Traffic classification allows network operators to gain important insights to better characterize packet flows, enabling fundamental applications such as traffic engineering, network analytics and Quality of Service (QoS) enforcing. A common approach adopted for flow classification is based on Deep Packet Inspection (DPI): All the traffic is processed by a middlebox whose task is the association of a network flow to the application-level information by inspecting the entire content of the packets. The increased volume of encrypted traffic limits the type of analysis performed by network middleboxes. However, an important amount of information can still be extracted from packets belonging to the very initial phase of a connection which are transmitted in clear (e.g. DNS and TLS handshake). Furthermore, recent research work has shown that it is possible to reduce the burden on the DPI without a significant loss in classification accuracy, by limiting the amount of data processed per flow. In this paper, we propose to exploit the programmability of new stateful SDN data planes to offload down to the network the process of filtering traffic to the DPI. We show that it is jointly possible to reduce the required computing power of the DPI, as well as the network bandwidth between the switches and the DPI. By taking advantage of the flexibility of stateful data planes we also manage to delegate to switches the computation of useful network analytics metrics (such as number of packets, number of bytes and duration) which would otherwise require the DPI to inspect the entire traffic flow.

Towards traffic classification offloading to stateful SDN data planes

Sanvito, Davide;MORO, DANIELE;Capone, Antonio
2017-01-01

Abstract

Traffic classification allows network operators to gain important insights to better characterize packet flows, enabling fundamental applications such as traffic engineering, network analytics and Quality of Service (QoS) enforcing. A common approach adopted for flow classification is based on Deep Packet Inspection (DPI): All the traffic is processed by a middlebox whose task is the association of a network flow to the application-level information by inspecting the entire content of the packets. The increased volume of encrypted traffic limits the type of analysis performed by network middleboxes. However, an important amount of information can still be extracted from packets belonging to the very initial phase of a connection which are transmitted in clear (e.g. DNS and TLS handshake). Furthermore, recent research work has shown that it is possible to reduce the burden on the DPI without a significant loss in classification accuracy, by limiting the amount of data processed per flow. In this paper, we propose to exploit the programmability of new stateful SDN data planes to offload down to the network the process of filtering traffic to the DPI. We show that it is jointly possible to reduce the required computing power of the DPI, as well as the network bandwidth between the switches and the DPI. By taking advantage of the flexibility of stateful data planes we also manage to delegate to switches the computation of useful network analytics metrics (such as number of packets, number of bytes and duration) which would otherwise require the DPI to inspect the entire traffic flow.
2017
2017 IEEE Conference on Network Softwarization: Softwarization Sustaining a Hyper-Connected World: en Route to 5G, NetSoft 2017
9781509060085
Computer Networks and Communications; Software; Hardware and Architecture
File in questo prodotto:
File Dimensione Formato  
sanvito_neafio_2017-2.pdf

Accesso riservato

: Publisher’s version
Dimensione 375.66 kB
Formato Adobe PDF
375.66 kB Adobe PDF   Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11311/1057664
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 23
  • ???jsp.display-item.citation.isi??? 4
social impact