Distributed and collaborative traffic monitoring in software defined networks

Network traffic monitoring supports fundamental network management tasks. However, monitoring tasks introduce non-trivial overhead to network devices such as switches. We propose a Distributed and Collaborative Monitoring system, named DCM, with the following properties. First, DCM allows switches to collaboratively achieve flow monitoring tasks and balance measurement load. Second, DCM is able to perform per-flow monitoring, by which different groups of flows are monitored using different actions. Third, DCM is a memory-efficient solution for switch data plane and guarantees system scalability. DCM uses novel two-stage Bloom filters to represent monitoring rules using small memory space. It utilizes the centralized SDN control to install, update, and reconstruct the two-stage Bloom filters in the switch data plane. We study how DCM performs two representative monitoring tasks, namely flow size counting and packet sampling, and evaluate its performance. Experiments using real data center and ISP traffic data on real network topologies show that DCM achieves highest measurement accuracy among existing solutions given the same memory budget of switches.

[1]  Walter Willinger,et al.  cSamp: A System for Network-Wide Flow Monitoring , 2008, NSDI.

[2]  Hao Wu,et al.  Tracking millions of flows in high speed networks for application identification , 2012, 2012 Proceedings IEEE INFOCOM.

[3]  Chen-Nee Chuah,et al.  MeasuRouting: A Framework for Routing Assisted Traffic Monitoring , 2010, IEEE/ACM Transactions on Networking.

[4]  David A. Maltz,et al.  Worm origin identification using random moonwalks , 2005, 2005 IEEE Symposium on Security and Privacy (S&P'05).

[5]  Jeffrey Considine,et al.  Informed content delivery across adaptive overlay networks , 2002, IEEE/ACM Transactions on Networking.

[6]  Minlan Yu,et al.  Scalable flow-based networking with DIFANE , 2010, SIGCOMM 2010.

[7]  Isaac Keslassy,et al.  Palette: Distributing tables in software-defined networks , 2013, 2013 Proceedings IEEE INFOCOM.

[8]  Amin Vahdat,et al.  A scalable, commodity data center network architecture , 2008, SIGCOMM '08.

[9]  David A. Maltz,et al.  Network traffic characteristics of data centers in the wild , 2010, IMC '10.

[10]  Ming Zhang,et al.  MicroTE: fine grained traffic engineering for data centers , 2011, CoNEXT '11.

[11]  References , 1971 .

[12]  Ashish Goel,et al.  Small subset queries and bloom filters using ternary associative memories, with applications , 2010, SIGMETRICS '10.

[13]  Graham Cormode,et al.  An improved data stream summary: the count-min sketch and its applications , 2004, J. Algorithms.

[14]  Xin Wang,et al.  Scalable data center multicast using multi-class Bloom Filter , 2011, 2011 19th IEEE International Conference on Network Protocols.

[15]  Sartaj Sahni,et al.  DUO – Dual TCAM Architecture for Routing Tables with Incremental Update ∗ , 2010 .

[16]  Jeffrey Considine,et al.  Informed content delivery across adaptive overlay networks , 2002, IEEE/ACM Transactions on Networking.

[17]  Aditya Akella,et al.  DECOR: A distributed coordinated resource monitoring system , 2012, 2012 IEEE 20th International Workshop on Quality of Service.

[18]  Vyas Sekar,et al.  Coordinated sampling sans Origin-Destination identifiers: Algorithms and analysis , 2010, 2010 Second International Conference on COMmunication Systems and NETworks (COMSNETS 2010).

[19]  Craig Partridge,et al.  Single-packet IP traceback , 2002, TNET.

[20]  Raouf Boutaba,et al.  PayLess: A low cost network monitoring framework for Software Defined Networks , 2014, 2014 IEEE Network Operations and Management Symposium (NOMS).

[21]  Ratul Mahajan,et al.  Measuring ISP topologies with rocketfuel , 2002, SIGCOMM 2002.

[22]  Li Fan,et al.  Summary cache: a scalable wide-area web cache sharing protocol , 2000, TNET.

[23]  Ying Zhang,et al.  An adaptive flow counting method for anomaly detection in SDN , 2013, CoNEXT.

[24]  Ramesh Govindan,et al.  Resource/accuracy tradeoffs in software-defined measurement , 2013, HotSDN '13.

[25]  Kang G. Shin,et al.  The BLUE active queue management algorithms , 2002, TNET.

[26]  Vyas Sekar,et al.  Revisiting the case for a minimalist approach for network flow monitoring , 2010, IMC '10.

[27]  Minlan Yu,et al.  BUFFALO: bloom filter forwarding architecture for large organizations , 2009, CoNEXT '09.

[28]  Burton H. Bloom,et al.  Space/time trade-offs in hash coding with allowable errors , 1970, CACM.

[29]  Antonio Pescapè,et al.  Topology Discovery at the Router Level: A New Hybrid Tool Targeting ISP Networks , 2011, IEEE Journal on Selected Areas in Communications.

[30]  Benoit Claise,et al.  Cisco Systems NetFlow Services Export Version 9 , 2004, RFC.

[31]  Minlan Yu,et al.  Software Defined Traffic Measurement with OpenSketch , 2013, NSDI.

[32]  Nick Feamster,et al.  Fast monitoring of traffic subpopulations , 2008, IMC '08.

[33]  Sartaj Sahni,et al.  DUOS - Simple dual TCAM architecture for routing tables with incremental update , 2010, The IEEE symposium on Computers and Communications.