Locating network monitors: complexity, heuristics, and coverage

There is increasing interest in concurrent passive monitoring of IP flows at multiple locations within an IP network. The common objective of such a distributed monitoring system is to sample packets belonging to a large fraction of IP flows in a cost-effective manner by carefully placing monitors and controlling their sampling rates. In this paper, we consider the problem of where to place monitors within the network and how to control their sampling. To address the tradeoff between monitoring cost and monitoring coverage, we consider minimum cost and maximum coverage problems under various budget constraints. We show that all of the defined problems are NP-hard. We propose greedy heuristics, and show that the heuristics provide solutions quite close to the optimal solutions through experiments using synthetic and real network topologies. In addition, our experiments show that a small number of monitors is often enough to monitor most of the traffic in an entire IP network.

[1]  Christodoulos A. Floudas,et al.  Mixed-Integer Nonlinear Optimization in Process Synthesis , 1998 .

[2]  Petr Slavík Improved Performance of the Greedy Algorithm for the Minimum Set Cover and Minimum Partial Cover Problems , 1995, Electron. Colloquium Comput. Complex..

[3]  Rajeev Rastogi,et al.  Efficiently monitoring bandwidth and latency in IP networks , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[4]  David B. Shmoys,et al.  Approximation algorithms for facility location problems , 2000, APPROX.

[5]  Philippe Owezarski,et al.  Design and Deployment of a Passive Monitoring Infrastructure , 2001, IWDC.

[6]  Carsten Lund,et al.  Properties and prediction of flow statistics from sampled packet streams , 2002, IMW '02.

[7]  Rajeev Rastogi,et al.  Robust Monitoring of Link Delays and Faults in IP Networks , 2003, IEEE/ACM Transactions on Networking.

[8]  Mikkel Thorup,et al.  Internet traffic engineering by optimizing OSPF weights , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[9]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM 2001.

[10]  Marina Thottan,et al.  Distributed network monitoring with bounded link utilization in IP networks , 2003, IEEE INFOCOM 2003. Twenty-second Annual Joint Conference of the IEEE Computer and Communications Societies (IEEE Cat. No.03CH37428).

[11]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, TNET.

[12]  Lixia Zhang,et al.  On the placement of Internet instrumentation , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[13]  Alejandro López-Ortiz,et al.  On the number of distributed measurement points for network tomography , 2003, IMC '03.

[14]  Carsten Lund,et al.  Learn more, sample less: control of volume and variance in network measurement , 2005, IEEE Transactions on Information Theory.

[15]  Ratul Mahajan,et al.  Inferring link weights using end-to-end measurements , 2002, IMW '02.

[16]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, SIGCOMM 2002.

[17]  Azer Bestavros,et al.  On the marginal utility of network topology measurements , 2001, IMW '01.

[18]  Donald F. Towsley,et al.  Tree Layout for Internal Network Characterizations in Multicast Networks , 2001, Networked Group Communication.

[19]  Fabián A. Chudak,et al.  Improved Approximation Algorithms for the Uncapacitated Facility Location Problem , 2003, SIAM J. Comput..

[20]  Petr Slavík Improved Performance of the Greedy Algorithm for Partial Cover , 1997, Inf. Process. Lett..

[21]  Dimitri P. Bertsekas,et al.  Nonlinear Programming , 1997 .

[22]  Donald F. Towsley,et al.  Locating network monitors: complexity, heuristics, and coverage , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[23]  Samir Khuller,et al.  The Budgeted Maximum Coverage Problem , 1999, Inf. Process. Lett..