Download Quality of Service versus Any Service at All

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
Document related concepts

Asynchronous Transfer Mode wikipedia , lookup

Net neutrality law wikipedia , lookup

Wireless security wikipedia , lookup

Computer network wikipedia , lookup

Airborne Networking wikipedia , lookup

Peering wikipedia , lookup

Net bias wikipedia , lookup

Distributed firewall wikipedia , lookup

Network tap wikipedia , lookup

Deep packet inspection wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Transcript 
Quality of Service vs.
Any Service at All
10th IEEE/IFIP Conference on
Network Operations and Management Systems
(NOMS 2006)
Vancouver, BC, Canada
April 2006
Randy H. Katz
Computer Science Division
Electrical Engineering and Computer Science Department
University of California, Berkeley
Berkeley, CA 94720-1776
1
Networks Under Stress
2
= 60% growth/year
Vern Paxson, ICIR, “Measuring Adversaries”
3
= 596% growth/year
“Background”
Radiation
-Dominates
traffic in many
of today’s
networks
Vern Paxson, ICIR, “Measuring Adversaries”
4
Network Protection
• Internet reasonably robust to point problems
like link and router failures (“fail stop”)
• Successfully operates under a wide range of
loading conditions and over diverse
technologies
• During 9/11/01, Internet worked well, under
heavy traffic conditions and with some major
facilities failures in Lower Manhattan
5
Network Protection
• Networks awash in illegitimate traffic: port
scans, propagating worms, p2p file swapping
– Legitimate traffic starved for bandwidth
– Essential network services (e.g., DNS, NFS) compromised
• Need: active management of network services
to achieve good performance and resilience
even in the face of network stress
– Self-aware network environment
– Observing and responding to traffic changes
– Sustaining the ability to control the network
6
Berkeley Experience
• Campus Network
– Unanticipated traffic renders the network unmanageable
– DoS attacks, latest worm, newest file sharing protocol
largely indistinguishable--surging traffic
– In-band control is starved, making it difficult to manage
and recover the network
• Department Network
– Suspected DoS attack against DNS
– Poorly implemented spam appliance overloads DNS
– Difficult to access Web or mount file systems
7
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Why and How
Networks Fail
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see thi s picture.
• Complex phenomenology of failure
• Traffic surges break enterprise networks
• “Unexpected” traffic as deadly as high net utilization
– Cisco Express Forwarding: random IP addresses --> flood route
cache --> force traffic thru slow path --> high CPU utilization -->
dropped router table updates
– Route Summarization: powerful misconfigured peer overwhelms
weaker peer with too many router table entries
– SNMP DoS attack: overwhelm SNMP ports on routers
– DNS attack: response-response loops in DNS queries generate
traffic overload
8
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Technology
Trends
Load Balancing
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
Traffic Shaping
• Integration of servers, storage, switching, and routing
– Blade Servers, Stateful Routers,
Inspection-and-Action Boxes (iBoxes)
• Packet flow manipulations at L4-L7
– Inspection/segregation/accounting of traffic
– Packet marking/annotating
• Building blocks for network protection
– Pervasive observation and statistics collection
– Analysis, model extraction, statistical correlation and causality testing
– Actions for load balancing and traffic shaping
9
Generic Network Element
Architecture
Buffers
Buffers
CP
CP
CP
CP
Classification
Processor
“Tag”
Mem
CP
CP
CP
AP
Rules &
Programs
Interconnection
Fabric
Output Ports
Input Ports
Buffers
Action
Processor
10
Active Network Elements
Device
Edge
• Server Edge
• Network Edge
• Device Edge
NAT, Access Control
iBox Configuration
Network-Device
Firewall, IDS
Traffic
iBoxShaper
Server
Edge
Network
Edge
iBoxLoad Balancing
Server
Storage Nets
11
iBoxes: Observe, Analyze, Act
Enterprise
Network
Architecture
I
R
Internet or
WAN Edge
R
E
E
E
I
R
I
R
R
Distribution
Tier
E
Access
Tier
E
R
I
E
E
E
Access
Tier
R
Network Services
End Hosts
I
E
E
E
E
Access
Tier
User
End Hosts
Server
End Hosts
Inspection-and-Action Boxes:
Deep multiprotocol packet inspection
No routing; observation & marking
Policing points: drop, fence, block
12
ObserveAnalyze-Act
•
•
•
•
Control exercised, traffic classified, resources allocated
Statistics collection, prioritizing, shaping, blocking, …
