Reinventing NetFlow for OpenFlow Software-Defined Networks

TL;DR

This paper introduces a scalable, flow-based monitoring solution for OpenFlow networks that aggregates packets in switches and uses sampling methods to reduce overhead, improving accuracy and resource efficiency.

Contribution

It presents a novel, fully compatible flow monitoring approach for OpenFlow that overcomes scalability issues of traditional NetFlow/IPFIX implementations.

Findings

Sampling methods maintain high accuracy with reduced overhead

The solution is compatible with existing OpenFlow switches

Experimental results confirm effectiveness with real traffic traces

Abstract

Obtaining flow-level measurements, similar to those provided by Netflow/IPFIX, with OpenFlow is challenging as it requires the installation of an entry per flow in the flow tables. This approach does not scale well with the number of concurrent flows in the traffic as the number of entries in the flow tables is limited and small. Flow monitoring rules may also interfere with forwarding or other rules already present in the switches, which are often defined at different granularities than the flow level. In this paper, we present a transparent and scalable flow-based monitoring solution that is fully compatible with current off-the-shelf OpenFlow switches. As in NetFlow/IPFIX, we aggregate packets into flows directly in the switches and asynchronously send traffic reports to an external collector. In order to reduce the overhead, we implement three different traffic sampling methods depending on the OpenFlow features available in the switch. We developed our complete flow monitoring solution within OpenDaylight and evaluated its accuracy in a testbed with Open vSwitch. Our experimental results using real-world traffic traces show that the proposed sampling methods are accurate and can effectively reduce the resource requirements of flow measurements in OpenFlow.