Feilong Tang,Lu Li,Leonard Barolli,Can Tang

DOI: https://doi.org/10.1109/AINA.2017.125

2017-01-01

Abstract:Software defined networking (SDN) provides flexible management for datacenter networks with the flow-level control. Such the fine-grained management, however, consumes large amount of bandwidth between data and control planes, which results in the bottleneck in the scalability of SDN-based datacenters. "The elephant and mouse phenomenon" suggests that there are only very few elephant flows that carry the majority of bytes in datacenters so that it can improve management efficiency to detect and reroute elephant flows while leaving mice flows in data plane leveraging wildcard flow table in OpenFlow. Unfortunately, existing mechanisms for elephant flow detection suffer from high bandwidth consumption and long detection time. In this paper, we propose an efficient sampling and classification approach (ESCA) with the two-phase elephant flow detection. In the first phase, ESCA improves sampling efficiency by estimating the arrival interval of elephant flows and filtering out redundant samples using a filtering flow table. In the second phase, ESCA classifies samples with a new supervised classification algorithm based on correlation among data flows. The mathematical analysis proofs our ESCA outperforms related schemes. Extensive experiment results on real public datacenter traces further demonstrate that our ESCA can provide accurate detection with less sampled packets and shorter detection time.

Chen Hu,Shen Wang,Jinping Tian,B. Liu,Yu Cheng,Y. Chen

DOI: https://doi.org/10.1109/infocom.2007.14

2008-01-01

Abstract:Sampling technology has been widely deployed in measurement systems to control memory consumption and processing overhead. However, most of the existing sampling methods suffer from large estimation errors in analyzing small-size flows. To address the problem, we propose a novel adaptive non-linear sampling (ANLS) method for passive measurement. Instead of statically configuring the sampling rate, ANLS dynamically adjusts the sampling rate for a flow depending on the number of packets having been counted. We provide the generic principles guiding the selection of sampling function for sampling rate adjustment. Moreover, we derive the unbiased flow size estimation, the bound of the relative error, and the bound of required counter size for ANLS. The performance of ANLS is thoroughly studied through theoretic analysis and experiments under synthetic/real network data traces, with comparison to several related sampling methods. The results demonstrate that the proposed ANLS can significantly improve the estimation accuracy, particularly for small-size flows, while maintain a memory and processing overhead comparable to existing methods.

Yufeng Chen,Yabo Dong,Zhengtao Xiang,Dongming Lu

DOI: https://doi.org/10.1109/chinacom.2008.4685032

2008-01-01

Abstract:To obtain a trade-off between veracity and complexity when simulating TCP traffic, a hybrid simulating framework is proposed based on the packet-level simulation and aggregated control. The aggregated TCP traffic of access network in the gateway is proposed as simulated object, instead of the traffic generated at individual host or session level. The framework is divided into four parts: traffic generator, transmission controller, traffic sink and network. The traffic with self-similarity or multi-fractal property at application level is generated by traffic generator. The transmission controller sends packets to traffic sink based on aggregated control. The transmission controller also sends control information to traffic generator according to the status of network, and the traffic generator decides how to change the generating mode of traffic. The simulation results of non-congestion case and congestion case show the validity of the framework. The time cost shows our simulating framework possesses better performance.

Michael Kallitsis,Stilian Stoev,George Michailidis

DOI: https://doi.org/10.48550/arXiv.1306.5793

2013-06-24

Systems and Control

Abstract:The robustness and integrity of IP networks require efficient tools for traffic monitoring and analysis, which scale well with traffic volume and network size. We address the problem of optimal large-scale flow monitoring of computer networks under resource constraints. We propose a stochastic optimization framework where traffic measurements are done by exploiting the spatial (across network links) and temporal relationship of traffic flows. Specifically, given the network topology, the state-space characterization of network flows and sampling constraints at each monitoring station, we seek an optimal packet sampling strategy that yields the best traffic volume estimation for all flows of the network. The optimal sampling design is the result of a concave minimization problem; then, Kalman filtering is employed to yield a sequence of traffic estimates for each network flow. We evaluate our algorithm using real-world Internet2 data.

Chengchen Hu,Bin Liu,Zhen Liu,Shifang Gao,Dapeng Oliver Wu

2008-01-01

Abstract:Flow-level traffic measurement is important for network traffic accounting, traffic engineering, and network security. However, flow-level measurement in high speed networks poses great challenges due to the requirements of high packet processing speed and large memory size (high time/space complexity). To reduce these demanding requirements, sampling is usually used and samplers are deployed in the network. But sampling incurs information loss. To address this issue, this paper studies the tradeoff between sampling loss and complexity in distributed sampling system. We formulate the distributed sampling problem as a constrained optimization problem; specifically, maximizing the measurement coverage (i.e., the percentage of sampled traffic among the total traffic) and minimizing the complexity/budget. Considering the stochastic nature of traffic flows, we further formulate the optimization problem under two stochastic criteria: Stochastic Expected Value Optimization criterion (which is concerned with average performance) and Stochastic Chance Constrained Optimization criterion (which is concerned with the distribution of performance measure). Then we propose a Hybrid Intelligent algorithm to decide the optimal deployment strategy for monitors' placement and the sampling rate at each monitor. Equipped with the proposed algorithm, we are able to address the optimal tradeoff between measurement coverage and deployment cost for networks with random traffic, which has not been studied before. The extensive simulations and experiments demonstrate the effectiveness of our models and algorithm: with careful deployment, monitoring over a small fraction of nodes in a high speed network is sufficient to maintain a high level of measurement coverage.

ZHANG Zhen,ZHANG Jin,WANG Bin-qiang,LI Hui

2009-01-01

Abstract:The technique of traffic sampling measurement is an important scalable solution in high-speed network.NetFlow is one of the applications which is widely deployed for traffic measurement.However,the sampling method of NetFlow has shortcomings.In order to overcome those deficiencies,a novel sketch called time stratified adaptive packet sampling was proposed based on traffic load.The proposed sketch adopts the following methods:bounding sampling error within a pre-specified tolerance level,time stratified sampling and predicting traffic load adaptively.The easily-implemented packet sampling method presented can not only automatically adapt the sampling rate to traffic variety,but also give the right tradeoff between resource consumption and accuracy for all traffic mixes.Experiments were conducted based on real network traces.Results demonstrate that the proposed method can achieve simplicity,adaptability and controllability of resource consumption without sacrificing accuracy compared with other sampling methods.

Chengchen Hu,Bin Liu,Zhen Liu,Shifang Gao,Dapeng Wu

DOI: https://doi.org/10.1109/ICC.2006.254776

2006-01-01

Abstract:Flow-level traffic measurement is important for net- work management. The widely used centralized per-flow meas- urement faces a great challenge due to the demanding require- ment on both memory bandwidth and memory size within a sin- gle traffic monitor. This paper addresses the issue of deploying a Distributed Passive Measurement System (DPMS) in a large scale network; specifically, we study how to optimally place traffic monitors and sample stochastic traffic flows, so that the probabil- ity of a packet being sampled (a.k.a. measurement coverage) is maximized. We formulate this problem as a Stochastic Chance Constrained Optimization (SCCO) problem; and we propose a Hybrid Intelligent (HI) algorithm to solve this problem. The HI algorithm consists of two major components, namely, uncertain function approximation and genetic algorithm. Equipped with the HI algorithm, we are able to address the optimal tradeoff between measurement coverage and deployment cost for net- works with random traffic, which has not been studied before. Our simulations and experiments demonstrate the effectiveness of our algorithm, i.e., a small deployment cost or a small number of monitors are sufficient to maintain a high level of measure- ment coverage.

Yulin Shao,Soung Chang Liew,He Chen

2020-01-01

Abstract: Software-defined networking simplifies network monitoring by means of per-flow sampling, wherein the controller keeps track of the active flows in the network and samples the switches on each flow path to collect the flow statistics. A tradeoff in this process is between the controller's sampling preference and the balancing of loads among switches. On the one hand, the controller may prefer to sample some of the switches on the flow path because they yield more accurate flow statistics. On the other hand, it is desirable to sample the switches uniformly so that their resource consumptions and lifespan are balanced. Focusing on the application of traffic matrix estimation, this paper formulates the per-flow sampling problem as a Markov decision process and devises policies that can achieve good tradeoffs between sampling accuracy and load balancing. Three classes of policies are investigated: the optimal policy, the state-independent policies, and the index policies, including the Whittle index and a second-order index policies. The second-order index policy is the most desired policy among all: 1) in terms of performance, it is on an equal footing with the Whittle index policy, and outperforms the state-independent policies by much; 2) in terms of complexity, it is much simpler than the optimal policy, and is comparable to state-independent policies and the Whittle index policy; 3) in terms of realizability, it requires no prior information on the network dynamics, hence is much easier to implement in practice.

