Anomaly Detection and Root Cause Localization in Virtual Network Functions

The maturity of hardware virtualization has motivated Communication Service Providers (CSPs) to apply this paradigm to network services. Virtual Network Functions (VNFs) result from this trend and raise new dependability challenges related to network softwarisation that are still not thoroughly explored. This paper describes a new approach to detect Service Level Agreements (SLAs) violations and preliminary symptoms of SLAs violations. In particular, one other major objective of our approach is to help CSP administrators to identify the anomalous VM at the origin of the detected SLA violation, which should enable them to proactively plan for appropriate recovery strategies. To this end, we make use of virtual machine (VM) monitoring data and perform both a per-VM and an ensemble analysis. Our approach includes a supervised machine learning algorithm as well as fault injection tools. The experimental testbed consists of a virtual IP Multimedia Subsystem developed by the Clearwater project. Experimental results show that our approach can achieve high precision and recall, and low false alarm rate and can pinpoint the root anomalous VNF VM causing SLA violations. It can also detect preliminary symptoms of high workloads triggering SLA violations.