SlideShare a Scribd company logo

slides-117-anrw-sessb-daisy-practical-anomaly-detection-in-large-bgpmpls-and-bgpsrv6-vpn-networks-00.pdf

T
ThomasGraf42

Network Anomaly Detection

Internet
1 of 17
Download to read offline
Daisy: Practical Anomaly Detection in large BGP/MPLS and BGP/SRv6 VPN Networks Alex HUANG FENG, INSA Lyon - alex.huang-feng@insa-lyon.fr Pierre FRANCOIS, INSA Lyon - pierre.francois@insa-lyon.fr Stéphane FRENOT, INSA Lyon - stephane.frenot@insa-lyon.fr Thomas GRAF, Swisscom - thomas.graf@swisscom.com Wanting DU, Swisscom - wanting.du@swisscom.com Paolo LUCENTE, pmacct.net - paolo@pmacct.net ANRW’23 - San Francisco 24/07/2023
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Agenda ● Anomalies in BGP/MPLS and BGP/SRv6 VPN Networks ● Daisy Architecture ● IETF gaps ● Ongoing works 2
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Anomalies in a BGP/MPLS and BGP/SRv6 VPN Networks ● An anomaly is an event occuring in the network that makes the customer unhappy ○ Provider inflicted (incident) ○ Provider self-inflicted (upgrade) ○ (Customer inflicted) ? ? ? 3
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 4 Internet outages on the News
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Reasons to be good at detecting issues ● Issues happen to all networks ○ It’s how you deal with them that matter ● Service interruptions ○ make you look bad ○ cost you money ● Incident, Detection, Analysis, Fix 5
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Project ● Project funded by Swisscom ● Research and Open Source Development ○ Network information collection ■ Research ■ Standardisation ■ Implementation ○ Network measurements ■ Research ■ Standardisation ■ Implementation ○ Scalable Anomaly Detection Solution ■ Research ■ Implementation 6
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Requirement 1 It needs to work ! 7
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components ● Customer profiling ● Standard Data collection ● Correlation ● Anomaly detection ● Incident reporting 8
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components: Customer profiling (1) ● Customers differ in behavior ○ Flat vs Day/Night cycles ○ Customers with regular drops ● Profiles of similar behavior ○ Obtained with clustering ● Anomaly detection recipes based on profile 9
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 ● Dimensions ○ Data-plane (IPFIX: RFC7011) ■ Traffic counters (5-tuple) ■ Packet drops ○ Control-plane (BMP: RFC7864) ■ BGP Update events ■ BGP Withdraw events ■ BGP Peer Down events ○ Management-plane (YANG Push: RFC8639, RFC8641) ■ Interface state changes ■ Interface counters Architecture Components: Standard Data collection (2) 10
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components: Data correlation (3) ● Mapping Traffic counters to customer sites ○ IPFIX / BMP correlation ● Mapping interfaces to customers ○ IPFIX / YANG Push / BMP correlation 11
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components: Anomaly detection (4) ● For a Customer Profile, ○ we apply a set of independent strategies ○ NOC is alerted if one strategy detects an issue for the customer ● A strategy is one way to capture service health ○ e.g. “Did I just see a traffic collapse and BGP withdraws?” ○ Organized as a set of pipelines ● A pipeline is a sequence of conditionally executed checks ○ e.g. “Unusual customer traffic volume?” → “Check each customer site traffic levels” ● Checks are one dimensional observations ○ e.g. “Deviation from expected TCP traffic volume” ○ Define your own 12
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 ● When an alert is raised for a customer ○ Submit a ticket to the Network Operations Center (NOC) ○ Give the NOC details about the executed rules ■ Raw data ■ Details on the checks ● Permanent storage for replayability ○ What if scenarios ○ Experimenting with new strategies (bring your own) Architecture Components: Incident reporting (5) 13
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 IETF gap filling ● YANG push: Streaming large amounts of data from the router without stressing the router ○ draft-ietf-netconf-udp-notif-10 ● New core network technology: SRv6 ○ draft-ietf-opsawg-ipfix-srv6-srh-14 ● New metrics: on-path delay ○ draft-ietf-opsawg-ipfix-on-path-telemetry-04 14
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Other IETF Contributions ● YANG push: ○ draft-ahuang-netconf-notif-yang ○ draft-tgraf-netconf-notif-sequencing ○ draft-tgraf-yang-push-observation-time ○ draft-tgraf-netconf-yang-notifications-versioning ● On-path delay in iOAM DEX: ○ draft-ahuang-ippm-ioam-on-path-delay ○ draft-ahuang-ippm-dex-timestamp-ext 15
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Ongoing works ● Analysis of real scenarios of onboarded customers in production (Swisscom) ○ 6 outages have been detected from real production data ■ 3 in real time ■ 3 in replay mode ● Exploration of new dimensions ○ anticipating vendor support ● The specific case of Internet Services ● Progressing with Standardization 16
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Questions? Alex HUANG FENG, INSA Lyon - alex.huang-feng@insa-lyon.fr Pierre FRANCOIS, INSA Lyon - pierre.francois@insa-lyon.fr Stéphane FRENOT, INSA Lyon - stephane.frenot@insa-lyon.fr Thomas GRAF, Swisscom - thomas.graf@swisscom.com Wanting DU, Swisscom - wanting.du@swisscom.com Paolo LUCENTE, pmacct.net - paolo@pmacct.net 17

