packet level analytics in software without compromises
play

Packet-Level Analytics in Software without Compromises HotCloud 18, - PowerPoint PPT Presentation

Dec 22, 2022 •139 likes •418 views

Packet-Level Analytics in Software without Compromises HotCloud 18, July 9th, 2018, Boston, MA Oliver Michel John Sonchack Eric Keller Jonathan M. Smith Network monitoring is important Security issues Analytics Platform Performance

  1. Packet-Level Analytics in Software without Compromises HotCloud ’18, July 9th, 2018, Boston, MA Oliver Michel John Sonchack Eric Keller Jonathan M. Smith

  2. Network monitoring is important ■ Security issues Analytics Platform ■ Performance issues Switch + Telemetry ■ Equipment failure ■ Misconfiguration Packet-Level Analytics in Software without Compromises — Oliver Michel 2

  3. Challenging environment ■ more traffic ■ more threats ■ encrypted traffic Total Ransomware Samples Fraction of encrypted HTTP traffic in Google Chrome 15 100 Collected Samples [M] 82 12.1 75 10.8 10 % encrypted 67 9.5 8.9 8.4 50 54 7.8 47 6 5 25 4.4 0 0 Q4 2015 Q12016 Q2 2016 Q3 2016 Q4 2016 Q1 2017 Q2 2017 Q3 2017 Jun 6 2015 Jun 4 2016 Jun 3 2017 Jun 2 2018 [Google Transparency Report 2018] [McAfee Labs Thread Report Dec. 2017] Packet-Level Analytics in Software without Compromises — Oliver Michel 3

  4. Existing systems make compromises loss of information collector PFE analytics 2 aggregation filtering sampling 6 4 filter() groupby() zip() loss of capability Packet-Level Analytics in Software without Compromises — Oliver Michel 4

  5. Programmable Forwarding Engines ■ Programmable Forwarding Engines ■ Marple [SIGCOMM 2017] ■ *flow [ATC 2018] High-Performance Network ? Telemetry ~ 131 M packet records/s *flow technology Packet-Level Analytics in Software without Compromises — Oliver Michel 5

  6. The ideal network analytics system Is it possible to perform packet-level analytics on cloud-scale infrastructures without compromises? ■ per-packet records ■ x86 / general purpose programming language ■ ~5M pps per core Packet-Level Analytics in Software without Compromises — Oliver Michel 6

  7. Leveraging parallel architectures source sink parallel operators Packet-Level Analytics in Software without Compromises — Oliver Michel 7

  8. Leveraging parallel architectures Backend NIC (e.g., time series DB) aggregation input stage stage processing stages Packet-Level Analytics in Software without Compromises — Oliver Michel 8

  9. Characteristics of packet record workloads Can we use properties of packet analytics workloads to our advantage? ■ Network attached input ■ Partitionability/aggregation ■ High rates, small, well-formed records Packet-Level Analytics in Software without Compromises — Oliver Michel 9

  10. Network attached input analytics queue NIC DMA pipeline analytics Switch/PFE 40G/100G NIC queue NIC DMA pipeline analytics queue NIC DMA pipeline Packet-Level Analytics in Software without Compromises — Oliver Michel 10

  11. Many small records 16 ■ Array vs. linked list 12 throughput [M records/s] ■ Lock-free design 8 ■ Wait-free design 4 ■ Zero-copy operations 0 lock-based, array lock-free, linked list lock-free,array Packet-Level Analytics in Software without Compromises — Oliver Michel 11

  12. Programming Abstraction source sink port port ring buffer 1 int main(int argc, char** argv) 2 { jetstream::app app; 3 4 auto source = app.add_stage<source>(1, “enp6s0f0”); 5 auto sink = app.add_stage<sink>(1, std::cout); app.connect<jetstream::pkt_t>(source, sink); 6 7 app(); 8 return 0; 9 } Packet-Level Analytics in Software without Compromises — Oliver Michel 12

  13. Performance 1 12 throughput [M packets/s] 2 10 8 3 6 4 4 source sink 2 passthrough packets per source 0 5 1 2 3 4 5 6 intermediate processors 6 parallel operators Packet-Level Analytics in Software without Compromises — Oliver Michel 13

  14. Performance ~88 Gb/s — 91M p/s jetstream 32 cores ~352 Gb/s ■ Facebook web cluster: ~ 91M egress pps ■ ~32 cores for basic packet-level insight ■ 176 web servers — 1 analytics server: ~0.5% of cluster capacity [Arjun Roy, Hongyi Zeng, Jasmeet Bagga, George Porter, and Alex C. Snoeren. 2015. Inside the Social Network's (Datacenter) Network. SIGCOMM Comput. Commun. Rev. 45, 4 (August 2015), 123-137] ] Packet-Level Analytics in Software without Compromises — Oliver Michel 14

