Enhancing Global Network Monitoring with Magnifier

Abstract

Monitoring where traffic enters and leaves a network is a routine task for network operators. In order to scale with Tbps of traffic, large Internet Service Providers (ISPs) mainly use traffic sampling for such global monitoring. Sampling either provides a sparse view or generates unreasonable overhead. While sampling can be tailored and optimized to specific contexts, this coverage–overhead trade-off is unavoidable.

Rather than optimizing sampling, we propose to “magnify” the sampling coverage by complementing it with mirroring. Magnifier enhances the global network view using a two-step approach: based on sampling data, it first infers traffic ingress and egress points using a heuristic, then it uses mirroring to validate these inferences efficiently. The key idea behind Magnifier is to use negative mirroring rules; i.e., monitor where traffic should not go. We implement Magnifier on commercial routers and demonstrate that it indeed enhances the global network view with negligible traffic overhead. Finally, we observe that monitoring based on our heuristics also allows to detect other events, such as certain failures and DDoS attacks.

Research Area: Network Analysis and Reasoning

People

Dr. Tobias Bühler

PhD student

2016—2023

Dr. Romain Jacob

Post-doc

Prof. Laurent Vanbever

Group Leader

Talk

BibTex

@inproceedings{bühler2023enhancing,
  author    = {B{\"{u}}hler, Tobias and Jacob, Romain and Poese, Ingmar and Vanbever, Laurent},
  title     = {{Enhancing Global Network Monitoring with Magnifier}},
  booktitle = {Proceedings of the 20th USENIX Symposium on Networked Systems Design and Implementation},
  address   = {Boston, MA, USA},
  year      = 2023,
  month     = apr,
  publisher = {USENIX Association},
  url       = {https://www.usenix.org/conference/nsdi23/presentation/buhler}
}

Research Collection: 20.500.11850/612426

Slide Sources: https://gitlab.ethz.ch/projects/41219