CLAMP: Efficient Class-Based Sampling For Flow Monitoring
Mohit Saxena and Ramana Kompella
Elseiver Computer Networks Journal 2010, COMNET
With an increasing requirement to classify traffic and track security threats, newer flexible and efficient ways are needed for collecting traffic statistics and monitoring network flows. However, traditional solutions based on packet sampling do not provide the flexibility required for these applications. For example, operators are often interested in observing as many unique flows as possible; however, random packet sampling is inherently biased towards large flows. Operators may also be interested in increasing the fidelity of flow measurements for a certain class of flows; such flexibility is lacking in today's packet sampling frameworks.
In this paper, we propose a novel architecture called CLAMP that provides an efficient framework to implement class-based sampling. At the heart of CLAMP is a novel data structure we propose called composite Bloom filter (CBF) that consists of a set of Bloom filters working together to encapsulate various class definitions. In particular, we show the flexibility and efficacy of CLAMP by implementing a simple two-class sizebased sampling. We also consider different objectives such as maximizing flow coverage and improving the accuracy of certain class of flows. In comparison to previous approaches that implement simple size-based sampling, our architecture requires substantially lower amounts of memory (up to 80x) and achieves higher flow coverage (up to more 8x flows) under specific configurations.
CLAMP: Efficient Class-Based Sampling For Flow Monitoring
Mohit Saxena and Ramana Kompella
Elseiver Computer Networks Journal 2010, COMNET
A framework for efficient class-based sampling
Mohit Saxena and Ramana Kompella
IEEE INFOCOM 2009 (Mini Conference), INFOCOM
On the inadequacy of link connectivity monitoring
Mohit Saxena and Ramana Kompella
IEEE Workshop on Automated Network Management 2008, ANM