Communication Networks and Service Management in the Era of Artificial Intelligence and Machine Learning. Группа авторов
Чтение книги онлайн.

Читать онлайн книгу Communication Networks and Service Management in the Era of Artificial Intelligence and Machine Learning - Группа авторов страница 14

СКАЧАТЬ id="ulink_721c5abf-8828-5f58-a254-97eef46f2ab3">1.2 Data Collection and Monitoring Protocols

      Any decision process must be guided by the ability to obtain data about the status of the system. In a typical network, devices from different vendors, with different functionalities, different capabilities, different administrative domains create heterogeneous scenarios where collecting data calls for standardized instruments and tools. Often this heterogeneity produces custom solutions provided by each vendor, offering advanced and proprietary solutions to interact with the different and custom devices. Here we present an overview of the major standard protocols that allow one to collect data from network devices, leaving custom solutions out of this description.

      1.2.1 SNMP Protocol Family

      Original TCP/IP network management is based on the Simple Network Management Protocol (SNMP) family. SNMP standardizes the collection and organization of information about devices on an IP network. It is based on the manager/agent model with a simple request/response format. Here, the network manager issues a request and the managed agents will send responses in return. SNMP exposes management data in the form of variables organized in a Management Information Base (MIB) which describes the system status and configuration. These variables can then be remotely queried and manipulated, allowing both the collection of information and the changes in configuration – provided the manager has controlling authorization on such variables. SNMPv1 is the original version of the protocol [4]. More recent versions, SNMPv2c and SNMPv3, feature improvements in performance, flexibility, and especially security [5, 6].

      Via this simple approach, an authorized agent can remotely check and change the configuration of devices under its administrative domain, propagating changes, while obtaining an updated picture of the network status. SNMP offers a means thus both to collect information from and to control the network devices, but does not provide any means to define which is the best configuration to deploy.

      1.2.2 Syslog Protocol

      Messages include a facility code and a severity level. The former identifies the type of program that is logging the message (e.g. kernel, user, mail, daemon, etc.). The latter defines the urgency of the message (e.g. emergency, alert, critical, error, warning, debug, etc.). This allows for simple filtering and easy reading of the messages. When operating in a network, syslog uses a client‐server paradigm, where the collector server listens for messages from clients. Born to leverage User Datagram Protocol (UDP), recent versions support TCP and Transmission Level Security (TLS) protocol for reliable and secure communications.

      Syslog suffers from the lack of standard message format, so that each application supports a custom set of messages. It is common that even different software releases of the same application use different formats, thus making the parsing of the messages complicated by automatic solutions.

      1.2.3 IP Flow Information eXport (IPFIX)

      NetFlow and IPFIX protocols are examples of “metadata‐based” techniques which can provide valuable operational insight for network performance, security, and other applications. For instance, in IP networks, metadata records document the flows. In each flow record, the “who” and “whom” are IP addresses and port numbers, and the “how long” is byte and packet counts. Direct data capture and analysis of the underlying data packets themselves can also be used for network performance and security troubleshooting, e.g. exporting the raw packets. This typically involves a level of technical complexity and expense that in most situations does not produce more actionable understanding vs. an effective system for the collection and analysis of metadata comprising network flow records.

      The main critical point of IPFIX is its lack of scalability, for the data collection at the exporter, and the excessive the network load at the collector. This forces often to activate packet sampling options which limits visibility.

      1.2.4 IP Performance Metrics (IPPM)

      Internet Protocol Performance Metrics (IPPM) is an example of a successful standardization effort [9]. It defines metrics for accurately measuring and reporting the quality, performance, and reliability of the network. These include connectivity, one‐way delay and loss, round‐trip delay and loss, delay variation, loss patterns, packet reordering, bulk transport capacity, and link bandwidth capacity measurements. It offers a standard and common ground to define and measure performance so that even measurements performed by different vendors and implementations shall refer to the same monitored metric. In a nutshell, it opens the ability for common performance monitoring.

      Among the standard protocols, the One‐Way Active Measurement Protocol and Two‐Way Active Measurement Protocol (OWAMP [10] and TWAMP [11], respectively) metrics specification allows delay, loss, and reordering measurements. OWAMP can be used bi‐directionally to measure one‐way metrics in both directions between two network elements. However, it does not natively support round‐trip or two‐way measurements. The TWAMP extends the OWAMP capabilities to add two‐way or round‐trip measurement. Two hosts are involved in the measurement. In the case of OWAMP, the sender and the receiver collaborate actively to measure the desired performance index. For instance, to compute the one‐way‐delay, both take a proper timestamp of the measurement packet, at the sending and receiving time, respectively. In the TWAMP, the receiver can act as a simple reflector that just sends back (or to a third party) the probe packet sent by the sender, with no additional computation effort.

      1.2.5 Routing Protocols and Monitoring Platforms

      Routing protocols are among the most successful deployed solutions to manage СКАЧАТЬ