efficient over-provisioning of network systems and services: principles and practices
DESCRIPTION
Efficient Over-Provisioning of Network Systems and Services: Principles and Practices. Dong Xuan * Dept. of Computer Science and Engineering The Ohio-State University. What is Over-Provisioning?. - PowerPoint PPT PresentationTRANSCRIPT
04/24/23 The Ohio State University 1
Efficient Over-Provisioning of Network Systems and Services:
Principles and Practices
Dong Xuan*Dept. of Computer Science and Engineering
The Ohio-State University
04/24/23 The Ohio State University 2
What is Over-Provisioning? Resources are allocated conservatively,
depending on expected demands, changes in demands and other corresponding challenges.
Examples: replicated content, replicated servers, allocating more bandwidth, multi-path routing etc.
04/24/23 The Ohio State University 3
Outline Objective Principles Practices in Overlay Networks Practices in Sensor Networks Final Remarks
04/24/23 The Ohio State University 4
Objective Providing high performance,
sustainability and reliability to network systems and services
04/24/23 The Ohio State University 5
Challenges and Opportunities Challenges:
Traffic amount Dynamics of traffic pattern Malicious and non-conforming participants
Opportunities: Resources, such as bandwidth, storage,
processing power are no longer the bottlenecks that used to be so in the past.
04/24/23 The Ohio State University 6
Why Over-Provisioning? Enable uninterrupted services Reaction under extreme operating
conditions are milder if not eliminated Maintenance and corresponding
dynamics are easier if done properly System update is easier
04/24/23 The Ohio State University 7
However…… Over provisioning is not always good. Over provisioning also comes at the
price of increased maintenance. Resource come at a price. They are not
free.
04/24/23 The Ohio State University 8
What We Want to Do? Study the principles of over
provisioning
Practices in a wide spectrum of network systems and services
04/24/23 The Ohio State University 9
Principles A case study – bandwidth over provisioning in networks
Currently it is conducted in an ad hoc manner by ISPs QOP: Quantitative Over Provisioning
Our work on Transaction on Networking 04 [1] and RTSS 01 [2]
04/24/23 The Ohio State University 10
Further Study on Over Provisioning Principles System resources
System nodes Connectivity Network Paths Data content, energy and storage
Dynamics due to failures and attacks
04/24/23 The Ohio State University 11
Practical applications of Over-Provisioning Overlay Networks
Sensor Networks
04/24/23 The Ohio State University 12
Overlay Networks
04/24/23 The Ohio State University 13
Practices in Overlay Networks Resilient Structured Peer to Peer
Systems
QoS aware and Reliable Overlay Multicast and Anycast Services
Secure Overlay Forwarding Systems
04/24/23 The Ohio State University 14
Resilient Structured P2P Systems Structured P2P systems
Distributed Hash Table (DHT) based Node ID and data ID match together CAN, CHORD, PASTRY and TAPSTRY
These systems are not resilient to malicious attacks !
Our solution: over provisioning in neighbor connectivity RCHORD and CAN-SW
04/24/23 The Ohio State University 15
• Routing is strictly uni-directional in Chord unlike other systems.• Attackers can take great advantage of this mechanism.
N8080 + 20
N112
N96
N16
80 + 2180 + 22
80 + 23
80 + 24
80 + 25 80 + 26
Chord
04/24/23 The Ohio State University 16
RChord: Reverse Chord system
Our enhancement solution: adding reverse edges in ICCNMC 03 [4] Two issues:
How to add the reverse edges? How to do routing with reverse edges?
04/24/23 The Ohio State University 17
Algorithms for adding reverse edges•Deterministic: Reverse edges are added to nodes deterministically.
•Mirror: Chosen number of reverse edges are added anti clockwise mirroring the original edges.•Uniform: Chosen number of edges are added at uniform intervals in the anti clockwise direction.•Local Remote (LR) combination: Alternatively a chosen number of local (near) and remote (far) edges are added anti clockwise.
•Randomized: Reverse edges are added randomly anti clockwise.
•Hybrid (LR combination with Randomization): Local neighbors are chosen similar to LR combination method and remote neighbors are chosen anti clockwise randomly.
04/24/23 The Ohio State University 18
Sensitivity of Average path length under attacks. (No. of reverse edges =2 and No. of nodes =1K, 16K respectively)
We can observe significant performance improvement as attack intensities (Pr: the probability of node being malicious) increase.
Number of reverse edges need not be proportional to number of nodes to increase performance.
LR scheme performs best as Pr increases.
