Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Streaming in Computer Networking

Published byAbner Ellis Modified over 5 years ago

Similar presentations

Presentation on theme: "Data Streaming in Computer Networking"— Presentation transcript:

1 Data Streaming in Computer Networking
Cristian Estan, George Varghese University of California, San Diego

2 Data streaming in computer networking - MPDS 2003
Talk structure Traditional streaming in networking Rules of the game Iteration paradigm: packet scheduling example New streaming problems Detecting malicious traffic Understanding network workloads June 8, 2003 Data streaming in computer networking - MPDS 2003

3 Internet service model
Source port Destination port Source IP address Destination IP address Data Header Conversations (flows) broken up into packets handled independently by the network Packets contain detailed information Destination IP address Source IP address “Application”: protocol field + source and destination port At the core of the network high speed routers Decide what to do with each packet Flow Internet June 8, 2003 Data streaming in computer networking - MPDS 2003

4 Traditional router functions
IP Lookup ? Incoming 1 Outgoing 1 Incoming 2 Outgoing 2 Decide which interface to send the packet on (route lookup) Incoming 3 Outgoing 3 June 8, 2003 Data streaming in computer networking - MPDS 2003

5 Traditional router functions
IP Lookup Out2 Incoming 1 Outgoing 1 Incoming 2 Outgoing 2 Incoming 3 Outgoing 3 June 8, 2003 Data streaming in computer networking - MPDS 2003

6 Traditional router functions
Switching Out2 Out3 Incoming 1 Outgoing 1 Out3 Incoming 2 Outgoing 2 Move packets from between interfaces (switching) Out1 Out2 Incoming 3 Outgoing 3 June 8, 2003 Data streaming in computer networking - MPDS 2003

7 Traditional router functions
Scheduling Incoming 1 Outgoing 1 Flow 1 Flow 2 Incoming 2 Outgoing 2 Flow 3 Decide which packets to send and which to delay or drop (scheduling) Incoming 3 Outgoing 3 June 8, 2003 Data streaming in computer networking - MPDS 2003

8 Traditional router functions
Scheduling Incoming 1 Outgoing 1 Flow 1 Flow 3 Flow 2 Incoming 2 Outgoing 2 Incoming 3 Outgoing 3 June 8, 2003 Data streaming in computer networking - MPDS 2003

9 Data streaming in computer networking - MPDS 2003
Rules of the game Wire speed processing At 40 gigabits/s 8 nanoseconds per packet - need fast SRAM Limited SRAM (say 32 megabits) but millions of flows What does this mean for algorithms? Low worst case complexity bounds Low bounds on the amount of memory used Differences from databases One pass vs. multiple passes Worst case vs. average case Small constants vs. asymptotic complexity June 8, 2003 Data streaming in computer networking - MPDS 2003

10 Data streaming in computer networking - MPDS 2003
Talk structure Traditional streaming in networking Rules of the game Iteration paradigm: packet scheduling example New streaming problems Detecting malicious traffic Understanding network workloads June 8, 2003 Data streaming in computer networking - MPDS 2003

11 Data streaming in computer networking - MPDS 2003
Iteration paradigm Many networking algorithms use iteration in time Way to allow multi-pass algorithms without storing input by assuming inputs do not change quickly Many examples (MULTOPS for DoS detection [Gil01], CSFQ for scheduling [Stoica98]) Would be nice to formalize tradeoff between quality of results and drift rate of input Perhaps exponential averaging is not enough June 8, 2003 Data streaming in computer networking - MPDS 2003

12 Example: Core Stateless FQ
If R>F drop with probability 1-F/R Iteratively compute fair share F R Fair queuing: if traffic is larger than link capacity, limit the large flows to the “fair share” The size of the fair share depends on the rates of all flows Per flow state is impractical Core Stateless: Uses labels in packets to determine rates of flows Computes the fair share using iterative approach Minimal state Exploits stationarity in the traffic mix Mark rate R June 8, 2003 Data streaming in computer networking - MPDS 2003

