CLAMP: Efficient class-based sampling for flexible flow monitoring

  • Authors:

  • Mohit Saxena;Ramana Rao Kompella

  • Affiliations:

  • Department of Computer Sciences, University of Wisconsin-Madison, 1210 West Dayton St, Madison, WI 53706, United States;Department of Computer Sciences, Purdue University, 305 N. University St, West Lafayette, IN 47906, United States

  • Venue:
  • Computer Networks: The International Journal of Computer and Telecommunications Networking
  • Year:
  • 2010

Quantified Score

Hi-index 0.00

Visualization

Abstract

With an increasing requirement to classify traffic and track security threats, newer flexible and efficient ways are needed for collecting traffic statistics and monitoring network flows. However, traditional solutions based on packet sampling do not provide the flexibility required for these applications. For example, operators are often interested in observing as many unique flows as possible; however, random packet sampling is inherently biased towards large flows. Operators may also be interested in increasing the fidelity of flow measurements for a certain class of flows; such flexibility is lacking in today's packet sampling frameworks. In this paper, we propose a novel architecture called CLAMP that provides an efficient framework to implement class-based sampling. At the heart of CLAMP is a novel data structure we propose called composite Bloom filter (CBF) that consists of a set of Bloom filters working together to encapsulate various class definitions. In particular, we show the flexibility and efficacy of CLAMP by implementing a simple two-class size-based sampling. We also consider different objectives such as maximizing flow coverage and improving the accuracy of certain class of flows. In comparison to previous approaches that implement simple size-based sampling, our architecture requires substantially lower amounts of memory (up to 80x) and achieves higher flow coverage (up to 8x more flows) under specific configurations.