際際滷

際際滷Share a Scribd company logo

Skydive, real-time network analyzer, container integration

S
Sylvain Afchain

Skydive presentation at the OSIS (Open Source Innovation Spring). Presentation focused on container integration.

1 of 26
Downloaded 53 times
Sylvain AFCHAIN Principal Software Engineer 17/05/2016 Skydive A real-time network analyzer
Skydive, real-time network analyzer, container integration
WHY ?
SDN IS COMPLEX Troubleshooting/monitoring is even more complex
Skydive, real-time network analyzer, container integration
Implementations Management Control plane ¢ OpenFlow ¢ XMPP ¢ BGP ¢ AMQP ¢ Etc... Data plane ¢ VLAN ¢ VXLAN ¢ GRE ¢ MPLS ¢ OVS, Linuxbridge, other
Troubleshooting Where... packets are dropped ? packets are fragmented ? choke point occurs ? What´ packet layers path ? kind of traffic for this virtual network ? number of flows on this link ? number of TCP Sessions ? bandwidth for this tenant ?
Current toolbox ¢ iproute2 ¢ ovs-vsctl, ovs-ofctl, ovs-dpctl... ¢ ethtool ¢ brctl ¢ tcpdump ¢ SDN CLI/API ¢ SSH ¢ ...
What we need ¢ Flow centric ¢ Easy to deploy ¢ SDN Agnostic solution ¢ Non-intrusive / Lightweight ¢ Open, API ¢ Connectors to SDN
What we need ¢ Topology capture a. interfaces, bond, mtu, vlan b. bridges c. Network namespaces d. etc.. ¢ Flow capture a. on-demand traffic capture b. on-demand counter capture c. filtering d. underlay/overlay informations ¢ Topology/flow aggregation a. mapping topology/flow b. analysis
Topology capture ¢ Graph engine, event based ¢ Gremlin like query language ¢ Populated from : $ netlink $ netns $ ovsdb $ ethtool ¢ External connectors : $ Docker $ Neutron
Topology capture $ ip netns add vm1 $ ip link add vm1-eth0 type veth peer name eth0 netns vm1 $ ip link set vm1-eth0 up $ ip netns exec vm1 ip link set eth0 up $ ip netns exec vm1 ip address add 10.0.0.1/24 dev eth0 $ ovs-vsctl add-port br-int vm1-eth0
Topology capture $ skydive client topology query -q 'G.V().Has("Name", "vm1")' [{ "Host": "localhost.localdomain", "ID": "07236227-b280-4947-5ceb-c1f98e8515f3", "Metadata": { "Name": "vm1", "Type": "netns" } }]
Topology capture $ skydive client topology query -q 'G.V().Has("Type", "ovsbridge").Out().Out().Has("Name", Without("br-int")) [ { "Host": "localhost.localdomain", "ID": "a190409e-f76e-4c8f-55b9-985e662a37c0", "Metadata": { "Driver": "veth", "IfIndex": 168, "MAC": "3e:88:b9:65:04:7e", "MTU": 1500, "Name": "vm1-eth0", "State": "UP", "Type": "veth", "UUID": "b6e9bf79-9b58-4b65-800e-1ddf9909d9dc" }}]
Topology capture $ docker run --name=webserver -p 80:80 -d eboraas/apache $ sudo docker run --name database postgres
Topology capture $ skydive client topology query -q 'G.V().Has("Type", "netns")' [{ "Host": "localhost.localdomain", "ID": "5674d492-e2e1-4e6f-63f4-3b9f1073da03", "Metadata": { "Docker.ContainerID": "5841d117701051542496d´.994e5c2f2284e86c0ce17f2662", "Docker.ContainerName": "/webserver", "Docker.ContainerPID": 17216, "Manager": "docker", "Name": "webserver", "Type": "netns" } }]
Flow capture ¢ Flow table centric ¢ Local mapping flow/topology ¢ Layer metrics ¢ Packet data from $ sFlow $ Pcap
Flow capture $ skydive client capture create --probepath "*/br-int[Type=ovsbridge]" { "ProbePath": "*/br-int[Type=ovsbridge]" }
Flow capture $ ip netns exec vm1 ping 10.0.0.2 Flow schema ¢ Metrics per layer ¢ Unique ID per flow ¢ Unique ID per flow/capture ¢ Origin/Destination ¢ Capture point
Skydive architecture Agents : ¢ Capture topology ¢ Capture flows, maintains flow table ¢ Local topology/flow mapping ¢ Forward topology/flow to analyzers Analyzers : ¢ Aggregate topology/flow ¢ Global topology/flow mapping ¢ Stores topology/flow in a database
Kubernetes integration
Demo
Skydive Use-cases ¢ Detection of common configuration errors ¢ Detection of live network issues $ bad performances, helping to find the root cause $ DDOS and any unattended traffic ¢ Possibility to capture traffic at any point $ History of all the captured metrics $ Post mortem analysis ¢ Detection of bad application performance, bad RTT, wrong security groups
Skydive Roadmap ¢ Topology capture $ More probes : OpenFlow, L3 informations $ Versioning ¢ Live distributed capture $ Filtering ¢ Analysis $ More protocols $ Alerting ¢ Security $ RBAC $ SSL $ IP anonymization
Open source Apache License Written in Go Contributions are welcome
Questions ? https://github.com/redhat-cip/skydive IRC: #skydive-project @freenode.net nplanel@redhat.com safchain@redhat.com

