標籤:let mode mem obs opera app process book statistic
概要
- 在sdn下,控制平面基於網路測量的的資料控制網路,而細粒度的管理得益於細粒度的測量資料。針對sdn環境下的細粒度測量(識別具體應用程式),可以實現對細粒度的流量管控。
- 設計了識別系統SBAR,對資料流進行測量,識別出具體應用程式並得到它們的網路資料。針對流分類,SBAR以應用程式協議為參照,使用了機器學習的演算法。 針對web和加密流量,使用深度包檢測檢測包的負載以識別應用程式。同時SBAR利用了OpenFlow提供的測量資料識別應用,交換器利用南向介面向控制器傳輸資料。最後使用GUI對得到的資料進行整合處理得到全網測量資料。經過驗證,SBAR檢測的準確率可以達到90%以上(由於使用DPI和ML可能有較大的資源開銷和時延)。
Background
- In the Software-Defined Networking (SDN) paradigm, it is essential to perform comprehensive traffic monitoring in order to provide the control plane with an accurate view of the network state.
- This enables to perform such an effective fine-grained network management
with different purposes (e.g., traffic engineering, security).
Related Work
- NetFlow/IPFIX:There are a plenty of tools based on Netflow that harness the flow-level measurement.
- Flows are often labeled (e.g., by protocol)
using port-based classification techniques which is gradually obsoleted beacause it is quite common to find very diverse applications operating over
the same application protocols(無法從連接埠號碼分辨出具體的應用程式)
- QoE:the QoE perceived by end-users significantly depends on the type of application and the QoS level provided by the network (e.g., bandwidth, delay).(QoE感知取決於應用程式類型以及QoS層級)
- Deep Packet Inspection (DPI)
typically achieves very accurate traffic classification by inspecting the packet payloads. However, applying DPI over all the packets traversing a network is often too resource consuming (根據負載分類,資源開銷過大)
- Machine Learning (ML) classifiers were proposed with the aim of alleviating the
processing burden.Use **features* up to the transport layer to classify the traffic, useless when applied to distinguish among different applications generating traffic over the same protocol(根據特徵分類,無法從相同協議分辨出不同程式)
Solution
- We present SBAR, a monitoring system compliant with OpenFlow that provides flow-level measurement
- Classify the traffic at two different levels:In the Software-Defined Networking (SDN) paradigm, it is essential to perform comprehensive traffic monitoring in order to provide the control plane with an accurate view of the network state. This
enables to perform such an effective fine-grained network management with different purposes (e.g., traffic engineering, security).
- (i) every monitored flow is classified by application protocol,
(ii) for web and encrypted traffic, we apply specific DPI techniques to identify the applications (連接埠號碼相同要通過負載分辨出具體的應用程式)
generating each flow
Reduce the processing overhead in the controller(s) and the memory consumption in switches to maintain the measurements
ImplementOpenflow
- Leverage the particularities of OpenFlow networks to efficiently implement a combination of techniques based on ML and DPI to accurately classify the traffic in the controller.
- Leverage the support of OpenFlow to maintain the flow measurements (# of
packets and bytes, and duration) in the flow tables of the switches
- OpenFlow provides an interface that permits to report the measurements to the controller(s) when some predefined timeouts (idle and hard) expire
- Make use of ultiple tables of OpenFlow
to decouple the operation of this module from other modules executing
different network tasks (e.g., forwarding) in the controller.
Others
- Flow sampling using only native features of OpenFlow, which enables to address
common scalability issues in OpenFlow-based networks.
- Per-flow classification by application protocols (e.g., SMTP, SSH) using a ML model
- For web and encrypted flows, it applies specific DPI techniques [1, 2] to identify the applications (e.g., Netflix, Facebook) generating traffic.
- 通過給控制器指定規則,只提取前幾個HTTP等協議的包頭資訊,然後根據某種演算法推斷出對應的應用程式,節省了開銷
- GUI用於處理SBAR得到的flow-level reports infer high-level traffic
statistics
Advantages
the classification accuracy acheives 90% or higher.
Disadvantages
Because of the DPI and ML, the resource overhead and latency probably are high(I guess)
Reading SBAR SDN flow-Based monitoring and Application Recognition