Trident: Efficient and Practical Software Network Monitoring

Xiaohe Hu; Yang Xiang; Yifan Li; Buyi Qiu; Kai Wang; Jun Li

doi:10.26599/TST.2020.9010018

AI Chat Paper

Note: Please note that the following content is generated by AMiner AI. SciOpen does not take any responsibility related to this content.

Chat more with AI

| Sign up

Browse by Subject

Search for peer-reviewed journals with full access.

Journals A - Z

About Us

Discover the SciOpen Platform and Achieve Your Research Goals with Ease.

About Us

Publish with Us

Support

Journals A - Z

About Us

Publish with Us

Support

PDF (8.1 MB)

Cite

EndNote(RIS) BibTeX

Collect

Submit Manuscript

AI Chat Paper

Show Outline

Outline

Show full outline

Hide outline

Outline

Show full outline

Hide outline

Open Access

Trident: Efficient and Practical Software Network Monitoring

Xiaohe Hu, Yang Xiang, Yifan Li, Buyi Qiu, Kai Wang, Jun Li(

)

Department of Automation, Tsinghua University, Beijing 100084, China.

Yunshan Networks, Beijing 100084, China.

Research Institute of Information Technology, Tsinghua University, Beijing 100084, China.

Show Author Information

Abstract

Network monitoring is receiving more attention than ever with the need for a self-driving network to tackle increasingly severe network management challenges. Advanced management applications rely on traffic data analyses, which require network monitoring to flexibly provide comprehensive traffic characteristics. Moreover, in virtualized environments, software network monitoring is constrained by available resources and requirements of cloud operators. In this paper, Trident, a policy-based network monitoring system at the host, is proposed. Trident is a novel monitoring approach, off-path configurable streaming, which offers remote analyzers a fine-grained holistic view of the network traffic. A novel fast path packet classification algorithm and a corresponding cached flow form are also proposed to improve monitoring efficiency. Evaluated in a practical deployment, Trident demonstrates negligible interference with forwarding and requires no additional software dependencies. Trident has been deployed in production networks of several Tier-IV datacenters.

Keywords

cloud networking software network monitoring network programmability network management

References

[1]

Juniper, Expel complexity with a self-driving network, https://www.juniper.net/us/en/products-services/whatis/selfdriving-network/, 2020.

[2]

N. Feamster and J. Rexford, Why (and how) networks should run themselves, in Proc. Applied Networking Research Workshop, Montreal, Canada: ACM, 2018, p. 20.

[3]

J. C. Jiang, V. Sekar, I. Stoica, and H. Zhang, Unleashing the potential of data-driven networking, in Proc. 9th Int. Conf. on Communication Systems and Networks, Bengaluru, India, 2017, pp. 110-126.

[4]

Y. F. Yuan, D. Lin, A. Mishra, S. Marwaha, R. Alur, and B. T. Loo, Quantitative network monitoring with NetQRE, in Proc. Conf. of the ACM Special Interest Group on Data Communication, Los Angeles, CA, USA, 2017, pp. 99-112.

[5]

A. Gupta, R. Harrison, M. Canini, N. Feamster, J. Rexford, and W. Willinger, Sonata: Query-driven streaming network telemetry, in Proc. 2018 Conf. of the ACM Special Interest Group on Data Communication, Budapest, Hungary, 2018, pp. 357-371.

[6]

M. Al-Fares, S. Radhakrishnan, B. Raghavan, N. Huang, and A. Vahdat, Hedera: Dynamic flow scheduling for data center networks, in Proc. 7th USENIX Conf. on Networked Systems Design and Implementation, San Jose, CA, USA, 2010, p. 19.

[7]

A. R. Curtis, J. C. Mogul, J. Tourrilhes, P. Yalagandula, P. Sharma, and S. Banerjee, DevoFlow: Scaling flow management for high-performance networks, in Proc. ACM SIGCOMM 2011 Conf., Toronto, Canada, pp. 254-265, 2011.

[8]

M. Roesch, Snort-lightweight intrusion detection for networks, in Proc. 13th USENIX Conf. on System Administration, Seattle, WA, USA, 1999, pp. 229-238.

[9]

Z. L. Yuan, Y. B. Xue, and M. van der Schaar, BitMiner: Bits mining in internet traffic classification, in Proc. 2015 ACM Conf. on Special Interest Group on Data Communication, London, UK, 2015, pp. 93-94.

