Correlating flow-based network measurements for service monitoring and network troubleshooting

Viac o knihe

The resilience of network services faces challenges from component failures, misconfigured devices, natural disasters, and malicious users. Network operators and service administrators must manage their infrastructure to ensure high availability. This thesis presents novel service monitoring and troubleshooting applications utilizing flow-based network measurements to assist operators. Flow-level measurement data, such as IPFIX or NetFlow, provides statistical summaries of network connections, including bytes and packets exchanged. This data can be collected using standard hardware in backbone networks, enabling Internet Service Providers (ISPs) to monitor large-scale networks with fewer sensors. However, the limited information collected per connection restricts the range of security and management questions that can be addressed. To overcome this limitation, we analyze sets of flows across dimensions like time and user groups, revealing hidden information beneficial for troubleshooting. We demonstrate how flow-based data can assist mail administrators in combating spam by tracking filtering decisions at the ISP level. Additionally, we introduce FACT, a flow-based system for tracking connectivity from networks to remote systems, which efficiently alerts operators to connectivity issues. By correlating flow-level data and processing it online, FACT provides precise information on unreachable address spaces, enabling effective