MeasuRouting A Framework for Routing Assisted traffic monitoring
A B S T R A C T
Monitoring transit traffic at one or more points in a network is of interest to network operators for reasons of traffic accounting, debugging or troubleshooting, forensics, and traffic engineering. Previous research in the area has focused on deriving a placement of monitors across the network toward the end of maximizing the monitoring utility of the network operator for a given traffic routing. However, both traffic characteristics and measurement objectives can dynamically change over time, rendering a previously optimal placement of monitors suboptimal. It is not feasible to dynamically redeploy/reconfigure measurement infrastructure to cater to such evolving measurement requirements.
We address this problem by strategically routing traffic sub populations over fixed monitors. We refer to this approach as MeasuRouting. The main challenge for MeasuRouting is to work within the constraints of existing intra-domain traffic engineering operations that are geared for efficiently utilizing bandwidth resources, or meeting quality-of-service (QoS) constraints, or both. A fundamental feature of intra-domain routing, which makes MeasuRouting feasible, is that intra-domain routing is often specified for aggregate flows.
MeasuRouting can therefore differentially route components of an aggregate flow while ensuring that the aggregate placement is compliant to original traffic engineering objectives. In this paper, we present a theoretical framework for MeasuRouting. Furthermore, as proofs of concept, we present synthetic and practical monitoring applications to showcase the utility enhancement achieved with MeasuRouting.
In the Existing System, it is focused on deriving a placement of monitors across the network toward the end of maximizing the monitoring utility of the network operator for a given traffic routing. However, both traffic characteristics and measurement objectives can dynamically change over time, rendering a previously optimal placement of monitors suboptimal. It is not feasible to dynamically redeploy / reconfigure measurement infrastructure to cater to such evolving measurement requirements.
In the proposed system, we present a theoretical framework for MeasuRouting, which is to address the problem by strategically routing traffic subpopulations over fixed monitors , which is to work within the constraints of existing intra domain traffic engineering (TE) operations that are geared for efficiently utilizing bandwidth resources, or meeting quality-of-service (QoS) constraints, or both. In this paper, our focus is on the overall monitoring utility, defined as a weighted sum of the monitoring achieved over all flows.
A simple scenario involves routers implementing uniform sampling or an approximation of it, with network operators being interested in monitoring a subset of the traffic. MeasuRouting can be used to make important traffic traverse routes that maximize their overall sampling rate.
Networks might implement heterogeneous sampling algorithms, each optimized for certain kinds of traffic subpopulations. For instance, some routers can implement sophisticated algorithms to give accurate flow-size estimates of medium-sized flows that otherwise would not have been captured by uniform sampling. MeasuRouting can then route traffic subpopulations that might have medium-sized flows across such routers. A network can have different active and passive measurement infrastructure and algorithms deployed, and MeasuRouting can direct traffic across paths with greater measurement potential.
MeasuRouting can be used to conserve measurement resources. For instance, all packets belonging to a certain traffic subpopulation can be conjointly routed to avoid maintaining states across different paths. Similarly, if the state at a node is maintained using probabilistic data structures (such as sketches), MeasuRouting can enhance the accuracy of such structures by selecting the traffic that traverses the node. This paper presents a general routing framework for MeasuRouting, assuming the presence of special forwarding mechanisms.
We now present a formal framework for MeasuRouting in the context of a centralized architecture. A centralized architecture refers to the case where the algorithm deciding how distributed nodes will route packets using MeasuRouting has global information of:
1) the TE policy;
2) the topology and monitoring infrastructure deployment; and
3) the size and importance of traffic subpopulations.
TE policy is usually defined for aggregated flows. On the other hand, traffic measurement usually deals with a finer level of granularity. For instance, we often define a flow based upon the five-tuple for measurement purposes. Common intra-domain protocols (IGPs) like OSPF and IS-IS] use link weights to specify the placement of traffic for each origin–destination (OD) pair (possibly consisting of millions of flows).
The TE policy is oblivious of how constituent flows of an OD pair are routed as long as the aggregate placement is preserved. It is possible to specify traffic subpopulations that are distinguishable from a measurement perspective but are indistinguishable from a TE perspective. MeasuRouting can, therefore, route our fine-grained measurement traffic subpopulations without disrupting the aggregate routing.
The second way in which MeasuRouting is useful stems from the definition of TE objectives. TE objectives may be oblivious to the exact placement of aggregate traffic and only take cognizance of summary metrics such as the maximum link utilization across the network. An aggregate routing that is slightly different from the original routing may still yield the same value of the summary metric.
A macro-flowset may consist of multiple micro-flowsets. denotes the set of micro-flowsets. There is a many-to-one relationship between micro-flowsets and macro-flowsets. Represents the set of micro-flowsets that belong to the macro-flowset .
No Routing Loops MeasuRouting (NRL)
The flow conservation constraints in LTD do not guarantee the absence of loops. In Fig. 1, it is possible that the optimal solution of LTD may involve repeatedly sending traffic between routers , , and in a loop so as to sample it more frequently while still obeying the flow conservation and TE constraints. Such routing loops may not be desirable in real-world routing implementations. We therefore propose NRL, which ensures that the microflowset routing is loop-free. Loops are avoided by restricting the set of links along which a micro-flowset can be routed Relaxed
Sticky Routes MeasuRouting (RSR)
NRL ensures that there are no routing loops. However, depending upon the exact forwarding mechanisms and routing protocol, NRL may still not be feasible.
Deep Packet Inspection Trace Capture
In this section, we elucidate a practical application of MeasuRouting using actual traffic traces from a real network and with a meaningful definition of flow sampling importance. We consider the problem of increasing the quality of traces captured for subsequent Deep Packet Inspection (DPI). DPI is a useful process that allows post-mortem analysis of events seen in the network and helps understand the payload properties of transiting Internet traffic.
However, capturing payload is often an expensive process that requires dedicated hardware (e.g., DPI with TCAMs, or specialized algorithms that are prone to errors (e.g., DPI with Bloom Filters), or vast storage capacity for captured traces. As a result, operators sparsely deploy DPI agents at strategic locations of the network, with limited storage resources. In such cases, payload of only a subset of network traffic is captured by the dedicated hardware.
Thus, improving the quality of the capture traces for subsequent DPI involves allocating the limited monitoring resources such that the representation of more interesting traffic is increased. We can leverage MeasuRouting to increase the quality of the traces captured by routing interesting traffic across routes where they have a greater probability of being captured.
The below links contains abstract, base paper, documentation, power-point presentation and source code of MeasuRouting A Framework for Routing Assisted Traffic Monitoring.