TY - GEN
T1 - Network monitoring as a streaming analytics problem
AU - Gupta, Arpit
AU - Birkner, Rüdiger
AU - Canini, Marco
AU - Feamster, Nick
AU - Mac-Stoker, Chris
AU - Willinger, Walter
N1 - Publisher Copyright:
Copyright 2016 ACM.
PY - 2016/11/9
Y1 - 2016/11/9
N2 - Programmable switches make it easier to perform flexible network monitoring queries at line rate, and scalable stream processors make it possible to fuse data streams to answer more sophisticated queries about the network in real-time. Unfortunately, processing such network monitoring queries at high traffic rates requires both the switches and the stream processors to filter the traffic iteratively and adaptively so as to extract only that traffic that is of interest to the query at hand. Others have network monitoring in the context of streaming; yet, previous work has not closed the loop in a way that allows network operators to perform streaming analytics for network monitoring applications at scale. To achieve this objective, Sonata allows operators to express a network monitoring query by considering each packet as a tuple and efficiently partitioning each query between the switches and the stream processor through iterative refinement. Sonata extracts only the traffic that pertains to each query, ensuring that the stream processor can scale traffic rates of several terabits per second. We show with a simple example query involving DNS reflection attacks and traffic traces from one of the world's largest IXPs that Sonata can capture 95% of all traffic pertaining to the query, while reducing the overall data rate by a factor of about 400 and the number of required counters by four orders of magnitude.
AB - Programmable switches make it easier to perform flexible network monitoring queries at line rate, and scalable stream processors make it possible to fuse data streams to answer more sophisticated queries about the network in real-time. Unfortunately, processing such network monitoring queries at high traffic rates requires both the switches and the stream processors to filter the traffic iteratively and adaptively so as to extract only that traffic that is of interest to the query at hand. Others have network monitoring in the context of streaming; yet, previous work has not closed the loop in a way that allows network operators to perform streaming analytics for network monitoring applications at scale. To achieve this objective, Sonata allows operators to express a network monitoring query by considering each packet as a tuple and efficiently partitioning each query between the switches and the stream processor through iterative refinement. Sonata extracts only the traffic that pertains to each query, ensuring that the stream processor can scale traffic rates of several terabits per second. We show with a simple example query involving DNS reflection attacks and traffic traces from one of the world's largest IXPs that Sonata can capture 95% of all traffic pertaining to the query, while reducing the overall data rate by a factor of about 400 and the number of required counters by four orders of magnitude.
UR - http://www.scopus.com/inward/record.url?scp=85001968671&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85001968671&partnerID=8YFLogxK
U2 - 10.1145/3005745.3005748
DO - 10.1145/3005745.3005748
M3 - Conference contribution
AN - SCOPUS:85001968671
T3 - HotNets 2016 - Proceedings of the 15th ACM Workshop on Hot Topics in Networks
SP - 106
EP - 112
BT - HotNets 2016 - Proceedings of the 15th ACM Workshop on Hot Topics in Networks
PB - Association for Computing Machinery, Inc
T2 - 15th ACM Workshop on Hot Topics in Networks, HotNets 2016
Y2 - 9 November 2016 through 10 November 2016
ER -