Int
ern
at
i
onal
Journ
al
of El
e
ctrical
an
d
Co
mput
er
En
gin
eeri
ng
(IJ
E
C
E)
Vo
l.
9
, No
.
6
,
Decem
ber
201
9
, p
p.
5519~
5528
IS
S
N:
20
88
-
8708
,
DOI: 10
.11
591/
ijece
.
v
9
i
6
.
pp5519
-
55
28
5519
Journ
al h
om
e
page
:
http:
//
ia
es
core
.c
om/
journa
ls
/i
ndex.
ph
p/IJECE
Enh
anced IPFIX fl
ow mo
nitoring
fo
r VXL
AN
b
ased
cloud
over
l
ay netwo
rks
Osman G
ha
z
al
i
1
,
Shahz
ad
a
Khurr
am
2
1
Inte
rNetWorks
Resea
rch
L
abor
a
tor
y
,
Schoo
l
of
Com
puti
ng,
Uni
ver
siti
Utar
a
Ma
lay
s
ia,
Ma
lay
sia
2
Depa
rtment of
Com
pute
r
Scie
n
ce
,
th
e
Isl
amia
U
nive
rsit
y
Baha
w
al
pur, Pakist
an
Art
ic
le
In
f
o
ABSTR
A
CT
Art
ic
le
history:
Re
cei
ved
Dec
20
, 201
8
Re
vised
A
pr
18
, 2
01
9
Accepte
d
J
un
1
7
, 201
9
The
d
emands
for
cl
oud
computi
ng
services
is
ra
pidly
growing
d
ue
to
it
s
f
as
t
adopt
ion
and
th
e
m
igra
ti
on
of
workloads
from
priva
t
e
data
ce
n
t
ers
to
cl
oud
dat
a
ce
nt
ers.
M
a
n
y
companie
s,
s
m
al
l
and
l
arg
e
,
p
ref
er
sw
it
ch
ing
t
hei
r
da
ta
to
the
en
te
rpr
ise
c
loud
envi
ronm
e
nt
rat
h
er
th
an
expa
nding
the
ir
own
data
ce
nt
ers.
As
a
re
sult
,
the
n
et
wor
k
tra
ff
ic
in
cl
ou
d
data
c
enters
i
s
in
creasing
rap
idly
.
How
ever,
d
ue
to
th
e
d
ynamic
resourc
e
provisioni
ng
an
d
high
-
spee
d
virt
ualiz
ed
c
loud
net
works
,
th
e
tr
adi
ti
on
al
f
low
-
m
onit
oring
s
y
s
te
m
s
is
unabl
e
to
provide
d
et
a
i
l
visibi
l
ity
and
informati
on
of
t
raf
fic
tra
v
ersing
the
c
loud
over
lay
n
et
wor
k
envi
ronm
ent
.
Henc
e
,
it
do
e
s
not
ful
fill
th
e
m
onit
oring
req
uire
m
ent
of
c
loud
over
l
a
y
t
raf
fic
.
As
t
he
grow
th
of
c
loud
ne
twork
tra
ff
i
c
ca
uses
difficul
ties
for
the
ser
vic
e
prov
ide
r
s
and
end
-
user
s
to
m
ana
ge
the
tra
f
fic
eff
ici
ent
l
y
,
a
n
enh
an
ce
d
IPF
IX
flow
m
onit
oring
m
ec
hani
sm
for
cl
oud
over
l
a
y
net
works
w
as
proposed
t
o
addr
ess
thi
s
proble
m
.
Th
e
m
onit
oring
m
ec
hani
sm
provide
d
de
ta
i
l
vi
sibil
ity
and
inf
orm
at
ion
of
over
lay
n
et
work
tra
ffi
c
that
tra
v
erse
d
the
cl
oud
envi
ronm
ent
,
w
hic
h
is
not
ava
i
la
bl
e
in
the
cur
ren
t
net
wor
k
m
onit
oring
sy
stems
.
Th
e
ex
per
iment
a
l
result
s
show
ed
tha
t
the
proposed
m
onit
oring
sy
st
em
abl
e
to
ca
pt
ure
over
l
a
y
net
work
tr
aff
i
c
a
nd
segre
ga
te
d
th
e
t
ena
nt
tr
aff
i
c
b
ase
d
on
v
irt
u
al
m
ac
hine
s
a
s
compare
to
th
e
s
ta
ndar
d
m
onit
ori
ng
s
y
st
em
.
Ke
yw
or
d
s
:
C
loud m
on
it
or
i
ng
F
low cl
assifi
ca
ti
on
Flow
m
on
it
or
i
ng
IP
F
IX
O
ve
rlay
n
et
work
s
Copyright
©
201
9
Instit
ut
e
o
f
Ad
vanc
ed
Engi
n
ee
r
ing
and
S
cienc
e
.
Al
l
rights re
serv
ed
.
Corres
pond
in
g
Aut
h
or
:
Osm
an
Ghaza
li
,
Int
er
Net
Work
s
Resea
rc
h
La
borat
or
y,
School
of Com
pu
ti
ng,
Un
i
ver
sit
i Uta
r
a Ma
la
ysi
a,
Ked
a
h, Ma
la
ysi
a
.
Em
a
il
: os
m
an@
uum
.ed
u.
m
y
1.
INTROD
U
CTION
The
t
ra
diti
on
al
cl
oud
pr
ov
i
de
rs
are
st
rug
gling
t
o
kee
p
up
with
ne
w
cl
ou
d
com
pu
ti
ng
r
equ
i
rem
ents
wh
ic
h
inclu
de
virtu
al
m
achine
m
igrati
on,
scal
abili
ty
a
nd
netw
ork
is
olati
on
in
a
l
arg
e
cl
ou
d
ne
twork
env
i
ronm
ent.
To
m
anag
e
a
l
arg
e
an
d
c
om
plex
cl
oud
net
w
ork
in
fr
a
str
uctur
e
re
qu
i
res
th
e
m
on
it
or
in
g
s
yst
e
m
to
captu
re
it
s
sta
t
e
preci
sel
y
[
1].
T
her
e
fore,
n
et
work
arc
hitec
ts
shou
l
d
rethin
k
t
heir
cl
oud
de
sig
ns
a
nd
a
dopt
si
m
pler
top
ol
ogie
s
an
d
ne
w
con
t
ro
l
prot
oco
l
s
to
achieve
be
tt
er
per
f
or
m
ance
and
ope
rati
on
al
agili
ty
in
m
ul
ti
-
te
nan
t cl
oud ne
tworks
.
Virtuali
zat
ion
play
s
a
vital
rol
e
in
the
i
m
plem
entat
ion
of
cl
oud
com
pu
ti
ng
.
Howe
ver
,
vi
rtuali
zat
ion
te
chnolo
gies
a
dd
c
om
plexity
to
cl
oud
pro
vi
der
s
a
nd
co
nsum
ers
.
I
t
le
ads
to
dif
ficult
in
m
anag
ing
no
t
on
ly
ph
ysi
cal
but
vi
rtual
resou
rce
in
cl
oud
inf
ra
structu
re
[
2
-
5].
The
com
plexity
of
cl
oud
ne
twork
in
fr
a
struc
ture
requires
root
c
ause
analy
sis
of
netw
ork
prob
le
m
s
and
in
-
de
pth
tr
ouble
sh
ooti
ng
w
he
n
a
prob
le
m
hap
pe
ns
.
Find
i
ng
the
ca
us
e
of
the
pro
bl
e
m
inv
olve
s
s
earchi
ng
into
s
ever
al
la
ye
rs
inclu
ding
ph
ysi
cal
and
vi
rtual
la
ye
rs.
Ther
e
f
or
e,
a
re
li
able
and
real
-
tim
e
m
on
it
or
ing
syst
em
is
r
equ
i
red
for
the
cl
oud
pro
vid
e
rs
an
d
co
nsum
ers
to
unde
rstan
d
the
perform
ance
issues,
a
nd
the
causes
of
fail
ure
in
cl
ou
d
inf
r
ast
r
uctur
e
[
6].
So
m
e
or
ga
niz
at
ion
s
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
9
, N
o.
6
,
Dece
m
ber
201
9
:
5519
-
5528
5520
m
ay
hav
e
m
iss
ion
-
crit
ic
al
ap
pl
ic
at
ion
s
that
a
re
ho
ste
d
on
m
ulti
ple
cl
ouds
f
or
hi
gh
avail
ab
il
ity
and
w
orkl
oa
d
sh
ari
ng
co
nce
r
ns
.
I
n
s
uch
sit
ua
ti
on
s
,
m
on
it
ori
ng
is
e
ssentia
l
to
sig
nifica
ntly
i
m
pr
ove
the
perform
ance
of
real
-
t
i
m
e
app
li
cat
ion
s
a
nd
e
na
ble
troublesh
ooti
ng
the
m
ulti
ple
cl
ou
d
net
w
ork
inf
rastr
uct
ur
e
[
7].
