Data Streaming in Computer Networking

Slides:

Advertisements

Similar presentations

Internetworking II: MPLS, Security, and Traffic Engineering

Advertisements

New Directions in Traffic Measurement and Accounting Cristian Estan – UCSD George Varghese - UCSD Reviewed by Michela Becchi Discussion Leaders Andrew.

IPv6 Victor T. Norman.

1 o Two issues in practice – Scale – Administrative autonomy o Autonomous system (AS) or region o Intra autonomous system routing protocol o Gateway routers.

Data Streaming Algorithms for Accurate and Efficient Measurement of Traffic and Flow Matrices Qi Zhao*, Abhishek Kumar*, Jia Wang + and Jun (Jim) Xu* *College.

Fast Firewall Implementation for Software and Hardware-based Routers Lili Qiu, Microsoft Research George Varghese, UCSD Subhash Suri, UCSB 9 th International.

CS 268: Lecture 8 Router Support for Congestion Control Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

MULTOPS A data-structure for bandwidth attack detection Thomer M. Gil Vrije Universiteit, Amsterdam, Netherlands MIT, Cambridge, MA, USA

Chapter 3 CCNA Discovery Encapsulation - Explanations and Clarifications CCNA Discovery Encapsulation - Explanations and Clarifications.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

What's inside a router? We have yet to consider the switching function of a router - the actual transfer of datagrams from a router's incoming links to.

4-1 Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving side, delivers.

Chapter 4 Network Layer slides are modified from J. Kurose & K. Ross CPE 400 / 600 Computer Communication Networks Lecture 14.

10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.

“On Scalable Attack Detection in the Network” Ramana Rao Kompella, Sumeet Singh, and George Varghese Presented by Nadine Sundquist.

Towards a High-speed Router-based Anomaly/Intrusion Detection System (HRAID) Zhichun Li, Yan Gao, Yan Chen Northwestern.

Core Stateless Fair Queueing Stoica, Shanker and Zhang - SIGCOMM 98 Rigorous fair Queueing requires per flow state: too costly in high speed core routers.

Core Stateless Fair Queueing Stoica, Shanker and Zhang - SIGCOMM 98 Fair Queueing requires per flow state: too costly in high speed core routers Yet, some.

BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,

Hash, Don’t Cache: Fast Packet Forwarding for Enterprise Edge Routers Minlan Yu Princeton University Joint work with Jennifer.

Router Architectures An overview of router architectures.

George Varghese (based on Cristi Estan’s work) University of California, San Diego May 2011 Internet traffic measurement: from packets to insight.

Attig 1 Automatically Inferring Patterns of Resource Consumption in Network Traffic In Proceedings of SIGCOMM 2003 Reviewed By Michael Attig

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

Denial of Service A Brief Overview. Denial of Service Significance of DoS in Internet Security Low-Rate DoS Attacks – Timing and detection – Defense High-Rate,

1 IP Forwarding Relates to Lab 3. Covers the principles of end-to-end datagram delivery in IP networks.

SIGCOMM 2002 New Directions in Traffic Measurement and Accounting Focusing on the Elephants, Ignoring the Mice Cristian Estan and George Varghese University.

1 Next Few Classes Networking basics Protection & Security.

Detection Unknown Worms Using Randomness Check Computer and Communication Security Lab. Dept. of Computer Science and Engineering KOREA University Hyundo.

EEC-484/584 Computer Networks Lecture 9 Wenbing Zhao (Part of the slides are based on Drs. Kurose & Ross ’ s slides for their Computer.

An Analysis of IPv6 Security CmpE-209: Team Research Paper Presentation CmpE-209 / Spring Presented by: Dedicated Instructor: Hiteshkumar Thakker.

Efficient Cache Structures of IP Routers to Provide Policy-Based Services Graduate School of Engineering Osaka City University

1 - CS7701 – Fall 2004 Review of: Detecting Network Intrusions via Sampling: A Game Theoretic Approach Paper by: – Murali Kodialam (Bell Labs) – T.V. Lakshman.

AutoFocus: A Tool for Automatic Traffic Analysis Cristian Estan, University of California, San Diego.

D 陳怡安 R 解巽評 R 高榮泰 IEEE/ACM TRANSACTIONS ON NETWORKING OCTOBER 2006 Cristian Estan, George Varghese, Member, IEEE, and Michael Fisk.

High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.

CS 740: Advanced Computer Networks IP Lookup and classification Supplemental material 02/05/2007.

Interconnect Networks Basics. Generic parallel/distributed system architecture On-chip interconnects (manycore processor) Off-chip interconnects (clusters.

Packet Classification Using Multidimensional Cutting Sumeet Singh (UCSD) Florin Baboescu (UCSD) George Varghese (UCSD) Jia Wang (AT&T Labs-Research) Reviewed.

