NetSearch: Googling Large-scale Network Management Data
Download
Report
Transcript NetSearch: Googling Large-scale Network Management Data
NetSearch: Googling Large-scale Network
Management Data
GROUP 2 MEMBERS
SAMUEL LAWER
WENBO HAN
HUAN YAN
PEI YAN
SHREY YADAV
SHUAI YU
SHINE PANDITA
OUTLINE
Introduction
Overview and Syntax of Data Sets
Netsearch Methodology
Evaluation
Application
Relation to FCAPS
Conclusion
Introduction
What is Netsearch?
It is a search and information retrieval tool design to work on
network measurement and monitoring data sets.
Overview and Syntax of Data Sets
LOGS
An example is a router syslog which captures information about
network conditions and the hardware component involved such as
link and protocol state, high voltage or temperature etc.
Overview and Syntax of Data Sets
Device alarms
In many cases, layer-1 alarms indicate the root causes of upper
layer issues. This is an example of layer 1 alarms.
Some network devices generate alarms when certain events occur.
Data from here usually contains time and location information. An
example is SONET alarms.
Overview and Syntax of Data Sets
Control Plane Monitoring.
Control plane refers to the learning of routes by routers. For better
network performance we monitor the exchanges of information
between routing protocols.
Netsearch Methodology
The goal of Netsearch is to sort through large amounts of network
information and return the relevant ones to the network operator.
Configuration Learning
Location Extraction
Indexing and Searching
Query Interpretation
Netsearch Methodology
Netsearch Methodology
Config Learning
Based on configuration files of each router, Netsearch can form
location dictionary and location hierarchy.
location dictionary: extract location information embedded in
network messages. Netseach can also understand the syntax or
format of locations.
location hierarchy
contains two parts ----- physical hierarchy and logical hierarchy.
Netsearch Methodology
Netsearch uses the physical hierarchy to build the
Indexing and searching algorithm.
One to Many
One router can have multiple slots
One slot can have many ports
Netsearch Methodology
Location Extraction
Based on router configuration
Based on message context
Based on domain knowledge
A hybrid method ----- combination of the three
Netsearch Methodology
Netsearch Methodology
Indexing and Searching
Contains 3 parts information:
Time/location/other description(optional)
Involves Temporal indexing and Spatial
indexing.
Relevant iff their positions in the location
hierarchy tree are either the same or one
is the other’s ancestor
Example interfaces and messages.
Netsearch Methodology
Query Interpretation
There are two options provided for the flexibility of location query
1.
Specify the type: interface XXX or ID XXX
2.
If no specification;
mapping from signature to location
digits(D)/alphabetic characters(A)/others(O)
Example: SERIAL2/0.7/11:0 ----- AAAAAAADODODODDOD
Evaluation
Evaluation of Netsearch was done using the 3 network data set (
Syslog, OSPF and SONET ) to evaluate the 3 main components of
Netsearch, ie, location extraction, indexing and searching, and
query interpretation.
Performed on a tier 1 ISP for a month.
Evaluation
Location Extraction
Evaluation
Indexing and Searching
Evaluation
Query Interpretation
Application
Important use of Netsearch is to assist network operators in analyzing
the impact of a network event.
Network operator of the tier 1 ISP noticed that port 1/1/1 on router
R1 was unstable.
Application
Application
Using grep (global regular expression print) to capture and analyze
is a complicated task and is time consuming.
Netsearch provides the related set of messages within minutes
Relation to FCAPS
Increase the efficiency to obtain the relevant messages (P)
Conclusion
Netsearch tool has been developed to sort through a wide range of
network data such as those for large tier 1 ISPs.
Acts as the “google” for network analysis.
Search and indexing involves spatial and temporal information.
THANK YOU