Transcript Annotation Layer

An Annotation Layer for Network Management
George Porter, Randy H. Katz
Overview

FTP
R
R
IS
SMTP
Lack of visibility
ISP Ingress

Increased number and complexity of network services
 Unexpected Traffic Patterns
II
Web
NFS
DNS
DNS
Server tier
R
Problem:
 Users in the access tier complain of slow web access, can’t
mount files, and “DNS operation timed out messages”
 Network Management Approach:
 Is the problem isolated to one client? To one service?
 Tools to discover problem: e.g., correlation between SMTP
traffic from ISP ingress and excessive load on name service
 Experimental intervention to confirm relationship
 Ability to add new policy for redirection and request throttling
Legitimate: new apps, flash traffic
 Illegitimate: worms, viruses, misconfiguration (Mextreme)


IC
Client
But, need for more visibility and control

DNS
Dist Tier
High speed links, distributed services, can’t modify
routers


A-Layer Network
Management Principles
Motivating Example

Complex traffic/server interactions
Need to protect good traffic in this environment
Observations
Network topology, link dynamics, traffic volume
 Standard protocols (TCP, UDP), standard services
(NFS, DNS), rates, request/response completion rate,
latency, RTT, network load
 Sources/sinks of traffic, inside-vs-outside

Need for network-wide visibility despite traffic surges
and network stress
 We encode annotations that are removable and do not
reach endhosts
 These annotations are embedded in the flows they
describe, saving overhead and router resources
 Annotations result in path-wide context accompanying
packets along their network path to other iBoxes where it
is needed

iBox



iBox
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Prior Protocol
Type
Authentication Field
Authentication Field
(10 bytes)
Sequence Number
Destination Address
Source Address
Annotation Layer Payload
12 bytes of payload
in one AL unit
We can leverage IPsec standards to distribute shared
secrets to each iBox
 For authenticating annotations, we can rely on an
HMAC message authentication field
 Annotations are stackable


New policies (Actions)
 For experimental
intervention (root cause
discovery)
 To protect good traffic
 BW shaping, blocking,
scheduling, fencing,
selective drop
Security
 Against non-operators
using this infrastructure
 Against DoS attacks
 Alerting
operators
 SNMP traps when anomalous amount of traffic seen
 Acts as distributed monitoring system for path- and session statistics
 Experimental intervention
 Ability to affect unknown traffic and test result on good traffic
 Traffic management
 BW shaping, policing, fencing, selective drop, scheduling,
prioritization, network-level redirection
Research Challenges
And Opportunities
Annotation Structure and Security
AL unit headers (14 bytes)

Actions
Network statisics:
 Flow rates, protocol mixtures, top-talkers graph, “network hotspots”
 Correlations:
 Surge in one type of traffic correlated with drop in another
 Relationship between “good” network services and “unknown”
traffic
 Unusual behavior (change in mean)
 Is a network service seeing unusually low or high number of
requests?
A-Layer Piggybacking
iBox

Network-wide visibility despite
surges/overload/high loss rates
Low overhead
Path statistics gathering
Some protocol visibility (TCP, IP,
Services like DNS, NFS)
Need to discover
 Changes to request-reply rate,
completions, latency over time
 Correlations between different
flows, protocols, parts of the
network
Analysis

anno: X

The A-Layer can enable a distributed, network-wide observation
platform
 This enables statistics gathering, correlation discovery, path- and
session statistic gathering
 iBoxes can utilize the A-Layer for experimental intervention and new
policy implementation
 Through network-level actions such as bandwidth shaping and
fencing
 Hope is to protect good traffic during periods of network stress
