Abstract

Network operators have recently been developing multi-Gbps traffic monitoring tools that execute on commodity hardware and are part of the packet-processing pipelines realizing software dataplanes. These solutions allow sophisticated tasks to be performed on a per-packet basis, without relying on sampling or passive trace analysis, by leveraging the processing power available on servers. Although advances in packet capture have enabled intercepting packets from network cards at high rates, bottlenecks can still arise in the monitoring process as a result of concurrent access to shared processor resources, variations of the traffic skew, and unbalanced packet-rate spikes. In this paper we present an adaptive traffic monitoring approach that copes with emerging bottlenecks by timely detecting changes in the operational conditions and reconfiguring monitoring-related operations for subsets of traffic flows. Our solution performs responsive adaptations at the time scale of milliseconds and does not require a significant amount of resources. To demonstrate the capabilities of our approach we implemented it as part of a generic packet-processing pipeline and show that lossless traffic monitoring can be achieved for a wide range of conditions.

Original document

The different versions of the original document can be found in:

• http://hdl.handle.net/10044/1/64233

• http://spiral.imperial.ac.uk/bitstream/10044/1/64233/2/cnsm17-tangari.pdf

• http://xplorestaging.ieee.org/ielx7/8241507/8255966/08255988.pdf?arnumber=8255988,

http://dx.doi.org/10.23919/cnsm.2017.8255988

• https://discovery.ucl.ac.uk/id/eprint/10044319,

https://discovery.ucl.ac.uk/id/eprint/10044319/1/Tang-17-cnsm.pdf

• https://ieeexplore.ieee.org/document/8255988,

https://dblp.uni-trier.de/db/conf/cnsm/cnsm2017.html#TangariCTP17,

https://discovery.ucl.ac.uk/10044319,

http://discovery.ucl.ac.uk/10044319,

https://academic.microsoft.com/#/detail/2784083302