Implementation of a High-Throughput Virtual Switch Port Monitoring System

As SDN-based networking infrastructure continues to evolve, an increasing number of traditional network functions are deployed over virtualized networks. Similar to fixed function switching networks, traffic monitoring in a Software Defined Network is critical in order to ensure the security and performance of the underlying infrastructure. In the context of virtualized networks, deployment of a virtualized TAP service has been reported as an effective VNF that can provide the same monitoring capabilities as a physical TAP. For most virtual switch implementations, e.g., OvS, network device virtualization is based upon a para-virtualization technology, i.e., VIRTIO. One of the primary use cases for port mirroring is inter-VM communication, i.e., packet streams that exist between virtual network devices, which remains prohibitively expensive for TAP devices. Specifically, it has been observed that virtual TAPs can contribute up to 70% performance degradation to the source VNF(s). With reference to prior work, we previously presented a feasibility study that included a novel approach towards the reduction of port-mirroring overhead. In this paper we present our latest contributions, in which we integrate our design into OvS and develop a VLAN based filtering scheme to pass traffic from a source device to a monitoring device. In this case, both devices may reside either within the same or different switch domains. Furthermore, we present an improvement over RSPAN and discuss its feasibility in delivering mirrored traffic across switch domains, which, in contrast to ERSPAN, does not require an L3 overlay network.