Privacy preserving distributed network outage monitoring

Troubleshooting network outages is a complex and time-consuming process. Network administrators are typically overwhelmed with large volumes of monitoring data, like NetFlow data, and are often “left alone”, fighting problems with very basic debugging tools, like ping and traceroute. Distributed network traffic monitoring and intelligent correlation of data from different Internet locations are highly valuable for analysing the root cause of network outages. However, correlating measurements across domains is presently largely avoided due to privacy concerns. A possible solution to this problem is secure multiparty computation (MPC). In this work, we propose a distributed mechanism based on MPC for privacy-preserving correlation of traffic measurements from multiple networks, towards network outage diagnosis. We first outline an MPC protocol that can be used to analyse the scope (local, global, or semi-global) and impact of network outages across multiple domains. Then, we use NetFlow data from a medium-sized ISP to evaluate the performance of our protocol. Our preliminary findings indicate that correlating data from several dozens of parties is feasible in real-time, with a delay of just a few seconds. This underlines the scalability, and potential for real-world deployment of our scheme. Finally, we apply our scheme to a known connectivity issue involving a large European Internet Exchange Point (IXP) and demonstrate that our approach enables to easily distinguish between local, global, and semi-global outages. In our study, 81.54% of the 3,408 reported outages were local, and 18.46% affected between 2 and 5 organizations.