Balanced Path Generation and Reliability Extension for In-band Network Telemetry

Download
2021-5
ŞİMŞEK, GÖKSEL
Network monitoring is one of the key aspects to ensure communication reliability in case of failures and malicious activities and has several design issues depending on the system characteristics. As traditional monitoring solutions usually rely on periodic updates between the network controller and ordinary nodes, scalability re- mains a challenge, especially for large-scale systems. A recent solution, the In-Band Network Telemetry (INT) framework, allows data packets to probe the nodes while traversing the network. Accordingly, INT allows special packets to carry accumulated performance information of multiple switches, reducing the overhead between the controller and other nodes. Even though INT may significantly reduce the communi- cation overhead, there are several design problems to achieve effective usage of the INT framework. These design problems are (i) minimization of the control overhead, (ii) guaranteeing the freshness of telemetry information and (iii) minimization of the redundancy. In this work, we formulate requirements as an optimization problem, Balanced Simple INT path generation Problem (BSIP), to generate balanced, simple INT paths. Due to the optimization problem’s search space complexity, we propose a heuristic, Graph Partitioned INT (GPINT), to find balanced paths to forward in-band telemetry information to satisfy these three requirements. Furthermore, we customize the INT framework to support custom and dynamic measurement ranges to achieve flexible monitoring. With this customization, the controller gains the ability to adapt measurement requests according to the network conditions. We present an extensive analysis of our approach, GPINT, and compare it with a recent study that uses Euler’s method for path generation. Our numerical results show that GPINT outperforms its opponent in terms of all three requirements. To verify our claims made in numerical analysis, we deploy path generator approaches on a simulation environment and test with various settings. The simulation results show the importance of the defined re- quirements and verify GPINT’s performance observed in numerical analysis. During the simulations, we realize that the INT framework is prone to packet losses and may cause partial information blackouts while obtaining a holistic view. Therefore, we propose a data recovery architecture as an auxiliary module to monitoring systems. We thoroughly test the recovery module in our simulations and measure its efficiency.

Suggestions

Efficient Network Monitoring via In-band Telemetry
Simsek, Goksel; Ergenc, Doganalp; Onur, Ertan (2021-04-19)
© 2021 IEEE.Network monitoring is one of the key aspects to ensure communication reliability in case of failures and malicious activities and has several design issues depending on the system characteristics. As traditional monitoring solutions usually rely on periodic updates between the network controller and ordinary nodes, scalability remains a challenge, especially for complex systems. A recent solution, the In-Band Network Telemetry (INT) framework, allows data packets to probe the nodes while travers...
Analysis of recent attacks on SSL/TLS protocols
Özden, Duygu; Cenk, Murat; Department of Cryptography (2016)
Transport Layer Security(TLS) and its predecessor Secure Socket Layer(SSL) are two important cryptographic, certificate based protocols that satisfy secure communication in a network channel. They are widely used in many areas such as online banking systems, online shopping, e-mailing, military systems or governmental systems. Being at the center of secure communication makes SSL and TLS become the target of attackers and an important field of study for researchers. So many vulnerabilities and attacks towar...
Architectural design of an access control system for enterprise networks
Kirimer, Burak; Özgit, Attila (2007-11-09)
Client computers in enterprise networks have the potential to be the source of serious security problems, especially when their hardware and software components are out of physical administrative control. Besides, services in the network may have client configuration requirements. We propose a system composed of a policy management and enforcement server and client agents, which authenticates the client users and checks their computer configurations before allowing their access to services. The information ...
Dependability design for distributed real-time systems with broadcast communication /
Kartal, Yusuf Bora; Schmidt, Şenan Ece; Department of Electrical and Electronics Engineering (2014)
The operation of distributed systems relies on the timely exchange of message data via dependable communication networks. Previous works suggest hardware redundancy for potential faults in the underlying network infrastructure to achieve dependability. However, software faults and faults that cannot be resolved on the hardware level are not considered in the existing literature. This work proposes a new method for software fault-tolerant communication in distributed real-time systems with communication netw...
Near-instant link failure recovery in 5G wireless fog-based-fronthaul networks
Sulieman, Nabeel I.; Balevi, Eren; Gitlin, Richard D. (2018-05-23)
© 2018 IEEE.Rapid recovery from link failures was previously demonstrated via the synergistic combination of Diversity and Network Coding (DC-NC) for a wide variety of network architectures. In this paper, the DC-NC methodology is further enhanced to achieve near-instant recovery from multiple, simultaneous wireless link failures by modifying Triangular Network Coding (TNC) to create enhanced DC-NC (eDC-NC) that is applied to 5G wireless Fog computing based Radio Access Networks (F-RANs). In addition, an ex...
Citation Formats
G. ŞİMŞEK, “Balanced Path Generation and Reliability Extension for In-band Network Telemetry,” M.S. - Master of Science, Middle East Technical University, 2021.