日本語版はこちら
Abstract
To detect failures and operational errors that occur in IP networks automatically and quickly. Accurate anomaly detection is the most important thing to do
reduce the spread of impact on the network in advance when a problem occurs.
On the other hand, routers have a large amount of routing information and are limited in the means to obtain detailed information in a short time due to the fact that they mainly use vendor products.In recent years, the extended Berkley Packet Filter (eBPF) has been attracting attention as a means of obtaining detailed information from the Linux kernel in the fields of servers and virtualization.
Moreover, Linux-based oftware routers products such as SONiC are now being used in IP networks,
We will examine whether eBPF data can be used in routers to solve the above issues.In this LT, we propose an architecture to obtain eBPF on SONiC, and report on the implementation and evaluation of a prototype.
TCP metrics are acquired as eBPF data to monitor routing information variations and BGP protocol behavior.
To evaluate the accuracy of fault detection in the prototype, experiments were conducted using AI/ML to evaluate the detection accuracy of BGP neighbor downs caused by operations including human error and packet loss.
The application of eBPF data to anomaly detection will improve the quality of monitoring and automation in network operations, and we hope to share the contents and results with you.
Place
1F Conference Room 101
Date
Day1 Wednesday, July 5th, 2023/17:30~18:00(of which 05Minutes)
Presenter
Minato Sakuraba(KDDI Research, Inc.)