Recommended

Model-driven Network Management
Model-driven Network ManagementModel-driven Network Management
Model-driven Network Management
Anees Shaikh
 
Profinet design basics - Andy Williams
Profinet design basics - Andy WilliamsProfinet design basics - Andy Williams
Profinet design basics - Andy Williams
PROFIBUS and PROFINET InternationaI - PI UK
 
Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams
PROFIBUS and PROFINET InternationaI - PI UK
 
Colt SDN Strategy - Telesemana December 2013
Colt SDN Strategy - Telesemana December 2013Colt SDN Strategy - Telesemana December 2013
Colt SDN Strategy - Telesemana December 2013
Javier Benitez
 
Colt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-final
Colt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-finalColt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-final
Colt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-final
Rafael Junquera
 
5. profinet network design andy gilbert
5. profinet network design andy gilbert5. profinet network design andy gilbert
5. profinet network design andy gilbert
PROFIBUS and PROFINET InternationaI - PI UK
 
CE1009_Implementation of Civil IoT Architecture.pdf
CE1009_Implementation of Civil IoT Architecture.pdfCE1009_Implementation of Civil IoT Architecture.pdf
CE1009_Implementation of Civil IoT Architecture.pdf
Chenkai Sun
 
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdfSwisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
ThomasGraf40
 

Recommended

Model-driven Network Management
Model-driven Network ManagementModel-driven Network Management
Model-driven Network Management
Anees Shaikh
 
Profinet design basics - Andy Williams
Profinet design basics - Andy WilliamsProfinet design basics - Andy Williams
Profinet design basics - Andy Williams
PROFIBUS and PROFINET InternationaI - PI UK
 
Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams
PROFIBUS and PROFINET InternationaI - PI UK
 
Colt SDN Strategy - Telesemana December 2013
Colt SDN Strategy - Telesemana December 2013Colt SDN Strategy - Telesemana December 2013
Colt SDN Strategy - Telesemana December 2013
Javier Benitez
 
Colt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-final
Colt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-finalColt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-final
Colt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-final
Rafael Junquera
 
5. profinet network design andy gilbert
5. profinet network design andy gilbert5. profinet network design andy gilbert
5. profinet network design andy gilbert
PROFIBUS and PROFINET InternationaI - PI UK
 
CE1009_Implementation of Civil IoT Architecture.pdf
CE1009_Implementation of Civil IoT Architecture.pdfCE1009_Implementation of Civil IoT Architecture.pdf
CE1009_Implementation of Civil IoT Architecture.pdf
Chenkai Sun
 
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdfSwisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
ThomasGraf40
 
C12 Profinet diagnostics during the entire life cycle of production lines a...
C12 Profinet diagnostics during the entire life cycle of production lines a...C12 Profinet diagnostics during the entire life cycle of production lines a...
C12 Profinet diagnostics during the entire life cycle of production lines a...
PROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design BasicsPI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PROFIBUS and PROFINET InternationaI - PI UK
 
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptxdraft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
ThomasGraf40
 
7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
Mobile IoT Network :Current Status and Future Evolution
Mobile IoT Network :Current Status and Future EvolutionMobile IoT Network :Current Status and Future Evolution
Mobile IoT Network :Current Status and Future Evolution
Sivasothy Shanmugalingam
 
