Research On Fine-grained Measurements Of Virtual Network Traffic Based On Software Switch

With the development of cloud computing and big data,the explosive growth of network scale causes frequent network attacks and abnormal events,making network management more difficult.In high-speed networks,flow-level traffic measurement is an essential tool to understand how network bandwidth is being utilized.It can be used to detect anomalous traffic behaviors due to operational or security issues.The most important measurement task is to collect the fine-grained features of flows and track the heavy-hitters(HHs).The virtual network traffic generated by the internal interaction of virtual machines in the cloud platform has greater security risks and collection difficulties than real traffic.Because the virtual traffic does not go through firewalls and cannot be detected by hardware devices at the network boundary.The collection of virtual traffic needs to be implemented based on programmable software switches.Due to its limited memory,it is impossible for the traffic collection model to accurately record the information of each flow.Therefore,plenty of algorithms have been designed to reduce the memory cost by sacrificing the accuracy within a certain degree.However,current collection models are difficult to all achieve good performance in processing time,memory cost and accuracy.This thesis explores fine-grained collection method of virtual network traffic based on software switches.The main contributions of this thesis are as follows.(1)For the heavy-hitters detection and measurement of high-speed traffic in virtual network,this thesis proposes a fine-grained traffic collection model based on improved Cuckoo Filters(CF).CF is a traffic collection model based on flow counters.We improve its data structure and insertion algorithm,making the model has high space utilization and measurement accuracy.Firstly,we propose Self-refresh Cuckoo Filter(Sr-CF)model based on a priori threshold,which can continuously discard small flows according to the threshold,thereby saving limited storage space for large flows.Then,we consider the local minimum flow should be discarded when prior knowledge is lacking.Based on this,we design the bucket structure of CF as a Min-heap and propose Min-heap Cuckoo Filter(Mh-CF)model.After that,by introducing the pre-kicking operation,we propose pre-kicking Cuckoo Filter(Pk-CF)model based on the kicking path,which can store all elements in its pre-kicking queue during the cyclic kicking operation and find the smallest flow in the entire kicking path to discard.The introduction of pre-kicking greatly increases the selection range of local minimum.The evaluation results show that Pk-CF model has the best traffic collection performance,which can achieve high HHs identification rate(99.72%)and low estimation error(1.259%)with limited memory cost(28KB),significantly outperforms other existing models.(2)For the time-awareness requirement in network traffic measurement,this thesis deeply discusses its influence and proposes a fine-grained traffic collection model based on time-decaying window.For real-time applications,the latest data are more important,while the outdated data will gradually adversely affect the traffic measurement and analysis over time.In this thesis,we efficiently implement a time-decaying window by using a pre-emphasis function to amplify the increment during insertion and a de-emphasis function to recover the original value during query.Based on this,we propose the Decay-Aware Pre-kicking Cuckoo Filter(DA-Pk-CF)model,which is the combination of Pk-CF model and Time-Adaptive Sketch algorithm.DA-Pk-CF has both the data structure advantages of the former and the decay-awareness ability of the latter.The experiment results verify that our DA-Pk-CF model can perform high-precision and fine-grained collection(4.91% average estimation error and 97.64% HHs identification rate)for time-decaying data in virtual network traffic,which can be a feasible solution for time-awareness requirement.(3)The thesis builds a prototype system for virtual traffic collection based on P4,which is a data plane programmable language,and BMv2 software switch.The system uses Mininet to build a virtual network topology and uses TRex,which is a multifunctional packet generator,to generate virtual network traffic for experiments.We deploy our traffic collection models such as DA-Pk-CF on this system.Through the network simulation environment,we verify the feasibility of the algorithms and models proposed in this thesis for fine-grained traffic collection in virtual network.Finally,this thesis summarizes the researches and contributions,points out some shortcomings and looks forward to the future work.