efficient over-provisioning of network systems and services: principles and practices

04/24/23 The Ohio State University 1

Efficient Over-Provisioning of Network Systems and Services:

Principles and Practices

Dong Xuan*Dept. of Computer Science and Engineering

The Ohio-State University


What is Over-Provisioning? Resources are allocated conservatively,

depending on expected demands, changes in demands and other corresponding challenges.

Examples: replicated content, replicated servers, allocating more bandwidth, multi-path routing etc.


Outline Objective Principles Practices in Overlay Networks Practices in Sensor Networks Final Remarks


Objective Providing high performance,

sustainability and reliability to network systems and services


Challenges and Opportunities Challenges:

Traffic amount Dynamics of traffic pattern Malicious and non-conforming participants

Opportunities: Resources, such as bandwidth, storage,

processing power are no longer the bottlenecks that used to be so in the past.


Why Over-Provisioning? Enable uninterrupted services Reaction under extreme operating

conditions are milder if not eliminated Maintenance and corresponding

dynamics are easier if done properly System update is easier


However…… Over provisioning is not always good. Over provisioning also comes at the

price of increased maintenance. Resource come at a price. They are not

free.


What We Want to Do? Study the principles of over

provisioning

Practices in a wide spectrum of network systems and services


Principles A case study – bandwidth over provisioning in networks

Currently it is conducted in an ad hoc manner by ISPs QOP: Quantitative Over Provisioning

Our work on Transaction on Networking 04 [1] and RTSS 01 [2]


Further Study on Over Provisioning Principles System resources

System nodes Connectivity Network Paths Data content, energy and storage

Dynamics due to failures and attacks


Practical applications of Over-Provisioning Overlay Networks

Sensor Networks


Overlay Networks


Practices in Overlay Networks Resilient Structured Peer to Peer

Systems

QoS aware and Reliable Overlay Multicast and Anycast Services

Secure Overlay Forwarding Systems


Resilient Structured P2P Systems Structured P2P systems

Distributed Hash Table (DHT) based Node ID and data ID match together CAN, CHORD, PASTRY and TAPSTRY

These systems are not resilient to malicious attacks !

Our solution: over provisioning in neighbor connectivity RCHORD and CAN-SW


• Routing is strictly uni-directional in Chord unlike other systems.• Attackers can take great advantage of this mechanism.

N8080 + 20

N112

N96

N16

80 + 2180 + 22

80 + 23

80 + 24

80 + 25 80 + 26

Chord


RChord: Reverse Chord system

Our enhancement solution: adding reverse edges in ICCNMC 03 [4] Two issues:

How to add the reverse edges? How to do routing with reverse edges?


Algorithms for adding reverse edges•Deterministic: Reverse edges are added to nodes deterministically.

•Mirror: Chosen number of reverse edges are added anti clockwise mirroring the original edges.•Uniform: Chosen number of edges are added at uniform intervals in the anti clockwise direction.•Local Remote (LR) combination: Alternatively a chosen number of local (near) and remote (far) edges are added anti clockwise.

•Randomized: Reverse edges are added randomly anti clockwise.

•Hybrid (LR combination with Randomization): Local neighbors are chosen similar to LR combination method and remote neighbors are chosen anti clockwise randomly.


Sensitivity of Average path length under attacks. (No. of reverse edges =2 and No. of nodes =1K, 16K respectively)

We can observe significant performance improvement as attack intensities (Pr: the probability of node being malicious) increase.

Number of reverse edges need not be proportional to number of nodes to increase performance.

LR scheme performs best as Pr increases.

Performance of RChord


CAN CAN is based on Torus The ideal average

lookup distance is (d/4)n1/d

Due to nodes’ dynamic joining and leaving, the ideal situation can’t be achieved


CAN-SW: CAN with Small World Small-world model

Introduce remote neighbors This mechanism can reduce

the average path length to O(log2n)

CAN-SW We introduce remote neighbors as finger

neighbors to improve lookup performance in Globecom 03 [3]

oooooooooooooooooooooooooooooooooooo

i

j


Performance of CAN-SW (1) Resilience to failure of finger neighbors


Performance of CAN-SW (2) Resilience to failure of special

neighbors


Research Issues Modeling and Analysis of system

behavior and attacks Neighbor Connectivity Over

Provisioning based Resilient P2P systems design Quantifying the number of reverse edges in

RChord Quantifying the number of remote edges in

CAN-SW


Unicast, multicast and anycast

Network layer multicast and anycast We have proposed an efficient fault-tolerant multicast

routing protocol in TPDS 99 [5] (38). We have proposed a routing protocol for anycast

messages in TPDS 00 [6], 04 [7] (38, 39). Overlay multicast and anycast

Multiple path over provisioning based approaches

QoS Aware Overlay Multicast and Anycast


Secure Overlay Forwarding Systems

It is an intermediate forwarding overlay system. Layering: Each node only knows the next layer

nodes. Access to target controlled by a set of filters. Target is known only to filters.


