计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (2): 311-321.doi: 10.11896/jsjkx.221100196

• 计算机网络 • 上一篇    下一篇

EAGLE:一种内核态及用户态中基于遥测数据图的网络遥测方案

肖肇斌1,2,3, 崔允贺1,2,3, 陈意1,2,3, 申国伟1,2,3, 郭春1,2,3, 钱清4   

  1. 1 贵州大学计算机科学与技术学院 贵阳550025
    2 省部共建公共大数据国家重点实验室 贵阳550025
    3 文本计算与认知智能教育部工程研究中心 贵阳550025
    4 贵州财经大学信息学院 贵阳550025
  • 收稿日期:2022-11-24 修回日期:2023-06-22 出版日期:2024-02-15 发布日期:2024-02-22
  • 通讯作者: 崔允贺(yhcui@gzu.edu.cn)
  • 作者简介:(2873121871@qq.com)
  • 基金资助:
    国家自然科学基金青年科学基金(62102111);贵州省科技计划项目([2020]1Y267);贵州大学引进人才项目([2019]52)

EAGLE:A Network Telemetry Mechanism Based on Telemetry Data Graph in Kernel and UserMode

XIAO Zhaobin1,2,3, CUI Yunhe1,2,3, CHEN Yi1,2,3, SHEN Guowei1,2,3, GUO Chun1,2,3, QIAN Qing4   

  1. 1 School of Computer Science and Technology,Guizhou University,Guiyang 550025,China
    2 State Key Laboratory of Public Big Data,Guiyang 550025,China
    3 Engineering Research Center for Text Computing and Cognitive Intelligence,Ministry of Education,Guiyang 550025,China
    4 School of Information,Guizhou University of Finance and Economics,Guiyang 550025,China
  • Received:2022-11-24 Revised:2023-06-22 Online:2024-02-15 Published:2024-02-22
  • About author:XIAO Zhaobin,born in 1997,master,is a member of CCF(No.N1797G).His main research interests include SDN,network telemetry,efficient data plane programming,network and information security.CUI Yunhe,born in 1987,Ph.D,asso-ciate professor,is a member ofCCF(No.F3600M).His main research interests include edge computing,networksecu-rity,software-defined networks and data center networks,and network telemetry.
  • Supported by:
    Young Scientists Fund of the National Natural Science Foundation of China(62102111),Science and Technology Project of Guizhou Province([2020]1Y267) and Talent Introduction Project of Guizhou University([2019]52).

PDF (PC)

872

摘要: 网络遥测是一种新型的网络测量技术,具有实时性强、准确性高、开销低的特点。现有网络遥测技术存在无法收集多粒度网络数据、无法有效存储大量原始网络数据、无法快速提取及生成网络遥测信息、无法利用内核态及用户态特性设计网络遥测方案等问题。为此,提出了一种融合内核态及用户态的、基于遥测数据图和同步控制块的多粒度、可扩展、覆盖全网的网络遥测机制(a nEtwork telemetry mechAnism based on telemetry data Graph in kerneL and usEr mode,EAGLE)。EAGLE设计了一种能够收集多粒度数据且数据平面上灵活可控的网络遥测数据包结构,用于获取上层应用所需的数据。此外,为快速存储、查询、统计、聚合网络状态数据,实现网络遥测数据包所需遥测数据的快速提取与生成,EAGLE提出了一种基于遥测数据图及同步控制块的网络遥测信息生成方法。在此基础上,为了最大化网络遥测机制中网络遥测数据包的处理效率,EAGLE提出了融合内核态及用户态特性的网络遥测信息嵌入架构。在Open vSwitch上实现了EAGLE方案并进行了测试,测试结果表明,EAGLE能够收集多粒度数据并快速提取与生成遥测数据,且仅增加极少量的处理时延及资源占用率。

关键词: 网络遥测, 遥测效率, 可编程数据平面, 遥测数据图, 内核空间

Abstract: Network telemetry is a new type of network measurement technology,which has the characteristics of strong real-time performance,high accuracy and low overhead.Existing network telemetry technologies have problems such as being unable to collect multi-granularity network data,unable to effectively store a large amount of original network data,unable to quickly extract and generate network telemetry information,and unable to design network telemetry solutions using kernel-mode and user-mode features.In order to solve the above problems,this paper proposes a multi-granularity,scalable,and network-wide network tele-metry mechanismEAGLE,which integrates kernel mode and user mode,and is based on telemetry data graphs and synchronization control blocks.EAGLE has designed a flexible and controllable network telemetry packet structure on the data plane that can collect multi-granularity data,and is used to obtain the data required by upper-layer applications.In addition,in order to quickly store,query,count,and aggregate network status data,and realize the rapid extraction and generation of telemetry data required by network telemetry packets,EAGLE proposes a network telemetry information generation method based on telemetry data graphs and synchronization control blocks.On this basis,in order to maximize the processing efficiency of network telemetry packets in the network telemetry mecha-nism,EAGLE proposes a network telemetry information embedding architecture that integrates the characteristics of kernel state and user state.Finally,this paper implements and tests the EAGLE scheme on Open vSwitch.The test results show that EAGLE can collect multi-granularity data and quickly extract and generate telemetry data with only a little increase in processing time and resource usage.

