Network Operations Nick Feamster

Slides:



Advertisements
Similar presentations
VINI and its Future Directions
Advertisements

Enterprise Network Troubleshooting Nick Feamster Georgia Tech (joint with Russ Clark, Yiyi Huang, Anukool Lakhina, Manas Khadilkar, Aditi Thanekar)
Building Fast, Flexible Virtual Networks on Commodity Hardware Nick Feamster Georgia Tech Trellis: A Platform for Building Flexible, Fast Virtual Networks.
Using Network Virtualization Techniques for Scalable Routing Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton University.
Network Monitoring System In CSTNET Long Chun China Science & Technology Network.
Improving Internet Availability. Some Problems Misconfiguration Miscoordination Efficiency –Market efficiency –Efficiency of end-to-end paths Scalability.
Enterprise Network Troubleshooting Nick Feamster Georgia Tech (joint with Russ Clark, Yiyi Huang, Anukool Lakhina, Manas Khadilkar, Aditi Thanekar)
Path Splicing with Network Slicing
Data Mining Challenges for Network Management Nick Feamster, Georgia Tech Dave Andersen, CMU (joint with Jay Lepreau and Emulab)
Networking Research Nick Feamster CS Nick Feamster Ph.D. from MIT, Post-doc at Princeton this fall Arriving January 2006 –Here off-and-on until.
Network Virtualization Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton NSF NeTS-FIND PI Meeting.
VINI: Virtual Network Infrastructure
Challenges in Making Tomography Practical
Research Summary Nick Feamster. The Big Picture Improving Internet availability by making networks easier to operate Three approaches –From the ground.
Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.
Internet Availability Nick Feamster Georgia Tech.
VINI Overview. PL-VINI: Prototype on PlanetLab PlanetLab: testbed for planetary-scale services Simultaneous experiments in separate VMs –Each has root.
Nick Feamster Research Interest: Networked Systems Arriving January 2006 Likely teaching CS 7260 in Spring 2005 Here off-and-on until then. works.
My Experience Writing an NSF NeTS FIND Proposal Nick Feamster Georgia Tech.
Multihoming and Multi-path Routing
Network Support for Sharing. 2 CABO: Concurrent Architectures are Better than One No single set of protocols or functions –Different applications with.
Nick Feamster Research: Network security and operations Teaching CS 7260 in Spring 2007 CS 7001 Mini-projects: –
Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:
Security Challenges for Future Internet Design Cybertrust PI Meeting Breakout.
Nick Feamster Research: Network security and operations –Helping network operators run the network better –Helping users help themselves Lab meetings:
Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.
Network Troubleshooting: rcc and Beyond Nick Feamster Georgia Tech (joint with Russ Clark, Yiyi Huang, Anukool Lakhina)
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Network Operations Nick Feamster
Network Operations Research Nick Feamster
Path Splicing with Network Slicing Nick Feamster Murtaza Motiwala Santosh Vempala.
Theory Lunch. 2 Problem Areas Network Virtualization for Experimentation and Architecture –Embedding problems –Economics problems (markets, etc.) Network.
Cabo: Concurrent Architectures are Better than One Nick Feamster, Georgia Tech Lixin Gao, UMass Amherst Jennifer Rexford, Princeton.
Network Security Highlights Nick Feamster Georgia Tech.
Multihoming and Multi-path Routing
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
All rights reserved © 2000, Alcatel 1 CPE-based VPNs Hans De Neve Alcatel Network Strategy Group.
Chapter 1: Introduction to Scaling Networks
All Rights Reserved © Alcatel-Lucent 2009 Enhancing Dynamic Cloud-based Services using Network Virtualization F. Hao, T.V. Lakshman, Sarit Mukherjee, H.
The Platform as a Service Model for Networking Eric Keller, Jennifer Rexford Princeton University INM/WREN 2010.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Chapter 4 Infrastructure as a Service (IaaS)
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
1 In VINI Veritas: Realistic and Controlled Network Experimentation Jennifer Rexford with Andy Bavier, Nick Feamster, Mark Huang, and Larry Peterson
Understanding the Network-Level Behavior of Spammers Anirudh Ramachandran Nick Feamster.
An Overlay Data Plane for PlanetLab Andy Bavier, Mark Huang, and Larry Peterson Princeton University.
1 VINI: Virtual Network Infrastructure Jennifer Rexford Princeton University
Internet In A Slice Andy Bavier CS461 Lecture.
A Routing Control Platform for Managing IP Networks Jennifer Rexford Princeton University
Measurement and Monitoring Nick Feamster Georgia Tech.
In VINI Veritas Realistic and Controlled Network Experimentation Andy Bavier Nick Feamster* Mark Huang Larry Peterson Jennifer Rexford Princeton University.
The Future of the Internet Jennifer Rexford ’91 Computer Science Department Princeton University
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
Network Topologies.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
Common Devices Used In Computer Networks
Happy Network Administrators  Happy Packets  Happy Users WIRED Position Statement Aman Shaikh AT&T Labs – Research October 16,
1 Cabo: Concurrent Architectures are Better than One Jennifer Rexford Princeton University Joint work with Nick Feamster.
Understanding the Network-Level Behavior of Spammers Best Student Paper, ACM Sigcomm 2006 Anirudh Ramachandran and Nick Feamster Ye Wang (sando)
Towards an Internet that “Never Fails” Hari Balakrishnan MIT Joint work with Nick Feamster, Scott Shenker, Mythili Vutukuru.
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
Understanding the Network-Level Behavior of Spammers Author: Anirudh Ramachandran, Nick Feamster SIGCOMM ’ 06, September 11-16, 2006, Pisa, Italy Presenter:
Module 1: Configuring Routing by Using Routing and Remote Access.
Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University
Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.
© 2003, Cisco Systems, Inc. All rights reserved. 2-1 Campus Network Design.
Planning and Troubleshooting Routing and Switching
Firewalls Routers, Switches, Hubs VPNs
Presentation transcript:

