WO2010013098A1 - Débogage de trajets de données - Google Patents

Débogage de trajets de données Download PDF

Info

Publication number
WO2010013098A1
WO2010013098A1 PCT/IB2008/054460 IB2008054460W WO2010013098A1 WO 2010013098 A1 WO2010013098 A1 WO 2010013098A1 IB 2008054460 W IB2008054460 W IB 2008054460W WO 2010013098 A1 WO2010013098 A1 WO 2010013098A1
Authority
WO
WIPO (PCT)
Prior art keywords
debugging
node
data path
data
data packets
Prior art date
Application number
PCT/IB2008/054460
Other languages
English (en)
Inventor
Anish Verma
Andrew Mcrae
Original Assignee
Alcatel Lucent
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel Lucent filed Critical Alcatel Lucent
Priority to PCT/IB2008/054460 priority Critical patent/WO2010013098A1/fr
Publication of WO2010013098A1 publication Critical patent/WO2010013098A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/12Network monitoring probes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/026Capturing of monitoring data using flow identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/02Capturing of monitoring data
    • H04L43/028Capturing of monitoring data by filtering

Definitions

  • the embodiments disclosed herein generally relate to networks, and, more particularly, to data path debugging in networks.
  • rate limiting of debug logs occurs at debug logging server.
  • Data path continuously generates debug logs, and debug logging server has to rate-limit the logs generated by data path. This will further impact performance of network devices adversely.
  • debug architecture is not flexible enough in allowing debug code for particular component or a specified set of components in a network device.
  • debugging logs are generated for all interfaces in a network device, resulting in a large number of debugging logs and therefore making troubleshooting more difficult
  • an embodiment herein provides a method and system for debugging a data path of a network device, for example, router/switch using dynamic method to selectively add and remove debugging nodes in the data path with no impact on the packet forwarding performance, the method comprising steps of inserting a debugging node in the data path, classifying the data packets passing through debugging node, generating debug logs for the data packets, and removing the debugging node from the data path on completion of debugging.
  • a plurality of debugging nodes can be placed on the data path on per interface basis.
  • the debugging node can be placed on the ingress and egress of a particular component in the data path thereby permitting the user to debug the functionality of a particular component in the data path.
  • the debugging node includes complete debugging and rate limiting functionality.
  • the debugging node classifies the data packets passing through the node using one pass classification and generates debug logs for each data packet with rate limiting.
  • the debugging node classifies said data packets using one pass classification up to seven layers of the Open System Interconnection (OSI) model.
  • OSI Open System Interconnection
  • the debugging node is adapted to classify said data packets using one pass classification and provides classification of data packets up to seven layers of the OSI model.
  • Embodiments herein further disclose a system for debugging a data path of a network device using dynamic method to selectively add and remove debugging nodes in a data path with no impact on the packet forwarding performance, the system comprising at least one means adapted to insert a debugging node in the data path, classify the data packets passing through the debugging node, generate debug logs for the data packets with rate limiting and remove the debugging node once the user is done with debugging the data path.
  • ⁇ plurality of debugging nodes can be placed on the data path where the debugging node can be placed on the ingress and egress of a particular component in the data path.
  • the debugging node includes complete debugging and rate limiting functionality and is adapted to classify said data packets using one pass classification and provides classification of data packets up to seven layers of the OSI model.
  • FIG. 1 illustrates a schematic diagram depicting a network device and components, according to an embodiment heroin
  • F(G. 2 illustrates a block diagram depicting the functional modules of a debugging node, according to an embodiment herein;.
  • FIG. 3 is a block diagram showing an exemplary illustration of a data path with debugging nodes inserted on an interface, according to an embodiment herein;
  • FJG. 4 illustrates a schematic diagram depicting the debugging nodes insetted on the ingress and egress of a Network Address Translation (N AT) node in the data path, according to an embodiment herein;
  • FIG. 5 illustrates a flowchart depicting a method of debugging a data path by inserting debugging nodes, according to an embodiment herein.
  • Embodiments herein disclose a method of debugging the data path functionality of a network device by providing a dynamic method to selectively add and remove debugging nodes in a data path with little or no impact on the packet forwarding performance.
  • a debugging node contains complete debugging functionality, including rate limiting functionality.
  • user can insert a debugging node at the required point in the data path.
  • the debugging node can be programmatically created and inserted, in the data path.
  • a user can place any number of debugging nodes simultaneously in the data path. More than one instance of a debugging node can be placed on the ingress and. egress of a particular component in the data path. thereby permitting the user to debug the functionality of a particular component in the data path and narrow down a data path level problem to a component level problem in the data path.
  • the debugging node classifies the data packets passing through the node and generates debug logs for each data packet with rate limiting.
  • the debugging nodes have little or no impact on the packet forwarding performance of the path. Once the user is done with debugging the path, then the user can then remove the debugging node.
  • FIG. 1 illustrates a schematic diagram depicting a network device and the components, according Io an embodiment herein.
  • a network device 101 works as an intermediate system that mediates sending, receiving or forwarding data in a computer network.
  • the network device 101 can be a router, hub, bridge or switch.
  • the network devices 101 allow computers on completely separate networks to communicate with one another.
  • a network device 101 say router is used as gateway for other computers to access the Internet 102.
  • the network device 101 is placed between the computers and the modem provided by the internet service provider and connects all computers to the network device by connecting the network device to the modem.
  • the network device is connected to the computer 1 103, computer 2 104, server 105 and by a wireless connection to a laptop 106.
  • FJG. 2 illustrates a block diagram depicting the functional modules of a debugging node, according to an embodiment herein.
  • the functional modules of the debugging node 201 include complete debugging module 202, rate-limiting module 203, and classifier module 204.
  • the debugging node 201 can be any device connected to a network such as computers, personal digital assistants (PDAs), cell phones, switches, routers or other networked devices.
