180 Park Ave - Building 103
Florham Park, NJ
G-RCA: A Generic Root Cause Analysis Platform for Service Quality Management in Large ISP Networks
Zihui Ge, Jennifer Yates, Lee Breslau, Dan Pei, He Yan, Dan Massey
ACM CONEXT 2010,
2010.
[PDF]
[BIB]
ACM Copyright
(c) ACM, 2010. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACM CoNEXT 2010 , 2010-10-30, http://conferences.sigcomm.org/co-next/2010/.
{As IP networks have become the mainstay of an increasingly diverse set of applications ranging from Internet games and streaming videos, to e-commerce and online banking, and even to mission-critical 911 over VoIP, best effort service is no longer acceptable. This requires a transformation in network management, changing its focus from detecting and replacing individual faulty network elements, such as routers and line cards, to managing the service quality as a whole for end-users.
In this paper we describe the design and development of a Generic Root Cause Analysis platform (G-RCA) for service quality management (SQM) in large IP networks. G-RCA contains a comprehensive service dependency model that includes network topological and cross-layer relationships, protocol interactions, and routing and control plane dependencies. G-RCA abstracts the RCA process
into signature identification for symptom and diagnostic events, temporal and
spatial event correlation, and reasoning and inference logic. G-RCA provides a simple yet flexible rule specification language that allows operators to quickly customize G-RCA into different RCA tools as new problems need to be investigated and understood. G-RCA is also integrated with the data trending,
manual data exploration, and statistical correlation mining capabilities that are tailored for SQM. G-RCA has proven to be a highly effective SQM platform in several different applications and we present results regarding BGP flaps, PIM flaps in Multicast VPN service, and end-to-end throughput drop in CDN service.}
FlowRoute: Inferring Forwarding Table Updates Using Passive Flow-level Measurements
Lee Breslau, Cheng Ee, Alexandre Gerber, Subhabrata Sen, Amogh Dhamdhere, Nicholas Duffield, Carsten Lund
in Proc. of ACM Internet Measurement Conference (IMC),
2010.
[PDF]
[BIB]
ACM Copyright
(c) ACM, 2010. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACM Internet Measurement Conference , 2010-11-01.
{The reconvergence of routing protocols in response to changes
in network topology can impact application performance.
While improvements in protocol specification and implementation have significantly reduced reconvergence times,
increasingly performance-sensitive applications continue to
raise the bar for these protocols. As such, monitoring the
performance of routing protocols remains a critical activity
for network operators. We design FlowRoute, a tool based
on passive data plane measurements that we use in conjunction with control plane monitors for offline debugging and
analysis of forwarding table dynamics. We discuss practical
constraints that affect FlowRoute, and show how they can
be addressed in real deployment scenarios. As an application of FlowRoute, we study forwarding table updates by
backbone routers at a tier-1 ISP. We detect interesting behavior such as delayed forwarding table updates and routing
loops due to buggy routers � confirmed by network opera-
tors � that are not detectable using traditional control plane
monitors.}
Multicast Redux: A First Look at Enterprise Multicast Traffic
Elliott Karpilovsky, Lee Breslau, Alexandre Gerber, Subhabrata Sen
in Proc. of ACM SIGCOMM Workshop: Research on Enterprise Networking (WREN),
2009.
[PDF]
[BIB]
ACM Copyright
(c) ACM, 2009. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in ACM SICOMM 2009 , 2009-08-17.
{IP multicast, after spending much of the last 20 years as
the subject of research papers, protocol design efforts and
limited experimental usage, is finally seeing significant deployment in production networks. The efficiency afforded
by one-to-many network layer distribution is well-suited to
such emerging applications as IPTV, file distribution, conferencing, and the dissemination of financial trading information. However, it is important to understand the behavior
of these applications in order to see if network protocols are
appropriately supporting them. In this paper we undertake
a study of enterprise multicast traffic as observed from the
vantage point of a large VPN service provider. We query
multicast usage information from provider edge routers for
our analysis. To our knowledge, this is the first study of production multicast traffic. Our purpose is both to understand
the characteristics of the tra�c (in terms of �ow duration,
throughput, and receiver dynamics) and to gain insight as
to whether the current mechanisms support multicast VPNs
can be improved. Our analysis reveals several classes of multicast traffic for which changes to the underlying protocols
may yield benefits.}
Method And System For Computing Multicast Traffic Matrices,
Tue Feb 12 17:25:02 EST 2013
A system and method for receiving, from one or more ingress routers, a first set of records including data corresponding to network traffic, receiving, from one or more egress routers, a second set of records including data corresponding to network traffic and creating a multicast traffic matrix using at least a portion of the data included in the first and second sets of records.
Methods And Apparatus To Distribute Network IP Traffic,
Tue Dec 11 16:12:27 EST 2012
Example methods and apparatus to distribute network IP traffic are disclosed. A disclosed example method includes receiving a first IP control packet at an input of a first server, the first IP control packet being received from a first router, selecting a second router within a router array associated with the first router to send the first IP control packet, the first server selecting the second router by matching a destination IP address of the first IP control packet to a first IP address subspace associated with the second router, transmitting the first IP control packet to the second router, and updating a forwarding table in the first router by associating the destination IP address of the first IP control packet with a first control path from the first router to the second router.
Method And System Of Monitoring The Receipt Of Multicast Traffic,
Tue Nov 06 16:12:10 EST 2012
A method and system for monitoring data packet traffic in a multicast network comprising determining a first packet count received at a receiver router, representing a quantity of data packets associated with a multicast group and source at a first time, determining a second packet count received at that receiver router representing a quantity of data packets associated with that multicast group and source, at a second time subsequent to the first time, comparing the second packet count to the first packet count, and indicating an alarm in response to the second packet count being less than a predetermined value greater than the first packet count. A status for multiple routers can be obtained, comprising a difference between the quantity of the first and second packet counts; and indicating a warning in response to at least one of the plurality of router status being less than the predetermined value.
