KAUST DepartmentComputer, Electrical and Mathematical Sciences and Engineering (CEMSE) Division
Computer Science Program
Online Publication Date2016-11-02
Print Publication Date2016
Permanent link to this recordhttp://hdl.handle.net/10754/622573
MetadataShow full item record
AbstractProgrammable switches make it easier to perform flexible network monitoring queries at line rate, and scalable stream processors make it possible to fuse data streams to answer more sophisticated queries about the network in real-time. Unfortunately, processing such network monitoring queries at high traffic rates requires both the switches and the stream processors to filter the traffic iteratively and adaptively so as to extract only that traffic that is of interest to the query at hand. Others have network monitoring in the context of streaming; yet, previous work has not closed the loop in a way that allows network operators to perform streaming analytics for network monitoring applications at scale. To achieve this objective, Sonata allows operators to express a network monitoring query by considering each packet as a tuple and efficiently partitioning each query between the switches and the stream processor through iterative refinement. Sonata extracts only the traffic that pertains to each query, ensuring that the stream processor can scale traffic rates of several terabits per second. We show with a simple example query involving DNS reflection attacks and traffic traces from one of the world's largest IXPs that Sonata can capture 95% of all traffic pertaining to the query, while reducing the overall data rate by a factor of about 400 and the number of required counters by four orders of magnitude. Copyright 2016 ACM.
CitationGupta A, Birkner R, Canini M, Feamster N, Mac-Stoker C, et al. (2016) Network Monitoring as a Streaming Analytics Problem. Proceedings of the 15th ACM Workshop on Hot Topics in Networks - HotNets ’16. Available: http://dx.doi.org/10.1145/3005745.3005748.
SponsorsWe thank our shepherd, Fadel Adib, the anonymous reviewers, Srinivas Narayana, Ankita Pawar, Rick Porter, Jennifer Rexford for for feedback and comments. This research was supported by National Science Foundation Awards CNS-1539920, and by European Union’s Horizon 2020 program under the ENDEAVOUR project (grant agree- ment 644960).
Conference/Event name15th ACM Workshop on Hot Topics in Networks, HotNets 2016