Score
Instrumenting and collecting end-to-end request traces across services uses correlated spans and trace identifiers to reconstruct latency and error paths, implemented with OpenTelemetry/OpenTracing and backends like Jaeger or Zipkin for sampling, visualization, and root-cause analysis of distributed performance issues.
To address the challenge of efficient, code-free Span correlation in microservices, this paper proposes an eBPF-based zero-intrusion end-to-end tracing solution. Methodologically: (1) eBPF is leveraged to capture cross-thread invocation contexts; (2) Span IDs are lightweightly embedded into TCP headers to ensure secure, low-overhead inter-service correlation; (3) a latency-pattern-driven causal inference algorithm—combined with a greedy strategy—enables dependency-free, thread-ID-agnostic automatic Span association. Our key contribution is the first integration of eBPF with protocol-layer identifier embedding and latency-driven causal inference, achieving high accuracy (>90%), low latency (thousands of Spans per second), and strong scalability—without compromising system security. Experimental evaluation demonstrates its effectiveness for production-grade microservice observability and root-cause diagnosis.
Sampling in distributed tracing inherently trades off trace completeness against overhead, hindering high-fidelity monitoring. Method: This paper proposes an end-to-end compression framework featuring a novel Span Retrieval Tree (SRT) data structure—enabling lightweight server-side encoding and lossless backend reconstruction—complemented by redundancy-aware compression, differential synchronization, and SRT-optimized structural pruning to eliminate cross-service span duplication. Contribution/Results: Deeply integrated into OpenTelemetry Collector, the approach is rigorously evaluated on microservice benchmarks, cloud deployments, and real production traces. It achieves near-negligible transmission and storage overhead while preserving 100% trace completeness. The solution has been adopted into the OpenTelemetry ecosystem, establishing a new paradigm for high-fidelity, low-overhead distributed tracing.
Distributed tracing data volume has surged, imposing prohibitive storage overhead; conventional trace-level sampling—e.g., retaining only anomalous traces—often discards critical diagnostic information such as normal execution paths. To address this, we propose Trace Sampling 2.0: the first approach to integrate code-knowledge-enhanced static analysis into distributed tracing, enabling span-level fine-grained sampling. We design an execution logic modeling mechanism and a structural consistency preservation scheme to compress traces while fully retaining call topology and key causal paths. Evaluated on two open-source microservice systems, our method achieves an 81.2% trace compression ratio, 98.1% recall for anomalous spans, and an average 8.3 percentage-point improvement in root-cause localization accuracy—demonstrating significant gains in both storage efficiency and diagnostic effectiveness.
Cloud-native systems face fragmented observability and challenging root-cause analysis due to their distributed, highly dynamic architectures. To address this, this paper proposes a reusable, observability-oriented design pattern system comprising three core categories: distributed tracing, application-level metric modeling, and infrastructure-level metric collection. Unlike ad-hoc toolchain integrations, our work is the first to systematically abstract industrial practices into structured, composable design patterns that holistically guide end-to-end monitoring architecture. Implemented and validated using mainstream frameworks—including OpenTelemetry and Prometheus—the approach significantly improves latency attribution accuracy, resource utilization assessment efficiency, and anomaly detection timeliness. Empirical evaluation across multiple microservice deployments demonstrates a 42% reduction in mean time to identify failures.
Conventional network telemetry frameworks struggle to support fine-grained traffic measurement, performance diagnostics, and attack detection under stringent memory and computational constraints of high-speed network devices. Method: This paper proposes a lightweight, real-time online telemetry framework that systematically integrates compact data structures—including Bloom filter variants, Count-Min Sketch, and HyperLogLog—with streaming algorithms, hierarchical sampling, and P4-programmable data-plane co-design to comply with hardware limitations. Contribution/Results: Evaluated at line rate exceeding 100 Gbps, the framework reduces memory footprint by over 60% compared to state-of-the-art approaches while maintaining sub-1% flow frequency estimation error. It achieves an optimal trade-off among accuracy, throughput, and resource overhead, thereby significantly enhancing the feasibility and practicality of telemetry in high-bandwidth environments.
This study investigates the non-deterministic nature of Internet user packet routing paths and the mechanisms by which they are influenced by service providers and IP protocol versions. Leveraging five years of large-scale traceroute measurements spanning six ISP types, twenty autonomous systems, and fourteen countries, the work systematically reveals—across multiple nations, diverse ISP categories, and an extended temporal scale—that user-level paths frequently deviate from geographically shortest routes, often exhibiting significant cross-border detours. The research further demonstrates that transitioning between ISPs or upgrading to IPv6 substantially alters routing policies and end-to-end latency, highlighting the pronounced impact of both administrative and protocol-level factors on path selection in real-world networks.
This study addresses the challenge of efficiently identifying shared latency anomalies in residential internet networks, where such anomalies are prevalent yet highly variable in magnitude and duration, and network topology information is typically unavailable. Leveraging high-frequency RTT measurements collected over four months from 99 residential probes in Chicago, the authors propose a topology-agnostic method for detecting shared anomalies. The approach combines change-point detection to identify anomalies with a constrained representative probe sampling algorithm that exploits consistency in anomaly magnitude and duration. Using fewer than half of the available probes, the method captures 95% of the overall anomaly impact, outperforms baseline strategies in covering a greater number of unique anomalies, and significantly improves cost-effectiveness and scalability of monitoring while preserving geographic diversity.
This work proposes a novel interactive analysis system centered on three-dimensional network topology to overcome the limitations of traditional PCAP analysis tools, which present data as linear lists and fail to reveal underlying communication structures. The system maps hosts, sessions, and protocols to nodes, edges, and visual clusters, respectively, and enables bidirectional synchronized filtering with the packet list. By adopting 3D space as the default view—implemented using Three.js—it intuitively encodes key features such as communication density, clustering structure, host centrality, and traffic volume through depth perception. Supporting parsing of PCAP/PCAPNG formats and decoding of over 90 protocols, the approach significantly enhances the observability of structural patterns in network traffic, facilitating efficient identification of anomalous communications, critical nodes, and protocol distributions.
This work addresses the limitations of traditional passive network measurement, which primarily focuses on inbound traffic and struggles to detect stealthy internal anomalies. The paper presents the first systematic approach that leverages erroneous outbound traffic—such as unanswered requests and ICMP error messages—as a lightweight yet highly informative data source. By conducting large-scale passive monitoring and correlation analysis, the method effectively identifies misconfigurations, deprecated services, and potentially compromised hosts within internal networks. Deployed in large-scale operational environments, this technique has uncovered a variety of previously undetected internal anomalies, substantially enhancing visibility into and detection capabilities for internal threats.
This study addresses the challenge of isolating performance anomalies in the middle-mile segment of Internet paths—such as topology errors, suboptimal routing policies, and interconnection congestion—from end-host effects. Leveraging Measurement Lab (M-Lab) data, the authors employ a natural experiment design: users from the same access ISP connect to multiple geographically proximate M-Lab servers, enabling an A/B comparison that effectively controls for client-side, access-network, and temporal variability. This approach, applied at scale for the first time, uncovers previously masked middle-mile anomalies and enables joint detection of topological, routing, and congestion issues. Using a sparse multidimensional histogram method on BigQuery, the system computes Kolmogorov–Smirnov distances and geometric mean throughput ratios in a single pass over millions of samples, efficiently identifying bandwidth bottlenecks, traffic shaping, and suboptimal routes. Results are made publicly accessible through a metropolitan-level real-time dashboard supporting fine-grained analysis.