SlideShare a Scribd company logo

slides-117-anrw-sessb-daisy-practical-anomaly-detection-in-large-bgpmpls-and-bgpsrv6-vpn-networks-00.pdf

T
ThomasGraf42

This document discusses Daisy, a project to develop an open-source anomaly detection solution for large BGP/MPLS and BGP/SRv6 VPN networks. The Daisy architecture profiles customer networks, collects standard network data using protocols like IPFIX and BMP, correlates the data, detects anomalies using multiple strategies, and reports incidents to a Network Operations Center. It aims to fill gaps in IETF standards and has detected real outages in testing on service provider networks. Ongoing work includes analyzing more customer scenarios, exploring new data dimensions, and progressing standardization.

1 of 17
Download to read offline
Daisy: Practical Anomaly Detection in large BGP/MPLS and BGP/SRv6 VPN Networks Alex HUANG FENG, INSA Lyon - alex.huang-feng@insa-lyon.fr Pierre FRANCOIS, INSA Lyon - pierre.francois@insa-lyon.fr Stéphane FRENOT, INSA Lyon - stephane.frenot@insa-lyon.fr Thomas GRAF, Swisscom - thomas.graf@swisscom.com Wanting DU, Swisscom - wanting.du@swisscom.com Paolo LUCENTE, pmacct.net - paolo@pmacct.net ANRW’23 - San Francisco 24/07/2023
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Agenda ● Anomalies in BGP/MPLS and BGP/SRv6 VPN Networks ● Daisy Architecture ● IETF gaps ● Ongoing works 2
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Anomalies in a BGP/MPLS and BGP/SRv6 VPN Networks ● An anomaly is an event occuring in the network that makes the customer unhappy ○ Provider inflicted (incident) ○ Provider self-inflicted (upgrade) ○ (Customer inflicted) ? ? ? 3
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 4 Internet outages on the News
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Reasons to be good at detecting issues ● Issues happen to all networks ○ It’s how you deal with them that matter ● Service interruptions ○ make you look bad ○ cost you money ● Incident, Detection, Analysis, Fix 5
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Project ● Project funded by Swisscom ● Research and Open Source Development ○ Network information collection ■ Research ■ Standardisation ■ Implementation ○ Network measurements ■ Research ■ Standardisation ■ Implementation ○ Scalable Anomaly Detection Solution ■ Research ■ Implementation 6
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Requirement 1 It needs to work ! 7
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components ● Customer profiling ● Standard Data collection ● Correlation ● Anomaly detection ● Incident reporting 8
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components: Customer profiling (1) ● Customers differ in behavior ○ Flat vs Day/Night cycles ○ Customers with regular drops ● Profiles of similar behavior ○ Obtained with clustering ● Anomaly detection recipes based on profile 9
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 ● Dimensions ○ Data-plane (IPFIX: RFC7011) ■ Traffic counters (5-tuple) ■ Packet drops ○ Control-plane (BMP: RFC7864) ■ BGP Update events ■ BGP Withdraw events ■ BGP Peer Down events ○ Management-plane (YANG Push: RFC8639, RFC8641) ■ Interface state changes ■ Interface counters Architecture Components: Standard Data collection (2) 10
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components: Data correlation (3) ● Mapping Traffic counters to customer sites ○ IPFIX / BMP correlation ● Mapping interfaces to customers ○ IPFIX / YANG Push / BMP correlation 11
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components: Anomaly detection (4) ● For a Customer Profile, ○ we apply a set of independent strategies ○ NOC is alerted if one strategy detects an issue for the customer ● A strategy is one way to capture service health ○ e.g. “Did I just see a traffic collapse and BGP withdraws?” ○ Organized as a set of pipelines ● A pipeline is a sequence of conditionally executed checks ○ e.g. “Unusual customer traffic volume?” → “Check each customer site traffic levels” ● Checks are one dimensional observations ○ e.g. “Deviation from expected TCP traffic volume” ○ Define your own 12
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 ● When an alert is raised for a customer ○ Submit a ticket to the Network Operations Center (NOC) ○ Give the NOC details about the executed rules ■ Raw data ■ Details on the checks ● Permanent storage for replayability ○ What if scenarios ○ Experimenting with new strategies (bring your own) Architecture Components: Incident reporting (5) 13
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 IETF gap filling ● YANG push: Streaming large amounts of data from the router without stressing the router ○ draft-ietf-netconf-udp-notif-10 ● New core network technology: SRv6 ○ draft-ietf-opsawg-ipfix-srv6-srh-14 ● New metrics: on-path delay ○ draft-ietf-opsawg-ipfix-on-path-telemetry-04 14
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Other IETF Contributions ● YANG push: ○ draft-ahuang-netconf-notif-yang ○ draft-tgraf-netconf-notif-sequencing ○ draft-tgraf-yang-push-observation-time ○ draft-tgraf-netconf-yang-notifications-versioning ● On-path delay in iOAM DEX: ○ draft-ahuang-ippm-ioam-on-path-delay ○ draft-ahuang-ippm-dex-timestamp-ext 15
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Ongoing works ● Analysis of real scenarios of onboarded customers in production (Swisscom) ○ 6 outages have been detected from real production data ■ 3 in real time ■ 3 in replay mode ● Exploration of new dimensions ○ anticipating vendor support ● The specific case of Internet Services ● Progressing with Standardization 16
Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Questions? Alex HUANG FENG, INSA Lyon - alex.huang-feng@insa-lyon.fr Pierre FRANCOIS, INSA Lyon - pierre.francois@insa-lyon.fr Stéphane FRENOT, INSA Lyon - stephane.frenot@insa-lyon.fr Thomas GRAF, Swisscom - thomas.graf@swisscom.com Wanting DU, Swisscom - wanting.du@swisscom.com Paolo LUCENTE, pmacct.net - paolo@pmacct.net 17

