學術產出-Theses

Article View/Open

Publication Export

Google ScholarTM

政大圖書館

Citation Infomation

題名 基於 eBPF 之物聯網輕量監控機制的設計與實現
The Design and Implementation of an eBPF-based Lightweight Monitoring System for IoT Devices
作者 賴玠忠
Lai, Jie-Zhong
貢獻者 廖峻鋒
Liao, Chun-Feng
賴玠忠
Lai, Jie-Zhong
關鍵詞 eBPF
SNMP
Observability
eBPF
SNMP
Observability
日期 2022
上傳時間 5-Oct-2022 09:14:24 (UTC+8)
摘要 隨著物聯網(Internet Of Things, IoT)裝置的普及,大量的裝置要能即時管理,勢必需要對於各裝置能集中監控,因此在過去誕生了像 SNMP 的監控協定可用於管理,一直到現在都還是屬於穩定的商用監控協定之一,然而近年來邊緣運算(Edge computing)概念的興起,從過去資料中心集中運算到如今只要具有一定數量的物聯網裝置都能形成一定規模的分散式運算架構,大幅度的改善了在利用網路服務時的延遲與可用性,SNMP 協定在現今架構下雖然還是具有廣泛低門檻的優點,但是經過整理後發現會有對於 OS kernel 層面的監控細節較無法取得、取得監控資訊的手段與過程耗費過多資源、主從溝通過程過於複雜的三個缺點,因此本研究將提出基於 eBPF 的監控解決方案,針對上述缺失進行改善與評估,預期能夠降低在進行監控時所耗費的系統資源,對於物聯網在進行監控時能有更好的解決方案。
With the wide spread of the Internet of Things (IoT) technologies, real-time distributed observability and management mechanisms for a large number of connected things are critical. SNMP has been the de facto standard of distributed observability in traditional networked environments. While SNMP was proven reliable and effective, it suffers from various issues in IoT environments. As the kernel-level information is important for ensuring the reliability of IoT devices, obtaining this type of information via SNMP takes too many system resources, whereas system resources are valuable in resource-constrained IoT devices. What is more, SNMP forces a client-server communication model, namely, polling instead of callback, to lead to a significant waste of networking resources. This thesis proposes an eBPF-based solution to deal with the issues mentioned above. Specifically, based on eBPF, this research proposes a reference architecture and system design to realize comprehensive monitoring of an IoT system in an efficient way. Experiments show that the approach is able to reduce the system resources consumed in monitoring and provide better performance for the Internet of Things observability.
參考文獻 [1] Ericson, "Cellular networks for massive IoT," p. 2. [Online]. Available: https://www.ericsson.com/assets/local/publications/white-papers/wp_iot.pdf
[2] I. C. Education. "Observability." https://www.ibm.com/cloud/learn/observability (accessed.
[3] R. S. Carl Lebsack, "SNMP is dead," p. 5. [Online]. Available: https://research.google/pubs/pub47773/
[4] "Net-SNMP." http://www.net-snmp.org/ (accessed.
[5] "Windows Management Instrumentation." https://docs.microsoft.com/zh-tw/windows/win32/wmisdk/about-wmi (accessed.
[6] "Common Information Model." https://www.dmtf.org/standards/cim (accessed.
[7] S. McCanne and V. Jacobson, "The BSD Packet Filter: A New Architecture for User-level Packet Capture," in USENIX winter, 1993, vol. 46.
[8] "Extending extended BPF." https://lwn.net/Articles/603983/ (accessed.
[9] "ftrace - Function Tracer." https://www.kernel.org/doc/Documentation/trace/ftrace.txt (accessed.
[10] "Kernel Probes (Kprobes)." https://docs.kernel.org/trace/kprobes.html (accessed.
[11] M. Bertrone, S. Miano, F. Risso, and M. Tumolo, "Accelerating Linux Security with eBPF iptables," presented at the Proceedings of the ACM SIGCOMM 2018 Conference on Posters and Demos, Budapest, Hungary, 2018. [Online]. Available: https://doi.org/10.1145/3234200.3234228.
[12] S. Tesliuk, "Monitoring network traffic and detecting attacks using eBPF," 2021.
