TY - GEN
T1 - Sonata: query-driven streaming network telemetry
AU - Gupta, Arpit
AU - Harrison, Rob
AU - Canini, Marco
AU - Feamster, Nick
AU - Rexford, Jennifer
AU - Willinger, Walter
N1 - KAUST Repository Item: Exported on 2020-10-01
Acknowledgements: We thank our shepherd (Ion Stoica), Rüdiger Birkner, Ankita Pawar, Mina T. Arashloo, Robert MacDavid, Chris Mac-Stoker, Rachit Agarwal, and the anonymous reviewers for the feedback and comments. This research was supported by NSF Awards CNS-1539902 and CNS-1704077. Jennifer Rexford was additionally supported by gifts from Intel and Huawei.
PY - 2018/8/8
Y1 - 2018/8/8
N2 - Managing and securing networks requires collecting and analyzing network traffic data in real time. Existing telemetry systems do not allow operators to express the range of queries needed to perform management or scale to large traffic volumes and rates. We present Sonata, an expressive and scalable telemetry system that coordinates joint collection and analysis of network traffic. Sonata provides a declarative interface to express queries for a wide range of common telemetry tasks; to enable real-time execution, Sonata partitions each query across the stream processor and the data plane, running as much of the query as it can on the network switch, at line rate. To optimize the use of limited switch memory, Sonata dynamically refines each query to ensure that available resources focus only on traffic that satisfies the query. Our evaluation shows that Sonata can support a wide range of telemetry tasks while reducing the workload for the stream processor by as much as seven orders of magnitude compared to existing telemetry systems.
AB - Managing and securing networks requires collecting and analyzing network traffic data in real time. Existing telemetry systems do not allow operators to express the range of queries needed to perform management or scale to large traffic volumes and rates. We present Sonata, an expressive and scalable telemetry system that coordinates joint collection and analysis of network traffic. Sonata provides a declarative interface to express queries for a wide range of common telemetry tasks; to enable real-time execution, Sonata partitions each query across the stream processor and the data plane, running as much of the query as it can on the network switch, at line rate. To optimize the use of limited switch memory, Sonata dynamically refines each query to ensure that available resources focus only on traffic that satisfies the query. Our evaluation shows that Sonata can support a wide range of telemetry tasks while reducing the workload for the stream processor by as much as seven orders of magnitude compared to existing telemetry systems.
UR - http://hdl.handle.net/10754/626547
UR - https://dl.acm.org/citation.cfm?doid=3230543.3230555
UR - http://www.scopus.com/inward/record.url?scp=85056394106&partnerID=8YFLogxK
U2 - 10.1145/3230543.3230555
DO - 10.1145/3230543.3230555
M3 - Conference contribution
SN - 9781450355674
SP - 357
EP - 371
BT - Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication - SIGCOMM '18
PB - Association for Computing Machinery (ACM)
ER -