• No results found

Flow Monitoring With Cisco Routers

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Flow Monitoring With Cisco Routers"

Copied!
26
0
0

Loading.... (view fulltext now)

Download now ( 26 Page )

Full text

(1)

CSAMP

: A System for

Network-Wide Flow Monitoring

Vyas Sekar,Michael K. Reiter, Walter Willinger, Hui Zhang,Ramana Rao Kompella, David G. Andersen

(2)

Flow measurements today

There was a router-centric view of current measurements

solutions in network, until now.

Routers are completely independent of each other , so

we have much more flow measurements that we need and inefficient use of router resources

So we pass from a router-centric approach to a

(3)

What is Csamp?

Csamp , a system for Network-Wide Flow Monitoring

Csamp is made because current flow monitoring solutions are inadequate for many network management applications

Csamp is a system for coordinated flow monitoring within an AS (Autonomous System)

The goal of cSamp is to assign sampling responsibilities to routers in a coordinated manner to optimize network-wide flow monitoring

(4)

Motivation Design

System Architecture

Discussion & Future Work Evaluation

(5)

Motivation

In past many people tried to design such network-wide flow monitoring systems, but they were not such efficient such Csamp

There are 5 criteria that a flow monitoring system should satisfy

provide high flow coverage

minimize redundant reports

satisfy network-wide flow monitoring objectives

work within router resource constraints

(6)

Design of Csamp

3 basic ideas

Flow sampling instead of packet sampling

Hash-based coordination

(7)

Random flow sampling preserves the fidelity of traffic estimation (single router)

Each router has a table of hash ranges indexed

using a key. By receiving a packet the router looks the hash range (key = hash of packet’s

header fields), computes the 5-tuple (srcIP, dstIP, srcport, dstport, protocol) of an IP flow, if the

hash falls in the range of the cell, this hash is used as index to a flow table, if the flow already exists it updates the entry else it creates a new one.

(8)

Random flow sampling preserves the fidelity of traffic estimation (single router)

On a single router, do random *flow* (not packet) sampling.

Each packet header is hashed

Hash range

{1,6}

Flow table

If flow already exists update else

create new entry

Computes 5-tuple If falls {7,9} {10, 12} . . Use as index We have an entry in flow table ok

(9)

Hash-based coordination

uses hash-based selection (using the same hash

function but having different hash ranges) to

eliminate duplicate measurements in the network. So different routers can monitor disjoint flows without

requiring explicit communication between routers (multiple routers, single path)

(10)

Hash-based coordination multiple routers Hash range Flow table Hash range Hash range Flow table Flow table

(11)

Network-wide optimization uses optimization framework to specify and satisfy network wide monitoring objectives while respecting router

resource constraints.

Note : Many paths = Origin - Destination (OD) pairs in network

Single path network

Multiple destination pairs in the network. Per

origin-destination pair, assign non-overlapping ranges to each router .Each router has a sampling manifest that specifies the hash range for each origin-destination pair that it might see. For each packet, see if it should be logged (based on hash and origin-destination), and log it.

The routers then generate flow reports which can be sent

(12)

{1,5} {7,9}

Hash range for each OD pair

Get OD-pair from packet Green or Yellow????

(13)

Csamp algorithm for router

Get OD-pair from packet (usually based on

packet information, src & dst IP addresses)

Compute hash (flow = packet 5-tuple)

Look up hash-range for OD-pair from sampling

manifest

(14)

To achieve flow monitoring goals specified in terms

of OD- pairs , cSamp optimization engine needs the traffic matrix and routing information.

Traffic matrices obtained by using estimation techniques that may have errors, so appropriate techniques are used in order to minimize the error.

(15)

Traffic matrix Routing information Optimization engine input Sampling manifests output dissemination

(16)

System Architecture

Mechanisms

Obtaining Origin Destination pairs in network for packets

the ingress routers mark each packet header with the OD-pair

identifier (given by optimization engine).

Responding to long-term (e.g. uses traffic during

previous week) & short-term traffic dynamics avoiding underfitting and overfitting

the optimization engine must be able to predict the traffic matrix to

(17)

Manage memory resources on routers

We store only flow counters in StaticRam(SRAM) instead of storing

the whole flow record (the IP 5-tuple, the OD-pair identifier, and counters).

Computing the optimal solution

In order to respond in near-real time to network dynamics, use new

more efficient algorithms.

Handling routing changes

Precompute sampling manifests for different scenarios in a given

measurement cycle, so if there is a change an appropriate sampling manifest corresponding to this scenario is already available.

(18)

Evaluation

(19)
(20)
(21)
(22)

Coverage VS optimal solution

Estimated traffic with our engine Vs

(23)

Discussion & Future Work

OD-pair identifiers

Modifications to packet header

Upgrades to border routers to compute the engress router for each

packet

Router memory exhaustion

A router’s flow memory might be exhausted due to traffic dynamics

Find better choice of eviction of flow records

Changes cause loss of flow coverage or duplicates Applications

Confirm that cSamp provides better fidelity to traditional traffic

(24)

Conclusion

Existing solutions focus on incrementally

improving single-router sampling algorithms,

instead of Csamp , a system that takes a network wide approach to flow monitoring.

(25)

So..

Much greater monitoring coverage

Better use of router resources

Satisfy better flow monitoring goals compared to

(26)

References

Download now ( PDF - 26 Page - 240.20 KB )

Related documents

Mechanical and durability properties of high performance 100 MPA rice husk ash concrete / Syamsul Bahri

Figure 4.82 show the relationship between the compressive strength to predicting splitting tensile strength of high performance concrete with generally having

Sands, the stillbirth and neonatal charity, is a well established and widely respected national charity that:

 Ensure all staff have a Contract of Employment on commencement of employment  Support managers to create & manage a probation plan for each new employee  Create

Dynamic latent variable modelling and fault detection of Tennessee Eastman challenge process

Particularly, dynamic PCA [6] and dynamic PLS (DPLS) [7] have been proposed for monitoring such processes. These techniques involve singular value decomposition of augmented time

Marketing communication in spanish retailer company Mercadona

Mercadona is present in the main social media and makes an efficient use of them, although Mercadona uses these tools from a more corporate than commercial

Techniques and Applications for Satellite SAR Altimetry over water, land and ice

From the cross-comparison versus the in situ data, the difference between SAMOSA+ and SAMOSA++ are very negligible in open ocean while SLA and SWH results from SAMOSA+ overcomes

On recent proposals to abolish polysemy and homonymy in lexicography

In this section it was shown that Bergenholtz and Gouws's (2017) criticism of the treatment of polysemy in existing model I dictionaries is hardly addressed by the model II

Weight Management Program on Self-Esteem in Adolescent Females Classified as Obese

Height and Weight for BMI calculation (after student DNP) Outcomes to be measured 1) Follow-up assessment of self-esteem following completion of the 18-week PHIT program

Reachability Analysis of Innermost Rewriting

Keywords and phrases term rewriting systems, strategy, innermost strategy, tree automata, functional program, static analysis.. Digital Object