  • PDAs personal digital assistants
  • the debugging node 201 acts as a connection point, cither a redistribution point or an end point, for data transmission and has programmed or engineered capability such as debugging commands or modules to recognize and process data transmission to other nodes.
  • Rate limiting is a security feature which disables a user's ability to send several instant messages al a time.
  • the insertion and removal of debugging node 201 dynamically allows rate limiting of debug logs at data paths.
  • the debugging node 201 uses a common classifier to classify the data packets on the data path.
  • the classifier may be a collection of rules or policies. Packet classification requires matching each data packet against a database of filters (or rules), and forwarding the packet according to the highest priority filter.
  • the classifier may use one pass classification to classify the packets, where one pass classification is one method of packet classification where a single, flexible, extensible syntax defines a common classification and specifies policies for all services.
  • the syntax also defines complex classifications for QoS, anti-virus, VoIP and other applications.
  • single-pass packet classification a packet enters a firewall first, thus protecting all other services in a gateway.
  • the IPSec service decrypts and classifies the packet using the common classification and attaches a tag that contains information about which services need to process the packet.
  • the packet then passes to a filter in the services gateway that accepts or denies the packet based on information in the tag.
  • each data packet is classified only once in the data path and the rest of the nodes in the data path utilize the same classification.
  • data packets usually pass through a variety of security modules, such as firewalls and content filters before the packet is forwarded.
  • One pass classification module 204 also provides classification upto seven layers of Open Systems Interconnection Basic Reference Model (OSl), where the seven layers are the Physical layer. Data link layer, Network layer,
  • the debugging nodes 201 are dependent on the interface.
  • the ingress and egress interfaces of flic debugging nodes 201 can be modified according to the location of the node.
  • FlG. 3 is a block diagram showing an exemplary illustration of a data path with debugging nodes inserted on a data path, according to an embodiment herein.
  • the data path comprises of 3 nodes, 301, 302 and 303.
  • Debugging nodes 201 have been inserted in the data path to debug the data path.
  • the debugging node 201 classifies data packets passing through the node 201 and generates debug logs for packets, which match the criteria and available limits.
  • the debug logs are generated only for packets which match pre-dete ⁇ nined criteria. Also, the number of debug logs generated may also he limited, on a per second or a per minute basis.
  • the debug logs generated arc rate limited for matching each data packet.
  • the debugging node 201 uses a common classifier to classify the data packets on the data path.
  • the classifier module 204 may use one pass classification, where each data packet is classified only once in the data path and the rest of the nodes in the data path utilize the same classification.
  • the classifier module 204 also provides classification apto seven layers. The user can also verify the functionality of node 2 302. using the debug logs which arc generated by the debugging nodes 201 for a data packet before and after node 2 302.
  • FIG. 4 illustrates a schematic diagram depicting the debugging nodes inserted on the ingress and egress of a Network Address Translation (NAT) node 402 in the data path, according to an embodiment herein.
  • the data path comprises of 3 nodes, decap node 401, NAT node 402 and IP node 403.
  • Debugging nodes 201 have been inserted in the data path to debug the data path.
  • the debugging node 201 classifies the data packets passing through the nodes 201 and generates debug logs for matching data packet if logs are within the configured rate limit.
  • the debugging node 201 uses a common classifier to classify the data packets on the data path.
  • the classifier module 204 may use one pass classification, where in one pass classification, data packet is classified only once in the data path and the rest of the nodes in the data path utilize the same classification.
  • One pass classification also provides classification upto seven layers. The user can verify the functional i Iy of NAT node 402, using the debug logs which are generated by the debugging nodes 201 for a data packel before and after NAT node 402.
  • FlG, 5 illustrates a flowchart depicting a method of debugging a data path by inserting debugging nodes, according to an embodiment herein.
  • the user inserts (501) a debugging node 201 on a particular interlace in the data path.
  • the interface can have more than one instance for inserting a debugging node 201.
  • the debugging node 201 classifies (502) the data packets passing through debugging node.
  • the node 201 uses a common classifier to classify the data packets on the data path. Further, the debugging node 201 generates (503) debug logs for the packet with rate limiting. Thereafter, the user removes (504) the debugging nodes 201 from the data path.
  • the debug node 201 is interface based and generates logs for data packets only from interested interface and removes debug logs from uninterested interface.
  • the dynamic insertion and removal of debugging nodes 201 permits rate limiting of debug logs at the data path.
  • the selective insertion and removal of debug nodes 201 has no impact on the packet forwarding performance of the data path while debugging is turned OFF and the selective insertion and removal of debug nodes 201 has minimal impact on the packet forwarding performance of the data path while debugging is turned ON. However, the impact does not diminish the performance of the data path as compared to the existing solutions.
  • the various actions in method 500 may be performed in (he order presented, in a different order, or simultaneously. Further, in some embodiments, some actions listed in FIG. 5 may be omitted.
  • the embodiments disclosed herein facilitate the debugging of the functionality of a component by placing the debugging node ingress ov egress of the component, thereby reducing the problems of debugging to component level in data path. Further, the debugging node is inserted on per interface basis, controls data path debugging and also removes the debug logs from uninterested interface. [0024] As can be appreciated, the embodiments disclosed herein provides data path debugging functionality of a network device by inserting a debugging node containing complete debugging and rate limiting functionality. Also it is to be understood that the invention as described here is not limited to this precise embodiment and that various changes and modifications may be affected therein without departing from the original scope or spirit of present invention.
  • the embodiments disclosed herein can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment including both hardware and software elements.
  • the embodiments that arc implemented in software include but arc not limited to, firmware, resident software, microcode, etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

