motivation root cause analysis
play

Motivation: Root cause analysis SDN controller From: alice@xyz.com - PowerPoint PPT Presentation

Feb 25, 2023 •216 likes •523 views

Motivation: Root cause analysis SDN controller From: alice@xyz.com Traffic is arriving To: Admin (bob@xyz.com) at the wrong Title: Help! server !?! My server is receiving suspicious traffic from 4.3.2.0/24--it should have 4.3.2.0/24

  1. Motivation: Root cause analysis SDN controller From: alice@xyz.com Traffic is arriving To: Admin (bob@xyz.com) at the wrong Title: Help! server !?! My server is receiving suspicious traffic from 4.3.2.0/24--it should have 4.3.2.0/24 4.3.3.0/24 Internet been sent to the low-security server. Bob Packets from 4.3.3.0/24 are still being Web server 2 routed correctly. Can you help? Web server 1 • Networks can (and frequently do!) have bugs • We need a good debugger! 1

  2. Debugging networks with provenance Packet P Packet P C received packet Rule match on B B sent packet A B C Rule for 4.3.2.0/24 B received packet installed by controller Rule match on A PacketIn A sent packet from 4.3.2.1 Controller: … … next hop should be port2! • Existing debuggers tell us what happened • Example: NetSight [NSDI’14] • Provenance offers a richer explanation • Example: Y! [SIGCOMM’14] 2

  3. Problem: The explanation can be too big! C received packet B sent packet Rule match on B Packet arrives … … at the Rule 7: wrong server Next-hop=port2 Symptom root Root cause 3

  4. What can we do? From: alice@xyz.com S1 S2 S3 S4 S5 To: Admin (bob@xyz.com) Title: Help! S6 My server is receiving suspicious traffic from 4.3.2.0/24--it should have Bob been sent to the low-security server. Web server 2 Packets from 4.3.3.0/24 are still being Web server 1 DPI routed correctly. Can you help? Outages mailing list Sept.—Dec. 2014: Working reference! 66% have references! • Idea: Reason about the differences between the symptom and the reference 4

  5. Differential provenance 4.3.3.1 fails Rule 7’s next hop is wrong! Differential 4.3.2.1 works Provenance • Input: a bad symptom and a good reference • Debugger reasons about the differences • Output: root cause 5

  6. Outline Motivation: Root cause analysis • Differential provenance • Background: Provenance • Strawman solution • Algorithm • Evaluation • Prototype implementation • Usability • Query processing speed • Complex network diagnostics • Conclusion • 6

  7. Background: Provenance Observed PktRecv(@C, 4.3.3.0) symptom PktSend(@B, 4.3.3.0, next=C) Flow(@B, 4.3.3.0, next=C) PktRecv(@B, 4.3.3.0) Configuration PktSend(@B, 4.3.3.0, next=B) state PktRecv(@A, 4.3.3.0) Flow(@A, 4.3.3.0, next=B) Event • Provenance tracks causal connections between network events and state [ExSPAN-SIGMOD’10] • Provenance graph: Vertexes à event/state. Edge à causality • Provenance tree: Recursive explanation of an event/state 7

  8. Strawman solution - = ? faulty rule root root Provenance (Symptom) Provenance (Reference) • Strawman solution: Find vertexes that are different in the two trees • Problem: The diff can be larger than the individual trees! 8

  9. Why does the strawman solution not work? Pkt@Srv2 Pkt@Srv1 Pkt@D Flow(next=Srv2) Pkt@C Flow(next=D) Pkt@E Flow(next=Srv1) Flow(next=C) Pkt@B Pkt@B Flow(next=E) Pkt@A Flow(next=B) Pkt@A Flow(next=B) • Observation: The diff can be larger than the individual trees • Reason: “Butterfly effect” • A small initial difference can lead to drastically different events later on 9

  10. Outline Motivation: Root cause analysis • Key insight • Differential provenance • Background: Provenance • Strawman solution • Algorithm • Evaluation • Prototype implementation • Usability • Query processing speed • Complex network diagnostics • Conclusion • 10

  11. Algorithm: Refinement #1 Roll back the execution to a divergence point Change the faulty node to be like the correct node Roll forward the execution to align the trees • This approach finds only the (small) initial differences • The (potentially large) consequences are ignored 11

  12. Algorithm: Refinement #1 (Cont’d) Pkt@Srv2 Pkt@Srv1 Pkt@Srv1 Pkt@D Flow(next=Srv2) A B C Flow(next=Srv1) Pkt@E Pkt@E Pkt@C Flow(next=D) Flow(next=Srv1) ` Pkt@B Pkt@B Flow(next=E) Flow(next=C) Flow(next=E) E Pkt@A Flow(next=B) Pkt@A Flow(next=B) Provenance (symptom) Provenance (reference) • Approach: Roll back the execution, change the first faulty node, and roll forward again to align the trees 12

