TY - GEN
T1 - Adaptive load-aware sampling for network monitoring on multicore commodity hardware
AU - Braun, Lothar
AU - Diekmann, Cornelius
AU - Kammenhuber, Nils
AU - Carle, Georg
PY - 2013
Y1 - 2013
N2 - Many current traffic monitoring systems employ deep packet inspection (DPI) in order to analyze network traffic. These systems include intrusion detection systems, software for network traffic accounting, traffic classification, or systems for monitoring service-level agreements. Traffic volumes and link speeds of current enterprise and ISP networks transform the process of inspecting traffic payload into a challenging task. In this paper we propose a novel adaptive sampling algorithm that selects the maximum number of packets from the network that the DPI system is able to consume. Our algorithm adapts its sampling rate according to the network traffic currently observed, and the number of packets that a monitoring application is able to process. It can be used in conjunction with current multicore-aware network traffic analysis setups, which allow for exploiting current multi-core hardware. We show the applicability of our algorithm with live-tests on a heavily used 10G link with real network monitoring tools.
AB - Many current traffic monitoring systems employ deep packet inspection (DPI) in order to analyze network traffic. These systems include intrusion detection systems, software for network traffic accounting, traffic classification, or systems for monitoring service-level agreements. Traffic volumes and link speeds of current enterprise and ISP networks transform the process of inspecting traffic payload into a challenging task. In this paper we propose a novel adaptive sampling algorithm that selects the maximum number of packets from the network that the DPI system is able to consume. Our algorithm adapts its sampling rate according to the network traffic currently observed, and the number of packets that a monitoring application is able to process. It can be used in conjunction with current multicore-aware network traffic analysis setups, which allow for exploiting current multi-core hardware. We show the applicability of our algorithm with live-tests on a heavily used 10G link with real network monitoring tools.
UR - http://www.scopus.com/inward/record.url?scp=84890845464&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84890845464
SN - 9783901882555
T3 - 2013 IFIP Networking Conference, IFIP Networking 2013
BT - 2013 IFIP Networking Conference, IFIP Networking 2013
T2 - 2013 IFIP Networking Conference, IFIP Networking 2013
Y2 - 22 May 2013 through 24 May 2013
ER -