L'invention concerne un procédé de débogage de trajets de données dans un dispositif de réseau. Ce procédé consiste à introduire un noeud de débogage dans le trajet de données, à classifier les paquets de données passant à travers les noeuds de débogage, à générer des enregistrements de débogage pour les paquets de données avec une limitation de débit et la suppression du noeud de débogage. Les noeuds de débogage comprennent des fonctionnalités complètes de débogage, de limitation de débit et de classification en une passe. Le noeud de débogage débogue les paquets de données et supprime les enregistrements débogués des interfaces non concernés. Les noeuds de débogage peuvent être placés à l'entrée ou à la sortie d'un composant particulier pour déboguer la fonctionnalité de ce composant.
PCT/IB2008/054460 2008-08-01 2008-08-01 Débogage de trajets de données WO2010013098A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/IB2008/054460 WO2010013098A1 (fr) 2008-08-01 2008-08-01 Débogage de trajets de données

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/IB2008/054460 WO2010013098A1 (fr) 2008-08-01 2008-08-01 Débogage de trajets de données

Publications (1)

Publication Number Publication Date
WO2010013098A1 true WO2010013098A1 (fr) 2010-02-04

Family

ID=40394087

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/IB2008/054460 WO2010013098A1 (fr) 2008-08-01 2008-08-01 Débogage de trajets de données

