350 likes | 471 Views
Efficient Over-Provisioning of Network Systems and Services: Principles and Practices. Dong Xuan * Dept. of Computer Science and Engineering The Ohio-State University. What is Over-Provisioning?.
E N D
Efficient Over-Provisioning of Network Systems and Services: Principles and Practices Dong Xuan *Dept. of Computer Science and Engineering The Ohio-State University The Ohio State University
What is Over-Provisioning? • Resources are allocated conservatively, depending on expected demands, changes in demands and other corresponding challenges. • Examples: replicated content, replicated servers, allocating more bandwidth, multi-path routing etc. The Ohio State University
Outline • Objective • Principles • Practices in Overlay Networks • Practices in Sensor Networks • Final Remarks The Ohio State University
Objective • Providing high performance, sustainability and reliability to network systems and services The Ohio State University
Challenges and Opportunities • Challenges: • Traffic amount • Dynamics of traffic pattern • Malicious and non-conforming participants • Opportunities: • Resources, such as bandwidth, storage, processing power are no longer the bottlenecks that used to be so in the past. The Ohio State University
Why Over-Provisioning? • Enable uninterrupted services • Reaction under extreme operating conditions are milder if not eliminated • Maintenance and corresponding dynamics are easier if done properly • System update is easier The Ohio State University
However…… • Over provisioning is not always good. • Over provisioning also comes at the price of increased maintenance. • Resource come at a price. They are not free. The Ohio State University
What We Want to Do? • Study the principles of over provisioning • Practices in a wide spectrum of network systems and services The Ohio State University
Principles • A case study – bandwidth over provisioning in networks • Currently it is conducted in an ad hoc manner by ISPs • QOP: Quantitative Over Provisioning • Our work on Transaction on Networking 04 [1] and RTSS 01 [2] The Ohio State University
Further Study on Over Provisioning Principles • System resources • System nodes • Connectivity • Network Paths • Data content, energy and storage • Dynamics due to failures and attacks The Ohio State University
Practical applications of Over-Provisioning • Overlay Networks • Sensor Networks The Ohio State University
Overlay Networks The Ohio State University
Practices in Overlay Networks • Resilient Structured Peer to Peer Systems • QoS aware and Reliable Overlay Multicast and Anycast Services • Secure Overlay Forwarding Systems The Ohio State University
Resilient Structured P2P Systems • Structured P2P systems • Distributed Hash Table (DHT) based • Node ID and data ID match together • CAN, CHORD, PASTRY and TAPSTRY • These systems are not resilient to malicious attacks ! • Our solution: • over provisioning in neighbor connectivity • RCHORD and CAN-SW The Ohio State University
Chord • Routing is strictly uni-directional in Chord unlike other systems. • Attackers can take great advantage of this mechanism. N16 N112 80 + 25 80 + 26 N96 80 + 24 80 + 23 80 + 22 80 + 21 80 + 20 N80 The Ohio State University
RChord: Reverse Chord system • Our enhancement solution: adding reverse edges in ICCNMC 03 [4] • Two issues: • How to add the reverse edges? • How to do routing with reverse edges? The Ohio State University
Algorithms for adding reverse edges • Deterministic: Reverse edges are added to nodes deterministically. • Mirror: Chosen number of reverse edges are added anti clockwise mirroring the original edges. • Uniform: Chosen number of edges are added at uniform intervals in the anti clockwise direction. • Local Remote (LR) combination: Alternatively a chosen number of local (near) and remote (far) edges are added anti clockwise. • Randomized: Reverse edges are added randomly anti clockwise. • Hybrid (LR combination with Randomization): Local neighbors are chosen similar to LR combination method and remote neighbors are chosen anti clockwise randomly. The Ohio State University
Performance of RChord • Sensitivity of Average path length under attacks. • (No. of reverse edges =2 and No. of nodes =1K, 16K respectively) • We can observe significant performance improvement as attack intensities (Pr: the probability of node being malicious) increase. • Number of reverse edges need not be proportional to number of nodes to increase performance. • LR scheme performs best as Pr increases. The Ohio State University
CAN • CAN is based on Torus • The ideal average lookup distance is (d/4)n1/d • Due to nodes’ dynamic joining and leaving, the ideal situation can’t be achieved The Ohio State University
j i CAN-SW: CAN with Small World • Small-world model • Introduce remote neighbors • This mechanism can reduce the average path length to O(log2n) • CAN-SW • We introduce remote neighbors as finger neighbors to improve lookup performance in Globecom 03 [3] The Ohio State University
