WO2010013098A1 - Débogage de trajets de données - Google Patents
Débogage de trajets de données Download PDFInfo
- Publication number
- WO2010013098A1 WO2010013098A1 PCT/IB2008/054460 IB2008054460W WO2010013098A1 WO 2010013098 A1 WO2010013098 A1 WO 2010013098A1 IB 2008054460 W IB2008054460 W IB 2008054460W WO 2010013098 A1 WO2010013098 A1 WO 2010013098A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- debugging
- node
- data path
- data
- data packets
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/12—Network monitoring probes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/026—Capturing of monitoring data using flow identification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L43/00—Arrangements for monitoring or testing data switching networks
- H04L43/02—Capturing of monitoring data
- H04L43/028—Capturing of monitoring data by filtering
Definitions
- the embodiments disclosed herein generally relate to networks, and, more particularly, to data path debugging in networks.
- rate limiting of debug logs occurs at debug logging server.
- Data path continuously generates debug logs, and debug logging server has to rate-limit the logs generated by data path. This will further impact performance of network devices adversely.
- debug architecture is not flexible enough in allowing debug code for particular component or a specified set of components in a network device.
- debugging logs are generated for all interfaces in a network device, resulting in a large number of debugging logs and therefore making troubleshooting more difficult
- an embodiment herein provides a method and system for debugging a data path of a network device, for example, router/switch using dynamic method to selectively add and remove debugging nodes in the data path with no impact on the packet forwarding performance, the method comprising steps of inserting a debugging node in the data path, classifying the data packets passing through debugging node, generating debug logs for the data packets, and removing the debugging node from the data path on completion of debugging.
- a plurality of debugging nodes can be placed on the data path on per interface basis.
- the debugging node can be placed on the ingress and egress of a particular component in the data path thereby permitting the user to debug the functionality of a particular component in the data path.
- the debugging node includes complete debugging and rate limiting functionality.
- the debugging node classifies the data packets passing through the node using one pass classification and generates debug logs for each data packet with rate limiting.
- the debugging node classifies said data packets using one pass classification up to seven layers of the Open System Interconnection (OSI) model.
- OSI Open System Interconnection
- the debugging node is adapted to classify said data packets using one pass classification and provides classification of data packets up to seven layers of the OSI model.
- Embodiments herein further disclose a system for debugging a data path of a network device using dynamic method to selectively add and remove debugging nodes in a data path with no impact on the packet forwarding performance, the system comprising at least one means adapted to insert a debugging node in the data path, classify the data packets passing through the debugging node, generate debug logs for the data packets with rate limiting and remove the debugging node once the user is done with debugging the data path.
- ⁇ plurality of debugging nodes can be placed on the data path where the debugging node can be placed on the ingress and egress of a particular component in the data path.
- the debugging node includes complete debugging and rate limiting functionality and is adapted to classify said data packets using one pass classification and provides classification of data packets up to seven layers of the OSI model.
- FIG. 1 illustrates a schematic diagram depicting a network device and components, according to an embodiment heroin
- F(G. 2 illustrates a block diagram depicting the functional modules of a debugging node, according to an embodiment herein;.
- FIG. 3 is a block diagram showing an exemplary illustration of a data path with debugging nodes inserted on an interface, according to an embodiment herein;
- FJG. 4 illustrates a schematic diagram depicting the debugging nodes insetted on the ingress and egress of a Network Address Translation (N AT) node in the data path, according to an embodiment herein;
- FIG. 5 illustrates a flowchart depicting a method of debugging a data path by inserting debugging nodes, according to an embodiment herein.
- Embodiments herein disclose a method of debugging the data path functionality of a network device by providing a dynamic method to selectively add and remove debugging nodes in a data path with little or no impact on the packet forwarding performance.
- a debugging node contains complete debugging functionality, including rate limiting functionality.
- user can insert a debugging node at the required point in the data path.
- the debugging node can be programmatically created and inserted, in the data path.
- a user can place any number of debugging nodes simultaneously in the data path. More than one instance of a debugging node can be placed on the ingress and. egress of a particular component in the data path. thereby permitting the user to debug the functionality of a particular component in the data path and narrow down a data path level problem to a component level problem in the data path.
