TY - GEN
T1 - Diagnosing network disruptions with network-wide analysis
AU - Huang, Yiyi
AU - Feamster, Nick
AU - Lakhina, Anukool
AU - Xu, Jun
PY - 2007
Y1 - 2007
N2 - To maintain high availability in the face of changing network conditions, network operators must quickly detect, identify, and react to events that cause network disruptions. One way to accomplish this goal is to monitor routing dynamics, by analyzing routing update streams collected from routers. Existing monitoring approaches typically treat streams of routing updates from different routers as independent signals, and report only the "loud" events (i.e., events that involve large volume of routing messages). In this paper, we examine BGP routing data from all routers in the Abilene backbone for six months and correlate them with a catalog of all known disruptions to its nodes and links. We find that many important events are not loud enough to be detected from a single stream. Instead, they become detectable only when multiple BGP update streams are simultaneously examined. This is because routing updates exhibit network-wide dependencies. This paper proposes using network-wide analysis of routing information to diagnose (i.e., detect and identify) network disruptions. To detect network disruptions, we apply a multivariate analysis technique on dynamic routing information, (i.e., update traffic from all the Abilene routers) and find that this technique can detect every reported disruption to nodes and links within the network with a low rate of false alarms. To identify the type of disruption, we jointly analyze both the network-wide static configuration and details in the dynamic routing updates; we find that our method can correctly explain the scenario that caused the disruption. Although much work remains to make network-wide analysis of routing data operationally practical, our results illustrate the importance and potential of such an approach.
AB - To maintain high availability in the face of changing network conditions, network operators must quickly detect, identify, and react to events that cause network disruptions. One way to accomplish this goal is to monitor routing dynamics, by analyzing routing update streams collected from routers. Existing monitoring approaches typically treat streams of routing updates from different routers as independent signals, and report only the "loud" events (i.e., events that involve large volume of routing messages). In this paper, we examine BGP routing data from all routers in the Abilene backbone for six months and correlate them with a catalog of all known disruptions to its nodes and links. We find that many important events are not loud enough to be detected from a single stream. Instead, they become detectable only when multiple BGP update streams are simultaneously examined. This is because routing updates exhibit network-wide dependencies. This paper proposes using network-wide analysis of routing information to diagnose (i.e., detect and identify) network disruptions. To detect network disruptions, we apply a multivariate analysis technique on dynamic routing information, (i.e., update traffic from all the Abilene routers) and find that this technique can detect every reported disruption to nodes and links within the network with a low rate of false alarms. To identify the type of disruption, we jointly analyze both the network-wide static configuration and details in the dynamic routing updates; we find that our method can correctly explain the scenario that caused the disruption. Although much work remains to make network-wide analysis of routing data operationally practical, our results illustrate the importance and potential of such an approach.
KW - Anomaly detection
KW - Network management
KW - Statistical inference
UR - http://www.scopus.com/inward/record.url?scp=36348978761&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=36348978761&partnerID=8YFLogxK
U2 - 10.1145/1269899.1254890
DO - 10.1145/1269899.1254890
M3 - Conference contribution
AN - SCOPUS:36348978761
SN - 1595936394
SN - 9781595936394
T3 - Performance Evaluation Review
SP - 61
EP - 72
BT - SIGMETRICS'07 - Proceedings of the 2007 International Conference on Measurement and Modeling of Computer Systems
T2 - SIGMETRICS'07 - 2007 International Conference on Measurement and Modeling of Computer Systems
Y2 - 12 June 2007 through 16 June 2007
ER -