[13] G. Fournier, "Monitoring and protecting SSH sessions with eBPF."
[14] C. Cassagnes, L. Trestioreanu, C. Joly, and R. State, "The rise of eBPF for non-intrusive performance monitoring," in NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, 20-24 April 2020 2020, pp. 1-7, doi: 10.1109/NOMS47738.2020.9110434.
[15] C. Liu, Z. Cai, B. Wang, Z. Tang, and J. Liu, "A protocol-independent container network observability analysis system based on eBPF," in 2020 IEEE 26th International Conference on Parallel and Distributed Systems (ICPADS), 2-4 Dec. 2020 2020, pp. 697-702, doi: 10.1109/ICPADS51040.2020.00099.
[16] T. Shiraishi, M. Noro, R. Kondo, Y. Takano, and N. Oguchi, "Real-time monitoring system for container networks in the era of microservices," in 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS), 2020: IEEE, pp. 161-166.
描述 碩士
國立政治大學
資訊科學系
109753101
資料來源 http://thesis.lib.nccu.edu.tw/record/#G0109753101
資料類型 thesis
dc.contributor.advisor 廖峻鋒zh_TW
dc.contributor.advisor Liao, Chun-Fengen_US
dc.contributor.author (Authors) 賴玠忠zh_TW
dc.contributor.author (Authors) Lai, Jie-Zhongen_US
dc.creator (作者) 賴玠忠zh_TW
dc.creator (作者) Lai, Jie-Zhongen_US
dc.date (日期) 2022en_US
dc.date.accessioned 5-Oct-2022 09:14:24 (UTC+8)-
dc.date.available 5-Oct-2022 09:14:24 (UTC+8)-
dc.date.issued (上傳時間) 5-Oct-2022 09:14:24 (UTC+8)-
dc.identifier (Other Identifiers) G0109753101en_US
dc.identifier.uri (URI) http://nccur.lib.nccu.edu.tw/handle/140.119/142121-
dc.description (描述) 碩士zh_TW
dc.description (描述) 國立政治大學zh_TW
dc.description (描述) 資訊科學系zh_TW
dc.description (描述) 109753101zh_TW
dc.description.abstract (摘要) 隨著物聯網(Internet Of Things, IoT)裝置的普及,大量的裝置要能即時管理,勢必需要對於各裝置能集中監控,因此在過去誕生了像 SNMP 的監控協定可用於管理,一直到現在都還是屬於穩定的商用監控協定之一,然而近年來邊緣運算(Edge computing)概念的興起,從過去資料中心集中運算到如今只要具有一定數量的物聯網裝置都能形成一定規模的分散式運算架構,大幅度的改善了在利用網路服務時的延遲與可用性,SNMP 協定在現今架構下雖然還是具有廣泛低門檻的優點,但是經過整理後發現會有對於 OS kernel 層面的監控細節較無法取得、取得監控資訊的手段與過程耗費過多資源、主從溝通過程過於複雜的三個缺點,因此本研究將提出基於 eBPF 的監控解決方案,針對上述缺失進行改善與評估,預期能夠降低在進行監控時所耗費的系統資源,對於物聯網在進行監控時能有更好的解決方案。zh_TW
dc.description.abstract (摘要) With the wide spread of the Internet of Things (IoT) technologies, real-time distributed observability and management mechanisms for a large number of connected things are critical. SNMP has been the de facto standard of distributed observability in traditional networked environments. While SNMP was proven reliable and effective, it suffers from various issues in IoT environments. As the kernel-level information is important for ensuring the reliability of IoT devices, obtaining this type of information via SNMP takes too many system resources, whereas system resources are valuable in resource-constrained IoT devices. What is more, SNMP forces a client-server communication model, namely, polling instead of callback, to lead to a significant waste of networking resources. This thesis proposes an eBPF-based solution to deal with the issues mentioned above. Specifically, based on eBPF, this research proposes a reference architecture and system design to realize comprehensive monitoring of an IoT system in an efficient way. Experiments show that the approach is able to reduce the system resources consumed in monitoring and provide better performance for the Internet of Things observability.en_US
dc.description.tableofcontents 摘要 i