Recommended

Skydive 5/07/2016
Skydive 5/07/2016Skydive 5/07/2016
Skydive 5/07/2016
Sylvain Afchain
?
Skydive 31 janv. 2016
Skydive 31 janv. 2016Skydive 31 janv. 2016
Skydive 31 janv. 2016
Sylvain Afchain
?
Skydive, real-time network analyzer
Skydive, real-time network analyzer Skydive, real-time network analyzer
Skydive, real-time network analyzer
Sylvain Afchain
?
Distributed app development with nodejs and zeromq
Distributed app development with nodejs and zeromqDistributed app development with nodejs and zeromq
Distributed app development with nodejs and zeromq
Ruben Tan
?
BUD17-300: Journey of a packet
BUD17-300: Journey of a packetBUD17-300: Journey of a packet
BUD17-300: Journey of a packet
Linaro
?
Cilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDPCilium - Fast IPv6 Container Networking with BPF and XDP
Cilium - Fast IPv6 Container Networking with BPF and XDP
Thomas Graf
?
OSNoise Tracer: Who Is Stealing My CPU Time?
OSNoise Tracer: Who Is Stealing My CPU Time?OSNoise Tracer: Who Is Stealing My CPU Time?
OSNoise Tracer: Who Is Stealing My CPU Time?
ScyllaDB
?
Leveraging zeromq for node.js
Leveraging zeromq for node.jsLeveraging zeromq for node.js
Leveraging zeromq for node.js
Ruben Tan
?
ZeroMQ with NodeJS
ZeroMQ with NodeJSZeroMQ with NodeJS
ZeroMQ with NodeJS
Fernando Sanabria
?
Make Your Own Developement Board @ 2014.4.21 JuluOSDev
Make Your Own Developement Board @ 2014.4.21 JuluOSDevMake Your Own Developement Board @ 2014.4.21 JuluOSDev
Make Your Own Developement Board @ 2014.4.21 JuluOSDev
Jian-Hong Pan
?
Ostinato FOSS.IN 2010
Ostinato FOSS.IN 2010Ostinato FOSS.IN 2010
Ostinato FOSS.IN 2010
pstavirs
?
Zeromq anatomy & jeromq
Zeromq anatomy & jeromqZeromq anatomy & jeromq
Zeromq anatomy & jeromq
Dongmin Yu
?
Ostinato - Craft Packets, Generate Traffic [SharkFest '20]
Ostinato - Craft Packets, Generate Traffic [SharkFest '20]Ostinato - Craft Packets, Generate Traffic [SharkFest '20]
Ostinato - Craft Packets, Generate Traffic [SharkFest '20]
pstavirs
?
Build reliable, traceable, distributed systems with ZeroMQ
Build reliable, traceable, distributed systems with ZeroMQBuild reliable, traceable, distributed systems with ZeroMQ
Build reliable, traceable, distributed systems with ZeroMQ
Robin Xiao
?
Scapy talk
Scapy talkScapy talk
Scapy talk
Ashwin Patil, GCIH, GCIA, GCFE
?
OVN DBs HA with scale test
OVN DBs HA with scale testOVN DBs HA with scale test
OVN DBs HA with scale test
Aliasgar Ginwala
?
LCA13: Common Clk Framework DVFS Roadmap
LCA13: Common Clk Framework DVFS RoadmapLCA13: Common Clk Framework DVFS Roadmap
LCA13: Common Clk Framework DVFS Roadmap
Linaro
?
Event Driven with LibUV and ZeroMQ
Event Driven with LibUV and ZeroMQEvent Driven with LibUV and ZeroMQ
Event Driven with LibUV and ZeroMQ
Luke Luo
?
Network Programming With Anyevent
Network Programming With AnyeventNetwork Programming With Anyevent
Network Programming With Anyevent
Pedro Melo
?
Whoops! I Rewrote It in Rust
Whoops! I Rewrote It in RustWhoops! I Rewrote It in Rust
Whoops! I Rewrote It in Rust
ScyllaDB
?
Writing an Ostinato Protocol Builder [FOSDEM 2021]
Writing an Ostinato Protocol Builder [FOSDEM 2021]Writing an Ostinato Protocol Builder [FOSDEM 2021]
Writing an Ostinato Protocol Builder [FOSDEM 2021]
pstavirs
?
Troubleshooting .net core on linux
Troubleshooting .net core on linuxTroubleshooting .net core on linux
Troubleshooting .net core on linux
Pavel Klimiankou
?
Workshop@naha_val3
Workshop@naha_val3Workshop@naha_val3
Workshop@naha_val3
Shusaku Fukumine
?
Perl Instruments
Perl InstrumentsPerl Instruments
Perl Instruments
Pedro Melo
?
Rust Is Safe. But Is It Fast?
Rust Is Safe. But Is It Fast?Rust Is Safe. But Is It Fast?
Rust Is Safe. But Is It Fast?
ScyllaDB
?
Clang: More than just a C/C++ Compiler
Clang: More than just a C/C++ CompilerClang: More than just a C/C++ Compiler
Clang: More than just a C/C++ Compiler
Samsung Open Source Group
?
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersCilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Thomas Graf
?
LAS16-504: Secure Storage updates in OP-TEE
LAS16-504: Secure Storage updates in OP-TEELAS16-504: Secure Storage updates in OP-TEE
LAS16-504: Secure Storage updates in OP-TEE
Linaro
?
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for Cassandra
Edward Capriolo
?
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
DataStax Academy
?