Recommended

Model-driven Network Management
Model-driven Network ManagementModel-driven Network Management
Model-driven Network Management
Anees Shaikh
 
Profinet design basics - Andy Williams
Profinet design basics - Andy WilliamsProfinet design basics - Andy Williams
Profinet design basics - Andy Williams
PROFIBUS and PROFINET InternationaI - PI UK
 
Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams
PROFIBUS and PROFINET InternationaI - PI UK
 
Colt SDN Strategy - Telesemana December 2013
Colt SDN Strategy - Telesemana December 2013Colt SDN Strategy - Telesemana December 2013
Colt SDN Strategy - Telesemana December 2013
Javier Benitez
 
Colt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-final
Colt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-finalColt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-final
Colt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-final
Rafael Junquera
 
5. profinet network design andy gilbert
5. profinet network design andy gilbert5. profinet network design andy gilbert
5. profinet network design andy gilbert
PROFIBUS and PROFINET InternationaI - PI UK
 
CE1009_Implementation of Civil IoT Architecture.pdf
CE1009_Implementation of Civil IoT Architecture.pdfCE1009_Implementation of Civil IoT Architecture.pdf
CE1009_Implementation of Civil IoT Architecture.pdf
Chenkai Sun
 
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdfSwisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
ThomasGraf40
 

Recommended

Model-driven Network Management
Model-driven Network ManagementModel-driven Network Management
Model-driven Network Management
Anees Shaikh
 
Profinet design basics - Andy Williams
Profinet design basics - Andy WilliamsProfinet design basics - Andy Williams
Profinet design basics - Andy Williams
PROFIBUS and PROFINET InternationaI - PI UK
 
Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams Profinet network design at e+h june 2018 andy williams
Profinet network design at e+h june 2018 andy williams
PROFIBUS and PROFINET InternationaI - PI UK
 
Colt SDN Strategy - Telesemana December 2013
Colt SDN Strategy - Telesemana December 2013Colt SDN Strategy - Telesemana December 2013
Colt SDN Strategy - Telesemana December 2013
Javier Benitez
 
Colt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-final
Colt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-finalColt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-final
Colt sdn-strategy-telesemana-diciembre-2013-javier-benitez-colt-final
Rafael Junquera
 
5. profinet network design andy gilbert
5. profinet network design andy gilbert5. profinet network design andy gilbert
5. profinet network design andy gilbert
PROFIBUS and PROFINET InternationaI - PI UK
 
CE1009_Implementation of Civil IoT Architecture.pdf
CE1009_Implementation of Civil IoT Architecture.pdfCE1009_Implementation of Civil IoT Architecture.pdf
CE1009_Implementation of Civil IoT Architecture.pdf
Chenkai Sun
 
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdfSwisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
Swisscom Network Analytics Data Mesh Architecture - ETH Viscon - 10-2022.pdf
ThomasGraf40
 
