计算机科学

计算机科学 ›› 2025, Vol. 52 ›› Issue (1): 374-382.doi: 10.11896/jsjkx.231200080

• 信息安全 • 上一篇    下一篇

基于概要数据结构的网络微突发流量检测方法

王佳宇1, 于俊清1,2, 李冬2, 赵君杨1   

  1. 1 华中科技大学网络空间安全学院 武汉 430074
    2 华中科技大学网络与信息化办公室 武汉 430074
  • 收稿日期:2023-12-12 修回日期:2024-05-08 出版日期:2025-01-15 发布日期:2025-01-09
  • 通讯作者: 于俊清(yjqing@hust.edu.cn)
  • 作者简介:(15387261971@163.com)
  • 基金资助:
    国家重点研发计划(2022YFB2901202)

Network Microburst Traffic Measurement Method Based on Sketch Data Structure

WANG Jiayu1, YU Junqing1,2, LI Dong2, ZHAO Junyang1   

  1. 1 School of Cyber Science and Engineering,Huazhong University of Science and Technology,Wuhan 430074,China
    2 Network and Information Office,Huazhong University of Science and Technology,Wuhan 430074,China
  • Received:2023-12-12 Revised:2024-05-08 Online:2025-01-15 Published:2025-01-09
  • About author:WANG Jiayu,born in 1999,postgra-duate.His main research interests include programmable data plane and network security.
    YU Junqing,born in 1975,Ph.D,professor,Ph.D supervisor,is a member of CCF(No.05665S).His main research interests include digital media proces-sing and retrieval,network security,multi-core computing and stream compilation.
  • Supported by:
    National Key R&D Program of China(2022YFB2901202).

PDF (PC)

144

摘要: 网络微突发流量是数据中心网络中常见的流量类型,其在极短的时间内迅速增长,对网络性能造成严重影响,且难以检测。目前的测量方法无法兼顾细粒度检测和低资源开销传输,文中基于概要数据结构(sketch)设计了一种轻量级细粒度的网络微突发流量测量方法。首先基于可编程交换机的架构特性,实时测量数据报文的排队时延,设计检测算法,监测微突发流量,实现基于数据报文的细粒度检测;然后根据检测结果采集微突发流,采用sketch存储微突发流信息,利用镜像传输方式在时间片或微突发流结束后向控制器传送,实现轻量级传输。测量方法基于可编程协议无关报文处理语言,在P4可编程交换机上进行了相应的系统实现,能够实时检测和展示网络微突发流量。实验结果表明该方法能够实时细粒度检测网络微突发流量,显著降低传输微突发信息的带宽开销。

关键词: 可编程协议无关报文处理语言, 可编程交换机, 微突发流量, 概要数据结构

Abstract: Microburst traffic is a common type of traffic in data center network,which grows rapidly in a very short period of time,and has serious effect on network performance and is difficult to detect.Existing microburst traffic detection methods cannot take into account both fine-grained detection and low-resource transmission.This paper proposes a lightweight fine-grained microburst detection method based on sketch data structure.Firstly,the architectural characteristics of the programmable switch is used to measure the queuing delay for each packet,microburst detection algorithm is put forward to process network traffic and the microburst traffic is filtered out to achieve the purpose of fine-grained detection.Then sketch is used to save microburst traffic information,which is sent to controller at the end of the time slice or the end of the microburst stream by mirroring transmission,so as to achieve lightweight transmission.Finally,the microburst traffic detection system is implemented on P4 programmable switch in real-world network environment.Experiments show that this method has good microburst measurement accuracy,and greatly reduces the bandwidth overhead required for microburst information transmission.

Key words: Programming protocol-independent packet processors language, Programmable switch, Microburst traffic, Sketch data structure

中图分类号: 

