Good performance under excessive workloads and isolation between the resource consumption of concurrent jobs are perennial design goals of computer systems ranging from multitasking servers to network routers. In this paper we present a system that computes multiple summaries of IP traffic in real time and achieves these design goals in a novel way: by automatically adapting parameters of the summarization algorithms. Anomalous network behavior, such as denial of service attacks or worms could push CPU or memory consumption beyond the limits of the hardware exactly when measurement is needed the most. Our measurement system reacts by gracefully degrading the accuracy of the affected summaries. The types of summaries we compute are widely used by network administrators monitoring the workloads of their networks: the ports sending the most traffic, the IP addresses sending or receiving the most traffic or opening the most connections, etc. We propose a new solution: ``flow sample and hold''. Compared to previous solutions, these new solutions offer better memory versus accuracy tradeoffs and have more predictable resource consumption. Finally, we evaluate the actual implementation of a complete system that combines the best of these algorithms.

Pre-2018 CSE ID: CS2003-0766