Software Defined Monitoring (SDM) is a new concept of hardware acceleration for flexible flow-based application level monitoring. The concept relies on smart monitoring tasks implemented in the software in conjunction with a configurable hardware accelerator. The hardware accelerator is a application-specific processor tailored to stateful flow processing. The monitoring tasks reside in the software and can easily control the level of detail retained by the hardware for each flow. This way, the measurement of bulk/uninteresting traffic is offloaded to the hardware, while the advanced monitoring over the interesting traffic is performed in the software. The proposed concept allows the creating of flexible monitoring systems capable of deep packet inspection at high throughput.

The proposed arrangement of our system resembles OpenFlow: Packets of an unknown flow are passed from the data path to the controlling software, which in turn may choose to install processing rules into the data path. Similar to plugins for the OpenFlow controller, SDM is also designed to support various software plugins.  The main difference to OpenFlow is that our system is aimed solely at monitoring, with the ability to achieve a great amount of flexibility by using software monitoring plugins. For the sake of performance, SDM controller is very tightly coupled with the hardware accelerator. There is also an outlook to further improve the system in terms of types of measurements that are performed by the hardware accelerator (besides NetFlow). Therefore, our system is an instance of Software Defined Networking in its broader sense, yet it is completely different from OpenFlow.


SDM Concept

Conceptual scheme of Software Defined Monitoring

Our pilot implementation in FPGA is designed to perform a 100 Gb/s flow traffic measurement augmented by a selected application-level protocol parsing. We use COMBO-100G and COMBO-80G cards for the hardware acceleration. SDM was published at INFOCOM 2014:

Lukáš Kekely, Viktor Puš, Jan Kořenek: Software Defined Monitoring of Application Protocols. In: Proceedings of the IEEE INFOCOM 2014 – IEEE Conference on Computer Communications, Toronto, Canada, 2014