Cloud network monitoring and adaptation

Avi Miron

The Technion is involved with two research threads, addressing cloud network monitoring and adaptation: Theoretical models and applications and Efficient network monitoring of IaaS resources.

  1. Theoretical models and applications, enabling a stateless device such as a router (a per-packet processing device), to efficiently estimate the bandwidth per flow as well as aggregated flows (application-layer load) in real time. Such schemes are processed at a nearby network device (not the affected device or the destination device), and facilitate cloud adaptation actions that are triggered by the following conditions:
    • Excessive bandwidth utilization of a specific flow (e.g. a cloud app, an NFV service).
    • Excessive bandwidth utilization that is directed to a specific server/server farm (e.g. a popular web server).
    • Early detection of a possible Denial of Service attack by a nearby device (not the device being under attack, which is not responsive and not functional). Such early indication can be forwarded to a specialized security entity for further analysis and resolution (NFV service, dedicated security device).
    • Any anomaly that is related to bandwidth utilization within the cloud (SLA violation, VM migration for improved performance and resource utilization).
  2. Efficient network monitoring of IaaS resources involving aggregated traffic in a multi-tenancy cloud service. Such mechanisms facilitate early detection of over-utilization and other flow anomalies (unusual large portion of bandwidth, DDoS attack). This study was initially implemented in Openflow environment, extending the functionality of the SDN controller and the Openflow protocol. Within the Cloudwave project, such functionality is implemented in the OpenStack environment. A rudimentary implementation of such functionality is being integrated within the VSwitches that are utilized in the project demo.