Real-time detection, isolation and monitoring of elephant flows using commodity SDN system

Operators of enterprise and carrier networks in-creasingly require real-time visibility into traffic patterns in their network, so they can do better resource management (congestion detection, dynamic routing, capacity scheduling) and security protection (detection of intrusions and volumetric attacks). Of particular interest are elephant flows that transfer large volumes, since they demand most resources and can inflict most damage. Today's techniques for detecting and monitoring elephant flows are based on software-based packet analysis or hardware-based inspection, which are either unscalable or expensive. In this paper we design, implement, and evaluate an SDN-based solution that is scalable (to tens of Gigabits-per-second) and inexpensive (built using commodity OpenFlow switches). We first develop a system architecture that judiciously combines software packet inspection with hardware flow-table counters to identify and monitor heavy flows. We then use real traffic traces taken from a campus network to tune our algorithm parameters for desired trade-off between software load and hardware table size. Finally, we prototype our solution on a commodity OpenFlow hardware switch together with open-source controller and packet inspection software, and demonstrate operation at 10Gbps in a real campus network.