臺灣博碩士論文加值系統

傳統網路由於缺乏對於整體網路資源的掌握，所以難以針對多媒體應用程式(如:
視訊串流)，提供QoS(Quality of Service，服務品質) 保證的服務。SDN(Software Defined
Network，軟體定義網路) 提供了一個新的網路架構，利用多種協定(如:Openflow)，
將控制層從傳輸層中分離出來以實現集中控制與管理工作。另外，隨著日益增加的網
絡應用數量，在網絡上的流量種類與流量日益增多，如果不做好資源分配將會造成使
用者感受下降，因此需要流量辨識功能針對特殊應用來妥善分配頻寬。然而流量辨識
傳統的方法已經開始乏力，過去單單基於IP、端口的工具很難識別這類應用的流量，
為了要能辨識應用層服務，需要具備DPI（Deep Packet Inspection，深度封包檢測）功
能，用來檢測封包的類型。因此，在本論文中，我們提出了在SDN 上，運用P4 語言
(Programming protocol-independent packet processors，協議獨立數據包處理程式) 其自
由的解析及匹配的能力，實做nDPI、Libprotoident 深度封包檢測的行為，使其在資料
層(交換器) 即得知封包類型，進而限制頻寬以達到QoS 的效果。以往使用SDN 技術
欲得知封包類型需要額外的DPI 伺服器輔助，將封包傳送到伺服器做辨識，再將辨識
結果傳送到控制器做對應設置，煩瑣的傳輸增加了封包辨識的時間，P4 能直接檢測封
包的內容，並且擁有自由化的解析和匹配能力，使其能直接在資料層(交換器) 得知封
包類型。

Traditional networks do not have global view to the overall network resources, so
it is difficult to provide QoS (Quality of Service) for multimedia applications such as
video streaming. SDN (Software Defined Network) provides an innovative architecture
that uses a variety of protocols (e.g: Openflow) to separate the control plane from the
data plane for centralized management among networks. In addition, with the increasing
number of network applications, there are many new types of traffic and network traffics
on the network. If we do not allocate resource well, the users will feel terrible. Due to
that, traffic classification is needed for focusing on particular application to guarantee its
bandwidth. The traditional methods face the challenge of identifying the traffic of such
applications, which increase the difficulty of QoS control and security protect. In order
to identify the application layer of packets, DPI (Deep Packet Inspection) function was
appeared. Therefore, in this paper, we propose the usage of P4 language (Programming
protocol-independent packet processors)[1] with its free parsing and matching ability, so
that we can get application type of packet in the data plane and then limit the bandwidth
to achieve the effect of QoS. Our detection behavior refer to two open-source DPI tools,
nDPI[2] and Libprotoident[3]. In recent study, the use of SDN technology to know the
packet type requires additional DPI engine support no matter in which party. The packet
sent to the engine to do identification, and then transfer the results to the controller to
make the corresponding rules. These transmission actions increased identification delay
time of packet. P4-switch have a free parsing and table matching ability to make it possibly
examine the contents of the packet. Due to these properties, it can get application
type of packet directly in the data plane.

1 Introduction 1
1.1 Motivation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.2 Problem Statement and Proposed Approach . . . . . . . . . . . . . . . . . 3
1.3 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2 Background 5
2.1 Traffic Classification Overview . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.2 Payload-based Classification . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.2.1 nDPI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.2.2 Libprotoident . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
2.3 Software Defined Network . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
2.3.1 Control Plane : ONOS . . . . . . . . . . . . . . . . . . . . . . . . . 14
2.3.2 Data Plane : BMv2-Switch of P4 Language . . . . . . . . . . . . . 17
3 Proposed Approach 21
3.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
3.2 Detection method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
3.2.1 Host/Server Name Match Based on nDPI . . . . . . . . . . . . . . 22
3.2.2 4-byte Payload Match Based on Libprotoident . . . . . . . . . . . . 25
3.2.3 Bidirectional Support with P4 Register . . . . . . . . . . . . . . . . 25
3.2.4 Particular Application . . . . . . . . . . . . . . . . . . . . . . . . . 26
3.2.5 Guessing by Address and Port . . . . . . . . . . . . . . . . . . . . . 26
3.2.6 UNKNOWN Result . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.3 Learning method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
3.4 Queuing method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
3.5 Implement on Tofino . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
4 Experiment and Evaluation 31
4.1 Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
4.2 Accuracy Comparison with nDPI . . . . . . . . . . . . . . . . . . . . . . . 33
4.2.1 Experiment Data Set . . . . . . . . . . . . . . . . . . . . . . . . . . 33
4.2.2 Experiment Result . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
4.3 ONOS GUI View . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
4.4 Real Time Detection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
4.5 QoS Control on Youtube . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
4.6 Experiment on Hardware Switch - Tofino . . . . . . . . . . . . . . . . . . . 41
5 Conclusion 42
5.1 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
5.2 Future work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
v

