Paper Info
Title
FloSIS: A Highly Scalable Network Flow Capture System for Fast Retrieval and Storage Efficiency
Abstract
Network packet capture performs essential functions in network management such as attack analysis, network troubleshooting, and performance debugging. As the network edge bandwidth exceeds 10 Gbps, the demand for scalable packet capture and retrieval is rapidly increasing. However, existing software-based packet capture systems neither provide high performance nor support flow-level indexing for fast query response. This would either prevent important packets from being stored or make it too slow to retrieve relevant flows. In this paper, we present FloSIS, a highly scalable, software-based flow storing and indexing system. Flo-SIS is characterized as the following three aspects. First, it exercises full parallelism in multiple CPU cores and disks at all stages of packet processing. Second, it constructs two-stage flow-level indexes, which helps minimize expensive disk access for user queries. It also stores the packets in the same flow at a contiguous disk location, which maximizes disk read throughput. Third, we optimize storage usage by flow-level content deduplication at real time. Our evaluation shows that FloSIS on a dual octa-core CPU machine with 24 HDDs achieves 30 Gbps of zero-drop performance with real traffic, consuming only 0.25% of the space for indexing.
Year
Venue
Field
2015
USENIX Annual Technical Conference
Data deduplication,Flow network,Packet analyzer,Computer science,Network packet,Real-time computing,Packet processing,Edge device,Throughput,Network management
DocType
Citations 
PageRank 
Conference
0
0.34
References 
Authors
18
5
Name
Order
Citations
PageRank
Jihyung Lee101.01
Sungryoul Lee200.34
Junghee Lee322627.26
Yung Yi41557104.55
KyoungSoo Park5119873.47