Lect1..ppt - 01/06/05 CDA 6505 Network Architecture and Client/Server Computing Lecture 3 TCP and IP by Zornitza Genova Prodanoff.

Chapter 3 TCP and IP 1 Chapter 3 TCP and IP. Chapter 3 TCP and IP 2 Introduction Transmission Control Protocol (TCP) User Datagram Protocol (UDP) Internet.

BUFFALO: Bloom Filter Forwarding Architecture for Large Organizations Minlan Yu Princeton University Joint work with Alex Fabrikant,

Protocols and layering Network protocols and software Layered protocol suites The OSI 7 layer model Common network design issues and solutions.

Network Layer Routing Networks: Routing.

Chapter 3 TCP and IP Chapter 3 TCP and IP.

Whirlwind Tour Of Lectures So Far

Packet Forwarding.

CS4470 Computer Networking Protocols

EEC-484/584 Computer Networks

Introduction to Networking

Chapter 4: Network Layer

ISP and Egress Path Selection for Multihomed Networks

Transport Layer Unit 5.

What’s “Inside” a Router?

Cristian Estan, Stefan Savage, George Varghese

Optimal Elephant Flow Detection Presented by: Gil Einziger,

EEC-484/584 Computer Networks

Data Communication Networks

EEC-484/584 Computer Networks

Network Layer Routing Networks: Routing.

EE 122: Lecture 7 Ion Stoica September 18, 2001.

Chapter 4 Network Layer Computer Networking: A Top Down Approach 5th edition. Jim Kurose, Keith Ross Addison-Wesley, April Network Layer.

Memento: Making Sliding Windows Efficient for Heavy Hitters

Network Layer: Control/data plane, addressing, routers

CS 6290 Many-core & Interconnect

Lecture 10, Computer Networks (198:552)

Computer Networks ARP and RARP

Chapter 4: Network Layer

Control-Data Plane Separation

Presentation transcript:

Data Streaming in Computer Networking Cristian Estan, George Varghese University of California, San Diego

Data streaming in computer networking - MPDS 2003 Talk structure Traditional streaming in networking Rules of the game Iteration paradigm: packet scheduling example New streaming problems Detecting malicious traffic Understanding network workloads June 8, 2003 Data streaming in computer networking - MPDS 2003

Internet service model Source port Destination port Source IP address Destination IP address Data Header Conversations (flows) broken up into packets handled independently by the network Packets contain detailed information Destination IP address Source IP address “Application”: protocol field + source and destination port At the core of the network high speed routers Decide what to do with each packet Flow Internet June 8, 2003 Data streaming in computer networking - MPDS 2003

Traditional router functions IP Lookup ? Incoming 1 Outgoing 1 Incoming 2 Outgoing 2 Decide which interface to send the packet on (route lookup) Incoming 3 Outgoing 3 June 8, 2003 Data streaming in computer networking - MPDS 2003

Traditional router functions IP Lookup Out2 Incoming 1 Outgoing 1 Incoming 2 Outgoing 2 Incoming 3 Outgoing 3 June 8, 2003 Data streaming in computer networking - MPDS 2003

Traditional router functions Switching Out2 Out3 Incoming 1 Outgoing 1 Out3 Incoming 2 Outgoing 2 Move packets from between interfaces (switching) Out1 Out2 Incoming 3 Outgoing 3 June 8, 2003 Data streaming in computer networking - MPDS 2003

Traditional router functions Scheduling Incoming 1 Outgoing 1 Flow 1 Flow 2 Incoming 2 Outgoing 2 Flow 3 Decide which packets to send and which to delay or drop (scheduling) Incoming 3 Outgoing 3 June 8, 2003 Data streaming in computer networking - MPDS 2003

Traditional router functions Scheduling Incoming 1 Outgoing 1 Flow 1 Flow 3 Flow 2 Incoming 2 Outgoing 2 Incoming 3 Outgoing 3 June 8, 2003 Data streaming in computer networking - MPDS 2003

Data streaming in computer networking - MPDS 2003 Rules of the game Wire speed processing At 40 gigabits/s 8 nanoseconds per packet - need fast SRAM Limited SRAM (say 32 megabits) but millions of flows What does this mean for algorithms? Low worst case complexity bounds Low bounds on the amount of memory used Differences from databases One pass vs. multiple passes Worst case vs. average case Small constants vs. asymptotic complexity June 8, 2003 Data streaming in computer networking - MPDS 2003

Data streaming in computer networking - MPDS 2003 Talk structure Traditional streaming in networking Rules of the game Iteration paradigm: packet scheduling example New streaming problems Detecting malicious traffic Understanding network workloads June 8, 2003 Data streaming in computer networking - MPDS 2003