T
his
pap
e
r
pr
ese
nt
s
an
e
nh
a
nce
d
IP
F
I
X
flo
w
m
on
it
or
in
g
syst
em
fo
r
VX
L
A
N
based
cl
oud
ov
erlay
net
works.
The
propose
d
m
on
it
or
ing
sys
tem
can
capture
the
V
XL
AN
pack
et
s
i
n
a
c
loud
en
vir
onm
ent
an
d
di
ff
e
re
ntiat
e
them
f
ro
m
o
th
er
netw
ork
tra
f
fic.
The
rem
ai
nd
er
of
this
pa
per
procee
ds
as
f
ol
lows
.
Sect
i
on
2
desc
ribes
t
he
pac
ket
obs
erv
at
io
n
a
nd
sel
ect
ion
m
ech
anism
.
Sect
ion
3
exp
la
ins
th
e
6
-
tu
ple
base
d
flo
w
process
ing
an
d
cl
assif
ic
at
ion
m
echan
ism
.
Sect
ion
4
desc
ribes
t
he
e
nh
a
nced
IPFI
X
m
essagin
g
syst
e
m
with
flow
e
xport
proces
s.
Sect
ion
5
pre
sents
the
flow
c
ollec
ti
on
an
d
traff
ic
analy
sis
pr
oce
ss.
Finall
y,
Sect
ion
6
co
nclu
des
the
pa
per
and
br
ie
fs
the
fu
t
ur
e
researc
h direct
i
on in
cl
oud
m
on
it
or
i
ng
.
Re
la
te
d
W
or
k
,
There
ha
ve
been
m
any
re
search
an
d
de
velo
pm
ent
effor
ts
in
the
fiel
d
of
cl
oud
m
on
it
or
ing
an
d
tra
ff
ic
analy
s
is
for
t
he
la
st
f
ew
ye
ars
.
As
a
res
ult,
m
any
too
ls
ha
ve
bee
n
intr
oduce
d
t
o
m
eet
var
i
ou
s
need
s
of
cl
oud
tra
ff
ic
m
easur
em
ent
[8
]
.
The
m
on
it
or
i
ng
syst
em
s
f
or
res
ource u
ti
li
zat
ion
in
virtua
li
zed
and
l
ar
ge
cl
oud
en
vironm
ent
hav
e
re
centl
y
been
pro
posed
[9
-
10]
. H
owe
ve
r,
these m
echan
ism
s d
o
no
t
pro
vide
the
com
plete
picture
of
m
on
it
or
i
ng
i
n
res
pect
of
cl
ou
d
overlay
net
w
orks
i
n
a
virt
ualiz
ed
e
nv
i
ronm
ent.
More
ov
e
r,
thes
e
m
echan
ism
s
hav
e
no
t
ta
ke
n
the
dynam
ic
natur
e
of
cl
oud
ov
e
rlay
netw
ork
perf
or
m
ance
into
account.
For
cl
assify
ing
traf
fi
c
into
flo
ws
,
L.
De
ri
an
d
F.
F
us
c
o
[
11]
pro
pose
d
the
real
-
ti
m
e
cl
oud
m
on
it
or
in
g
arch
it
ect
ure
ba
sed
on
netw
ork
pro
bes.
H
ow
ever,
it
did
not
include
the
m
echan
ism
of
ov
erlay
netw
o
r
k
traff
ic
cl
assifi
cat
ion
in
the
pro
po
se
d
arch
it
ect
ure.
I
n
an
oth
e
r
r
esea
rch
w
ork,
Ma
nn
et
al
.
[
12
]
propose
d
a
fl
ow
-
base
d
netw
ork
ser
vic
e
m
on
it
or
in
g
s
olu
ti
on
f
or
cl
oud
in
fr
a
struct
ure.
H
oweve
r,
it
o
nly
analy
ze
d
flo
w
m
on
it
or
in
g
protoc
ols s
uc
h as NetFl
ow [1
3]
an
d
s
Flo
w [
14
]
on
ph
ysi
ca
l and vi
rtual s
witc
hes for tra
f
fic analy
sis.
The
IE
TF
int
rod
uced
IP
F
low
I
nfo
rm
at
i
on
E
xport
(
I
PFIX)
protoc
ol
for
e
xpor
ti
ng
per
-
fl
ow
inf
or
m
at
ion
.
H
ow
e
ve
r,
th
e
I
P
FI
X
arc
hitec
tu
re
de
scri
bed
i
n
[15
-
17]
ha
s
li
m
it
ed
functi
onal
it
ie
s
and
nee
ds
to
be
enh
a
nce
d.
T
he
enhance
m
ent
process
s
ho
uld
pro
vid
e
va
rio
us
f
unct
io
ns
li
ke
a
ggre
gation,
filt
erin
g,
or
the
m
od
ific
at
ion
of
flo
w
rec
ords
for
t
he
m
ea
ns
of
sa
ving
sy
stem
resour
ces
an
d
pro
vid
in
g
processi
ng
ta
sk
s
f
or
colle
ct
ing
only
traf
fic d
at
a
of
cl
o
ud
ov
e
rlay
netw
ork
.
Trad
it
io
nal
IPFIX
base
d
Fl
ow
Mo
nitor
i
ng
Ar
c
hitec
ture
D
esi
gn
,
T
he
arc
hitec
ture
of
t
he
IP
F
IX
base
d
Flow
M
on
it
or
i
ng
syst
em
con
sist
s
of
seve
ral
sta
ges
that
include
pac
ke
t
ob
se
rv
at
io
n
and
sel
ect
io
n,
flo
w
m
et
ering
a
nd
e
xport
proce
ss,
flo
w
c
o
ll
ect
ion
process
an
d
t
r
aff
ic
a
naly
sis.
Fig
ure
1
pr
es
e
nts
tra
diti
on
al
IP
F
IX
base
d
fl
ow m
on
it
or
i
ng arc
hitec
ture desig
n
a
nd
processi
ng stages.
A
ll
proce
ssing ste
ps ac
t
on p
ac
kets.
Figure
1. IPFI
X base
d
fl
ow
m
on
it
or
ing p
rocess arc
hitec
tu
re
2.
PACKET
OB
SERVATIO
N
AND SEL
EC
TION
The
pac
ket
observ
at
io
n
an
d
s
el
ect
ion
sta
ge
consi
st
s
of
pac
ket
captu
rin
g,
pack
et
filt
erin
g
and
pac
ket
sam
pling
.
Packets
m
us
t
be
r
ead
on
the
li
ne,
and
t
he
packet
ob
ser
vatio
n
is
the
first
ste
p
of
this
arch
it
e
ct
ure
.
Ty
pical
ly
,
pack
et
s
captu
rin
g
is
per
f
or
m
ed
on
the
Netw
ork
In
te
r
face
Ca
r
d
(NIC)
,
w
hich
carries
the
pa
ckets.
Be
fore
a
packet
m
ov
es
to
the
receivin
g
ho
st
m
e
m
or
y,
se
ver
al
chec
king
s
are
perform
e
d
on
the
car
d
buffe
r
su
c
h
as
c
hec
ksum
err
ors
to
e
ns
ure
t
he
pa
ck
et
is
receive
d
i
n
the
ori
gin
al
f
or
m
.
Du
e
to
t
he
high
tra
ff
ic
outp
ut
,
m
os
t
of
the
pa
cket
ca
ptu
ri
ng
is
perf
or
m
ed
on
wi
red
ne
tworks
.
I
t
can
ra
ng
e
f
ro
m
a
Local
Area
Netw
ork
(LAN)
to
a
Wide
Ar
ea
Net
w
ork
(
WAN).
F
ig
ure
2
presen
ts
the
pr
op
os
e
d
en
han
ce
d
IPFIX
flo
w
m
on
it
or
in
g
sys
tem
d
esi
gn
and pr
ocessin
g st
ages.
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N:
20
88
-
8708
En
hance
d
I
PFI
X fl
ow mo
nitor
ing
f
or
V
XLAN
base
d
cl
ou
d o
verl
ay netw
or
k
s (Osma
n Gha
za
li
)
5521
Figure
2
.
The
pro
po
se
d
e
nha
nced
I
PFIX
Flow
m
on
it
or
in
g sy
stem
2.1.
Packe
t
c
aptur
ing in
virt
ua
l
enviro
nmen
t
In
cl
ou
d
en
vir
on
m
ents,
virt
ua
l
network
ra
pid
ly
bec
om
es
m
or
e
i
m
po
rta
nt
due
to
the
wides
pr
ea
d
dep
l
oym
ent
of
virt
ual
m
achines.
