基于sketch的软件定义测量数据平面硬件模型

doi:10.11959/j.issn.1000-436x.2017203

通信学报 ›› 2017, Vol. 38 ›› Issue (10): 113-121.doi: 10.11959/j.issn.1000-436x.2017203

基于sketch的软件定义测量数据平面硬件模型

戴冕^1,²,程光^1,²

¹ 东南大学计算机科学与工程学院，江苏南京 211189
² 东南大学教育部计算机网络和信息集成重点实验室，江苏南京 211189

修回日期:2017-06-15 出版日期:2017-10-01 发布日期:2017-11-16
作者简介:戴冕（1988-），男，江苏南京人，东南大学博士生，主要研究方向为软件定义网络、数据中心网络和网络测量技术等。|程光（1973-），男，安徽黄山人，东南大学教授、博士生导师，主要研究方向为网络测量、网络安全和网络管理等。
基金资助:
国家高技术研究发展计划(“863”计划)基金资助项目(2015AA015603);赛尔网络下一代互联网技术创新基金资助项目(NGII20150108)

Sketch-based data plane hardware model for software-defined measurement

Mian DAI^1,²,Guang CHENG^1,²

¹ School of Computer Science and Engineering,Southeast University,Nanjing 211189,China
² Key Laboratory of Computer Network and Information Integration of Ministry of Education,Southeast University,Nanjing 211189,China

Revised:2017-06-15 Online:2017-10-01 Published:2017-11-16
Supported by:
The National High-Tech R＆D Program of China (863 Program)(2015AA015603);CERNET Innovation Project(NGII20150108)

摘要/Abstract

摘要：

提出一种基于sketch数据结构的软件定义测量数据平面硬件模型，并在以现场可编程逻辑门阵列（FPGA）为核心的可编程网络设备NetMagic上进行了实现。利用部署在硬件FPGA高速SRAM中的通用sketch数据结构高效地采集数据平面流量数据，控制平面收集并缓存统计数据，提供给上层的测量应用使用。使用count-min sketch和2-universal散列函数实现了在高速流量下实时的分组处理和流量统计；使用Bloom filter在控制平面恢复流量的原始5元组信息，解决了sketch数据结构的不可逆问题。使用CERNET骨干网流量数据对原型系统进行的评估结果表明，该原型系统使用极其有限的硬件资源实现了对较大规模网络流量的实时测量，同时具备较好的测量精度。

关键词: 软件定义测量, 现场可编程逻辑门阵列, 全域散列

Abstract:

A sketch-based data plane hardware model for software-defined measurement was introduced,and it was implemented in the programmable network device NetMagic.A generic sketch model for collecting flow-level data using high-speed memories on the FPGA was proposed,the control plane collected and cached the data for further process.Count-min sketch and 2-universal hash functions in the SRAM of FPGA for real-time traffic counting of high-speed traffic were implemented; Bloom filter was used to rebuild the original 5-tuple data which solved the irreversibility of sketch.The CERNET backbone trace to evaluate the prototype system was used,the result shows that it has the ability to use the limited hardware resource to measure a large amount of network traffic data with a proper measurement accuracy at the same time.

Key words: software-defined measurement, FPGA, universal hash

中图分类号:

TP393

戴冕,程光. 基于sketch的软件定义测量数据平面硬件模型[J]. 通信学报, 2017, 38(10): 113-121.

Mian DAI,Guang CHENG. Sketch-based data plane hardware model for software-defined measurement[J]. Journal on Communications, 2017, 38(10): 113-121.

