Flow Classification Mechanisms
Joe Sventek
As the Internet has grown in size and complexity, the necessity for
accurate flow classification mechanisms, especially in edge routers, has
increased dramatically. Besides providing input to firewall filtering
mechanisms, increasingly classification information is used to drive
traffic engineering activities, such as mapping of equivalence classes
of flows to particular MPLS label-switched paths.
Most existing flow classification mechanisms are based upon the use of
well-known ports. Increasingly, ephemeral ports are obtained by
applications through rendezvous via an application-specific well-known
port or via a generally available directory service. By interpreting
the payloads of the rendezvous traffic, one can discern the ephemeral
ports that have been assigned and accurately classify the flows between
those ephemeral ports.
Such techniques (well-known ports and payload interpretation) are
becoming less applicable as more distributed applications seek to
protect the transmitted information via encryption. In addition, legal
strictures may prevent the inspection and interpretation of control
traffic payloads. Therefore, it is essential to develop and validate
statistical classification algorithms for use in such situations.
This talk will discuss research efforts in my group for both payload
inspection and statistical classification techniques.
|