  13. How to preserve crucial differences? Pkt(4.3.2.1)@Srv2 Pkt(4.3.3.1)@Srv1 Flow(next=Srv2) Pkt(4.3.2.1)@D Pkt(4.3.3.1)@Srv1 Pkt(4.3.2.1)@C Pkt(4.3.3.1)@E Flow(next=D) Flow(next=Srv1) Pkt(4.3.3.1)@E Flow(next=Srv1) Pkt(4.3.2.1)@B Pkt(4.3.3.1)@B Flow(next=E) Flow(next=C) Pkt(4.3.3.1)@B Flow(next=E) Flow(next=B) Pkt(4.3.2.1)@A Pkt(4.3.3.1)@A Flow(next=B) Flow(next=B) Pkt(4.3.3.1)@A Provenance (symptom) Provenance (reference) • Problem: There are differences that we need to preserve • Example: The packets whose provenance we are looking at 13

  14. Solution: Establish equivalence Pkt(4.3.2.1)@Srv2 Pkt(4.3.2.1)@Srv2 Pkt(4.3.3.1)@Srv1 Pkt(4.3.3.1)@Srv1 Flow(next=Srv2) Pkt(4.3.2.1)@D Pkt(4.3.2.1)@D Flow(next=Srv2) Pkt(4.3.3.1)@E Pkt(4.3.3.1)@E Flow(next=Srv1) Flow(next=Srv1) Pkt(4.3.2.1)@C Flow(next=D) Pkt(4.3.2.1)@C Flow(next=D) Pkt(4.3.3.1)@B Pkt(4.3.3.1)@B Flow(next=E) Pkt(4.3.2.1)@B Pkt(4.3.2.1)@B Flow(next=C) Flow(next=E) Flow(next=C) Flow(next=B) Flow(next=B) Pkt(4.3.3.1)@A Pkt(4.3.3.1)@A Pkt(4.3.2.1)@A Flow(next=B) Pkt(4.3.2.1)@A Flow(next=B) Provenance (symptom) Provenance (reference) • Establish an equivalence relation between the trees • Example: IP addresses 4.3.2.1 and 4.3.3.1 • Values on the trees can be identical, equivalent, or different • Goal: Make the trees equivalent, not necessarily identical! 14

  15. Algorithm: Refinement #2 Roll back the execution to a divergence a non-equivalent point a divergence point Change the faulty node to be like the correct node be like the correct node its equivalent Roll forward the execution to align the trees • Benefit: Preserves the crucial differences between the trees 15

  16. Establishing and propagating equivalence Pkt(4.3.2.1)@Srv2 Pkt(4.3.3.1)@Srv1 Flow(next=Srv2) Pkt(4.3.2.1)@D Pkt(4.3.3.1)@E Flow(next=Srv1) Pkt(4.3.2.1)@C Flow(next=D) Pkt(4.3.3.1)@E Pkt(4.3.2.1)@C Pkt(4.3.3.1)@B Flow(next=E) Pkt(4.3.2.1)@B Pkt(4.3.2.1)@B Flow(next=C) Pkt(4.3.3.1)@B Flow(next=E) Flow(next=C) Flow(next=B) Pkt(4.3.3.1)@A Flow(next=B) Pkt(4.3.2.1)@A Pkt(4.3.2.1)@A Flow(next=B) Flow(next=B) Pkt(4.3.3.1)@A Bad provenance Reference provenance • Start with an initial equivalence relation between the packets • Establish a mapping between packet fields that are different • Keep track of the mapping while going up the tree • Stop at the first non-equivalent(!) node • More general approach: taint analysis 16

  17. Propagating equivalence with taints = ? = ? pktstat( pt , 8*sz , c+1 ) pktstat( 80 , 800 , 2 ) pktstat ( 51 , 808 , 2) = x8 pktcnt( c ) pkt( pt , sz ) pkt( 80 , 100 ) pktcnt(1) pkt( 51 , 101 ) pktcnt(1) Reference Computation Symptom • Approach: • Create taints for equivalent fields • Propagate taints up the tree • Repeat until we find a non-equivalent node 17

