1 / 16

Resilient Overlay Networks

Resilient Overlay Networks. Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS http://nms.lcs.mit.edu/projects/ron/. Problems with ISP-Based Routing. Users cannot select routing metrics. Sophisticated routing only within each ISP. Only ISPs assemble measurements.

sgregory
Télécharger la présentation

Resilient Overlay Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS http://nms.lcs.mit.edu/projects/ron/

  2. Problems with ISP-Based Routing • Users cannot select routing metrics. • Sophisticated routing only within each ISP. • Only ISPs assemble measurements. • Hop-by-hop model is error-prone.

  3. Example Problem: Policy Routing Site 2 Site 3 ISP1 ISP2 Site 1 ISP3 Site 5 Site 4 The red path may be legal but forbidden by policy.

  4. RON Approach • Move routing control towards end systems. • Take advantage of small scale. • Base decisions on end-to-end monitoring.

  5. A Resilient Overlay Network Site 2 Site 3 Virtual RON link N2 N3 RON node / edge router ISP1 ISP2 N1 ISP3 Site 1 N5 N4 RON nodes exchange measurements and choose routes.

  6. End-System Control Enables Sophisticated Applications • End-to-end QoS requirements. • End-to-end metrics and trust. • Aggressive adaptive re-routing algorithms. • Application-oriented policy interpretation. • Coordinated reactions to DoS attacks.

  7. Example: Reliable Routing N2 N3 ISP1 ISP2 x N1 ISP3 Overload N5 N4

  8. Example: Perimeter Defense (1) • Analyzing DoS attacks requires cooperation. • Detect near target, control near source. • Variable routing confuses historic traffic analysis. • Asymmetric routing hides one-way flows. • Hard to guess ingress even w/ true source addr. • Groups of ISPs can deploy monitoring nodes. • Use RON for reliable coordination.

  9. Example: Perimeter Defense (2) C1 C2 1. Look for unusual traffic. R1 R2 ISP1 ISP2 2. Exchange alerts over RON. ISP3 R4 R3 3. Detect and control sources. C4 C3 Attacker Attacker

  10. RON Implementation Challenges • Measurements • Topology choice • Adaptive Routing • Security

  11. Measurements • Characterize alternate paths: • Do they fail independently? • How often do they perform better? • Are there multiple sensible metrics? • Are measurements predictive? • Time scales long enough for adaptive routing?

  12. Topology Choice N4 N2 N3 ISP1 ISP2 N1 N5 ISP3 N7 N6 IP routing prefers short virtual links for high reliability. Gnutella prefers long links for fast query propagation.

  13. Adaptive Routing • Goal: Good paths through the RON topology. • Tools: • Application-provided guidance. • Small scale  aggressive algorithms. • Cooperative measurement infrastructure. • RON-level source routing obviates consistency. • Example: choose best 2-hop path.

  14. Security • Protection of data: • End-to-end or IPSec over RON virtual links. • Protection of routing and control traffic: • Sites can choose whom to trust. • Protection against DoS attacks on RON: • End-to-end authentication, hash cash.

  15. Project Plan • Measure existing Internet for validation. • Design topology and routing algorithms. • Deploy RON nodes. • Build initial app: real-time collaboration. • Generalize API (content distribution, peer to peer file sharing).

  16. Summary • RON moves routing control to end systems. • Well suited to collaborating groups of sites. • Benefits: • More robust routing than the Internet. • More control over QoS. • Platform for cooperative defenses.

More Related