Since
the
virt
ual
en
vir
onm
ent
is
rap
i
dl
y
grow
i
ng
in
cl
oud
e
nviro
nm
ents,
pack
et
ca
ptu
ri
ng
of
virtu
al
ne
tworks
has
be
com
e
m
or
e
com
m
on
in
cl
oud
en
vir
on
m
ents.
A
lt
houg
h
thing
s
get
a
lot
m
or
e
com
pl
ic
at
ed
i
n
virtu
al
en
vironme
nts,
the
de
ploym
ent
of
packet
captur
in
g
de
vice
is
ver
y
sim
il
ar
to
dep
l
oym
ent
in
the
wire
d
netw
ork.
T
ho
us
an
ds
of
vi
rtual
m
a
chines
a
re
i
nter
connecte
d
to
e
ach
oth
er
as
a
virtu
a
l
netw
ork
by
usi
ng
virtu
al
s
witc
hes
to
interc
onnect
the
virtua
l
m
achines
[
18
]
.
A
vi
rtual
s
witc
h
w
orks
th
e
sa
m
e
as
a
hard
war
e
switc
h
t
hat
s
upports
virtu
al
ne
twork
ta
ps
an
d
port
m
irrorin
g.
I
n
virt
ual
e
nviro
nm
ents,
traf
fic
is
captu
red
thr
ou
gh
in
-
li
ne
m
od
e
or
m
irro
rin
g
m
od
e.
The
refo
re,
m
irro
re
d
tra
ff
ic
f
orwa
rd
e
d
to
physi
cal
por
ts
ca
n
be
ca
ptured
u
si
ng a
ded
ic
at
e
d packet
-
capt
ur
i
ng d
e
vice
ou
tsi
de
the
v
i
rtual e
nv
i
ronm
ent.
2.2.
Packe
t
c
aptur
ing p
r
ocess
The
i
n
-
li
ne
m
od
e
has
bee
n
sel
ect
ed
for
captur
i
ng
t
he
pack
et
s
in
high
-
s
pee
d
cl
oud
net
wor
k
env
i
ronm
ents.
The
de
velo
pme
nt
of
a
reli
abl
e
m
on
it
or
in
g
a
rch
it
ect
ure
requires
a
f
ull
under
sta
nd
i
ng
of
pack
et
captu
rin
g
proc
ess.
Ma
ny
ap
pl
ic
at
ion
s
pr
ogr
a
m
m
ing
i
nterfac
es
(
APIs)
an
d
li
braries
a
re
avail
able
in
th
e
ope
n
so
urce
Lin
ux
en
vir
on
m
ent.
The
m
os
t
reli
able
li
br
ary
li
bp
ca
p
[
19
]
is
us
e
d
f
or
pac
ket
ca
ptu
ri
ng
.
Since
the
ope
r
at
ing
syst
em
network
sta
ck
is
pe
rfor
m
ed
f
or
ge
ner
al
pur
pose
net
work
i
ng,
the
li
bpacp
li
brary
is
us
e
d
f
or
ha
ndover
of
pac
kets
from
the
NI
C
to
the
pack
et
ca
pturin
g
ap
plica
ti
on
.
T
he
ov
e
r
al
l
pack
et
capt
ur
i
ng
process
d
e
pe
nds on
t
he
syst
e
m
p
e
rfor
m
ance a
s pre
-
pac
ket pr
ocessin
g o
verh
ead is a
dded
dur
i
ng the
proce
ss.
2.3.
Packe
t
filteri
n
g
Packet
filt
erin
g
is
the
te
c
hniqu
e
that
de
fine
s
the
act
io
ns
pe
rfor
m
ed
on
e
ver
y
si
ng
le
pa
cket
recei
ve
d
from
the
obser
vation
point
f
or
the
sel
ect
ion
of
par
ti
cular
pack
et
s
.
T
he
r
ole
of
pac
ket
f
il
te
ring
is
def
i
ned
in
RFC
5475
as
s
epar
at
ing
t
he
pa
ckets
with
a
s
pecific
propert
y
from
tho
se
without
it
[
2
0
]
.
This
ste
p
is
a
dopte
d
for
sel
ect
in
g
the
pac
ket
s
that
we
are
interest
ed
with
,
w
hich
is
VX
L
A
N
(V
i
rtual
eX
te
ns
ible
LA
Ns
)
[2
1
]
pack
et
s
.
Ty
pical
ly
,
this
ty
pe
of
packet
filt
erin
g
requires
pro
pe
rty
m
a
t
ched
filt
erin
g
te
chn
iq
ue.
Whereb
y
,
a
pac
ket
is
sel
e
ct
ed
if
a
s
pecif
ic
fiel
d
of
a p
a
cket
is
e
qu
al
t
o
a
s
pecified
val
ue
or
insi
de
a
s
pecified
val
ue
range
[2
0
]
.
In
orde
r
t
o
desig
n
t
he
fi
lt
ering
te
c
hn
i
que
of
cl
oud
ov
erlay
pac
kets,
the
com
plete
structu
re
of
V
X
LA
N
pack
et
f
or
m
at
w
hic
h
is
def
i
ne
d
in
RFC
7348
[2
1
]
has
t
o be
cl
early
u
nde
rstood
.
2.4.
V
X
L
AN b
a
se
d
p
acket filter
ing mec
hani
sm
The
cl
ou
d
ove
rlay
is
a
new
t
echnolo
gy
in
wh
ic
h
pac
kets
are
enca
psula
te
d
in
t
he
ove
rlay
networ
k.
Ther
e
f
or
e,
the
m
os
t
crit
ic
al
ste
p
is
retrie
vin
g
a
nd
sam
pli
ng
t
he
VX
L
A
N
pac
kets.
Th
e
pro
po
se
d
te
c
hn
i
qu
e
insp
ect
the
c
aptu
red
pac
ke
ts
and
s
el
ect
on
ly
V
XL
A
N
pac
kets.
A
ll
pack
et
s
are
read
directl
y
from
the
obse
rv
at
io
n
po
i
nt
with
ti
m
e
stam
ped
.
Packets
a
re
in
sp
ect
ed
base
d
on
the
hea
der
instea
d
of
the
whol
e
payl
oad
i
nspec
ti
on
to
reduce
ov
e
r
head
a
nd
m
ini
m
iz
e
the
load
at
the
pa
cket
sel
ect
io
n
sta
ge.
T
he
se
le
ct
ed
pack
et
bec
om
e
s an el
em
ent o
f
the
ou
t
pu
t
pac
ket stream
.
Fo
r
t
he
sel
ect
ion
of
VXLA
N
pack
et
s,
t
he
f
ollow
i
ng
ste
ps
hav
e
to
be
pe
rfor
m
ed
on
e
ach
ar
riving
pa
cket.
This
is
done
wi
thout d
r
opping
or alt
erin
g
e
ve
n
a
sin
gle p
ac
ke
t
[
22
]
.
I
n
t
he
fi
rst
ph
ase,
each
ar
riv
ing
raw
pac
ket
requires
pac
ke
t
siz
e
check
a
s
the
m
ini
m
u
m
.
The
VX
L
A
N
pack
et
siz
e
inc
lud
in
g
al
l
hea
de
rs
is
72
byte
s
without
payl
oa
d
siz
e.
I
f
t
he
pa
cket
siz
e
is
le
ss
tha
n
72
byte
s
then
m
ov
e t
he packet t
o
t
he
in
it
ia
l ph
ase.
Othe
rw
i
se,
forwa
r
d
the
p
ac
ket t
o t
he
ne
xt
ph
a
se.
I
n
the
sec
ond
ph
a
se,
e
xtract
the
o
uter
IPv
4
hea
der
fiel
ds
and
chec
k
t
he
pac
ket
pr
oto
c
ol.
By
def
a
ult,
the
V
XL
AN
pa
ckets
us
e
UDP
f
or
com
m
un
ic
at
ion
.
If
t
he
protoc
ol
is
no
t
U
DP
t
hen
m
ov
e
to
the
i
niti
al
ph
a
se.
Othe
rw
i
se, fo
rw
a
rd the
p
ac
ket to t
he n
ext phase
.
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
9
, N
o.
6
,
Dece
m
ber
201
9
:
5519
-
5528
5522
I
n
the
t
hir
d
phase,
op
e
n
t
he
VX
L
A
N
hea
de
r
a
nd
chec
k
t
he
5th
bit
.
Th
e
valid
V
XL
A
N
pack
et
5t
h
bit
m
us
t
be
on
out
of
fi
rst
ei
ght
bits.
I
f
the
5t
h
bit
is
not
on
,
then
m
ov
e
to
the
init
ia
l
ph
a
se.
Ot
herwise
,
forw
a
r
d
the
p
a
cket to t
he ne
xt phase.