[10]

OpenStack, Tap as a Service (TAPaaS), https://docs.openstack.org/dragonflow/latest/specs/tap_as_a_service.html, 2020.

[11]

B. Pfaff, J. Pettit, T. Koponen, E. J. Jackson, A. Zhou, J. Rajahalme, J. Gross, A. Wang, J. Stringer, P. Shelar, et al., The design and implementation of Open vSwitch, in Proc. 12th USENIX Conf. on Networked Systems Design and Implementation, Oakland, CA, USA, 2015, pp. 117-130.

[12]

D. Firestone, VFP: A virtual switch platform for host SDN in the public cloud, in Proc. 14th USENIX Conf. on Networked Systems Design and Implementation, Boston, MA, USA, 2017, pp. 315-328.

[13]

A. Wang, Y. Guo, F. Hao, T. V. Lakshman, and S. Q. Chen, UMON: Flexible and fine grained traffic monitoring in open vSwitch, in Proc. 11th ACM Conf. on Emerging Networking Experiments and Technologies, Heidelberg, Germany, 2015, p. 15.

[14]

M. Moshref, M. L. Yu, R. Govindan, and A. Vahdat, Trumpet: Timely and precise triggers in data centers, in Proc. 2016 ACM SIGCOMM Conf., Florianopolis, Brazil, 2016, pp. 129-143.

[15]

Q. Huang, X. Jin, P. P. C. Lee, R. H. Li, L. Tang, Y. C. Chen, and G. Zhang, SketchVisor: Robust network measurement for software packet processing, in Proc. Conf. of the ACM Special Interest Group on Data Communication, Los Angeles, CA, USA, 2017, pp. 113-126.

[16]

sFlow, https://sflow.org, 2020.

[17]

NetFlow, https://www.ietf.org/rfc/rfc3954.txt, 2020.

[18]

Tcpdump, https://www.tcpdump.org, 2020.

[19]

M. L. Yu, L. Jose, and R. Miao, Software defined traffic measurement with OpenSketch, in Proc. 10th USENIX Conf. on Networked Systems Design and Implementation, Boston, MA, USA, 2013, pp. 29-42.

[20]

Z. X. Liu, A. Manousis, G. Vorsanger, V. Sekar, and V. Braverman, One sketch to rule them all: Rethinking network flow monitoring with UnivMon, in Proc. 2016 ACM SIGCOMM Conf., Florianopolis, Brazil, 2016, pp. 101-114.

[21]

Y. L. Li, R. Miao, C. Kim, and M. L. Yu, FlowRadar: A better NetFlow for data centers, in Proc. 13th Usenix Conf. on Networked Systems Design and Implementation, Santa Clara, CA, USA, 2016, pp. 311-324.

[22]

M. Moshref, M. L. Yu, R. Govindan, and A. Vahdat, SCREAM: Sketch resource allocation for Software-defined measurement, in Proc. 11th ACM Conf. on Emerging Networking Experiments and Technologies, Heidelberg, Germany, 2015, p. 14.

[23]

N. Handigol, B. Heller, V. Jeyakumar, D. Mazières, and N. McKeown, I know what your packet did last hop: Using packet histories to troubleshoot networks, in Proc. 11th USENIX Conf. on Networked Systems Design and Implementation, Seattle, WA, USA, 2014, pp. 71-85.

[24]

Y. B. Zhu, N. X. Kang, J. X. Cao, A. Greenberg, G. H. Lu, R. Mahajan, D. Maltz, L. H. Yuan, M. Zhang, B. Y. Zhao, et al., Packet-level telemetry in large datacenter networks, in Proc. 2015 ACM Conf. on Special Interest Group on Data Communication, London, UK, 2015, pp. 479-491.

[25]

T. Benson, A. Anand, A. Akella, and M. Zhang, MicroTE: Fine grained traffic engineering for data centers, in Proc. Seventh Conf. on Emerging Networking Experiments and Technologies, Tokyo, Japan, 2011, p. 8.

[26]

J. Rasley, B. Stephens, C. Dixon, E. Rozner, W. Felter, K. Agarwal, J. Carter, and R. Fonseca, Planck: Millisecond-scale monitoring and control for commodity networks, in Proc. 2014 ACM Conf. on SIGCOMM, Chicago, IL, USA, 2014, pp. 407-418.

[27]

A. Wundsam, D. Levin, S. Seetharaman, and A. Feldmann, OFRewind: Enabling record and replay troubleshooting for networks, in Proc. 2011 USENIX Conf. on USENIX Annu. Technical Conference, Portland, OR, USA, 2011, p. 29.