More Related Content

What's hot (20)

ZeroMQ with NodeJS
ZeroMQ with NodeJSZeroMQ with NodeJS
ZeroMQ with NodeJS
Fernando Sanabria
?
Make Your Own Developement Board @ 2014.4.21 JuluOSDev
Make Your Own Developement Board @ 2014.4.21 JuluOSDevMake Your Own Developement Board @ 2014.4.21 JuluOSDev
Make Your Own Developement Board @ 2014.4.21 JuluOSDev
Jian-Hong Pan
?
Ostinato FOSS.IN 2010
Ostinato FOSS.IN 2010Ostinato FOSS.IN 2010
Ostinato FOSS.IN 2010
pstavirs
?
Zeromq anatomy & jeromq
Zeromq anatomy & jeromqZeromq anatomy & jeromq
Zeromq anatomy & jeromq
Dongmin Yu
?
Ostinato - Craft Packets, Generate Traffic [SharkFest '20]
Ostinato - Craft Packets, Generate Traffic [SharkFest '20]Ostinato - Craft Packets, Generate Traffic [SharkFest '20]
Ostinato - Craft Packets, Generate Traffic [SharkFest '20]
pstavirs
?
Build reliable, traceable, distributed systems with ZeroMQ
Build reliable, traceable, distributed systems with ZeroMQBuild reliable, traceable, distributed systems with ZeroMQ
Build reliable, traceable, distributed systems with ZeroMQ
Robin Xiao
?
Scapy talk
Scapy talkScapy talk
Scapy talk
Ashwin Patil, GCIH, GCIA, GCFE
?
OVN DBs HA with scale test
OVN DBs HA with scale testOVN DBs HA with scale test
OVN DBs HA with scale test
Aliasgar Ginwala
?
LCA13: Common Clk Framework DVFS Roadmap
LCA13: Common Clk Framework DVFS RoadmapLCA13: Common Clk Framework DVFS Roadmap
LCA13: Common Clk Framework DVFS Roadmap
Linaro
?
Event Driven with LibUV and ZeroMQ
Event Driven with LibUV and ZeroMQEvent Driven with LibUV and ZeroMQ
Event Driven with LibUV and ZeroMQ
Luke Luo
?
Network Programming With Anyevent
Network Programming With AnyeventNetwork Programming With Anyevent
Network Programming With Anyevent
Pedro Melo
?
Whoops! I Rewrote It in Rust
Whoops! I Rewrote It in RustWhoops! I Rewrote It in Rust
Whoops! I Rewrote It in Rust
ScyllaDB
?
Writing an Ostinato Protocol Builder [FOSDEM 2021]
Writing an Ostinato Protocol Builder [FOSDEM 2021]Writing an Ostinato Protocol Builder [FOSDEM 2021]
Writing an Ostinato Protocol Builder [FOSDEM 2021]
pstavirs
?
Troubleshooting .net core on linux
Troubleshooting .net core on linuxTroubleshooting .net core on linux
Troubleshooting .net core on linux
Pavel Klimiankou
?
Workshop@naha_val3
Workshop@naha_val3Workshop@naha_val3
Workshop@naha_val3
Shusaku Fukumine
?
Perl Instruments
Perl InstrumentsPerl Instruments
Perl Instruments
Pedro Melo
?
Rust Is Safe. But Is It Fast?
Rust Is Safe. But Is It Fast?Rust Is Safe. But Is It Fast?
Rust Is Safe. But Is It Fast?
ScyllaDB
?
Clang: More than just a C/C++ Compiler
Clang: More than just a C/C++ CompilerClang: More than just a C/C++ Compiler
Clang: More than just a C/C++ Compiler
Samsung Open Source Group
?
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersCilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Thomas Graf
?
LAS16-504: Secure Storage updates in OP-TEE
LAS16-504: Secure Storage updates in OP-TEELAS16-504: Secure Storage updates in OP-TEE
LAS16-504: Secure Storage updates in OP-TEE
