Boffins tweak StreaMon for the NFV era

Monitoring code put through the virtualisation atomiser


Network function virtualisation (NFV) is important to telcos and big data centres, who use it to toss dedicated appliances like firewalls in favour of virtual machines that can spin up and down on demand.

Monitoring, however, is a pain, because functions – and the traffic associated with them – can spin up and down in seconds, anywhere (within reason) there's demand and infrastructure.

A group of researchers from the University of Rome and Italy's CNIT have put together a distributed framework for the software-defined network StreaMon monitor.

Their D-StreaMon (distributed StreaMon) proposal, here at Arxiv, has a particular focus on watching out for security threats, getting StreaMon out of “middleboxes” and into virtual machines.

The authors say the monitor can be virtualised with a straightforward publish/subscribe model: as with other virtualisation solutions, they've separated the control plane (which remains a single system) from the probes (which get pushed out into the infrastructure).

Separating the two also means D-StreaMon suits industrial and Internet of Things environments, the authors write, since the probe software is designed to run on much smaller environments than a full StreaMon implementation.

“Legacy StreaMon foresees for a single host architecture, where the single node executes all the steps of the platform life-cycle,” the paper notes.

D-StreaMon splits those into a master-slave model: “In the Master, we move all the static steps like generation of libraries and configuration files while we allocate only the operative steps to the Slave nodes … the Slaves need only the libraries necessary to run the StreaMon probes.”

The researchers believe the overall overhead imposed by separating the processes is small, and note that cloud operators could create a network monitoring-as-a-service platform for customers without having to deploy a bunch of middlebox nodes to run it.

As the architecture diagram below shows, the system is intended to run alongside an open vSwitch, with the probes running on either VMs or containers.

D-Streamon architecture

D-StreaMon can run on VMs or incontainers. Image: Pier Luigi Ventre et al

The D-StreaMon code has been tested on Debian 8.2 with GCC 4.9.2; and on Arch Linux with GCC 5.2.0, and the project is available at GitHub, here. ®

Biting the hand that feeds IT © 1998–2018