Methods And Apparatus To Deploy And Monitor Network Layer Functionalities,
Tue Oct 04 16:06:12 EDT 2011
Example methods and apparatus to deploy and monitor network layer functionalities are disclosed. A disclosed example method includes receiving an Internet Protocol (IP) packet at an input of a server, the IP packet being received from a communicatively coupled router, identifying the IP packet as a production IP packet or a non-production IP packets, when the IP packet is the non-production IP packet, manipulating data within the IP packet to monitor network layer functionality, forwarding the manipulated non-production IP packet to the router, and when the IP packet is the production IP packet, forwarding the production IP packet to the router without manipulating data within the IP packet.
Method And Apparatus For Providing Performance Measurement For A Network Tunnel,
Tue Aug 23 16:06:00 EDT 2011
A method and apparatus for providing performance measurements on network tunnels in packet networks are disclosed. For example, the method establishes two tunnels between a first measurement host and a first router, and establishes a tunnel between the first router and a second measurement host. The method also establishes a multicast group having a plurality of members, and sends one or more packets addressed to the multicast group from the first measurement host. The method measures the frequencies of directly and/or indirectly received responses from the plurality of members of the multicast group, and provides a plurality of estimated values for a plurality of packet transmission rates from measurement of the frequencies for one or more of said tunnels.
Method For Implementing And Reporting One-Way Network Measurements,
Tue May 31 16:05:19 EDT 2011
A method is disclosed for implementing and reporting network measurements between a source of probe packets and an element, such as a router. The invention exploits commonly implemented features on commercial elements. By exploiting these features, the expense of deploying special purpose measurement devices can be avoided. In one aspect of the invention, a plurality of probe packets is transmitted in a packet network with each of the probe packets having the same key and the same aggregation characteristic. A report is then received from an instructionless element regarding the plurality of probe packets, thereby enabling measurement of a parameter of the packet network.
Method And Apparatus For Monitoring A Network,
Tue May 10 16:05:04 EDT 2011
Certain exemplary embodiments provide a method that can comprise establishing a tunnel between a monitor and at least one router; sending a message to join a multicast transmission; and/or transmitting a packet via the tunnel to a router. The packet can comprise a source address of the network monitor and a destination address comprising a multicast address.
Method And Apparatus For One-Way Passive Loss Measurements Using Sampled Flow Statistics,
Tue Apr 12 16:04:51 EDT 2011
A packet loss estimation technique is disclosed that utilizes the sampled flow level statistics that are routinely collected in operational networks, thereby obviating the need for any new router features or measurement infrastructure. The technique is specifically designed to handle the challenges of sampled flow-level aggregation such as information loss resulting from packet sampling, and generally comprises: receiving a first record of sampled packets for a flow from a first network element; receiving a second record of sampled packets for the flow from a second network element communicating with the first network element; correlating sampled packets from the flow at the first network element and the second network element to a measurement interval; and estimating the packet loss using a count of the sampled packets correlated to the measurement interval.
Method For Computing Multicast Traffic Matrices,
Tue Sep 07 15:04:35 EDT 2010
A system and method for receiving, from one or more ingress routers, a first set of records including data corresponding to network traffic, receiving, from one or more egress routers, a second set of records including data corresponding to network traffic and creating a multicast traffic matrix using at least a portion of the data included in the first and second sets of records.
Method And System Of Monitoring The Receipt Of Multicast Traffic,
Tue Jun 01 15:03:56 EDT 2010
A method and system for monitoring data packet traffic in a multicast network comprising determining a first packet count received at a receiver router, representing a quantity of data packets associated with a multicast group and source at a first time, determining a second packet count received at that receiver router representing a quantity of data packets associated with that multicast group and source, at a second time subsequent to the first time, comparing the second packet count to the first packet count, and indicating an alarm in response to the second packet count being less than a predetermined value greater than the first packet count. A status for multiple routers can be obtained, comprising a difference between the quantity of the first and second packet counts; and indicating a warning in response to at least one of the plurality of router status being less than the predetermined value.
Method And System For Compiling Multicast Router Data,
Tue May 11 15:03:51 EDT 2010
A method of obtaining router information in a multicast network, including transmitting a routing table query and a router name query, receiving router state data associated with a multicast router in response to the routing table query, and receiving a router identifier associated with the multicast router in response to the router name query, the router identifier being distinct from any IP address associated with the multicast router. Also disclosed is a system using a processing device adapted to perform the above method and transmit the router state data to a graphical user interface. The queries are preferably transmitted in Simple Network Management Protocol (SNMP). Further, a part of the displayed data can include hypertext links on router names adapted to display router state data associated with a second multicast router.
Method and system of monitoring the receipt of multicast traffic,
Tue Feb 20 18:11:54 EST 2007
A method of and system for monitoring traffic in a multicast network including determining at a first time a first packet count representing a quantity of packets associated with a multicast group transmitted from at least one source, and received by a router, determining at a second time a second packet count representing a quantity of packets associated with the multicast group, transmitted from the at least one source, and received by the router, the second time being after the first time, comparing the second packet count to the first packet count, and initiating an alarm in response to the second packet count being less than a predetermined value greater than the first packet count. A status for multiple routers can be obtained, comprising a difference between the quantity of the first and second packet counts, and indicating a warning in response to at least one of the plurality of router status being less than the predetermined value.