Network Operations Nick Feamster

What is Network Operations? Security: spam, denial of service, botnets Troubleshooting: reachability and performance problems, equipment failures, configuration problems, etc. Three problem areas –Detection –Identification: What is causing the problem? –Mitigation: How to fix the problem? Helping network operators run secure, robust, highly available communications networks.

Two Approaches Bandage approach: Tools and systems –Proactive: Static configuration analysis –Reactive: Analysis of network dynamics, traffic, etc. Clean slate approach: Network architecture –If we could change the network protocols, router design, etc., what might we do differently?

4 Problem: Network Configuration Problems cause downtime Problems often not immediately apparent What happens if I tweak this policy…?

5 Causes Catastrophic Faults! …a glitch at a small ISP… triggered a major outage in Internet access across the country. The problem started when MAI Network Services...passed bad router information from one of its customers onto Sprint. -- news.com, April 25, 1997 Microsoft's websites were offline for up to 23 hours...because of a [router] misconfiguration…it took nearly a day to determine what was wrong and undo the changes. -- wired.com, January 25, 2001 WorldCom Inc…suffered a widespread outage on its Internet backbone that affected roughly 20 percent of its U.S. customer base. The network problems…affected millions of computer users worldwide. A spokeswoman attributed the outage to "a route table issue." -- cnn.com, October 3, 2002 "A number of Covad customers went out from 5pm today due to, supposedly, a DDOS (distributed denial of service attack) on a key Level3 data center, which later was described as a route leak (misconfiguration). -- dslreports.com, February 23, 2004

6 rcc Solution: rcc Normalized Representation Correctness Specification Constraints Faults Analyzing complex, distributed configuration Defining a correctness specification Mapping specification to constraints Verifying global correctness with local information Components Distributed router configurations (Single AS) Feamster & Balakrishnan, Detecting BGP Configuration Faults with Static Analysis, NSDI 2005 Best Paper, ACM/USENIX Symposium on Networked Systems Design and Implemntation (NSDI), 2005

Reactive Diagnosis What happens when the network doesn't behave as expected? Internet routing: lots of noise; whats important? Fun, important problems in signal processing, data mining, etc. Student: Yiyi Huang

Problem: Spam Spam: About 80% of todays is abusive –Content filtering doesnt work Network monitoring: Todays network devices were designed for yesterdays threats –Circa 2000: Worms, DDoS –Today: Botnets, spam, click fraud, etc.