图/表 12

图1

图2

图3

图4

图5

图6

图7

表1

表2

图8

图9

图10

参考文献 16

[1]	HOFSTEDE R,?ELEDA P , TRAMMELL B ,et al. Flow monitoring explained:from packet capture to data analysis with NetFlow and IPFIX[J]. IEEE Communications Surveys ＆ Tutorials, 2014,16(4): 2037-2064.
[2]	S OMMER R , FELDMANN A . NetFlow:information loss or win?[C]// The 2nd ACM SIGCOMM Workshop on Internet Measurment. 2002: 173-174.
[3]	MOSHREF M , YU M , GOVINDAN R ,et al. SCREAM:sketch resource allocation for software-defined measurement[C]// The 11th ACM Conference on Emerging Networking Experiments and Technologies. ACM, 2015:14.
[4]	YU M , JOSE L , MIAO R . Software defined traffic measurement with OpenSketch[C]// Presented as Part of the 10th USENIX Symposium on Networked Systems Design and Implementation (NSDI 13). 2013: 29-42.
[5]	LIU Z , VORSANGER G , BRAVERMAN V ,et al. Enabling a RISC approach for software-defined monitoring using universal streaming[C]// The 14th ACM Workshop on Hot Topics in Networks. ACM, 2015:21.
[6]	LIU Z , MANOUSIS A , VORSANGER G ,et al. One sketch to rule them all:rethinking network flow monitoring with UnivMon[C]// The 2016 Conference on ACM SIGCOMM 2016 Conference. 2016: 101-114.
[7]	CORMODE G , MUTHUKRISHNAN S . What's new:finding significant differences in network data streams[J]. IEEE/ACM Transactions on Networking (TON), 2005,13(6): 1219-1232.
[8]	LIU Y , CHEN W , GUAN Y . A fast sketch for aggregate queries over high-speed network traffic[C]// INFOCOM. 2012: 2741-2745.
[9]	SCHWELLER R , GUPTA A , PARSONS E ,et al. Reversible sketches for efficient and accurate change detection over network data streams[C]// The 4th ACM SIGCOMM Conference on Internet Measurement. 2004: 207-212.
[10]	SCHWELLER R , LI Z , CHEN Y ,et al. Reversible sketches:enabling monitoring and analysis over high-speed data streams[J]. IEEE/ACM Transactions on Networking (ToN), 2007,15(5): 1059-1072.
[11]	DAI M , CHENG G , WANG Y . Detecting network topology and packet trajectory with SDN-enabled FPGA platform[C]// The 11th International Conference on Future Internet Technologies. 2016: 7-13.
[12]	LI T , SUN Z , JIA C ,et al. Using NetMagic to observe fine-grained per-flow latency measurements[C]// ACM SIGCOMM Computer Communication Review. 2011,41(4): 466-467.
[13]	BOSSHART P , DALY D , GIBB G ,et al. P4:programming protocol-independent packet processors[J]. ACM SIGCOMM Computer Communication Review, 2014,44(3): 87-95.
[14]	CORMODE G , MUTHUKRISHNAN S . An improved data stream summary:the count-min sketch and its applications[J]. Journal of Algorithms, 2005,55(1): 58-75.
[15]	SONG H , DHARMAPURIKAR S , TURNER J ,et al. Fast hash table lookup using extended Bloom filter:an aid to network processing[J]. ACM SIGCOMM Computer Communication Review, 2005,35(4): 181-192.
[16]	CARTER J L , WEGMAN M N . Universal classes of hash functions[C]// The Ninth Annual ACM Symposium on Theory of Computing. 1977: 106-112.

数据统计量	Trace(450 s)	Trace(10 s)
分组数量	7 485 823	226 843
源IP数量	68 998	2 204
目的IP数量	72 620	2 445
(SIP＆SPort,DIP＆DPort) 数量	352 727	22 176

基于sketch的软件定义测量数据平面硬件模型

Sketch-based data plane hardware model for software-defined measurement

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 12

参考文献 16

相关文章 15

Metrics

推荐阅读 0

sketch	散列函数	地址空间
count-min sketch	4	128k×4
Bloom filter	4	128k

[1]	李竟博, 马礼, 李阳, 傅颖勋, 马东超. 感传算协同工业互联网优化设计[J]. 通信学报, 2023, 44(6): 12-22.
[2]	赵仕祺, 黄小红, 钟志港. 基于信誉的域间路由选择机制的研究与实现[J]. 通信学报, 2023, 44(6): 47-56.
[3]	陈真, 陈文辉, 刘啸威, 尤殿龙, 刘林林, 申利民. 功能互补关系增强的云API推荐方法[J]. 通信学报, 2023, 44(6): 125-137.
[4]	魏德宾, 潘成胜, 杨力, 颜佐任. 基于网络流量水平等级预测的自适应随机早期检测算法[J]. 通信学报, 2023, 44(6): 154-166.
[5]	李元诚, 秦永泰. 基于深度强化学习的软件定义安全中台QoS实时优化算法[J]. 通信学报, 2023, 44(5): 181-192.
[6]	夏莹杰, 朱思雨, 刘雪娇. 区块链架构下具有条件隐私的车辆编队跨信任域高效群组认证研究[J]. 通信学报, 2023, 44(4): 111-123.
[7]	谢人超, 文雯, 唐琴琴, 刘云龙, 谢高畅, 黄韬. 轨道交通移动边缘计算网络安全综述[J]. 通信学报, 2023, 44(4): 201-215.
[8]	罗智勇, 张玉, 王青, 宋伟伟. 基于贝叶斯攻击图的SDN入侵意图识别算法的研究[J]. 通信学报, 2023, 44(4): 216-225.
[9]	王一丰, 郭渊博, 陈庆礼, 方晨, 林韧昊, 周永良, 马佳利. 基于对比增量学习的细粒度恶意流量分类方法[J]. 通信学报, 2023, 44(3): 1-11.
[10]	张进, 葛强, 徐伟海, 江逸茗, 马海龙, 于洪涛. 拟态路由器BGP代理的设计实现与形式化验证[J]. 通信学报, 2023, 44(3): 33-44.
[11]	经普杰, 王良民, 董学文, 张玉书, 王骞, Muhammad Sohail. 分层跨链结构：一种面向区块链系统监管的可行架构[J]. 通信学报, 2023, 44(3): 93-104.
[12]	舒坚, 史佳伟, 刘琳岚, Manar Al-Kali. 基于时空卷积的机会网络拓扑预测[J]. 通信学报, 2023, 44(3): 145-156.
[13]	王东滨, 吴东哲, 智慧, 郭昆, 张勖, 时金桥, 张宇, 陆月明. 软件定义网络抗拒绝服务攻击的流表溢出防护[J]. 通信学报, 2023, 44(2): 1-11.
[14]	康海燕, 龙墨澜. 基于吸收马尔可夫链攻击图的网络攻击分析方法研究[J]. 通信学报, 2023, 44(2): 122-135.
[15]	张云涛, 方滨兴, 杜春来, 王忠儒, 崔志坚, 宋首友. 基于异构观测链的容器逃逸检测方法[J]. 通信学报, 2023, 44(1): 49-63.