Speed Records in Network Flow Measurement on FPGA

Network traffic measurement keeps track of the amount of traffic sent by each flow in the network. It is a core functionality in applications such as traffic engineering and network intrusion detection. In high-speed networks, it is impossible to keep an exact count of the flow traffic, due to limitations with respect to memory and computational speed. Therefore, probabilistic data structures, such as sketches, are used. This paper proposes Approximate Count-Min sketch or ACM sketch, a novel variant of the Count-Min sketch algorithm that uses less memory and has a higher throughput compared to other FPGA-based sketch implementations. A-CM sketch relies on optimizations at two levels: (1) it uses approximate counters and the newly proposed Hardware-oriented Simple Active Counter algorithm to efficiently implement these counters; (2) it uses a distribution of the embedded memory, optimized towards maximum operating frequency. To the best of our knowledge, A-CM sketch outperforms all other FPGA-based sketch implementations.

[1]  Xin Jin,et al.  SketchVisor: Robust Network Measurement for Software Packet Processing , 2017, SIGCOMM.

[2]  Joan Daemen,et al.  Novel Bloom filter algorithms and architectures for ultra-high-speed network security applications , 2020, 2020 23rd Euromicro Conference on Digital System Design (DSD).

[3]  Robert H. Morris,et al.  Counting large numbers of events in small registers , 1978, CACM.

[4]  Viktor K. Prasanna,et al.  Sketch Acceleration on FPGA and its Applications in Network Anomaly Detection , 2018, IEEE Transactions on Parallel and Distributed Systems.

[5]  Jun Bi,et al.  A Generic Technique for Sketches to Adapt to Different Counting Ranges , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[6]  Yang Li,et al.  CASE: Cache-assisted stretchable estimator for high speed per-flow measurement , 2016, IEEE INFOCOM 2016 - The 35th Annual IEEE International Conference on Computer Communications.

[7]  Graham Cormode,et al.  An improved data stream summary: the count-min sketch and its applications , 2004, J. Algorithms.

[8]  Qi Zhao,et al.  Design of a novel statistics counter architecture with optimal space and time efficiency , 2006, SIGMETRICS '06/Performance '06.

[9]  Marco Canini,et al.  Tracking elephant flows in internet backbone traffic with an FPGA-based cache , 2009, 2009 International Conference on Field Programmable Logic and Applications.

[10]  V. Markl,et al.  Scotch: Generating FPGA-Accelerators for Sketching at Line Rate , 2020, Proc. VLDB Endow..

[11]  Yu Cheng,et al.  DISCO: Memory Efficient and Accurate Flow Statistics for Network Measurement , 2010, 2010 IEEE 30th International Conference on Distributed Computing Systems.

[12]  Michael Mitzenmacher,et al.  Faster and More Accurate Measurement through Additive-Error Counters , 2020, IEEE INFOCOM 2020 - IEEE Conference on Computer Communications.

[13]  Danny Wen-Yaw Chung,et al.  A hardware-accelerated infrastructure for flexible sketch-based network traffic monitoring , 2016, 2016 IEEE 17th International Conference on High Performance Switching and Routing (HPSR).

[14]  George Varghese,et al.  Efficient implementation of a statistics counter architecture , 2003, SIGMETRICS '03.

[15]  Yu Cheng,et al.  Accurate and Efficient Traffic Monitoring Using Adaptive Non-Linear Sampling Method , 2008, IEEE INFOCOM 2008 - The 27th Conference on Computer Communications.

[16]  Rade Stanojevic,et al.  Small Active Counters , 2007, IEEE INFOCOM 2007 - 26th IEEE International Conference on Computer Communications.

[17]  Miguel Figueroa,et al.  Heavy-Hitter Detection Using a Hardware Sketch with the Countmin-CU Algorithm , 2018, 2018 21st Euromicro Conference on Digital System Design (DSD).

[18]  Moses Charikar,et al.  Finding frequent items in data streams , 2002, Theor. Comput. Sci..

[19]  Roy Friedman,et al.  Nitrosketch: robust and general sketch-based monitoring in software switches , 2019, SIGCOMM.

[20]  Minlan Yu,et al.  FlowRadar: A Better NetFlow for Data Centers , 2016, NSDI.

[21]  Vladimir Braverman,et al.  One Sketch to Rule Them All: Rethinking Network Flow Monitoring with UnivMon , 2016, SIGCOMM.

[22]  Philippe Flajolet,et al.  Probabilistic Counting Algorithms for Data Base Applications , 1985, J. Comput. Syst. Sci..

[23]  Nele Mentens,et al.  200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards , 2018, ASHES@CCS.

[24]  Gil Einziger,et al.  Independent counter estimation buckets , 2015, 2015 IEEE Conference on Computer Communications (INFOCOM).

[25]  Hargyo Tri Nugroho,et al.  Implementing On-line Sketch-Based Change Detection on a NetFPGA Platform , 2010 .

[26]  Peng Liu,et al.  Elastic sketch: adaptive and fast network-wide measurements , 2018, SIGCOMM.

[27]  Nele Mentens,et al.  Low-Rate Overuse Flow Tracer (LOFT): An Efficient and Scalable Algorithm for Detecting Overuse Flows , 2021, 2021 40th International Symposium on Reliable Distributed Systems (SRDS).