  18. Changing the faulty node Wanted: Pkt(4.3.2.1)@E ! Pkt(4.3.3.1)@Srv1 Wanted: C Pkt(4.3.3.1)@E Flow(next=E)! Flow(next=Srv1) Pkt(4.3.2.1)@C v Pkt(4.3.3.1)@B Flow(next=E) Flow(next=E) Pkt(4.3.2.1)@B Flow(next=C) Flow(next=E) Pkt(4.3.3.1)@A Flow(next=B) Pkt(4.3.2.1)@A Flow(next=B) Bad provenance Reference provenance • Change the faulty node to its equivalent: Pkt(4.3.2.1)@C à Pkt(4.3.2.1)@E • Have dependent nodes à Create their equivalents recursively • Example: Flow(next=C) à Flow(next=E) • No dependent nodes à Insert its equivalent • Example: Insert Flow(next=E) • See paper for how to propagate taints in the reverse direction 18

  19. Problem: Multiple faults Aligned Aligned Aligned Aligned Aligned Aligned Change #1 Change #3 Change #2 Bad provenance Reference provenance • Problem: There could be more than one difference between the two trees • Solution: Repeat until the trees are completely aligned 19

  20. Refinement #3: Final algorithm Roll back the execution to a divergence a non-equivalent point Change the faulty node to be like the correct node its equivalent Roll forward the execution NO to align the trees Completely equivalent? YES Output changes 20

  21. Rolling forward the execution Pkt(4.3.2.1)@Srv1 Pkt(4.3.3.1)@Srv1 Pkt(4.3.3.1)@Srv1 = Pkt(4.3.3.1)@E Pkt(4.3.3.1)@E Pkt(4.3.2.1)@E Pkt(4.3.2.1)@C Flow(next=Srv1) Flow(next=Srv1) Flow(next=Srv1) Pkt(4.3.3.1)@B Flow(next=C) Flow(next=E) Flow(next=E) Flow(next=E) Pkt(4.3.2.1)@B Pkt(4.3.3.1)@A Flow(next=B) Pkt(4.3.2.1)@A Flow(next=B) Bad provenance Reference provenance • Roll the execution forward to align the trees • Output the accumulated change(s): Flow(next=C) à Flow(next=E)! 21

  22. Outline Motivation: Root cause analysis • Differential provenance • Background: Provenance • Strawman approach • Algorithm • Evaluation • Prototype implementation • Usability • Query processing speed • Complex network diagnostics • Conclusion • 22

  23. Prototype implementation: DiffProv • Mostly focuses on Network Datalog (NDlog) [CACM ’2009] programs, where provenance is easy to see • NetCore [NSDI ’13] programs are also supported • Applicable beyond SDN: Hadoop MapReduce • Integrated with Mininet + the Beacon controller; based on Rapidnet 23

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Root Cause Analysis 1 Root Cause Analysis Root Cause Analysis is a method that is used to

Root Cause Analysis 1 Root Cause Analysis Root Cause Analysis is a method that is used to

Root Cause Analysis 1 Root Cause Analysis Root Cause Analysis is a method that is used to address a problem or non-conformance, in order to get to the root cause of the problem. It is used so we can correct or eliminate the cause,

389 views • 28 slides
Root C t Cause An Analysis Presented by: Isaac Garcia, RCC Objec ectives es Define Root

Root C t Cause An Analysis Presented by: Isaac Garcia, RCC Objec ectives es Define Root

Root C t Cause An Analysis Presented by: Isaac Garcia, RCC Objec ectives es Define Root Cause Understand how an organization benefits from root cause Learn how to determine root cause using the 5 Why method Learn how to

739 views • 31 slides
Root Locus Prof. Seungchul Lee Industrial AI Lab. Most Slides from the Root Locus Method by

Root Locus Prof. Seungchul Lee Industrial AI Lab. Most Slides from the Root Locus Method by

Root Locus Prof. Seungchul Lee Industrial AI Lab. Most Slides from the Root Locus Method by Brian Douglas Motivation for Root Locus For example Unknown parameter affects poles Poles of system are values of when 2 Motivation

591 views • 44 slides
Root Cause Analysis Information Session SAICA Offices, JHB 27 June 2017 2 Root Cause Analysis

Root Cause Analysis Information Session SAICA Offices, JHB 27 June 2017 2 Root Cause Analysis

IRBA Root Cause Analysis Information Session SAICA Offices, JHB 27 June 2017 2 Root Cause Analysis (RCA) Information Session 27 June 2017 Presenters: Imre Nagy, Pieter Cloete & Sadhir Issirinarain 3 RCA Information Session Index

748 views • 38 slides
Section 2 Solutions of Equations in One Variable (Root-Finding) Numerical Analysis I

Section 2 Solutions of Equations in One Variable (Root-Finding) Numerical Analysis I