  15. Conclusion / Discussion Is it possible to perform packet-level analytics on cloud-scale infrastructures without compromises? high-performance, software jetstream network analytics platform Packet-Level Analytics in Software without Compromises — Oliver Michel 15

  16. Q&A / D ISCUSSION Oliver Michel oliver.michel@colorado.edu http://nsr.colorado.edu/oliver

  17. packet-level flow-level The right approach for network monitoring and analytics? software hardware What data do we need for monitoring/debugging? Packet-Level Analytics in Software without Compromises — Oliver Michel 17

  18. P ANEL O PENING S LIDE

  19. Packet-Level Analytics in Software without Compromises Oliver Michel, John Sonchack, Eric Keller, Jonathan M. Smith University of Colorado Boulder, University of Pennsylvania programmable forwarding engines encrypted traffic complex applications behavioral analysis packet level record generation software processing source sink parallel operators

  20. B ACKUP S LIDES

  21. [Apache Flink] [StreamBox Miao ‘18] 21 Packet-Level Analytics without Compromises — Oliver Michel

  22. Programming abstraction Processor definition 1 class source : public jetstream::proc { 2 […] 3 }; 1 explicit source(const std::string& iface_name_) : proc() { 2 add_out_port<jetstream::pkt_t>(0); 3 […] 4 } 1 jetstream::signal operator()() override { 2 out_port<pkt_t>(0)->enqueue(read_from_nic(_pkt), jetstream::signal::continue); 3 return jetstream::signal::continue; 4 } 22 Packet-Level Analytics without Compromises — Oliver Michel

  23. Jetstream architecture NUMA awareness pipeline 1 → CPU socket 1 Backend NIC (e.g., time series DB) pipeline 2 → CPU socket 2 23 Packet-Level Analytics without Compromises — Oliver Michel

  24. Stream Processing ip_dst % 2 == 0 TCP TCP Packet Packet Packet Packet Filter Parallelize only TCP group by IP Destination ip_dst % 2 == 1 Bin Filter Alert > n Bytes per 10 sec by time (e.g,, 10sec) 24 Packet-Level Analytics without Compromises — Oliver Michel

  25. Reducing copy operations Packet Bu ff er Pointer Passing queue<pkt*> queue<pkt*> 25 Packet-Level Analytics without Compromises — Oliver Michel

  26. Reducing copy operations 1 packet p; 2 p.ip_proto = 6; 3 q.enqueue(p); pointer directly Pointer into queue Passing queue<pkt> 1 auto p = q.enqueue(); 2 p->ip_proto = 6; 26 Packet-Level Analytics without Compromises — Oliver Michel

  27. Technologies • Programmable switches and PISA: Protocol Independent Switch Architecture • Reconfigurable match-action tables in hardware • multiple stages with TCAM/ALU pair, fixed processing time, guarantees line rate 27

Recommend

Simple High-Level Code For Cryptographic Arithmetic With Proofs, Without Compromises Andres

Simple High-Level Code For Cryptographic Arithmetic With Proofs, Without Compromises Andres

Simple High-Level Code For Cryptographic Arithmetic With Proofs, Without Compromises Andres Erbsen, Jade Philipoom, Jason Gross, Robert Sloan, Adam Chlipala MIT CSAIL g i t h u b . c o m / m i t - p l v / fi a t - c

655 views • 53 slides
Scheduling in Wireless Networks With Packet-Level and Flow-Level Dynamics Ramin Khalili Reading

Scheduling in Wireless Networks With Packet-Level and Flow-Level Dynamics Ramin Khalili Reading

Scheduling in Wireless Networks With Packet-Level and Flow-Level Dynamics Ramin Khalili Reading Group: 01.02.2011 1 Outline network model packet-level scheduling flow-level scheduling multi-channel case conclusion 2

328 views • 22 slides
Advances in ad hoc networking: Packet Level Authentication Dmitrij Lagutin, dlagutin@cc.hut.fi

Advances in ad hoc networking: Packet Level Authentication Dmitrij Lagutin, dlagutin@cc.hut.fi

Advances in ad hoc networking: Packet Level Authentication Dmitrij Lagutin, dlagutin@cc.hut.fi T-79.5401 Special Course in Mobility Management: Ad hoc networks, 2.5.2007 Contents Introduction Packet Level Authentication

542 views • 20 slides
Design and Performance of the OpenBSD Stateful Packet Filter (pf) Daniel Hartmeier

Design and Performance of the OpenBSD Stateful Packet Filter (pf) Daniel Hartmeier

