Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford...
-
date post
19-Dec-2015 -
Category
Documents
-
view
218 -
download
1
Transcript of Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford...
![Page 1: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/1.jpg)
Measuring Large Traffic Aggregates on Commodity
Switches
Lavanya Jose, Minlan Yu, Jennifer RexfordPrinceton University, NJ
1
![Page 2: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/2.jpg)
Motivation
•Large traffic aggregates?
- manage traffic efficiently
- understand traffic structure
- detect unusual activity
2
![Page 3: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/3.jpg)
Aggregate at fixed prefix-length?
• Top 10 /24 prefixes (by how much traffic they send)
- could miss individual heavy users
• Top 10 IP addresses …
- could miss heavy subnets where each individual user is small
3
![Page 4: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/4.jpg)
19
12
11 1
7
5 2
21
12 9
9 3 5 4
00**
000*
0000 0001 0010 0011 0100 0101 0110 0111
01** 010*
011*
01**
400***
0
1***
40****• All the IP prefixes
• >= a fraction T of the link capacity
Aggregate at all prefix-lengths? (Heavy Hitters)
HH: sends more than T= 10% of link
cap. 100
4
![Page 5: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/5.jpg)
Hierarchical Heavy Hitters• All the IP prefixes
• >= a fraction T of the link capacity
• after excluding any HHH descendants.
19
12
11 1
7
5 2
21
12 9
9 3 5 4
00**
000*
0000 0001 0010 0011 0100 0101 0110 0111
01** 010*
011*
01**
400***
0
1***
40****
HH: sends more than T= 10% of link
cap. 100HHH:
5
![Page 6: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/6.jpg)
Related Work
•Offline analysis on raw packet trace [AutoFocus]
- accurate but slow and expensive
•Streaming algorithms on Custom Hardware [Cormode’08, Bandi’07, Zhang’04, Sketch-Based]
- accurate, fast but not commodityOur Work:
Commodity, fast and relatively accurate 6
![Page 7: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/7.jpg)
• Why commodity switches?
- cheap, easy to deploy
- let “network elements monitor themselves”
• Commodity OpenFlow switches
- available from multiple vendors (HP, NEC, and Quanta)
- deployed in campuses, backbone networks
- wildcard rules with counters to measure trafficPriority Prefix Rule Coun
t
1 0010 0*** ... 15
2 001* **** ... 5
HHH on Commodity- Using OpenFlow
7
![Page 8: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/8.jpg)
TCAM
Controller Software
FetchCounts
InstallRules
Constraints- <= N Prefix Rules
SRC I
P
0010 0100 increment
count
Priority Prefix Rule
Count
1 0010 0*** 15
2 001* **** 5
OpenFlow Measurement Framework
8
Switch
- Measuring Interval M- No pkts to Controller
![Page 9: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/9.jpg)
Monitoring HHHes
19
12
11 1
7
5 2
21
12 9
9 3 5 4
00**
000*
0000 0001 0010 0011 0100 0101 0110 0111
01** 010*
011*
01**
400***
0
1***
40****Priority Prefix
Rule Count1 0000 112 010* 123 0*** 17
HHH: after excluding any descendant prefix rules
TCAM: priority matching
9
![Page 10: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/10.jpg)
Detecting New HHHes
• Monitor children of HHHes
• Use at most 2/T rules
19
12
11 1
7
5 2
21
12 9
9 3 5 4
00**
000*
0000 0001 0010 0011 0100 0101 0110 0111
01** 010*
011*
01**
400***
0
1***
40****
910 3 210
![Page 11: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/11.jpg)
• Iteratively adjust wildcard rules:- Expand
• If count > T, install rule for child instead.
- Collapse• If count < T, remove rule.
0***
****
00**
000*
001*
01**
010*
011*
1***
10** 11**
100*
101*
110*
111*
Priority
Prefix Rule
Count
1 0*** 80
2 **** 0
Priority
Prefix Rule
Count
1 001* 72
2 000* 5
3 **** 3
Priority
Prefix Rule
Count
1 00** 77
2 01** 3
3 **** 0
Identifying New HHHes
11
![Page 12: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/12.jpg)
Using Leftover Rules
• Why left over rules?- May not be 1/T HHHes.- May still be discovering new HHHes
• How to use leftover rules?- To monitor HHHes close to threshold- Data shows 2-3 new HHHes/ interval (a few secs)
19
1
7
5 2
21
12 8
9 3 5 3
00**
000*
0000 0001 0010 0011 0100 0101 0110 0111
01** 010*
011*
01**
400***
0
1***
40****
11
12
11 9
12 10
12
![Page 13: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/13.jpg)
• Real packet trace (400K pkts/ sec) from CAIDA- Measured HHHes for T=5% and T=10%- Measuring interval M from 1-60s
Evaluation- Method
13
![Page 14: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/14.jpg)
Evaluation- Results
• 20 rules to identify 88-94% of the 10%- HHHes
• Accurate
- Gets ~9 out of 10 HHHes
- Uses left over TCAM space to quickly find HHHes
- Large traffic aggregates usually stable
• Fast
- Takes a few intervals for 1-2 new HHHes
- Meanwhile aggregates at coarse levels
12
11 1
000*0000
0001
14
![Page 15: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/15.jpg)
Stepping back… not just for HHHes
• Framework
- Adjusting <= N wildcard rules
- Every measuring interval M
- Only match and increment per packet
• Can solve problems that require
- Understanding a baseline of normal traffic
- Quickly pinpointing large traffic aggregates
15
![Page 16: Measuring Large Traffic Aggregates on Commodity Switches Lavanya Jose, Minlan Yu, Jennifer Rexford Princeton University, NJ 1.](https://reader035.fdocuments.us/reader035/viewer/2022062516/56649d2f5503460f94a06a66/html5/thumbnails/16.jpg)
Conclusion• Solving HHH problem with OpenFlow
- Relatively accurate, Fast, Low overhead
- Algorithm with expanding /collapsing
• Future work
- multidimensional HHH
- Generic framework for measurement
• Explore algorithms for DoS, large traffic changes etc.
• Understand overhead
• Combine results from different switches 16