基于非侵入式数据采集的微服务依赖关系发现方法  

作　　者：付楠 程光 滕跃 戴广晔 陈子涵 付睿哲 FU Nan;CHENG Guang;TENG Yue;DAI Guangye;CHEN Zihan;FU Ruizhe(School of Cyber Science and Engineering,Southeast University,Nanjing 211189,China;Jiangsu Province Engineering Research Center of Security for Ubiquitous Network,Nanjing 211189,China;Purple Mountain Laboratories,Nanjing 211189,China;College of Engineering,Pennsylvania State University,Park Campus,Pennsylvania 16803,United States)

机构地区：[1]东南大学网络空间安全学院,南京211189 [2]江苏省泛在网络安全工程研究中心,南京211189 [3]紫金山实验室,南京211189 [4]宾州州立大学工程学院帕克校区,宾州16803

出　　处：《网络空间安全科学学报》2023年第2期112-121,共10页Journal of Cybersecurity

基　　金：国家自然科学基金联合基金(U22B2025)。

摘　　要：随着云计算和云原生技术的发展,大规模应用在云上的部署、扩展和管理等方面变得更加灵活,国内企业应用迁移上云成为趋势。然而,面向大规模且复杂的应用,服务依赖关系发现作为故障检测和定位的基础变得十分困难。现有数据采集技术需要修改原有应用代码并很难覆盖全部容器网络,没有将流量数据与拓扑结构相关联,使得生成的服务依赖关系视野局限且效果不佳。针对以上问题,文章提出了基于非侵入式数据采集的微服务依赖关系发现方法。该方法主要包含基于eBPF技术的数据采集方法 Barnacle和基于流量和拓扑数据关联的服务依赖关系发现。文章描述了Barnacle的实现方案,设计了容器网络的跨层拓扑发现框架,对比分析了Barnacle的性能,并展示了使用Barnacle挖掘服务依赖关系的案例。实验表明,Barnacle满足非侵入、用户透明、跨层关联、高性能和高覆盖范围的要求。与现有数据采集技术相比,使用Barnacle挖掘服务依赖关系可以获得更完备的微服务种类,发现更完整的依赖关系,提供更广泛的监测视角。With the development of cloud computing and cloud-native technologies,the deployment,expansion and management of large-scale applications in the cloud have become increasingly flexible,the migration of domestic enterprise applications to the cloud has become a growing trend.However,it is very difficult for the service depend-ency discovery as the basis for fault detection and localization in large-scale and complex applications.The existing data collection techniques may modify the original application code,and it is difficult to cover the entire container network,while lacking the ability to associate the traffic data with the topology structure,resulting in the limited vi-sion and poor effectiveness of the generated service dependencies.Aimed at the above problems,a micro-service de-pendency discovery method based on non-intrusive data collection is proposed.This method is primarily composed of the data collection method of Barnacle based on eBPF technology and service dependency discovery based on traffic and topology data.This paper describes the implementation approach of Barnacle,a cross-layer topology discovery framework is designed for the container network,the performance of Barnacle is comparatively analyzed,and a case is demonstrated by using Barnacle to discover the service dependency.Experimental results show that Barnacle meets the requirement of the non-intrusion,user transparency,cross-layer correlation,high performance,and full cover-age.Compared with the existing data collection techniques,it can obtain more micro-services by using Barnacle to discover the service dependencies and more complete dependencies,and provides a broader monitoring perspective.

关 键 词：流量采集 拓扑发现 微服务依赖 eBPF Kubernetes 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]