C12 Profinet diagnostics during the entire life cycle of production lines a...
C12 Profinet diagnostics during the entire life cycle of production lines a...C12 Profinet diagnostics during the entire life cycle of production lines a...
C12 Profinet diagnostics during the entire life cycle of production lines a...
PROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design BasicsPI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PROFIBUS and PROFINET InternationaI - PI UK
 
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptxdraft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
ThomasGraf40
 
7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
Mobile IoT Network :Current Status and Future Evolution
Mobile IoT Network :Current Status and Future EvolutionMobile IoT Network :Current Status and Future Evolution
Mobile IoT Network :Current Status and Future Evolution
Sivasothy Shanmugalingam
 
Multipath TCP Upstreaming
Multipath TCP UpstreamingMultipath TCP Upstreaming
Multipath TCP Upstreaming
Graham G. Turnbull
 
SDN in the Management Plane: OpenConfig and Streaming Telemetry
SDN in the Management Plane: OpenConfig and Streaming TelemetrySDN in the Management Plane: OpenConfig and Streaming Telemetry
SDN in the Management Plane: OpenConfig and Streaming Telemetry
Anees Shaikh
 
Global SDN-IP Deployment at NCTU, Taiwan
Global SDN-IP Deployment at NCTU, TaiwanGlobal SDN-IP Deployment at NCTU, Taiwan
Global SDN-IP Deployment at NCTU, Taiwan
Fei Ji Siao
 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET Journal
 
RouterOS Migration From v6 to v7
RouterOS Migration From v6 to v7RouterOS Migration From v6 to v7
RouterOS Migration From v6 to v7
GLC Networks
 
Colt's SDN/NFV Vision
Colt's SDN/NFV VisionColt's SDN/NFV Vision
Colt's SDN/NFV Vision
FIBRE Testbed
 
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 BarcelonaColt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Javier Benitez
 
MTCNA Intro to routerOS
MTCNA Intro to routerOSMTCNA Intro to routerOS
MTCNA Intro to routerOS
GLC Networks
 
Final project report
Final project reportFinal project report
Final project report
RaziaSultanaHimu
 
Swisscom Network Analytics
Swisscom Network AnalyticsSwisscom Network Analytics
Swisscom Network Analytics
confluent
 
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
GLC Networks
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7
GLC Networks
 
MTCNA : Intro to RouterOS - Part 1
MTCNA : Intro to RouterOS - Part 1MTCNA : Intro to RouterOS - Part 1
MTCNA : Intro to RouterOS - Part 1
GLC Networks
 
Polling is for Wimps?
Polling is for Wimps?Polling is for Wimps?
Polling is for Wimps?
Paul Tanner
 
Internet Protocol Deep-Dive
Internet Protocol Deep-DiveInternet Protocol Deep-Dive
Internet Protocol Deep-Dive
GLC Networks
 
BMP Peer Up Message Namespace
BMP Peer Up Message NamespaceBMP Peer Up Message Namespace
BMP Peer Up Message Namespace
ThomasGraf42
 
Semantic Metadata Annotation for Network Anomaly Detection
Semantic Metadata Annotation for Network Anomaly DetectionSemantic Metadata Annotation for Network Anomaly Detection
Semantic Metadata Annotation for Network Anomaly Detection
ThomasGraf42
 

More Related Content

Similar to slides-117-anrw-sessb-daisy-practical-anomaly-detection-in-large-bgpmpls-and-bgpsrv6-vpn-networks-00.pdf

C12 Profinet diagnostics during the entire life cycle of production lines a...
C12 Profinet diagnostics during the entire life cycle of production lines a...C12 Profinet diagnostics during the entire life cycle of production lines a...
C12 Profinet diagnostics during the entire life cycle of production lines a...
PROFIBUS and PROFINET InternationaI - PI UK
 
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design BasicsPI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PROFIBUS and PROFINET InternationaI - PI UK
 
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptxdraft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
ThomasGraf40
 
7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf
PROFIBUS and PROFINET InternationaI - PI UK
 
Mobile IoT Network :Current Status and Future Evolution
Mobile IoT Network :Current Status and Future EvolutionMobile IoT Network :Current Status and Future Evolution
Mobile IoT Network :Current Status and Future Evolution
Sivasothy Shanmugalingam
 