Linaro
?
ZeroMQ with NodeJS
ZeroMQ with NodeJSZeroMQ with NodeJS
ZeroMQ with NodeJS
Fernando Sanabria
?
Make Your Own Developement Board @ 2014.4.21 JuluOSDev
Make Your Own Developement Board @ 2014.4.21 JuluOSDevMake Your Own Developement Board @ 2014.4.21 JuluOSDev
Make Your Own Developement Board @ 2014.4.21 JuluOSDev
Jian-Hong Pan
?
Ostinato FOSS.IN 2010
Ostinato FOSS.IN 2010Ostinato FOSS.IN 2010
Ostinato FOSS.IN 2010
pstavirs
?
Zeromq anatomy & jeromq
Zeromq anatomy & jeromqZeromq anatomy & jeromq
Zeromq anatomy & jeromq
Dongmin Yu
?
Ostinato - Craft Packets, Generate Traffic [SharkFest '20]
Ostinato - Craft Packets, Generate Traffic [SharkFest '20]Ostinato - Craft Packets, Generate Traffic [SharkFest '20]
Ostinato - Craft Packets, Generate Traffic [SharkFest '20]
pstavirs
?
Build reliable, traceable, distributed systems with ZeroMQ
Build reliable, traceable, distributed systems with ZeroMQBuild reliable, traceable, distributed systems with ZeroMQ
Build reliable, traceable, distributed systems with ZeroMQ
Robin Xiao
?
Scapy talk
Scapy talkScapy talk
Scapy talk
Ashwin Patil, GCIH, GCIA, GCFE
?
OVN DBs HA with scale test
OVN DBs HA with scale testOVN DBs HA with scale test
OVN DBs HA with scale test
Aliasgar Ginwala
?
LCA13: Common Clk Framework DVFS Roadmap
LCA13: Common Clk Framework DVFS RoadmapLCA13: Common Clk Framework DVFS Roadmap
LCA13: Common Clk Framework DVFS Roadmap
Linaro
?
Event Driven with LibUV and ZeroMQ
Event Driven with LibUV and ZeroMQEvent Driven with LibUV and ZeroMQ
Event Driven with LibUV and ZeroMQ
Luke Luo
?
Network Programming With Anyevent
Network Programming With AnyeventNetwork Programming With Anyevent
Network Programming With Anyevent
Pedro Melo
?
Whoops! I Rewrote It in Rust
Whoops! I Rewrote It in RustWhoops! I Rewrote It in Rust
Whoops! I Rewrote It in Rust
ScyllaDB
?
Writing an Ostinato Protocol Builder [FOSDEM 2021]
Writing an Ostinato Protocol Builder [FOSDEM 2021]Writing an Ostinato Protocol Builder [FOSDEM 2021]
Writing an Ostinato Protocol Builder [FOSDEM 2021]
pstavirs
?
Troubleshooting .net core on linux
Troubleshooting .net core on linuxTroubleshooting .net core on linux
Troubleshooting .net core on linux
Pavel Klimiankou
?
Workshop@naha_val3
Workshop@naha_val3Workshop@naha_val3
Workshop@naha_val3
Shusaku Fukumine
?
Perl Instruments
Perl InstrumentsPerl Instruments
Perl Instruments
Pedro Melo
?
Rust Is Safe. But Is It Fast?
Rust Is Safe. But Is It Fast?Rust Is Safe. But Is It Fast?
Rust Is Safe. But Is It Fast?
ScyllaDB
?
Clang: More than just a C/C++ Compiler
Clang: More than just a C/C++ CompilerClang: More than just a C/C++ Compiler
Clang: More than just a C/C++ Compiler
Samsung Open Source Group
?
Cilium - BPF & XDP for containers
Cilium - BPF & XDP for containersCilium - BPF & XDP for containers
Cilium - BPF & XDP for containers
Thomas Graf
?
LAS16-504: Secure Storage updates in OP-TEE
LAS16-504: Secure Storage updates in OP-TEELAS16-504: Secure Storage updates in OP-TEE
LAS16-504: Secure Storage updates in OP-TEE
Linaro
?