Key words: Network telemetry, Telemetry efficiency, Programmable data plane, Telemetry data graph, Kernel space

中图分类号: 

  • TP393
[1]GULENKO A,WALLSCHLÄGER M,KAO O.A practical implementation of in-band network telemetry in open vswitch[C]//2018 IEEE 7th International Conference on Cloud Networking(CloudNet).IEEE,2018.
[2]MCKEOWN N,ANDERSON T,BALAKRISHNAN H,et al.OpenFlow:enabling innovation in campus networks[J].ACM SIGCOMM Computer Communication Review,2008,38(2):69-74.
[3]ZHANG H,CAI Z,LIU Q,et al.A survey on security-aware measurement in SDN[J/OL].https://www.hindawi.com/journals/scn/2018/2459154/.
[4]PENG G B,CHEN M,BAI Y.Analysis of SDN Attack and Defense Technology [J].Information Security Research,2019,5(4):333.
[5]CAI Z,WANG Z,ZHENG K,et al.A distributed TCAM coprocessor architecture for integrated longest prefix matching,policy filtering,and content filtering[J].IEEE Transactions on Computers,2011,62(3):417-427.
[6]PHAAL P,PANCHEN S,MCKEE N.InMon corporation’ssFlow:A method formonitoring traffic in switched and routed networks[EB/OL].https://www.rfc-editor.org/info/rfc3176.
[7]QUITTEK J,ZSEBY T,CLAISE B,et al.Requirements for IP flow information export(IPFIX)[EB/OL].https://www.rfc-editor.org/info/rfc3917.
[8]SOMMER R,FELDMANN A.NetFlow:Information loss orwin? [C]//Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurment.2002:173-174.
[9]CLAISE B,JOHNSON A,QUITTEK J.Packet sampling(PSAMP) protocol specifications[EB/OL].https://www.rfc-editor.org/info/rfc5476.
[10]TAN L,SU W,ZHANG W,et al.In-band network telemetry:A survey[J].Computer Networks,2021,186:107763.
[11]KIM C,SIVARAMAN A,KATTA N,et al.In-band networktelemetry via programmable dataplanes[C]//ACM SIGCOMM Industrial Demo Session.2015.
[12]LIU ZZ,BI J,ZHOU Y,et al.Active network telemetry mechanism based on P4 [J].Journal of Communications,2018,39(A1):162-169.
[13]RAMANATHAN S,KANZA Y,KRISHNAMURTHY B.SDProber:A software defined prober for SDN[C]//Proceedings of the Symposium on SDN Research.2018.
[14]ZHOU Y,SUN C,LIU H H,et al.Flow event telemetry on programmable data plane[C]//Proceedings of the Annual Confe-rence of the ACM Special Interest Group on Data Communication on the Applications,Technologies,Architectures,and Protocols for Computer Communication.2020:76-89.
[15]HUANG Q,SUN H,LEE P P C,et al.Omnimon:Re-architecting network telemetry with resource efficiency and full accuracy[C]//Proceedings of the 2020 Annual Conference of the ACM Special Interest Group on Data Communication on the Applications,Technologies,Architectures,and Protocols for Computer Communication.2020:404-421.
[16]PAN T,LIN X C,ZHANG J,et al.In-band network telemetry system based on high-performance packet processing architecture VPP[J].Journal of Communications,2021,42(3):75-90.
[17]FEZEU R A K,ZHANG Z L.Anomalous Model-Driven-Tele-metry Network-Stream BGP Detection[C]//2020 IEEE 28th International Conference on Network Protocols(ICNP).IEEE,2020.
[18]BEN BASAT R,RAMANATHAN S,LI Y,et al.PINT:Probabilistic in-band network telemetry[C]//Proceedings of the 2020 Annual Conference of the ACM Special Interest Group on Data Communication on the Applications,Technologies,Architectures,and Protocols for Computer Communication.2020:662-680.
[19]NAM S,LIM J,YOO J H,et al.Network anomaly detectionbased on in-band network telemetry with RNN[C]//2020 IEEE International Conference on Consumer Electronics-Asia(ICCE-Asia).IEEE,2020.
[20]PFAFF B,PETTIT J,KOPONEN T,et al.The Design and Implementation of Open vSwitch[C]//12th USENIX Symposium on Networked Systems Design and Implementation(NSDI 15).2015:117-130.
[21]YUAN X,MAHAPATRA S,NIENABER W,et al.A new routing scheme for Jellyfish and its performance with HPC workloads[C]//Proceedings of the International Conference on High Performance Computing,Networking,Storage and Analysis.2013.
[22]CUI Y,YAN L,LI S,et al.SD-Anti-DDoS:Fast and efficient DDoS defense in software-defined networks[J].Journal of Network and Computer Applications,2016,68:65-79.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发