- the debugging node classifies the data packets passing through the node and generates debug logs for each data packet with rate limiting.
- the debugging nodes have little or no impact on the packet forwarding performance of the path. Once the user is done with debugging the path, then the user can then remove the debugging node.
- FIG. 1 illustrates a schematic diagram depicting a network device and the components, according Io an embodiment herein.
- a network device 101 works as an intermediate system that mediates sending, receiving or forwarding data in a computer network.
- the network device 101 can be a router, hub, bridge or switch.
- the network devices 101 allow computers on completely separate networks to communicate with one another.
- a network device 101 say router is used as gateway for other computers to access the Internet 102.
- the network device 101 is placed between the computers and the modem provided by the internet service provider and connects all computers to the network device by connecting the network device to the modem.
- the network device is connected to the computer 1 103, computer 2 104, server 105 and by a wireless connection to a laptop 106.
- FJG. 2 illustrates a block diagram depicting the functional modules of a debugging node, according to an embodiment herein.
- the functional modules of the debugging node 201 include complete debugging module 202, rate-limiting module 203, and classifier module 204.
- the debugging node 201 can be any device connected to a network such as computers, personal digital assistants (PDAs), cell phones, switches, routers or other networked devices.
- PDAs personal digital assistants
- the debugging node 201 acts as a connection point, cither a redistribution point or an end point, for data transmission and has programmed or engineered capability such as debugging commands or modules to recognize and process data transmission to other nodes.
- Rate limiting is a security feature which disables a user's ability to send several instant messages al a time.
- the insertion and removal of debugging node 201 dynamically allows rate limiting of debug logs at data paths.
- the debugging node 201 uses a common classifier to classify the data packets on the data path.
- the classifier may be a collection of rules or policies. Packet classification requires matching each data packet against a database of filters (or rules), and forwarding the packet according to the highest priority filter.
- the classifier may use one pass classification to classify the packets, where one pass classification is one method of packet classification where a single, flexible, extensible syntax defines a common classification and specifies policies for all services.
- the syntax also defines complex classifications for QoS, anti-virus, VoIP and other applications.
- single-pass packet classification a packet enters a firewall first, thus protecting all other services in a gateway.
- the IPSec service decrypts and classifies the packet using the common classification and attaches a tag that contains information about which services need to process the packet.
- the packet then passes to a filter in the services gateway that accepts or denies the packet based on information in the tag.
- each data packet is classified only once in the data path and the rest of the nodes in the data path utilize the same classification.
- data packets usually pass through a variety of security modules, such as firewalls and content filters before the packet is forwarded.
- One pass classification module 204 also provides classification upto seven layers of Open Systems Interconnection Basic Reference Model (OSl), where the seven layers are the Physical layer. Data link layer, Network layer,
- the debugging nodes 201 are dependent on the interface.
- the ingress and egress interfaces of flic debugging nodes 201 can be modified according to the location of the node.
- FlG. 3 is a block diagram showing an exemplary illustration of a data path with debugging nodes inserted on a data path, according to an embodiment herein.
- the data path comprises of 3 nodes, 301, 302 and 303.
- Debugging nodes 201 have been inserted in the data path to debug the data path.
- the debugging node 201 classifies data packets passing through the node 201 and generates debug logs for packets, which match the criteria and available limits.
- the debug logs are generated only for packets which match pre-dete ⁇ nined criteria. Also, the number of debug logs generated may also he limited, on a per second or a per minute basis.
- the debug logs generated arc rate limited for matching each data packet.
- the debugging node 201 uses a common classifier to classify the data packets on the data path.
- the classifier module 204 may use one pass classification, where each data packet is classified only once in the data path and the rest of the nodes in the data path utilize the same classification.
- the classifier module 204 also provides classification apto seven layers. The user can also verify the functionality of node 2 302. using the debug logs which arc generated by the debugging nodes 201 for a data packet before and after node 2 302.
- FIG. 4 illustrates a schematic diagram depicting the debugging nodes inserted on the ingress and egress of a Network Address Translation (NAT) node 402 in the data path, according to an embodiment herein.
- the data path comprises of 3 nodes, decap node 401, NAT node 402 and IP node 403.
- Debugging nodes 201 have been inserted in the data path to debug the data path.
