Centinel: Streaming Data Handler. September 07 th, 2015



Similar documents
SDN-NFV Open Source. Landscape, Scaling, Use-Cases Sharon Barkai Cofounder, ConteXtream. Santa Clara, CA USA April 2015

Exploring OpenDaylight

OpenDaylight: Introduction, Lithium and Beyond

YANG User Interface (YANGUI) in OpenDaylight

Get Ship Done! Microservices Cloud Development Made Easy Charles Eckel and David Tootill Cisco Systems

Towards Smart and Intelligent SDN Controller

OpenDaylight and the Rise of Open Source, Software Networking

OpenDaylight and the Past, Present and Future of Open Source Networking

The State of (Open Source) SDN and Programming Language Opportunities

Learn how Open Source Software is Redefining SDN!

App Development Tutorial

Building an Open, Adaptive & Responsive Data Center using OpenDaylight

A Brief Introduction to SDN and OpenDaylight

Software Defined Networking (SDN) OpenFlow and OpenStack. Vivek Dasgupta Principal Software Maintenance Engineer Red Hat

NMS Application for SDN Networks. Hema Gopalakrishnan, Manohar SL, Dimple Jain, Deepthi V V and Gaurav Bhagwani. - Ericsson

Qualifying SDN/OpenFlow Enabled Networks

Defining SDN. Overview of SDN Terminology & Concepts. Presented by: Shangxin Du, Cisco TAC Panelist: Pix Xu Jan 2014

Software Defined Network (SDN)

SDN and NFV Open Source Initiatives. Systematic SDN and NFV Workshop Challenges, Opportunities and Potential Impact

Understanding The Brocade SDN Controller Architecture

XpoLog Center Suite Data Sheet

Trusting SDN. Brett Sovereign Trusted Systems Research National Security Agency 28 October, 2015

OVSDB/Neutron Support in Lithium and Beyond. ODL Technical Work Stream Call February 23, 2015

IPOP-TinCan: User-defined IP-over-P2P Virtual Private Networks

Using SouthBound APIs to build an SDN Solution. Dan Mihai Dumitriu Midokura Feb 5 th, 2014

NMS300 Network Management System

VMware vcenter Operations Manager Administration Guide

Introduction to Software Defined Networking

Developing OpenDaylight Apps with MD-SAL. J. Medved, E. Warnicke, A. Tkacik. R. Varga Cisco Sample App: M. Rehak, Cisco February 04, 2014

OpenDaylight and OpFlex. Scott Mann

Designing Virtual Network Security Architectures Dave Shackleford

EMS. Trap Collection Active Alarm Alarms sent by & SMS. Location, status and serial numbers of all assets can be managed and exported

Software Requirements Specification. Schlumberger Scheduling Assistant. for. Version 0.2. Prepared by Design Team A. Rice University COMP410/539

SDN_CDN Documentation

Op en Day lig h t User Gu id e

NNMi120 Network Node Manager i Software 9.x Essentials

Bernd Ahlers Michael Friedrich. Log Monitoring Simplified Get the best out of Graylog2 & Icinga 2

VCE Vision Intelligent Operations Version 2.5 Technical Overview

Effective disaster recovery using Software defined networking

MRV EMPOWERS THE OPTICAL EDGE.

Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment

WHITE PAPER OCTOBER CA Unified Infrastructure Management for Networks

Securing SDN deployments right from the start.

MRV EMPOWERS THE OPTICAL EDGE.

VMware vcloud Director for Service Providers

MOC 10964C: Cloud and Datacenter Monitoring with System Center Operations Manager

VMware vcenter Operations Manager Enterprise Administration Guide

VCS Monitoring and Troubleshooting Using Brocade Network Advisor

An Architecture for Application-Based Network Operations

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Feature and Technical

Application Discovery Manager User s Guide vcenter Application Discovery Manager 6.2.1

VMware vrealize Operations for Horizon Administration

XpoLog Center Suite Log Management & Analysis platform

OpenDaylight Network Virtualization and its Future Direction

SDN/OpenFlow. Dean Pemberton Andy Linton

Cisco Active Network Abstraction 4.0

HP IMC User Behavior Auditor

Vidi NMs Network Management

Integrate Check Point Firewall

CA Spectrum and CA Performance Center

CORD Monitoring Service

VIRTUALIZED SERVICES PLATFORM Software Defined Networking for enterprises and service providers

WebSphere Business Monitor

Scalable and Reliable control and Management for SDN-based Large-scale Networks. CJK CFI

PANDORA FMS NETWORK DEVICE MONITORING

Cisco and Canonical: Cisco Network Virtualization Solution for Ubuntu OpenStack

TORNADO Solution for Telecom Vertical

Operation Error Management

Data Sheet Netrounds Control Center

The OpenDaylight Project

PANDORA FMS NETWORK DEVICES MONITORING

Project Proposal: SDN-App SDK

NCS. EMS/NMS Platforms for Network Equipment Providers

vrealize Operations Manager Customization and Administration Guide

Testing Software Defined Network (SDN) For Data Center and Cloud VERYX TECHNOLOGIES

