Session 1 (chairs: Tim Chown and Ivana Golub)
Data Plane Programming / In Band Telemetry, Mauro Campanella, (GARR)
Abstract: The Data Plane Programming task in GN4-3 has focuses in two use cases: simple DDoS identification and In Band Telemetery usong Telemetry using the P4 programming language. The talk reports the ongoing INT experience, providing new insight in network behaviour and challenges on data collection and presentation.
...
Abstract: Programmable data plane platforms like Tofino-based switches and FPGA linecards enable the implementation of new solutions for network traffic handling. The presentation will report the experience of WP6 Data Plane Programming task in the use of “sketches” algoritms algorithms implemented directly in the data plane for DDoS traffic detection and traffic monitoring. The sketch structures provide memory-efficient collection of summarised traffic statistics and have interesting benefits in comparison to the other monitoring techniques. They allow to process all incoming packets at wire speed ,because a sketch requires a very limited set of actions to be performed for every packet. This implies that all processed packets can contribute to traffic statistics without any performance penalty. Sketches are a great tool for scalable, fine-grained and millisecond or lower latency inline on-switch network analytics. Benefits, usage use-cases and limitation of P4-based sketch structures deployment will be summairzed basied summarised based on our implementation and testing in Tofino switch chip.
Bio: Damian Parniewicz is a researcher in Poznan Supercomputing and Networking Center. He has participated in many European Union Research and Development projects. His major interest areas are network control planes, network monitoring, programmable chipsets, SDN/NFV as well as Big Data technologies, edge computing and ML/DL applied for network security.
Session 2 (chairs: Simon Leinen and Mauro Campanella)
Scalable and Cost-Efficient Generation of Unsampled NetFlow, Alexander Gall (SWITCH)
...
Bio: Fabio Farina has a PhD in Computer Science and works with GARR since 2010. Fabio works on European projects, on the creation of new services and on NFV, Edge and orchestration under the GARR Network evolution framework. In detail, during last year Fabio contributed to the refactoring and the automation of the monitoring and logging software stacks adopted by the GARR Infrastructure and System Support departments.
Session 3 (chairs: Simon Leinen and Mauro Campanella)
Community Shared Telemetry, Karl Newell (Internet2)
...
Bio: Alex Moura is Network Engineer and Science Engagement Specialist at RNP, the Brazilian National Research and Education Network, and holds a master's degree in information systems and computer networks from Unirio.
Session 4 (chairs: Pavle Vuletic and Ivana Golub)
Network Telemetry at AmLight, Jeronimo Bezerra (Amlight)
...
AmLight operates as an SDN network since 2014 and is being migrated to a white-box infrastructure to support P4Runtime and In-band Network Telemetry (INT). In 2018, Florida International University (FIU) was funded by NSF to evalute evaluate telemetry opportunities over AmLight links to enable real-time monitoring of data science flows, including the Vera Rubin Observatory’s flows formerly known as Large Synoptic Survey Telescope (LSST).
Currently, seven Tofino-based white boxes are deployed at AmLight using the NoviWare network operating system to gather and export telemetry reports. With this presentation, we aim to share our experience, achievements, and struggles/challenges.
Answering the conference request:
• Which data are collected and how
In-band Network Telemetry over Tofino In-band Network Telemetry over Tofino chip enables switches to export, per packet, IP+TCP/UDP header, and INT metadata. The INT metadata currently supported includes ingress port ID, egress port ID, ingress timestamp, egress timestamp, hop delay, egress queue ID, and egress queue occupancy). Each Tofino-chip switch in the path adds its INT metadata to user packets. The Tofino chip exports the data directly from the data plane, in real-time, to an INT Collector.• Tools used for the analysis and presentation/visualization/storage of data
We created several tools for data analysis and visualization/correlation of events.• Benefits
Real-time visibility of interface buffers/queues gives us an understanding of where the points of attention are. Also, we have proof-of-transit per packet, equivalent to a layer 1/2 traceroute.• Issues, challenges, and gaps - what you would like to be able to do but cannot
A typical Vera Rubin telescope data transfer will be 5-second bursts of 9Kbytes packets at 40+Gbps from Chile to the U.S. throughout the night. Each burst creates a telemetry flow of 1.4Gbps @ 487kpps and a total 900MB of telemetry data to be processed/stored/shared. The challenge is receiving 487.000 256-byte packets per second, single flow, single NIC queue, single CPU core, and process them in real-time. Without Kernel bypass, most CPU cores will operate at 100% and drop more than 80% of the packets due to the high CPU utilization. And, this is just one flow over AmLight.
...
Bio: Richard Cziva is a software engineer at ESnet. He has a range of technical interests including traffic and performance analysis, data-plane programmability, high-speed packet processing, software-defined networking, and network function virtualization.
Prior to joining ESnet in 2018, Richard was a Research Associate at University of Glasgow, where he looked at how advanced services (e.g., personalized firewalls, intrusion detection modules, measurement functions) can be implemented and managed inside wide area networks with programmable edge capabilities.
Richard holds a BSc in Computer Engineering (2013) from Budapest University of Technology and Economics, Hungary and a Ph.D. in Computer Science (2018) from University of Glasgow, United Kingdom.
NetSage measurement Use Cases and monitoring platformScalability, Doug Jontz Doug Southworth (Indiana University)
Abstract: NetSage is a unified, open, privacy-aware measurement, analysis, and visualization service designed to address the needs of today’s research and education (R&E) data sharing collaborations. NetSage is currently deployed on both international and US domestic regional networks to help users detect patterns of behaviors and identify possible problems, which can lead to better data transfers. It combines together SNMP, Flow, Tstat data from archives, and data from active perfSONAR measurements into unified views from dashboards.The innovative aspect of NetSage is not The innovative aspect of NetSage is not in the individual pieces but rather in the integration of data sources to support objective performance observations as a whole. NetSage deployments can collect data from routers, switches, active testing sites, and science data archives, which are common for collaborative research. NetSage uses a combination of uses a combination of passive and active measurement data to provide longitudinal performance visualizations via performance Dashboards. The Dashboards can be used to identify changes of behaviors over monitored resources, new patterns for data transfers, or unexpected data movement to help researchers achieve better performance for inter-institutional data sharing.
Unlike many other monitoring tools, NetSage was designed to enable further insight of network behaviors by combining multiple data sources to create a result larger than the sum of its parts, and to make that data available to a broad set of end users. NetSage is used for data analysis to understand longer term trends and behaviors, unlike many other tools aimed to support network operations only.
The NetSage software consists of a set of open source tools that are deployed on local systems, and a managed, centralized, secure data archive. NetSage TestPoints are a collection of software and hardware components that gather active and passive data into records that are then sent to the Data Ingest Pipeline. The five-step Pipeline filters those records and adds additional tags before de-identifying the data. The records are then stored in the NetSage Archive, a centralized storage framework consisting of two different databases, a Time Series Data System (TSDS) archive and an Elasticsearch archive. Performance Dashboards, built using the open source Grafana analysis and visualization engine, access the records from the NetSage Archive to present visualizations to answer the questions identified by the stakeholders.
Bio: Doug Southworth is a Network Systems Analyst for International Networks at Indiana University, working with EPOC, perfSONAR, and NetSage in both developer and science engagement roles, focusing on performance analysis. Prior to working at IU, Southworth has held senior systems engineer positions with several state and federal agencies, including his last position with the United States Courts.Bio: the Network Systems Analyst from Indiana University
A Proposal towards sFlow Monitoring Dashboards for AI-controlled NRENs, Mariam Kiran (Esnet)
...