Download Detailed diagnosis in enterprise networks

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
page
35
Document related concepts

Dynamic Host Configuration Protocol wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Lag wikipedia , lookup

Transcript 
Detailed and understandable
network diagnosis
Ratul Mahajan
With Srikanth Kandula, Bongshin Lee,
Zhicheng Liu (GaTech), Patrick Verkaik (UCSD),
Sharad Agarwal, Jitu Padhye, Victor Bahl
Network diagnosis explains faulty behavior
Starts with problem symptoms and ends at likely culprits
File
server
Configuration
Configuration change
denies permission
ratul | gatech | '09
Photo
viewer
User cannot access
a remote folder
Current landscape of
network diagnosis systems
Big enterprises
Large ISPs
Small enterprises
Network size
?
ratul | gatech | '09
Why study small enterprise networks
separately?
Big enterprises
Large ISPs
Small enterprises
Less sophisticated admins
Less rich connectivity
Many shared components
IIS, SQL,
Exchange, …
ratul | gatech | '09
Our work
1. Uncovers the need for detailed and understandable
diagnosis
2. Develops NetMedic for detailed diagnosis
•
Diagnoses application faults without application knowledge
3. Develops NetClinic for explaining diagnostic analysis
ratul | gatech | '09
Understanding problems in small enterprises
Symptoms, root causes
100+
cases
ratul | gatech | '09
And the survey says …..
Identified cause
Symptom
App-specific
60 %
Failed initialization
13 %
Poor performance
10 %
Hang or crash
10 %
Unreachability
7%
Handle app-specific
as well as generic faults
Non-app config
(e.g., firewall)
30 %
Software/driver bug
21 %
App config
19 %
Overload
4%
Hardware fault
2%
Identify culprits 25 %
at a fine granularity
Unknown
Detailed diagnosis
ratul | gatech | '09
Example problem 1: Server misconfig
Browser
Web
server
Browser
ratul | gatech | '09
Server
config
Example problem 2: Buggy client
SQL
client C1
Requests
SQL
client C2
ratul | gatech | '09
SQL
server
Example problem 3: Client misconfig
config
Outlook
Exchange server
config
ratul | sigcomm | '09
Outlook
Current formulations sacrifice detail (to scale)
Dependency graph based formulations (e.g., Sherlock [SIGCOMM2007])
• Model the network as a dependency graph at a coarse level
• Simple dependency model
ratul | gatech | '09
Example problem 1: Server misconfig
Browser
Web
server
Server
config
Browser
The network model is too
coarse in current formulations
ratul | gatech | '09
Example problem 2: Buggy client
SQL
client C1
Requests
SQL
server
SQL
client C2
The dependency model is too
simple in current formulations
ratul | gatech | '09
Example problem 3: Client misconfig
config
Outlook
Exchange server
config
Outlook
The failure model is too simple
in current formulations
ratul | sigcomm | '09
A formulation for detailed diagnosis
SQL
client
C1
Dependency graph of
fine-grained components
Component state is a
multi-dimensional vector
% CPU time
IO bytes/sec
Connections/sec
404 errors/sec
SQL
svr
Exch.
svr
SQL
client
C2
IIS
config
Process
OS
Config
ratul | gatech | '09
IIS
svr
The goal of diagnosis
Identify likely culprits
for components of
interest
Without using
semantics of state
variables
 No application
knowledge
C1
Svr
C2
Process
OS
Config
ratul | gatech | '09
Using joint historical behavior to estimate impact
How “similar”
on average
states of D are
at those times
s n a sn b
. .
. .
. .
. .
. .
s1a s1b
dn a dn b dn c
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
d1a d1 b d1c
D
S
d0a d 0b d0c
Request rate (low)
Response time (high)
Request rate (high)
Response time (high)
ratul | gatech | '09
s0a s0b s0c s0d
H
C1
Svr
H
C2
sn c sn d
. .
. .
. .
. .
. .
s1c s1d
L
Request rate (high)
Identify time
periods when
state of S was
“similar”
Robust impact estimation
•
•
•
•
•
Ignore state variables that represent redundant info
Place higher weight on state variables likely related
to fault being diagnosed
Ignore state variables irrelevant to interaction with
neighbor
Account for aggregate relationships among state
variables of neighboring components
Account for disparate ranges of state variables
ratul | gatech | '09
Ranking likely culprits
0.8
B
0.8
Path weight
A
0.2
C
0.2
D
C