圖目錄 v
表目錄 vii
第1章 緒論 1
第2章 相關研究與技術背景 4
2.1 系統監控協定 4
2.1.1 SNMP 4
2.1.2 WMI 6
2.2 核心除錯或追蹤技術 7
2.2.1 Berkeley Packet Filter (BPF) 7
2.2.2 Linux Extended BPF (eBPF) 8
2.2.3 ftrace 11
2.2.4 perf_event 12
2.2.5 kprobe 13
2.3 相關研究 15
第3章 系統設計 17
3.1 eBPF獲取裝置資訊機制 17
3.2 代理人監控資訊轉送機制 21
3.3 自主回報監控資訊機制 23
第4章 系統實作 25
4.1 Manager Node(監控端) 25
4.2 Worker Node(被監控端) 26
第5章 實驗與討論 28
5.1 實驗總覽 28
5.2 取得監控資料方式比較 28
5.3 系統監控效能損耗 29
5.4 資料過濾方式造成之效能影響 34
5.5 封包交通量測試 37
5.6 討論 38
第6章 結論 40
參考文獻 41
zh_TW
dc.format.extent 1990129 bytes-
dc.format.mimetype application/pdf-
dc.source.uri (資料來源) http://thesis.lib.nccu.edu.tw/record/#G0109753101en_US
dc.subject (關鍵詞) eBPFzh_TW
dc.subject (關鍵詞) SNMPzh_TW
dc.subject (關鍵詞) Observabilityzh_TW
dc.subject (關鍵詞) eBPFen_US
dc.subject (關鍵詞) SNMPen_US
dc.subject (關鍵詞) Observabilityen_US
dc.title (題名) 基於 eBPF 之物聯網輕量監控機制的設計與實現zh_TW
dc.title (題名) The Design and Implementation of an eBPF-based Lightweight Monitoring System for IoT Devicesen_US
dc.type (資料類型) thesisen_US
dc.relation.reference (參考文獻) [1] Ericson, "Cellular networks for massive IoT," p. 2. [Online]. Available: https://www.ericsson.com/assets/local/publications/white-papers/wp_iot.pdf
[2] I. C. Education. "Observability." https://www.ibm.com/cloud/learn/observability (accessed.
[3] R. S. Carl Lebsack, "SNMP is dead," p. 5. [Online]. Available: https://research.google/pubs/pub47773/
[4] "Net-SNMP." http://www.net-snmp.org/ (accessed.
[5] "Windows Management Instrumentation." https://docs.microsoft.com/zh-tw/windows/win32/wmisdk/about-wmi (accessed.
[6] "Common Information Model." https://www.dmtf.org/standards/cim (accessed.
[7] S. McCanne and V. Jacobson, "The BSD Packet Filter: A New Architecture for User-level Packet Capture," in USENIX winter, 1993, vol. 46.
[8] "Extending extended BPF." https://lwn.net/Articles/603983/ (accessed.
[9] "ftrace - Function Tracer." https://www.kernel.org/doc/Documentation/trace/ftrace.txt (accessed.
[10] "Kernel Probes (Kprobes)." https://docs.kernel.org/trace/kprobes.html (accessed.
[11] M. Bertrone, S. Miano, F. Risso, and M. Tumolo, "Accelerating Linux Security with eBPF iptables," presented at the Proceedings of the ACM SIGCOMM 2018 Conference on Posters and Demos, Budapest, Hungary, 2018. [Online]. Available: https://doi.org/10.1145/3234200.3234228.
[12] S. Tesliuk, "Monitoring network traffic and detecting attacks using eBPF," 2021.
[13] G. Fournier, "Monitoring and protecting SSH sessions with eBPF."
[14] C. Cassagnes, L. Trestioreanu, C. Joly, and R. State, "The rise of eBPF for non-intrusive performance monitoring," in NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, 20-24 April 2020 2020, pp. 1-7, doi: 10.1109/NOMS47738.2020.9110434.
[15] C. Liu, Z. Cai, B. Wang, Z. Tang, and J. Liu, "A protocol-independent container network observability analysis system based on eBPF," in 2020 IEEE 26th International Conference on Parallel and Distributed Systems (ICPADS), 2-4 Dec. 2020 2020, pp. 697-702, doi: 10.1109/ICPADS51040.2020.00099.
[16] T. Shiraishi, M. Noro, R. Kondo, Y. Takano, and N. Oguchi, "Real-time monitoring system for container networks in the era of microservices," in 2020 21st Asia-Pacific Network Operations and Management Symposium (APNOMS), 2020: IEEE, pp. 161-166.
zh_TW
dc.identifier.doi (DOI) 10.6814/NCCU202201517en_US