Feilong Tang,Lu Li,Leonard Barolli,Can Tang

DOI: https://doi.org/10.1109/AINA.2017.125

2017-01-01

Abstract:Software defined networking (SDN) provides flexible management for datacenter networks with the flow-level control. Such the fine-grained management, however, consumes large amount of bandwidth between data and control planes, which results in the bottleneck in the scalability of SDN-based datacenters. "The elephant and mouse phenomenon" suggests that there are only very few elephant flows that carry the majority of bytes in datacenters so that it can improve management efficiency to detect and reroute elephant flows while leaving mice flows in data plane leveraging wildcard flow table in OpenFlow. Unfortunately, existing mechanisms for elephant flow detection suffer from high bandwidth consumption and long detection time. In this paper, we propose an efficient sampling and classification approach (ESCA) with the two-phase elephant flow detection. In the first phase, ESCA improves sampling efficiency by estimating the arrival interval of elephant flows and filtering out redundant samples using a filtering flow table. In the second phase, ESCA classifies samples with a new supervised classification algorithm based on correlation among data flows. The mathematical analysis proofs our ESCA outperforms related schemes. Extensive experiment results on real public datacenter traces further demonstrate that our ESCA can provide accurate detection with less sampled packets and shorter detection time.

Chen Hu,Shen Wang,Jinping Tian,B. Liu,Yu Cheng,Y. Chen

DOI: https://doi.org/10.1109/infocom.2007.14

2008-01-01

Abstract:Sampling technology has been widely deployed in measurement systems to control memory consumption and processing overhead. However, most of the existing sampling methods suffer from large estimation errors in analyzing small-size flows. To address the problem, we propose a novel adaptive non-linear sampling (ANLS) method for passive measurement. Instead of statically configuring the sampling rate, ANLS dynamically adjusts the sampling rate for a flow depending on the number of packets having been counted. We provide the generic principles guiding the selection of sampling function for sampling rate adjustment. Moreover, we derive the unbiased flow size estimation, the bound of the relative error, and the bound of required counter size for ANLS. The performance of ANLS is thoroughly studied through theoretic analysis and experiments under synthetic/real network data traces, with comparison to several related sampling methods. The results demonstrate that the proposed ANLS can significantly improve the estimation accuracy, particularly for small-size flows, while maintain a memory and processing overhead comparable to existing methods.

Chengchen Hu,Bin Liu,Sheng Wang,Jia Tian,Yu Cheng,Yan Chen

DOI: https://doi.org/10.1109/tcomm.2011.112311.100622

IF: 6.166

2012-01-01

IEEE Transactions on Communications

Abstract:Sampling technology has been widely deployed in network measurement systems to control memory consumption and processing overhead. However, most of the existing methods suffer from large errors for the estimation of small-size flows. To address this problem, we propose an adaptive non-linear sampling (ANLS) method for flow size estimation. Instead of statically pre-configuring the sampling rate, ANLS dynamically adjusts the sampling rate for each flow according to the value of a corresponding counter. A smaller sampling rate is utilized when the counter value is large, while a larger sampling rate is employed for a smaller counter. In this paper, the unbiased flow size estimation, the relative error, and the required counter size are studied through theoretical analysis and experimental evaluations. The analysis and experiments demonstrate that ANLS can significantly improve the estimation accuracy (particularly for small-size flows), and save memory consumption, while maintaining processing overhead comparable to existing methods. Moreover, we validate the design of ANLS by implementing an FPGA-based prototype, which is capable of measuring traffic throughput up to 26.5 Gbps.

Jiqing Gu,Chao Song,Haipeng Dai,Lei Shi,Jinqiu Wu,Li Lu

DOI: https://doi.org/10.3390/s22207932

IF: 3.9

2022-01-01

Sensors

Abstract:Software-defined measurement (SDM) is a simple and efficient way to deploy measurement tasks and collect measurement data. With SDM, it is convenient for operators to implement fine-grained network-wide measurements at the flow level, from which many important functions can benefit. The prior work provides mechanisms to distribute flows to monitors, such that each monitor can identify its non-overlapped subset of flows to measure, and a certain global performance criterion is optimized, such as load balance or flow coverage. Many applications of network management can benefit from a function that can find large flows efficiently, such as congestion control by dynamically scheduling large flows, caching of forwarding table entries, and network capacity planning. However, the current network-wide measurements neglect the diversity of different flows as they treat large flows and small flows equally. In this paper, we present a mechanism of accuracy-aware collaborative monitoring (ACM) to improve the measurement accuracies of large flows in network-wide measurements at the flow level. The structure of the sketch is an approximate counting algorithm, and a high-measurement accuracy can be achieved by merging the results from multiple monitors with sketches, which is termed as collaborative monitoring. The core idea of our method is to allocate more monitors to large flows and achieve the load balance to provide accuracy-aware monitoring. We modeled our problem as an integer–linear programming problem, which is NP-hard. Thus, we propose an approximation algorithm, named the improved longest processing time algorithm (iLPTA); we proved that its approximation ratio is (12+nl). We propose a two-stage online distribution algorithm (TODA). Moreover, we proved that its approximation ratio is (1+nl−1). The iLPTA is an offline approximation algorithm used to assign monitors for each flow, which prove the validity and feasibility of the core idea. The TODA is an online algorithm that attempts to achieve the load balance by selecting the monitor with the smallest load to a large flow. Our extensional experiment results verify the effectiveness of our proposed algorithms.

Yulin Shao,Soung Chang Liew,He Chen

2020-01-01

Abstract: Software-defined networking simplifies network monitoring by means of per-flow sampling, wherein the controller keeps track of the active flows in the network and samples the switches on each flow path to collect the flow statistics. A tradeoff in this process is between the controller's sampling preference and the balancing of loads among switches. On the one hand, the controller may prefer to sample some of the switches on the flow path because they yield more accurate flow statistics. On the other hand, it is desirable to sample the switches uniformly so that their resource consumptions and lifespan are balanced. Focusing on the application of traffic matrix estimation, this paper formulates the per-flow sampling problem as a Markov decision process and devises policies that can achieve good tradeoffs between sampling accuracy and load balancing. Three classes of policies are investigated: the optimal policy, the state-independent policies, and the index policies, including the Whittle index and a second-order index policies. The second-order index policy is the most desired policy among all: 1) in terms of performance, it is on an equal footing with the Whittle index policy, and outperforms the state-independent policies by much; 2) in terms of complexity, it is much simpler than the optimal policy, and is comparable to state-independent policies and the Whittle index policy; 3) in terms of realizability, it requires no prior information on the network dynamics, hence is much easier to implement in practice.

Michael Kallitsis,Stilian Stoev,George Michailidis

DOI: https://doi.org/10.48550/arXiv.1306.5793

2013-06-24

Systems and Control

Abstract:The robustness and integrity of IP networks require efficient tools for traffic monitoring and analysis, which scale well with traffic volume and network size. We address the problem of optimal large-scale flow monitoring of computer networks under resource constraints. We propose a stochastic optimization framework where traffic measurements are done by exploiting the spatial (across network links) and temporal relationship of traffic flows. Specifically, given the network topology, the state-space characterization of network flows and sampling constraints at each monitoring station, we seek an optimal packet sampling strategy that yields the best traffic volume estimation for all flows of the network. The optimal sampling design is the result of a concave minimization problem; then, Kalman filtering is employed to yield a sequence of traffic estimates for each network flow. We evaluate our algorithm using real-world Internet2 data.

Zhen Li,Yahui Yang,Guangxing Zhang,Guangcheng Qin

DOI: https://doi.org/10.1109/ICACTE.2010.5579256

2010-01-01

Abstract:Identifying heavy hitters is essential for network monitoring, management, charging and etc. Existing methods in the literature have some limitations. How to reduce the memory consumption effectively without compromising identification accuracy is still challenging. In this paper, an adaptive method combining sampling and data streaming counting is proposed, called FSPLC(feedback sampling probabilistic lossy counting). Based on the history information in the flow counter table, FSPLC can adjust the sampling frequency dynamically, and also adapt to the real-time traffic changes. Comparison with state-of-the-art algorithms based on real Internet traces suggests that FSPLC is remarkably efficient and accurate. Experiment results show that FSPLC has 1) 60% lower memory consumption, 2) 15% smaller false-positive ratio.

