research-article

Public Access

Flow-level loss detection with Δ-sketches

Authors:

Shir Landau Feibish,

Vladimir Braverman,

Jennifer RexfordAuthors Info & Claims

SOSR '22: Proceedings of the Symposium on SDN Research

Pages 25 - 32

https://doi.org/10.1145/3563647.3563653

Published: 19 October 2022 Publication History

Abstract

Packet drops caused by congestion are a fundamental problem in network operation. Yet, it is difficult to detect where drops are happening, let alone which flows are most affected. Detecting the small-timescale drops caused by short bursts of traffic is even more challenging, and traditional monitoring techniques can easily miss them. To uncover packet drops as they occur inside a switch, the analysis must be real-time, fine-grained, and efficient. However, modern switches have distributed packet-processing pipelines that see either the arriving or departing traffic, but not the packet drops. Additionally, they do not have enough memory to store per-flow state. Our MIDST system addresses these challenges through a distributed compact data structure with lightweight coordination between ingress and egress pipelines. MIDST identifies the flows experiencing loss, as well as the bursty flows responsible, across different burst durations. Our evaluation with real-world traces and TCP connections shows that MIDST uses little memory (e.g., 320KB) while providing high accuracy (95% to 98%) under varying loss rates and burst durations. We evaluate a low-rate DDoS attack and demonstrate the potential use of our measurement results for attack detection and mitigation.

References

[1]

Apache Thrift. https://thrift.apache.org/.

[2]

Paramvir Bahl, Ranveer Chandra, Albert G. Greenberg, Srikanth Kandula, David A. Maltz, and Ming Zhang. Towards highly reliable enterprise network services via inference of multi-level dependencies. In ACM SIGCOMM, pages 13--24. ACM, 2007.

Digital Library

[3]

Swapna Buccapatnam, Xiaoqi Chen, Ken Duell, Shir Landau Feibish, Kathleen Meier-Hellstern, Yaron Koral, Steven A. Monetti, Aswatnarayan Raghuram, Jennifer Rexford, Joe Stango, Simon T. Tse, John Tulko, and Tzuu-Yi Wang. Fine-grained P4 measurement toolkit for buffer sizing in carrier grade networks. Workshop on Buffer Sizing, 2019.

[4]

J. D. Case, M. Fedor, M. L. Schoffstall, and J. Davin. RFC 1157: Simple network management protocol (SNMP), 1990.

[5]

Moses Charikar, Kevin Chen, and Martin Farach-Colton. Finding frequent items in data streams. ICALP, 2002.

Digital Library

[6]

Xiaoqi Chen, Shir Landau Feibish, Yaron Koral, Jennifer Rexford, Ori Rottenstreich, Steven A. Monetti, and Tzuu-Yi Wang. Fine-grained queue measurement in the data plane. In ACM SIGCOMM Conference on Emerging Networking Experiments and Technologies, pages 15--29. ACM, 2019.

Digital Library

[7]

Xiaoqi Chen, Shir Landau-Feibish, Mark Braverman, and Jennifer Rexford. BeauCoup: Answering many network traffic queries, one memory update at a time. In ACM SIGCOMM, 2020.

Digital Library

[8]

Benoit Claise. Cisco Systems NetFlow Services Export Version 9. RFC 3954, 2004.

[9]

Peter Clifford and Ioana Cosma. A simple sketching algorithm for entropy estimation over streaming data. In International Conference on Artificial Intelligence and Statistics, 2013.

[10]

Graham Cormode and Shan Muthukrishnan. An Improved Data Stream Summary: The Count-Min Sketch and Its Applications. Journal of Algorithms, 2005.

Digital Library

[11]

Paul Emmerich, Sebastian Gallenmüller, Daniel Raumer, Florian Wohlfart, and Georg Carle. MoonGen: A Scriptable High-Speed Packet Generator. In ACM SIGCOMM Internet Measurement Conference, Tokyo, Japan, October 2015.

[12]

Philippe Flajolet, Eric Fusy, Olivier Gandouet, and Frederic Meunier. Hyperloglog: The analysis of a near-optimal cardinality estimation algorithm. In Conference on Analysis of Algorithms, 2007.

[13]

Mojgan Ghasemi, Theophilus Benson, and Jennifer Rexford. Dapper: Data plane performance diagnosis of TCP. In ACM Symposium on SDN Research, pages 61--74, 2017.

Digital Library

[14]

Chuanxiong Guo, Lihua Yuan, Dong Xiang, Yingnong Dang, Ray Huang, David A. Maltz, Zhaoyi Liu, Vin Wang, Bin Pang, Hua Chen, Zhi-Wei Lin, and Varugis Kurien. Pingmesh: A large-scale system for data center network latency measurement and analysis. In ACM SIGCOMM, pages 139--152, 2015.