Performance of CAN-SW (1) • Resilience to failure of finger neighbors The Ohio State University
Performance of CAN-SW (2) • Resilience to failure of special neighbors The Ohio State University
Research Issues • Modeling and Analysis of system behavior and attacks • Neighbor Connectivity Over Provisioning based Resilient P2P systems design • Quantifying the number of reverse edges in RChord • Quantifying the number of remote edges in CAN-SW The Ohio State University
QoS Aware Overlay Multicast and Anycast • Unicast, multicast and anycast • Network layer multicast and anycast • We have proposed an efficient fault-tolerant multicast routing protocol in TPDS 99 [5] (38). • We have proposed a routing protocol for anycast messages in TPDS 00 [6], 04 [7] (38, 39). • Overlay multicast and anycast • Multiple path over provisioning based approaches The Ohio State University
Secure Overlay Forwarding Systems • It is an intermediate forwarding overlay system. • Layering: Each node only knows the next layer nodes. • Access to target controlled by a set of filters. • Target is known only to filters. The Ohio State University
Design Features • The number of layers: 3 layers of hierarchy between sources and a target. • Mapping degree: Number of next layer neighbors • Node density: Number of nodes per layer • Under random congestion attacks, path availabilities are high if mapping degree is high. The Ohio State University
The Generalized Secure Overlay Forwarding System • We have generalized the system in ICDCS 04 [8]. • Design features are flexible. The Ohio State University
Combination of Congestion-based attacks and break-in based attacks Congestion attacks result in node being non-functional for the duration of the attack. Successful break-in attacks result in disclosure of next layer neighbors. Intelligent DDoS Attacks The Ohio State University
System Performance Observation • Over Provisioning is not always good. • Care should be exercised. The Ohio State University
Research Issues • Modeling and analysis of system behavior and attacks • Over Provisioning based Secure Overlay Forwarding Systems design • Layers • Connectivity The Ohio State University
Practices in Sensor Networks • Sensor Networks • A new paradigm of networking • A lot of applications, cheap, easy to deploy, but limited in energy • Physical attacks • Small size of sensors and the nature of distributed deployment • Examples: Random attacks and Search based attacks The Ohio State University
Practices in Sensor Networks • The impacts of Physical attacks Lifetime Vs. Attack arrival rate • Solution: Over Provision nodes in ICC05-sub [9] The Ohio State University
Research Issues • Modeling and analysis of system behavior and attacks • Node and Structure Over Provisioning The Ohio State University
Final Remarks • The principles of Over Provisioning • QOP: Quantitative Over Provisioning on network resources • Practices of Over Provisioning in • Overlay Networks • Resilient Structure P2P systems –Neighbor connectivity • QoS aware Overlay multicast and anycast – Path • Secure Overlay Forwarding Systems – Layers and Connectivity • Sensor networks • Resilience to Physical attacks – node and structure The Ohio State University
References • S. Wang, Dong Xuan, R. Bettati and W. Zhao, “Providing Absolute Differentiated Services for Real-Time Applications in Static-Priority Scheduling Networks”, in IEEE/ACM Transactions on Networking (ToN), Vol 12, No. 2, April 2004. • S. Wang, Dong Xuan, R. Bettati and W. Zhao, “Differentiated Services with Statistical Real-Time Guarantees in Static-Priority Scheduling Networks”, in Proc. of IEEE Real-time System Symposium (RTSS), 2001. • S. Wang, Dong Xuan and W. Zhao, “On Resilience of Structured Peer-to-Peer Systems”, in Proc. of IEEE Global Telecommunications Conference (GLOBECOM), Dec. 2003. • Dong Xuan, S. Chellappan and M. Krishnamoorthy, “RChord: An Enhanced Chord System Resilient to Routing Attacks”, in Proc. of IEEE International Conference on Computer Networks and Mobile Computing (ICCNMC), Oct. 2003. • W. Jia, W. Zhao, Dong Xuan, and G. Xu, “An Efficient Fault-Tolerant Multicast Routing Protocol with Core-Based Tree Techniques”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 10, No. 10, Oct. 1999. • Dong Xuan, W. Jia, W. Zhao, and H. Zhu, “A Routing Protocol for Anycast Messages”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 11, No. 6, June 2000. • W. Jia, Dong Xuan, W. Tu, L. Lin and W. Zhao, “Distributed Admission Control for Anycast Flows”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol 15, No. 8, August 2004. • Dong Xuan, S. Chellappan, X. Wang and S. Wang, ”Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks”, in Proc. of IEEE International Conference on Distributed Computing Systems (ICDCS), March 2004. • Xun Wang, Wenjun Gu, Sriram Chellappan, Kurt Schosek, Dong Xuan, “Lifetime Optimization of Sensor Networks under Physical Attacks ”, submitted to ICC 2005. The Ohio State University