On
ce
al
l
the
c
he
cks
are
pe
rform
ed
su
ccess
fu
l
ly
,
then
sel
ect
the
pac
ket
f
r
om
the
input
strea
m
,
and
pac
ket
count
is
incre
m
ented
by
one
to
acc
ount
f
or
the
j
us
t
ar
riv
ed
pac
ket.
T
he
n,
t
he
sel
ect
ed
pac
ket
will
be
forw
a
r
d
t
o t
he flo
w processi
ng.
3.
FLOW P
ROC
ESSIN
G ST
A
GE
The
fl
ow
proc
essing
sta
ge
c
on
sist
s
of
pac
ke
t
aggreg
at
io
n,
flow
cac
he,
fl
ow
sel
ect
io
n
a
nd
tra
nsp
or
t
protoc
ol.
Af
te
r
the
sel
ect
ion
of
filt
ere
d
pac
ke
ts,
cl
oud
overl
ay
pack
et
s
will
be
a
ggre
gated
into
netw
ork
t
raffic
flo
ws
f
or
te
m
po
ra
rily
stored
i
n
the
fl
ow
cac
he.
Net
w
ork
tr
aff
ic
flo
w
is
de
scribe
d
as
a
s
equ
e
nce
of
pa
ckets
betwee
n
tw
o
e
ndpoints
base
d
on
the
key
fiel
ds
.
Ty
pical
ly
,
a
flo
w
patte
rn
i
s
base
d
on
5
tu
ples
w
hich
re
present
the
set
of
fi
ve
d
iffe
re
nt
key
va
lues
as
des
cri
bed
in
Fig
ure
3
.
It
in
cl
udes
a
source
I
P
a
dd
ress
a
nd
s
ourc
e
port
nu
m
ber
,
destin
at
ion
IP
a
ddre
ss
and
destinat
ion
po
rt
nu
m
ber
an
d
the
pro
tocol
in
us
e
[15].
If
the
valu
es
of
the
key
fiel
ds
of
the
ne
w
captu
red
pac
ke
t
m
at
ch
the
exis
ti
ng
flo
w,
t
hen
the
pac
ket
will
be
a
dd
e
d
t
o
the
existi
ng
fl
ow
an
d
inf
or
m
ation
is
updated
accor
dingly
.
O
n
the
oth
e
r
ha
nd,
if
the
value
s
of
the
key
fiel
ds
do
no
t
m
at
ch
any
of
the
existi
ng
fl
ow,
then
a
new
flow
will
be
gen
era
te
d
and
sto
re
d
in
the
flow
cache
.
Flow
ge
ne
rati
on
an
d
update
ste
ps
ca
n
be
re
peatedly
pe
rfor
m
ed
f
or
fl
ow
ag
gregati
ons.
H
oweve
r,
ty
pica
l
5
-
t
up
le
ba
sed
flo
w
patte
r
n
cannot
f
ulfill
the
requirem
ents
of
V
XL
A
N
ba
sed
fl
ow
generati
on.
As
overlay
netw
ork
tra
ff
ic
involve
d
m
ore
la
ye
rs;
there
fore
a
dd
it
io
nal
fiel
ds
require
d
to
i
de
ntify
the
e
ncr
ypte
d
t
unnel
traff
ic
for fl
ow
g
e
ner
at
io
n.
Figure
3.
Ty
pi
cal
flo
w patt
er
n base
d on 5
-
tu
ple
an
d ne
w
flow
p
at
te
r
n
for VXL
A
N base
d o
n 6
-
t
up
le
3.1.
V
X
L
AN b
as
e
d 6
-
t
uple
flow
The
VXLA
N
base
d
fl
ow
cl
a
ssific
at
ion
require
s
m
or
e
tha
n
5
-
tu
ple
fiel
ds.
Th
e
V
XL
A
N
ba
sed
cl
ou
d
ov
e
rlay
netw
ork
tra
ff
ic
use
s
a
un
iq
ue
network
i
den
ti
fie
r
(VN
I)
value
for
com
m
un
ic
at
ion
bet
wee
n
tw
o
te
nan
ts,
w
he
re
each
te
nan
t
create
s
a
dynam
ic
ov
erlay
netw
ork
f
or
c
omm
un
ic
at
ion
with
oth
er
t
enan
ts
.
The
V
NI
fiel
d
has
24
bits
a
nd
ca
n
ide
ntif
y
a
m
axi
m
u
m
of
16
m
il
l
ion
VX
L
A
N
segm
ents.
T
he
key
ste
p
to
m
on
it
or
ing
V
XLAN b
ase
d
overlay
net
wor
k
traff
ic
is
to
i
de
ntify
the
V
N
I
value.
The
refo
re,
a n
ew
flo
w
patte
rn
cal
le
d
VX
L
A
N
base
d
6
-
tu
pl
e
flow
is
intr
oduce
d
.
It
repre
sents
a
set
of
s
ix
fiel
d
value
s.
A
new
VNI
ke
y
fiel
d
is
add
e
d
on
th
e
tradit
ion
al
fl
ow
key
patte
r
n
w
hich
m
akes
it
a
un
i
qu
e
6
-
tu
ple
V
XL
A
N
ba
sed
flo
w
patte
rn.
The
fiel
ds
i
nclud
e
a
s
ource
I
P
address
a
nd
so
urce
po
rt
num
ber
,
destinat
ion
IP
ad
dress
and
dest
inati
on
por
t
nu
m
ber
,
prot
oc
ol
an
d
a
new
l
y
add
e
d
fiel
d
VNI.
I
f
a
ny
of
fiel
d
c
ha
ng
e
,
then
a
new
fl
ow
will
be
ge
ne
rated.
Figure
3
pr
ese
nts
the
ne
w
V
XLAN
base
d
6
-
t
up
le
flo
w
pa
tt
ern
.
Eac
h
se
par
at
e
flo
w
ha
s
an
e
ntry
ass
ociat
e
d
with
t
he
non
-
ke
y
fiel
ds
i
nclu
ding
f
lo
w
sta
rt
tim
e,
end
ti
m
e,
total
num
ber
of
pack
et
s
an
d
total
byte
s.
All
act
ive
netw
ork
tra
ff
ic
f
lo
ws
i
nfor
m
at
ion
is m
ai
ntain
ed
in t
he flo
w
cache.
3.2.
Flow
cl
as
sific
at
i
on
F
low
cl
assifi
c
at
ion
is
us
e
d
to
m
ap
each
i
nput
pac
ket
to
it
s
resp
ect
i
ve
flo
w.
T
his
op
e
rati
on
is
necessa
ry
as
the
pr
ocessin
g
of
eac
h
i
nput
pack
et
is
done
at
VX
L
A
N
ba
sed
pack
et
filt
ering
m
echan
ism
.
Af
te
r
the
filt
erin
g,
each
pac
ket
that
arr
ive
s
in
the
flow
cl
assifi
er
has
the
releva
nt
6
-
tup
le
s
hea
der
fiel
ds
extracte
d.
The
6
-
t
up
le
s
he
ade
r
fiel
d
val
ues
in
the
ar
riving
pack
et
are
c
ompare
d
with
the
existi
ng
flo
w
entries
.
If
the
re
is
no
m
at
ching
ent
ry
found,
the
n
a
new
flo
w
will
be
create
d
bas
ed
on
the
6
-
tu
ples
V
XLAN
patte
rn.
In
t
he
e
ven
t
of
existi
ng
ent
ry
m
a
tc
hed
,
t
he
existi
ng
flo
w
e
n
try
is
up
dated
with
in
f
or
m
ation
from
this
new
l
y
arr
ive
d
pac
ket
and
seve
ral
fiel
ds
are
al
so
update
d.
T
he
pa
cket
count
is
in
crem
ented
by
on
e
to
acco
un
t
f
or
the
pack
et
t
ha
t
just
ar
rive
d.
The
byte
c
ount
is
inc
rem
e
nted
by
t
he
num
ber
of
byte
s
of
data
pr
es
ent
i
n
the
pac
ket.
T
he
tim
est
a
m
p
is
al
so
update
d
with
the
c
urrent
tim
e
to
ind
ic
at
e
that
a
new
pack
et
j
ust
arr
i
ved
for
this
flow.
The
tim
est
a
m
p
is
u
sed
to
age
out
old
fl
ow
e
ntries.
The
ps
e
udoc
od
e
f
or
the
i
m
plem
entat
ion
of
fl
ow
cl
assifi
cat
ion
m
echan
ism
b
ased
on 6
-
t
uple
s
patte
rn
is gi
ve
n
in
A
l
gorithm
1
.
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N:
20
88
-
8708
En
hance
d
I
PFI
X fl
ow mo
nitor
ing
f
or
V
XLAN
base
d
cl
ou
d o
verl
ay netw
or
k
s (Osma
n Gha
za
li
)
552
3
Algorithm
1
V
XLAN
base
d f
low patt
er
n
al
gorithm
OP
c
ount
is i
niti
al
iz
ed
to zer
o
Ca
ll
the f
lo
w flush ti
m
er an
d
i
niti
al
iz
ed
to ze
ro
OP
Sc
ount is
in
it
ia
li
zed to
zer
o
/
* Ov
e
rlay
Pack
et
siz
e*/
A
rr
i
val
of VXL
AN p
a
cket v
P
i
chec
k
t
he
6
-
tu
ple v
al
ue
of the
p
ac
ket
v
P
i
if
(
N
o VNI
base
d
fl
ow
-
gro
up
-
pa
tt
ern
fou
nd)
the
n
Ma
ke n
ew fl
ow
-
gro
up
-
patte
r
n [S
ourc
e, D
e
sti
nation I
P,
P
or
t
In, Port
Ou
t,
VNI]
If
( Gr
oup
-
pa
tt
ern is see
n)
t
h
en
Send/A
dd p
ac
ke
t t
o
existi
ng
fl
ow
-
gr
oup
I
ncr
em
ent O
P
count
I
ncr
em
ent O
P
Scount
E
nd if
Else
Check
the
flo
w
f
lus
h
ti
m
er
I
f ( f
l
ush ti
m
e
r
e
xp
ire
)
t
hen
Ma
ke new
f
lo
w
-
gro
up
-
pa
tt
ern
En
d
if
Else
No act
ion
En
d
if
4.
IPFI
X
ME
SS
AGE
AND F
LOW E
X
PO
R
T
The
sim
plifie
d
IP
F
IX
m
essage
f
or
m
at
consi
sts
of
ve
rsion
num
ber
,
m
e
ssage
le
ngth
,
expo
rt
tim
e,
seq
uen
ce
nu
m
ber
a
nd
dom
ain
sourc
e
ID
a
nd
dif
fer
e
nt
set
of
re
co
rds
[15]
.
IP
F
IX
is
a
n
open
s
ource
sta
nd
a
r
d,
wh
ic
h
is
def
i
ne
d
in
RFC7
011
by I
E
TF.
4.1.
V
X
L
AN b
as
e
d IPFI
X
temp
late
T
he
IPFI
X
te
m
pla
te
is
based
on
a
set
of
fi
el
ds
that
can
be
expor
te
d
to
f
low
rec
ords
th
at
are
nam
ed
inf
or
m
at
ion
el
e
m
ents.
The
de
ta
il
of
IP
FIX
inform
at
ion
el
e
m
ents
avail
able
at
In
te
r
net
Assigned
Num
ber
s
Au
t
hority
(IA
NA),
wh
ic
h
is
respo
ns
ible
f
or
m
ai
ntaining
a
sta
nd
a
rd
li
st
of
IPFI
X
in
for
m
at
ion
el
e
m
ents
[23].
The
IP
F
IX
in
f
or
m
at
ion
el
em
ents
ca
n
be
de
fine
d
f
r
om
the
data
li
nk
la
ye
r
to
t
he
a
ppli
cat
ion
la
ye
r.
H
ow
e
ve
r
com
m
on
infor
m
at
ion
el
e
m
ents
belo
ng
t
o
the
net
wor
k
an
d
tra
ns
po
rt
la
ye
r.
On
t
he
ot
he
r
ha
nd,
I
PF
I
X
al
so
su
pp
or
ts
pr
i
vat
e
inf
or
m
at
ion
el
e
m
ents.
The
r
eq
uire
d
VX
L
AN
base
d
IP
F
I
X
in
form
at
ion
el
e
m
ents
are
de
fine
d
in
Ta
ble
1.
E
xcep
t
f
or
V
NILabel
in
form
a
ti
on
el
em
ent,
al
l
of
th
e
ot
he
r
in
form
at
ion
el
e
m
ents
are
a
lready
def
i
ned
in
IANA
sta
ndar
d
l
ist
of
IP
F
IX
inf
or
m
at
ion
el
em
ents.
As
pe
r
the
re
searc
h
requirem
ent
o
f
cl
ou
d
ov
e
rlay
netw
or
k
m
on
it
or
in
g,
a
ne
w
3
byte
s
of
i
nfor
m
at
ion
el
e
m
ent
nam
e
d
V
N
ILa
bel
ia
ad
ded
a
s
a
pri
vate
inf
or
m
at
ion
elem
ent.
Table
1
.
V
xlan
b
ase
d IPF
IX
i
nfor
m
at
ion
ele
m
ents
ID
Na
m
e
Descripti
o
n
Byte
size
152
f
lo
wStartM
illiseco
n
d
s
Ti
m
esta
m
p
of
the
f
lo
w’s f
irst pack
et.
8
153
f
lo
wEnd
Milliseco
n
d
s
Ti
m
esta
m
p
of
the f
lo
w’s last pack
et.
8
8
so
u
rceI
Pv
4
Ad
d
ress
IPv4
so
u
rce
ad
d
ress in
the p
acket h
ea
d
er.
4
12
d
estin
atio
n
IPv4
Ad
d
ress
IPv4
d
estin
atio
n
add
ress in
the p
acket h
eader.
4
7
so
u
rceT
rans
p
o
rtPort
So
u
rce
p
o
rt
in
the t
rans
p
o
rt
h
eader
2
11
d
estin
atio
n
Tr
an
sp
o
rtPort
Destin
atio
n
po
rt
in
the trans
p
o
rt
h
ead
er.
2
10
in
g
ressInt
erface
Interf
ace
ad
d
ress
wh
ere
p
ackets
in
4
14
eg
ressInt
erface
Interf
ace
ad
d
ress
wh
ere
p
ackets
ou
t
4
2
p
acketDeltaC
o
u
n
t
Nu
m
b
e
r
o
f
pack
ets f
o
r
th
e f
lo
w
8
1
o
ctetDeltaCo
u
n
t
Nu
m
b
e
r
o
f
bytes f
o
r
th
e f
lo
w
8
4
p
roto
co
lIden
tif
ier
IP
p
roto
co
l nu
m
b
e
r
in
the p
acket h
ea
d
er
1
1001
VNILab
el
VXLA
N netwo
rk i
d
en
tif
ier
v
alu
e in th
e pack
et head
er.
3
I
n
a
ddit
ion
,
a
new
V
XL
A
N
ba
sed
IPFI
X
te
m
plate
based
on
Table
1.
i
nfor
m
at
ion
el
e
m
ents
is
const
ru
ct
e
d
.
F
or
exam
ple,
T
e
m
plate
ID
20
3
in
Fi
g
ure
4
presents
the
VX
L
A
N
base
d
set
of
in
for
m
at
ion
el
e
m
ents in
I
P
FI
X
m
essage.
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
9
, N
o.
6
,
Dece
m
ber
201
9
:
5519
-
5528
5524
Figure
4
.
V
XL
AN b
ase
d
te
m
plate
flo
w rec
ord
in IPF
IX m
e
ssage
4.2.
Data
rec
ords
Flow
e
ntries
a
re
m
a
intai
ned
in
the
flo
w
ca
che
ta
bles
f
or
a
certai
n
per
i
od
.
A
fter
the
flo
w
entry
tim
eou
t,
w
het
her
it
is
idle
or
act
ive
ti
m
e
ou
t,
fl
ow
data
is
f
orwa
rd
e
d
to
a
process
f
or
buil
ding
an
IPF
I
X
m
essage.
A
n
I
PFIX
m
essage
is
con
st
ru
ct
e
d
with
te
m
plate
ID
t
hat
in
this
stud
y
VX
L
A
N
bas
ed
te
m
plate
and
flo
w
data
are
store
d
in
IP
F
I
X
recor
ds
.
Mo
reover
,
data
se
ts
are
us
ed
in
IP
F
IX
to
car
ry
data
reco
r
ds
to
be
expo
rted
to
the
colle
ct
or
.
A
da
ta
set
is
based
on
m
any
diff
eren
t
data
rec
ords
,
an
d
each
d
at
a
recor
d
ha
s
flo
w
pro
per
ti
es
bas
ed
on
the
te
m
plate
.
Fig
ure
4
pr
e
sents
m
ulti
ple
flo
w
records
in
t
he
I
PF
IX
m
essage
a
nd
al
so
pr
ese
nts
the
V
XLAN
base
d
f
low
data
rec
ord.
A
5
6
-
byte
s
require
d
f
or
c
on
st
ru
ct
io
n
of
VX
L
A
N
ba
sed
flo
w
record
data
set
in IPFI
X
m
essage
.
4.3.
Flow
ex
po
r
t
p
rocess
IP
F
IX
ca
n
sup
port
m
ulti
ple
tr
ans
port
protoc
ol
for
flo
w
ex
port
[
15
]
.
The
flow
e
xpor
t
proc
ess
def
ine
s
how
to
car
ry
VX
L
A
N
based
IP
F
IX
m
essages
via
m
ulti
p
le
trans
port
pr
oto
c
ols
f
ro
m
flow
e
xport
pro
cess
t
o
flo
w
colle
ct
or
for
f
ur
t
her
data
analy
sis.
Af
t
er
the
co
ns
tr
uc
ti
on
of
V
XL
A
N
base
d
I
PF
I
X
m
essage,
U
DP
has
been
sel
ect
e
d
as
the
trans
por
t
pr
ot
oco
l
f
or
expo
rting
the
f
low
rec
ord
to
the
flo
w
colle
ct
or
.
UDP
car
r
ie
s
no
ov
e
r
head, a
nd it
is a w
i
dely
d
e
plo
ye
d t
ra
ns
po
rt pro
t
oco
l
f
or
flo
w
e
xpor
t
pr
oc
ess.
4.4.
Flow
colle
cti
on a
nd tra
ff
ic
analys
is
The
flo
w
colle
ct
or
is
respo
nsi
ble
fo
r
c
ollec
ti
ng
fl
ow
data
wh
ic
h
is
export
ed
by
the
flo
w
ex
porter,
and
t
his
is
an
essenti
al
par
t
of
t
he
fl
ow
m
on
it
ori
ng
syst
e
m
.
It
wo
rks
li
ke
rece
ptio
n
a
nd
receive
d
da
ta
fr
om
m
ul
ti
ple
flow
expo
rters
an
d
store
them
acc
ordin
g
to
the
r
equ
i
rem
ent
fo
r
fu
rt
her
net
wor
k
traff
ic
pe
rfo
r
m
ance
analy
sis.
Flo
w
data
ge
ner
al
l
y
do
es
no
t
c
onta
in
any
payl
oad
a
s
the
c
onte
nt
of
e
nd
use
r
com
m
un
ic
at
ion
s
is
protect
ed
.
SiL
k
[
2
4
]
is
sel
ect
ed
as
a
fl
ow
colle
ct
or
.
SiL
k
un
der
sta
nds
IP
F
IX
m
essage
sam
pled
da
ta
and
su
pp
or
ts
al
l t
ran
spo
rt pr
oto
c
ols.
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N:
20
88
-
8708
En
hance
d
I
PFI
X fl
ow mo
nitor
ing
f
or
V
XLAN
base
d
cl
ou
d o
verl
ay netw
or
k
s (Osma
n Gha
za
li
)
5525
5.
SIMULATI
O
N AND E
X
PE
RIM
E
NT
RE
SU
LT
S
In
orde
r
to
bui
ld
a
cl
ou
d
ov
e
rlay
netw
ork
e
nv
i
ronm
ent,
a
cl
oud
unde
rlay
netw
ork
was
dev
el
op
e
d
.
A
to
polo
gy
tha
t
represe
nts
V
XLAN
base
d
c
loud
netw
ork
e
nv
i
ronm
ent
as
pr
ese
nted
in
Fi
gure
5
was
des
igne
d
for
the
si
m
ulatio
n
.
T
he
topol
og
y
co
ns
ist
ed
of
th
ree
ser
vers
on
a
virtu
al
iz
ed
hype
rv
is
or
with
dif
fer
e
nt
netw
ork
segm
ents
on
unde
rlay
netw
orks.
T
w
o
ser
vers,
nam
el
y
Ku
al
a
Lum
pu
r
an
d
New
Y
ork,
w
ere
us
e
d
for
m
ulti
-
te
nan
cy
e
nviro
nm
ent
fo
r
the
virtu
al
m
achin
e
to
virtu
al
m
achine
c
omm
un
ic
at
ion
s.
The
thir
d
se
rv
e
r
act
ed
as
the
r
oute
r
t
o
c
onnect
both
se
rv
e
rs
f
or
com
m
un
ic
at
ion
wit
h
eac
h
oth
e
r
i
n
the
unde
rlay
ne
twork
.
Li
nux
Ubu
ntu
16.04
Se
rver
editi
on
with
m
ini
m
u
m
pack
age
s
was
i
nst
al
le
d
on
al
l
s
erv
e
rs
.
In
a
dd
it
ion
,
tw
o
di
fferent
I
P
netw
ork
segm
ents
wer
e
crea
te
d
.
The
17
2.1
6.10.0/
24
was
for
Kual
a
Lu
m
pu
r
serv
e
r,
and
the
17
2.16.
20.0
/
24
was
f
or
N
ew
York
ser
ve
r,
a
nd
both
we
re
connecte
d
to
s
erv
e
r
-
3
(N
et
w
ork
Cl
ou
d)
w
hi
ch
pe
rfor
m
ed
routin
g
serv
ic
e.
Fig
ure
5
dem
on
strat
e
s d
et
ai
l o
f
t
he unde
rlay
n
et
w
ork
c
onnecti
vit
y t
o
al
l ser
ver
m
achines.
Figure
5
.
Cl
oud
ov
e
rlay
n
et
w
ork
e
nviro
nm
e
nt w
it
h u
nderla
y netw
ork deta
il
5.1.
Dataset
f
or
si
mulati
on
Fo
r
c
l
oud
ove
rlay
network
m
on
it
or
ing
m
e
chan
ism
,
the
exp
e
rim
ent
us
ed
Mi
nin
et
f
or
si
m
ulati
on
.
Traffic
betwee
n
dif
fer
e
nt
vir
tual
m
achines
was
ge
ner
at
e
d
by
the
w
el
l
-
kn
own
net
work
to
ol
iper
f
[2
5
]
t
o
m
on
it
or
the
pe
rfor
m
ance
m
e
asur
em
ent
unde
r
dif
fer
e
nt
co
nd
it
io
ns
.
Fi
g
ure
5
il
lustrate
s
the
traff
ic
ge
ne
rated
betwee
n diff
e
r
ent n
et
wo
r
k
se
gm
ents b
ased
on the
f
ollow
i
ng
dataset
.
Transm
issi
on
dur
at
io
n:
60 m
i
nu
te
s
Pr
ot
oc
ol: ICM
P
Virtual Mac
hine
-
A1
Virt
ual Mac
hi
ne
-
A2
Se
nd
i
ng
rate:
200
byt
es/
sec
Virtual Mac
hine
-
B1
Vi
rtual Mac
hi
ne
-
B2
S
e
ndin
g
rate:
100
byt
es/
sec
Vir
tual M
ac
hine
-
C1
Vi
rtual Mac
hi
ne
-
C2
S
e
ndin
g
rate:
200
byt
es/
sec
.
The
s
im
ulati
on
was
perf
or
m
e
d
on
a
Lin
ux
ba
sed
virtu
al
e
nvir
on
m
ent,
us
i
ng
Mi
nin
et
[
2
6
]
si
m
ulati
on
too
l,
vi
rtual
m
achines
,
O
pen
Vsw
it
c
hes
[2
7
]
and
differe
nt
networ
k
segm
ents
wer
e
c
reated
for
cl
oud
overlay
netw
orks
e
nvir
on
m
ent.
A
pl
ugin
was
de
vel
op
e
d
a
nd
c
ompil
ed
with
t
he
op
e
n
source
to
ol
ya
f
[2
8
]
bas
ed
on
the
pr
opos
e
d
al
gorithm
s
to
enh
a
nce
t
he
e
xisti
ng
IPFI
X
flo
w
m
on
it
or
i
ng
m
echan
ism
s
f
or
V
XL
AN
base
d
cl
oud ov
e
rlay
netw
orks.
5.2.
Experim
en
t
r
esults
Figure
6
sho
w
s
the
ex
per
im
e
nt
res
ults
of
t
he
sta
nd
a
rd
m
on
it
or
i
ng
t
oo
l.
This
to
ol
capt
ur
e
s
t
he
total
nu
m
ber
of
pac
kets
an
d
band
width
but
co
uld
not
ide
ntify
the
V
XL
AN
ba
sed
tu
nnel
traf
fic
in
a
vi
rtual
cl
oud
netw
ork
e
nv
i
r
on
m
ent.
O
n
t
he
oth
e
r
ha
nd
,
Fig
ur
e
7
shows
the
res
ults
of
the
pro
pose
d
V
XL
AN
base
d
m
on
it
or
ing
sys
tem
,
wh
ic
h
m
a
nag
e
s
to
capt
ure
VX
L
A
N
pac
kets
an
d
di
ff
e
r
entia
te
d
the
tra
ff
ic
bas
ed
on
Virtua
l
Netw
ork
Id
e
ntifie
r
(
V
NI)
a
nd
oth
e
r
tra
ff
ic
.
VNI
100
repre
sents
the
capt
ured
t
unnele
d
tr
aff
ic
betwee
n
virtu
al
m
achines
A
1
a
nd
A
2.
Sim
il
ar
ly
,
VN
I
200
re
pr
ese
nts
the
ca
ptured
t
unnele
d
traf
fic
bet
we
en
vi
rtual
m
ac
hin
es
B1
an
d
B
2
with
ti
m
e
and
dat
e
stam
p
durati
on,
a
nd
the
re
m
ai
nin
g
tra
ff
ic
is
show
n
a
s
ot
her
t
raffic
.
Howev
e
r,
the
sta
ndar
d
m
on
it
ori
ng
to
ol
un
a
ble
to
ca
pt
ur
e
t
he
virt
ual
tunnel
traf
fic
and
c
ould
on
ly
identify
one
tr
aff
ic
or
total
traff
ic
.
O
n
the
ot
her
ha
nd,
the
pr
opose
d
m
echan
ism
can
ca
pt
ur
e
t
he
li
ve
t
unnel
traf
fic
an
d
al
so
c
a
n
identify
VX
L
AN
pac
kets
a
nd
disti
ng
uish
the
tra
ff
ic
be
tween
Virt
ual
Netw
ork
Id
e
nt
ifie
r
(
V
NI)
a
nd
oth
e
r
traff
ic
i
n
a
high
-
s
pee
d
cl
ou
d virtual
netw
ork
envir
on
m
ent.
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
9
, N
o.
6
,
Dece
m
ber
201
9
:
5519
-
5528
5526
Fig
ure
6
.
Stan
da
rd f
lo
w
m
on
it
or
i
ng (byt
es
an
d packets
capt
ur
e
d)
Fig
ure
7
.
V
XL
AN b
ase
d
en
ha
nced
I
PFIX
flo
w
m
on
it
or
i
ng
(
byte
s
an
d pac
ke
t
captu
red)
6.
CONCL
US
I
O
N
The
st
ud
y
pro
po
s
ed
V
XL
A
N
base
d
e
nh
a
nced
I
PFIX
fl
ow
m
on
it
or
in
g
syst
e
m
for
cl
oud
overlay
netw
orks
.
A
fl
ow
cl
assifi
cat
ion
m
echan
ism
base
d
on
6
-
tu
ples
patte
rn
an
d
VX
L
A
N
bas
ed
flo
w
rec
ord
IP
F
I
X
m
essage
to
identify
the
virt
ual
traff
ic
was
pr
op
os
e
d
.
T
he
propose
d
syst
e
m
can
captur
e
the
in
visib
le
cl
ou
d
ov
e
rlay
netw
ork
tra
ff
ic
to
id
entify
,
track
,
analy
ze
and
m
on
it
or
the
perform
ance
of
cl
oud
ov
e
rlay
networ
k
serv
ic
es
.
As
the
perf
or
m
ance
of
a
syst
e
m
is
dyna
m
ic
a
nd
dep
e
nds
on
m
ulti
ple
par
am
et
ers,
the
propose
d
syst
e
m
is
capab
le
to
c
on
ti
nu
ou
sly
trac
king,
qu
a
ntifyi
ng
a
nd
upda
ti
ng
t
he
m
on
it
or
ing
r
esults.
T
he
pro
po
s
ed
m
on
it
or
ing
sy
stem
can
pr
ovide
ne
tw
ork
operat
or
s
with
detai
le
d
in
for
m
at
ion
ab
out
the
tra
ff
ic
tra
ver
si
ng
a
li
nk
ed
a
nd
re
la
te
d
inf
or
m
at
i
on
e
sp
eci
al
ly
su
it
ed
to
th
e
m
od
e
r
n
cl
oud
-
sc
al
e
data
center.
It
woul
d
hel
p
cl
oud
netw
ork
op
e
rat
or
s
a
nd
use
rs
t
o
quic
kly
a
nd
proacti
vely
res
olv
e
a
ny
net
w
ork
-
base
d
perf
or
m
ance
issue
s
with
end
-
to
-
en
d visi
bili
ty
an
d
act
io
nab
le
i
ns
ig
hts.
ACKN
OWLE
DGME
NTS
This
resea
rch
is
fu
nded
by
the
Fu
ndam
e
ntal
Re
search
Gr
ant
Sc
hem
e
(F
RGS
)
13
144
(
2014)
.
The
a
uthor
s
w
ou
l
d
li
ke
t
o
t
hank
t
he
Mi
ni
stry
of
E
du
cat
ion
Ma
la
ysi
a
and
U
niv
e
rsiti
Utara
Ma
la
ys
ia
for
su
pp
or
ti
ng a
nd
fundin
g
t
his r
e
search
.
REFERE
NCE
S
[1]
A.
Vira
t
ana
panu
,
et
al.
,
“
On
-
de
m
and
fine
gra
in
resourc
e
m
onit
o
ring
s
y
st
em
for
serve
r
consoli
d
a
ti
on,
”
B
ey
ond
th
e
Inte
rnet
-
Innov
a
t
ions f
or F
u
ture Net
works and
S
e
rvic
es
,
pp
.
1
-
8,
2
010.
[2]
N.
Chandra
ka
la
and
B.
Rao,
“
Migrat
ion
of
Virtua
l
Ma
chi
n
e
to
improve
the
Secur
ity
in
Cl
oud
Com
puti
ng,
”
Inte
rnational
Jo
urnal
of El
e
ct
ri
c
al
and
Comput
er
Engi
n
ee
ring
(
IJE
CE)
,
vol
.
8
(1)
,
pp.
210
-
219
,
20
18.
[3]
A.
Bucha
de
and
R.
Ingle,
“
Te
rn
ar
y
Tree
Based
Approac
h
For
Acc
essing
th
e
Res
ourc
es
b
y
Overl
appi
ng
Mem
ber
s
in
Cloud
Comput
ing,”
Inte
rna
ti
onal
Journal
of
El
e
ct
rica
l
and
Computer
Engi
ne
ering
(
IJE
CE)
,
vol.
7
(6)
,
pp.
3593
-
3601
,
2017.
Evaluation Warning : The document was created with Spire.PDF for Python.
In
t J
Elec
&
C
om
p
En
g
IS
S
N:
20
88
-
8708
En
hance
d
I
PFI
X fl
ow mo
nitor
ing
f
or
V
XLAN
base
d
cl
ou
d o
verl
ay netw
or
k
s (Osma
n Gha
za
li
)
5527
[4]
S.
Deshpande
a
nd
R.
Ingle,
“
Prefe
ren
ce
s
Base
d
Custom
iz
ed
T
rust
Model
for
As
sessment
of
Cloud
Services,
”
Inte
rnational
Jo
urnal
of El
e
ct
ri
c
al
and
Comput
er
Engi
n
ee
ring
(
IJE
CE)
,
vol
.
8
(1)
,
pp.
304
-
325
,
20
18.
[5]
J.
Shao,
et
a
l.
,
“
A
Runti
m
e
Model
Based
M
onit
oring
Ap
proa
ch
for
Clo
ud,
”
2010
IEEE
3rd
Inte
rnat
i
onal
Confe
renc
e
on
C
loud
Computing
,
pp.
313
-
320
,
20
10
.
[6]
D.
Zi
ss
is
and
D
.
L
ekka
s,
“
Addr
essing
cl
oud
co
m
puti
ng
sec
urity
issues,”
Fut
ur.
Gene
r.
Comput.
S
yst.
,
vol
.
28
,
pp.
583
-
592
,
20
12.
[7]
J.
Schad
,
e
t
a
l.
,
“
Runti
m
e
m
ea
sur
ements
in the
cl
o
ud,
”
Proc. V
LD
B
Endow
.
,
vol
.
3
,
pp
.
460
-
471
,
2
010.
[8]
S.
Khurram
,
et
al.
,
“
A
Surve
y
of
Cloud
Monitori
n
g:
High
Le
vel,
L
ow
Le
vel
,
Under
lay
and
Overl
a
y
,
”
Net
apps2015
,
pp.
1
-
7
,
2015
.
[9]
S.
Clay
m
an
,
e
t
al.
,
“
Monitoring
virt
ual
n
et
w
or
ks
with
La
tti
ce
,
”
2
010
IEEE/IF
I
P
Net
work
Operations
and
Manage
ment
S
y
mpos
ium
Workshops
,
pp.
239
-
24
6,
2010
.
[10]
J.
S.
W
ard
and
A.
Bark
er,
“
Vara
nus:
In
Si
tu
M
onit
oring
for
Large
Sca
le
Cloud
S
y
stems
,
”
IE
E
E
5th
Int
ernati
o
nal
Confe
renc
e
on
C
loud
Computing
Technol
og
y
and
Sci
en
ce
,
pp
.
341
-
344
,
2013
.
[11]
L.
Deri
and
F.
Fus
co,
“
MicroCl
oud
-
base
d
net
w
ork
tra
ffi
c
m
onit
oring,”
IFI
P
/IEEE
Inte
rnat
iona
l
Symposium
on
Inte
grated
Net
w
ork
Manage
ment
(
IM)
,
2013.
[12]
V.
Mann,
e
t
a
l.
,
“
Li
v
ing
on
the
edg
e:
Mo
nit
oring
ne
twor
k
flows
at
the
edge
in
cl
ou
d
dat
a
ce
nt
ers,”
Fi
ft
h
Int
ernati
on
al
Conf
ere
nce o
n
(
COMSNETS
)
,
pp.
1
-
9
,
2013
.
[13]
“
NetFlow
,
”
20
18,
[Onlin
e]
,
Avail
ab
le
:
htt
p
s://
ww
w.c
isco.c
om
/c
/e
n/us/prod
uct
s/ios
-
nx
-
os
-
software
/
iosnet
fl
ow/
inde
x.
h
tml.
[14]
S.
Panche
n,
et
al.
,
“
InMon
Corpora
ti
on’s
sF
low:
A
Method
for
Monitori
ng
Tra
ffi
c
in
Sw
it
c
hed
and
Route
d
Networks
,
”
R
FC
Editor
,
2001
.
[15]
B.
Claise,
et
al
.
,
“
Speci
fic
a
ti
on
of
the
IP
Flow
Inf
orm
at
ion
Expor
t
Protocol
for
the
Exc
h
ange
of
Fl
ow
Inform
at
ion,”
RF
C
7011
,
2018
,
[Onlin
e]
,
Avai
l
abl
e
:
ht
tps:/
/
tools
.
ie
tf
.
org/ht
m
l/rf
c7011.
[16]
T.
Zseb
y
,
e
t
al.
,
“
Requi
rement
s
for
IP
Flow
Inform
at
ion
Export
(IPF
IX)
,
”
IETF
RF
C
3917
,
2004
,
[Online]
,
Avail
ab
le
:
htt
p
:/
/
tool
s.i
et
f.
org
/htm
l/
rfc
3917.
[17]
T.
Zseb
y
,
et
al
.
,
“
IP
Flow
Infor
ma
ti
on
Export
(IP
FIX
)
Applic
abi
l
i
t
y
,
”
RF
C
5472
I
nte
rnet
Engi
ne
ering
Tas
k
Force,
2009.
[18]
B.
Pfaff,
e
t
al
.
,
“
Ext
endi
ng
Net
workin
g
int
o
the
Virtua
liza
ti
on
Lay
er
,
”
Proc
ee
d
ings
of
the
8th
ACM
SIGCO
MM
,
2009
.
[19]
S.
M.
V.
Ja
cobson
and
C.
L
ere
s,
“
li
bpca
p
:
Pack
e
t
ca
p
ture
li
br
ar
y
,
”
Berk
el
e
y
,
CA
,
La
wren
ce
B
erk
el
e
y
La
bor
at
or
y
,
2009.
[20]
T.
Zseb
y
,
et
al
.
,
“
Sam
pli
ng
and
fil
te
r
ing
techn
ique
s
for
IP
pac
ket
sel
ection,
”
RF
C
5475
(
Pro
posed
Standard)
Inte
rnet
Engi
n
eer
ing
Tas
k
Force
,
2009.
[21]
M.
Maha
li
ngam
.
,
“
VX
LAN:
A
F
ramework
for
O
ver
lay
i
ng
Virtual
ized
Lay
er
2
Networks
over
Lay
er
3
Networks,
”
RF
C
7348
Int
erne
t Engi
ne
ering T
ask
Force
,
201
4.
[22]
S.
Khurram
and
O.
Ghaz
al
i
,
“
Design
and
D
eve
l
opm
ent
of
VX
LAN
Based
Clou
d
Overl
a
y
N
et
w
ork
Monitori
ng
S
y
stem a
nd
Environm
ent
,
”
Infor
mation
Techno
lo
gy
–
N
ew
Gen
erati
o
ns
,
Spring
er,
vol
.
738
,
pp.
14
1
-
147,
2018
.
[23]
“
IP
Flow
Inform
at
ion
Expor
t
(IPF
IX)
Ent
it
i
es,
”
2013
,
[Onl
in
e]
,
Available:
h
tt
ps://
ww
w.i
ana
.
org/a
ss
ignments/
ipfi
x/i
pf
ix.
xm
l.
[24]
“
SiLK,
”
(
CER
T
Net
SA)
Carnegie Me
l
lon
Uni
ve
rs
i
ty
,
2018
,
[Onlin
e
]
,
Avail
ab
le
:
htt
p
s://
tool
s.n
et
sa
.
c
e
rt.
org/si
lk/
.
[25]
“
iPerf
-
The
TCP,
UD
P
an
d
SC
TP
net
wo
rk
bandwidt
h
m
ea
surem
ent
to
ol
,
”
2018,
[On
li
ne]
,
Avail
ab
le:
htt
ps://
ipe
rf
.
fr/
.
[26]
“
Minine
t:
An
Instant
Virtu
al
Network
on
y
our
La
ptop
o
r
PC
–
Minine
t
,
”
2018,
[On
li
ne]
,
Avai
la
bl
e
:
htt
p://m
ini
net.or
g/.
[27]
“
Open
vSw
it
ch
,
”
2017
,
[Onlin
e]
,
Avai
la
b
le
:
htt
p
:
//
openvswitc
h
.
or
g/.
[28]
“
YAF
-
Yet
Ano
the
r
Flowm
et
er
,
”
2018,
[Onlin
e]
,
Avai
la
b
le
:
htt
p
s://
tool
s.n
et
sa
.
c
e
rt.
org/
y
a
f/
.
BIOGR
AP
H
I
ES
OF
A
UTH
ORS
Osman
Gha
z
ali
is
an
As
soci
a
te
Profess
or
an
d
the
Depu
t
y
Dea
n
of
Schoo
l
of
Com
puti
ng
,
Univer
siti
Utar
a
Malay
s
ia.
Os
ma
n
holds
a
Ph.D.
degr
ee
in
Info
r
m
at
ion
Technol
og
y
(Networki
n
g)
from
A
wang
Had
Sall
eh
Gradua
te
School,
Univ
ersit
i
Utar
a
Mal
a
y
si
a
(AH
SG
S).
He
did
his
po
st
-
do
ct
ora
l
as
a
r
ese
arc
h
sci
ent
ist at
the School
of
E
ngine
er
ing
and
Applie
d
Sci
ence
,
As
ton
Univer
si
t
y
(EAS)
in
2012.
In
2011,
Os
m
an
was
the
Hea
d
of
the
Com
pute
r
Scie
nce
Dep
artm
ent
,
School
of
Com
puti
ng,
Univer
siti
Utar
a
Malay
si
a.
Prior
to
tha
t,
fr
om
2009
to
2011,
he
w
as
the
Techni
ca
l
Chai
rpe
rson
a
t
the
Univer
si
t
y
Te
a
chi
ng
a
nd
L
ea
rning
C
ent
e
r,
Univer
siti
Ut
ar
a
Malay
si
a.
Dr.
Os
m
an
has
m
or
e
tha
n
100
publ
i
ca
t
ions
as
ref
ereed
book
ch
apter
s
and
ref
ereed
t
e
chni
c
al
p
ape
rs
i
n
journa
ls
and
con
fer
enc
es.
He
is
t
he
co
-
found
er
a
nd
senior
m
ember
of
th
e
In
te
rNe
tworks
Resea
rch
La
bora
tor
y
.
He i
s a
lso a mem
ber
of
the IEEE and the
ACM
.
Evaluation Warning : The document was created with Spire.PDF for Python.
IS
S
N
:
2088
-
8708
In
t J
Elec
&
C
om
p
En
g,
V
ol.
9
, N
o.
6
,
Dece
m
ber
201
9
:
5519
-
5528
5528
Sh
ah
z
ada
Kh
u
rr
am
is
a
Ph
.
D.
ca
ndid
at
e
in
th
e
field
of
Com
pute
r
Networks
a
t
Univer
siti
Utar
a
Malay
s
ia.
He
is
cur
ren
t
l
y
serving
as
an
As
sistant
Profess
or
in
the
Com
pute
r
Scie
n
ce
Dep
art
m
ent
i
n
Islamia
Univer
si
t
y
Baha
wa
lpur, Paki
stan.
His
r
ese
arc
h
intere
sts
in
cl
ude
Ov
erl
a
y
n
et
works
,
IoT
and
Bloc
kch
ai
n
Tech
nologi
es.
Evaluation Warning : The document was created with Spire.PDF for Python.