OriginDestination Identifiers Algorithms and Analysis Vyas Sekar Anupam Gupta Michael K Reiter Hui Zhang Carnegie Mellon University Univ of North Carolina ChapelHill 1 Flow Monitoring is critical ID: 337618
Download Presentation The PPT/PDF document "Coordinated Sampling sans" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
Coordinated Sampling sans Origin-Destination Identifiers: Algorithms and Analysis
Vyas Sekar, Anupam Gupta, Michael K. Reiter, Hui ZhangCarnegie Mellon UniversityUniv. of North Carolina Chapel-Hill
1Slide2
Flow Monitoring is critical for effective Network Management2
Traffic EngineeringAnalyze new user appsAnomalyDetection
Network
Forensics
Worm
Detection
Accounting
Botnet
analysis
…….
Need high-fidelity measurements
Respect resource constraints
High flow coverage
Provide network-wide goalsSlide3
How do we meet the requirements?
Respect resource constraintsHigh flow coverageProvide network-wide goals3
Flow Sampling
Network-Wide
Coordination &
Optimization
cSamp
[NSDI’08]Slide4
Network-wide coordination4
Assign non-overlapping ranges
per
OD-pair or
path
All routers configured with same
hash function
/key
[1,5]
[1,3]
[3,7]
[1,2]
[7,9]
[5,8]
Sampling ManifestSlide5
Generating Sampling Manifests5
Network-wide Optimization(@ NOC)OD-pair infoTraffic, Path(routers)Router constraints
e.g., SRAM for flowrecords
Sampling manifests
{<OD-
Pair,Hash
-range>}
per router
Objective:
Max
i
ε
ODPairs
Coverage
i Traffici
Subject to achieving maximum Mini ε ODPairs
{
Coverage
i
}
Linear
Program
Inputs
OutputSlide6
cSamp algorithm on each router6
[5,10][1,4]
Sampling
Manifest
1. Get OD-Pair from packet
3. Look up hash-range for OD-pair from sampling manifest
2. Compute hash (flow = packet 5-tuple)
4.Log if hash falls in range for this OD-pair
Red vs. Green?
Flow memory
2
2
1
OD RangeSlide7
7Why is this challenging?
OD-pair identification might be ambiguous Multi-exit peers (and prefix aggregation)(Even with MPLS)How does cSamp overcome this?
Ingresses compute and add this to packet headers
Need
to modify packet headers/add shim header
Extra computation on ingresses
May require
overhauling
routing infrastructure
1. Get OD-Pair from packetSlide8
8Can we realize the benefits of cSamp without OD-pair identification?
Use local information to make sampling decisions “Stitch” coverage across routers on a pathSlide9
OutlineBackground and Motivation
Problem FormulationAlgorithms and HeuristicsEvaluation9Slide10
R
R3
R2
R1
What
local
info can I get from packet and routing table?
{Previous Hop, My Id, NextHop}
SamplingSpec
Granularity at which sampling decisions are made
How much to sample for this SamplingSpec?
SamplingAtom
Discrete hash-ranges, select some to log
10Slide11
=
=
“Stitching” together coverage
union
union
R1
R2
R4
R3
R5
R6
R7
11Slide12
Problem Formulation12
Coverage for path PiLoad on router Rj
Maximize: Total flow coverage:
i
T
i
C
i
Minimum fractional coverage: min
i {Ci
} Subject To: j, Load
j Lj
SamplingAtom
SamplingSpecSlide13
OutlineBackground and Motivation
Problem FormulationAlgorithms and HeuristicsEvaluation13Slide14
Maximize: Total flow coverage: i TiCi
Min. frac coverage: mini {Ci } Subject To: j, Loadj Lj NP-hard!
Total flow coverage:
Submodular maximization with partition-knapsack
Efficient greedy algorithm is near-optimal
Min. fractional flow coverage:
Need “resource augmentation”
Intelligent resource augmentation
Incrementally add OD-pair identifiers
14
Min: Hard to approximate!Slide15
Leveraging submodularity for ftot15
A function F: 2V is submodular if A A' V, and
s
Slide16
What about fmin?
16fmin = mini {Ci } is not submodular Hard to approximate without violating constraints!But, can get near-optimal, if we violate by a fixed factor
Main idea: Define
f
’ =
i
C’
i
where C’
i = min {Ci
, T}Note that f’ = N * T,
iff each Ci
TRun binary search over T to find best solution(Each iteration runs greedy with no resource constraints)
Heuristic improvements:
Intelligent resource augmentationUpgrade a few ingresses to add OD-pairsSlide17
OutlineMotivation
Problem FormulationAlgorithms and HeuristicsEvaluation17Slide18
Total flow coverage18
cSamp-T (tuple+) gives near-ideal total flow coverage vs. cSampSlide19
Minimum fractional coverage(with intelligent resource augmentation)19
Can get 75% of optimal performance with 1.5X total increase and a 5X max-per-router increaseSlide20
SummarycSamp for efficient flow monitoring
Network-wide coordination and optimizationBut needs OD-pair identificationHow to implement cSamp without OD-pair ids?Leverage submodularity for total coverage
Targeted upgrades for minimum fractional coverage
cSamp
-T makes
cSamp’s
benefits more immediately available
20