Design and Performance of the OpenBSD Stateful Packet Filter (pf) Daniel Hartmeier dhartmei@openbsd.org Systor AG Usenix 2002 p.1/22 Introduction part of a firewall, working on IP packet level (vs. application level proxies or ethernet

455 views • 33 slides
Less is More with Intelligent Packet Capture RANDY CALDEJON FLOCON 2020 Objectives Consider

Less is More with Intelligent Packet Capture RANDY CALDEJON FLOCON 2020 Objectives Consider

Less is More with Intelligent Packet Capture RANDY CALDEJON FLOCON 2020 Objectives Consider merits of streaming analytics Expose to advanced open source tools Encourage to experiment with OpenArgus 2 2 Streaming Analytics

581 views • 36 slides
DEEP PACKET INSPECTION AND VISUAL ANALYTICS More Info: www.bramcappers.nl 1 of 5 Advanced

DEEP PACKET INSPECTION AND VISUAL ANALYTICS More Info: www.bramcappers.nl 1 of 5 Advanced

Bram C.M. Cappers Jarke J. van Wijk b.c.m.cappers@tue.nl j.j.v.wijk@tue.nl SEMANTIC NETWORK TRAFFIC ANALYSIS USING DEEP PACKET INSPECTION AND VISUAL ANALYTICS More Info: www.bramcappers.nl 1 of 5 Advanced Persistent Threats (APTs)

240 views • 5 slides
Towards High- -performance performance Towards High Flow- -level Packet Processing level

Towards High- -performance performance Towards High Flow- -level Packet Processing level

Towards High- -performance performance Towards High Flow- -level Packet Processing level Packet Processing Flow on Multi- -core Network Processors core Network Processors on Multi Yaxuan Qi (presenter), Bo Xu, Fei He, Baohua Yang,

568 views • 27 slides
Introduction to Packet Tracer What is Packet Tracer? Packet Tracer is a protocol simulator

Introduction to Packet Tracer What is Packet Tracer? Packet Tracer is a protocol simulator

Introduction to Packet Tracer What is Packet Tracer? Packet Tracer is a protocol simulator developed by Dennis Frezzo and his team at Cisco Systems. Packet Tracer (PT) is a powerful and dynamic tool that displays the various protocols used in

419 views • 17 slides
BPF in-kernel virtual machine 1 BPF is Berkeley Packet Filter low level

BPF in-kernel virtual machine 1 BPF is Berkeley Packet Filter low level

BPF in-kernel virtual machine 1 BPF is Berkeley Packet Filter low level instruction set kernel infrastructure around it interpreter JITs maps helper functions Agenda status and new use cases architecture

680 views • 41 slides
Software Defined Networking OpenFlow and NOX ECE/CS598HPN Radhika Mittal Acknowledgements:

Software Defined Networking OpenFlow and NOX ECE/CS598HPN Radhika Mittal Acknowledgements:

Software Defined Networking OpenFlow and NOX ECE/CS598HPN Radhika Mittal Acknowledgements: Yashar Ganjali, Univ. of Toronto Software Defined Network (SDN) Feature Feature Network OS Packet Forwarding Packet Forwarding Packet

772 views • 36 slides
Open Source, Public Redistricting Software software and data analytics for good Advance the

Open Source, Public Redistricting Software software and data analytics for good Advance the

Open Source, Public Redistricting Software software and data analytics for good Advance the state of the art in geospatial technology... ...and apply it for civic, social and environmental impact Run in a browser Designed for the

590 views • 41 slides
No compromises: distributed transactions with consistency, availability, and performance

No compromises: distributed transactions with consistency, availability, and performance

No compromises: distributed transactions with consistency, availability, and performance Aleksandar Dragojevic, Dushyanth Narayanan, Edmund B. Nightingale, Matthew Renzelmann, Alex Shamis, Anirudh Badam, Miguel Castro Microsoft Research

994 views • 44 slides
Three-Level Deep Packet Inspection Jianghai LI, Wen Si, Xiaojin Huang Institute of Nuclear Energy

Three-Level Deep Packet Inspection Jianghai LI, Wen Si, Xiaojin Huang Institute of Nuclear Energy

CPS-SR CPS-IoT Week 2019 April 15 - 18, 2019 Montreal, Canada Intrusion Detection of Networked Cyber-Physical Systems via Three-Level Deep Packet Inspection Jianghai LI, Wen Si, Xiaojin Huang Institute of Nuclear Energy Technology (INET)

611 views • 32 slides
&quot;It's all about where your mind's at&quot; Compromises, Arrangements &amp; Amalgamations with

&quot;It's all about where your mind's at&quot; Compromises, Arrangements &amp; Amalgamations with