Multipath TCP Upstreaming
Multipath TCP UpstreamingMultipath TCP Upstreaming
Multipath TCP Upstreaming
Graham G. Turnbull
 
SDN in the Management Plane: OpenConfig and Streaming Telemetry
SDN in the Management Plane: OpenConfig and Streaming TelemetrySDN in the Management Plane: OpenConfig and Streaming Telemetry
SDN in the Management Plane: OpenConfig and Streaming Telemetry
Anees Shaikh
 
Global SDN-IP Deployment at NCTU, Taiwan
Global SDN-IP Deployment at NCTU, TaiwanGlobal SDN-IP Deployment at NCTU, Taiwan
Global SDN-IP Deployment at NCTU, Taiwan
Fei Ji Siao
 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET Journal
 
RouterOS Migration From v6 to v7
RouterOS Migration From v6 to v7RouterOS Migration From v6 to v7
RouterOS Migration From v6 to v7
GLC Networks
 
Colt's SDN/NFV Vision
Colt's SDN/NFV VisionColt's SDN/NFV Vision
Colt's SDN/NFV Vision
FIBRE Testbed
 
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 BarcelonaColt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Javier Benitez
 
MTCNA Intro to routerOS
MTCNA Intro to routerOSMTCNA Intro to routerOS
MTCNA Intro to routerOS
GLC Networks
 
Final project report
Final project reportFinal project report
Final project report
RaziaSultanaHimu
 
Swisscom Network Analytics
Swisscom Network AnalyticsSwisscom Network Analytics
Swisscom Network Analytics
confluent
 
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
GLC Networks
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7
GLC Networks
 
MTCNA : Intro to RouterOS - Part 1
MTCNA : Intro to RouterOS - Part 1MTCNA : Intro to RouterOS - Part 1
MTCNA : Intro to RouterOS - Part 1
GLC Networks
 
Polling is for Wimps?
Polling is for Wimps?Polling is for Wimps?
Polling is for Wimps?
Paul Tanner
 
Internet Protocol Deep-Dive
Internet Protocol Deep-DiveInternet Protocol Deep-Dive
Internet Protocol Deep-Dive
GLC Networks
 
BMP Peer Up Message Namespace
BMP Peer Up Message NamespaceBMP Peer Up Message Namespace
BMP Peer Up Message Namespace
ThomasGraf42
 
Semantic Metadata Annotation for Network Anomaly Detection
Semantic Metadata Annotation for Network Anomaly DetectionSemantic Metadata Annotation for Network Anomaly Detection
Semantic Metadata Annotation for Network Anomaly Detection
ThomasGraf42
 

More Related Content

Similar to slides-117-anrw-sessb-daisy-practical-anomaly-detection-in-large-bgpmpls-and-bgpsrv6-vpn-networks-00.pdf

C12 Profinet diagnostics during the entire life cycle of production lines a...
C12 Profinet diagnostics during the entire life cycle of production lines a...C12 Profinet diagnostics during the entire life cycle of production lines a...
C12 Profinet diagnostics during the entire life cycle of production lines a...
PROFIBUS and PROFINET InternationaI - PI UK
 
SDN in the Management Plane: OpenConfig and Streaming Telemetry
SDN in the Management Plane: OpenConfig and Streaming TelemetrySDN in the Management Plane: OpenConfig and Streaming Telemetry
SDN in the Management Plane: OpenConfig and Streaming Telemetry
Anees Shaikh
 

Similar to slides-117-anrw-sessb-daisy-practical-anomaly-detection-in-large-bgpmpls-and-bgpsrv6-vpn-networks-00.pdf (20)

C12 Profinet diagnostics during the entire life cycle of production lines a...
C12 Profinet diagnostics during the entire life cycle of production lines a...C12 Profinet diagnostics during the entire life cycle of production lines a...
C12 Profinet diagnostics during the entire life cycle of production lines a...
 