Section 2 Solutions of Equations in One Variable (Root-Finding) Numerical Analysis I Xiaojing Ye, Math & Stat, Georgia State University 21 Root-finding Definition Let f : R R (univariate), then x is called a root , or zero , of f

347 views • 7 slides
Root Causes Analysis Case studies & exercises Sansanee Choowaew Causes of Problems Causes

Root Causes Analysis Case studies & exercises Sansanee Choowaew Causes of Problems Causes

Root Causes Analysis Case studies & exercises Sansanee Choowaew Causes of Problems Causes of Problems Immediate causes (threats) Root causes If the Root Causes are not understood, efforts are wasted - by addressing only the

176 views • 15 slides
Risk Control Projects Workforce Capability and Human Error Event Analysis Root Cause

Risk Control Projects Workforce Capability and Human Error Event Analysis Root Cause

Risk Control Projects Workforce Capability and Human Error Event Analysis Root Cause Determinations James Merlo, Associate Director of Human Performance Reliability Issues Steering Committee Meeting April 16, 2013 Event Analysis Root Cause

348 views • 7 slides
PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO

PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO

Mario Vuksan & Tomislav PericinBlackHat USA 2013, Las Vegas PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO CONTINUE: PRESS ROOT TO PRESS ROOT TO PRESS ROOT TO PRESS ROOT TO CONTINUE: CONTINUE: CONTINUE: CONTINUE:

690 views • 45 slides
Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key

Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key

Certicate Transparency Root Explorer Nikita Korzhitskii Niklas Carlsson Web Public Key Infrastructure (WebPKI) Root certificates of trusted Certificate Authorities e.g. GlobalSign Root CA, Amazon Root CA, GoDaddy Root CA Root 1 Root 2

347 views • 19 slides
Lecture Outline Systeem- en Regeltechniek II Previous lecture: The root locus method, analysis,

Lecture Outline Systeem- en Regeltechniek II Previous lecture: The root locus method, analysis,

Lecture Outline Systeem- en Regeltechniek II Previous lecture: The root locus method, analysis, design. Lecture 6 Root Locus, Frequency Response Robert Babu ska Today: Remarks on the computer session. Delft Center for Systems and

226 views • 6 slides
Tackling Root Causes TACKLING ROOT CAUSES AGENDA 1) Downstream Solutions suggested time 15-20

Tackling Root Causes TACKLING ROOT CAUSES AGENDA 1) Downstream Solutions suggested time 15-20

Part 3 of Moving from Service to Solutions Modeled from Solutions U Tackling Root Causes TACKLING ROOT CAUSES AGENDA 1) Downstream Solutions suggested time 15-20 minute 2) The Five Whys suggested time 20-30 minutes 3) Root Cause Analysis

656 views • 9 slides
Scaling the Root A study of the impact on the DNS root system of increasing the size and

Scaling the Root A study of the impact on the DNS root system of increasing the size and

Scaling the Root A study of the impact on the DNS root system of increasing the size and volatility of the root zone Jaap Akkerhuis Lyman Chapin Patrik Fltstrm Glenn Kowack Bill Manning Lars-Johan Liman Summary of Findings Root Scaling

558 views • 20 slides
CDAR Continuous Data-driven Analysis of Root Stability March 8, 2016 ICANN55, Marrakech Benno

CDAR Continuous Data-driven Analysis of Root Stability March 8, 2016 ICANN55, Marrakech Benno

CDAR Continuous Data-driven Analysis of Root Stability March 8, 2016 ICANN55, Marrakech Benno Overeinder (NLnet Labs) Cristian Hesselman (SIDN) Objective Analyze technical impact of the New gTLD Program on stability of the root server

440 views • 10 slides
Continuous Improvement Through Networked Improvement Communities Root Cause Analysis and Theory

Continuous Improvement Through Networked Improvement Communities Root Cause Analysis and Theory

Continuous Improvement Through Networked Improvement Communities Root Cause Analysis and Theory of Action Agenda 1. Welcome and Introductions 2. Continuous Improvement Overview 3. Root Cause Analysis 4. Theory of Action 5. Closing

739 views • 57 slides
Root Cause Analysis How to Understand and Prevent Failures 09 MAR 2020 8 April 2020 UNCLA

Root Cause Analysis How to Understand and Prevent Failures 09 MAR 2020 8 April 2020 UNCLA

MI MILITARY SE SEALIFT CO COMM MMAND Root Cause Analysis How to Understand and Prevent Failures 09 MAR 2020 8 April 2020 UNCLA LASSIFIE IED//FOU OUO Training Goals Identify the roots of mechanical failures and use logic analysis to

