06-02-2013, 03:52 PM
MeasuRouting: A Framework for Routing Assisted Traffic Monitoring
1MeasuRouting.pdf (Size: 401.73 KB / Downloads: 55)
Abstract
Monitoring transit traffic at one or more points in a
network is of interest to network operators for reasons of traffic
accounting, debugging or troubleshooting, forensics, and traffic
engineering. Previous research in the area has focused on deriving
a placement of monitors across the network towards the end of
maximizing the monitoring utility of the network operator for
a given traffic routing. However, both traffic characteristics and
measurement objectives can dynamically change over time, rendering
a previously optimal placement of monitors suboptimal. It
is not feasible to dynamically redeploy/reconfigure measurement
infrastructure to cater to such evolving measurement requirements.
We address this problem by strategically routing traffic
sub-populations over fixed monitors. We refer to this approach
as MeasuRouting.
The main challenge for MeasuRouting is to work within the
constraints of existing intra-domain traffic engineering operations
that are geared for efficiently utilizing bandwidth resources,
or meeting Quality of Service (QoS) constraints, or both. A
fundamental feature of intra-domain routing, that makes MeasuRouting
feasible, is that intra-domain routing is often specified
for aggregate flows. MeasuRouting, can therefore, differentially
route components of an aggregate flow while ensuring that the
aggregate placement is compliant to original traffic engineering
objectives.
INTRODUCTION
Several past research efforts have focused on the optimal deployment
of monitoring infrastructure in operational networks
for accurate and efficient measurement of network traffic. Such
deployment involves both monitoring infrastructure placement
as well as configuration decisions. An example of the former
includes choosing the interfaces at which to install DAG cards,
and the latter includes tuning the sampling rate and sampling
scheme of the DAG cards.
The optimal placement and configuration of monitoring
infrastructure for a specific measurement objective typically
assumes a priori knowledge about the traffic characteristics.
Furthermore, these are typically performed at longer time
scales to allow provisioning of required physical resources.
However, traffic characteristics and measurement objectives
may evolve dynamically, potentially rendering a previously
determined solution suboptimal.
MEASUROUTING OVERVIEW
As mentioned in the previous section, MeasuRouting must
be cognizant of any implications that rerouting traffic has on
Traffic Engineering (TE) policy. They are three fundamental
ways in which MeasuRouting enhances traffic monitoring
utility without violating TE policy:
• TE policy is usually defined for aggregated flows. On the
other hand, traffic measurement usually deals with a finer
level of granularity. For instance, we often define a flow
based upon the five tuple srcip, dstip, srcpt, dstpt, proto
for measurement purposes. Common intra-domain protocols
(IGPs) like OSPF [4] and IS-IS [5] use link weights to specify
the placement of traffic for each Origin-Destination (OD) pair
(possibly consisting of millions of flows). The TE policy is
oblivious of how constituent flows of an OD pair are routed
as long as the aggregate placement is preserved. It is possible
to specify traffic sub-populations that are distinguishable
from a measurement perspective but are indistinguishable
from a TE perspective. MeasuRouting can, therefore, route
our fine-grained measurement traffic sub-populations without
disrupting the aggregate routing.
Comparing MeasuRouting Problems
All the three MeasuRouting problems (LTD, NRL, RSR)
represent different degrees of restrictions. LTD is the most
flexible but may result in routing loops or traffic between
an OD pair traversing links it does not traverse in the original
routing. NRL disallows loops but may result in routing
semantics being violated. RSR ensures loop-free routing as
well as adherence to routing semantics. Consequently, we
expect the best measurement gains for LTD, NRL, and RSR
in that order. Our formulation makes a simplifying assumption
about the micro-flowset routing. We assume that traffic can be
distributed in any proportion across the set of permissible links
for the macro-flowset as long as TE metric is not violated. This
may or may not be possible depending upon the underlying
forwarding mechanism. If not, then this would impose further
restrictions on the micro-flowset routing. The focus of this
paper is to study the potential gains of MeasuRouting. LTD,
NRL, and RSR can be construed to represent the best case
performance.
RELATED WORK
Earlier work in the area of traffic monitoring has focused
on 1) inferring characteristics of original traffic from sampled
traffic, 2) investigating and improving the effect of oblivious
sampling on monitoring certain traffic sub-populations, and 3)
placing monitor agents at certain strategic network locations.
We summarize existing work in these three areas.
Claffy et al. [16] compared various sampling approaches
at both packet-based and time-based granularities [16]. Several
other research efforts aim to improve estimation of
“heavy-hitter” traffic volume, flow-size distributions, traffic
matrices, or flow durations [17–19] [20–24]. Recent work
has demonstrated that conventional sampling techniques can
obscure statistics needed to detect traffic anomalies [25] or
execute certain anomaly detection algorithms [26]. All these
previous works highlight the importance of being able to
focus on specific traffic sub-populations. [27] proposes ways
to focus monitoring budget on a specific traffic subpopulation
by defining individual bins based on one or more tuples and
allocating sampling budget to each bin. The traffic belonging
to individual bins are identified using a counting bloom filter.
There exists other proposals [28, 29] that also define the traffic
subpopulation in a flexible manner.