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design BasicsPI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design Basics
 
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptxdraft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
 
7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf
 
Mobile IoT Network :Current Status and Future Evolution
Mobile IoT Network :Current Status and Future EvolutionMobile IoT Network :Current Status and Future Evolution
Mobile IoT Network :Current Status and Future Evolution
 
Multipath TCP Upstreaming
Multipath TCP UpstreamingMultipath TCP Upstreaming
Multipath TCP Upstreaming
 
SDN in the Management Plane: OpenConfig and Streaming Telemetry
SDN in the Management Plane: OpenConfig and Streaming TelemetrySDN in the Management Plane: OpenConfig and Streaming Telemetry
SDN in the Management Plane: OpenConfig and Streaming Telemetry
 
Global SDN-IP Deployment at NCTU, Taiwan
Global SDN-IP Deployment at NCTU, TaiwanGlobal SDN-IP Deployment at NCTU, Taiwan
Global SDN-IP Deployment at NCTU, Taiwan
 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
 
RouterOS Migration From v6 to v7
RouterOS Migration From v6 to v7RouterOS Migration From v6 to v7
RouterOS Migration From v6 to v7
 
Colt's SDN/NFV Vision
Colt's SDN/NFV VisionColt's SDN/NFV Vision
Colt's SDN/NFV Vision
 
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 BarcelonaColt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
 
MTCNA Intro to routerOS
MTCNA Intro to routerOSMTCNA Intro to routerOS
MTCNA Intro to routerOS
 
Final project report
Final project reportFinal project report
Final project report
 
Swisscom Network Analytics
Swisscom Network AnalyticsSwisscom Network Analytics
Swisscom Network Analytics
 
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7
 
MTCNA : Intro to RouterOS - Part 1
MTCNA : Intro to RouterOS - Part 1MTCNA : Intro to RouterOS - Part 1
MTCNA : Intro to RouterOS - Part 1
 
Polling is for Wimps?
Polling is for Wimps?Polling is for Wimps?
Polling is for Wimps?
 
Internet Protocol Deep-Dive
Internet Protocol Deep-DiveInternet Protocol Deep-Dive
Internet Protocol Deep-Dive
 

More from ThomasGraf42

slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...
slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...
slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...
ThomasGraf42
 
slides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdf
slides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdfslides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdf
slides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdf
ThomasGraf42
 
slides-117-grow-bmp-peer-up-message-namespace-00.pdf
slides-117-grow-bmp-peer-up-message-namespace-00.pdfslides-117-grow-bmp-peer-up-message-namespace-00.pdf
slides-117-grow-bmp-peer-up-message-namespace-00.pdf
ThomasGraf42
 

More from ThomasGraf42 (20)

BMP Peer Up Message Namespace
BMP Peer Up Message NamespaceBMP Peer Up Message Namespace
BMP Peer Up Message Namespace
 
Semantic Metadata Annotation for Network Anomaly Detection
Semantic Metadata Annotation for Network Anomaly DetectionSemantic Metadata Annotation for Network Anomaly Detection
Semantic Metadata Annotation for Network Anomaly Detection
 
YANG push Integration into Apache Kafka
YANG push Integration into Apache KafkaYANG push Integration into Apache Kafka
YANG push Integration into Apache Kafka
 
Support of Hostname and Sequencing in YANG Notifications
Support of Hostname and Sequencing in YANG NotificationsSupport of Hostname and Sequencing in YANG Notifications
Support of Hostname and Sequencing in YANG Notifications
 
UDP-based Transport for Configured Subscriptions
UDP-based Transport for Configured SubscriptionsUDP-based Transport for Configured Subscriptions
UDP-based Transport for Configured Subscriptions
 
Subscription to Distributed Notifications
Subscription to Distributed NotificationsSubscription to Distributed Notifications
Subscription to Distributed Notifications
 
YANG Grouping for UDP Clients and UDP Servers
YANG Grouping for UDP Clients and UDP ServersYANG Grouping for UDP Clients and UDP Servers
YANG Grouping for UDP Clients and UDP Servers
 
YANG model for NETCONF Event Notifications
YANG model for NETCONF Event NotificationsYANG model for NETCONF Event Notifications
YANG model for NETCONF Event Notifications
 
slides-117-nmrg-sessb-data-management-paradigms-data-fabric-and-data-mesh-00.pdf
slides-117-nmrg-sessb-data-management-paradigms-data-fabric-and-data-mesh-00.pdfslides-117-nmrg-sessb-data-management-paradigms-data-fabric-and-data-mesh-00.pdf
slides-117-nmrg-sessb-data-management-paradigms-data-fabric-and-data-mesh-00.pdf
 
slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...
slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...
slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...
 