[28]

J. Suh, T. T. Kwon, C. Dixon, W. Felter, and J. Carter, OpenSample: A low-latency, sampling-based measurement platform for commodity SDN, in Proc. 2014 IEEE 34th Int. Conf. on Distributed Computing Systems, Madrid, Spain, 2014, pp. 228-237.

[29]

Z. L. Zha, A. Wang, Y. Guo, D. Montgomery, and S. Q. Chen, Instrumenting Open vSwitch with monitoring capabilities: Designs and challenges, in Proc. Symp. on SDN Research, Los Angeles, CA, USA, 2018, p. 16.

[30]

P. Gupta and N. McKeown, Packet classification using hierarchical intelligent cuttings, in Proc. Hot Interconnects, Stanford, CA, USA, 1999.

[31]

S. Singh, F. Baboescu, G. Varghese, and J. Wang, Packet classification using multidimensional cutting, in Proc. 2003 Conf. on Applications, Technologies, Architectures, and Protocols for Computer Communications, Karlsruhe, Germany, 2003, pp. 213-224.

[32]

Y. Qi, L. Xu, B. Yang, Y. Xue, and J. Li, Packet classification algorithms: From theory to practice, in Proc. IEEE INFOCOM 2009, Rio de Janeiro, Brazil, 2009, pp. 648-656.

[33]

V. Srinivasan, S. Suri, and G. Varghese, Packet classification using tuple space search, ACM SIGCOMM Comput. Commun. Rev., vol. 29, no. 4, pp. 135-146.

Google Scholar

[34]

S. McCanne and V. Jacobson, The BSD packet filter: A new architecture for user-level packet capture, in Proc. USENIX Winter 1993 Conf. Proc. on USENIX Winter 1993 Conf. Proc., San Diego, CA, USA, 1993, p. 2.

[35]

A. Begel, S. McCanne, and S. L. Graham, BPF+: Exploiting global data-flow optimization in a generalized packet filter architecture, in Proc. Conf. on Applications, Technologies, Architectures, and Protocols for Computer Communication, Cambridge, MA, USA, 1999, pp. 123-134.

[36]

M. L. Yu, J. Rexford, M. J. Freedman, and J. Wang, Scalable flow-based networking with DIFANE, in Proc. ACM SIGCOMM 2010 Conf., New Delhi, India, 2010, pp. 351-362.

[37]

Z. Liu, S. J. Sun, H. Zhu, J. Q. Gao, and J. Li, BitCuts: A fast packet classification algorithm using bit-level cutting, Comput. Commun., 2017, vol. 109, pp. 38-52.

Google Scholar

[38]

V. Jacobson, Compressing TCP/IP headers for low-speed serial links, https://tools.ietf.org/html/rfc1144, 1990.

[39]

M. Degermark, B. Nordgren, and S. Pink, IP header compression, https://tools.ietf.org/html/rfc2507, 1999.

[40]

L. E. Jonsson, G. Pelletier, and K. Sandlund, The Robust Header Compression (ROHC) framework, https://tools.ietf.org/html/rfc5795, 2007.

[41]

D. E. Taylor and J. S. Turner, ClassBench: A packet classification benchmark, IEEE/ACM Trans. Netw., 2007, vol. 14, no. 3, pp. 499-511.

Google Scholar

[42]

CAIDA, The CAIDA anonymized Internet traces 2016 Dataset, https://www.caida.org/data/passive/passive_2016_dataset.xml, 2020.

[43]

LWN, Introducing AF_PACKET V4 support, https://lwn.net/Articles/737947/, 2020.

[44]

Data Plane Development Kit (DPDK), https://dpdk.org, 2020.

Tsinghua Science and Technology

Volume 26 Issue 4,
August 2021

Pages 452-463

DOI: 10.26599/TST.2020.9010018

Cite this article:

Hu X, Xiang Y, Li Y, et al. Trident: Efficient and Practical Software Network Monitoring. Tsinghua Science and Technology, 2021, 26(4): 452-463. https://doi.org/10.26599/TST.2020.9010018

738

Views

Downloads

Crossref

Web of Science

Scopus

CSCD

Google Scholar
Citation

Altmetrics

Received: 17 January 2020

Revised: 07 May 2020

Accepted: 08 May 2020

Published: 04 January 2021

The articles published in this open access journal are distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/).