Design Features

The number of layers: 3 layers of hierarchy between sources and a target.

Mapping degree: Number of next layer neighbors

Node density: Number of nodes per layer

Under random congestion attacks, path availabilities are high if mapping degree is high.


The Generalized Secure Overlay Forwarding System

We have generalized the system in ICDCS 04 [8]. Design features are flexible.


Intelligent DDoS Attacks Combination of Congestion-based

attacks and break-in based attacks Congestion attacks result in node being

non-functional for the duration of the attack.

Successful break-in attacks result in disclosure of next layer neighbors.


System Performance Observation Over Provisioning is not always good. Care should be exercised.


Research Issues

Modeling and analysis of system behavior and attacks

Over Provisioning based Secure Overlay Forwarding Systems design Layers Connectivity


Practices in Sensor Networks Sensor Networks

A new paradigm of networking A lot of applications, cheap, easy to deploy, but limited in

energy

Physical attacks Small size of sensors and the nature of distributed

deployment Examples: Random attacks and Search based attacks


Practices in Sensor Networks The impacts of Physical attacks

Lifetime Vs. Attack arrival rate Solution: Over Provision nodes in ICC05-sub [9]

0

2

4

6

8

10

0.0001 0.001 0.01 0.1λ (attacks/second)

T (d

ays)

A = 20m,nf = 50A = 20m,nf = 100A = 20m,nf = 200A = 20m,nf = 300A = 20m,nf = 400A = 20m,nf = 500A = 20m,nf = 600


Research Issues

Modeling and analysis of system behavior and attacks

Node and Structure Over Provisioning


Final Remarks

The principles of Over Provisioning QOP: Quantitative Over Provisioning on

network resources Practices of Over Provisioning in

Overlay Networks Resilient Structure P2P systems – Neighbor

connectivity QoS aware Overlay multicast and anycast – Path Secure Overlay Forwarding Systems – Layers and

Connectivity Sensor networks

Resilience to Physical attacks – node and structure


References1. S. Wang, Dong Xuan, R. Bettati and W. Zhao, “Providing Absolute Differentiated Services for Real-Time

Applications in Static-Priority Scheduling Networks”, in IEEE/ACM Transactions on Networking (ToN), Vol 12, No. 2, April 2004.

2. S. Wang, Dong Xuan, R. Bettati and W. Zhao, “Differentiated Services with Statistical Real-Time Guarantees in Static-Priority Scheduling Networks”, in Proc. of IEEE Real-time System Symposium (RTSS), 2001.

3. S. Wang, Dong Xuan and W. Zhao, “On Resilience of Structured Peer-to-Peer Systems”, in Proc. of IEEE Global Telecommunications Conference (GLOBECOM), Dec. 2003.

4. Dong Xuan, S. Chellappan and M. Krishnamoorthy, “RChord: An Enhanced Chord System Resilient to Routing Attacks”, in Proc. of IEEE International Conference on Computer Networks and Mobile Computing (ICCNMC), Oct. 2003.

5. W. Jia, W. Zhao, Dong Xuan, and G. Xu, “An Efficient Fault-Tolerant Multicast Routing Protocol with Core-Based Tree Techniques”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 10, No. 10, Oct. 1999.

6. Dong Xuan, W. Jia, W. Zhao, and H. Zhu, “A Routing Protocol for Anycast Messages”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 11, No. 6, June 2000.

7. W. Jia, Dong Xuan, W. Tu, L. Lin and W. Zhao, “Distributed Admission Control for Anycast Flows”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol 15, No. 8, August 2004.

8. Dong Xuan, S. Chellappan, X. Wang and S. Wang, ”Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks”, in Proc. of IEEE International Conference on Distributed Computing Systems (ICDCS), March 2004.

9. Xun Wang, Wenjun Gu, Sriram Chellappan, Kurt Schosek, Dong Xuan, “Lifetime Optimization of Sensor Networks under Physical Attacks ”, submitted to ICC 2005.

efficient over-provisioning of network systems and services: principles and practices

Documents

ohio state university

reverse edgesdeterministic

reverse chord system

chosen number of reverse

tapstrythese systems

overlay networkspractices

case study bandwidth

reliable overlay multicast