Computer Science Department
School of Computer Science, Carnegie Mellon University
Vyas Sekar, Michael K. Reiter, Walter Willinger*, Hui Zhang
We present Coordinated Sampling, a new technique for improved flow-level monitoring. Our approach derives from three key design decisions: flow sampling instead of uniform packet sampling; hash-based flow selection to achieve coordination between routers without needing explicit communication channels; and an approach for distributing responsibilities across routers to achieve network-wide monitoring objectives while taking into account resource constraints on each router. We demonstrate that Coordinated Sampling presents an attractive solution for ISPs. First, it more than doubles flow coverage to support security applications and does so without compromising the accuracy of traditional traffic engineering applications. Second, it enables network operators to directly specify and achieve fine-grained network-wide monitoring objectives. Third, it naturally load balances monitoring responsibilities across routers and at the same time efficiently leverages the available capacity on each router.