Presentation on theme: "Diagnosing Network Disruptions with Network-wide Analysis Yiyi Huang, Nick Feamster, Anukool Lakhina, Jim Xu College of Computing, Georgia Tech Boston."— Presentation transcript:
Diagnosing Network Disruptions with Network-wide Analysis Yiyi Huang, Nick Feamster, Anukool Lakhina, Jim Xu College of Computing, Georgia Tech Boston University
Problem Overview Network routing disruptions happen frequently –379 e-mails documented on the Abilene network operations mailing list from January 1,2006 to June 30, 2006 –282 disruptions How to help network operator deal with disruptions quickly? –Detection and Identification What do we have? –Inputs (from Abilene backbone network) BGP updates Routing configurations –Ground truth: Abilene operational mailing list
Challenges Large volume of data Lack of semantics in a single stream of routing updates Idea: Can we improve detection by mining network- wide dependencies across routing streams?
Overview of Approach
Detection Approach: subspace method High detection rate (for acceptable false positive rate) –Internal node disruption : 100% –Internal Link disruption : 100% –Peer disruption : 60.67% Matrix M # of routers time # of routers Normal space Abnormal space
Identification Goal: Classify disruptions into four types –Internal node, internal link, peer, external node Track three features 1.Global iBGP next-hops 2.Local iBGP next-hops 3.Local eBGP next-hops ApproachResults:
Summary of Main Results 90% of local disruptions are visible in BGP Size of disruptions can vary by several orders of magnitude Many disruptions are low volume About 75% of network disruptions involve more than 2 routers Detection: –100% of node and link disruptions –60% peer disruptions Identification: –100% of node disruptions, 74% link disruptions and –93% peer disruptions