A Double-Sampling and Hold Based Approach for Accurate and Efficient Network Flow Monitoring

One crucial challenge in network flow monitoring is how to accurately and efficiently monitor the large volume of network flows. Several approaches proposed to address this challenge either lack flexibility adapting to greatly varying network traffic (e.g. sNetFlow), or require intensive computing resources (e.g. ANF). In this paper, we propose a novel double-sampling and hold approach for net work flow monitoring to tackle this challenge. We take a coarse-grained packet sampling to initially reduce the total number of monitored packets; then, an enhanced fine-grained sample and hold algorithm (ESHA) is adopted to selectively add packets into flow cache. By optimally adjusting the ESHA sampling rate and taking Early Removal flow cache management scheme, the flow information can be maximized with given limited system resources. Extensive simulation and experiment studies show that our approach can significantly improve both the accuracy and efficiency in network flow monitoring than other methods.

[1]  Anja Feldmann,et al.  Performance of Web proxy caching in heterogeneous bandwidth environments , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[2]  Carsten Lund,et al.  Properties and prediction of flow statistics from sampled packet streams , 2002, IMW '02.

[3]  Abhishek Kumar,et al.  Space-code bloom filter for efficient traffic flow measurement , 2003, IMC '03.

[4]  Abhishek Kumar,et al.  Data streaming algorithms for efficient and accurate estimation of flow size distribution , 2004, SIGMETRICS '04/Performance '04.

[5]  George Varghese,et al.  Bitmap algorithms for counting active flows on high speed links , 2003, IMC '03.

[6]  Cristian Estan,et al.  New directions in traffic measurement and accounting , 2001, IMW '01.

[7]  Carsten Lund,et al.  Estimating flow distributions from sampled flow statistics , 2003, SIGCOMM '03.

[8]  George Varghese,et al.  Building a better NetFlow , 2004, SIGCOMM 2004.