  • TP393
[1]ZHANG Q,LIU V,ZENG H,et al.High-resolution measure-ment of data center microbursts[C]//Proceedings of the 2017 Internet Measurement Conference.New York:Association for Computing Machinery,2017:78-85.
[2]DUTT D G.Cloud Native Data Center Networking:Architecture,Protocols,and Tools[M].O’Reilly Media,2019:23-32.
[3]FIRESTONE D,PUTNAM A,MUNDKUR S,et al.Azure Accelerated Networking:SmartNICs in the Public Cloud[C]//15th USENIX Sym-posium on Networked Systems Design and Implementation(NSDI 18).BERKELEY:USENIX Association,2018:51-66.
[4]SHAN D F,REN F Y,CHENG P,et al.Micro-burst in datacenters:Observations,analysis,and mitigations[C]//2018 IEEE 26th International Conference on Network Protocols(ICNP).Los Alamitos:IEEE Computer Society,2018:88-98.
[5]YASEEN N,SONCHACK J,LIU V.Synchronized networksnap-shots[C]//Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication.New York:Association for Computing Machinery,2018:402-416.
[6]BOSSHART P,DALY D,GIBB G,et al.P4:Programming protocol-independent packet processors[J].ACM SIGCOMM Computer Communication Review,2014,44(3):87-95.
[7]ALCOZ A G,STROHMEIER M,LENDERS V,et al.Aggre-gate-based congestion control for pulse-wave DDoS defense[C]//Proceedings of the ACM SIGCOMM 2022 Conference.New York:Association for Computing Machinery,2022:693-706.
[8]Monitor Microbursts on Cisco Nexus 5600 Platform and Cisco Nexus 6000 Series Switches[DB/OL].https://goo.gl/5Xxhpm,2022-5.
[9]What Is a Microburst? How to Detect a Microburst?.Huawei[DB/OL].https://www.support.huawei.com/enterprise/en/doc/EDOC1100086962,2020-11.
[10]KIM C,SIVARAMAN A,KATTA N,et al.In-band networktelemetry via programmable dataplanes[C]//ACM SIGCOMM.New York:Association for Computing Machinery,2015.
[11]JOSHI R,QU T,CHAN M C,et al.BurstRadar:Practical real-time microburst monitoring for datacenter networks[C]//Proceedings of the 9th Asia-Pacific Workshop on Systems.New York:Association for Computing Machinery,2018:1-8.
[12]TAFFET P,MELLOR-CRUMMEY J.Lightweight,Packet-Centric Monitoring of Network Traffic and Congestion Implemented in P4[C]//2019 IEEE Symposium on High-Perfor-mance Interconnects(HOTI).LOS ALAMITOS:IEEE Compu-ter Society,IEEE,2019:54-58.
[13]BUCCAPATNAM S,CHEN X Q,DUELL K,et al.Fine-grained P4 measurement toolkit for buffer sizing in carrier grade net-works[C]//BS’19:2019 Workshop on Buffer Sizing.New York:Association for Computing Machinery,2019.
[14]CHEN X Q,FEIBISH S L,KORAL Y,et al.Fine-grained queue measurement in the data plane[C]//Proceedings of the 15th International Conference on Emerging Networking Experiments And Technologies.New York:Association for Computing Machinery,2019:15-29.
[15]ZHOU Y,SUN C,LIU H H,et al.Flow event telemetry on program-mable data plane[C]//Proceedings of the Annual Confe-rence of the ACM Special Interest Group on Data Communication on the Applications,Technologies,Architectures,and Protocols for Computer Communication.New York:Association for Computing Machinery,2020:76-89.
[16]FEIBISH S L,LIU Z,IVKIN N,et al.Flow-level loss detection with Δ-sketches[C]//Proceedings of the Symposium on SDN Research.New York:Association for Computing Machinery,2022:25-32.
[17]BRUM H B,DOS SANTOS C R P,FERRETO T C.Providing Fine-grained Network Metrics for Monitoring Applications using In-band Telemetry[C]//2023 IEEE 9th International Conference on Network Softwarization(NetSoft).New York:IEEE,2023:116-124.
[18]MAZLOUM A,GOMEZ J,KFOURY E,et al.Enhancing perfSONAR Measurement Capabilities using P4 Programmable Data Planes[C]//Proceedings of the SC'23 Workshops of The International Conference on High Performance Computing,Network,Storage,and Analysis.New York:Association for Computing Machinery,2023:819-829.
[19]CORMODE G,MUTHUKRISHNAN S.An improved datastream summary:the count-min sketch and its applications[J].Journal of Algorithms,2005,55(1):58-75.
[20]ESTAN C,VARGHESE G.New directions in traffic measurement and accounting[C]//Proceedings of the 2002 Conference on Applications,Technologies,Architectures,and Protocols for Computer Communications.New York:Association for Computing Machinery,2002:323-336.
[21]CHARIKAR M,CHEN K,FARACH-COLTON M.Finding frequent items in data streams[C]//International Colloquium on Automata,Languages,and Programming.AMSTERDAM:ELSEVIER,2002:693-703.
[22]GOODRICH M T,MITZENMACHER M.Invertible bloomlookup tables[C]//2011 49th Annual Allerton Conference on Communication,Control,and Computing(Allerton).New York:IEEE,2011:792-799.
[23]BENSON T,AKELLA A,MALTZ D A.Network traffic cha-racteristics of data centers in the wild[C]//Proceedings of the 10th ACM SIGCOMM Conference on Internet Measurement.New York:Association for Computing Machinery,2010:267-280.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发