Flow-level loss detection with Δ-sketches

Shir Landau Feibish, Zaoxing Liu, Nikita Ivkin, Xiaoqi Chen, Vladimir Braverman, Jennifer Rexford

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Packet drops caused by congestion are a fundamental problem in network operation. Yet, it is difficult to detect where drops are happening, let alone which flows are most affected. Detecting the small-timescale drops caused by short bursts of traffic is even more challenging, and traditional monitoring techniques can easily miss them. To uncover packet drops as they occur inside a switch, the analysis must be real-time, fine-grained, and efficient. However, modern switches have distributed packet-processing pipelines that see either the arriving or departing traffic, but not the packet drops. Additionally, they do not have enough memory to store per-flow state. Our MIDST system addresses these challenges through a distributed compact data structure with lightweight coordination between ingress and egress pipelines. MIDST identifies the flows experiencing loss, as well as the bursty flows responsible, across different burst durations. Our evaluation with real-world traces and TCP connections shows that MIDST uses little memory (e.g., 320KB) while providing high accuracy (95% to 98%) under varying loss rates and burst durations. We evaluate a low-rate DDoS attack and demonstrate the potential use of our measurement results for attack detection and mitigation.

Original languageEnglish
Title of host publicationSOSR 2022 - Proceedings of the 2022 Symposium on SDN Research
PublisherAssociation for Computing Machinery, Inc
Pages25-32
Number of pages8
ISBN (Electronic)9781450398923
DOIs
StatePublished - 19 Oct 2022
Event2002 ACM SIGCOMM Symposium on SDN Research, SOSR 2022 - Virtual, Online, United States
Duration: 20 Oct 2022 → …

Publication series

NameSOSR 2022 - Proceedings of the 2022 Symposium on SDN Research

Conference

Conference2002 ACM SIGCOMM Symposium on SDN Research, SOSR 2022
Country/TerritoryUnited States
CityVirtual, Online
Period20/10/22 → …

Bibliographical note

Funding Information:
We thank the anonymous SOSR reviewers and our shepherd Fernando Ramos for their valuable feedback. This work is supported in part by the Israel Science Foundation under grant No. 980/21, and NSF grants CNS-2106946, CNS-2107239, and CNS-1704077.

Publisher Copyright:
© 2022 ACM.

Keywords

  • network monitoring
  • programmable devices
  • sketches

Fingerprint

Dive into the research topics of 'Flow-level loss detection with Δ-sketches'. Together they form a unique fingerprint.

Cite this