Jin ZHANG,Jiang-Xing WU,Xiao-Na NIU

DOI: https://doi.org/10.3724/SP.J.1001.2010.03667

2010-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:Fair packet sampling can obtain a higher packet sampling ratio of short flows by sacrificing the packet sampling of long ones; thus, ensuring better fairness among all flows than uniform random sampling does. However, the previously proposed fair sampling algorithm of Sketch Guided Sampling (SGS) has the drawbacks of poor space efficiency and large estimation error for short flows. In this paper, a space-efficient fair packet sampling (SEFS) algorithm is proposed. The key innovation of SEFS is a multi-resolution d-left hashing schema for flow traffic estimation. The performance of SEFS is compared to that of SGS in contexts of both flow traffic measurements and a long flow identification process that uses real-world traffic traces collected from OC-48 and OC-192 backbone network. The experimental results show that the proposed SEFS is more accurate than SGS in both application contexts, while a reduction of 65 percent in space complexity can be achieved. The improvement of estimation accuracy of SEFS is remarkable, especially for short flows, which comprise as past of a large percentage of whole network traffic flows. © by Institute of Software, the Chinese Academy of Sciences.

JF Wang,L Li,MT Zhou,FJ Xu,FC Sun

DOI: https://doi.org/10.1109/glocom.2004.1378260

2004-01-01

Abstract:Collecting network traffic is becoming a more challenging task in passive network measurement due to the rapid growth of link speed. Flow-based network traffic capture and storage is an efficient way for high-speed network measurement. Based on the statistical investigation of the correlations between flow size and the maximum packet interinterval time of consecutive packets within a flow, we obtain the empirical conditional distribution functions for some popular TCP protocol-based application flows, and then propose a probability-guaranteed adaptive timeout algorithm (PGAT) for flow termination decision. The assessment criteria for the flow termination decision algorithm is systematically developed. Comparisons on flow generation ratio, flow intact ratio, and mean flow extra retaining time metrics indicate that the PGAT algorithm can obtain more attractive performance than other schemes.

ZHANG Zhen,ZHANG Jin,WANG Bin-qiang,LI Hui

2009-01-01

Abstract:The technique of traffic sampling measurement is an important scalable solution in high-speed network.NetFlow is one of the applications which is widely deployed for traffic measurement.However,the sampling method of NetFlow has shortcomings.In order to overcome those deficiencies,a novel sketch called time stratified adaptive packet sampling was proposed based on traffic load.The proposed sketch adopts the following methods:bounding sampling error within a pre-specified tolerance level,time stratified sampling and predicting traffic load adaptively.The easily-implemented packet sampling method presented can not only automatically adapt the sampling rate to traffic variety,but also give the right tradeoff between resource consumption and accuracy for all traffic mixes.Experiments were conducted based on real network traces.Results demonstrate that the proposed method can achieve simplicity,adaptability and controllability of resource consumption without sacrificing accuracy compared with other sampling methods.

Chengchen Hu,Bin Liu,Zhen Liu,Shifang Gao,Dapeng Wu

DOI: https://doi.org/10.1109/ICC.2006.254776

2006-01-01

Abstract:Flow-level traffic measurement is important for net- work management. The widely used centralized per-flow meas- urement faces a great challenge due to the demanding require- ment on both memory bandwidth and memory size within a sin- gle traffic monitor. This paper addresses the issue of deploying a Distributed Passive Measurement System (DPMS) in a large scale network; specifically, we study how to optimally place traffic monitors and sample stochastic traffic flows, so that the probabil- ity of a packet being sampled (a.k.a. measurement coverage) is maximized. We formulate this problem as a Stochastic Chance Constrained Optimization (SCCO) problem; and we propose a Hybrid Intelligent (HI) algorithm to solve this problem. The HI algorithm consists of two major components, namely, uncertain function approximation and genetic algorithm. Equipped with the HI algorithm, we are able to address the optimal tradeoff between measurement coverage and deployment cost for net- works with random traffic, which has not been studied before. Our simulations and experiments demonstrate the effectiveness of our algorithm, i.e., a small deployment cost or a small number of monitors are sufficient to maintain a high level of measure- ment coverage.

Yifan Han,He Huang,Yang Du,Yu-E Sun,Jia Liu,Hongli Xu

DOI: https://doi.org/10.1109/ispa-bdcloud-socialcom-sustaincom59178.2023.00036

2023-01-01

Abstract:Per-flow size measurement has wide applications in data center networks, such as flow scheduling, anomaly detection, and traffic engineering. To fit the module into limited on-chip memory and catch up with the line speed, existing works either use the bit sharing scheme to compress the flow information or require complex calculations to screen out large flows, resulting in substantial accuracy loss or heavy memory accesses, especially failing to measure medium-sized flows accurately, which are meaningful for practical applications such as usage accounting and billing. In light of this, we propose a new Hierarchical Sketch that adopts a hybrid on-chip/off-chip architecture to detect and estimate the flows whose size exceeds the threshold t (threshold-t flows for short) to cover both large and medium-sized flows. In Hierarchical Sketch, we design an on-chip bucket array together with an adaptive update scheme to record potential candidates for threshold$-t$ flows within one memory access as well as filter out unwanted flows. Besides, the flow records are downloaded to off-chip space for high memory efficiency and supporting online queries. We also implement a prototype on the NetFPGA development platform. Experimental results show that Hierarchical Sketch is up to 72.61% more accurate and 245% faster than the best baseline.