Multipath TCP Upstreaming
Multipath TCP UpstreamingMultipath TCP Upstreaming
Multipath TCP Upstreaming
Graham G. Turnbull
 
SDN in the Management Plane: OpenConfig and Streaming Telemetry
SDN in the Management Plane: OpenConfig and Streaming TelemetrySDN in the Management Plane: OpenConfig and Streaming Telemetry
SDN in the Management Plane: OpenConfig and Streaming Telemetry
Anees Shaikh
 
Global SDN-IP Deployment at NCTU, Taiwan
Global SDN-IP Deployment at NCTU, TaiwanGlobal SDN-IP Deployment at NCTU, Taiwan
Global SDN-IP Deployment at NCTU, Taiwan
Fei Ji Siao
 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET Journal
 
RouterOS Migration From v6 to v7
RouterOS Migration From v6 to v7RouterOS Migration From v6 to v7
RouterOS Migration From v6 to v7
GLC Networks
 
Colt's SDN/NFV Vision
Colt's SDN/NFV VisionColt's SDN/NFV Vision
Colt's SDN/NFV Vision
FIBRE Testbed
 
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 BarcelonaColt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Javier Benitez
 
MTCNA Intro to routerOS
MTCNA Intro to routerOSMTCNA Intro to routerOS
MTCNA Intro to routerOS
GLC Networks
 
Final project report
Final project reportFinal project report
Final project report
RaziaSultanaHimu
 
Swisscom Network Analytics
Swisscom Network AnalyticsSwisscom Network Analytics
Swisscom Network Analytics
confluent
 
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
GLC Networks
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7
GLC Networks
 
MTCNA : Intro to RouterOS - Part 1
MTCNA : Intro to RouterOS - Part 1MTCNA : Intro to RouterOS - Part 1
MTCNA : Intro to RouterOS - Part 1
GLC Networks
 
Polling is for Wimps?
Polling is for Wimps?Polling is for Wimps?
Polling is for Wimps?
Paul Tanner
 
Internet Protocol Deep-Dive
Internet Protocol Deep-DiveInternet Protocol Deep-Dive
Internet Protocol Deep-Dive
GLC Networks
 

Similar to slides-117-anrw-sessb-daisy-practical-anomaly-detection-in-large-bgpmpls-and-bgpsrv6-vpn-networks-00.pdf (20)

C12 Profinet diagnostics during the entire life cycle of production lines a...
C12 Profinet diagnostics during the entire life cycle of production lines a...C12 Profinet diagnostics during the entire life cycle of production lines a...
C12 Profinet diagnostics during the entire life cycle of production lines a...
 
PI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design BasicsPI UK Seminar (Nov 2021) - PROFINET Design Basics
PI UK Seminar (Nov 2021) - PROFINET Design Basics
 
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptxdraft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
draft-tgraf-opsawg-ipfix-on-path-telemetry-00.pptx
 
7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf7. Ford_Dunton_TSN_CRM.pdf
7. Ford_Dunton_TSN_CRM.pdf
 
Mobile IoT Network :Current Status and Future Evolution
Mobile IoT Network :Current Status and Future EvolutionMobile IoT Network :Current Status and Future Evolution
Mobile IoT Network :Current Status and Future Evolution
 
Multipath TCP Upstreaming
Multipath TCP UpstreamingMultipath TCP Upstreaming
Multipath TCP Upstreaming
 
SDN in the Management Plane: OpenConfig and Streaming Telemetry
SDN in the Management Plane: OpenConfig and Streaming TelemetrySDN in the Management Plane: OpenConfig and Streaming Telemetry
SDN in the Management Plane: OpenConfig and Streaming Telemetry
 
Global SDN-IP Deployment at NCTU, Taiwan
Global SDN-IP Deployment at NCTU, TaiwanGlobal SDN-IP Deployment at NCTU, Taiwan
Global SDN-IP Deployment at NCTU, Taiwan
 
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
IRJET- Assessment of Network Protocol Packet Analysis in IPV4 and IPV6 on Loc...
 
RouterOS Migration From v6 to v7
RouterOS Migration From v6 to v7RouterOS Migration From v6 to v7
RouterOS Migration From v6 to v7
 
Colt's SDN/NFV Vision
Colt's SDN/NFV VisionColt's SDN/NFV Vision
Colt's SDN/NFV Vision
 
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 BarcelonaColt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
Colt SDN Strategy - FIBRE Workshop 5 Nov 2013 Barcelona
 
MTCNA Intro to routerOS
MTCNA Intro to routerOSMTCNA Intro to routerOS
MTCNA Intro to routerOS
 
Final project report
Final project reportFinal project report
Final project report
 
Swisscom Network Analytics
Swisscom Network AnalyticsSwisscom Network Analytics
Swisscom Network Analytics
 
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
Networking in Telecommunication (signalling, tcp, ucp, ss7, sctp, sigtran)
 
OSPF On Router OS7
OSPF On Router OS7OSPF On Router OS7
OSPF On Router OS7
 
MTCNA : Intro to RouterOS - Part 1
MTCNA : Intro to RouterOS - Part 1MTCNA : Intro to RouterOS - Part 1
MTCNA : Intro to RouterOS - Part 1
 
Polling is for Wimps?
Polling is for Wimps?Polling is for Wimps?
Polling is for Wimps?
 
Internet Protocol Deep-Dive
Internet Protocol Deep-DiveInternet Protocol Deep-Dive
Internet Protocol Deep-Dive
 

More from ThomasGraf42

BMP Peer Up Message Namespace
BMP Peer Up Message NamespaceBMP Peer Up Message Namespace
BMP Peer Up Message Namespace
ThomasGraf42
 
Semantic Metadata Annotation for Network Anomaly Detection
Semantic Metadata Annotation for Network Anomaly DetectionSemantic Metadata Annotation for Network Anomaly Detection
Semantic Metadata Annotation for Network Anomaly Detection
ThomasGraf42
 
YANG push Integration into Apache Kafka
YANG push Integration into Apache KafkaYANG push Integration into Apache Kafka
YANG push Integration into Apache Kafka
ThomasGraf42
 
Support of Hostname and Sequencing in YANG Notifications
Support of Hostname and Sequencing in YANG NotificationsSupport of Hostname and Sequencing in YANG Notifications
Support of Hostname and Sequencing in YANG Notifications
ThomasGraf42
 
UDP-based Transport for Configured Subscriptions
UDP-based Transport for Configured SubscriptionsUDP-based Transport for Configured Subscriptions
UDP-based Transport for Configured Subscriptions
ThomasGraf42
 
Subscription to Distributed Notifications
Subscription to Distributed NotificationsSubscription to Distributed Notifications
Subscription to Distributed Notifications
ThomasGraf42
 
YANG Grouping for UDP Clients and UDP Servers
YANG Grouping for UDP Clients and UDP ServersYANG Grouping for UDP Clients and UDP Servers
YANG Grouping for UDP Clients and UDP Servers
ThomasGraf42
 
YANG model for NETCONF Event Notifications
YANG model for NETCONF Event NotificationsYANG model for NETCONF Event Notifications
YANG model for NETCONF Event Notifications
ThomasGraf42
 
slides-117-nmrg-sessb-data-management-paradigms-data-fabric-and-data-mesh-00.pdf
slides-117-nmrg-sessb-data-management-paradigms-data-fabric-and-data-mesh-00.pdfslides-117-nmrg-sessb-data-management-paradigms-data-fabric-and-data-mesh-00.pdf
slides-117-nmrg-sessb-data-management-paradigms-data-fabric-and-data-mesh-00.pdf
ThomasGraf42
 
slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...
slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...
slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...
ThomasGraf42
 
slides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdf
slides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdfslides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdf
slides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdf
ThomasGraf42
 
slides-117-grow-grow-bmp-enhancements-to-frrouting-00.pdf
slides-117-grow-grow-bmp-enhancements-to-frrouting-00.pdfslides-117-grow-grow-bmp-enhancements-to-frrouting-00.pdf
slides-117-grow-grow-bmp-enhancements-to-frrouting-00.pdf
ThomasGraf42
 
slides-117-grow-draft-francios-grow-bmp-loc-peer-00.pdf
slides-117-grow-draft-francios-grow-bmp-loc-peer-00.pdfslides-117-grow-draft-francios-grow-bmp-loc-peer-00.pdf
slides-117-grow-draft-francios-grow-bmp-loc-peer-00.pdf
ThomasGraf42
 
slides-117-grow-bmp-peer-up-message-namespace-00.pdf
slides-117-grow-bmp-peer-up-message-namespace-00.pdfslides-117-grow-bmp-peer-up-message-namespace-00.pdf
slides-117-grow-bmp-peer-up-message-namespace-00.pdf
ThomasGraf42
 
ietf117-netconf-yang-push-data-mesh-integration.pdf
ietf117-netconf-yang-push-data-mesh-integration.pdfietf117-netconf-yang-push-data-mesh-integration.pdf
ietf117-netconf-yang-push-data-mesh-integration.pdf
ThomasGraf42
 