Soroosh Esmaeilian,Mahdi Dolati,Sogand Sadrhaghighi,Majid Ghaderi

2024-09-10

Abstract:Traffic sampling has become an indispensable tool in network management. While there exists a plethora of sampling systems, they generally assume flow rates are stable and predictable over a sampling period. Consequently, when deployed in networks with dynamic flow rates, some flows may be missed or under-sampled, while others are over-sampled. This paper presents the design and evaluation of dSamp, a network-wide sampling system capable of handling dynamic flow rates in Software-Defined Networks (SDNs). The key idea in dSamp is to consider flow rate fluctuations when deciding on which network switches and at what rate to sample each flow. To this end, we develop a general model for sampling allocation with dynamic flow rates, and then design an efficient approximate integer linear program called APX that can be used to compute sampling allocations even in large-scale networks. To show the efficacy of dSamp for network monitoring, we have implemented APX and several existing solutions in ns-3 and conducted extensive experiments using model-driven as well as trace-driven simulations. Our results indicate that, by considering dynamic flow rates, APX outperforms the existing solutions by up to 10% in sampling more flows at a given sampling rate.

Networking and Internet Architecture

Jin ZHANG,Jiang-Xing WU,Xiao-Na NIU

DOI: https://doi.org/10.3724/SP.J.1001.2010.03667

2010-01-01

Ruan Jian Xue Bao/Journal of Software

Abstract:Fair packet sampling can obtain a higher packet sampling ratio of short flows by sacrificing the packet sampling of long ones; thus, ensuring better fairness among all flows than uniform random sampling does. However, the previously proposed fair sampling algorithm of Sketch Guided Sampling (SGS) has the drawbacks of poor space efficiency and large estimation error for short flows. In this paper, a space-efficient fair packet sampling (SEFS) algorithm is proposed. The key innovation of SEFS is a multi-resolution d-left hashing schema for flow traffic estimation. The performance of SEFS is compared to that of SGS in contexts of both flow traffic measurements and a long flow identification process that uses real-world traffic traces collected from OC-48 and OC-192 backbone network. The experimental results show that the proposed SEFS is more accurate than SGS in both application contexts, while a reduction of 65 percent in space complexity can be achieved. The improvement of estimation accuracy of SEFS is remarkable, especially for short flows, which comprise as past of a large percentage of whole network traffic flows. © by Institute of Software, the Chinese Academy of Sciences.

Chengchen Hu,Bin Liu,Sheng Wang,Jia Tian,Yu Cheng,Yan Chen

DOI: https://doi.org/10.1109/tcomm.2011.112311.100622

IF: 6.166

2012-01-01

IEEE Transactions on Communications

Abstract:Sampling technology has been widely deployed in network measurement systems to control memory consumption and processing overhead. However, most of the existing methods suffer from large errors for the estimation of small-size flows. To address this problem, we propose an adaptive non-linear sampling (ANLS) method for flow size estimation. Instead of statically pre-configuring the sampling rate, ANLS dynamically adjusts the sampling rate for each flow according to the value of a corresponding counter. A smaller sampling rate is utilized when the counter value is large, while a larger sampling rate is employed for a smaller counter. In this paper, the unbiased flow size estimation, the relative error, and the required counter size are studied through theoretical analysis and experimental evaluations. The analysis and experiments demonstrate that ANLS can significantly improve the estimation accuracy (particularly for small-size flows), and save memory consumption, while maintaining processing overhead comparable to existing methods. Moreover, we validate the design of ANLS by implementing an FPGA-based prototype, which is capable of measuring traffic throughput up to 26.5 Gbps.