&quot;It's all about where your mind's at&quot; Compromises, Arrangements &amp; Amalgamations with Special reference to Protection of Minority &amp; Dissenting Shareholders under Companies Act, 2013 Particulars Pg. No. What and Why 3 How

520 views • 27 slides
Tuple Space Explosion: A Denial-of-Service Attack Against a Software Packet Classifier Levente

Tuple Space Explosion: A Denial-of-Service Attack Against a Software Packet Classifier Levente

Tuple Space Explosion: A Denial-of-Service Attack Against a Software Packet Classifier Levente Csikor, Min Suk Kang, Dinil Mon Divakaran Attila K rsi, Dvid Haja, Balzs Sonkoly, Dimitrios P. Pezaros, Stefan Schmid, Gbor Rtvri

773 views • 31 slides
Packet Transactions: High-Level Programming for Line-Rate Switches Anirudh Sivaraman, Alvin

Packet Transactions: High-Level Programming for Line-Rate Switches Anirudh Sivaraman, Alvin

Packet Transactions: High-Level Programming for Line-Rate Switches Anirudh Sivaraman, Alvin Cheung, Mihai Budiu, Changhoon Kim, Mohammad Alizadeh, Hari Balakrishnan, George Varghese, Nick McKeown, Steve Licking Programmability at line rate

651 views • 48 slides
Packet Radio Lee Maddox, N4HOK What is Packet Radio? Packet radio is the connection of a computer

Packet Radio Lee Maddox, N4HOK What is Packet Radio? Packet radio is the connection of a computer

03/11/2017 Packet Radio Lee Maddox, N4HOK What is Packet Radio? Packet radio is the connection of a computer to a radio for the transmission of digital data via amateur radio. It is another mode of operation that has a multitude of uses, such as

571 views • 17 slides
How to (passively) measure? Packet Monitoring 1 What to expect? Overview / What is packet

How to (passively) measure? Packet Monitoring 1 What to expect? Overview / What is packet

How to (passively) measure? Packet Monitoring 1 What to expect? Overview / What is packet monitor? How to acquire the data Handling performance bottlenecks Case Study: Packet Capture Performance Analyzing the transport and

487 views • 37 slides
Comparison of Network Interface Controllers for Software Packet Processing (Final Talk) Alexander

Comparison of Network Interface Controllers for Software Packet Processing (Final Talk) Alexander

Chair of Network Architectures and Services Department of Informatics Technical University of Munich Comparison of Network Interface Controllers for Software Packet Processing (Final Talk) Alexander Frank Advisors: Paul Emmerich, Sebastian

583 views • 26 slides
Condition Synchronization People are still trying to figure that out. Compromises: between

Condition Synchronization People are still trying to figure that out. Compromises: between

Synchronization Now that you have seen locks, is that all there is? No, but what is the right way to build a parallel program. Condition Synchronization People are still trying to figure that out. Compromises: between making it

212 views • 3 slides
Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet

Lab 1: Packet Sniffing and Wireshark Fengwei Zhang SUSTech CS 315 Computer Security 1 Packet Sniffer Packet sniffer is a basic tool for observing network packet exchanges in a computer Capturing (sniffs) packets being

485 views • 13 slides
OCR Level 1 ITQ - Unit 58 - Presentation Software Using OCR Level 1 ITQ - Unit 58 - Presentation

OCR Level 1 ITQ - Unit 58 - Presentation Software Using OCR Level 1 ITQ - Unit 58 - Presentation

QBZNVMMQUK9L / Book OCR Level 1 ITQ - Unit 58 - Presentation Software Using Microsoft... OCR Level 1 ITQ - Unit 58 - Presentation Software Using OCR Level 1 ITQ - Unit 58 - Presentation Software Using Microsoft PowerPoint 2013 Microsoft

242 views • 3 slides
Google Analytics Overview Whats Google Analytics? The Google Analytics

Google Analytics Overview Whats Google Analytics? The Google Analytics

Google Analytics Overview Whats Google Analytics? The Google Analytics implementation formula. Steps involved in installing Google Analytics. Tracking events, campaigns and ecommerce data. Creating goals and funnels

652 views • 40 slides
Packet Information IMPORTANT LABEL ON RIGHT HAND SIDE OF PACKET Shoe, Gym 11111 (Student ID #)

Packet Information IMPORTANT LABEL ON RIGHT HAND SIDE OF PACKET Shoe, Gym 11111 (Student ID #)

Curriculum &amp; Activities Night Class of 2020 Packet Information IMPORTANT LABEL ON RIGHT HAND SIDE OF PACKET Shoe, Gym 11111 (Student ID #) Feeder School Name NEON GREEN sticker on front of packet = MISSING EXPLORE Appointment date

99 views • 6 slides

More recommend