Global impact
0.8 A
0.8 B
0.8 C
A
A
A
0.8 A
1.8 B
2.6 C
B
A
D
ratul | gatech | '09
0.2 D
A
0.4 D
A
C
B
A
A
Implementation of NetMedic
Monitor
components
Component
states
Diagnose
a. edge impact
b. path impact
Ranked list of
likely culprits
ratul | gatech | '09
Target components
Diagnosis time
Reference time
Evaluation setup
IIS, SQL,
Exchange, …
.
10 actively
.
used desktops
.
#components
#dimensions per
component (avg)
Diverse set of faults observed in the logs
ratul | gatech | '09
~1000
35
NetMedic assigns low ranks to actual culprits
Cumulative % of faults
100
80
NetMedic
Coarse
60
40
20
0
0
20
40
60
Rank of actual culprit
ratul | gatech | '09
80
100
NetMedic handles concurrent faults well
Cumulative % of faults
100
80
60
NetMedic
40
Coarse
20
0
0
20
40
60
Rank of actual culprit
2 simultaneous faults
ratul | gatech | '09
80
100
Other empirical results
Netmedic needs a modest amount (~60 mins) of history
The key to effectiveness is correctly identifying many
low impact edges
It compares favorably with a method that understands
variable semantics
ratul | gatech | '09
Unleashing (systems like) NetMedic on admins
How to present the analysis results?
• Need human verification
(Fundamental?) trade-off between coverage and
accuracy
Rule
Accuracy
based
Inference
based
State
of the
practice
Research
activity
Fault coverage
ratul | gatech | '09
The understandability challenge
Admins should be able to verify the correctness
of the analysis
• Identify culprits themselves if analysis is incorrect
Two sub-problems at the intersection with HCI
• Visualizing complex analysis (NetClinic)
• Intuitiveness of analysis (ongoing work)
ratul | gatech | '09
NetClinic: Visualizing diagnostic analysis
Underlying assumption: Admins can verify analysis if
information is presented appropriately
• They have expert, out-of-band information
Views diagnosis as multi-level analysis
Makes results at all levels accessible on top of a
semantic graph layout
Allows top-down and bottom-up navigation across
levels while retaining context
ratul | gatech | '09
ratul | gatech | '09
ratul | gatech | '09
ratul | gatech | '09
ratul | gatech | '09
NetClinic user study
11 participants with knowledge of computer
networks but not of NetMedic
Given 3 diagnostic tasks each after training
• 88% task completion rate
Uncovered a rich mix of user strategies that the
visualization must support
ratul | gatech | '09
Intuitiveness of analysis
What if you could modify the analysis itself to make it
more accessible to humans?
Understandability
• Counters the tendency to “optimize” for incremental
gains in accuracy
ratul | gatech | '09
Accuracy
Intuitiveness of analysis (2)
Goal: Go from mechanical measures to more
human centric measures
• Example: MoS measure for VoIP
Factors to consider
• What information is used? E.g., Local vs. global
• What operations are used? E.g., Arithmetic vs.
geometric means
ratul | gatech | '09
Conclusions
Accuracy
Accuracy
Thinking small (networks) can provide new perspectives
Coverage
NetMedic enables detailed
diagnosis in enterprise networks
w/o application knowledge
ratul | gatech | '09
NetClinic enables admins to
understand and verify complex
diagnostic analyses
Related documents
Let v denote a column vector of the nilpotent matrix Pi(A)(A − λ iI)ni
Let v denote a column vector of the nilpotent matrix Pi(A)(A − λ iI)ni
CS 445 / 645 Introduction to Computer Graphics
CS 445 / 645 Introduction to Computer Graphics
Slide 1
Slide 1
Undergraduate Curriculum SIGCOMM 2002 Education Workshop Russell J Clark College of Computing
Undergraduate Curriculum SIGCOMM 2002 Education Workshop Russell J Clark College of Computing
ppt version
ppt version
Course: ISyE 6308, Analysis of Production Operations, Spring 1995
Course: ISyE 6308, Analysis of Production Operations, Spring 1995
Lec0-intro - ECE Users Pages - Georgia Institute of Technology
Lec0-intro - ECE Users Pages - Georgia Institute of Technology
CS 4251: Computer Networking II
CS 4251: Computer Networking II
Measurement-based models enable predictable wireless behavior
Measurement-based models enable predictable wireless behavior
Executive MBA - Georgia Tech ISyE
Executive MBA - Georgia Tech ISyE