Performance of RChord
04/24/23 The Ohio State University 19
CAN CAN is based on Torus The ideal average
lookup distance is (d/4)n1/d
Due to nodes’ dynamic joining and leaving, the ideal situation can’t be achieved
04/24/23 The Ohio State University 20
CAN-SW: CAN with Small World Small-world model
Introduce remote neighbors This mechanism can reduce
the average path length to O(log2n)
CAN-SW We introduce remote neighbors as finger
neighbors to improve lookup performance in Globecom 03 [3]
oooooooooooooooooooooooooooooooooooo
i
j
04/24/23 The Ohio State University 21
Performance of CAN-SW (1) Resilience to failure of finger neighbors
04/24/23 The Ohio State University 22
Performance of CAN-SW (2) Resilience to failure of special
neighbors
04/24/23 The Ohio State University 23
Research Issues Modeling and Analysis of system
behavior and attacks Neighbor Connectivity Over
Provisioning based Resilient P2P systems design Quantifying the number of reverse edges in
RChord Quantifying the number of remote edges in
CAN-SW
04/24/23 The Ohio State University 24
Unicast, multicast and anycast
Network layer multicast and anycast We have proposed an efficient fault-tolerant multicast
routing protocol in TPDS 99 [5] (38). We have proposed a routing protocol for anycast
messages in TPDS 00 [6], 04 [7] (38, 39). Overlay multicast and anycast
Multiple path over provisioning based approaches
QoS Aware Overlay Multicast and Anycast
04/24/23 The Ohio State University 25
Secure Overlay Forwarding Systems
It is an intermediate forwarding overlay system. Layering: Each node only knows the next layer
nodes. Access to target controlled by a set of filters. Target is known only to filters.
04/24/23 The Ohio State University 26
Design Features
The number of layers: 3 layers of hierarchy between sources and a target.
Mapping degree: Number of next layer neighbors
Node density: Number of nodes per layer
Under random congestion attacks, path availabilities are high if mapping degree is high.
04/24/23 The Ohio State University 27
The Generalized Secure Overlay Forwarding System
We have generalized the system in ICDCS 04 [8]. Design features are flexible.
04/24/23 The Ohio State University 28
Intelligent DDoS Attacks Combination of Congestion-based
attacks and break-in based attacks Congestion attacks result in node being
non-functional for the duration of the attack.
Successful break-in attacks result in disclosure of next layer neighbors.
04/24/23 The Ohio State University 29
System Performance Observation Over Provisioning is not always good. Care should be exercised.
04/24/23 The Ohio State University 30
Research Issues
Modeling and analysis of system behavior and attacks
Over Provisioning based Secure Overlay Forwarding Systems design Layers Connectivity
04/24/23 The Ohio State University 31
Practices in Sensor Networks Sensor Networks
A new paradigm of networking A lot of applications, cheap, easy to deploy, but limited in
energy
Physical attacks Small size of sensors and the nature of distributed
deployment Examples: Random attacks and Search based attacks
04/24/23 The Ohio State University 32
Practices in Sensor Networks The impacts of Physical attacks
Lifetime Vs. Attack arrival rate Solution: Over Provision nodes in ICC05-sub [9]
0
2
4
6
8
10
0.0001 0.001 0.01 0.1λ (attacks/second)
T (d
ays)
A = 20m,nf = 50A = 20m,nf = 100A = 20m,nf = 200A = 20m,nf = 300A = 20m,nf = 400A = 20m,nf = 500A = 20m,nf = 600
04/24/23 The Ohio State University 33
Research Issues
Modeling and analysis of system behavior and attacks
Node and Structure Over Provisioning
04/24/23 The Ohio State University 34
Final Remarks
The principles of Over Provisioning QOP: Quantitative Over Provisioning on
network resources Practices of Over Provisioning in
Overlay Networks Resilient Structure P2P systems – Neighbor
connectivity QoS aware Overlay multicast and anycast – Path Secure Overlay Forwarding Systems – Layers and
Connectivity Sensor networks
Resilience to Physical attacks – node and structure
04/24/23 The Ohio State University 35
References1. S. Wang, Dong Xuan, R. Bettati and W. Zhao, “Providing Absolute Differentiated Services for Real-Time
Applications in Static-Priority Scheduling Networks”, in IEEE/ACM Transactions on Networking (ToN), Vol 12, No. 2, April 2004.
2. S. Wang, Dong Xuan, R. Bettati and W. Zhao, “Differentiated Services with Statistical Real-Time Guarantees in Static-Priority Scheduling Networks”, in Proc. of IEEE Real-time System Symposium (RTSS), 2001.
3. S. Wang, Dong Xuan and W. Zhao, “On Resilience of Structured Peer-to-Peer Systems”, in Proc. of IEEE Global Telecommunications Conference (GLOBECOM), Dec. 2003.
4. Dong Xuan, S. Chellappan and M. Krishnamoorthy, “RChord: An Enhanced Chord System Resilient to Routing Attacks”, in Proc. of IEEE International Conference on Computer Networks and Mobile Computing (ICCNMC), Oct. 2003.
5. W. Jia, W. Zhao, Dong Xuan, and G. Xu, “An Efficient Fault-Tolerant Multicast Routing Protocol with Core-Based Tree Techniques”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 10, No. 10, Oct. 1999.
6. Dong Xuan, W. Jia, W. Zhao, and H. Zhu, “A Routing Protocol for Anycast Messages”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 11, No. 6, June 2000.
7. W. Jia, Dong Xuan, W. Tu, L. Lin and W. Zhao, “Distributed Admission Control for Anycast Flows”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol 15, No. 8, August 2004.
8. Dong Xuan, S. Chellappan, X. Wang and S. Wang, ”Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks”, in Proc. of IEEE International Conference on Distributed Computing Systems (ICDCS), March 2004.
9. Xun Wang, Wenjun Gu, Sriram Chellappan, Kurt Schosek, Dong Xuan, “Lifetime Optimization of Sensor Networks under Physical Attacks ”, submitted to ICC 2005.