Idea: Study Network-Level Properties Best Paper, ACM SIGCOMM, 2006 Student: Anirudh Ramachandran Ultimate goal: Construct spam filters based on network- level properties, rather than content Content-based properties are malleable Low cost to evasion: Spammers can alter content High admin cost: Filters must be continually updated Content-based filters are applied at the destination Too little, too late: Wasted network bandwidth, storage, etc.

10 Spam Study: Major Findings Where does spam come from? –Most received from few regions of IP address space Do spammers hijack routes? –A small set of spammers continually advertise short-lived routes How is spam sent? –Most coming from Windows hosts (likely, bots) ~ 10 minutes

11 Next: Designing for Manageability Hosts at the edge have fine-grained views of –Unwanted traffic (e.g., spam) –Network performance Idea: Use that data to help network operators run their networks better

Two Approaches Bandage approach: Tools and systems –Proactive: Static configuration analysis –Reactive: Analysis of network dynamics, traffic, etc. Clean slate approach: Network architecture –If we could change the network protocols, router design, etc., what might we do differently?

Fixed Physical Topology, Arbitrary Virtual Topologies ACM SIGCOMM 2006

VINI Overview Runs real routing software Exposes realistic network conditions Gives control over network events Carries traffic on behalf of real users Is shared among many experiments Simulation Emulation Small-scale experiment Live deployment VINI Bridge the gap between lab experiments and live experiments at scale.

Goal: Control and Realism Control –Reproduce results –Methodically change or relax constraints Realism –Long-running services attract real users –Connectivity to real Internet –Forward high traffic volumes (Gb/s) –Handle unexpected events Topology Actual network Arbitrary, emulated Traffic Real clients, serversSynthetic or traces Traffic Real clients, servers Synthetic or traces Network Events Observed in operational network Inject faults, anomalies

PL-VINI: Prototype on PlanetLab First experiment: Internet In A Slice –XORP open-source routing protocol suite –Click modular router Clarify issues that VINI must address –Unmodified routing software on a virtual topology –Forwarding packets at line speed –Illusion of dedicated hardware –Injection of faults and other events

Click: Data Plane Performance –Avoid UML overhead –Move to kernel, FPGA Interfaces tunnels –Click UDP tunnels correspond to UML network interfaces Filters –Fail a link by blocking packets at tunnel XORP (routing protocols) UML eth1eth3eth2eth0 Click Packet Forward Engine Control Data UmlSwitch element Tunnel table Filters

18 Today: ISPs Serve Two Roles Infrastructure providers: Maintain routers, links, data centers, other physical infrastructure Service providers: Offer services (e.g., layer 3 VPNs, performance SLAs, etc.) to end users Role 1: Infrastructure ProvidersRole 2: Service Providers No single party has control over an end-to-end path.

19 Coupling Causes Problems Deployment stalemates: Secure routing, multicast, etc. –Focus on incremental deployability cripples us Shrinking profits and commoditization: ISPs cannot enhance end-to-end service –No single ISP has purview over an entire path As of 5:30 am EDT, October 5 th, [2005], Level(3) terminated peering with Cogent without cause…even though both Cogent and Level(3) remained in full compliance …We are extending a special offering to single homed Level 3 customers. Cogent will offer any Level 3 customer, who is single homed to the Level 3 network on the date of this notice, one year of full Internet transit free of charge at the same bandwidth currently being supplied by Level 3. … How do you think they're going to get to customers? Through a broadband pipe.. we have spent this capital and we have to have a return … there's going to have to be some mechanism for these people who use these pipes to pay for the portion they're using. –Edward Witacre Peering Tiffs: End-to-end connectivity is in the balance

20 Concurrent Architectures: Better than One Interesting Questions –Network embedding –System building –Economics and markets Infrastructure providers: maintain physical infrastructure needed to build networks Service providers: lease slices of physical infrastructure from one or more providers

Network Operations Security: spam, denial of service, botnets Troubleshooting: reachability and performance problems, equipment failures, configuration problems, etc. Three problem areas –Detection –Identification: What is causing the problem? –Mitigation: How to fix the problem? Helping network operators run secure, robust, highly available communications networks.