JF Wang,L Li,MT Zhou,FJ Xu,FC Sun

DOI: https://doi.org/10.1109/glocom.2004.1378260

2004-01-01

Abstract:Collecting network traffic is becoming a more challenging task in passive network measurement due to the rapid growth of link speed. Flow-based network traffic capture and storage is an efficient way for high-speed network measurement. Based on the statistical investigation of the correlations between flow size and the maximum packet interinterval time of consecutive packets within a flow, we obtain the empirical conditional distribution functions for some popular TCP protocol-based application flows, and then propose a probability-guaranteed adaptive timeout algorithm (PGAT) for flow termination decision. The assessment criteria for the flow termination decision algorithm is systematically developed. Comparisons on flow generation ratio, flow intact ratio, and mean flow extra retaining time metrics indicate that the PGAT algorithm can obtain more attractive performance than other schemes.

Xiaofei Bu,Yu-E Sun,Yang Du,Xiaocan Wu,Boyu Zhang,He Huang

DOI: https://doi.org/10.1007/s12083-020-01036-8

2021-01-11

Abstract:Detecting the flows with abnormally large spreads over big network data can help us identify network attacks, such as DDoS attacks and scanners. Most per-flow measurement studies use compact data structures to reduce their memory requirements, fitting in the limited on-chip memory and catching up with the line rate. In this paper, we study a novel problem called spread estimation among multi-periods to measure the total number of distinct elements or the number of distinct <i>k</i>-persistent elements in a flow among multiple traffic measurement periods. In our design, we use an on-chip/off-chip model to record the per-flow traffic information, which uses small on-chip memory and matches the line rate, <i>i.e.</i>, we use on-chip memory to filter out the duplicates, sample the elements, and store the sampled traffic data in off-chip memory. By performing the set operations on the sampled traffic data, we can derive the total number of distinct elements and the number of distinct <i>k</i>-persistent elements among multiple periods based on probability analysis. The experimental results on real Internet traffic traces show that, when performing spread estimation among multiple periods, our estimator is efficient in memory usage and estimation accuracy and can efficiently detect the stealthy DDoS attack and scanners.

computer science, information systems,telecommunications

Xingyu Ma,Chengchen Hu,Junchen Jiang,Jing Wang

DOI: https://doi.org/10.1109/LCN.2011.6115368

2011-01-01

Abstract:Flow size statistics is a fundamental task of passive measurement. In order to bound the estimation error of passive measurement for both small and large flows, previous probabilistic counter updating algorithms used linear or nonlinear sampling function to automatically adjust the sampling rate. However, each of these methods employed a pre-set and fixed sampling function during the measurement period. As a result, the performance would vary for different flow distributions. In this paper, we propose a Smart Selection Sampling (S3) approach, which can tune the sampling function to reach a comparatively lower relative error. The key component of S3 is a heuristic algorithm leveraging the flow distribution information to determine a better sampling function so as to achieve better measurement accuracy. Experiments under real trace and synthetic traces demonstrate that S3 is more accurate than the previous work if given the same memory sizes to accommodate flow statistics counters.

Jin Zhang,Xiaona Niu,Jiangxing Wu

DOI: https://doi.org/10.1007/978-3-540-88623-5_25

2008-01-01

Abstract:Due to the high-skewed nature of network flow size distributions, uniform packet sampling concentrates too much on a few large flows and ignores the majority of small ones. To overcome this drawback, recently proposed Sketch Guided Sampling (SGS) selects each packet at a probability that is decreasing with its current flow size, which results in better flow wide fairness. However, the pitfall of SGS is that it needs a large, high-speed memory to accommodate flow size sketch, making it impractical to be implemented and inflexible to be deployed. We refined the flow size sketch using a multi-resolution d-left hashing schema, which is both space-efficient and accurate. A new fair packet sampling algorithm which is named Space-Efficient Fair Sampling (SEFS) is proposed based on this novel flow size sketch. We compared the performance of SEFS with that of SGS in the context of flow traffic measurement and large flow identification using real-world traffic traces. The experimental results show that SEFS outperforms SGS in both application contexts while a reduction of 65 percent in space complexity can be achieved.

Zhen Li,Yahui Yang,Guangxing Zhang,Guangcheng Qin

DOI: https://doi.org/10.1109/ICACTE.2010.5579256

2010-01-01

Abstract:Identifying heavy hitters is essential for network monitoring, management, charging and etc. Existing methods in the literature have some limitations. How to reduce the memory consumption effectively without compromising identification accuracy is still challenging. In this paper, an adaptive method combining sampling and data streaming counting is proposed, called FSPLC(feedback sampling probabilistic lossy counting). Based on the history information in the flow counter table, FSPLC can adjust the sampling frequency dynamically, and also adapt to the real-time traffic changes. Comparison with state-of-the-art algorithms based on real Internet traces suggests that FSPLC is remarkably efficient and accurate. Experiment results show that FSPLC has 1) 60% lower memory consumption, 2) 15% smaller false-positive ratio.

Keqiang He,Chengchen Hu,Junchen Jiang,Yachao Zhou,Bin Liu

DOI: https://doi.org/10.1109/glocom.2010.5684142

2010-01-01

Abstract:Flow-level sampling methods have been widely studied and extensively employed in network traffic measurement systems. However, traffic anomalies are becoming more prevalent and severe in the Internet, which pose great challenges to the traffic measurement. Existing solutions targeted at such scenario have either low accuracy or high memory usage. In this paper, we propose a two-stage sampling approach-Anti Attack Counters (A2C) and an efficient parameter adapting method to solve the problem. The proposed sampling mechanism can adapt to the network condition automatically and collect more information even under severe traffic attacks. Theoretical analysis on accuracy and resource requirement is presented in our work. Furthermore, we validate our approach using both synthetic and real traces. The experimental results demonstrate that A2C is of high resilience while providing significantly improved measurement accuracy with reduced memory occupation comparing with other existing anti-attack countermeasures.

Jf Wang,L Li,Fc Sun,Mt Zhou

DOI: https://doi.org/10.1016/j.comnet.2004.11.005

IF: 5.493

2005-01-01

Computer Networks

Abstract:Collecting network traffic is becoming a more challenging task in passive network measurement due to the rapid growth of link speed. Flow-based network traffic capture and storage provides an efficient way for high-speed network measurement. The paper concentrates on the flow detection issue which is also the premise for further flow-based traffic analysis and modeling in such challenging environment. Based on the statistical investigation of the correlations between flow size and the maximum packet interarrival time within a flow, we obtain the empirical conditional distribution functions for some popular TCP protocol-based application flows, and then propose a Probability-Guaranteed Adaptive Timeout algorithm (PGAT) for flow termination decision. The assessment criteria for flow termination decision algorithm is systematically developed. Comparisons onflow generation ratio,flow intact ratio, and meanflow extra retaining time metrics indicate that the PGAT algorithm can obtain more attractive performance than other related works. (c) 2004 Elsevier B.V. All rights reserved.

Jiqing Gu,Chao Song,Haipeng Dai,Lei Shi,Jinqiu Wu,Li Lu

DOI: https://doi.org/10.3390/s22207932

IF: 3.9

2022-01-01

Sensors

Abstract:Software-defined measurement (SDM) is a simple and efficient way to deploy measurement tasks and collect measurement data. With SDM, it is convenient for operators to implement fine-grained network-wide measurements at the flow level, from which many important functions can benefit. The prior work provides mechanisms to distribute flows to monitors, such that each monitor can identify its non-overlapped subset of flows to measure, and a certain global performance criterion is optimized, such as load balance or flow coverage. Many applications of network management can benefit from a function that can find large flows efficiently, such as congestion control by dynamically scheduling large flows, caching of forwarding table entries, and network capacity planning. However, the current network-wide measurements neglect the diversity of different flows as they treat large flows and small flows equally. In this paper, we present a mechanism of accuracy-aware collaborative monitoring (ACM) to improve the measurement accuracies of large flows in network-wide measurements at the flow level. The structure of the sketch is an approximate counting algorithm, and a high-measurement accuracy can be achieved by merging the results from multiple monitors with sketches, which is termed as collaborative monitoring. The core idea of our method is to allocate more monitors to large flows and achieve the load balance to provide accuracy-aware monitoring. We modeled our problem as an integer–linear programming problem, which is NP-hard. Thus, we propose an approximation algorithm, named the improved longest processing time algorithm (iLPTA); we proved that its approximation ratio is (12+nl). We propose a two-stage online distribution algorithm (TODA). Moreover, we proved that its approximation ratio is (1+nl−1). The iLPTA is an offline approximation algorithm used to assign monitors for each flow, which prove the validity and feasibility of the core idea. The TODA is an online algorithm that attempts to achieve the load balance by selecting the monitor with the smallest load to a large flow. Our extensional experiment results verify the effectiveness of our proposed algorithms.