628 views • 45 slides
Root Cause Analysis How to Understand and Prevent Failures 09 MAR 2020 9 March 2020 UNCLA

Root Cause Analysis How to Understand and Prevent Failures 09 MAR 2020 9 March 2020 UNCLA

MI MILITARY SE SEALIFT CO COMM MMAND Root Cause Analysis How to Understand and Prevent Failures 09 MAR 2020 9 March 2020 UNCLA LASSIFIE IED//FOU OUO Training Goals Identify the roots of mechanical failures and use logic analysis to

1.23k views • 44 slides
Combinatorial networks- I Digital Systems M 1 Digital Systems Some examples Computer

Combinatorial networks- I Digital Systems M 1 Digital Systems Some examples Computer

Combinatorial networks- I Digital Systems M 1 Digital Systems Some examples Computer Cameras Mobile phones Automobiles (injection, ABS..) .... 2 Digital systems Physical systems using quantized values to represent, compute

630 views • 42 slides
Chapter 1 Professor Brendan Morris, SEB 3216, brendan.morris@unlv.edu

Chapter 1 Professor Brendan Morris, SEB 3216, brendan.morris@unlv.edu

Chapter 1 Professor Brendan Morris, SEB 3216, brendan.morris@unlv.edu http://www.ee.unlv.edu/~b1morris/cpe100/ CPE100: Digital Logic Design I Section 1004: Dr. Morris From Zero to One Chapter 1 <1> Background: Digital Logic Design

1.12k views • 92 slides
CS101 Lecture 11: Number Systems and Binary Numbers Aaron Stevens 8 February 2010 1 2 1 3

CS101 Lecture 11: Number Systems and Binary Numbers Aaron Stevens 8 February 2010 1 2 1 3

CS101 Lecture 11: Number Systems and Binary Numbers Aaron Stevens 8 February 2010 1 2 1 3 4 2 !!! MATH WARNING !!! TODAYS LECTURE CONTAINS TRACE AMOUNTS OF ARITHMETIC AND ALGEBRA PLEASE BE ADVISED THAT CALCULTORS WILL BE ALLOWED

529 views • 19 slides
The quasi-isometry relation for finitely generated groups Simon Thomas Rutgers University 25th

The quasi-isometry relation for finitely generated groups Simon Thomas Rutgers University 25th

The quasi-isometry relation for finitely generated groups Simon Thomas Rutgers University 25th August 2007 Simon Thomas (Rutgers University) St Martins College, Ambleside 25th August 2007 Cayley graphs of finitely generated groups

1.32k views • 76 slides
Testing for C1P using PQ-Trees C1P: order U so that certain sets S U are consecutive

Testing for C1P using PQ-Trees C1P: order U so that certain sets S U are consecutive

Testing for C1P using PQ-Trees C1P: order U so that certain sets S U are consecutive PQ-Tree: represents admissible permutations Online algorithm: tree changes with every new set added Reduction algorihtm: linear in |S| under

435 views • 16 slides
Infinitely often equal trees and Cohen reals Yurii Khomskii joint with Giorgio Laguzzi Arctic

Infinitely often equal trees and Cohen reals Yurii Khomskii joint with Giorgio Laguzzi Arctic

Infinitely often equal trees and Cohen reals Yurii Khomskii joint with Giorgio Laguzzi Arctic Set Theory III, 2530 January 2017 Yurii Khomskii (Hamburg University) I.o.e.-trees add Cohen reals Arctic III 1 / 22 Infinitely often equal

921 views • 40 slides
Spatial Data Ahmed Eldawy Computer Science and Engineering Claudius Ptolemy (AD 90 AD 168) Al

Spatial Data Ahmed Eldawy Computer Science and Engineering Claudius Ptolemy (AD 90 AD 168) Al

The Era of Big Spatial Data Ahmed Eldawy Computer Science and Engineering Claudius Ptolemy (AD 90 AD 168) Al Idrisi (1099 1165) Cholera cases in the London epidemic of 1854 Cool computer technology..!! Can I use it in my My pleasure.

831 views • 66 slides
Model Comparison A Systematic Mapping Study Lucian Gonales, Kleinner Farias, Murillo Scholl,

Model Comparison A Systematic Mapping Study Lucian Gonales, Kleinner Farias, Murillo Scholl,

Model Comparison A Systematic Mapping Study Lucian Gonales, Kleinner Farias, Murillo Scholl, Toacy Oliveira, Maurcio Veronez PIPCA Universidade do Vale do Rio dos Sinos (UNISINOS) lucianjosegoncales@gmail.com SEKE 2015, 6-8 July 2015,

506 views • 28 slides

More recommend