Skip to content
/ shawk Public

[PoC] A socket-based tracing system for discovering network service dependencies. (renamed from transtracer)

License

MIT license
53 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

yuuki/shawk

BranchesTags

Repository files navigation

Transtracer

Build Status Latest Version Go Report Card License

Transtracer is a socket-based tracing infrastructure for discovering network dependencies among processes in distributed applications. Transtracer has an architecture of monitoring network sockets, which are endpoints of TCP connections, to trace the dependency.

Contributions

  • As long as applications use the TCP protocol stack in the Linux kernel, the dependencies are discovered by Transtracer.
  • The monitoring does not affect the network delay of the applications because the processing that only reads the connection information from network sockets is independent of the application communication.

System Overview

System structure

This figure shows the system configuration for matching the connection information related to multiple hosts and for creating a dependency graph. Tracer running on each host sends connection information to the central Connection Management DataBase (CMDB).

Socket diagnosis in polling mode

This figure shows how to retrieve socket information for TCP connections. When the Tracer process runs on the host, the Tracer process queries the Linux kernel and obtains a snapshot of the active TCP connection status from the socket corresponding to each connection. At the same time, the Tracer process acquires the process information corresponding to each connection. Then it links each connection and each process.

Requirements

  • OS: Linux
  • RDBMS: PostgreSQL 10+

Usage

ttracerd

Run a daemon process of scanning connections in polling mode.

# ttracerd --dbuser ttracer --dbpass ttracer --dbhost 10.0.0.20 --dbname "ttctl" --mode polling --interval 1 --flush-interval 10

Run ttracerd in streaming mode, which internaly uses eBPF.

# ttracerd --dbuser ttracer --dbpass ttracer --dbhost 10.0.0.20 --dbname "ttctl" --mode=streaming --interval 1

Run scanning connections only once.

# ttracerd --once --interval-sec 3 --dbuser ttracer --dbpass ttracer --dbhost 10.0.0.20 --dbname "ttctl"

ttctl

$ ttctl --dbhost 10.0.0.20 --ipv4 10.0.0.10
10.0.0.10:80 (’nginx’, pgid=4656)
└<-- 10.0.0.11:many (’wrk’, pgid=5982) 10.0.0.10:80 (’nginx’, pgid=4656)
└--> 10.0.0.12:8080 (’python’, pgid=6111) 10.0.0.10:many (’fluentd’, pgid=2127)
└--> 10.0.0.13:24224 (’fluentd’, pgid=2001)

Papers (including proceedings)

  1. Yuuki Tsubouchi, Masahiro Furukawa, Ryosoke Matsumoto, Transtracer: Automatically Tracing for Processes Dependencies in Distributed Systems by Monitoring Endpoints of TCP/UDP, IPSJ Internet and Operation Technology Symposium (IOTS2019), Vol. 2019, pp. 64-71, 2019. [paper] [slide]

License

MIT

Author

yuuki

About

[PoC] A socket-based tracing system for discovering network service dependencies. (renamed from transtracer)

Topics

monitoring tcp tracing transport network-monitoring dependency observability distributed-tracing

Resources

Readme

License

MIT license
Activity

Stars

53 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases 11

v0.7.0 Latest
Apr 27, 2020
+ 10 releases

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages