Qingjun Xiao,Yuexiao Cai,Yunpeng Cao,Shigang Chen

DOI: https://doi.org/10.1109/TNET.2023.3268980

2023-01-01

Abstract:On a high-speed link, there may be tens of millions of IP packets per second and millions of active flows. Maintaining the state of each flow is a fundamental task underlying many network functions, such as load balancing and network anomaly detection. There are two important kinds of per-flow states: per flow size (e.g., the number of packets received by an arbitrary destination IP) and per-flow cardinality (e.g., the number of distinct source IP addresses that contacted each destination IP). In this paper, we focus on the latter kind of states, and define a new problem: online query of per-flow cardinality, in which we query any given flow's cardinality entirely on the data plane with low time complexity. For this problem, we propose three solutions named On-vHLL, Ton-vHLL and Aton-vHLL, whose time cost are O (1) even for the query operation. Our proposed techniques are three folds. First, we redesign the traditional vHLL with new supplementary data structures called incremental update units (IUUs). When a certain flow's cardinality is queried, these IUUs can avoid scanning the whole data structure and reduce the time complexity to O(1). Second, we apply a HLL register compression technique called TailCut to the On-vHLL sketch, which can save memory cost by 50%. Third, we add a prefilter based on min-heap, alongside the Ton-vHLL sketch. The prefilter is to give each currently sampled top -k superspreader a dedicated HyperLogLog estimator for better accuracy. It can also absorb the superspreaders' packets bypassing the sketch. We evaluate our new sketches by simulation with CAIDA traces. The results show that our On-vHLL, Ton-vHLL and Aton-vHLL sketches need about 5 memory accesses per packet. The time cost of query operation decreases by hundreds of times than the traditional vHLL that can only be queried offline. Meanwhile, the estimation error of flow spread by our Aton-vHLL is comparable to vHLL.

Qingjun Xiao,Shigang Chen,You Zhou,Junzhou Luo,Tengli Li,Yibei Ling

2017-01-01

Abstract:For many practical applications, it is a fundamental problem to estimate the flow cardinalities over big network data consisting of numerous flows (especially a large quantity of mouse flows mixed with a small number of elephant flows, whose cardinalities follow a power-law distribution). Traditionally the research on this problem focused on using a small amount of memory to estimate each flow’s cardinality from a large range (up to 10). However, although the memory needed for each individual flow has been greatly compressed, when there is an extremely large number of flows, the overall memory demand can still be very high, exceeding the availability under some important scenarios, such as implementing online measurement modules in network processors using only on-chip cache memory. In this paper, instead of allocating a separated data structure (called estimator) for each flow, we take a different path by viewing all the flows together as a whole: Each flow is allocated with a virtual estimator, and these virtual estimators share a common memory space. We discover that sharing at the multi-bit register level is superior than sharing at the bit level. We propose a unified framework of virtual estimators that allows us to apply Manuscript received September 1, 2016; revised May 5, 2017; accepted September 6, 2017; approved by IEEE/ACM TRANSACTIONS ON NETWORKING Editor M. Li. Date of publication October 9, 2017; date of current version December 15, 2017. The preliminary version of this paper titled “Hyper-Compact Virtual Estimators for Big Network Data Based on Register Sharing” was published in proceedings of the ACM SIGMETRICS, pp. 417–428, June 2015. This work was supported in part by the National Key Research and Development Program of China under Grant 2017YFB1003000, in part by the National Natural Science Foundation of China under Grant 61502098, Grant 61632008, and Grant 61320106007, in part by Jiangsu Provincial Natural Science Foundation of China under Grant BK20150629, in part by the National Science Foundation of United States under Grant CNS1719222 and Grant STC-1562485, in part by a Grant from the Florida Cybersecurity Center, in part by the Jiangsu Provincial Key Laboratory of Network and Information Security under Grant BM2003201, in part by the Key Laboratory of Computer Network and Information Integration of Ministry of Education of China under Grant 93K-9, and in part by the Collaborative Innovation Center of Novel Software Technology and Industrialization. (Corresponding author: Shigang Chen.) Q. Xiao, J. Luo, and T. Li are with the School of Computer Science and Engineering, Southeast University, Nanjing 210018, China (e-mail: csqjxiao@seu.edu.cn; jluo@seu.edu.cn; freya.li.tengli@gmail.com). S. Chen and Y. Zhou are with the Department of Computer and Information Science and Engineering, University of Florida, Gainesville, FL 32611 USA (e-mail: sgchen@cise.ufl.edu; youzhou@cise.ufl.edu). M. Chen was with the Department of Computer and Information Science and Engineering, University of Florida, Gainesville, FL 32611 USA. He is now with Google Inc, Mountain View, CA 94043 USA (e-mail: minchen@google.com). Y. Ling is with the Applied Research Laboratories, Telcordia Technologies, Morristown, NJ 07960 USA (e-mail: lingy@research.telcordia.com). Digital Object Identifier 10.1109/TNET.2017.2753842 the idea of sharing to an array of cardinality estimation solutions, e.g., HyperLogLog and PCSA, achieving far better memory efficiency than the best existing work. Our experiment shows that the new solution can work in a tight memory space of less than 1 bit per flow or even one tenth of a bit per flow — a quest that has never been realized before.

Qingjun Xiao,Shigang Chen,You Zhou,Min Chen,Junzhou Luo,Tengli Li,Yibei Ling

DOI: https://doi.org/10.1109/tnet.2017.2753842

2017-01-01

IEEE/ACM Transactions on Networking

Abstract:For many practical applications, it is a fundamental problem to estimate the flow cardinalities over big network data consisting of numerous flows (especially a large quantity of mouse flows mixed with a small number of elephant flows, whose cardinalities follow a power-law distribution). Traditionally the research on this problem focused on using a small amount of memory to estimate each flow's cardinality from a large range (up to 10(9)). However, although the memory needed for each individual flow has been greatly compressed, when there is an extremely large number of flows, the overall memory demand can still be very high, exceeding the availability under some important scenarios, such as implementing online measurement modules in network processors using only on-chip cache memory. In this paper, instead of allocating a separated data structure (called estimator) for each flow, we take a different path by viewing all the flows together as a whole: Each flow is allocated with a virtual estimator, and these virtual estimators share a common memory space. We discover that sharing at the multi-bit register level is superior than sharing at the bit level. We propose a unified framework of virtual estimators that allows us to apply the idea of sharing to an array of cardinality estimation solutions, e.g., HyperLogLog and PCSA, achieving far better memory efficiency than the best existing work. Our experiment shows that the new solution can work in a tight memory space of less than 1 bit per flow or even one tenth of a bit per flow - a quest that has never been realized before.

Quanwei Zhang,Qingjun Xiao,Yuexiao Cai

DOI: https://doi.org/10.1016/j.comnet.2023.110059

IF: 5.493

2023-01-01

Computer Networks

Abstract:For a high-speed network, it is an important task to process the IP packet stream using limited memory and measure its statistical metrics of interest. While many algorithms have been proposed to estimate the cardinality of a single data stream (i.e., the number of distinct elements), it remains a great challenge when a stream contains numerous sub-streams, called flows. In this paper, we focus on a problem of designing a generic data structure to measure multiple types of per-flow statistics in a high-speed stream, including per-flow cardinality, top-K super-spreading flows with the greatest cardinalities, per-flow cardinality moments and per-flow cardinality distribution. Previous solutions for generic measurement mainly focus on the frequency-related statistics measurement, while this paper makes a step forward to support deduplication, i.e., cardinality-related measuring. To address this new problem, we propose a generic sketch named M2D. The challenge is that the per-flow cardinality distribution is often highly skewed with a small proportion of super-spreaders. To tame the skewness, we adopt the adjustable progressive sampling technique, which samples subsets of flows by an exponentially decreasing probability according to their cardinalities. Based on the sampled super-spreaders, we estimate the moments of per-flow cardinalities with different orders. We finally apply the method of moments to reconstruct the per-flow cardinality distribution with no priori knowledge about its formula. Our experiments show M2D’s high memory efficiency (average savings of 38%) and satisfactory distribution estimation accuracy (2% to 98% improvement) than other algorithms.

Tian Pan,Xiaoyu Guo,Chenhui Zhang,Junchen Jiang,Hao Wu,Bin Liu

DOI: https://doi.org/10.1109/infcom.2012.6195535

2012-01-01

Abstract:Today's Internet applications exhibit increased diversity, while the Internet routers are still oblivious to this trend. To improve the end-to-end application QoS, one solution is to embed the application information explicitly in packet headers, but it will bring global changes. Another local solution is router-assisted traffic differentiation. To achieve this, the functionalities including packet identification and flow tracking inside the router are required. While most existing studies focus on the former, fewer efforts are put on the later. Given a large flow table is involved, how to track millions of concurrent flows in a cost-effective manner on a router's line card raises a great space-time challenge. To address this, we design an on-chip/off-chip flow tracking system to accommodate millions of flows and achieve the throughput at tens of Gigabits. By exploiting temporal locality and heavy-tailedness of Layer-4 traffic, we design the Adaptive Least Frequently Evicted (ALFE) replacement policy to catch elephant flows, therefore maintain a high cache hit rate. To alleviate performance penalty due to the cache misses, we organize the flow table in a fixed-allocated manner to fully utilize modern DRAM's burst feature. We have implemented a research prototype using FPGA for performance evaluation. The experiment results show that our system can reach 80% hit rate with a small-sized cache of 16K entries, while achieving 70Mpps throughput. This enables backbone line rate processing. Further, more than 40% power saving can be achieved by our system, which is fast and accurate with only 3% FPGA resource usage.

Xun Song,Jiaqi Zheng,Hao Qian,Shiju Zhao,Hongxuan Zhang,Xuntao Pan,Guihai Chen

DOI: https://doi.org/10.1109/tkde.2024.3486571

IF: 9.235

2024-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Estimating per-flow cardinality from high-speed data streams has many applications such as anomaly detection and resource allocation. Yet despite tracking single flow cardinality with approximation algorithms offered, there remain algorithmical challenges for monitoring multi-flows especially under unbalanced cardinality distribution: existing methods adopt a uniform sketch layout and incur a large memory footprint to achieve high accuracy. Furthermore, they are hard to implement in the compact hardware used for line-rate processing. In this paper, we propose Couper, a memory-efficient measurement framework that can estimate cardinality for multi-flows under unbalanced cardinality distribution. We propose a two-layer structure based on a classic coupon collector's principle, where numerous mice flows are confined to the first layer and only the potential elephant flows are allowed to enter the second layer. Our two-layer structure can better fit the unbalanced cardinality distribution in practice and achieve much higher memory efficiency. We implement Couper in both software and hardware. Extensive evaluation under real-world and synthetic data traces show more than 20× improvements in terms of memory-efficiency compared to state-of-the-art.

Yifan Han,He Huang,Yang Du,Yu-E Sun,Jia Liu,Hongli Xu

DOI: https://doi.org/10.1109/ispa-bdcloud-socialcom-sustaincom59178.2023.00036

2023-01-01

Abstract:Per-flow size measurement has wide applications in data center networks, such as flow scheduling, anomaly detection, and traffic engineering. To fit the module into limited on-chip memory and catch up with the line speed, existing works either use the bit sharing scheme to compress the flow information or require complex calculations to screen out large flows, resulting in substantial accuracy loss or heavy memory accesses, especially failing to measure medium-sized flows accurately, which are meaningful for practical applications such as usage accounting and billing. In light of this, we propose a new Hierarchical Sketch that adopts a hybrid on-chip/off-chip architecture to detect and estimate the flows whose size exceeds the threshold t (threshold-t flows for short) to cover both large and medium-sized flows. In Hierarchical Sketch, we design an on-chip bucket array together with an adaptive update scheme to record potential candidates for threshold$-t$ flows within one memory access as well as filter out unwanted flows. Besides, the flow records are downloaded to off-chip space for high memory efficiency and supporting online queries. We also implement a prototype on the NetFPGA development platform. Experimental results show that Hierarchical Sketch is up to 72.61% more accurate and 245% faster than the best baseline.

Xun Song,Jiaqi Zheng,Hao Qian,Shiju Zhao,Hongxuan Zhang,Xuntao Pan,Guihai Chen

DOI: https://doi.org/10.1109/icde55515.2023.00211

2023-01-01

Abstract:Estimating per-flow cardinality from high-speed data streams has many applications such as anomaly detection and resource allocation. Yet despite tracking single flow cardinality with approximation algorithms offered, there remain algorithmical challenges for monitoring multi-flows especially under unbalanced cardinality distribution: existing methods adopt a uniform sketch layout and incur a large memory footprint to achieve high accuracy. Furthermore, they are hard to implement in the compact hardware used for line-rate processing.In this paper, we propose Couper, a memory-efficient measurement framework that can estimate cardinality for multi-flows under unbalanced cardinality distribution. We propose a two-layer structure based on a classic coupon collector’s principle, where numerous mice flows are confined to the first layer and only the potential elephant flows are allowed to enter the second layer. Our two-layer structure can better fit the unbalanced cardinality distribution in practice and achieve much higher memory efficiency. We implement Couper in both software and hardware. Extensive evaluation under real-world and synthetic data traces show more than 20× improvements in terms of memory-efficiency compared to state-of-the-art.

Guang Cheng,Jian Gong,Yongning Tang

2007-01-01

Abstract:Detecting flow information in high-speed links on such as flow distribution, the number of flow, heavy-tailed flow and so on is a challenging issue, so some flow sampling methodologies and data streaming algorithms are studied to relieve the overload. All these flow sampling and data streaming techniques are based on flow-based hash function. The hash functions used in high-speed networks have some specific properties: uniformity of distribution, computation speed. In this paper, we design a hash-based flow selection function for high-speed network links. We prove that both XOR operator and SHIFT operator can increase the uniformity of distribution, and a new hash-based flow selection method based on both XOR and SHIFT operator is proposed. The performance of this hash function is evaluated by mathematical analysis and trace-driven experiments on CERNET (China Education and Research Network).

Zongyi Zhao,Xingang Shi,Zhiliang Wang,Qing Li,Han Zhang,Xia Yin

DOI: https://doi.org/10.1109/tpds.2021.3099442

IF: 5.3

2022-05-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Traditional tools like NetFlow face great challenges as both the speed and the complexity of the network traffic increase. To keep the pace up, we propose HashFlow for more efficient and accurate collection of flow records. HashFlow keeps large flows in its main flow table and uses an ancillary table to summarize the other flows when the main table is full. With our flow collision resolution and flow record promotion schemes, a flow in the ancillary table is promoted back to the main flow table with a guaranteed probability when it becomes large enough. These operations can be performed highly efficiently, so HashFlow can keep up with ultra-high traffic speed. We implement HashFlow in a Tofino switch, and using traces from different operational networks, we compare its performance against some state-of-the-art flow measurement algorithms. Our experiments show that, for various types of traffic analysis applications, HashFlow consistently demonstrates clearly better performance than its competitors. For example, the performance of HashFlow in flow size estimation, flow size distribution estimation and heavy hitter detection is up to 21, 60 and 35 percent better than those of the best competitors respectively, and these merits of HashFlow come with almost no degradation of throughput.

computer science, theory & methods,engineering, electrical & electronic

Xiaofei Bu,Yu-E Sun,Yang Du,Xiaocan Wu,Boyu Zhang,He Huang

DOI: https://doi.org/10.1007/s12083-020-01036-8

2021-01-11

Abstract:Detecting the flows with abnormally large spreads over big network data can help us identify network attacks, such as DDoS attacks and scanners. Most per-flow measurement studies use compact data structures to reduce their memory requirements, fitting in the limited on-chip memory and catching up with the line rate. In this paper, we study a novel problem called spread estimation among multi-periods to measure the total number of distinct elements or the number of distinct <i>k</i>-persistent elements in a flow among multiple traffic measurement periods. In our design, we use an on-chip/off-chip model to record the per-flow traffic information, which uses small on-chip memory and matches the line rate, <i>i.e.</i>, we use on-chip memory to filter out the duplicates, sample the elements, and store the sampled traffic data in off-chip memory. By performing the set operations on the sampled traffic data, we can derive the total number of distinct elements and the number of distinct <i>k</i>-persistent elements among multiple periods based on probability analysis. The experimental results on real Internet traffic traces show that, when performing spread estimation among multiple periods, our estimator is efficient in memory usage and estimation accuracy and can efficiently detect the stealthy DDoS attack and scanners.

computer science, information systems,telecommunications

Zhiying Tang,Qingjun Xiao,Junzhou Luo

DOI: https://doi.org/10.1145/3321408.3323084

2019-01-01

Abstract:Network traffic measurement is important for network management, including bandwidth management to mitigate network congestion, and security management to detect DDOS attacks and worm spreading. However, with the explosive volume of network data and the fast transmission speed of network packets (in giga or even tera bps), it is a challenging task to measure the size of each network flow both accurately and memory-efficiently, using the size-limited SRAM memory of line card. Therefore, many sublinear space algorithms for processing data streams have been proposed, such as CountMin (CM), Count Sketch (CS) and Virtual Active Counters (VAC), which achieve extreme memory compactness by providing probabilistic guarantees on flow size measurement accuracy. However, these existing algorithms can still be greatly improved as to the performance of both online recording and querying the per-flow size, which is needed for online tracking heavy hitters. Our paper proposes a highly compact and efficient counter architecture, called CountMin virtual active counter (CM-VAC), which provides more accurate measurement results than CM and CS under a very tight memory space. We also achieve higher query speed than VAC by modifying its query policy. We demonstrate the superior performance of our algorithm by both experimental results and theoretical analysis based on CAIDA network traces.

Hao Wu,Jian Yan,Jianhua Lu

DOI: https://doi.org/10.1109/tnse.2020.3000591

IF: 6.6

2020-10-01

IEEE Transactions on Network Science and Engineering

Abstract:Massive Internet of Things devices with rapidly growing traffic make heterogeneous communications network a commercial infrastructure. As a critical network metric that represents the value created by the network, the service payoff of the network is positively correlated with the network throughput only when the quality of service (QoS) delivered to data-flows is guaranteed. To maximize the service payoff of the network, we propose a so-called FlowTrace as an QoS guarantee scheme. We first model the upper bound of the service payoff in a network as the maximum posterior service payoff (MPSP). To facilitate online bandwidth allocation and approximate the upper bound of the service payoff, we formulate a dynamic weight-based online bandwidth allocation (DWOBA) problem by designing dynamic weight as the flow metric. To relieve the computational pressure in the centralized network controller and the following bottleneck effect, we then decompose the DWOBA problem to a two-step DWOBA problem. Moreover, we propose a semi-centralized bandwidth allocation algorithm based on parallel edge computing for the two-step DWOBA problem. Simulation results demonstrate that the proposed FlowTrace outperforms prevalent online methods with a 3$sim$10x service payoff improvement under heavy traffic load and the optimization result reaches 70$%$ of the MPSP.