Similar to Skydive, real-time network analyzer, container integration (20)

Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for Cassandra
Edward Capriolo
?
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
DataStax Academy
?
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
innov-acts-ltd
?
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rub└n S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rub└n S....OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rub└n S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rub└n S....
OpenNebula Project
?
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
Madhu Venugopal
?
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
Aman Kohli
?
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
Aman Kohli
?
Kamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereKamailio - SIP Servers Everywhere
Kamailio - SIP Servers Everywhere
Daniel-Constantin Mierla
?
Android 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkAndroid 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and Network
Caio Pereira
?
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
?
FOSDEM 2017 - RTC Services With Lua and Kamailio
FOSDEM 2017 - RTC Services With Lua and KamailioFOSDEM 2017 - RTC Services With Lua and Kamailio
FOSDEM 2017 - RTC Services With Lua and Kamailio
Daniel-Constantin Mierla
?
Automating the Network
Automating the NetworkAutomating the Network
Automating the Network
Puppet
?
PLNOG 4: Leszek Urba┰ski - A modern HTTP accelerator for content providers
PLNOG 4: Leszek Urba┰ski - A modern HTTP accelerator for content providersPLNOG 4: Leszek Urba┰ski - A modern HTTP accelerator for content providers
PLNOG 4: Leszek Urba┰ski - A modern HTTP accelerator for content providers
PROIDEA
?
Original slides from Ryan Dahl's NodeJs intro talk
Original slides from Ryan Dahl's NodeJs intro talkOriginal slides from Ryan Dahl's NodeJs intro talk
Original slides from Ryan Dahl's NodeJs intro talk
Aarti Parikh
?
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
Cosimo Streppone
?
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC Networking
Marian Marinov
?
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Jakub Botwicz
?
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
Cyber Security Alliance
?
泌採邑^ Go-kit 酔堀喜秀裏捲媼喘殻塀
泌採邑^ Go-kit 酔堀喜秀裏捲媼喘殻塀泌採邑^ Go-kit 酔堀喜秀裏捲媼喘殻塀
泌採邑^ Go-kit 酔堀喜秀裏捲媼喘殻塀
KAI CHU CHUNG
?
Non-blocking I/O, Event loops and node.js
Non-blocking I/O, Event loops and node.jsNon-blocking I/O, Event loops and node.js
Non-blocking I/O, Event loops and node.js
Marcus Fr?din
?
Intravert Server side processing for Cassandra
Intravert Server side processing for CassandraIntravert Server side processing for Cassandra
Intravert Server side processing for Cassandra
Edward Capriolo
?
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
NYC* 2013 - "Advanced Data Processing: Beyond Queries and Slices"
DataStax Academy
?
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
H2020 finsec-ibm- aidan-shribman-finsec-skydive 260820
innov-acts-ltd
?
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rub└n S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rub└n S....OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rub└n S....
OpenNebulaConf 2016 - Networking, NFVs and SDNs Hands-on Workshop by Rub└n S....
OpenNebula Project
?
DCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep diveDCUS17 : Docker networking deep dive
DCUS17 : Docker networking deep dive
Madhu Venugopal
?
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
DSLing your System For Scalability Testing Using Gatling - Dublin Scala User ...
Aman Kohli
?
Being HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on PurposeBeing HAPI! Reverse Proxying on Purpose
Being HAPI! Reverse Proxying on Purpose
Aman Kohli
?
Kamailio - SIP Servers Everywhere
Kamailio - SIP Servers EverywhereKamailio - SIP Servers Everywhere
Kamailio - SIP Servers Everywhere
Daniel-Constantin Mierla
?
Android 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and NetworkAndroid 4.2 Internals - Bluetooth and Network
Android 4.2 Internals - Bluetooth and Network
Caio Pereira
?
Linux Networking Explained
Linux Networking ExplainedLinux Networking Explained
Linux Networking Explained
Thomas Graf
?
FOSDEM 2017 - RTC Services With Lua and Kamailio
FOSDEM 2017 - RTC Services With Lua and KamailioFOSDEM 2017 - RTC Services With Lua and Kamailio
FOSDEM 2017 - RTC Services With Lua and Kamailio
Daniel-Constantin Mierla
?
Automating the Network
Automating the NetworkAutomating the Network
Automating the Network
Puppet
?
PLNOG 4: Leszek Urba┰ski - A modern HTTP accelerator for content providers
PLNOG 4: Leszek Urba┰ski - A modern HTTP accelerator for content providersPLNOG 4: Leszek Urba┰ski - A modern HTTP accelerator for content providers
PLNOG 4: Leszek Urba┰ski - A modern HTTP accelerator for content providers
PROIDEA
?
Original slides from Ryan Dahl's NodeJs intro talk
Original slides from Ryan Dahl's NodeJs intro talkOriginal slides from Ryan Dahl's NodeJs intro talk
Original slides from Ryan Dahl's NodeJs intro talk
Aarti Parikh
?
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attack
Cosimo Streppone
?
Secure LXC Networking
Secure LXC NetworkingSecure LXC Networking
Secure LXC Networking
Marian Marinov
?
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Cotopaxi - IoT testing toolkit (Black Hat Asia 2019 Arsenal)
Jakub Botwicz
?
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
Cyber Security Alliance
?
泌採邑^ Go-kit 酔堀喜秀裏捲媼喘殻塀
泌採邑^ Go-kit 酔堀喜秀裏捲媼喘殻塀泌採邑^ Go-kit 酔堀喜秀裏捲媼喘殻塀
泌採邑^ Go-kit 酔堀喜秀裏捲媼喘殻塀
KAI CHU CHUNG
?
Non-blocking I/O, Event loops and node.js
Non-blocking I/O, Event loops and node.jsNon-blocking I/O, Event loops and node.js
Non-blocking I/O, Event loops and node.js
Marcus Fr?din
?

