Software defined networking (SDN) is an approach to computer networking that employs a split architecture network in which the forwarding (data) plane is decoupled from the control plane. The use of a split architecture network simplifies the switches implementing the forwarding plane by shifting the intelligence and decision making of the network into one or more controllers that oversee the switches. SDN facilitates rapid and open innovation at the network layer by providing a programmable network infrastructure. SDN networks are becoming popular in cloud computing datacenters and enterprise networks.
Network monitoring is an important part of network operation. Network monitoring helps network operators detect unwanted networking behavior and other types of abnormalities in the network. Existing network monitoring solutions typically require deploying feature-rich monitoring components such as deep packet inspection (DPI) nodes, probing equipment, packet classifiers, and filters into the network. These active monitoring components can be expensive and thus increase the capital expenditure of the network operator. Furthermore, these monitoring components typically require some amount of configuration and maintenance in order to function properly, which increases the operating expenditure of the network operator.
Furthermore, existing network monitoring solutions consume a significant amount of network resources attempting to “normalize” the information collected from the network (e.g., DPI trying to follow a Transmission Control Protocol (TCP) flow state, a big data algorithm crunching through a packet trace database to find a problematic flow, and probing equipment inspecting network traffic). These types of network monitoring solutions do not scale well and thus may not provide adequate network monitoring coverage, especially as networks get larger and more complex.