Jin Zhang,Xiaona Niu,Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-540-88623-5_25

2008-01-01

Abstract:Due to the high-skewed nature of network flow size distributions, uniform packet sampling concentrates too much on a few large flows and ignores the majority of small ones. To overcome this drawback, recently proposed Sketch Guided Sampling (SGS) selects each packet at a probability that is decreasing with its current flow size, which results in better flow wide fairness. However, the pitfall of SGS is that it needs a large, high-speed memory to accommodate flow size sketch, making it impractical to be implemented and inflexible to be deployed. We refined the flow size sketch using a multi-resolution d-left hashing schema, which is both space-efficient and accurate. A new fair packet sampling algorithm which is named Space-Efficient Fair Sampling (SEFS) is proposed based on this novel flow size sketch. We compared the performance of SEFS with that of SGS in the context of flow traffic measurement and large flow identification using real-world traffic traces. The experimental results show that SEFS outperforms SGS in both application contexts while a reduction of 65 percent in space complexity can be achieved.

Jf Wang,L Li,Fc Sun,Mt Zhou

DOI: https://doi.org/10.1016/j.comnet.2004.11.005

IF: 5.493

2005-01-01

Computer Networks

Abstract:Collecting network traffic is becoming a more challenging task in passive network measurement due to the rapid growth of link speed. Flow-based network traffic capture and storage provides an efficient way for high-speed network measurement. The paper concentrates on the flow detection issue which is also the premise for further flow-based traffic analysis and modeling in such challenging environment. Based on the statistical investigation of the correlations between flow size and the maximum packet interarrival time within a flow, we obtain the empirical conditional distribution functions for some popular TCP protocol-based application flows, and then propose a Probability-Guaranteed Adaptive Timeout algorithm (PGAT) for flow termination decision. The assessment criteria for flow termination decision algorithm is systematically developed. Comparisons onflow generation ratio,flow intact ratio, and meanflow extra retaining time metrics indicate that the PGAT algorithm can obtain more attractive performance than other related works. (c) 2004 Elsevier B.V. All rights reserved.

Soroosh Esmaeilian,Mahdi Dolati,Sogand Sadrhaghighi,Majid Ghaderi

2024-09-10

Abstract:Traffic sampling has become an indispensable tool in network management. While there exists a plethora of sampling systems, they generally assume flow rates are stable and predictable over a sampling period. Consequently, when deployed in networks with dynamic flow rates, some flows may be missed or under-sampled, while others are over-sampled. This paper presents the design and evaluation of dSamp, a network-wide sampling system capable of handling dynamic flow rates in Software-Defined Networks (SDNs). The key idea in dSamp is to consider flow rate fluctuations when deciding on which network switches and at what rate to sample each flow. To this end, we develop a general model for sampling allocation with dynamic flow rates, and then design an efficient approximate integer linear program called APX that can be used to compute sampling allocations even in large-scale networks. To show the efficacy of dSamp for network monitoring, we have implemented APX and several existing solutions in ns-3 and conducted extensive experiments using model-driven as well as trace-driven simulations. Our results indicate that, by considering dynamic flow rates, APX outperforms the existing solutions by up to 10% in sampling more flows at a given sampling rate.