Recently uploaded (20)

Lecture2_REQUIREMENT_Process__Modelss.pptx
Lecture2_REQUIREMENT_Process__Modelss.pptxLecture2_REQUIREMENT_Process__Modelss.pptx
Lecture2_REQUIREMENT_Process__Modelss.pptx
Aqsa162589
?
AR/VR Company in India - Simulanis.com
AR/VR Company in India - Simulanis.comAR/VR Company in India - Simulanis.com
AR/VR Company in India - Simulanis.com
mdashraf329911
?
4K Video Downloader Crack + License Key 2025
4K Video Downloader Crack + License Key 20254K Video Downloader Crack + License Key 2025
4K Video Downloader Crack + License Key 2025
yelenayoko
?
wAIred_VoxxedDaysAmsterdam_03042025.pptx
wAIred_VoxxedDaysAmsterdam_03042025.pptxwAIred_VoxxedDaysAmsterdam_03042025.pptx
wAIred_VoxxedDaysAmsterdam_03042025.pptx
SimonedeGijt
?
Migrating GitHub Actions with Nested Virtualization to Cloud Native Ecosystem...
Migrating GitHub Actions with Nested Virtualization to Cloud Native Ecosystem...Migrating GitHub Actions with Nested Virtualization to Cloud Native Ecosystem...
Migrating GitHub Actions with Nested Virtualization to Cloud Native Ecosystem...
KCD Guadalajara
?
AI has already changed software development.pdf
AI has already changed software development.pdfAI has already changed software development.pdf
AI has already changed software development.pdf
Radam└s Roriz
?
A Brief Introduction About Jeff Menashe
A Brief Introduction About Jeff MenasheA Brief Introduction About Jeff Menashe
A Brief Introduction About Jeff Menashe
Jeff Menashe
?
Internet Download Manager (IDM) Crack + Lisence key Latest version 2025
Internet Download Manager (IDM) Crack + Lisence key Latest version 2025Internet Download Manager (IDM) Crack + Lisence key Latest version 2025
Internet Download Manager (IDM) Crack + Lisence key Latest version 2025
blouch36kp
?
Cypress Parallel Testing Tutorial: Speed Up Your Test Runs with Ease
Cypress Parallel Testing Tutorial: Speed Up Your Test Runs with EaseCypress Parallel Testing Tutorial: Speed Up Your Test Runs with Ease
Cypress Parallel Testing Tutorial: Speed Up Your Test Runs with Ease
Shubham Joshi
?
Movavi Video Editor Crack + Activation Key [2025]
Movavi Video Editor Crack + Activation Key [2025]Movavi Video Editor Crack + Activation Key [2025]
Movavi Video Editor Crack + Activation Key [2025]
l07307095
?
TVersity Pro Media Server Free CRACK Download
TVersity Pro Media Server Free CRACK DownloadTVersity Pro Media Server Free CRACK Download
TVersity Pro Media Server Free CRACK Download
mohsinrazakpa43
?
Autodesk MotionBuilder 2026 Free Download
Autodesk MotionBuilder 2026 Free DownloadAutodesk MotionBuilder 2026 Free Download
Autodesk MotionBuilder 2026 Free Download
blouch52kp
?
ESET NOD32 Antivirus Crack with License Key 2025
ESET NOD32 Antivirus Crack with License Key 2025ESET NOD32 Antivirus Crack with License Key 2025
ESET NOD32 Antivirus Crack with License Key 2025
umeerbinfaizan
?
Adobe Illustrator Crack Download (Latest 2025)
Adobe Illustrator Crack Download (Latest 2025)Adobe Illustrator Crack Download (Latest 2025)
Adobe Illustrator Crack Download (Latest 2025)
blouch36kp
?
The Evolution of Microsoft Project Portfolio Management
The Evolution of Microsoft Project Portfolio ManagementThe Evolution of Microsoft Project Portfolio Management
The Evolution of Microsoft Project Portfolio Management
OnePlan Solutions
?
Lumion Pro Crack latest version Free 2025
Lumion Pro Crack latest version Free 2025Lumion Pro Crack latest version Free 2025
Lumion Pro Crack latest version Free 2025
naeem55ddf
?
microsoft office 2019 crack free download
microsoft office 2019 crack free downloadmicrosoft office 2019 crack free download
microsoft office 2019 crack free download
mohsinrazakpa39
?
Wondershare Dr.Fone Crack Free Download 2025
Wondershare Dr.Fone Crack Free Download 2025Wondershare Dr.Fone Crack Free Download 2025
Wondershare Dr.Fone Crack Free Download 2025
mohsinrazakpa28
?
UniFab Crack 2025 Key Full Version [Latest]
UniFab Crack 2025 Key Full Version [Latest]UniFab Crack 2025 Key Full Version [Latest]
UniFab Crack 2025 Key Full Version [Latest]
umeerbinfaizan
?
Clip Studio Paint EX Download (Latest 2025)
Clip Studio Paint EX Download (Latest 2025)Clip Studio Paint EX Download (Latest 2025)
Clip Studio Paint EX Download (Latest 2025)
