Untrusting the network. Aijay Adams Jose Leitao Production Network Engineers

Transcription

1 Untrusting the network Aijay Adams Jose Leitao Production Network Engineers

2 157 billion mobile monthly active users as of June billion daily active users on average 171 billion monthly active users 103 billion mobile daily active users on average

3 157 billion mobile monthly active users as of June billion daily active users on average 171 billion monthly active users 103 billion mobile daily active users on average Approximately 845% of our daily active users are outside the US and Canada

4 Data Center Network Spine Switches Cluster Switches Rack Switches Wide ECMP, many paths!

5 Backbone Network MPLS Backbone Data center Data center Auto Bandwidth ECMP over MPLS Tunnels

6 Racks Cluster 1 DC 1 Racks Backbone Region A Cluster 2 DC 2 Cluster 1 Racks POP B Cluster 1 Racks

7 Monitoring the Network????

8 Monitoring the Network Counters and Logs

9 Monitoring the Network Coworkers

10 Monitoring the Network! Coworkers

11 Investigate #network_engineer

12 NetNORAD The network fault detector githubcom/facebook/udppinger 2016 Facebook Dublin Credits: Photo by Jose Leitao

13 Ping all the things! Run pingers on some machines Run responders on all machines Collect and analyse data

14 Evolution Run /bin/ping from a python agent Raw Sockets, Fast TCP Probes Raw Sockets, Fast ICMP Probes UDP Probes and Responder UDP Probes and Responder + Fast ICMP Probes

15 Ping Pong Pingers - Send UDP and ICMP probes to target list - Timestamp & Log results - High ping-rate (up to 1Mpps) - Set DSCP marking Responders - Receive/Reply to probe - Timestamp - Low load: thousands of pps - Reflect DSCP value back

16 Why UDP? - No TCP RST packets - Efficient ECMP coverage - Extensible Probe Structure Signature Send Time Receive Time Response Time Traffic Class

17 NetNORAD Ping and Process Data githubcom/facebook/udppinger 2016 Facebook Dublin Credits: Photo by Jose Leitao

18 Challenges Tens of thousands of targets Hundreds of pingers Lots of data to process We really do not care about each host The unit of interest is cluster health

19 Pinging inside clusters - Detect issues with rack switches - Dedicated pingers per cluster - Probe ALL machines in cluster - Store time-series per host/rack - Lags real-time by 2 minutes

20 Pinging the clusters Cluster Pinger B Data center Data center Region Region Cluster Data center Pinger C Target Cluster Cluster Pinger A Pinger A, Same DC Pinger B, Same Region Pinger C, Outside of region

21 Alarming on Loss - Build packet loss time-series Alarm - Track percentiles Clear Alarm - Time to detect loss? 20 Seconds

22 Finding the problem Cluster Pinger B Data center Data center Region Region Cluster Data center Pinger C Target Cluster Cluster Pinger A

23 Finding the problem Cluster Pinger B Data center Data center Region Region Cluster Data center! Pinger C Target Cluster Cluster Pinger A

24 Finding the problem Each layer of the network contains many devices and many more links

25 fbtracert Isolating Network Faults githubcom/facebook/fbtracert 2016 Facebook Dublin Credits: Photo by Jose Leitao

26 fbtracert Source Destination

27 fbtracert Src Port Source Destination

28 fbtracert Src Port Source Src Port Destination

29 fbtracert Src Port Src Port Src Port Source Src Port Destination

30 fbtracert Src Port Source Src Port Destination

31 fbtracert Src Port Source Destination

32 DC Network Fault Isolation Isolating Network Faults 2016 Facebook Dublin Credits: Photo by Jose Leitao

33 Big Fat Fabrics Over 1,000 L3 Links between devices in different DCs in the SAME Region We know there is loss between hosts, but where?

34 DC Network Fault Isolation DC1 DC2 sw01 sw02 sw03 sw04 sw01 sw02 sw03 sw idc01 idc02 idc03 idc04 idc05 idc06 idc rsw26 rsw45 host1 Host idc08

35 Bad Fabric Card DC1 DC2 sw01 sw02 sw03 sw04 sw01 sw02 sw03 sw idc01 idc02 idc03 idc04 idc05 idc rsw26 rsw45 host1 Host idc08 idc07

36 Bad Link DC1 DC2 sw01 sw02 sw03 sw04 sw01 sw02 sw03 sw idc01 idc02 idc03 idc04 idc05 idc06 idc rsw26 rsw45 host1 Host idc08

37 ECMP Packet Hashing

38 DC Network Fault Isolation Port Range 50,000-54,000 idc01 Request Rate Approx 20,000 min 1 idc02 1 sw01 2 idc03 2 sw01 host1 rsw26 sw02 3 idc04 3 sw02 rsw45 Host sw03 4 idc05 4 sw03 FBTraceRT + Lots of Thrift Requests sw04 5 idc06 5 sw04 FBTraceRT + Lots of Thrift Requests 6 idc07 6 DC1 idc08 DC2

39 Map The Loss for Each Request DC1 DC2 sw01 sw02 sw03 sw04 sw01 sw02 sw03 sw idc01 idc02 idc03 idc04 idc05 idc06 idc rsw26 rsw45 host1 Host idc08

40 Map The Loss for Each Request DC1 DC2 sw01 sw02 sw03 sw04 sw01 sw02 sw03 sw idc01 idc02 idc03 idc04 idc05 idc06 idc rsw26 rsw45 host1 Host idc08

41 Overlay the Loss on Network Map DC1 DC2 Host sw01 sw02 sw03 sw04 sw01 sw02 sw03 sw idc01 idc02 idc03 idc04 idc05 idc06 idc rsw26 rsw45 host1 idc08

42 Analyze the Loss Error Count

43 Network Symmetry DC1 DC2 sw01 sw02 sw03 sw04 sw01 sw02 sw03 sw idc01 idc02 idc03 idc04 idc05 idc06 idc rsw26 rsw45 host1 Host idc

44 Clearer Signal

45 Fabric Grey Failure Detection

46 Conclusions Fault isolation is actively evolving Traceroute + probing approach is quite generic Limited by current hardware

47 bffvbivnvtfvkvbejifdhvggdcbuebbf 2016 Facebook Dublin Credits: Photo by Jose Leitao