13 Data streaming in computer networking - MPDS 2003
Talk structure Traditional streaming in networking Rules of the game Iteration paradigm: packet scheduling example New streaming problems Detecting malicious traffic Understanding network workloads June 8, 2003 Data streaming in computer networking - MPDS 2003

14 New streaming problems
Detecting malicious activity Flooding (denial of service attacks) Worms Scans looking for vulnerable servers Understanding workloads Billing Planning network growth Application mix June 8, 2003 Data streaming in computer networking - MPDS 2003

15 Detecting malicious traffic
Well defined building blocks Detecting large aggregates Similar to iceberg queries Counting active flows in an aggregate Similar to counting distinct values Many open problems: e.g. detect worms and DoS attacks (not clear what is right formal problem statement) June 8, 2003 Data streaming in computer networking - MPDS 2003

16 Data streaming in computer networking - MPDS 2003
Talk structure Traditional streaming in networking Rules of the game Iteration paradigm: packet scheduling example New streaming problems Detecting malicious traffic Understanding network workloads June 8, 2003 Data streaming in computer networking - MPDS 2003

17 Informal problem definition
Analysis Traffic reports Applications: 50% of traffic is Kazaa Sources: 20% of traffic comes from Steve’s PC Terabytes of measurement data June 8, 2003 Data streaming in computer networking - MPDS 2003

18 Informal problem definition
Analysis Traffic reports 20% is Kazaa from Steve’s PC 50% is Kazaa from the dorms Terabytes of measurement data June 8, 2003 Data streaming in computer networking - MPDS 2003

19 Formal problem definition
Define clusters: Atoms: fields 1 to n with hierarchies in each field including * Cluster: intersection of one set from each field hierarchy Example: Source=*, Destination=CS Net, App= Threshold clusters: Report traffic clusters above threshold T (e.g. 1% of traffic) Omit redundant clusters: Compression rule: remove general clusters from report when its traffic can be inferred (up to error T) from on non-overlapping more specific clusters June 8, 2003 Data streaming in computer networking - MPDS 2003

20 Data streaming in computer networking - MPDS 2003
Solution status The good: Offline tool AutoFocus; SIGCOMM 2003 paper Detected worm, busy servers, squid cache, etc. Network managers like it The bad: Takes long: 3 hours at T=0.5% for one day trace Needs much memory 300 Mbytes The wanted: Streaming algorithm - we invite improvements June 8, 2003 Data streaming in computer networking - MPDS 2003

21 Data streaming in computer networking - MPDS 2003
Conclusions New rules: strict constraints on algorithms running in routers Iteration in time: can give simple algorithms, but needs more formalization as to quality of results General open problems: many challenges in detecting malicious traffic such as worms and DoS attacks Specific open problem: computing traffic cluster reports in streaming fashion June 8, 2003 Data streaming in computer networking - MPDS 2003

22 Data streaming in computer networking - MPDS 2003
Thank you! Algorithms ? Databases Networking June 8, 2003 Data streaming in computer networking - MPDS 2003

23 Unidimensional clusters
15 35 30 40 160 110 35 75 June 8, 2003 Data streaming in computer networking - MPDS 2003

24 Unidimensional clusters
/28 500 /29 120 /29 380 /30 50 /30 70 /30 305 75 /30 /31 /31 50 /31 70 /31 270 35 75 /31 15 35 30 40 160 110 35 75 June 8, 2003 Data streaming in computer networking - MPDS 2003

25 Unidimensional clusters
/28 500 /29 120 /29 380 /30 50 /30 70 /30 305 75 /30 /31 /31 50 /31 70 /31 270 35 75 /31 15 35 30 40 160 110 35 75 June 8, 2003 Data streaming in computer networking - MPDS 2003

26 Unidimensional clusters
/28 500 /29 120 /29 380 /30 305 /31 270 160 110 June 8, 2003 Data streaming in computer networking - MPDS 2003

27 Unidimensional clusters
/28 500 /29 120 /29 380 /30 305 /31 270 160 110 June 8, 2003 Data streaming in computer networking - MPDS 2003

28 Multidimensional clusters
Two dimensions Source network Protocol (traffic type) Trees turn into lattice Multiple parents Nodes overlap June 8, 2003 Data streaming in computer networking - MPDS 2003

29 Data streaming in computer networking - MPDS 2003
Offline solution June 8, 2003 Data streaming in computer networking - MPDS 2003

30 Data streaming in computer networking - MPDS 2003
Sample report June 8, 2003 Data streaming in computer networking - MPDS 2003

Download ppt "Data Streaming in Computer Networking"

Similar presentations

Internetworking II: MPLS, Security, and Traffic Engineering

Internetworking II: MPLS, Security, and Traffic Engineering
New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.