slides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdf
slides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdfslides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdf
slides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdf
 
slides-117-grow-grow-bmp-enhancements-to-frrouting-00.pdf
slides-117-grow-grow-bmp-enhancements-to-frrouting-00.pdfslides-117-grow-grow-bmp-enhancements-to-frrouting-00.pdf
slides-117-grow-grow-bmp-enhancements-to-frrouting-00.pdf
 
slides-117-grow-draft-francios-grow-bmp-loc-peer-00.pdf
slides-117-grow-draft-francios-grow-bmp-loc-peer-00.pdfslides-117-grow-draft-francios-grow-bmp-loc-peer-00.pdf
slides-117-grow-draft-francios-grow-bmp-loc-peer-00.pdf
 
slides-117-grow-bmp-peer-up-message-namespace-00.pdf
slides-117-grow-bmp-peer-up-message-namespace-00.pdfslides-117-grow-bmp-peer-up-message-namespace-00.pdf
slides-117-grow-bmp-peer-up-message-namespace-00.pdf
 
ietf117-netconf-yang-push-data-mesh-integration.pdf
ietf117-netconf-yang-push-data-mesh-integration.pdfietf117-netconf-yang-push-data-mesh-integration.pdf
ietf117-netconf-yang-push-data-mesh-integration.pdf
 
BMP YANG Module
BMP YANG ModuleBMP YANG Module
BMP YANG Module
 
BMP Extension for Path Status TLV
BMP Extension for Path Status TLVBMP Extension for Path Status TLV
BMP Extension for Path Status TLV
 
TLV support for BMP Route Monitoring and Peer Down Messages
TLV support for BMP Route Monitoring and Peer Down MessagesTLV support for BMP Route Monitoring and Peer Down Messages
TLV support for BMP Route Monitoring and Peer Down Messages
 
BMP Loc-RIB: Peer address
BMP Loc-RIB: Peer addressBMP Loc-RIB: Peer address
BMP Loc-RIB: Peer address
 
UDP-based Transport for Configured Subscriptions
UDP-based Transport for Configured SubscriptionsUDP-based Transport for Configured Subscriptions
UDP-based Transport for Configured Subscriptions
 

Recently uploaded

哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
ydyuyu
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Monica Sydney
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
JOHNBEBONYAP1
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
kumargunjan9515
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
Monica Sydney
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
ayvbos
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
pxcywzqs
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Monica Sydney
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Monica Sydney
 

Recently uploaded (20)

Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi EscortsRussian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
Russian Escort Abu Dhabi 0503464457 Abu DHabi Escorts
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
20240507 QFM013 Machine Intelligence Reading List April 2024.pdf
 
Best SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency DallasBest SEO Services Company in Dallas | Best SEO Agency Dallas
Best SEO Services Company in Dallas | Best SEO Agency Dallas
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Call girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girlsCall girls Service in Ajman 0505086370 Ajman call girls
Call girls Service in Ajman 0505086370 Ajman call girls
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
一比一原版(Curtin毕业证书)科廷大学毕业证原件一模一样
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac RoomVip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
Vip Firozabad Phone 8250092165 Escorts Service At 6k To 30k Along With Ac Room
 
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
call girls in Anand Vihar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 

slides-117-anrw-sessb-daisy-practical-anomaly-detection-in-large-bgpmpls-and-bgpsrv6-vpn-networks-00.pdf

