traffic to p1 (Google)
 between A and C

§2 §3, §4

Selection Scheduling Analysis 13

slide-26
SLIDE 26

In Mille-Feuille, operators specify high-level measurement requirements and an associated measurement budget.

A C B D Google Skype

1/8 2/8

( Path(C A B) for Google; Path(*) within(20 ms) for Skype; ) every(1 s) in(30 ms) using(1 Gbps)

14

slide-27
SLIDE 27

What? From traffic estimates, Mille-Feuille iteratively selects subprefixes to monitor.

A C B D Google Skype

1/8 2/8 15Gbps 1Gbps

Traffic demand

Traffic distribution

1/8 15 Gbps 2/8 1 Gbps

15

slide-28
SLIDE 28

What? From traffic estimates, Mille-Feuille iteratively selects subprefixes to monitor.

A C B D Google Skype

1/8 2/8 15Gbps 1Gbps

Traffic demand

Traffic distribution

1/8 15 Gbps 1/24 .5 Gbps 2/8 1 Gbps 2/16 .1 Gbps

Target prefixes for schedule #1: 1.0.0.0/24, 2.0.0.0/16

15

slide-29
SLIDE 29

What? From traffic estimates, Mille-Feuille iteratively selects subprefixes to monitor.

A C B D Google Skype

1/8 2/8 15Gbps 1Gbps

Traffic demand

Traffic distribution

1/8 15 Gbps 1/24 .5 Gbps 2/8 1 Gbps 2/16 .1 Gbps

Target prefixes for schedule #1: 1.0.0.0/24, 2.0.0.0/16 Target prefixes for schedule #2: 1.0.1.0/24, 2.0.1.0/16 ...

15

slide-30
SLIDE 30

Where? Mille-Feuille creates mirroring rules and assigns them to one or more routers.

A C B D Google Skype

1/8 2/8 15Gbps 1Gbps

Mirror 2.0.0.0/16 Mirror 2.0.0.0/16 Mirror 1.0.0.0/24 Mirror 1.0.0.0/24

16

slide-31
SLIDE 31

When? Mille-Feuille spreads the measurement campaign across time to meet the budget

0 ms t < 15 ms

A C B D Google Skype

1/8 2/8 15Gbps 1Gbps

A B Mirror: 1.0.0.0/8 Traffic: 0.5 Gbps

15 ms t < 30 ms

A C B D Google Skype

1/8 2/8 15Gbps 1Gbps

C D Mirror: 2.0.0.0/16 Traffic: 0.1 Gbps

17

slide-32
SLIDE 32

Mille-Feuille: Putting ISP traffic under the scalpel

We collect thin traffic slices by programming the intra-domain routing protocol. We realize a deterministic sampling

  • f the state of the network.

We limit the measurement overhead according to a budget.