2014 Linux Symposium, July 14-16

LUCID: Kernel level network monitoring tool for virtualized environments

Swapnil Arvind Pimpale (pimpale.swapnil@gmail.com)

Cloud Computing, one of the emerging trends, provides IT services through virtualized resources to its tenants and charges them on the basis of resource utilization. Due to lack of transparency in the activities taking place on the virtual machines at the service provider's end and various security issues, users hesitate to move their infrastructure to Cloud. Users do not have a clear idea of what they are being charged for. In order to get the required information, users can track the activities on their virtual machines by using third party network monitoring tools like 'wireshark' and 'tcpdump'. However, these tools hog significant amount of memory which affects the performance of other critical processes running on the VMs. Hence we propose LUCID, a solution for monitoring network activity of VMs. LUCID will reside in Dom0, controller OS of Xen Hypervisor, leading to centralized monitoring of multiple VMs.

LUCID provides kernel level packet capture mechanism and archiving of the captured data. Efficient indexing mechanism has been built to facilitate faster retrieval of this data when queried. The results are presented to the user via a SaaS interface (Software as a Service) where users can specify various queries and view corresponding results. This data helps users monitor network activity and also view the recorded traffic thus providing the much needed transparency regarding network activity, especially during the dormant period.

Policies   |   Media Archives