Country Status (1)

Country Link
WO (1) WO2010013098A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0230712A1 (fr) * 1985-10-09 1987-08-05 Outram Research Limited Enregistreur de données
US5611044A (en) * 1993-11-01 1997-03-11 Hewlett-Packard Company System and method for cross-triggering a software logic analyzer and a hardware analyzer
US6182247B1 (en) * 1996-10-28 2001-01-30 Altera Corporation Embedded logic analyzer for a programmable logic device
US6651099B1 (en) * 1999-06-30 2003-11-18 Hi/Fn, Inc. Method and apparatus for monitoring traffic in a network
US20050060598A1 (en) * 2003-09-12 2005-03-17 Finisar Corporation Network analysis tool
US7299277B1 (en) * 2002-01-10 2007-11-20 Network General Technology Media module apparatus and method for use in a network monitoring environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0230712A1 (fr) * 1985-10-09 1987-08-05 Outram Research Limited Enregistreur de données
US5611044A (en) * 1993-11-01 1997-03-11 Hewlett-Packard Company System and method for cross-triggering a software logic analyzer and a hardware analyzer
US6182247B1 (en) * 1996-10-28 2001-01-30 Altera Corporation Embedded logic analyzer for a programmable logic device
US6651099B1 (en) * 1999-06-30 2003-11-18 Hi/Fn, Inc. Method and apparatus for monitoring traffic in a network
US7299277B1 (en) * 2002-01-10 2007-11-20 Network General Technology Media module apparatus and method for use in a network monitoring environment
US20050060598A1 (en) * 2003-09-12 2005-03-17 Finisar Corporation Network analysis tool

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
C.K.ZUWER, J.W.LOCKWOOD: "Debugging of an Internet Packet Scheduler Using the Identify® Software", THE SYNDICATED - A TECHNICAL NEWSLETTER FOR ASIC AND FPGA DESIGNERS, vol. 4, no. 4, December 2004 (2004-12-01), pages 5 - 6, XP002518744 *
KEVIN DOOLEY ET AL: "Paragraph 18.14: Rate-Limiting Syslog Traffic", CISCO COOKBOOK, DOOLEY K, BROWN I J, O'REALLY, July 2003 (2003-07-01), pages 689 - 690, XP009113703, ISBN: 978-0-596-00367-8 *

Similar Documents

Publication Publication Date Title
US11916933B2 (en) Malware detector
US8095683B2 (en) Method and system for mirroring dropped packets
US9954873B2 (en) Mobile device-based intrusion prevention system
US6219786B1 (en) Method and system for monitoring and controlling network access
US9525696B2 (en) Systems and methods for processing data flows
US9800608B2 (en) Processing data flows with a data flow processor
JP4906504B2 (ja) インテリジェント統合ネットワークセキュリティ装置
US7979368B2 (en) Systems and methods for processing data flows
US8135657B2 (en) Systems and methods for processing data flows
US20080163333A1 (en) Method and apparatus for dynamic anomaly-based updates to traffic selection policies in a switch
US20060123481A1 (en) Method and apparatus for network immunization
US20110238855A1 (en) Processing data flows with a data flow processor
US20110231564A1 (en) Processing data flows with a data flow processor
US20110213869A1 (en) Processing data flows with a data flow processor
EP2442525A1 (fr) Systèmes et procédés de traitement de flux de données
WO2009142854A2 (fr) Procédé et appareil pour indexer des méta-données de trafic réseau
US20070289014A1 (en) Network security device and method for processing packet data using the same
US20080104688A1 (en) System and method for blocking anonymous proxy traffic
Trost Practical intrusion analysis: prevention and detection for the twenty-first century
Lahmadi et al. A framework for automated exploit prevention from known vulnerabilities in voice over IP services
Armoogum et al. Survey of practical security frameworks for defending SIP based VoIP systems against DoS/DDoS attacks
WO2010013098A1 (fr) Débogage de trajets de données
Lee et al. NetPiler: Detection of ineffective router configurations
Erlacher Efficient intrusion detection in high-speed networks.
Bul'ajoul Performance of Network Intrusion Detection and Prevention Systems in Highspeed Environments

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08875835

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08875835

Country of ref document: EP

Kind code of ref document: A1