BMP YANG Module
BMP YANG ModuleBMP YANG Module
BMP YANG Module
ThomasGraf42
 
BMP Extension for Path Status TLV
BMP Extension for Path Status TLVBMP Extension for Path Status TLV
BMP Extension for Path Status TLV
ThomasGraf42
 
TLV support for BMP Route Monitoring and Peer Down Messages
TLV support for BMP Route Monitoring and Peer Down MessagesTLV support for BMP Route Monitoring and Peer Down Messages
TLV support for BMP Route Monitoring and Peer Down Messages
ThomasGraf42
 
BMP Loc-RIB: Peer address
BMP Loc-RIB: Peer addressBMP Loc-RIB: Peer address
BMP Loc-RIB: Peer address
ThomasGraf42
 
UDP-based Transport for Configured Subscriptions
UDP-based Transport for Configured SubscriptionsUDP-based Transport for Configured Subscriptions
UDP-based Transport for Configured Subscriptions
ThomasGraf42
 

More from ThomasGraf42 (20)

BMP Peer Up Message Namespace
BMP Peer Up Message NamespaceBMP Peer Up Message Namespace
BMP Peer Up Message Namespace
 
Semantic Metadata Annotation for Network Anomaly Detection
Semantic Metadata Annotation for Network Anomaly DetectionSemantic Metadata Annotation for Network Anomaly Detection
Semantic Metadata Annotation for Network Anomaly Detection
 
YANG push Integration into Apache Kafka
YANG push Integration into Apache KafkaYANG push Integration into Apache Kafka
YANG push Integration into Apache Kafka
 
Support of Hostname and Sequencing in YANG Notifications
Support of Hostname and Sequencing in YANG NotificationsSupport of Hostname and Sequencing in YANG Notifications
Support of Hostname and Sequencing in YANG Notifications
 
UDP-based Transport for Configured Subscriptions
UDP-based Transport for Configured SubscriptionsUDP-based Transport for Configured Subscriptions
UDP-based Transport for Configured Subscriptions
 
Subscription to Distributed Notifications
Subscription to Distributed NotificationsSubscription to Distributed Notifications
Subscription to Distributed Notifications
 
YANG Grouping for UDP Clients and UDP Servers
YANG Grouping for UDP Clients and UDP ServersYANG Grouping for UDP Clients and UDP Servers
YANG Grouping for UDP Clients and UDP Servers
 
YANG model for NETCONF Event Notifications
YANG model for NETCONF Event NotificationsYANG model for NETCONF Event Notifications
YANG model for NETCONF Event Notifications
 
slides-117-nmrg-sessb-data-management-paradigms-data-fabric-and-data-mesh-00.pdf
slides-117-nmrg-sessb-data-management-paradigms-data-fabric-and-data-mesh-00.pdfslides-117-nmrg-sessb-data-management-paradigms-data-fabric-and-data-mesh-00.pdf
slides-117-nmrg-sessb-data-management-paradigms-data-fabric-and-data-mesh-00.pdf
 
slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...
slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...
slides-117-opsawg-modeling-the-digital-map-based-on-rfc8345-sharing-experienc...
 
slides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdf
slides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdfslides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdf
slides-117-opsawg-a-data-manifest-for-contextualized-telemetry-data-00.pdf
 
slides-117-grow-grow-bmp-enhancements-to-frrouting-00.pdf
slides-117-grow-grow-bmp-enhancements-to-frrouting-00.pdfslides-117-grow-grow-bmp-enhancements-to-frrouting-00.pdf
slides-117-grow-grow-bmp-enhancements-to-frrouting-00.pdf
 
slides-117-grow-draft-francios-grow-bmp-loc-peer-00.pdf
slides-117-grow-draft-francios-grow-bmp-loc-peer-00.pdfslides-117-grow-draft-francios-grow-bmp-loc-peer-00.pdf
slides-117-grow-draft-francios-grow-bmp-loc-peer-00.pdf
 