Digital Library

[15]

Nikhil Handigol, Brandon Heller, Vimalkumar Jeyakumar, David Mazières, and Nick McKeown. I know what your packet did last hop: Using packet histories to troubleshoot networks. In USENIX Networked Systems Design and Implementation, pages 71--85, 2014.

[16]

Monika R Henzinger. Algorithmic challenges in web search engines. Internet Mathematics, 1(1):115--123, 2004.

[17]

Raj Joshi, Ting Qu, Mun Choon Chan, Ben Leong, and Boon Thau Loo. BurstRadar: Practical real-time microburst monitoring for datacenter networks. In Asia-Pacific Workshop on Systems (APSys), 2018.

Digital Library

[18]

Hyojoon Kim, Xiaoqi Chen, Jack Brassil, and Jennifer Rexford. Experience-driven research on programmable networks. ACM SIGCOMM Computer Communications Review, 51(1):10--17, 2021.

Digital Library

[19]

Balachander Krishnamurthy, Subhabrata Sen, Yin Zhang, and Yan Chen. Sketch-based change detection: methods, evaluation, and applications. In ACM SIGCOMM Internet Measurement Conference, pages 234--247, 2003.

Digital Library

[20]

Aleksandar Kuzmanovic and Edward W. Knightly. Low-rate TCP-targeted denial of service attacks: The shrew vs. the mice and elephants. In ACM SIGCOMM, pages 75--86, 2003.

Digital Library

[21]

Yuliang Li, Rui Miao, Changhoon Kim, and Minlan Yu. FlowRadar: A better NetFlow for data centers. In USENIX Networked Systems Design and Implementation, pages 311--324, 2016.

[22]

Yuliang Li, Rui Miao, Changhoon Kim, and Minlan Yu. LossRadar: Fast detection of lost packets in data center networks. In ACM SIGCOMM CoNEXT Conference, pages 481--495. ACM, 2016.

[23]

Zaoxing Liu, Antonis Manousis, Gregory Vorsanger, Vyas Sekar, and Vladimir Braverman. One sketch to rule them all: Rethinking network flow monitoring with UnivMon. In ACM SIGCOMM, 2016.

Digital Library

[24]

Zaoxing Liu, Samson Zhou, Ori Rottenstreich, Vladimir Braverman, and Jennifer Rexford. Memory-efficient performance monitoring on programmable switches with lean algorithms. In Symposium on Algorithmic Principles of Computer Systems, pages 31--44, January 2020.

[25]

Hun Namkung, Daehyeok Kim, Zaoxing Liu, Vyas Sekar, and Peter Steenkiste. Telemetry retrieval inaccuracy in programmable switches: Analysis and recommendations. In ACM Symposium on SDN Research, 2021.

Digital Library

[26]

Srinivas Narayana, Anirudh Sivaraman, Vikram Nathan, Prateesh Goyal, Venkat Arun, Mohammad Alizadeh, Vimalkumar Jeyakumar, and Changhoon Kim. Language-directed hardware design for network performance monitoring. In ACM SIGCOMM, pages 85--98, 2017.

Digital Library

[27]

George Nychis, Vyas Sekar, David G. Andersen, Hyong Kim, and Hui Zhang. An empirical evaluation of entropy-based traffic anomaly detection. In ACM SIGCOMM Internet Measurement Conference, 2008.

Digital Library

[28]

Arjun Singh, Joon Ong, Amit Agarwal, Glen Anderson, Ashby Armistead, Roy Bannon, Seb Boving, Gaurav Desai, Bob Felderman, Paulie Germano, Anand Kanagala, Jeff Provost, Jason Simmons, Eiichi Tanda, Jim Wanderer, Urs Hölzle, Stephen Stuart, and Amin Vahdat. Jupiter rising: A decade of Clos topologies and centralized control in Google's datacenter network. In ACM SIGCOMM, pages 183--197, 2015.

Digital Library

[29]

Vibhaalakshmi Sivaraman, Srinivas Narayana, Ori Rottenstreich, S. Muthukrishnan, and Jennifer Rexford. Heavy-hitter detection entirely in the data plane. In ACM Symposium on SDN Research, 2017.

Digital Library

[30]

Joel Sommers, Paul Barford, Nick G. Duffield, and Amos Ron. Improving accuracy in end-to-end packet loss measurement. In ACM SIGCOMM, pages 157--168. ACM, 2005.

Digital Library

[31]

Cheng Tan, Ze Jin, Chuanxiong Guo, Tianrong Zhang, Haitao Wu, Karl Deng, Dongming Bi, and Dong Xiang. NetBouncer: Active device and link failure localization in data center networks. In USENIX Networked Systems Design and Implementation, pages 599--614, 2019.

[32]

Ross Teixeira, Rob Harrison, Arpit Gupta, and Jennifer Rexford. PacketScope: Monitoring the packet lifecycle inside a switch. In ACM SIGCOMM Symposium on SDN Research, pages 76--82, March 2020.

