Network-Wide Routing Oblivious Heavy Hitters

Slides:

Advertisements

Similar presentations

WHITE – Achieving Fair Bandwidth Allocation with Priority Dropping Based on Round Trip Time Name : Choong-Soo Lee Advisors : Mark Claypool, Robert Kinicki.

Advertisements

Mining Data Streams.

By Arjuna Sathiaseelan Tomasz Radzik Department of Computer Science King’s College London EPDN: Explicit Packet Drop Notification and its uses.

Flowspace revisited OpenFlow Basics Flow Table Entries Switch Port MAC src MAC dst Eth type VLAN ID IP Src IP Dst IP Prot L4 sport L4 dport Rule Action.

Streaming Algorithms for Robust, Real- Time Detection of DDoS Attacks S. Ganguly, M. Garofalakis, R. Rastogi, K. Sabnani Krishan Sabnani Bell Labs Research.

PROTOCOLS AND ARCHITECTURE Lesson 2 NETS2150/2850.

Comparing flow-oblivious and flow-aware adaptive routing Sara Oueslati and Jim Roberts France Telecom R&D CISS 2006 Princeton March 2006.

Reverse Hashing for High-speed Network Monitoring: Algorithms, Evaluation, and Applications Robert Schweller 1, Zhichun Li 1, Yan Chen 1, Yan Gao 1, Ashish.

Estimating Set Expression Cardinalities over Data Streams Sumit Ganguly Minos Garofalakis Rajeev Rastogi Internet Management Research Department Bell Labs,

CS591A1 Fall Sketch based Summarization of Data Streams Manish R. Sharma and Weichao Ma.

Measurement and Monitoring Nick Feamster Georgia Tech.

1 An Information Theoretic Approach to Network Trace Compression Y. Liu, D. Towsley, J. Weng and D. Goeckel.

Error Checking continued. Network Layers in Action Each layer in the OSI Model will add header information that pertains to that specific protocol. On.

Internet Traffic Management Prafull Suryawanshi Roll No - 04IT6008.

Data Mining for Intrusion Detection: A Critical Review Klaus Julisch From: Applications of data Mining in Computer Security (Eds. D. Barabara and S. Jajodia)

Internet Traffic Management. Basic Concept of Traffic Need of Traffic Management Measuring Traffic Traffic Control and Management Quality and Pricing.

Bullet: High Bandwidth Data Dissemination Using an Overlay Mesh.

Information-Centric Networks07a-1 Week 7 / Paper 1 Internet Indirection Infrastructure –Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh.

Scalable and Efficient Data Streaming Algorithms for Detecting Common Content in Internet Traffic Minho Sung Networking & Telecommunications Group College.

CEDAR Counter-Estimation Decoupling for Approximate Rates Erez Tsidon (Technion, Israel) Joint work with Iddo Hanniel and Isaac Keslassy ( Technion ) 1.

CEDAR Counter-Estimation Decoupling for Approximate Rates Erez Tsidon Joint work with Iddo Hanniel and Isaac Keslassy Technion, Israel 1.

Vladimír Smotlacha CESNET Full Packet Monitoring Sensors: Hardware and Software Challenges.

TinyLFU: A Highly Efficient Cache Admission Policy

Making the Best of the Best-Effort Service (2) Advanced Multimedia University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot.

Queuing Networks Jean-Yves Le Boudec 1. Contents 1.The Class of Multi-Class Product Form Networks 2.The Elements of a Product-Form Network 3.The Product-Form.

EECB 473 DATA NETWORK ARCHITECTURE AND ELECTRONICS PREPARED BY JEHANA ERMY JAMALUDDIN Basic Packet Processing: Algorithms and Data Structures.

A Formal Analysis of Conservative Update Based Approximate Counting Gil Einziger and Roy Freidman Technion, Haifa.

1 LD-Sketch: A Distributed Sketching Design for Accurate and Scalable Anomaly Detection in Network Data Streams Qun Huang and Patrick P. C. Lee The Chinese.

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )

IEEE HPSR 2014 Scaling Multi-Core Network Processors Without the Reordering Bottleneck Alex Shpiner (Technion / Mellanox) Isaac Keslassy (Technion) Rami.

Jennifer Rexford Princeton University MW 11:00am-12:20pm Measurement COS 597E: Software Defined Networking.

A Protocol for Packet Network Intercommunication Wei Zhang

A Simulation-Based Study of Overlay Routing Performance CS 268 Course Project Andrey Ermolinskiy, Hovig Bayandorian, Daniel Chen.

Design Lines for a Long Term Competitive IDS Erwan Lemonnier KTH-IT / Defcom.

SCREAM: Sketch Resource Allocation for Software-defined Measurement Masoud Moshref, Minlan Yu, Ramesh Govindan, Amin Vahdat (CoNEXT’15)

Mining of Massive Datasets Ch4. Mining Data Streams.

11 CS716 Advanced Computer Networks By Dr. Amir Qayyum.

Continuous Monitoring of Distributed Data Streams over a Time-based Sliding Window MADALGO – Center for Massive Data Algorithmics, a Center of the Danish.