TSM Studio Server User Guide

WORKING WITH WINDOWS FIREWALL IN WINDOWS 7

How To Use Mindarray For Business

OpenStack/Quantum SDNbased network virtulization with Ryu

Capitalize on Big Data for Competitive Advantage with Bedrock TM, an integrated Management Platform for Hadoop Data Lakes

BlackBerry Enterprise Server for Microsoft Exchange Version: 5.0 Service Pack: 2. Feature and Technical Overview

About Network Data Collector

Installation Guide Avi Networks Cloud Application Delivery Platform Integration with Cisco Application Policy Infrastructure

SDN Controller Requirement

TimePictra Release 10.0

OpenDaylight Performance Stress Tests Report

Outline. Why Neutron? What is Neutron? API Abstractions Plugin Architecture

11.1. Performance Monitoring

OnCommand Unified Manager

An Introduction to Software-Defined Networking (SDN) Zhang Fu

TECHNOLOGY WHITE PAPER. Correlating SDN overlays and the physical network with Nuage Networks Virtualized Services Assurance Platform

Security Challenges & Opportunities in Software Defined Networks (SDN)

How To Make A Vpc More Secure With A Cloud Network Overlay (Network) On A Vlan) On An Openstack Vlan On A Server On A Network On A 2D (Vlan) (Vpn) On Your Vlan

Transcription:

Centinel: Streaming Data Handler September 07 th, 2015 1

An Overview 2

Centinel: Streaming Data Handler The Centinel project aims at providing a distributed, reliable framework for efficiently collecting, aggregating and sinking streaming data across Persistence DB and stream analyzers (example: Graylog, Elastic search, Spark, Hive etc.). This framework enables SDN applications/services to receive events from multiple streaming sources (example: Syslog, Thrift, Avro, AMQP, Log4j, HTTP/REST etc) and execute actions like network configuration/batch processing/real-time analytics. Core features of Centinel framework are: Stream collector - Collecting, aggregating and sinking streaming data Log Service - Listen log stream events coming from log analyzer Log Service - Enables user to configure rules (example: alerts, diagnostic, health, dashboard etc.) Log Service - Performs event processing/analytics User Interface - Enable set-rule, search, visualize, alert, diagnostic, dashboard etc. Adaptor - Log analyzer plug-in to Graylog and a generic data-model to extend to other stream analyzers (Logstash etc.) REST Services - Northbound APIs for Log Service and Steam collector framework Leverages - TSDR persistence service, data query, purging and elastic search 3

Centinel: High Level Architecture 4

Centinel: Functional Overview Feature Streams Alerts Search and Analyze Details Mechanism to route messages into categories in real time while they are processed like stream for audit logs( install bundle etc.) Rule configuration includes message, level, source etc. Streams are generated by GrayLog server as per user-defined rules. Event-handler module handles streams from GrayLog server and persist it into Centinel Log alerts : Alerts get generated based on specific event matching in real-time Alert condition types : Message count condition, Field value condition, Field string value condition Alerts get cleared if specified condition does not persist. Alert check interval time is configurable, default is 60 seconds. Common alert operations like manual acknowledge, delete, filter, sort etc. will be supported Support for search query language. Time range for search can be specified Visualization includes histogram 5

Centinel: Functional Overview (continued) Feature Dashboard Diagnostics Details Build pre-defined views on data by adding widgets. Domain expert can define search query and save results on dashboard. Search result type : Search result counts, Search result histogram charts, Field value charts,quick value results Enables, user to specify/configure group of log messages (events or specific conditions ) as single rule. Order of messages and condition for each messages can also be configured. Notification will be persisted on db if log messages are coming out of order/sequence On clicking notification on UI, popup window will open which displays expected order and received order of log messages. User will be able to scroll popup window to see individual received log message. Event processor has intelligence to verify sequencing of messages and generate diagnostic reports Success notification is displayed when all specified conditions are true. Health User specify list of messages with conditions for feature. Feature health will be changed to Critical, Major, Warn on reception of all messages specified 6

Centinel: Project links Project Main page https://wiki.opendaylight.org/view/centinel:main Project Proposal https://wiki.opendaylight.org/view/project_proposals:centinel Release plan https://wiki.opendaylight.org/view/centinel:beryllium_release_plan Project Email archives https://lists.opendaylight.org/pipermail/centinel-dev/ Email Repository centinel-dev@lists.opendaylight.org https://git.opendaylight.org/gerrit/centinel 7

