Seamless Dynamic Reconfiguration of Flow Meters: Requirements and Solutions

  • Tobias Limmer
  • Falko Dressler
Part of the Informatik aktuell book series (INFORMAT)


In this paper, we investigate the need for seamless dynamic reconfiguration of flow meters. Flow monitoring has become a primary measurement approach for various network management and security applications. Sampling and filtering techniques are usually employed in order to cope with the increasing bandwidth in today’s backbone networks. Additionally, low level analysis features can be used if CPU and memory resources are available. Obviously, the configuration of such algorithms depends on the (estimated) network load. In case of changing traffic pattern or varying demands on the flow analyzers, this configuration needs to be updated. Hereby it is essential to lose as little information, i.e. packet or flow data, as possible. We contribute to this domain by presenting an architecture for seamless reconfiguration without information loss, which we integrated into the monitoring toolkit Vermont. Additionally, we integrated support for situation awareness using module specific resource sensors. In a number of experiments, we evaluated the performance of Vermont and similar flow monitors.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Carle, G., Dressler, F., Kemmerer, R.A., König, H., Kruegel, C., Laskov, P.: Manifesto — Perspectives Workshop: Network Attack Detection and Defense. In: Dagstuhl Perspectives Workshop 08102 — Network Attack Detection and Defense 2008, Schloss Dagstuhl, Wadern, Germany (March 2008)Google Scholar
  2. 2.
    Lampert, R.T., Sommer, C., Münz, G., Dressler, F.: Vermont — A Versatile Monitoring Toolkit Using IPFIX/PSAMP. In: IEEE/IST Workshop on Monitoring, Attack Detection and Mitigation (MonAM 2006), Tübingen, Germany, IEEE (September 2006) 62–65Google Scholar
  3. 3.
    Claise, B.: Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information. RFC 5101, IETF (January 2008)Google Scholar
  4. 4.
    Kobayashi, A., Nishida, H., Sommer, C., Dressler, F., Stephan, E., Claise, B.: IPFIX Mediation: Problem Statement. Internet-Draft (work in progress) draftietf-ipfix-mediators-problem-statement-00.txt, IETF (May 2008)Google Scholar
  5. 5.
    Estan, C., Savage, S., Varghese, G.: Automatically Inferring Patterns of Resource Consumption in Network Traffic. In: ACM SIGCOMM 2003, Karlsruhe, Germany, ACM (August 2003) 137–148CrossRefGoogle Scholar
  6. 6.
    Jung, J., Paxson, V., Berger, A.W., lakrishnan, H.B.: Fast Portscan Detection Using Sequential Hypothesis Testing. In: IEEE Symposium on Security and Privacy, Berkeley/Oakland, CA (May 2004)Google Scholar
  7. 7.
    Bernaille, L., Teixeira, R.: Early Application Identification. In: 2nd International Conference On Emerging Networking Experiments And Technologies (CoNext 2006), Lisboa, Portugal (December 2006)Google Scholar
  8. 8.
    Crotti, M., Dusi, M., Gringoli, F., Salgarelli, L.: Traffic Classification Through Simple Statistical Fingerprinting. ACM Computer Communication Review (CCR) 37(1) (January 2007) 5–16CrossRefGoogle Scholar
  9. 9.
    Wagner, A., Dübendorfer, T., Hämmerle, L., Plattner, B.: Identifying P2P Heavy-Hitters from Network-Flow Data. In: 2nd CERT Workshop on Flow Analysis (FloCon 2005), Pittsburgh, Pennsylvania (September 2005)Google Scholar
  10. 10.
    Rajab, M.A., Monrose, F., Terzis, A.: On the Effectiveness of Distributed Worm Monitoring. In: 14th USENIX Security Symposium, Baltimore, MD (July 2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Tobias Limmer
    • 1
  • Falko Dressler
    • 1
  1. 1.Computer Networks and Communication SystemsUniversity of ErlangenErlangenGermany

Personalised recommendations