[1] P. Bosshart, D. Daly, G. Gibb, M. Izzard, N. McKeown, J. Rexford, C. Schlesinger,
D. Talayco, A. Vahdat, G. Varghese, et al., “P4: Programming protocol-independent
packet processors,” SIGCOMM Computer Communication Review, vol. 44, no. 3,
pp. 87–95, 2014.
[2] L. Deri, M. Martinelli, T. Bujlow, and A. Cardigliano, “ndpi: Open-source highspeed
deep packet inspection,” in the 10th International Wireless Communications
and Mobile Computing Conference(IWCMC), pp. 617–622, 2014.
[3] S. Alcock and R. Nelson, “Libprotoident: Traffic classification using lightweight
packet inspection,” in WAND Network Research Group, Tech. Rep., 2012.
[4] B. Coat, “Technology primer: QoS and bandwidth management.”
https://www.bluecoat.com/sites/default/files/documents/files/QoS_and_Bandwidth_
Management.7.pdf, 2012.
[5] B. Technology, “Quality of service in LTE.” http://www.bectechnologies.net/main/
newsletter_images/QoS.pdf, 2013.
[6] H. Safa, W. El-Hajj, and K. Tohme, “A QoS-aware uplink scheduling paradigm for
LTE networks,” in IEEE 27th International Conference on Advanced Information
Networking and Applications (AINA), pp. 1097–1104, 2013.
[7] S. Valenti, D. Rossi, A. Dainotti, A. Pescapè, A. Finamore, and M. Mellia, “Reviewing
traffic classification,” in Data Traffic Monitoring and Analysis, pp. 123–147,
Springer, 2013.
[8] G. Finnie, “DPI & traffic analysis in networks based on NFV and
SDN.” http://www.qosmos.com/wp-content/uploads/2014/01/Heavy-Reading_Qosmos_
DPI-SDN-NFV_White-Paper_Jan2014.pdf, 2014.
[9] G. Finnie, “The role of DPI in an SDN world.” http://www.qosmos.com/wp-content/
uploads/2012/12/HR-Qosmos_DPI-SDN-WP_Dec-2012.pdf, 2012.
[10] A. Bremler-Barr, Y. Harchol, D. Hay, and Y. Koral, “Deep packet inspection as a
service,” in the 10th ACM International Conference on emerging Networking Experiments
and Technologies, pp. 271–282, 2014.
[11] Z. A. Qazi, C.-C. Tu, L. Chiang, R. Miao, V. Sekar, and M. Yu, “Simple-fying
middlebox policy enforcement using SDN,” SIGCOMM Computer Communication
Review, vol. 43, no. 4, pp. 27–38, 2013.
[12] T. Bujlow, T. Riaz, and J. M. Pedersen, “A method for classification of network
traffic based on c5. 0 machine learning algorithm,” in International Conference on
Computing Networking and Communications (ICNC), pp. 237–241, 2012.
[13] N.-F. Huang, G.-Y. Jai, H.-C. Chao, Y.-J. Tzang, and H.-Y. Chang, “Application
traffic classification at the early stage by characterizing application rounds,” Information
Sciences, vol. 232, pp. 130–142, 2013.
[14] T. Bujlow, V. Carela-Español, and P. Barlet-Ros, “Comparison of deep packet inspection
(DPI) tools for traffic classification,” tech. rep., Universitat Politècnica de
Catalunya, 2013.
[15] T. Bujlow, V. Carela-Español, and P. Barlet-Ros, “Independent comparison of popular
DPI tools for traffic classification,” in Computer Networks, vol. 76, pp. 75–89,
2015.
[16] M. Finsterbusch, C. Richter, E. Rocha, J.-A. Muller, and K. Hanssgen, “A survey of
payload-based traffic classification approaches,” IEEE Communications Surveys &
Tutorials, vol. 16, no. 2, pp. 1135–1156, 2014.
[17] J. Khalife, “Novel approaches in traffic classification,” 2016.
[18] ONF, “SDN architecture overview.” https://www.opennetworking.org/images/stories/
downloads/sdn-resources/technical-reports/TR_SDN-ARCH-Overview-1.1-11112014.
02.pdf, 2014.
[19] P. Berde, M. Gerola, J. Hart, Y. Higuchi, M. Kobayashi, T. Koide, B. Lantz,
B. O’Connor, P. Radoslavov, W. Snow, et al., “ONOS: towards an open, distributed
SDN OS,” in the third workshop on Hot topics in software defined networking, pp. 1–6,
ACM, 2014.
[20] M. T. Arashloo, Y. Koral, M. Greenberg, J. Rexford, and D. Walker, “Snap: Stateful
network-wide abstractions for packet processing,” in ACM SIGCOMM Conference,
pp. 29–43, 2016.
[21] A. Sivaraman, A. Cheung, M. Budiu, C. Kim, M. Alizadeh, H. Balakrishnan,
G. Varghese, N. McKeown, and S. Licking, “Packet transactions: High-level programming
for line-rate switches,” in ACM SIGCOMM Conference, pp. 15–28, 2016.
[22] Barefoot, “The worlds fastest most programmable networks.” https://barefootnetworks.
com/white-paper/the-worlds-fastest-most-programmable-networks/, 2016.
[23] M. Shahbaz, S. Choi, B. Pfaff, C. Kim, N. Feamster, N. McKeown, and J. Rexford,
“Pisces: A programmable, protocol-independent software switch,” in ACM
SIGCOMM Conference, pp. 525–538, 2016.