Design Approach Incremental updates on design document 8

DLUX LITHIUM DDoS Protection OpenStack Neutron Legend AAA: Authentication, Authorization & Accounting ALTO: Application Layer Traffic Optimization AuthN: Authentication BGP: Border Gateway Protocol CAPWAP: Control and Provisioning of Wireless Access Points COPS: Common Open Policy Service DIDM: Device Identification and Driver management DLUX: OpenDaylight User Experience DDoS: Distributed Denial Of Service SDNI Wrapper DOCSIS: Data Over Cable Service Interface Specification FRM: Forwarding Rules Manager GBP: Group Based Policy IoTDM: Internet of Things Data Broker LACP: Link Aggregation Control Protocol LISP: Locator/Identifier Separation Protocol MAPLE: Maple Programming NIC: Network Intent Proposal OVSDB: Open vswitch DataBase Protocol OPFLEX: Extensible Policy Protocol VTN Coordinator PCEP: Path Computation Element Protocol PCMM: Packet Cable MultiMedia Plugin2OC: Plugin To OpenContrail SDNI: SDN Interface (Cross-Controller Federation) SFC: Service Function Chaining SNBI: Secure Network Bootstrapping Infrastructure SNMP: Simple Network Management Protocol SXP: Source-Group Tag exchange Protocol TSDR: Time Series Data Repository TTP: Table Type Patterns USC: Unified Secure Channel VTN: Virtual Tenant Network Network Applications Orchestrations and Services Topology Inventory FRM AAA- AuthN Filter OpenDaylight APIs (REST) NB APIs ALTO DIDM GBP Service SFC SDNI Aggregator L2 Switch VTN Manager Neutron Service NIC Reservation VPN Service Applications MAPLE Topology Processing Discovery DOCSIS Abstraction BGP PCEP Plugin20C TCP- MD5 OVSDB LISP Service IoTDM USC Manager LACP Plugin Services MD-SAL / Yangtools Persistence Centinel TSDR Controller platform OpenFlow NETCONF SNBI PCMM/C OPS BGP PCEP Plugin20C SNMP OVSDB LISP IoT USC CAPWA P SXP OPFLEX SB interfaces & protocols plugins OpenFlow Enabled Devices Open vswitches Additional Virtual & Physical Devices 9

Introduction and Data Models Centinel framework enables SDN applications/services to receive events from multiple streaming sources (example: Syslog, Thrift, Avro, AMQP, Log4j, HTTP/REST etc) and execute actions like network configuration/batch processing/real-time analytics. The entire architecture can be divided into the following modules: User interface Centinel NB APIs Stream Analyzer Service (LAAS and Plugin) Log Service ( Configure Rules and Event handler Modules) Stream Collector Service (Flume and Sqoop based) Leverage persistence database service This design document depicts the subset of functionality (Alert) and the same is subject to follow-up add-on updates. Incremental updates on design document The stream data handler is a framework for collecting, aggregating stream data across Persistent DB and stream analyzer. To achieve the same, the entire model could be broken up into two parts: Rules Configurable from Northbound Notifications/Events Output from stream analyzer 10

Rules The Northbound of Centinel will allow operators to set Rules for collecting, aggregating and analysis of streaming data. The following diagram explains the Centinel data model for log services where in the BaseRule is the basic model object that is imported by BaseAlert which is further used by different types of rules. BaseRules model object is the basic data model that will be shared/imported by all the other Log service features like Alerts, Streams, Health, Dashboard and any other feature that Centinel framework may want to support in future. Incremental updates on design document 11

Events When a user configures a rule successfully, notifications/events corresponding to the rule will be supplied by the stream analyzer. The diagram below shows the data model for events (notifications and alert) received from stream analyzer. The base model for notifications/events is BaseEvent that contains event type and stream and is further extended by alarm that provides detailed information about the event that has occurred for example the stream which raised the alarm, alert condition, feature or module from which alert was raised etc. 12

Alerts Incremental updates on design document The diagram below shows the class diagram for RPCs and listeners. It defines the following interfaces and java classes for handling the Alerts: LAAS interface and its implementation that provides log analyzer abstraction layer and also publish notifications. Plugin class that provides alarm call backs from the analyzer (grey log server). AlertService interface and its configuration Implementation that defines and implements CRUD on Alert Rules and also write it in md-sal data-store. AlertServiceListener class that listens to any data change in md-sal database. ServiceAggregator and ServiceEventHandler classes that registers for notification and receive notification published by the LAAS as DTO ServicePersistData class that stores the DTO from event handler into the persistent database 13

North Bound APIs Feature Details NotifyAlarm() SetAlertRule() RemoveAlertRule() GetAlertRule() getalarms() RPC exposed by LAAS. Plugin use it to notify alarms Set rules for alerts Remove rules for alerts Get all alert rules Retrieve recent 300 alarm. Incremental updates on design document 14

Sequence diagram for Rule Handling Following is the sequence diagram for the Rule handling part. It describes the flow for How is a rule for Alert getting configured. Incremental updates on design document 15

Sequence diagram for Event Handling Below is the sequence diagram for the Rule handling part. It describes the flow for processing an Event (Alarm in this case) before it get stored in the persistent data store. Incremental updates on design document 16

Thank You 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information