Heavy Hitter Detection and Identification in Software Defined Networking

Abstract

In a large network, it is often important to be able to detect high-volume traffic in near real-time. Existing work on the detection and identification of such high volume traffic (so-called heavy hitters) is typically delegated to individual nodes and often relies on deep packet inspection and/or packet sampling. However, these techniques have well known limitations in terms of its ability to scale with network size. Inspired by the capabilities of Software Defined Networking (SDN), we explore a novel heavy hitter detection solution based on understanding connections between traffic statistics and OpenFlow rules. Our approach relies on mining traffic statistics (e.g. port bitrate) and forwarding table entry (FTE) to improve heavy hitter detection. The rationale behind this approach are (i) the information is readily available with minimal overheads, thus it scales better with increasing network size; and (ii) the FTEs and traffic statistics provide different vantage for detection and identification of heavy hitters. We evaluate the effectiveness and accuracy of our proposed heavy hitter detection algorithm on a test bed as a proof-of-concept. The test results show that our approach to heavy hitter detection simultaneously achieves considerable accuracy and good scalability.