Hello Kai, Qin, all,
Thanks a lot for your comments/answers,
See below more details about our PoC & correlation:
Given a set of applications/media services (e.g., Disney+, DAZN, etc.)
that use infrastructures (e.g., CDNs) for content distribution, a couple
of questions to try to solve with this PoC:
* What are those infrastructures and how much traffic is coming from them?
* What are those applications and how much traffic is coming from them?
Therefore, the main idea with the DNS and Netflow correlation (including
BGP) is to annotate the Netflow traffic with the domain name(s) they
came from.
Regarding DNS information, we are collecting A/4A records and CName records:
* A/4A records to map an IPv4/IPv6 address to a FQDN (Fully Qualified
Domain Name).
* CNAME records to map a FQDN to another FQDN.
Main technical/research challenges for this DNS/Netflow mapping include:
* Live processing with multiple DNS and Netflow pipes running in parallel
* Domain name and IP address aggregation
* Desynchronized Netflow/DNS streams, including different formats
* DNS records need to be tracked in order to know if they are still
valid or not
* Warm-up periods of more than 12 hours
* Recursive CNAME mapping (and sometimes endless)
* Recursive lookup of FQDNs is not always completed because we only
receive the “cache misses” in the DNS stream data
* ...
We are implementing our PoC environment to validate and obtain different
proposals and results.
This is a work-in-progress and we are fully open to discuss in more
details this project, and working together with people interested in
this topic.
btw, regarding how the correlated data is consumed by applications, it
is supposed to use the same approach like FlowDirector
(https://datatracker.ietf.org/meeting/112/materials/slides-112-alto-implementation-deployment-experience-update-01),
i.e., through ALTO-based interfaces, BGP-based interfaces, or
customized interfaces.
On 18.05.22 13:05, kai...@scu.edu.cn wrote:
Hi Qin, Danny and all,
Sorry I did not get the email from Danny and just saw this discussion.
Please see my comments inline.
Best,
Kai
-----Original Messages-----
*From:*"Qin Wu" <bill...@huawei.com>
*Sent Time:*2022-05-18 13:07:36 (Wednesday)
*To:* "Danny Lachos" <dlac...@benocs.com>, "Jordi Ros Giralt"
<j...@qti.qualcomm.com>, "kai...@scu.edu.cn" <kai...@scu.edu.cn>,
"alto@ietf.org" <alto@ietf.org>
*Cc:*
*Subject:* RE: [alto] 5/3/2022 Meeting Minutes
Hi, Danny:
Interesting PoC, any more details about your PoC introduction. I
am wondering what technique you are using for data correlation,
how these correlated information are consumed by the application?
I assume these steps do not require extension to Network Map or
Cost Map.
-Qin
*发件人:*alto [mailto:alto-boun...@ietf.org] *代表 *Danny Lachos
*发送时间:*2022年5月10日2:38
*收件人:*Jordi Ros Giralt <j...@qti.qualcomm.com>; kai...@scu.edu.cn;
alto@ietf.org
*主题:*Re: [alto] ?==?utf-8?q? ?==?utf-8?q? 5/3/2022 Meeting Minutes
Hello Jordi, Kai, all
Thanks a lot for sharing,
I have a couple of quick comments/questions:
Regarding the OpenALTO meetings [0], I saw that Kai is currently
working on integrate ALTO in DNS. If I do not wrong, it is
supposed to use ALTO as a northbound interface to provide
information about the domain name resolution to DNS clients,
right?, if not, there is a chance to explain a little bit more
about what is being done on ALTO/DNS?
There are two directions. One is to provide ALTO information through
DNS and the other is to use ALTO to feed information to a DNS server.
The first direction is definitely an interesting and potentially
useful direction but we haven't got the man power to work on that.
Right now we are using ALTO information to change the order of A
records returned by a DNS server. The current proof-of-concept is to
update the sort list option [1] based on ALTO cost map. Another
approach in this direction is to change the preferences of A records
of the same host name on the client side but we also haven't really
started yet.
To put the integration into a context, you may refer to the footprint
paper (NSDI'16). The idea is to control user traffic through DNS
remapping. However, I'm looking more in the case where the application
is not in the same administrative domain as the underlying network
provider, and the ALTO maps are constructed based on my NAI'21 paper
instead of from the ISP.
[1] http://www.ipamworldwide.com/ipam/sortlist.html
Here at Benocs, we are also working with DNS information that is
correlated with network traffic flows to obtain a
multi-dimensional traffic information. In fact, we are
implementing a PoC environment for the development of practical
use cases. This PoC is able to read DNS traffic, network traffic
flows, BGP information and then making correlations (real-time or
batch processing).
This sounds very interesting. Like Qin's comment, I would be very
interested to hear more about the use cases and how you make the
correlations.
In some point, could be interesting to find some kind of
interception about what you/we are currently dealing in terms of
technical and/or scientific challenges.
Certainly.
On 04.05.22 14:12, Jordi Ros Giralt wrote:
Thank you very much Jensen for taking meeting minutes yesterday.
For those who could not attend our call yesterday (and for our
bookkeeping), here you will find them:
https://github.com/ietf-wg-alto/wg-materials/blob/main/meetings-ietf-alto/ietf-alto-2022.md
Going forward, you will also find minutes for the OpenALTO
meetings being held weekly too (Mon, Wed and Thu) here:
https://github.com/ietf-wg-alto/wg-materials/blob/main/meetings-ietf-alto/ietf-openalto-2022.md.
As you know, everyone is invited to attend these other
meetings that focus on the implementation of the Standard, see
the meeting coordinates in this previous link for days and
zoom link.
This action resolves ticket
https://github.com/ietf-wg-alto/wg-materials/issues/23
Thanks,
Jordi on behalf of ALTO WG
_______________________________________________
alto mailing list
alto@ietf.org
https://www.ietf.org/mailman/listinfo/alto
--
Best regards,
Dr.-Ing. Danny Lachos
BENOCS GMBH
www.benocs.com <http://www.benocs.com>
[0]
https://github.com/ietf-wg-alto/wg-materials/blob/main/meetings-ietf-alto/ietf-openalto-2022.md
--
Best regards,
Dr.-Ing. Danny Lachos
BENOCS GMBH
www.benocs.com
_______________________________________________
alto mailing list
alto@ietf.org
https://www.ietf.org/mailman/listinfo/alto