slides-117-grow-bmp-peer-up-message-namespace-00.pdf
slides-117-grow-bmp-peer-up-message-namespace-00.pdfslides-117-grow-bmp-peer-up-message-namespace-00.pdf
slides-117-grow-bmp-peer-up-message-namespace-00.pdf
 
ietf117-netconf-yang-push-data-mesh-integration.pdf
ietf117-netconf-yang-push-data-mesh-integration.pdfietf117-netconf-yang-push-data-mesh-integration.pdf
ietf117-netconf-yang-push-data-mesh-integration.pdf
 
BMP YANG Module
BMP YANG ModuleBMP YANG Module
BMP YANG Module
 
BMP Extension for Path Status TLV
BMP Extension for Path Status TLVBMP Extension for Path Status TLV
BMP Extension for Path Status TLV
 
TLV support for BMP Route Monitoring and Peer Down Messages
TLV support for BMP Route Monitoring and Peer Down MessagesTLV support for BMP Route Monitoring and Peer Down Messages
TLV support for BMP Route Monitoring and Peer Down Messages
 
BMP Loc-RIB: Peer address
BMP Loc-RIB: Peer addressBMP Loc-RIB: Peer address
BMP Loc-RIB: Peer address
 
UDP-based Transport for Configured Subscriptions
UDP-based Transport for Configured SubscriptionsUDP-based Transport for Configured Subscriptions
UDP-based Transport for Configured Subscriptions
 

Recently uploaded

Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
uehowe
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
Paul Walk
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
bseovas
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
xjq03c34
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Florence Consulting
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
davidjhones387
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
saathvikreddy2003
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
Toptal Tech
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
Trending Blogers
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
vmemo1
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
bseovas
 

Recently uploaded (20)

Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
留学挂科(UofM毕业证)明尼苏达大学毕业证成绩单复刻办理
 
Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?Should Repositories Participate in the Fediverse?
Should Repositories Participate in the Fediverse?
 
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
留学学历(UoA毕业证)奥克兰大学毕业证成绩单官方原版办理
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
 
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdfMeet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
Meet up Milano 14 _ Axpo Italia_ Migration from Mule3 (On-prem) to.pdf
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
Discover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to IndiaDiscover the benefits of outsourcing SEO to India
Discover the benefits of outsourcing SEO to India
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
Design Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptxDesign Thinking NETFLIX using all techniques.pptx
Design Thinking NETFLIX using all techniques.pptx
 
Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!Ready to Unlock the Power of Blockchain!
Ready to Unlock the Power of Blockchain!
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 
Explore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories SecretlyExplore-Insanony: Watch Instagram Stories Secretly
Explore-Insanony: Watch Instagram Stories Secretly
 
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
重新申请毕业证书(RMIT毕业证)皇家墨尔本理工大学毕业证成绩单精仿办理
 
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
不能毕业如何获得(USYD毕业证)悉尼大学毕业证成绩单一比一原版制作
 

slides-117-anrw-sessb-daisy-practical-anomaly-detection-in-large-bgpmpls-and-bgpsrv6-vpn-networks-00.pdf