- the debugging node 201 classifies the data packets passing through the nodes 201 and generates debug logs for matching data packet if logs are within the configured rate limit.
- the debugging node 201 uses a common classifier to classify the data packets on the data path.
- the classifier module 204 may use one pass classification, where in one pass classification, data packet is classified only once in the data path and the rest of the nodes in the data path utilize the same classification.
- One pass classification also provides classification upto seven layers. The user can verify the functional i Iy of NAT node 402, using the debug logs which are generated by the debugging nodes 201 for a data packel before and after NAT node 402.
- FlG, 5 illustrates a flowchart depicting a method of debugging a data path by inserting debugging nodes, according to an embodiment herein.
- the user inserts (501) a debugging node 201 on a particular interlace in the data path.
- the interface can have more than one instance for inserting a debugging node 201.
- the debugging node 201 classifies (502) the data packets passing through debugging node.
- the node 201 uses a common classifier to classify the data packets on the data path. Further, the debugging node 201 generates (503) debug logs for the packet with rate limiting. Thereafter, the user removes (504) the debugging nodes 201 from the data path.
- the debug node 201 is interface based and generates logs for data packets only from interested interface and removes debug logs from uninterested interface.
- the dynamic insertion and removal of debugging nodes 201 permits rate limiting of debug logs at the data path.
- the selective insertion and removal of debug nodes 201 has no impact on the packet forwarding performance of the data path while debugging is turned OFF and the selective insertion and removal of debug nodes 201 has minimal impact on the packet forwarding performance of the data path while debugging is turned ON. However, the impact does not diminish the performance of the data path as compared to the existing solutions.
- the various actions in method 500 may be performed in (he order presented, in a different order, or simultaneously. Further, in some embodiments, some actions listed in FIG. 5 may be omitted.
- the embodiments disclosed herein facilitate the debugging of the functionality of a component by placing the debugging node ingress ov egress of the component, thereby reducing the problems of debugging to component level in data path. Further, the debugging node is inserted on per interface basis, controls data path debugging and also removes the debug logs from uninterested interface. [0024] As can be appreciated, the embodiments disclosed herein provides data path debugging functionality of a network device by inserting a debugging node containing complete debugging and rate limiting functionality. Also it is to be understood that the invention as described here is not limited to this precise embodiment and that various changes and modifications may be affected therein without departing from the original scope or spirit of present invention.
- the embodiments disclosed herein can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment including both hardware and software elements.
- the embodiments that arc implemented in software include but arc not limited to, firmware, resident software, microcode, etc.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
L'invention concerne un procédé de débogage de trajets de données dans un dispositif de réseau. Ce procédé consiste à introduire un noeud de débogage dans le trajet de données, à classifier les paquets de données passant à travers les noeuds de débogage, à générer des enregistrements de débogage pour les paquets de données avec une limitation de débit et la suppression du noeud de débogage. Les noeuds de débogage comprennent des fonctionnalités complètes de débogage, de limitation de débit et de classification en une passe. Le noeud de débogage débogue les paquets de données et supprime les enregistrements débogués des interfaces non concernés. Les noeuds de débogage peuvent être placés à l'entrée ou à la sortie d'un composant particulier pour déboguer la fonctionnalité de ce composant.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB2008/054460 WO2010013098A1 (fr) | 2008-08-01 | 2008-08-01 | Débogage de trajets de données |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/IB2008/054460 WO2010013098A1 (fr) | 2008-08-01 | 2008-08-01 | Débogage de trajets de données |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2010013098A1 true WO2010013098A1 (fr) | 2010-02-04 |
