Diagnosing network disruptions with network-wide analysis

Yiyi Huang, Nicholas G. Feamster, Anukool Lakhina, Jun Xu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

31 Scopus citations

Abstract

To maintain high availability in the face of changing network conditions, network operators must quickly detect, identify, and react to events that cause network disruptions. One way to accomplish this goal is to monitor routing dynamics, by analyzing routing update streams collected from routers. Existing monitoring approaches typically treat streams of routing updates from different routers as independent signals, and report only the "loud" events (i.e., events that involve large volume of routing messages). In this paper, we examine BGP routing data from all routers in the Abilene backbone for six months and correlate them with a catalog of all known disruptions to its nodes and links. We find that many important events are not loud enough to be detected from a single stream. Instead, they become detectable only when multiple BGP update streams are simultaneously examined. This is because routing updates exhibit network-wide dependencies. This paper proposes using network-wide analysis of routing information to diagnose (i.e., detect and identify) network disruptions. To detect network disruptions, we apply a multivariate analysis technique on dynamic routing information, (i.e., update traffic from all the Abilene routers) and find that this technique can detect every reported disruption to nodes and links within the network with a low rate of false alarms. To identify the type of disruption, we jointly analyze both the network-wide static configuration and details in the dynamic routing updates; we find that our method can correctly explain the scenario that caused the disruption. Although much work remains to make network-wide analysis of routing data operationally practical, our results illustrate the importance and potential of such an approach.

Original languageEnglish (US)
Title of host publicationSIGMETRICS'07 - Proceedings of the 2007 International Conference on Measurement and Modeling of Computer Systems
Pages61-72
Number of pages12
Edition1
DOIs
StatePublished - Nov 29 2007
EventSIGMETRICS'07 - 2007 International Conference on Measurement and Modeling of Computer Systems - San Diego, CA, United States
Duration: Jun 12 2007Jun 16 2007

Publication series

NamePerformance Evaluation Review
Number1
Volume35
ISSN (Print)0163-5999

Other

OtherSIGMETRICS'07 - 2007 International Conference on Measurement and Modeling of Computer Systems
CountryUnited States
CitySan Diego, CA
Period6/12/076/16/07

All Science Journal Classification (ASJC) codes

  • Software
  • Hardware and Architecture
  • Computer Networks and Communications

Keywords

  • Anomaly detection
  • Network management
  • Statistical inference

Fingerprint Dive into the research topics of 'Diagnosing network disruptions with network-wide analysis'. Together they form a unique fingerprint.

Cite this