Traffic classification allows network operators to gain important insights to better characterize packet flows, enabling fundamental applications such as traffic engineering, network analytics and Quality of Service (QoS) enforcing. A common approach adopted for flow classification is based on Deep Packet Inspection (DPI): All the traffic is processed by a middlebox whose task is the association of a network flow to the application-level information by inspecting the entire content of the packets. The increased volume of encrypted traffic limits the type of analysis performed by network middleboxes. However, an important amount of information can still be extracted from packets belonging to the very initial phase of a connection which are transmitted in clear (e.g. DNS and TLS handshake). Furthermore, recent research work has shown that it is possible to reduce the burden on the DPI without a significant loss in classification accuracy, by limiting the amount of data processed per flow. In this paper, we propose to exploit the programmability of new stateful SDN data planes to offload down to the network the process of filtering traffic to the DPI. We show that it is jointly possible to reduce the required computing power of the DPI, as well as the network bandwidth between the switches and the DPI. By taking advantage of the flexibility of stateful data planes we also manage to delegate to switches the computation of useful network analytics metrics (such as number of packets, number of bytes and duration) which would otherwise require the DPI to inspect the entire traffic flow.
Towards traffic classification offloading to stateful SDN data planes
Sanvito, Davide;MORO, DANIELE;Capone, Antonio
2017-01-01
Abstract
Traffic classification allows network operators to gain important insights to better characterize packet flows, enabling fundamental applications such as traffic engineering, network analytics and Quality of Service (QoS) enforcing. A common approach adopted for flow classification is based on Deep Packet Inspection (DPI): All the traffic is processed by a middlebox whose task is the association of a network flow to the application-level information by inspecting the entire content of the packets. The increased volume of encrypted traffic limits the type of analysis performed by network middleboxes. However, an important amount of information can still be extracted from packets belonging to the very initial phase of a connection which are transmitted in clear (e.g. DNS and TLS handshake). Furthermore, recent research work has shown that it is possible to reduce the burden on the DPI without a significant loss in classification accuracy, by limiting the amount of data processed per flow. In this paper, we propose to exploit the programmability of new stateful SDN data planes to offload down to the network the process of filtering traffic to the DPI. We show that it is jointly possible to reduce the required computing power of the DPI, as well as the network bandwidth between the switches and the DPI. By taking advantage of the flexibility of stateful data planes we also manage to delegate to switches the computation of useful network analytics metrics (such as number of packets, number of bytes and duration) which would otherwise require the DPI to inspect the entire traffic flow.File | Dimensione | Formato | |
---|---|---|---|
sanvito_neafio_2017-2.pdf
Accesso riservato
:
Publisher’s version
Dimensione
375.66 kB
Formato
Adobe PDF
|
375.66 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.