Family
ID=40394087
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/IB2008/054460 WO2010013098A1 (fr) | 2008-08-01 | 2008-08-01 | Débogage de trajets de données |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2010013098A1 (fr) |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0230712A1 (fr) * | 1985-10-09 | 1987-08-05 | Outram Research Limited | Enregistreur de données |
US5611044A (en) * | 1993-11-01 | 1997-03-11 | Hewlett-Packard Company | System and method for cross-triggering a software logic analyzer and a hardware analyzer |
US6182247B1 (en) * | 1996-10-28 | 2001-01-30 | Altera Corporation | Embedded logic analyzer for a programmable logic device |
US6651099B1 (en) * | 1999-06-30 | 2003-11-18 | Hi/Fn, Inc. | Method and apparatus for monitoring traffic in a network |
US20050060598A1 (en) * | 2003-09-12 | 2005-03-17 | Finisar Corporation | Network analysis tool |
US7299277B1 (en) * | 2002-01-10 | 2007-11-20 | Network General Technology | Media module apparatus and method for use in a network monitoring environment |
-
2008
- 2008-08-01 WO PCT/IB2008/054460 patent/WO2010013098A1/fr active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP0230712A1 (fr) * | 1985-10-09 | 1987-08-05 | Outram Research Limited | Enregistreur de données |
US5611044A (en) * | 1993-11-01 | 1997-03-11 | Hewlett-Packard Company | System and method for cross-triggering a software logic analyzer and a hardware analyzer |
US6182247B1 (en) * | 1996-10-28 | 2001-01-30 | Altera Corporation | Embedded logic analyzer for a programmable logic device |
US6651099B1 (en) * | 1999-06-30 | 2003-11-18 | Hi/Fn, Inc. | Method and apparatus for monitoring traffic in a network |
US7299277B1 (en) * | 2002-01-10 | 2007-11-20 | Network General Technology | Media module apparatus and method for use in a network monitoring environment |
US20050060598A1 (en) * | 2003-09-12 | 2005-03-17 | Finisar Corporation | Network analysis tool |
Non-Patent Citations (2)
Title |
---|
C.K.ZUWER, J.W.LOCKWOOD: "Debugging of an Internet Packet Scheduler Using the Identify® Software", THE SYNDICATED - A TECHNICAL NEWSLETTER FOR ASIC AND FPGA DESIGNERS, vol. 4, no. 4, December 2004 (2004-12-01), pages 5 - 6, XP002518744 * |
KEVIN DOOLEY ET AL: "Paragraph 18.14: Rate-Limiting Syslog Traffic", CISCO COOKBOOK, DOOLEY K, BROWN I J, O'REALLY, July 2003 (2003-07-01), pages 689 - 690, XP009113703, ISBN: 978-0-596-00367-8 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11916933B2 (en) | Malware detector | |
US8095683B2 (en) | Method and system for mirroring dropped packets | |
US9954873B2 (en) | Mobile device-based intrusion prevention system | |
US6219786B1 (en) | Method and system for monitoring and controlling network access | |
US9525696B2 (en) | Systems and methods for processing data flows | |
US9800608B2 (en) | Processing data flows with a data flow processor | |
JP4906504B2 (ja) | インテリジェント統合ネットワークセキュリティ装置 | |
US7979368B2 (en) | Systems and methods for processing data flows | |
US8135657B2 (en) | Systems and methods for processing data flows | |
US20080163333A1 (en) | Method and apparatus for dynamic anomaly-based updates to traffic selection policies in a switch | |
US20060123481A1 (en) | Method and apparatus for network immunization | |
US20110238855A1 (en) | Processing data flows with a data flow processor | |
US20110231564A1 (en) | Processing data flows with a data flow processor | |
US20110213869A1 (en) | Processing data flows with a data flow processor | |
EP2442525A1 (fr) | Systèmes et procédés de traitement de flux de données | |
WO2009142854A2 (fr) | Procédé et appareil pour indexer des méta-données de trafic réseau | |
US20070289014A1 (en) | Network security device and method for processing packet data using the same | |
US20080104688A1 (en) | System and method for blocking anonymous proxy traffic | |
Trost | Practical intrusion analysis: prevention and detection for the twenty-first century | |
Lahmadi et al. | A framework for automated exploit prevention from known vulnerabilities in voice over IP services | |
Armoogum et al. | Survey of practical security frameworks for defending SIP based VoIP systems against DoS/DDoS attacks | |
WO2010013098A1 (fr) | Débogage de trajets de données | |
Lee et al. | NetPiler: Detection of ineffective router configurations | |
Erlacher | Efficient intrusion detection in high-speed networks. | |
Bul'ajoul | Performance of Network Intrusion Detection and Prevention Systems in Highspeed Environments |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 08875835 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 08875835 Country of ref document: EP Kind code of ref document: A1 |