Networking and Internet Architecture

Tian Pan,Xiaoyu Guo,Chenhui Zhang,Junchen Jiang,Hao Wu,Bin Liu

DOI: https://doi.org/10.1109/infcom.2012.6195535

2012-01-01

Abstract:Today's Internet applications exhibit increased diversity, while the Internet routers are still oblivious to this trend. To improve the end-to-end application QoS, one solution is to embed the application information explicitly in packet headers, but it will bring global changes. Another local solution is router-assisted traffic differentiation. To achieve this, the functionalities including packet identification and flow tracking inside the router are required. While most existing studies focus on the former, fewer efforts are put on the later. Given a large flow table is involved, how to track millions of concurrent flows in a cost-effective manner on a router's line card raises a great space-time challenge. To address this, we design an on-chip/off-chip flow tracking system to accommodate millions of flows and achieve the throughput at tens of Gigabits. By exploiting temporal locality and heavy-tailedness of Layer-4 traffic, we design the Adaptive Least Frequently Evicted (ALFE) replacement policy to catch elephant flows, therefore maintain a high cache hit rate. To alleviate performance penalty due to the cache misses, we organize the flow table in a fixed-allocated manner to fully utilize modern DRAM's burst feature. We have implemented a research prototype using FPGA for performance evaluation. The experiment results show that our system can reach 80% hit rate with a small-sized cache of 16K entries, while achieving 70Mpps throughput. This enables backbone line rate processing. Further, more than 40% power saving can be achieved by our system, which is fast and accurate with only 3% FPGA resource usage.

Xiaofei Bu,Yu-E Sun,Yang Du,Xiaocan Wu,Boyu Zhang,He Huang

DOI: https://doi.org/10.1007/s12083-020-01036-8

2021-01-11

Abstract:Detecting the flows with abnormally large spreads over big network data can help us identify network attacks, such as DDoS attacks and scanners. Most per-flow measurement studies use compact data structures to reduce their memory requirements, fitting in the limited on-chip memory and catching up with the line rate. In this paper, we study a novel problem called spread estimation among multi-periods to measure the total number of distinct elements or the number of distinct <i>k</i>-persistent elements in a flow among multiple traffic measurement periods. In our design, we use an on-chip/off-chip model to record the per-flow traffic information, which uses small on-chip memory and matches the line rate, <i>i.e.</i>, we use on-chip memory to filter out the duplicates, sample the elements, and store the sampled traffic data in off-chip memory. By performing the set operations on the sampled traffic data, we can derive the total number of distinct elements and the number of distinct <i>k</i>-persistent elements among multiple periods based on probability analysis. The experimental results on real Internet traffic traces show that, when performing spread estimation among multiple periods, our estimator is efficient in memory usage and estimation accuracy and can efficiently detect the stealthy DDoS attack and scanners.

computer science, information systems,telecommunications

Zongyi Zhao,Xingang Shi,Arpit Gupta,Qing Li,Zhiliang Wang,Bin Xiong,Xia Yin

DOI: https://doi.org/10.1109/iwqos52092.2021.9521284

2021-01-01

Abstract:Flow-based network measurement enables operators to perform a wide range of network management tasks in a scalable manner. Recently, various algorithms have been proposed for flow record collection at very high speed. However, they all focus on processing traffic in a short time window, but overlook the fact that flow measurements are typically needed continuously for unlimited time. To this end, we propose a new algorithm named SuperFlow to support continuous and accurate flow record collection at very high speed by monitoring the flow activeness and exporting the inactive records from the data plane automatically. Our data structures and the corresponding algorithms are carefully designed and analyzed, so the above goal is achieved with limited memory and bandwidth consumption. We implement SuperFlow on both x86 CPU and state-of-the-art PISA target. Comprehensive experiments show that SuperFlow consistently outperforms its competitors significantly. Especially, compared with the best competitor, it records around 136.7% more flows, reduces the error in flow size estimation by 51.5%, and reduces the memory or bandwidth consumption by up to 71.0%, while bringing only negligible throughput degradation.

Tianzhu Zhang,Leonardo Linguaglossa,Massimo Gallo,Paolo Giaccone,Dario Rossi

DOI: https://doi.org/10.23919/tma.2018.8506565

2018-01-01

Abstract:Testing experimental network devices requires deep performance analysis, which is usually performed with expensive, not flexible, hardware equipment. With the advent of highspeed packet I/O frameworks, general purpose equipments have narrowed the performance gap in respect of dedicated hardware and a variety of software-based solutions have emerged for handling traffic at very high speed. While the literature abounds with software traffic generators, existing monitoring solutions do not target worst-case scenarios (i.e., 64B packets at line rate) that are particularly relevant for stress-testing high-speed network functions, or occupy too many resources. In this paper we first analyse the design space for high-speed traffic monitoring that leads us to specific choices characterizing FlowMon-DPDK, a DPDK-based software traffic monitor that we release as an open source project. In a nutshell, FlowMon-DPDK provides tunable fine-grained statistics at both packet and flow levels. Experimental results demonstrate that our traffic monitor is able to provide per-flow statistics with 5-nines precision at high-speed (14.88 Mpps) using an exiguous amount of resources. Finally, we showcase FlowMon-DPDK usage by testing two open source prototypes for stateful flow-level end-host and in-network packet processing.