Home » Network Observability: Telemetry, gNMI, OpenTelemetry, eBPF และ AIOps
Network Observability: Telemetry, gNMI, OpenTelemetry, eBPF และ AIOps
Network Observability: Telemetry, gNMI, OpenTelemetry, eBPF และ AIOps
Network Observability ก้าวข้าม traditional monitoring (SNMP polling) ไปสู่ real-time streaming telemetry และ AI-driven analytics gNMI (gRPC Network Management Interface) ให้ streaming telemetry จาก network devices, OpenTelemetry เป็น standard สำหรับ traces/metrics/logs, eBPF ให้ kernel-level observability โดยไม่ต้อง modify kernel และ AIOps ใช้ AI/ML วิเคราะห์ข้อมูลเพื่อ detect anomalies และ automate remediation
Traditional monitoring ใช้ SNMP polling ทุก 5 นาที ซึ่ง ไม่เห็น events ที่เกิดระหว่าง polling intervals (micro-bursts, brief outages) Streaming telemetry push data แบบ real-time (sub-second) ทำให้เห็นทุก event ขณะที่ AIOps วิเคราะห์ data volumes ที่มนุษย์ไม่สามารถ process ได้
Monitoring vs Observability
| Feature |
Monitoring |
Observability |
| Approach |
Poll for known metrics |
Collect everything → query/analyze as needed |
| Data Collection |
SNMP polling (pull, periodic) |
Streaming telemetry (push, real-time) |
| Alerting |
Threshold-based (static) |
Anomaly-based (dynamic, ML-driven) |
| Analysis |
Dashboards, manual investigation |
Correlation, root cause analysis, AI-assisted |
| Known Issues |
Good (pre-defined alerts) |
Good (same + anomaly detection) |
| Unknown Issues |
Poor (can’t alert on what you don’t know) |
Better (anomaly detection finds unknown patterns) |
Telemetry Types
| Type |
คืออะไร |
Example |
| Metrics |
Numerical measurements over time |
Interface utilization, CPU %, packet drops, latency |
| Logs |
Timestamped event records |
Syslog messages, config changes, auth failures |
| Traces |
End-to-end request path |
Packet journey through network (hop-by-hop latency) |
| Flows |
Traffic flow summaries |
NetFlow/IPFIX: src/dst IP, ports, bytes, packets |
gNMI (gRPC Network Management Interface)
| Feature |
รายละเอียด |
| คืออะไร |
gRPC-based protocol สำหรับ streaming telemetry + config management |
| Protocol |
gRPC (HTTP/2 + Protocol Buffers) — efficient, bidirectional streaming |
| Operations |
Get, Set, Subscribe (stream), Capabilities |
| Subscribe Modes |
STREAM (continuous push), ONCE (one-time get), POLL (on-demand) |
| Data Model |
YANG models (OpenConfig, vendor-native) |
| vs SNMP |
gNMI: push (real-time), structured (YANG), efficient (protobuf) | SNMP: pull (polling), MIBs, text-based |
| Encoding |
Protocol Buffers (binary, compact) or JSON |
| Vendors |
Arista, Cisco (IOS-XR, NX-OS), Juniper, Nokia, all major vendors |
SNMP vs gNMI vs NETCONF
| Feature |
SNMP |
gNMI |
NETCONF |
| Transport |
UDP |
gRPC (HTTP/2) |
SSH |
| Data Model |
MIBs (SMI) |
YANG (OpenConfig) |
YANG |
| Telemetry |
Polling (pull) |
Streaming (push) |
Not designed for telemetry |
| Config |
Limited (SET) |
Set (full config mgmt) |
Primary use case |
| Encoding |
ASN.1/BER |
Protobuf/JSON |
XML |
| Performance |
Slow at scale |
Very fast (binary protobuf) |
Moderate |
| Adoption |
Legacy (still widely used) |
Growing (new standard) |
Established (config) |
OpenTelemetry
| Feature |
รายละเอียด |
| คืออะไร |
Vendor-neutral observability framework (CNCF project) สำหรับ traces, metrics, logs |
| Components |
SDK (instrumentation), Collector (receive/process/export), Exporters (send to backends) |
| Collector |
Receive data from multiple sources → process (filter, transform) → export to backends |
| Backends |
Prometheus (metrics), Jaeger/Tempo (traces), Loki/Elasticsearch (logs), Grafana (visualization) |
| Network Use |
Collect telemetry from network devices + applications → unified observability |
| OTLP |
OpenTelemetry Protocol — standard protocol สำหรับ send telemetry data |
eBPF (Extended Berkeley Packet Filter)
| Feature |
รายละเอียด |
| คืออะไร |
Technology ที่ run sandboxed programs ใน Linux kernel โดยไม่ต้อง modify kernel |
| Network Use |
Packet inspection, flow tracking, latency measurement ที่ kernel level |
| Advantages |
Zero overhead (kernel-level), no agent needed, real-time, programmable |
| Cilium |
eBPF-based networking + security สำหรับ Kubernetes (CNI plugin) |
| Hubble |
Cilium’s observability layer — flow visibility + service map + DNS monitoring |
| Pixie |
eBPF-based auto-instrumented observability สำหรับ Kubernetes |
| Use Cases |
Network monitoring, security enforcement, load balancing, tracing |
AIOps for Network
| Capability |
รายละเอียด |
| Anomaly Detection |
ML learns normal patterns → alert on deviations (no manual thresholds) |
| Root Cause Analysis |
Correlate events across devices → identify root cause automatically |
| Predictive |
Predict failures before they happen (capacity, degradation trends) |
| Event Correlation |
Reduce alert noise: group related alerts → single incident |
| Auto-remediation |
Trigger automated fix (restart service, reroute traffic, scale up) |
| Solutions |
Juniper Mist AI, Cisco DNA Center AI, Arista CloudVision, Datadog AI |
Observability Stack
| Layer |
Tool |
Purpose |
| Collection |
Telegraf, gNMI collectors, SNMP exporters |
Collect telemetry from network devices |
| Storage |
Prometheus (metrics), Elasticsearch (logs), Tempo (traces) |
Time-series + log + trace storage |
| Processing |
OpenTelemetry Collector, Kafka, Logstash |
Process, filter, transform telemetry data |
| Visualization |
Grafana, Kibana |
Dashboards, exploration, alerting |
| Intelligence |
AIOps platforms, custom ML models |
Anomaly detection, RCA, prediction |
ทิ้งท้าย: Observability = See Everything, Fix Faster
Network Observability Beyond monitoring: real-time telemetry + AI-driven analysis + auto-remediation gNMI: streaming telemetry (push, sub-second, protobuf, YANG models) — replacing SNMP polling OpenTelemetry: vendor-neutral framework for traces + metrics + logs (CNCF standard) eBPF: kernel-level observability (zero overhead, Cilium/Hubble for K8s networking) AIOps: anomaly detection + root cause analysis + predictive + auto-remediation Stack: collect (gNMI/Telegraf) → store (Prometheus/Elastic) → visualize (Grafana) → analyze (AIOps)
อ่านเพิ่มเติมเกี่ยวกับ Network Monitoring SNMP Syslog NetFlow และ Network Automation Python Netmiko ที่ siamlancard.com หรือจาก icafeforex.com และ siam2r.com