mohsinrazakpa79
?
Lecture2_REQUIREMENT_Process__Modelss.pptx
Lecture2_REQUIREMENT_Process__Modelss.pptxLecture2_REQUIREMENT_Process__Modelss.pptx
Lecture2_REQUIREMENT_Process__Modelss.pptx
Aqsa162589
?
AR/VR Company in India - Simulanis.com
AR/VR Company in India - Simulanis.comAR/VR Company in India - Simulanis.com
AR/VR Company in India - Simulanis.com
mdashraf329911
?
4K Video Downloader Crack + License Key 2025
4K Video Downloader Crack + License Key 20254K Video Downloader Crack + License Key 2025
4K Video Downloader Crack + License Key 2025
yelenayoko
?
wAIred_VoxxedDaysAmsterdam_03042025.pptx
wAIred_VoxxedDaysAmsterdam_03042025.pptxwAIred_VoxxedDaysAmsterdam_03042025.pptx
wAIred_VoxxedDaysAmsterdam_03042025.pptx
SimonedeGijt
?
Migrating GitHub Actions with Nested Virtualization to Cloud Native Ecosystem...
Migrating GitHub Actions with Nested Virtualization to Cloud Native Ecosystem...Migrating GitHub Actions with Nested Virtualization to Cloud Native Ecosystem...
Migrating GitHub Actions with Nested Virtualization to Cloud Native Ecosystem...
KCD Guadalajara
?
AI has already changed software development.pdf
AI has already changed software development.pdfAI has already changed software development.pdf
AI has already changed software development.pdf
Radam└s Roriz
?
A Brief Introduction About Jeff Menashe
A Brief Introduction About Jeff MenasheA Brief Introduction About Jeff Menashe
A Brief Introduction About Jeff Menashe
Jeff Menashe
?
Internet Download Manager (IDM) Crack + Lisence key Latest version 2025
Internet Download Manager (IDM) Crack + Lisence key Latest version 2025Internet Download Manager (IDM) Crack + Lisence key Latest version 2025
Internet Download Manager (IDM) Crack + Lisence key Latest version 2025
blouch36kp
?
Cypress Parallel Testing Tutorial: Speed Up Your Test Runs with Ease
Cypress Parallel Testing Tutorial: Speed Up Your Test Runs with EaseCypress Parallel Testing Tutorial: Speed Up Your Test Runs with Ease
Cypress Parallel Testing Tutorial: Speed Up Your Test Runs with Ease
Shubham Joshi
?
Movavi Video Editor Crack + Activation Key [2025]
Movavi Video Editor Crack + Activation Key [2025]Movavi Video Editor Crack + Activation Key [2025]
Movavi Video Editor Crack + Activation Key [2025]
l07307095
?
TVersity Pro Media Server Free CRACK Download
TVersity Pro Media Server Free CRACK DownloadTVersity Pro Media Server Free CRACK Download
TVersity Pro Media Server Free CRACK Download
mohsinrazakpa43
?
Autodesk MotionBuilder 2026 Free Download
Autodesk MotionBuilder 2026 Free DownloadAutodesk MotionBuilder 2026 Free Download
Autodesk MotionBuilder 2026 Free Download
blouch52kp
?
ESET NOD32 Antivirus Crack with License Key 2025
ESET NOD32 Antivirus Crack with License Key 2025ESET NOD32 Antivirus Crack with License Key 2025
ESET NOD32 Antivirus Crack with License Key 2025
umeerbinfaizan
?
Adobe Illustrator Crack Download (Latest 2025)
Adobe Illustrator Crack Download (Latest 2025)Adobe Illustrator Crack Download (Latest 2025)
Adobe Illustrator Crack Download (Latest 2025)
blouch36kp
?
The Evolution of Microsoft Project Portfolio Management
The Evolution of Microsoft Project Portfolio ManagementThe Evolution of Microsoft Project Portfolio Management
The Evolution of Microsoft Project Portfolio Management
OnePlan Solutions
?
Lumion Pro Crack latest version Free 2025
Lumion Pro Crack latest version Free 2025Lumion Pro Crack latest version Free 2025
Lumion Pro Crack latest version Free 2025
naeem55ddf
?
microsoft office 2019 crack free download
microsoft office 2019 crack free downloadmicrosoft office 2019 crack free download
microsoft office 2019 crack free download
mohsinrazakpa39
?
Wondershare Dr.Fone Crack Free Download 2025
Wondershare Dr.Fone Crack Free Download 2025Wondershare Dr.Fone Crack Free Download 2025
Wondershare Dr.Fone Crack Free Download 2025
mohsinrazakpa28
?
UniFab Crack 2025 Key Full Version [Latest]
UniFab Crack 2025 Key Full Version [Latest]UniFab Crack 2025 Key Full Version [Latest]
UniFab Crack 2025 Key Full Version [Latest]
umeerbinfaizan
?
Clip Studio Paint EX Download (Latest 2025)
Clip Studio Paint EX Download (Latest 2025)Clip Studio Paint EX Download (Latest 2025)
Clip Studio Paint EX Download (Latest 2025)
mohsinrazakpa79
?

