Abstract: Continuous monitoring is an essential part of the operation of computer networks. High-fidelity monitoring data can be used to detect security issues, misconfigurations, equipment failure, or to perform traffic engineering. With networks growing in complexity, traffic volume, and facing more complex attacks, the need for continuous and precise monitoring is greater than ever before. Existing SNMP or NetFlow based approaches are not suited for these new challenges as they compromise on flexibility, fidelity, and performance. These compromises are a result of the assumption that analytics software cannot scale to high traffic rates. In this work, we look holistically at the requirements and challenges in network monitoring and present an architecture consisting of integrated telemetry, analytics, and record persistence components. By finding the right balance between responsibilities of hardware and software, we demonstrate that flexible and high-fidelity network analytics at high rates is indeed possible. Our system includes a packet-level, analytics-aware telemetry component in the data plane that runs at line-rates of several Terabits per second and tightly integrates with a flexible software network analytics platform. Operators can interact with this system through a time series database interface that also provides record persistence. We implement a full prototype of our system called Jetstream which can process approximately 80 million packets per 16-core commodity server for a wide variety of monitoring applications and scales linearly with server count.
Bio: Oliver Michel is a Ph.D. candidate in Computer Science at the University of Colorado at Boulder advised by Professor Eric Keller. He received an undergraduate degree in Computer Science from the University of Vienna in 2013 and a Master's degree from the University of Colorado Boulder in 2015. Oliver spent one year at the University of Illinois at Urbana-Champaign working with Professor Brighten Godfrey. His research focuses on high-performance, packet-level network monitoring leveraging software-defined networking, programmable switches, streaming analytics, and other related technologies.