New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.
IPv6 Victor T. Norman.

IPv6 Victor T. Norman.
1 o Two issues in practice – Scale – Administrative autonomy o Autonomous system (AS) or region o Intra autonomous system routing protocol o Gateway routers.

1 o Two issues in practice – Scale – Administrative autonomy o Autonomous system (AS) or region o Intra autonomous system routing protocol o Gateway routers.
Data Streaming Algorithms for Accurate and Efficient Measurement of Traffic and Flow Matrices Qi Zhao*, Abhishek Kumar*, Jia Wang + and Jun (Jim) Xu* *College.

Data Streaming Algorithms for Accurate and Efficient Measurement of Traffic and Flow Matrices Qi Zhao*, Abhishek Kumar*, Jia Wang + and Jun (Jim) Xu* *College.
Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.

Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.
CS 268: Lecture 8 Router Support for Congestion Control Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

CS 268: Lecture 8 Router Support for Congestion Control Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
MULTOPS A data-structure for bandwidth attack detection Thomer M. Gil Vrije Universiteit, Amsterdam, Netherlands MIT, Cambridge, MA, USA

MULTOPS A data-structure for bandwidth attack detection Thomer M. Gil Vrije Universiteit, Amsterdam, Netherlands MIT, Cambridge, MA, USA
Chapter 3 CCNA Discovery Encapsulation - Explanations and Clarifications CCNA Discovery Encapsulation - Explanations and Clarifications.

Chapter 3 CCNA Discovery Encapsulation - Explanations and Clarifications CCNA Discovery Encapsulation - Explanations and Clarifications.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
What's inside a router? We have yet to consider the switching function of a router - the actual transfer of datagrams from a router's incoming links to.

What's inside a router? We have yet to consider the switching function of a router - the actual transfer of datagrams from a router's incoming links to.
4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side, delivers.

4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side, delivers.
Chapter 4 Network Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 14.

Chapter 4 Network Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 14.
10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.

10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.
“On Scalable Attack Detection in the Network” Ramana Rao Kompella, Sumeet Singh, and George Varghese Presented by Nadine Sundquist.

“On Scalable Attack Detection in the Network” Ramana Rao Kompella, Sumeet Singh, and George Varghese Presented by Nadine Sundquist.
Towards a High-speed Router-based Anomaly/Intrusion Detection System (HRAID) Zhichun Li, Yan Gao, Yan Chen Northwestern.

Towards a High-speed Router-based Anomaly/Intrusion Detection System (HRAID) Zhichun Li, Yan Gao, Yan Chen Northwestern.
Core Stateless Fair Queueing Stoica, Shanker and Zhang - SIGCOMM 98 Rigorous fair Queueing requires per flow state: too costly in high speed core routers.

Core Stateless Fair Queueing Stoica, Shanker and Zhang - SIGCOMM 98 Rigorous fair Queueing requires per flow state: too costly in high speed core routers.
Core Stateless Fair Queueing Stoica, Shanker and Zhang - SIGCOMM 98 Fair Queueing requires per flow state: too costly in high speed core routers Yet, some.

Core Stateless Fair Queueing Stoica, Shanker and Zhang - SIGCOMM 98 Fair Queueing requires per flow state: too costly in high speed core routers Yet, some.
BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,

BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,
Hash, Don’t Cache: Fast Packet Forwarding for Enterprise Edge Routers Minlan Yu Princeton University Joint work with Jennifer.

Hash, Don’t Cache: Fast Packet Forwarding for Enterprise Edge Routers Minlan Yu Princeton University Joint work with Jennifer.

Similar presentations

Ads by Google