SFCMon: Um sistema de monitoramento eficiente e escalável para fluxos de rede em domínios habilitados para SFC
Resumo
Um sistema de monitoramento abrangente é essencial para auxiliar as soluções para a maioria dos problemas de SFC. Portanto, neste trabalho, propomos o SFCMon, uma solução de monitoramento eficiente e escalável para acompanhar os fluxos de rede em ambientes SFC. Para atingir os objetivos desejados, o SFCMon trabalha com um pipeline de estruturas de dados probabilísticas para detectar e armazenar grandes fluxos, bem como contadores de fluxo de ar. Para fins de avaliação, com base na arquitetura de referência SFC definida pela RFC 7665, implementamos uma estrutura de Prova de Conceito (PoC), que fornece um switch SFC baseado em P4 e um Controlador SFC baseado em Python. Os experimentos iniciais apresentados demonstram que o SFCMon introduz uma penalidade insignificante no desempenho, ao mesmo tempo em que proporciona ganhos significativos de escalabilidade.
Referências
Bhamare, D., Jain, R., Samaka, M., and Erbad, A. (2016). A survey on service function chaining. Journal ofNetwork and Computer Applications, 75:138 – 155.
Bloom, B. H. (1970). Space/time trade-offs in hash coding with allowable errors. Com- mun. ACM, 13(7):422–426.
Bosshart, P., Daly, D., Gibb, G., Izzard, M., McKeown, N., Rexford, J., Schlesinger, C., Talayco, D., Vahdat, A., Varghese, G., and Walker, D. (2014). P4: Program- ming protocol-independent packet processors. SIGCOMM Comput. Commun. Rev., 44(3):87–95.
Boucadair, M. (2016). Service Function Chaining (SFC) Control Plane Components & Requirements. Internet-Draft draft-ietf-sfc-control-plane-08, Internet Engineering Task Force. Work in Progress.
Broder, A., Mitzenmacher, M., and Mitzenmacher, A. B. I. M. (2002). Network applica- tions of bloom filters: A survey. In Internet Mathematics, pages 636–646.
Cormode, G. and Muthukrishnan, S. (2005). An improved data stream summary: the count-min sketch and its applications. Journal ofAlgorithms, 55(1):58 – 75.
Estan, C. and Varghese, G. (2003). New directions in traffic measurement and accounting: Focusing on the elephants, ignoring the mice. ACM Trans. Comput. Syst., 21(3):270– 313.
ETSI (2015). Network functions virtualisation (nfv) - network operator perspectives on industry progress. White Paper.
Goodrich, M. T. and Mitzenmacher, M. (2011). Invertible bloom lookup tables. In 2011 49th Annual Allerton Conference on Communication, Control, and Computing (Aller- ton), pages 792–799.
Grandi, F. (2018). On the analysis of bloom filters. Information Processing Letters, 129:35 – 39.
Halpern, J. M. and Pignataro, C. (2015). Service Function Chaining (SFC) Architecture. RFC 7665.
Li, Y., Miao, R., Kim, C., and Yu, M. (2016). Flowradar: A better netflow for data centers. In 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI 16), pages 311–324, Santa Clara, CA. USENIX Association.
Liu, Z., Manousis, A., Vorsanger, G., Sekar, V., and Braverman, V. (2016). One sketch to rule them all: Rethinking network flow monitoring with univmon. In Proceedings of the 2016 ACM SIGCOMM Conference, SIGCOMM ’16, pages 101–114, New York, NY, USA. ACM.
Medhat, A. M., Taleb, T., Elmangoush, A., Carella, G. A., Covaci, S., and Magedanz, T. (2017). Service function chaining in next generation networks: State of the art and research challenges. IEEE Communications Magazine, 55(2):216–223.
Mori, T., Uchida, M., Kawahara, R., Pan, J., and Goto, S. (2004). Identifying elephant flows through periodically sampled packets. In Proceedings of the 4th ACM SIG- COMM Conference on Internet Measurement, IMC ’04, pages 115–120, New York, NY, USA. ACM.
Patgiri, R., Nayak, S., and Borgohain, S. K. (2018). Preventing ddos using bloom filter: A survey. CoRR, abs/1810.06689.
Pereira, F., Neves, N., and Ramos, F. M. V. (2017). Secure network monitoring using pro- grammable data planes. In 2017 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), pages 286–291.
Quinn, P., Elzur, U., and Pignataro, C. (2018). Network Service Header (NSH). RFC 8300.
Roughgarden, T. and Valiant, G. (2015). Approximate Heavy Hitters and the Count- Min Sketch. http://theory.stanford.edu/˜tim/s15/l/l2.pdf. On- line; accessed 01 April 2019.
Shirali-Shahreza, S. and Ganjali, Y. (2015). Rewiflow: Restricted wildcard openflow rules. SIGCOMM Comput. Commun. Rev., 45(5):29–35.
Sivaraman, V., Narayana, S., Rottenstreich, O., Muthukrishnan, S., and Rexford, J. (2017). Heavy-hitter detection entirely in the data plane. In Proceedings of the Sym- posium on SDN Research, SOSR ’17, pages 164–176, New York, NY, USA. ACM.
Yang, T., Jiang, J., Liu, P., Huang, Q., Gong, J., Zhou, Y., Miao, R., Li, X., and Uhlig, S. (2018). Elastic sketch: Adaptive and fast network-wide measurements. In Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication, SIGCOMM ’18, pages 561–575, New York, NY, USA. ACM.
Zhou, D., Yan, Z., Fu, Y., and Yao, Z. (2018). A survey on network data collection. Journal ofNetwork and Computer Applications, 116:9 – 23.