Coordinated Packet-Level Traffic Monitoring in Software-Defined Networks
Date
2023-01-19
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
As the scale and speed of networks grow, packet-level monitoring has become an indispensable tool for extensive network-wide visibility. Traditional tools for capturing packet-level traces have either become unfit or do not meet the requirements of modern networks. This thesis presents the design and evaluation of software-defined packet-level monitoring solutions that address the monitoring requirements of modern high-speed networks. In particular, we present the design and evaluation of SoftTap, a scalable alternative to hardware taps, which provides pervasive flow visibility utilizing the traffic mirroring capabilities of commodity OpenFlow switches. To decide on the mirroring configurations, we design polynomial time approximation algorithms with bounded approximation ratios. Our Mininet experiments show that an intrusion detection system implemented on top of SoftTap achieves up to 25% higher detection recall compared to existing mirroring solutions. To reduce the monitoring overhead, networks adopt traffic sampling solutions. Existing sampling solutions, however, either provide limited flow visibility or scale poorly in large networks. We present the design and evaluation of FlowShark, a high-visibility per-flow sampling system for software-defined networks. The main idea in FlowShark is to manage sampling decisions on short flows using edge switches, whereas a central controller optimizes sampling decisions on long flows. To manage long flow sampling decisions, we design an online algorithm with a bounded competitive ratio. Our Mininet experiments with a machine learning-based traffic classifier show up to 27% higher classification recall with FlowShark compared to existing sampling solutions. Deploying network-wide packet-level monitoring solutions in multi-tenant virtual networks (VNs) remains challenging. Existing solutions, in which each VN configures mirroring or sampling independently of other VNs, lead to inefficiencies. We present the design and evaluation of Open Virtual Tap and SampVisor, network-wide virtualization-aware flow mirroring and sampling monitoring solutions, respectively. The key idea behind both systems is the joint configuration of all switches in the substrate physical network to efficiently mirror/sample flows from all VNs. We formulate virtualization-aware flow mirroring and sampling as optimization problems and design efficient algorithms with bounded worst-case performance to solve the problems.
Description
Keywords
Computer Networks-Software-Defined Networks-Traffic Monitoring
Citation
Sadrhaghighi, S. (2023). Coordinated packet-level traffic monitoring in software-defined networks (Doctoral thesis, University of Calgary, Calgary, Canada). Retrieved from https://prism.ucalgary.ca.