Please wait a minute...
 Tsinghua Science and Technology  2021, Vol. 26 Issue (4): 452-463    doi: 10.26599/TST.2020.9010018
Trident: Efficient and Practical Software Network Monitoring
Xiaohe Hu(),Yang Xiang(),Yifan Li(),Buyi Qiu(),Kai Wang(),Jun Li*()
Department of Automation, Tsinghua University, Beijing 100084, China.
Yunshan Networks, Beijing 100084, China.
Research Institute of Information Technology, Tsinghua University, Beijing 100084, China.
 Download: PDF (8318 KB)      HTML Export: BibTeX | EndNote (RIS)

Abstract

Network monitoring is receiving more attention than ever with the need for a self-driving network to tackle increasingly severe network management challenges. Advanced management applications rely on traffic data analyses, which require network monitoring to flexibly provide comprehensive traffic characteristics. Moreover, in virtualized environments, software network monitoring is constrained by available resources and requirements of cloud operators. In this paper, Trident, a policy-based network monitoring system at the host, is proposed. Trident is a novel monitoring approach, off-path configurable streaming, which offers remote analyzers a fine-grained holistic view of the network traffic. A novel fast path packet classification algorithm and a corresponding cached flow form are also proposed to improve monitoring efficiency. Evaluated in a practical deployment, Trident demonstrates negligible interference with forwarding and requires no additional software dependencies. Trident has been deployed in production networks of several Tier-IV datacenters.

Received: 17 January 2020      Published: 12 January 2021
Fund:  National Natural Science Foundation of China(61872212)
Corresponding Authors: Jun Li     E-mail: hu-xh14@mails.tsinghua.edu.cn;xiangyang@ yunshan.net.cn;liyifan18@mails.tsinghua.edu.cn;buyi@yunshan.net;wangkai@yunshan.net;junl@tsinghua.edu.cn
About author: Xiaohe Hu received the BEng degree from Tsinghua University, China in 2014. He is now a PhD candidate at Department of Automation, Tsinghua University, China. His research interests include software-defined networking, cloud datacenter networks, and network monitoring and management.|Yang Xiang received the BS degree from Jilin University, China in 2008, and the PhD degree from Tsinghua University, China in 2013. He is currently a software engineer at Yunshan Networks. His research interests include software-defined networking, network architecture, and intrusion detection.|Yifan Li received the BEng degree from Tsinghua University, China in 2018. He is now a PhD candidate at the Department of Automation, Tsinghua University, China. His research interests include network verification, cloud datacenter networks, and network monitoring and management.|Buyi Qiu received the BEng degree from Northeastern University, China in 2012. He is now a software engineer at Yunshan Networks. His research interests include cloud datacenter networks, network monitoring, and network troubleshooting.|Kai Wang received the BS degree from Nanjing University, China in 2009 and the PhD degree from Tsinghua University, China in 2015. He is currently a software engineer at YunShan Networks. His research interests include network security and software-defined networking.|Jun Li received the BEng and MEng degrees from Tsinghua University, China in 1985 and 1988, respectively, and the PhD degree from New Jersey Institute of Technology, USA in 1997. Currently, he is a professor at Research Institute of Information Technology, Tsinghua University, China. His research interests include network security, pattern recognition, and image processing.
 Service E-mail this article Add to my bookshelf Add to citation manager E-mail Alert RSS Articles by authors Xiaohe Hu Yang Xiang Yifan Li Buyi Qiu Kai Wang Jun Li
 Cite this article: Xiaohe Hu,Yang Xiang,Yifan Li,Buyi Qiu,Kai Wang,Jun Li. Trident: Efficient and Practical Software Network Monitoring. Tsinghua Science and Technology, 2021, 26(4): 452-463. URL:
 Fig. 1 Basic framework of a self-driving network. Table 1 Summary of the software network monitoring work in the data plane. Fig. 2 TSS algorithm example with a two-field rule set. Fig. 3 Fast- and slow-path framework. Fig. 4 Architecture of Trident. Trident performs off-path traffic monitoring within the host hypervisor and interacts with the remote controller and analyzers. Fig. 5 Example of the USS construction process. Table 2 Fast-path hash table lookup times compassion on TSS with megaflow and USS with uniflow. x in rule set ACL1_x and FW1_x represents rule size in the set. Fig. 6 Average cached flow size of the megaflow and uniflow, representing the fast path caching hit rate. Y-axis is shown in the log scale. On each flow entry, the space size is calculated by multiplying each field size. Table 3 Trident CPU usage at 2 $×𝟏𝟎𝟓$ pps. Random-x traffic pattern represents the packet source IP andrandomly varying ports. The packet length is set to x. Mon represents the CPU usage of the Trident process. Copy represents the CPU usage of the copy overhead introduced to the forwarding path. Sum represents the sum of Mon and Copy. (%) Fig. 7 Traffic rate example that Trident monitors and compresses the header statistics. Fig. 8 Demo that Trident can dynamically vary the sampling ratio to keep the CPU usage at 10%. The sampling ratio here means dividing the number of monitored packets by the number of forwarded packets.