  • 1. Daisy: Practical Anomaly Detection in large BGP/MPLS and BGP/SRv6 VPN Networks Alex HUANG FENG, INSA Lyon - alex.huang-feng@insa-lyon.fr Pierre FRANCOIS, INSA Lyon - pierre.francois@insa-lyon.fr Stéphane FRENOT, INSA Lyon - stephane.frenot@insa-lyon.fr Thomas GRAF, Swisscom - thomas.graf@swisscom.com Wanting DU, Swisscom - wanting.du@swisscom.com Paolo LUCENTE, pmacct.net - paolo@pmacct.net ANRW’23 - San Francisco 24/07/2023
  • 2. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Agenda ● Anomalies in BGP/MPLS and BGP/SRv6 VPN Networks ● Daisy Architecture ● IETF gaps ● Ongoing works 2
  • 3. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Anomalies in a BGP/MPLS and BGP/SRv6 VPN Networks ● An anomaly is an event occuring in the network that makes the customer unhappy ○ Provider inflicted (incident) ○ Provider self-inflicted (upgrade) ○ (Customer inflicted) ? ? ? 3
  • 4. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 4 Internet outages on the News
  • 5. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Reasons to be good at detecting issues ● Issues happen to all networks ○ It’s how you deal with them that matter ● Service interruptions ○ make you look bad ○ cost you money ● Incident, Detection, Analysis, Fix 5
  • 6. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Project ● Project funded by Swisscom ● Research and Open Source Development ○ Network information collection ■ Research ■ Standardisation ■ Implementation ○ Network measurements ■ Research ■ Standardisation ■ Implementation ○ Scalable Anomaly Detection Solution ■ Research ■ Implementation 6
  • 7. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Requirement 1 It needs to work ! 7
  • 8. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components ● Customer profiling ● Standard Data collection ● Correlation ● Anomaly detection ● Incident reporting 8
  • 9. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components: Customer profiling (1) ● Customers differ in behavior ○ Flat vs Day/Night cycles ○ Customers with regular drops ● Profiles of similar behavior ○ Obtained with clustering ● Anomaly detection recipes based on profile 9
  • 10. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 ● Dimensions ○ Data-plane (IPFIX: RFC7011) ■ Traffic counters (5-tuple) ■ Packet drops ○ Control-plane (BMP: RFC7864) ■ BGP Update events ■ BGP Withdraw events ■ BGP Peer Down events ○ Management-plane (YANG Push: RFC8639, RFC8641) ■ Interface state changes ■ Interface counters Architecture Components: Standard Data collection (2) 10
  • 11. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components: Data correlation (3) ● Mapping Traffic counters to customer sites ○ IPFIX / BMP correlation ● Mapping interfaces to customers ○ IPFIX / YANG Push / BMP correlation 11
  • 12. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Architecture Components: Anomaly detection (4) ● For a Customer Profile, ○ we apply a set of independent strategies ○ NOC is alerted if one strategy detects an issue for the customer ● A strategy is one way to capture service health ○ e.g. “Did I just see a traffic collapse and BGP withdraws?” ○ Organized as a set of pipelines ● A pipeline is a sequence of conditionally executed checks ○ e.g. “Unusual customer traffic volume?” → “Check each customer site traffic levels” ● Checks are one dimensional observations ○ e.g. “Deviation from expected TCP traffic volume” ○ Define your own 12
  • 13. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 ● When an alert is raised for a customer ○ Submit a ticket to the Network Operations Center (NOC) ○ Give the NOC details about the executed rules ■ Raw data ■ Details on the checks ● Permanent storage for replayability ○ What if scenarios ○ Experimenting with new strategies (bring your own) Architecture Components: Incident reporting (5) 13
  • 14. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 IETF gap filling ● YANG push: Streaming large amounts of data from the router without stressing the router ○ draft-ietf-netconf-udp-notif-10 ● New core network technology: SRv6 ○ draft-ietf-opsawg-ipfix-srv6-srh-14 ● New metrics: on-path delay ○ draft-ietf-opsawg-ipfix-on-path-telemetry-04 14
  • 15. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Other IETF Contributions ● YANG push: ○ draft-ahuang-netconf-notif-yang ○ draft-tgraf-netconf-notif-sequencing ○ draft-tgraf-yang-push-observation-time ○ draft-tgraf-netconf-yang-notifications-versioning ● On-path delay in iOAM DEX: ○ draft-ahuang-ippm-ioam-on-path-delay ○ draft-ahuang-ippm-dex-timestamp-ext 15
  • 16. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Ongoing works ● Analysis of real scenarios of onboarded customers in production (Swisscom) ○ 6 outages have been detected from real production data ■ 3 in real time ■ 3 in replay mode ● Exploration of new dimensions ○ anticipating vendor support ● The specific case of Internet Services ● Progressing with Standardization 16
  • 17. Alex Huang Feng - alex.huang-feng@insa-lyon.fr ANRW’23 - 24/07/2023 Questions? Alex HUANG FENG, INSA Lyon - alex.huang-feng@insa-lyon.fr Pierre FRANCOIS, INSA Lyon - pierre.francois@insa-lyon.fr Stéphane FRENOT, INSA Lyon - stephane.frenot@insa-lyon.fr Thomas GRAF, Swisscom - thomas.graf@swisscom.com Wanting DU, Swisscom - wanting.du@swisscom.com Paolo LUCENTE, pmacct.net - paolo@pmacct.net 17