Liran Schour, Eran Raichstein, Sylvain Afchain
Nuts-and-bolts
Talk
Efficient monitoring of large-scale networks poses a delicate balance between capture granularity on the one hand and the imposed overheads and performance penalties on the other. Skydive is an open source real-time network topology and protocol analyzer, featuring smart network collection which is both granular and efficient. Skydive allows for efficient network monitoring@scale through Linux networking features such as BPF and eBPF. CogNETive is a research operational analytics service that use Skydive to create analytic insights. In the talk we will present Skydive. Focus on the usage of BPF in Skydive, and show how to capture network information efficiently. We will share some performance results showing the efficiency of Skydive BPF capturing and will show how CogNETive uses that data to produce useful analytic insights. CogNETive uses several common open source components (Grafana, ElasticSearch, Spark etc ...) to create a layer of network analytics on top of Skydive.