SoftTap: A Software-Defined TAP via Switch-Based Traffic Mirroring

With widespread deployment of virtualization technologies in datacenter networks, traditional tools used for network monitoring, such as hardware taps, become unfit. This is due to the inability of hardware solutions for dynamic deployment and virtual network monitoring. This paper presents the design and evaluation of SoftTap, a scalable alternative to hardware taps which is capable of operating over both physical and virtual switches. SoftTap is based on port and flow mirroring capabilities of commodity OpenFlow switches and is not limited to a specific network architecture or topology. A key design challenge in SoftTap is the fast computation of switch mirroring configurations in large-scale deployments. Our design is based on novel polynomial time approximation algorithms that are shown to achieve bounded approximation ratios compared to optimal solutions. We evaluate SoftTap using model-driven simulations as well as realistic Mininet experiments. Specifically, our simulations consider large networks to show the scalability of SoftTap. Mininet experiments, on the other hand, consider its real-world utility by implementing an intrusion detection system (IDS) and a VoIP metering application on top of SoftTap. In our experiments, under SoftTap, IDS achieves up to 25% higher detection recall, while VoIP metering achieves up to 23% less packet loss compared to existing mirroring-based traffic monitoring approaches.

[1]  Ben Y. Zhao,et al.  Packet-Level Telemetry in Large Datacenter Networks , 2015, SIGCOMM.

[2]  Xiaofei Wang,et al.  STCS: Spatial-Temporal Collaborative Sampling in Flow-Aware Software Defined Networks , 2020, IEEE Journal on Selected Areas in Communications.

[3]  Laurent Vanbever,et al.  Stroboscope: Declarative Network Monitoring on a Budget , 2018, NSDI.

[4]  Minlan Yu,et al.  Software Defined Traffic Measurement with OpenSketch , 2013, NSDI.

[5]  Reuven Cohen,et al.  Sampling-on-Demand in SDN , 2018, IEEE/ACM Transactions on Networking.

[6]  Hyuk Lim,et al.  Scalable Traffic Sampling Using Centrality Measure on Software-Defined Networks , 2017, IEEE Communications Magazine.

[7]  R. Srikant,et al.  Network Optimization and Control , 2008, Found. Trends Netw..

[8]  Lisandro Zambenedetti Granville,et al.  ATLANTIC: A framework for anomaly traffic detection, classification, and mitigation in SDN , 2016, NOMS.

[9]  Milind Dawande,et al.  Approximation Algorithms for the Multiple Knapsack Problem with Assignment Restrictions , 2000, J. Comb. Optim..

[10]  Rodrigo Fonseca,et al.  Planck , 2014, SIGCOMM.

[11]  Daniel R. Page Approximation Algorithms for Subclasses of the Makespan Problem on Unrelated Parallel Machines with Restricted Processing Times , 2015 .

[12]  Jonathan M. Smith,et al.  Packet-Level Analytics in Software without Compromises , 2018, HotCloud.

[13]  Chuang Lin,et al.  Catch the Whole Lot in an Action: Rapid Precise Packet Loss Notification in Data Center , 2014, NSDI.

[14]  Ran Ben Basat,et al.  Near Optimal Network-wide Per-Flow Measurement , 2020, IEEE INFOCOM 2020 - IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS).

[15]  Walter Willinger,et al.  Sonata: query-driven streaming network telemetry , 2018, SIGCOMM.

[16]  Éva Tardos,et al.  Scheduling unrelated machines with costs , 1993, SODA '93.

[17]  Chen Avin,et al.  On the Complexity of Traffic Traces and Implications , 2020, SIGMETRICS.

[18]  Yehuda Afek,et al.  Detecting Heavy Flows in the SDN Match and Action Model , 2017, Comput. Networks.

[19]  Yann Labit,et al.  Low-Overhead Near-Real-Time Flow Statistics Collection in SDN , 2020, 2020 6th IEEE Conference on Network Softwarization (NetSoft).

[20]  Liusheng Huang,et al.  Lightweight Flow Distribution for Collaborative Traffic Measurement in Software Defined Networks , 2019, IEEE INFOCOM 2019 - IEEE Conference on Computer Communications.

[21]  Jae-Hyoung Yoo,et al.  Design and Implementation of Virtual TAP for SDN-based OpenStack Networking , 2019, 2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM).

[22]  Nitin Agarwal,et al.  liteFlow: Lightweight and distributed flow monitoring platform for SDN , 2015, Proceedings of the 2015 1st IEEE Conference on Network Softwarization (NetSoft).

[23]  Jan Karel Lenstra,et al.  Approximation algorithms for scheduling unrelated parallel machines , 1987, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).