Minimize/mitigate effects of attacks & traffic surges
Classify traffic into good, bad, and ugly (suspicious)
– Good: standing patterns and operator-tunable policies
– Bad: evolves faster, harder to characterize
– Ugly: cannot immediately be determined as good or bad
• Filter the bad, slow the suspicious, preserve for the good
– Sufficient to reduce false positives
– Suspicious-looking good traffic may be slowed down, but won’t be blocked
13
Internet
Edge
Scenario
Access
Edge
Distribution
Tier
PC
MS
Spam
Filter
FS
DNS
Server Edge
14
Observed
Operational Problems
• User visible services:
– NFS mount operations time out
– Web access also fails intermittently due to time outs
• Failure causes:
–
–
–
–
Independent or correlated failures?
Problem in access, server, or Internet edge?
File server failure?
Internet denial of service attack?
15
Network Dashboard
b/w
consumed
Gentle rise
in ingress
b/w
Unusual
step jump/
DNS xact
rates
DNS CPU
utilization
time
FS CPU
utilization
time
No unusual
pattern
Access
Edge b/w
consumed
Decline
in access
edge b/w
time
MS CPU
utilization
time
Mail traffic
growing
time
In
Web
Email
Out
Web
16
Network Dashboard
b/w
consumed
Gentle rise
in ingress
b/w
Unusual
step jump/
DNS xact
rates
DNS CPU
utilization
CERT Advisory!
DNS Attack!
time
FS CPU
utilization
No unusual
pattern
time
Access
Edge b/w
consumed
Decline
in access
edge b/w
time
MS CPU
utilization
time
Mail traffic
growing
time
In
Web
Email
Out
Web
17
Observed Correlations
• Mail traffic up
• MS CPU utilization up
Causality no
surprise!
– Service time up, service load up,
service queue longer, latency longer
• DNS CPU utilization up
– Service time up, request rate up,
latency up
• Access edge b/w down
How does
mail traffic
cause DNS
load?
18
Run Experiment
Shape Mail Traffic
MS CPU
utilization
Mail traffic
limited
In
Web
Out
Web
time
DNS CPU
utilization
DNS
down
time
Access
Edge b/w
consumed
Access
edge b/w
returns
time
Email
Root cause:
 Spam appliance --> DNS lookups
to verify sender domains;
 Spam attack hammers internal
DNS, degrading other services:
NFS, Web
19
Policies and Actions
Restore the Network
• Shape mail traffic
– Mail delay acceptable to users?
– Can’t do this forever unless mail is filtered at the
Internet edge
• Load balance DNS services
– Increase resources faster than incoming mail rate
– Actually done: dedicated DNS server for Spam appliance
• Other actions? Traffic priority, QoS knobs
20
Analysis
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
• Root causes difficult to diagnose
– Transitive and hidden causes
• Key is pervasive observation
– iBoxes provide the needed infrastructure
– Observations to identify correlations
– Perform active experiments to “suggest” causality
21
Many Challenges
• Policy specification: how to express? Service Level
Objectives?
• Experimental plan
– Distributed vs. centralized development
– Controlling the experiments … when the network is stressed
– Sequencing matters, to reveal “hidden” causes
• Active experiments
– Making things worse before they get better
– Stability, convergence issues
• Actions
– Beyond shaping of classified flows, load balancing, server scaling?
22
Implications for Network
Operations and Management
• Processing-in-the-Network is real
• Enables pervasive monitoring and actions
• Statistical models to discover correlations and
to detect anomalies
• Automated experiments to reveal causality
• Policies drive actions to reduce network stress
23
Networks Under Stress
QuickTime™ and a
TIFF (Uncompressed) decompressor
are needed to see this picture.
24
Related documents
Quest study guide#1
Quest study guide#1
FootPrinting - PSU
FootPrinting - PSU
INTRODUCTION TO INFORMATION SYSTEMS TECHNOLOGY
INTRODUCTION TO INFORMATION SYSTEMS TECHNOLOGY
Towards Wireless Overlay Network Architectures
Towards Wireless Overlay Network Architectures
russian picnic
russian picnic
DNS
DNS
Using DNS as an Access Protocol for Mapping Identifiers to Locators
Using DNS as an Access Protocol for Mapping Identifiers to Locators
Midterm Review - UTK-EECS
Midterm Review - UTK-EECS
Asexual Organisms
Asexual Organisms
Occular Dominance Columns
Occular Dominance Columns
PPT Version
PPT Version
The Internet and the World Wide Web Basics
The Internet and the World Wide Web Basics
File
File
CSCI6268L25
CSCI6268L25
Understanding the Types of Direct Marketing
Understanding the Types of Direct Marketing
Spamhaus Data.pptx
Spamhaus Data.pptx
360°DNS Security
360°DNS Security
Data Exfiltration and DNS
Data Exfiltration and DNS
On Modern DNS Behavior and Properties
On Modern DNS Behavior and Properties
BIG-IP DNS
BIG-IP DNS