Embed Size (px)
Citation preview
Diagnosing Network Disruptions with Network-wide Analysis
Yiyi Huang﹡, Nick Feamster ﹡, Anukool Lakhina﹟, Jim Xu ﹡
﹡College of Computing, Georgia Tech﹟Boston University
Problem Overview
• Network routing disruptions happen frequently– 379 e-mails documented on the Abilene network operations
mailing list from January 1,2006 to June 30, 2006
– 282 disruptions
• How to help network operator deal with disruptions quickly?– Detection and Identification
• What do we have?– Inputs (from Abilene backbone network)
• BGP updates• Routing configurations
– Ground truth: Abilene operational mailing list
Challenges
• Large volume of data
• Lack of semantics in a single stream of routing updates
Idea: Can we improve detection by mining network-wide dependencies across routing streams?
Overview of Approach
Detection• Approach: subspace method
• High detection rate (for acceptable false positive rate)– Internal node disruption : 100%– Internal Link disruption : 100%– Peer disruption : 60.67%
Matrix M
# of routers # of routers
time
time
time
# of routers
Normal space Abnormal space
Identification
• Goal: Classify disruptions into four types– Internal node, internal link, peer, external node
Track three features
1. Global iBGP next-hops
2. Local iBGP next-hops
3. Local eBGP next-hops
Approach Results:
Summary of Main Results• 90% of local disruptions are visible in BGP• Size of disruptions can vary by several orders of
magnitude• Many disruptions are low volume• About 75% of network disruptions involve more
than 2 routers• Detection:
– 100% of node and link disruptions – 60% peer disruptions
• Identification: – 100% of node disruptions, 74% link disruptions and – 93% peer disruptions
