Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford

advertisement 
Measuring Large Traffic
Aggregates on Commodity Switches
Lavanya Jose, Minlan Yu, Jennifer Rexford
Princeton University, NJ
1
Motivation
• Large traffic aggregates?
- manage traffic efficiently
- understand traffic
structure
- detect unusual activity
2
Aggregate at fixed prefix-length?
•
•
Top 10 /24 prefixes (by how much traffic they send)
-
could miss individual heavy users
Top 10 IP addresses …
-
could miss heavy subnets where each individual user is
small
3
Aggregate at all prefix-lengths? (Heavy
Hitters)
•
•
All the IP prefixes
****
>= a fraction T of the link capacity
40
1***
0***
40
HH: sends more than
T= 10% of link cap.
100
0
00**
01**
19
000*
01**
12
0000
11
21
0001
1
010*
12
7
0010
0011
5
011*
0100
2
9
0101
9
3
0110
0111
5
4
4
•
•
•
Hierarchical Heavy Hitters
All the IP prefixes
****
>= a fraction T of the link capacity
40
after excluding any HHH descendants.
1***
0***
40
HH: sends more than
T= 10% of link cap.
100
HHH:
0
00**
01**
19
000*
01**
12
0000
11
21
0001
1
010*
12
7
0010
0011
5
011*
0100
2
9
0101
9
3
0110
0111
5
4
5
Related Work
• Offline analysis on raw packet trace [AutoFocus]
- accurate but slow and expensive
• Streaming algorithms on Custom Hardware
[Cormode’08, Bandi’07, Zhang’04, Sketch-Based]
- accurate, fast but not commodity
Our Work:
Commodity, fast and relatively
accurate
6
•
•
HHH on Commodity- Using OpenFlow
Why commodity switches?
-
cheap, easy to deploy
let “network elements monitor themselves”
Commodity OpenFlow switches
-
-
available from multiple vendors (HP, NEC, and
Quanta)
deployed in campuses, backbone networks
wildcard rules with counters to measure traffic
Priority Prefix Rule
Count
1
0010 0*** ...
15
2
001* **** ...
5
7
OpenFlow Measurement Framework
Install
Rules
Switch
Controller
Software
Fetch
Counts
-
TCAM
Priority
Prefix Rule
Count
1
0010 0***
15
2
001* ****
5
Constraints
<= N Prefix Rules
Measuring Interval M
No pkts to Controller
increment
count
8
Monitoring HHHes
****
Priority Prefix Rule Count
1
2
3
0000
010*
0***
11
12
17
40
1***
0***
40
00**
0
01**
HHH: after excluding
19
21
any descendant
000*
01**
010*
011*
prefix rules
12
9
12
7
TCAM: priority
0000
0001 0010 0011 0100
0101 0110
0111
matching
11
1
5
2
9
3
5
4
9
Detecting New HHHes
•
•
Monitor children of HHHes
****
40
Use at most 2/T rules
1***
0***
40
0
00**
01**
19
000*
01**
12
0000
11
21
0001
1
010*
12
7
0010
0011
5
011*
0100
2
910
9
9
0101
332
0110
0111
5
4
10
•
Identifying New HHHes
Iteratively adjust wildcard rules:
Expand
• If count > T, install rule for child instead.
-
Collapse
• If count < T, remove rule.
****
Priority Prefix Rule Count
1
2
0***
001*
00**
****
000*
01**
80
72
77
0
5
3
3
****
3
0
0***
00**
1***
01**
10**
11**
000* 001* 010* 011* 100* 101* 110*
111*
11
Using Leftover Rules
•
•
Why left over rules?
May not be 1/T HHHes.
May still be discovering new HHHes
****
-
40
1***
0***
How to use leftover rules?
To monitor HHHes close to threshold 40
Data shows 2-3 new
00**
HHHes/ interval (a few secs)
-
0
01**
19
000*
01**
12 12
10
0000
11
0001
11
9
21
1
010*
12
7
0010
0011
5
011*
0100
2
8
0101
9
3
0110
0111
5
3
12
Evaluation- Method
•
Real packet trace (400K pkts/ sec) from CAIDA
Measured HHHes for T=5% and T=10%
Measuring interval M from 1-60s
-
13
Evaluation- Results
•
•
20 rules to identify 88-94% of the 10%- HHHes
Accurate
-
•
Gets ~9 out of 10 HHHes
Uses left over TCAM space to quickly find HHHes
Large traffic aggregates usually stable
0000
Fast
-
000*
Takes a few intervals for 1-2 new HHHes
Meanwhile aggregates at coarse levels
12
0001
11
1
14
Stepping back… not just for HHHes
•
•
Framework
-
Adjusting <= N wildcard rules
Every measuring interval M
Only match and increment per packet
Can solve problems that require
-
Understanding a baseline of normal traffic
Quickly pinpointing large traffic aggregates
15
Conclusion
•
•
Solving HHH problem with OpenFlow
-
Relatively accurate, Fast, Low overhead
Algorithm with expanding /collapsing
Future work
-
multidimensional HHH
Generic framework for measurement
• Explore algorithms for DoS, large traffic changes etc.
• Understand overhead
• Combine results from different switches
16
Related documents
Main Y4 SemII Networ..
Main Y4 SemII Networ..
Parelopdracht 0102015-09-03 06:3318 KB
Parelopdracht 0102015-09-03 06:3318 KB
Review Notes : Chapter 1 - Electrical and Computer Engineering
Review Notes : Chapter 1 - Electrical and Computer Engineering
Course overview
Course overview
1 Steps for Solving Proportions Distributive Property Assignment
1 Steps for Solving Proportions Distributive Property Assignment
Mathematics 360 Homework (due Oct 16) A. Hulpke
Mathematics 360 Homework (due Oct 16) A. Hulpke
DES Encryption
DES Encryption
Binary Representation Binary Codes
Binary Representation Binary Codes
1
1
A 32- bit ALU Problem: ripple carry adder is slow Carry- look
A 32- bit ALU Problem: ripple carry adder is slow Carry- look
Download
advertisement