Digital Library

[33]

Jackson Woodruff, Andrew W. Moore, and Noa Zilberman. Measuring burstiness in data center applications. In Workshop on Buffer Sizing, pages 5:1--5:6, 2019.

Digital Library

[34]

Zhijun Wu, Xu Qing, Jingjie Wang, Meng Yue, and Liang Liu. Low-rate DDoS attack detection based on factorization machine in software defined network. IEEE Access, 8:17404--17418, 2020.

[35]

Changwang Zhang, Zhiping Cai, Weifeng Chen, Xiapu Luo, and Jianping Yin. Flow level detection and filtering of low-rate DDoS. Computer Networks, 56(15):3417--3431, 2012.

Digital Library

[36]

Qiao Zhang, Vincent Liu, Hongyi Zeng, and Arvind Krishnamurthy. High-resolution measurement of data center microbursts. In ACM SIGCOMM Internet Measurement Conference, pages 78--85, 2017.

Digital Library

[37]

Yu Zhou, Chen Sun, Hongqiang Harry Liu, Rui Miao, Shi Bai, Bo Li, Zhilong Zheng, Lingjun Zhu, Zhen Shen, Yongqing Xi, Pengcheng Zhang, Dennis Cai, Ming Zhang, and Mingwei Xu. Flow event telemetry on programmable data plane. In ACM SIGCOMM, pages 76--89. ACM, 2020.

Digital Library

[38]

Yibo Zhu, Nanxi Kang, Jiaxin Cao, Albert G. Greenberg, Guohan Lu, Ratul Mahajan, David A. Maltz, Lihua Yuan, Ming Zhang, Ben Y. Zhao, and Haitao Zheng. Packet-level telemetry in large datacenter networks. In ACM SIGCOMM, pages 479--491, 2015.

Digital Library

Cited By

Ji CKuipers F(2023)State4: State-preserving Reconfiguration of P4-programmable Switches2023 IEEE 9th International Conference on Network Softwarization (NetSoft)10.1109/NetSoft57336.2023.10175468(134-142)Online publication date: 19-Jun-2023
https://doi.org/10.1109/NetSoft57336.2023.10175468
Shen YWan AChen Y(2023)A Fine-Grained Packet Loss Management System Based on Programmable Network2023 IEEE 29th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/ICPADS60453.2023.00119(791-798)Online publication date: 17-Dec-2023
https://doi.org/10.1109/ICPADS60453.2023.00119

Index Terms

Flow-level loss detection with Δ-sketches
1. Networks
  1. Network algorithms
    1. Data path algorithms

Recommendations

Effective packet loss estimation on VoIP jitter buffer
IFIP'12: Proceedings of the 2012 international conference on Networking

The paper deals with an influence of network jitter on effective packet loss in dejitter buffer. We analyze behavior of jitter buffers with and without packet reordering capability and quantify the additional packet loss caused by packets dropped in ...
Intra-flow loss recovery and control for VoIP
MULTIMEDIA '01: Proceedings of the ninth ACM international conference on Multimedia

"Best effort" packet-switched networks, like the Internet, do not offer a reliable transmission of packets to applications with real-time constraints such as voice. Thus, the loss of packets impairs the application-level utility. For voice this utility ...
Flow Loss Characteristics in the Presence of Correlated Background Traffic
ITNG '08: Proceedings of the Fifth International Conference on Information Technology: New Generations

Packet loss in wired communication networks is almost entirely caused by buffer overflow in intermediate network nodes. Although the packet loss ratio at a (bottleneck) buffer is an important performance measure, it is often an insufficient measure to ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

SOSR '22: Proceedings of the Symposium on SDN Research

October 2022

101 pages

ISBN:9781450398923

DOI:10.1145/3563647

Copyright © 2022 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 19 October 2022

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Conference

SOSR '22

Sponsor:

SIGCOMM

SOSR '22: The ACM SIGCOMM Symposium on SDN Research

October 19 - 20, 2022

Virtual Event

Acceptance Rates

Overall Acceptance Rate 7 of 43 submissions, 16%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
294
Total Downloads

Downloads (Last 12 months)173
Downloads (Last 6 weeks)25

Reflects downloads up to 30 Sep 2024

Other Metrics

View Author Metrics

Citations

Cited By

Ji CKuipers F(2023)State4: State-preserving Reconfiguration of P4-programmable Switches2023 IEEE 9th International Conference on Network Softwarization (NetSoft)10.1109/NetSoft57336.2023.10175468(134-142)Online publication date: 19-Jun-2023
https://doi.org/10.1109/NetSoft57336.2023.10175468
Shen YWan AChen Y(2023)A Fine-Grained Packet Loss Management System Based on Programmable Network2023 IEEE 29th International Conference on Parallel and Distributed Systems (ICPADS)10.1109/ICPADS60453.2023.00119(791-798)Online publication date: 17-Dec-2023
https://doi.org/10.1109/ICPADS60453.2023.00119

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents