Brain-on-Switch: Towards Advanced Intelligent Network Data Plane via NN-Driven Traffic Analysis at Line-Speed
Jinzhu Yan, Haotian Xu, Zhuotao Liu, Qi Li, Ke Xu, Mingwei Xu, Jianping Wu
TL;DR
BoS addresses the challenge of enabling neural-network-driven traffic analysis directly on the data plane, moving beyond tree-based INDP approaches limited by hardware constraints. It introduces a data-plane friendly binary RNN with a sliding-window mechanism to perform unlimited time-step inference at line-speed, and couples it with an off-switch transformer-based analysis module via an Integrated Model Inference System (IMIS) to escalate ambiguous flows. Across four traffic analysis tasks, BoS achieves up to ~19% higher macro-F1 than NetBeacon and ~40% higher than binary MLP N3IC, while keeping the majority of flows on-switch ($>95\%$) and demonstrating scalability to hundreds of thousands to millions of flows per second. The work demonstrates the practical viability of NN-driven INDP on programmable switches, offering substantial gains in accuracy and throughput for real-time network analytics.
Abstract
The emerging programmable networks sparked significant research on Intelligent Network Data Plane (INDP), which achieves learning-based traffic analysis at line-speed. Prior art in INDP focus on deploying tree/forest models on the data plane. We observe a fundamental limitation in tree-based INDP approaches: although it is possible to represent even larger tree/forest tables on the data plane, the flow features that are computable on the data plane are fundamentally limited by hardware constraints. In this paper, we present BoS to push the boundaries of INDP by enabling Neural Network (NN) driven traffic analysis at line-speed. Many types of NNs (such as Recurrent Neural Network (RNN), and transformers) that are designed to work with sequential data have advantages over tree-based models, because they can take raw network data as input without complex feature computations on the fly. However, the challenge is significant: the recurrent computation scheme used in RNN inference is fundamentally different from the match-action paradigm used on the network data plane. BoS addresses this challenge by (i) designing a novel data plane friendly RNN architecture that can execute unlimited RNN time steps with limited data plane stages, effectively achieving line-speed RNN inference; and (ii) complementing the on-switch RNN model with an off-switch transformer-based traffic analysis module to further boost the overall performance. We implement a prototype of BoS using a P4 programmable switch as our data plane, and extensively evaluate it over multiple traffic analysis tasks. The results show that BoS outperforms state-of-the-art in both analysis accuracy and scalability.