engineering, multidisciplinary,mathematics, interdisciplinary applications

Zhiqing Xiao,Yunzhou Li,Ming Zhao,Xibin Xu,Jing Wang

DOI: https://doi.org/10.1109/tcomm.2015.2438811

IF: 6.166

2015-01-01

IEEE Transactions on Communications

Abstract:This paper studies the allocation of information flows in noiseless, memoryless communication networks in the presence of omniscient Byzantine adversary. In such networks, adversary may maliciously modify some edge-flows, and legitimate users should resort to network error correction strategies to transmit data reliably. Unlike prior papers, which focused on the capacities of the networks, we consider the expense of resources used by the flow. Hereby, this paper uses an optimization problem to define the concept of minimum cost network error correction flows. We provide a necessary and sufficient condition of feasibility of the allocation problem, and derive a cut-set outer bound on the feasible region. Using this cut-set bound, we can find the minimum cost network error correction flow in some instances. Moreover, we also consider the relationship between incoming edge-flows and outgoing edge-flows of a vertex. As for the directed acyclic graphs, we propose an algorithm to allocate the network error correction flow. This algorithm is with polynomial time complexity, and proves to be optimal when recoding at intermediate nodes is forbidden. Additionally, in order to justify the necessity of recoding at intermediate nodes, we analyze the benefit of intermediate recoding. On the one hand, we construct a series of instances to prove that intermediate recoding can bring enormous benefits in some networks. On the other hand, numerical analysis shows that the benefit is modest in small random graphs.

Zongyi Zhao,Xingang Shi,Xia Yin,Zhiliang Wang

DOI: https://doi.org/10.48550/arXiv.1812.01846

2018-12-05

Abstract:Collecting flow records is a common practice of network operators and researchers for monitoring, diagnosing and understanding a network. Traditional tools like NetFlow face great challenges when both the speed and the complexity of the network traffic increase. To keep pace up, we propose HashFlow, a tool for more efficient and accurate collection and analysis of flow records. The central idea of HashFlow is to maintain accurate records for elephant flows, but summarized records for mice flows, by applying a novel collision resolution and record promotion strategy to hash tables. The performance bound can be analyzed with a probabilistic model, and with this strategy, HashFlow achieves a better utilization of space, and also more accurate flow records, without bringing extra complexity. We have implemented HashFlow, as well as several latest flow measurement algorithms such as FlowRadar, HashPipe and ElasticSketch, in a P4 software switch. Then we use traces from different operational networks to evaluate them. In these experiments, for various types of traffic analysis applications, HashFlow consistently demonstrates a clearly better performance against its state-of-the-art competitors. For example, using a small memory of 1 MB, HashFlow can accurately record around 55K flows, which is often 12.5% higher than the others. For estimating the sizes of 50K flows, HashFlow achieves a relative error of around 11.6%, while the estimation error of the best competitor is 42.9% higher. It detects 96.1% of the heavy hitters out of 250K flows with a size estimation error of 5.6%, which is 11.3% and 73.7% better than the best competitor respectively. At last, we show these merits of HashFlow come with almost no degradation of throughput.

Networking and Internet Architecture

Lei Li,Sibo Wang,Xiaofang Zhou

DOI: https://doi.org/10.1109/tkde.2020.2981062

IF: 9.235

2020-01-01

IEEE Transactions on Knowledge and Data Engineering

Abstract:Finding the fastest path in the time-dependent road network is time consuming because its problem complexity is Omega(T(vertical bar V vertical bar log vertical bar V vertical bar + vertical bar E vertical bar)), where T is the size of the result's time-dependent function, vertical bar V vertical bar and vertical bar E vertical bar are the number of vertices and edges. There are three kinds of fastest path problems: SSFP (Single-Staring Time Fastest Path) that has a fixed departure time, ISFP (Interval-Staring Time Fastest Path) that selects the best departure time from an interval, and FPP (Fastest Path Profile) that returns the travel time of the entire time domain. In this paper, we aim to answer these three queries in time-dependent road network faster by extending the 2-hop labeling approach, which is fast in answering shortest distance query in the static graph. However, it is hard to construct index for SSFP and ISFP because there are vertical bar T vertical bar and vertical bar T vertical bar(2) possible time points and intervals, where T is the time domain. Therefore, we first propose the time-dependent hop-labeling for FPP, then provide the specific optimizations for SSFP and ISFP query answering. Moreover, it is both time and space consuming to build an index in a large time-dependent graph, so we partition road network into smaller sub-graphs and build indexes within and between the partitions. Furthermore, we propose an online approximation technique AT-Dijkstra and a bottom-up compression method to further reduce the label size, save construction time and speedup query answering. Experiments on real world road network show that our approach outperforms the state-of-art fastest path index approaches and can speed up the query answering by hundreds of times.

