Abstract

Network management relies on an up-to-date and accurate view of many traffic metrics for tasks such as traffic engineering (e.g., heavy hitters), anomaly detection (e.g., entropy of source addresses), and security (e.g., DDoS detection). Obtaining an accurate estimate of these metrics while using little router CPU and memory is challenging. This in turn has inspired a large body of work in data streaming devoted to developing optimized algorithms for individual monitoring tasks, as well as recent approaches to make it simpler to implement these algorithms (e.g., OpenSketch). While this body of work has been seminal, we argue that this trajectory of crafting special purpose algorithms is untenable in the long term. We make a case for a "RISC" approach for flow monitoring analogous to a reduced instruction set in computer architecture---a simple and generic monitoring primitive from which a range of metrics can be computed with high accuracy. Building on recent theoretical advances in universal streaming, we show that this "holy grail" for flow monitoring might be well within our reach.

Original document

The different versions of the original document can be found in:

• http://users.ece.cmu.edu/%7Evsekar/papers/hotnets15_universalstreaming.pdf

• http://users.ece.cmu.edu/~vsekar/papers/hotnets15_universalstreaming.pdf,

https://dblp.uni-trier.de/db/conf/hotnets/hotnets2015.html#LiuVBS15,

https://users.ece.cmu.edu/~vsekar/papers/hotnets15_universalstreaming.pdf,

http://conferences.sigcomm.org/hotnets/2015/papers/liu.pdf,

https://doi.acm.org/10.1145/2834050.2834098,

https://dl.acm.org/citation.cfm?doid=2834050.2834098,

https://academic.microsoft.com/#/detail/2266632434

• http://dl.acm.org/ft_gateway.cfm?id=2834098&ftid=1643669&dwn=1,

http://dx.doi.org/10.1145/2834050.2834098 under the license http://www.acm.org/publications/policies/copyright_policy#Background