Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking

  • View
    213

  • Download
    1

Embed Size (px)

Transcript

Understanding, Accommodating, and Leveraging Radical Changes in Mobility of Users, Devices, and Software

Jennifer RexfordPrinceton UniversityMW 11:00am-12:20pmMeasurementCOS 597E: Software Defined NetworkingMeasurement vs. Metrics2active measurementspacket and flowmeasurements,link loadtopology, configuration,routing, linkpropertiesend-to-endperformancestatetrafficaverage downloadtime of a web pagelink biterror ratelink utilizationend-to-end delayand lossactive topologytraffic matrixdemand matrixactive routesTCP bulk throughputReducing Measurement OverheadFiltering, Aggregation, and Sampling3Reducing Measurement OverheadMeasurement overheadIn some areas, you could measure everythingInformation processing not the bottleneckNetworking: thinning is crucial!Reducing measurement traffic:FilteringAggregationSampling...and combinations thereof4FilteringMeasure selectivelyOnly record statistics for a subset of trafficExamplesMatching a destination prefixFor a certain service classViolating an access control listTCP SYN or RST packets (attacks, abandoned http download)

5AggregationCoarse-grained statisticsCombine related traffic togetherExample: srcip and dstip6srcdest# pkts# bytesa.b.c.dm.n.o.p37485498e.f.g.hq.r.s.t7280i.j.k.lu.v.w.x483465............SamplingSelect a random subset of trafficRepresentative of all trafficExamplesRandomRound-robinHash-based7XXXXX16 packets: estimate blue and redComparison8SamplingFilteringAggregationGeneralityLocalProcessingLocal memoryCompressionPrecisionexactexactapproximateconstraineda-prioriconstraineda-priorigeneralfilter criterionfor every objecttable updatefor every objectonly samplingdecisionnoneone bin pervalue of interestnonedependson datadependson datacontrolledTraffic Monitoring TechniquesLinks, Flows, and Packets9Traffic Monitoring TechniquesLink monitoringGroup all packets on the same linkAverage load, loss, corruption, Flow monitoringGroup similar packets into flowsSame header fields and close in timePacket monitoringCapture first n bytes of a packet

10IP FlowsSet of packets that belong togetherSource/destination IP addresses and port numbersSame protocol, ToS bits, Same input/output interfaces at a router (if known)Packets that are close together in timeMax spacing between packets (e.g., 15 sec, 30 sec)Example: flows 2 and 4 are different flows due to time11flow 1flow 2flow 3flow 4Netflow: Traffic DataPacket header informationSrc/dst IP, src/dst port numbers, ToS bits, Summary statisticsStart and finish timesNumber of bytes and packetsTCP flags (logical OR over all packets)

12startfinish4 packets1436 bytesSYN, ACK, & FINSYNACKACKFINNetflow: Routing InformationRouting informationInput and output portsSource and destination prefixSource and destination Autonomous System

13SwitchingFabricProcessorLine cardLine cardLine cardLine cardLine cardLine cardBGP tableforwarding tableNetflow: Measuring in Passing14inputoutputsource ASsource prefixsourcedest ASdest prefixdestintermediate ASSource and destination: IP headerSource and dest prefix: forwarding table or BGP tableSource and destination AS: BGP tableNetflow: ImplementationMaintain a cache of active flowsStorage of byte/packet counts, timestamps, etc.Compute a key per incoming packetConcatenation of source, destination, port #s, etc.Index into the flow cache based on the keyCreation or updating of an entry in the flow cache15#bytes, #packets, start, finish#bytes, #packets, start, finishpacketkeyheaderkeykeyNetflow: ImplementationFlow timeoutRemove flows that have not received a packet recently Periodic sequencing through the cache to time out flowsCache replacementRemove flow(s) when the flow cache is fullEvict existing flow(s) upon creating a new cache entryApply eviction policy (LRU, random flow, etc.)Long-lived flowsRemove flow(s) that persist for a long time (e.g., 30 min) otherwise flow statistics dont become available and the byte and packet counters might overflow

16Sampled NetflowPacket samplingPerform operations on 1/m packetsReducing overheadAvoid per-packet overhead on (m-1)/m packetsAvoid creating records for the many small flowsMay split some long flows

17timenot sampledtwo flowstimeoutNetflow vs. sFlowNetflowAggregates (sampled) IP packets into flows(Data-plane overhead of storing flow state)Originally only on Cisco routerssFlowExports packet samples directlyMeasures layer-two packets (ARP, DHCP)Polls on-switch counters

18http://blog.sflow.com/2011/10/comparing-sflow-and-netflow-in-vswitch.htmlSketches19Streaming AlgorithmsProcessing data streamsInput items presented one at a timeEach item examined (say) only onceLimited resourcesProcessingMemoryApproximate answerBased on a summary or sketch of the dataProvable space-accuracy trade-off

20Bloom FilterSet-membership problemWas element x in the input stream?Solution (with false positives)Per-item: compute s hash functions, set bit to1Query: compute s hashes, check if all bits are 1

21h1(x)h2(x)hs(x)010001010000010xV0Vm-1h3(x)Count Min SketchCounting problemCount number of occurrences of item xSolutionPer-item: compute s hashes, increment countsQuery: compute s hashes, select the min value22h1(x)h2(x)2319153029xh3(x)22141827342210143130SDN MeasurementOpenFlow 1.0Rules with byte and packet countersSending packets to a collector or controllerExisting measurement techniquesE.g., sFlow support

What measurement support do we want?23