Download Googlong the Internet (and Beyond)

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
Document related concepts
no text concepts found
Transcript 
Googling the Internet
(and Beyond)
Aleksandar Kuzmanovic
EECS Department
Northwestern University
http://networks.cs.northwestern.edu
Today’s Talk
TCP congestion control
DoS against streaming CDNs
Googling the Internet
2
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
TCP Congestion Control
Question
– Why do we care about TCP congestion control in the
year 2009?
Overwhelming opinion:
–
–
–
–
TCP research is incremental
Not relevant any more
It is boring
No high-impact breakthroughs are possible any
more
3
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Non-Incremental Advances are Possible
“… throughput increases
by more than 40% while
the average web response
time simultaneously decreases
by nearly an order of magnitude.”
Server
A. Kuzmanovic, “The Power of Explicit Congestion Notification,”
in ACM SIGCOMM 2005.
A. Kuzmanovic, A. Mondal, S. Floyd, and K. K. Ramakrishnan,
“Adding Explicit Congestion Notification (ECN) to TCP’s
SYN/ACK Packets,” IETF Draft, work in progress.
4
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Congestion Control Fundamentals
Congestion collapse
– 1986: throughput from LBL to UC Berkeley dropped
from 32 Kbps to 40 bps
V. Jacobson, “Congestion Avoidance and
Control,” in ACM CCR, 18(4): 314-329, Aug
1988.
–
–
–
–
Slow start
Dynamic window sizing
RTT variance estimation
Exponential retransmit timer backoff
5
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Why Exponential Backoff?
Jacobson adopted
exponential backoff
from the classical
shared-medium
Ethernet protocol
– “IP gateway has
essentially the same
behavior as Ether in
a shared-medium
network.”
6
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Why Exponential Backoff?
Jacobson adopted
exponential backoff
from the classical
shared-medium
Ethernet protocol
– “IP gateway has
essentially the same
behavior as Ether in
a shared-medium
network.”
– Not true!
C
C
7
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Our Result
Implicit packet conservation principle
– When to resend a packet:
• As soon as the retransmission timeout expires
– End-to-end performance can only improve if we
remove the exponential backoff from TCP (proof in
the paper)
A. Mondal and A. Kuzmanovic, “Removing Exponential Backoff
from TCP,” in ACM CCR, October 2008.
8
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Today’s Talk
TCP congestion control
DoS against streaming CDNs
Googling the Internet
9
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Background
●
CDNs (e.g., Akamai) perform extensive
network and server measurements
• Publish the results via DNS
over short time scales
DNS Server
Global Monitoring
Infrastructure
update feedback
Edge Server 1
New edge server IP
Edge Server 2
10
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
CDN-Driven One-Hop Source Routing
D
A1
E1
A2
E2
An
En
S
DNS Server
A.-J. Su, D. Choffnes, A. Kuzmanovic, and F. Bustamante,
“Drafting Behind Akamai (Travelocity-Based Detouring),” in
ACM SIGCOMM 2006.
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
11
Relative Network Positioning
Wide-area distributed network systems can
benefit from network positioning systems
Key idea:
– Infer relative network distance by overlapping CDN
replica servers
Redirection frequency for Client 1 to replica server R1
Replica servers
0.8
0.8
0.2
R1
0.2
Client 2
R2
Client 1
A.-J. Su, D. Choffnes, F. Bustamante, and A. Kuzmanovic,
“Relative Network Positioning via CDN Redirections,” in
IEEE ICDCS 2008.
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
12
Motivation
●
>50% of online users would leave and never
come back to a streaming site when streaming
quality is bad [Akamai ’07]
13
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Akamai’s Streaming Architecture
Entry Points
Reflectors
Edge Servers
Is DNS-based load balancing resilient to DoS attacks?
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Slow Load Balancing Experiment
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Slow Load Balancing Result
Edge server
becomes overloaded
Throughput
recovers
Start probing machines
DNS-based system is too slow
to react to overloaded conditions
DNS updated,
stop probing machines
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Reflector-level Experiments
Customers
 Issue: How to attack reflectors?
 Facts:
 Challenge:
Information
about
not publicly
available
- Akamai gathers
streams
from reflectors
different customers
into channels
 Approach:
Use the
edge
servers
proxies
- Streams from
same
regionas
and
the same channel map to the
same reflector
Need mapping between edge servers and reflectors
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Amplification Attack
Service degradation
at similar pace
It is possible to attack reflectors by using
edge servers as “proxies”
Bottleneck
observed,
Start probing
machines
stop probing machines
A. Kuzmanovic
Throughput recovery
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Countermeasures
Existing approaches
– Stream replication
– Resource-based admission control
– Solving puzzles
Our approach
– Shielding internal administrative information
– Secure edge-cluster design
Key issues:
– Tradeoff between transparency and DoS resiliency
– Streaming-targeted bandwidth-based DoS attacks
are feasible
A-J. Su and A. Kuzmanovic, “Thinning Akamai,” in
USENIX/ACM IMC 2008.
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Today’s Talk
TCP congestion control
DoS against streaming CDNs
Googling the Internet
20
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Motivation
Can we use Google for networking research?
Huge amount of endpoint
information available on the web
Can we systematically exploit search engines to
harvest endpoint information available on the Internet?
21
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Where Does the Information Come From?
Some popular proxy
services also display logs
Even P2P information is available
logging
on theWebsites
Internetrun
since
the first point
software
display
of contact
withand
a P2P
swarm is a
statistics IP address
publicly available
Blacklists, banlists, spamlists
also have web interfaces
Malicious
Servers
Clients
P2P
Popular servers (e.g., gaming)
IP addresses are listed
22
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Methodology – Web Classifier and IP Tagging
IP Address
xxx.xxx.xxx.xxx
Rapid Match
URL Hit text
URL Hit text
URL Hit text
….
….
Search hits
IP tagging
Domain
Keywords
name
Domain
Keywords
name
….
….
Website cache
23
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Detecting Application Usage Trends
Infer what applications people
are using across the world without
having access to network traces
24
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Traffic Classification
Problem – traffic classification
Current approaches
(port-based, payload signatures,
numerical and statistical etc.)
Our approach
– Use information about destination IP
addresses available on the Internet
25
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Working with Sampled Traffic
UEP maintains a large
classification ratio even
at higher sampling rates
No sampling
BLINC stays in the dark
2% at sampling rate 100
I. Trestian, S. Ranjan, A. Kuzmanovic, and A. Nucci,
“Unconstrained Endpoint Profiling (Googling the Internet),” in
ACM SIGCOMM 2008.
26
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Summary
Congestion control is fundamental
Tradeoff between transparency and DoS-resiliency
Information is all around us (and Google is cool)
Other projects:
Monitoring network neutrality (NSF and Google Inc.)
Auditing search engines
ISP-enabled ad targeting
Feasibility of location-based services (Narus Inc.)
http://networks.cs.northwestern.edu
27
A. Kuzmanovic
From TCP
Net Neutrality
and Back
Googling
the to
Internet
(and Beyond)
Related documents
TCP/IP Configuration
TCP/IP Configuration
CLIENT SERVER ARCHITECTURE
CLIENT SERVER ARCHITECTURE
How the Internet Works
How the Internet Works
Proposed Differentiated Services on the Internet
Proposed Differentiated Services on the Internet
Midterm Review - UTK-EECS
Midterm Review - UTK-EECS
Networking - Institute of Mathematics and Informatics
Networking - Institute of Mathematics and Informatics
Question 1: Question 2: Question 3: Question 4:
Question 1: Question 2: Question 3: Question 4:
Wireless Communications and Networks
Wireless Communications and Networks
Wavenis plug-in - viaSkynet
Wavenis plug-in - viaSkynet