80 likes | 235 Views
Traffic Aware- Flow Aggregation Algorithm (TA-FAA). Othman Othman M.M. , Supervisor: Professor Koji Okamura 8th Doctor students seminar in Kyushu University ,19th August 2011 Graduate School of Information Science and Electrical Engineering. Department of Advanced Information Technology.
E N D
Traffic Aware- Flow Aggregation Algorithm(TA-FAA) Othman Othman M.M. , Supervisor: Professor Koji Okamura 8th Doctor students seminar in Kyushu University ,19th August 2011 Graduate School of Information Science and Electrical Engineering. Department of Advanced Information Technology. Kyushu University
Introduction: 8th Doctor students seminar in Kyushu University ,19th August 2011 • As an example flows are used in [1] to assure different levels of Quality of Service (QoS) for different types of applications depending on the application’s needs, while in [2] flows are used as a mean to apply security policies. • Also, recently some technologies; as in OpenFlow are introduced to provide a method to match and manipulate flows, in a way the enables it to play an important role in future Internet and to provide new applications. • A flow is a sequence of packets from a source computer to a destination, and could consist of all packets in a specific transport connection. • Grouping sequence of packets into flows is reasonable, since that different services have different characteristics and require different levels of support by the network. • flows can be used to group communications according to the type of service, and then apply some rules for each group. 1.Song, J., Lee, S. S., Kang, K.-C., Park, N., Park, H., Yun, S., et al. (2008). Scalable Network Architecture for Flow-Based Traffic Control. 2.Hong, J. W. (2004). A flow-based method for abnormal network traffic detection.
Goal and Motivation: 8th Doctor students seminar in Kyushu University ,19th August 2011 Flows to manipulate headers in packets P P Packet P Packet P P P Packet Packet Packet Packet • An example use of TA-FAA: • Support self-reactive behavior. And facilitates traffic analysis. • Step towards having wider adoption of Flow-based networks. • packet-based technologieshave many functionalities to react to overloaded network (or devices). • While the flow-based network technologies lacks this ability. • And so we try to introduce the TA-FAA, that helps the flow-based networks to react in case of encountering an overloaded equipment in a way that is suitable for the nature of flows. And also we aim to provide a method that enables classifying and grouping of flows according to their portion of traffic. Fig1. Equipment overloaded, due to many flows to carry out. Packet P Packet PE Packet PE PE P P Fig2. Overloaded equipment delegates some flows to other equipment. Flows to manipulate headers in packets Fig3. Reduced load off the overloaded equipment. TA-FAA is used to decide which flows to delegate.
Flow Aggregation Algorithm: 8th Doctor students seminar in Kyushu University ,19th August 2011 Start Flow Table Build Histograms for all Fields None Strict Aggregation percentage? • Aggregate flows that have common features, and responsible for some portion of traffic. • i.e. to aggregate many flows to one. • Delegate the aggregated flows to other equipment. • Use Flow Aggregation Algorithm. • Overloaded equipment flows = original flows – delegated flows. Wide Aggregate SrcIP Strict None Wide Flow Aggregation Algorithm Aggregate DstIP Range of portions of total traffic e.g. (20%-30%) None Strict Wide aggregated flow (one or more) Find common values from two wide aggregations. None, Wide Strict Finish Fail Fig1. Overview of the TA-FAA Fig2. TA-FAA
More Details 1: 8th Doctor students seminar in Kyushu University ,19th August 2011 Start Start 1 Build Histograms for all Fields Add the most significant bit of each IP in each flow to trie. If exist increment trie node counter. Else create node and increment counter • Trie is one of data structures used to implement the Longest Prefix Match. • An example of how we use it, if we want to aggregate 11%-19% of traffic: None Strict Aggregation %? 2 • By Building a Trie To: • Find length of wildcard. • Value of wildcarded IP. Wide Aggregate SrcIP Is aggregation successful? Yes Strict None 3 Wide Aggregate DstIP No IP traffic% 1101......11 10% 1110……..01 5% 1000………11 5% 0010……..11 20% 0101……..01 10% Add the next less significant bit of each IP in each flow to trie. If exist increment trie node counter. Else create node and increment counter Is memory limit reached? None 4 No Strict 5 Wide Find common values from two wide aggregations. Yes Mark the trie node that has the best ratio . 6 None, Wide Finish 7 Strict 1 0 5% 20% 30% 15% 10% 20% 20%+10% Finish Fail 10%+5%+5% 0 1 1 0 10% 20% 10%+5% 5% Wild card = 11 000….000 (Length = 2) IP = 11…………… (we care of first 2 bits)
More Details 2: 8th Doctor students seminar in Kyushu University ,19th August 2011 Start Build Histograms for all Fields • Used when we need to aggregate fields with same length and that are unbreakable to smaller units (can not be wild-carded). • An example of how we use it, if we want to aggregate 11%-19% of traffic: Start 1 None Strict Aggregation %? • By building Histogram. Build Histogram 2 Wide Aggregate SrcIP Is aggregation successful? Strict None 3 Wide No Aggregate DstIP Yes Src TCP Port traffic% 111 10% 111 5% 222 5% 333 20% 444 10% Find nodes with right aggregation ratio None 4 Strict Wide Finish 7 Find common values from two wide aggregations. None, Wide Strict Finish Fail Result: Src TCP Port = 111.
Evaluation: 8th Doctor students seminar in Kyushu University ,19th August 2011 • Implementing the TA-FAA in Java. • Creating program to evaluate TA-FAA by generating random flow table (found of flow-based equipment as in OpenFlow for matching incoming packets) and use it as an input to the TA-FAA. • Simulation shows that the TA-FAA can achieve average 79.7 % success rate in aggregating flows.
Conclusion and Future Work: 8th Doctor students seminar in Kyushu University ,19th August 2011 Conclusion: • TA-FAA was introduced in order to provide Flow-based networks with the self-reacting ability. • TA-FAA aims to aggregate flows that are responsible for a specified portion of the traffic. • According to simulation, the average success rate of the TA-FAA is 79.7% . Future Work: • Study in more details the characteristics of the TA-FAA like the time complexity, and memory consumption. • To design applications or methods that make use of the TA-FAA. Like the delegation of flows, traffic analysis.