skydive v0.25 releases: An open source real-time network topology and protocols analyzer
Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure.
Skydive agents collect topology information and flow and forward them to a central agent for further analysis. All the information are stored in an Elasticsearch database.
Skydive is SDN-agnostic but provides SDN drivers in order to enhance the topology and flows information.
- Captures network topology and flows
- Full history of network topology and flows
- Ability to follow a flow along a path in the topology
- Supports VMs and Containers infrastructure
- Unified query language for topology and flows (Gremlin)
- Web and command line interfaces
- REST API
- Easy to deploy (standalone executable)
- Connectors to OpenStack, Docker, OpenContrail
Skydive relies on an event-based graph engine, which means that notifications are sent for each modification. Graphs expose notifications over WebSocket connections. Skydive support multiple graph backends for the Graph. The
memory backend will be always used by agents while the backend for analyzers can be chosen. Each modification is kept in the datastore so that we have a full history of the graph. This is really useful to troubleshoot even if interfaces do not exist anymore.
Fill the graph with topology information collected. Multiple probes fill the graph in parallel. As an example, there are probes filling graph with network namespaces, netlink or OVSDB information.
Skydive keep a track of packets captured in flow tables. It allows Skydive to keep metrics for each flows. At a given frequency or when the flow expires (see the config file) flows are forwarded from agents to analyzers and then to the datastore.
Each time a new flow is received by the analyzer the flow is enhanced with topology informations like where it has been captured, where it originates from, where the packet is going to.
Flow probes capture packets and fill agent flow tables. There are different ways to capture packets like sFlow, afpacket, PCAP, etc.
Skydive uses Gremlin language as its graph traversal language. The Skydive Gremlin implementation allows using of Gremlin for flow traversal purpose. The Gremlin engine can either retrieve information from the datastore or from agents depending on whether the request is about something is the past or for live monitoring/troubleshooting.
Skydive uses Etcd to store API objects like captures. Agents are watching Etcd so that they can react on API calls.
This component watches Etcd and the graph in order to start captures. So when a new capture is created by the API on-demande probe looks for graph nodes matching the Gremlin expression, and if so, start capturing traffic.
- API Swagger definitions (http://skydive.network/swagger/)
- AWS flow logs exporter
- Namespace support to flow subscribing mechanism
- Support for subscribing flows by capture ID
- eBPF probe performance improvements
- Restore nightly builds
- Support for neighbors update detection