  • 1. Daisy: Practical Anomaly Detection in large BGP/MPLS and BGP/SRv6 VPN Networks Alex HUANG FENG, INSA Lyon - alex.huang-feng@insa-lyon.fr Pierre FRANCOIS, INSA Lyon - pierre.francois@insa-lyon.fr Stéphane FRENOT, INSA Lyon - stephane.frenot@insa-lyon.fr Thomas GRAF, Swisscom - thomas.graf@swisscom.com Wanting DU, Swisscom - wanting.du@swisscom.com Paolo LUCENTE, pmacct.net - paolo@pmacct.net ANRW’23 - San Francisco 24/07/2023
  • 2. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Agenda ● Anomalies in BGP/MPLS and BGP/SRv6 VPN Networks ● Daisy Architecture ● IETF gaps ● Ongoing works 2
  • 3. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Anomalies in a BGP/MPLS and BGP/SRv6 VPN Networks ● An anomaly is an event occuring in the network that makes the customer unhappy ○ Provider inflicted (incident) ○ Provider self-inflicted (upgrade) ○ (Customer inflicted) ? ? ? 3
  • 4. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 4 Internet outages on the News
  • 5. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Reasons to be good at detecting issues ● Issues happen to all networks ○ It’s how you deal with them that matter ● Service interruptions ○ make you look bad ○ cost you money ● Incident, Detection, Analysis, Fix 5
  • 6. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Project ● Project funded by Swisscom ● Research and Open Source Development ○ Network information collection ■ Research ■ Standardisation ■ Implementation ○ Network measurements ■ Research ■ Standardisation ■ Implementation ○ Scalable Anomaly Detection Solution ■ Research ■ Implementation 6
  • 7. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Requirement 1 It needs to work ! 7
  • 8. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components ● Customer profiling ● Standard Data collection ● Correlation ● Anomaly detection ● Incident reporting 8
  • 9. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components: Customer profiling (1) ● Customers differ in behavior ○ Flat vs Day/Night cycles ○ Customers with regular drops ● Profiles of similar behavior ○ Obtained with clustering ● Anomaly detection recipes based on profile 9
  • 10. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 ● Dimensions ○ Data-plane (IPFIX: RFC7011) ■ Traffic counters (5-tuple) ■ Packet drops ○ Control-plane (BMP: RFC7864) ■ BGP Update events ■ BGP Withdraw events ■ BGP Peer Down events ○ Management-plane (YANG Push: RFC8639, RFC8641) ■ Interface state changes ■ Interface counters Architecture Components: Standard Data collection (2) 10
  • 11. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components: Data correlation (3) ● Mapping Traffic counters to customer sites ○ IPFIX / BMP correlation ● Mapping interfaces to customers ○ IPFIX / YANG Push / BMP correlation 11
  • 12. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components: Anomaly detection (4) ● For a Customer Profile, ○ we apply a set of independent strategies ○ NOC is alerted if one strategy detects an issue for the customer ● A strategy is one way to capture service health ○ e.g. “Did I just see a traffic collapse and BGP withdraws?” ○ Organized as a set of pipelines ● A pipeline is a sequence of conditionally executed checks ○ e.g. “Unusual customer traffic volume?” → “Check each customer site traffic levels” ● Checks are one dimensional observations ○ e.g. “Deviation from expected TCP traffic volume” ○ Define your own 12
  • 13. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 ● When an alert is raised for a customer ○ Submit a ticket to the Network Operations Center (NOC) ○ Give the NOC details about the executed rules ■ Raw data ■ Details on the checks ● Permanent storage for replayability ○ What if scenarios ○ Experimenting with new strategies (bring your own) Architecture Components: Incident reporting (5) 13
  • 14. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 IETF gap filling ● YANG push: Streaming large amounts of data from the router without stressing the router ○ draft-ietf-netconf-udp-notif-10 ● New core network technology: SRv6 ○ draft-ietf-opsawg-ipfix-srv6-srh-14 ● New metrics: on-path delay ○ draft-ietf-opsawg-ipfix-on-path-telemetry-04 14
  • 15. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Other IETF Contributions ● YANG push: ○ draft-ahuang-netconf-notif-yang ○ draft-tgraf-netconf-notif-sequencing ○ draft-tgraf-yang-push-observation-time ○ draft-tgraf-netconf-yang-notifications-versioning ● On-path delay in iOAM DEX: ○ draft-ahuang-ippm-ioam-on-path-delay ○ draft-ahuang-ippm-dex-timestamp-ext 15
  • 16. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Ongoing works ● Analysis of real scenarios of onboarded customers in production (Swisscom) ○ 6 outages have been detected from real production data ■ 3 in real time ■ 3 in replay mode ● Exploration of new dimensions ○ anticipating vendor support ● The specific case of Internet Services ● Progressing with Standardization 16
  • 17. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Questions? Alex HUANG FENG, INSA Lyon - alex.huang-feng@insa-lyon.fr Pierre FRANCOIS, INSA Lyon - pierre.francois@insa-lyon.fr Stéphane FRENOT, INSA Lyon - stephane.frenot@insa-lyon.fr Thomas GRAF, Swisscom - thomas.graf@swisscom.com Wanting DU, Swisscom - wanting.du@swisscom.com Paolo LUCENTE, pmacct.net - paolo@pmacct.net 17