Detecting Heavy Flows in the SDN Match and Action Model

Abstract Efficient algorithms and techniques to detect and identify large flows in a high throughput traffic stream in the SDN match-and-action model are presented. This is in contrast to previous work that either deviated from the match and action model by requiring additional switch level capabilities or did not exploit the SDN data plane. Our construction has two parts; (a) new methods to efficiently sample in an SDN match and action model, (b) new and efficient algorithms to detect large flows efficiently and in a scalable way, in the SDN model. Our large flow detection methods provide high accuracy and present a good and practical tradeoff between switch - controller traffic, and the number of entries required in the switch flow table. Based on different parameters, we differentiate between heavy flows, elephant flows and bulky flows and present efficient algorithms to detect flows of the different types. Additionally, as part of our heavy flow detection scheme, we present sampling methods to sample packets with arbitrary probability p per packet or per byte that traverses an SDN switch. Finally, we show how our algorithms can be adapted to a distributed monitoring SDN setting with multiple switches, and easily scale with the number of monitoring switches.

[1]  Bryan Ng,et al.  Heavy Hitter Detection and Identification in Software Defined Networking , 2016, 2016 25th International Conference on Computer Communication and Networks (ICCCN).

[2]  Moses Charikar,et al.  Finding frequent items in data streams , 2002, Theor. Comput. Sci..

[3]  Vladimir Braverman,et al.  One Sketch to Rule Them All: Rethinking Network Flow Monitoring with UnivMon , 2016, SIGCOMM.

[4]  Walter Willinger,et al.  cSamp: A System for Network-Wide Flow Monitoring , 2008, NSDI.

[5]  Minlan Yu,et al.  Software Defined Traffic Measurement with OpenSketch , 2013, NSDI.

[6]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[7]  S. Muthukrishnan,et al.  Heavy-Hitter Detection Entirely in the Data Plane , 2016, SOSR.

[8]  Graham Cormode,et al.  An improved data stream summary: the count-min sketch and its applications , 2004, J. Algorithms.

[9]  Fernando A. Kuipers,et al.  OpenNetMon: Network monitoring in OpenFlow Software-Defined Networks , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[10]  Xin Li,et al.  Distributed and collaborative traffic monitoring in software defined networks , 2014, HotSDN.

[11]  Roy Friedman,et al.  Heavy hitters in streams and sliding windows , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[12]  Theophilus Wellem,et al.  Implementing a heavy hitter detection on the NetFPGA OpenFlow switch , 2017, 2017 IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN).

[13]  Alan L. Cox,et al.  PAST: scalable ethernet for data centers , 2012, CoNEXT '12.

[14]  Sujata Banerjee,et al.  DevoFlow: scaling flow management for high-performance networks , 2011, SIGCOMM.

[15]  Jayadev Misra,et al.  Finding Repeated Elements , 1982, Sci. Comput. Program..

[16]  Qi Zhao,et al.  Robust traffic matrix estimation with imperfect information: making use of multiple data sources , 2006, SIGMETRICS '06/Performance '06.

[17]  Sajad Shirali-Shahreza,et al.  FleXam: flexible sampling extension for monitoring and security applications in openflow , 2013, HotSDN '13.

[18]  Divyakant Agrawal,et al.  Efficient Computation of Frequent and Top-k Elements in Data Streams , 2005, ICDT.

[19]  Ramesh Govindan,et al.  DREAM , 2014, SIGCOMM.

[20]  Noga Alon,et al.  The space complexity of approximating the frequency moments , 1996, STOC '96.

[21]  Yehuda Afek,et al.  Orange: multi field openflow based range classifier , 2015, 2015 ACM/IEEE Symposium on Architectures for Networking and Communications Systems (ANCS).

[22]  George Varghese,et al.  New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice , 2003, TOCS.