Detecting Heavy Hitters in the Data-plane
The ability to detect, in real-time, heavy hitters is beneficial to many network applications, such as DoS and anomaly detection. Through programmable languages as P4, heavy hitter detection can be implemented directly in the data-plane, allowing custom actions to be applied to packets as they are processed at a network node. This enables networks to immediately respond to changes in network traffic in the data-plane itself and allows for different QoS profiles for heavy hitter and non-heavy hitter traffic. Current interval-based methods that flush the whole counting structure are not well-suited for programmable hardware (the data-plane), because they either require more resources than available in that hardware, they do not provide good accuracy, or require too many actions from the control-plane. A sliding window approach that maintains accuracy over time would solve these issues. However, to the best of our knowledge, the concept of sliding windows in programmable hardware has not been studied yet. In this paper, we develop streaming approaches to detect heavy hitters in the data-plane. We consider the problems of (1) adopting a sliding window and (2) identifying heavy hitters separately and propose multiple memory- and processing-efficient solutions for each of them. These solutions are suitable for P4 programmable hardware and can be combined at will to solve the streaming variant of the heavy hitter detection problem.
READ FULL TEXT