Matthew Roughan
Tim Griffin
Albert Greenberg
Abstract
IP forwarding anomalies, triggered by equipment failures, implementation bugs, or configuration errors, can significantly disrupt and degrade network service. Robust and reliable detection of such anomalies is essential to rapid problem diagnosis, problem mitigation, and repair. We propose a simple, robust method that integrates routing and traffic data streams to reliably detect forwarding anomalies. The overall method is scalable, automated and self-training. We find this technique effectively identifies forwarding anomalies, while avoiding the high false alarms rate that would otherwise result if either stream were used unilaterally.
- A.Brown and D. A. Patterson, "To err is human," in Proceedings of the First Workshop on Evaluating and Architecting System dependability (EASY'01), (Göteborg, Sweden), 2001.Google Scholar
- D. Patterson, A. Brown, P. Broadwell, G. Candea, M. Chen, J. Cutler, P. Enriquez, A. Fox, E. Kiciman, M. Merzbacher, D. Oppenheimer, N. Sastry, W. Tetzlaff, J. Traupman, and N. Treuhaft, "Recovery-oriented computing (roc): Motivation, definition, techniques, and case studies," Tech. Rep. UCB//CSD-02-1175, UC Berkeley Computer Science, 2002. Google ScholarDigital Library
- D. Oppenheimer, A. Ganapathi, and D. A. Patterson, "Why do Internet services fail, and what can be done about it?," in 4th Usenix Symposium on Internet Technologies and Systems (USITS'03), 2003. Google ScholarDigital Library
- D.J.Houck, K.S.Meier-Hellstern, F.Saheban, and R.A.Skoog, "Failure and congestion propagation through signalling control," in Proceedings of the 14th International Teletraffic Congress (ITC-14) (J. Labetoulle and J. W.Roberts, eds.), vol. 1a, pp. 367--376, Elsevier, 1994.Google Scholar
- J. Strand, A. Chiu, and R. Tkach, "Issues for routing in the optical layer," IEEE Communications Magazine, February 2001. Google ScholarDigital Library
- Nanog mailing list http://www.cctec.com/maillists/nanog/historical/0005/msg00073.html, 5th May 2000.Google Scholar
- Nanog mailing list: http://www.cctec.com/maillists/nanog/historical/0210/msg00058.html, 3rd October 2002.Google Scholar
- J. D. Brutag, "Aberrant behavior detection and control in time series for network monitoring," in Proceedings of the 14th Systems Administration Conference (LISA 2000), (New Orleans, LA, USA), USENIX, December 2000. Google ScholarDigital Library
- M. Roughan, A. Greenberg, C. Kalmanek, M. Rumsewicz, J. Yates, and Y. Zhang, "Experience in measuring Internet backbone traffic variability: Models, metrics, measurements and meaning," in Proceedings of the International Teletraffic Congress (ITC-18), 2003.Google Scholar
- S. H. Steiner, "Grouped data exponentially weighted moving average control charts," Applied Statistics, vol. 47, no. 2, 1998.Google Scholar
- P. Barford, J. Kline, D. Plonka, and A. Ron, "A signal analysis of network traffic anomalies," in ACM SIGCOMM Internet Measurement Workshop, (Marseilles, France), November 2002. Google ScholarDigital Library
Index Terms
- Combining routing and traffic data for detection of IP forwarding anomalies
Recommendations
IP forwarding anomalies and improving their detection using multiple data sources
NetT '04: Proceedings of the ACM SIGCOMM workshop on Network troubleshooting: research, theory and operations practice meet malfunctioning realityIP forwarding anomalies, triggered by equipment failures, implementation bugs, or configuration errors, can significantly disrupt and degrade network service. Robust and reliable detection of such anomalies is essential to rapid problem diagnosis, ...
Combining routing and traffic data for detection of IP forwarding anomalies
SIGMETRICS '04/Performance '04: Proceedings of the joint international conference on Measurement and modeling of computer systemsIP forwarding anomalies, triggered by equipment failures, implementation bugs, or configuration errors, can significantly disrupt and degrade network service. Robust and reliable detection of such anomalies is essential to rapid problem diagnosis, ...
The BGP monitoring and alarming system to detect and prevent anomaly IP prefix advertisement
RACS '13: Proceedings of the 2013 Research in Adaptive and Convergent SystemsThe Border Gateway Protocol (BGP) is the routing protocol that enables large IP networks to form a single Internet. The main objective of BGP is to exchange Network Layer Reachability Information (NLRI) between Autonomous Systems (ASes) so that a BGP ...
Comments