Daojing Guo,I-Hong Hou

DOI: https://doi.org/10.48550/arXiv.1901.10599

2019-01-30

Abstract:This paper considers a wireless network where multiple flows are delivering status updates about their respective information sources. An end user aims to make accurate real-time estimations about the status of each information source using its received packets. As the accuracy of estimation is most impacted by events in the recent past, we propose to measure the credibility of an information flow by the number of timely deliveries in a window of the recent past, and say that a flow suffers from a loss-of-credibility (LoC) if this number is insufficient for the end user to make an accurate estimation. We then study the problem of minimizing the system-wide LoC in wireless networks where each flow has different requirement and link quality. We show that the problem of minimizing the system-wide LoC requires the control of temporal variance of timely deliveries for each flow. This feature makes our problem significantly different from other optimization problems that only involves the average of control variables. Surprisingly, we show that there exists a simple online scheduling algorithm that is near-optimal. Simulation results show that our proposed algorithm is significantly better than other state-of-the-art policies.

Networking and Internet Architecture

Xiong Bing,Chen Xiaosu,Chen Ning

DOI: https://doi.org/10.1109/ieec.2009.27

2009-01-01

Abstract:There is a growing interest in designing high-speed network devices to process packet at flow level above the network layer. A basic operation inherent to such systems is the task of maintaining per-flow state in order to correctly perform their higher-level processing. In this paper, we present an efficient TCP flow state management algorithm in high-speed network. First we devise all flow states and their transformation in conformity to TCP state machine. Based on the flow state transformation, we design the flow state management applying recently accessed first principle and budding connection buffer mechanism. According to the design scheme, the implementation is illustrated in a formal way. Experimental results illustrate that our flow state management algorithm performs better than the traditional one especially under DoS attacks.

Zhiqing Xiao,Yunzhou Li,Jing Wang

DOI: https://doi.org/10.1109/tst.2015.7085631

2015-01-01

Abstract:The diversity provided by disjoint paths can increase the survivability of communication networks. This paper considers the allocation of network error correction flow on a network that consists of disjoint paths from the source node to the destination node. Specifically, we propose an algorithm of allocating the path-flows to support the given rate with minimum cost. Our analysis shows that the asymptotic time complexity of this algorithm is linearithmic, and this algorithm is optimal in general.

Jiawei Huang,Wenlu Zhang,Yijun Li,Lin Li,Zhaoyi Li,Jin Ye,Jianxin Wang

DOI: https://doi.org/10.1109/tnet.2022.3199506

2022-01-01

IEEE/ACM Transactions on Networking

Abstract:Identifying heavy flows is essential for network management. However, it is challenging to detect heavy flow quickly and accurately under the highly dynamic traffic and rapid growth of network capacity. Existing heavy flow detection schemes can make a trade-off in efficiency, accuracy and speed. However, these schemes still require memory large enough to obtain acceptable performance. To address this issue, we propose ChainSketch, which has the advantages of good memory efficiency, high accuracy and fast detection. Specifically, ChainSketch uses the selective replacement strategy to mitigate the over-estimation issue. Meanwhile, ChainSketch utilizes the hash chain and compact structure to improve memory efficiency. We implement the ChainSketch on OVS platform, P4-based testbed and large-scale simulations to process heavy hitter and heavy changer detection. The results of trace-driven tests show that, ChainSketch greatly improves the F1-score by up to $3.43\times $ compared with the state-of-the-art solutions especially for small memory.