1 Building big router from lots of little routers Nick McKeown Assistant Professor of Electrical Engineering and Computer Science, Stanford University.

SketchVisor: Robust Network Measurement for Software Packet Processing

Mining Data Streams (Part 1)

Constant Time Updates in Hierarchical Heavy Hitters

Improved Algorithms for Network Topology Discovery

Counting How Many Elements Computing “Moments”

Optimal Elephant Flow Detection Presented by: Gil Einziger,

Network Core and QoS.

Qun Huang, Patrick P. C. Lee, Yungang Bao

TCP in Mobile Ad-hoc Networks

TCP in Wireless Ad-hoc Networks

Programmable Networks

Range-Efficient Computation of F0 over Massive Data Streams

Memento: Making Sliding Windows Efficient for Heavy Hitters

ECSE-4670: Computer Communication Networks (CCN)

Introduction to Stream Computing and Reservoir Sampling

Constant Time Updates in Hierarchical Heavy Hitters

By: Ran Ben Basat, Technion, Israel

Heavy Hitters in Streams and Sliding Windows

By: Ran Ben Basat, Technion, Israel

Ran Ben Basat, Xiaoqi Chen, Gil Einziger, Ori Rottenstreich

Catching the Microburst Culprits with Snappy

Congestion Control and Resource Allocation

Lu Tang , Qun Huang, Patrick P. C. Lee

Toward Self-Driving Networks

Error Checking continued

Toward Self-Driving Networks

Catching the Microburst Culprits with Snappy

Introduction to Packet Scheduling

Network Core and QoS.

2019/11/12 Efficient Measurement on Programmable Switches Using Probabilistic Recirculation Presenter：Hung-Yen Wang Authors：Ran Ben Basat, Xiaoqi Chen,

(Learned) Frequency Estimation Algorithms

Presentation transcript:

Network-Wide Routing Oblivious Heavy Hitters By: Ran Ben Basat, Technion (→ Harvard) Based on a joint work with Gil Einziger (Nokia Bell Labs), Shir Landau Feibish (Princeton), Jalil Moraney and Danny Raz (Technion) 4/19/2019

Computing network statistics. Monitoring a large number of flows. Motivation Computing network statistics. Load balancing, Fairness, Anomaly detection. Monitoring a large number of flows. Allowing network-wide analysis. 4/19/2019

Example Routing Oblivious: What is the overall number of sent packets? Which flows sent more than 1% of the packets? How many packets has sent? Routing Oblivious: Assume no routing knowledge Routing may arbitrarily change over time Distributed Implementation 4/19/2019

A possible solution Tag every packet when seen by the first switch (Afek et al., 2018) Use one of the unused bits in the packet header. Only the first switch counts the packet. Issues: Hard to untag packets before leaving the network. An attacker can avoid detection by tagging its packets. Bases on the assumption that the bit arrives cleared to the network. 4/19/2019

Single Measurement Point How many times has appeared? Consider a sample of size 𝑧=𝑂 𝜖 −2 log 𝛿 −1 . Define: 𝑓 𝑥 =#𝑥 𝑁 𝑧 e.g., 𝑁=50, 𝑧=10 𝑓 𝑓 =15 =0 1 5 3 7 8 4 2 Thm: Pr 𝑓 𝑥 − 𝑓 𝑥 >𝑁𝜖 ≤𝛿 4/19/2019

Sampling Implementation We do not know the number of packets in advance One could use reservoir sampling Hash-based sampling Assume that each packet has a distinct (e.g., TCP or IP) identifier 4/19/2019

Hash-based sampling Apply a hash function ℎ:𝐼𝐷×𝑆𝑁→ 0,1 e.g., 𝑧=3 ℎ=0.6 Store the 𝑧 packets with the highest hash value e.g., 𝑧=3 517 321 518 518 322 ℎ=0.6 ℎ=0.7 ℎ=0.2 ℎ=0.9 ℎ=0.8 4/19/2019

The highest hash values among the local maximas are global maximas Distributed Sampling The highest hash values among the local maximas are global maximas 517 321 518 518 322

Distributed Sampling Application By sampling 𝑂 𝜖 −2 log 𝛿 −1 packets (e.g., 240k for 𝜖=𝛿=1%) we can find the heavy hitters Large flows will be appear frequently in the sample. But how can we approximate flow sizes without knowing the number of packets?

Count Distinct Algorithms Given a stream of elements S= 𝑥 1 , 𝑥 2 ,… , how many distinct elements are in 𝑆? Admits a constant update time 1+𝜖 -approximate solution. Can be merged, given a summaries for 𝑆 1 and 𝑆 2 , we can compute a summary for 𝑆 1 ∪ 𝑆 2 . Each switch will maintain a summary for its local stream. The controller will merge all summaries.

Measuring Goodput and Throughput Depending on the application, we can measure: Throughput Use the IP ID field as a packet identifier TCP Goodput Use the TCP Sequence Number field as a packet identifier Retransmissions are not double-counted

Extensions Byte-size based measurements Identifying Frequent paths Estimate Retransmission Rates Allow deployment only at a subset of the switches

Any Questions 4/19/2019

Evaluation 4/19/2019

Any Questions 4/19/2019