The present invention relates to a network traffic control system and method for detecting large flows and applying control actions based on features of the detected large flows.
U.S. Pat. Nos. 6,894,972 and 7,164,657 discuss that prior art approaches of checking whether a packet belongs to a particular class of traffic can be expensive in terms of network resources and/or equipment costs. In addition, one prior art approach such as Cisco's Netflow™ monitoring system also suffers from delay problems.
A packet switching network such as the Internet includes multiple nodes connected together by multiple transmission links for transporting information in packet form from one or more source nodes to one or more destination nodes. A node can be a switch or a router.
Packet sampling is widely employed as a means of monitoring traffic in computer networks. The packet samples are used to estimate traffic levels (in packets per second or bits per second), based on properties identified in the packet headers, for example calculating the data rate associated with web traffic, to/from a particular network address, etc.
The current practice for analyzing sampled data is to accumulate totals over an interval, scale the result by the sampling rate, and then divide by the interval in order to report a rate (ref: Packet Sampling Basics <http://www.sflow.org/packetSamplingBasics/index.htm>).
The recent advent of Software Defined Networking (SDN) and related protocols such as OpenFlow have made it possible to rapidly reconfigure the network in response to changes in traffic detected. However, limitations in current approaches to measurement and control are slow to respond to changes and have limited scalability, making it difficult to address challenges such as Distributed Denial of Service (DDoS) mitigation, multi-path load balancing, and priority marking of traffic flows.