1 / 35

Efficient Over-Provisioning of Network Systems and Services: Principles and Practices

Efficient Over-Provisioning of Network Systems and Services: Principles and Practices. Dong Xuan * Dept. of Computer Science and Engineering The Ohio-State University. What is Over-Provisioning?.

todd-hinton
Télécharger la présentation

Efficient Over-Provisioning of Network Systems and Services: Principles and Practices

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Efficient Over-Provisioning of Network Systems and Services: Principles and Practices Dong Xuan *Dept. of Computer Science and Engineering The Ohio-State University The Ohio State University

  2. What is Over-Provisioning? • Resources are allocated conservatively, depending on expected demands, changes in demands and other corresponding challenges. • Examples: replicated content, replicated servers, allocating more bandwidth, multi-path routing etc. The Ohio State University

  3. Outline • Objective • Principles • Practices in Overlay Networks • Practices in Sensor Networks • Final Remarks The Ohio State University

  4. Objective • Providing high performance, sustainability and reliability to network systems and services The Ohio State University

  5. Challenges and Opportunities • Challenges: • Traffic amount • Dynamics of traffic pattern • Malicious and non-conforming participants • Opportunities: • Resources, such as bandwidth, storage, processing power are no longer the bottlenecks that used to be so in the past. The Ohio State University

  6. Why Over-Provisioning? • Enable uninterrupted services • Reaction under extreme operating conditions are milder if not eliminated • Maintenance and corresponding dynamics are easier if done properly • System update is easier The Ohio State University

  7. However…… • Over provisioning is not always good. • Over provisioning also comes at the price of increased maintenance. • Resource come at a price. They are not free. The Ohio State University

  8. What We Want to Do? • Study the principles of over provisioning • Practices in a wide spectrum of network systems and services The Ohio State University

  9. Principles • A case study – bandwidth over provisioning in networks • Currently it is conducted in an ad hoc manner by ISPs • QOP: Quantitative Over Provisioning • Our work on Transaction on Networking 04 [1] and RTSS 01 [2] The Ohio State University

  10. Further Study on Over Provisioning Principles • System resources • System nodes • Connectivity • Network Paths • Data content, energy and storage • Dynamics due to failures and attacks The Ohio State University

  11. Practical applications of Over-Provisioning • Overlay Networks • Sensor Networks The Ohio State University

  12. Overlay Networks The Ohio State University

  13. Practices in Overlay Networks • Resilient Structured Peer to Peer Systems • QoS aware and Reliable Overlay Multicast and Anycast Services • Secure Overlay Forwarding Systems The Ohio State University

  14. Resilient Structured P2P Systems • Structured P2P systems • Distributed Hash Table (DHT) based • Node ID and data ID match together • CAN, CHORD, PASTRY and TAPSTRY • These systems are not resilient to malicious attacks ! • Our solution: • over provisioning in neighbor connectivity • RCHORD and CAN-SW The Ohio State University

  15. Chord • Routing is strictly uni-directional in Chord unlike other systems. • Attackers can take great advantage of this mechanism. N16 N112 80 + 25 80 + 26 N96 80 + 24 80 + 23 80 + 22 80 + 21 80 + 20 N80 The Ohio State University

  16. RChord: Reverse Chord system • Our enhancement solution: adding reverse edges in ICCNMC 03 [4] • Two issues: • How to add the reverse edges? • How to do routing with reverse edges? The Ohio State University

  17. Algorithms for adding reverse edges • Deterministic: Reverse edges are added to nodes deterministically. • Mirror: Chosen number of reverse edges are added anti clockwise mirroring the original edges. • Uniform: Chosen number of edges are added at uniform intervals in the anti clockwise direction. • Local Remote (LR) combination: Alternatively a chosen number of local (near) and remote (far) edges are added anti clockwise. • Randomized: Reverse edges are added randomly anti clockwise. • Hybrid (LR combination with Randomization): Local neighbors are chosen similar to LR combination method and remote neighbors are chosen anti clockwise randomly. The Ohio State University

  18. Performance of RChord • Sensitivity of Average path length under attacks. • (No. of reverse edges =2 and No. of nodes =1K, 16K respectively) • We can observe significant performance improvement as attack intensities (Pr: the probability of node being malicious) increase. • Number of reverse edges need not be proportional to number of nodes to increase performance. • LR scheme performs best as Pr increases. The Ohio State University

  19. CAN • CAN is based on Torus • The ideal average lookup distance is (d/4)n1/d • Due to nodes’ dynamic joining and leaving, the ideal situation can’t be achieved The Ohio State University

  20. j i CAN-SW: CAN with Small World • Small-world model • Introduce remote neighbors • This mechanism can reduce the average path length to O(log2n) • CAN-SW • We introduce remote neighbors as finger neighbors to improve lookup performance in Globecom 03 [3] The Ohio State University