Skydive, real-time network analyzer, container integration

  • 1. Sylvain AFCHAIN Principal Software Engineer 17/05/2016 Skydive A real-time network analyzer
  • 6. Implementations Management Control plane ¢ OpenFlow ¢ XMPP ¢ BGP ¢ AMQP ¢ Etc... Data plane ¢ VLAN ¢ VXLAN ¢ GRE ¢ MPLS ¢ OVS, Linuxbridge, other
  • 7. Troubleshooting Where... packets are dropped ? packets are fragmented ? choke point occurs ? What´ packet layers path ? kind of traffic for this virtual network ? number of flows on this link ? number of TCP Sessions ? bandwidth for this tenant ?
  • 8. Current toolbox ¢ iproute2 ¢ ovs-vsctl, ovs-ofctl, ovs-dpctl... ¢ ethtool ¢ brctl ¢ tcpdump ¢ SDN CLI/API ¢ SSH ¢ ...
  • 9. What we need ¢ Flow centric ¢ Easy to deploy ¢ SDN Agnostic solution ¢ Non-intrusive / Lightweight ¢ Open, API ¢ Connectors to SDN
  • 10. What we need ¢ Topology capture a. interfaces, bond, mtu, vlan b. bridges c. Network namespaces d. etc.. ¢ Flow capture a. on-demand traffic capture b. on-demand counter capture c. filtering d. underlay/overlay informations ¢ Topology/flow aggregation a. mapping topology/flow b. analysis
  • 11. Topology capture ¢ Graph engine, event based ¢ Gremlin like query language ¢ Populated from : $ netlink $ netns $ ovsdb $ ethtool ¢ External connectors : $ Docker $ Neutron
  • 12. Topology capture $ ip netns add vm1 $ ip link add vm1-eth0 type veth peer name eth0 netns vm1 $ ip link set vm1-eth0 up $ ip netns exec vm1 ip link set eth0 up $ ip netns exec vm1 ip address add 10.0.0.1/24 dev eth0 $ ovs-vsctl add-port br-int vm1-eth0
  • 13. Topology capture $ skydive client topology query -q 'G.V().Has("Name", "vm1")' [{ "Host": "localhost.localdomain", "ID": "07236227-b280-4947-5ceb-c1f98e8515f3", "Metadata": { "Name": "vm1", "Type": "netns" } }]
  • 14. Topology capture $ skydive client topology query -q 'G.V().Has("Type", "ovsbridge").Out().Out().Has("Name", Without("br-int")) [ { "Host": "localhost.localdomain", "ID": "a190409e-f76e-4c8f-55b9-985e662a37c0", "Metadata": { "Driver": "veth", "IfIndex": 168, "MAC": "3e:88:b9:65:04:7e", "MTU": 1500, "Name": "vm1-eth0", "State": "UP", "Type": "veth", "UUID": "b6e9bf79-9b58-4b65-800e-1ddf9909d9dc" }}]
  • 15. Topology capture $ docker run --name=webserver -p 80:80 -d eboraas/apache $ sudo docker run --name database postgres
  • 16. Topology capture $ skydive client topology query -q 'G.V().Has("Type", "netns")' [{ "Host": "localhost.localdomain", "ID": "5674d492-e2e1-4e6f-63f4-3b9f1073da03", "Metadata": { "Docker.ContainerID": "5841d117701051542496d´.994e5c2f2284e86c0ce17f2662", "Docker.ContainerName": "/webserver", "Docker.ContainerPID": 17216, "Manager": "docker", "Name": "webserver", "Type": "netns" } }]
  • 17. Flow capture ¢ Flow table centric ¢ Local mapping flow/topology ¢ Layer metrics ¢ Packet data from $ sFlow $ Pcap
  • 18. Flow capture $ skydive client capture create --probepath "*/br-int[Type=ovsbridge]" { "ProbePath": "*/br-int[Type=ovsbridge]" }
  • 19. Flow capture $ ip netns exec vm1 ping 10.0.0.2 Flow schema ¢ Metrics per layer ¢ Unique ID per flow ¢ Unique ID per flow/capture ¢ Origin/Destination ¢ Capture point
  • 20. Skydive architecture Agents : ¢ Capture topology ¢ Capture flows, maintains flow table ¢ Local topology/flow mapping ¢ Forward topology/flow to analyzers Analyzers : ¢ Aggregate topology/flow ¢ Global topology/flow mapping ¢ Stores topology/flow in a database
  • 22. Demo
  • 23. Skydive Use-cases ¢ Detection of common configuration errors ¢ Detection of live network issues $ bad performances, helping to find the root cause $ DDOS and any unattended traffic ¢ Possibility to capture traffic at any point $ History of all the captured metrics $ Post mortem analysis ¢ Detection of bad application performance, bad RTT, wrong security groups
  • 24. Skydive Roadmap ¢ Topology capture $ More probes : OpenFlow, L3 informations $ Versioning ¢ Live distributed capture $ Filtering ¢ Analysis $ More protocols $ Alerting ¢ Security $ RBAC $ SSL $ IP anonymization
  • 25. Open source Apache License Written in Go Contributions are welcome
  • 26. Questions ? https://github.com/redhat-cip/skydive IRC: #skydive-project @freenode.net nplanel@redhat.com safchain@redhat.com
AboutCopyright
? 2025 際際滷