home search a-z help
University of Cambridge Computer Laboratory
Thursday Oct 26th, 2006 - 2pm
Computer Laboratory > Research > Systems Research Group > NetOS > Seminars > Thursday Oct 26th, 2006 - 2pm

Flow Classification Mechanisms

Joe Sventek

As the Internet has grown in size and complexity, the necessity for accurate flow classification mechanisms, especially in edge routers, has increased dramatically. Besides providing input to firewall filtering mechanisms, increasingly classification information is used to drive traffic engineering activities, such as mapping of equivalence classes of flows to particular MPLS label-switched paths.

Most existing flow classification mechanisms are based upon the use of well-known ports. Increasingly, ephemeral ports are obtained by applications through rendezvous via an application-specific well-known port or via a generally available directory service. By interpreting the payloads of the rendezvous traffic, one can discern the ephemeral ports that have been assigned and accurately classify the flows between those ephemeral ports.

Such techniques (well-known ports and payload interpretation) are becoming less applicable as more distributed applications seek to protect the transmitted information via encryption. In addition, legal strictures may prevent the inspection and interpretation of control traffic payloads. Therefore, it is essential to develop and validate statistical classification algorithms for use in such situations.

This talk will discuss research efforts in my group for both payload inspection and statistical classification techniques.