  21. Performance of CAN-SW (1) • Resilience to failure of finger neighbors The Ohio State University

  22. Performance of CAN-SW (2) • Resilience to failure of special neighbors The Ohio State University

  23. Research Issues • Modeling and Analysis of system behavior and attacks • Neighbor Connectivity Over Provisioning based Resilient P2P systems design • Quantifying the number of reverse edges in RChord • Quantifying the number of remote edges in CAN-SW The Ohio State University

  24. QoS Aware Overlay Multicast and Anycast • Unicast, multicast and anycast • Network layer multicast and anycast • We have proposed an efficient fault-tolerant multicast routing protocol in TPDS 99 [5] (38). • We have proposed a routing protocol for anycast messages in TPDS 00 [6], 04 [7] (38, 39). • Overlay multicast and anycast • Multiple path over provisioning based approaches The Ohio State University

  25. Secure Overlay Forwarding Systems • It is an intermediate forwarding overlay system. • Layering: Each node only knows the next layer nodes. • Access to target controlled by a set of filters. • Target is known only to filters. The Ohio State University

  26. Design Features • The number of layers: 3 layers of hierarchy between sources and a target. • Mapping degree: Number of next layer neighbors • Node density: Number of nodes per layer • Under random congestion attacks, path availabilities are high if mapping degree is high. The Ohio State University

  27. The Generalized Secure Overlay Forwarding System • We have generalized the system in ICDCS 04 [8]. • Design features are flexible. The Ohio State University

  28. Combination of Congestion-based attacks and break-in based attacks Congestion attacks result in node being non-functional for the duration of the attack. Successful break-in attacks result in disclosure of next layer neighbors. Intelligent DDoS Attacks The Ohio State University

  29. System Performance Observation • Over Provisioning is not always good. • Care should be exercised. The Ohio State University

  30. Research Issues • Modeling and analysis of system behavior and attacks • Over Provisioning based Secure Overlay Forwarding Systems design • Layers • Connectivity The Ohio State University

  31. Practices in Sensor Networks • Sensor Networks • A new paradigm of networking • A lot of applications, cheap, easy to deploy, but limited in energy • Physical attacks • Small size of sensors and the nature of distributed deployment • Examples: Random attacks and Search based attacks The Ohio State University

  32. Practices in Sensor Networks • The impacts of Physical attacks Lifetime Vs. Attack arrival rate • Solution: Over Provision nodes in ICC05-sub [9] The Ohio State University

  33. Research Issues • Modeling and analysis of system behavior and attacks • Node and Structure Over Provisioning The Ohio State University

  34. Final Remarks • The principles of Over Provisioning • QOP: Quantitative Over Provisioning on network resources • Practices of Over Provisioning in • Overlay Networks • Resilient Structure P2P systems –Neighbor connectivity • QoS aware Overlay multicast and anycast – Path • Secure Overlay Forwarding Systems – Layers and Connectivity • Sensor networks • Resilience to Physical attacks – node and structure The Ohio State University

  35. References • S. Wang, Dong Xuan, R. Bettati and W. Zhao, “Providing Absolute Differentiated Services for Real-Time Applications in Static-Priority Scheduling Networks”,  in IEEE/ACM Transactions on Networking (ToN), Vol 12, No. 2, April 2004. • S. Wang, Dong Xuan, R. Bettati and W. Zhao, “Differentiated Services with Statistical Real-Time Guarantees in Static-Priority Scheduling Networks”, in Proc. of  IEEE Real-time System Symposium (RTSS), 2001. • S. Wang, Dong Xuan and W. Zhao, “On Resilience of Structured Peer-to-Peer Systems”,  in Proc. of IEEE  Global Telecommunications Conference (GLOBECOM), Dec. 2003. • Dong Xuan, S. Chellappan and M. Krishnamoorthy, “RChord: An Enhanced Chord System Resilient to Routing Attacks”, in Proc. of  IEEE International Conference on Computer Networks and Mobile Computing (ICCNMC), Oct. 2003. • W. Jia, W. Zhao, Dong Xuan, and G. Xu, “An Efficient Fault-Tolerant Multicast Routing Protocol with Core-Based Tree Techniques”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 10, No. 10, Oct. 1999. • Dong Xuan, W. Jia, W. Zhao, and H. Zhu, “A Routing Protocol for Anycast Messages”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 11, No. 6, June 2000. • W. Jia, Dong Xuan, W. Tu, L. Lin and W. Zhao, “Distributed Admission Control for Anycast Flows”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol 15, No. 8, August 2004. • Dong Xuan, S. Chellappan, X. Wang and S. Wang,  ”Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks”,  in Proc. of   IEEE International Conference on Distributed Computing Systems (ICDCS), March 2004. • Xun Wang, Wenjun Gu, Sriram Chellappan, Kurt Schosek, Dong Xuan, “Lifetime Optimization of Sensor Networks under Physical Attacks ”, submitted to ICC 2005. The Ohio State University

More Related