Data streaming in computer networking - MPDS 2003 Iteration paradigm Many networking algorithms use iteration in time Way to allow multi-pass algorithms without storing input by assuming inputs do not change quickly Many examples (MULTOPS for DoS detection [Gil01], CSFQ for scheduling [Stoica98]) Would be nice to formalize tradeoff between quality of results and drift rate of input Perhaps exponential averaging is not enough June 8, 2003 Data streaming in computer networking - MPDS 2003

Example: Core Stateless FQ If R>F drop with probability 1-F/R Iteratively compute fair share F R Fair queuing: if traffic is larger than link capacity, limit the large flows to the “fair share” The size of the fair share depends on the rates of all flows Per flow state is impractical Core Stateless: Uses labels in packets to determine rates of flows Computes the fair share using iterative approach Minimal state Exploits stationarity in the traffic mix Mark rate R June 8, 2003 Data streaming in computer networking - MPDS 2003

Data streaming in computer networking - MPDS 2003 Talk structure Traditional streaming in networking Rules of the game Iteration paradigm: packet scheduling example New streaming problems Detecting malicious traffic Understanding network workloads June 8, 2003 Data streaming in computer networking - MPDS 2003

New streaming problems Detecting malicious activity Flooding (denial of service attacks) Worms Scans looking for vulnerable servers Understanding workloads Billing Planning network growth Application mix June 8, 2003 Data streaming in computer networking - MPDS 2003

Detecting malicious traffic Well defined building blocks Detecting large aggregates Similar to iceberg queries Counting active flows in an aggregate Similar to counting distinct values Many open problems: e.g. detect worms and DoS attacks (not clear what is right formal problem statement) June 8, 2003 Data streaming in computer networking - MPDS 2003

Data streaming in computer networking - MPDS 2003 Talk structure Traditional streaming in networking Rules of the game Iteration paradigm: packet scheduling example New streaming problems Detecting malicious traffic Understanding network workloads June 8, 2003 Data streaming in computer networking - MPDS 2003

Informal problem definition Analysis Traffic reports Applications: 50% of traffic is Kazaa Sources: 20% of traffic comes from Steve’s PC Terabytes of measurement data June 8, 2003 Data streaming in computer networking - MPDS 2003

Informal problem definition Analysis Traffic reports 20% is Kazaa from Steve’s PC 50% is Kazaa from the dorms Terabytes of measurement data June 8, 2003 Data streaming in computer networking - MPDS 2003

Formal problem definition Define clusters: Atoms: fields 1 to n with hierarchies in each field including * Cluster: intersection of one set from each field hierarchy Example: Source=*, Destination=CS Net, App= Email Threshold clusters: Report traffic clusters above threshold T (e.g. 1% of traffic) Omit redundant clusters: Compression rule: remove general clusters from report when its traffic can be inferred (up to error T) from on non-overlapping more specific clusters June 8, 2003 Data streaming in computer networking - MPDS 2003

Data streaming in computer networking - MPDS 2003 Solution status The good: Offline tool AutoFocus; SIGCOMM 2003 paper Detected worm, busy servers, squid cache, etc. Network managers like it The bad: Takes long: 3 hours at T=0.5% for one day trace Needs much memory 300 Mbytes The wanted: Streaming algorithm - we invite improvements June 8, 2003 Data streaming in computer networking - MPDS 2003

Data streaming in computer networking - MPDS 2003 Conclusions New rules: strict constraints on algorithms running in routers Iteration in time: can give simple algorithms, but needs more formalization as to quality of results General open problems: many challenges in detecting malicious traffic such as worms and DoS attacks Specific open problem: computing traffic cluster reports in streaming fashion June 8, 2003 Data streaming in computer networking - MPDS 2003

Data streaming in computer networking - MPDS 2003 Thank you! Algorithms ? Databases Networking June 8, 2003 Data streaming in computer networking - MPDS 2003

Unidimensional clusters 15 35 30 40 160 110 35 75 10.8.0.2 10.8.0.3 10.8.0.4 10.8.0.5 10.8.0.8 10.8.0.9 10.8.0.10 10.8.0.14 June 8, 2003 Data streaming in computer networking - MPDS 2003

Unidimensional clusters 10.8.0.0/28 500 10.8.0.0/29 120 10.8.0.8/29 380 10.8.0.0/30 50 10.8.0.4/30 70 10.8.0.8/30 305 75 10.8.0.12/30 10.8.0.10/31 10.8.0.2/31 50 10.8.0.4/31 70 10.8.0.8/31 270 35 75 10.8.0.14/31 15 35 30 40 160 110 35 75 10.8.0.2 10.8.0.3 10.8.0.4 10.8.0.5 10.8.0.8 10.8.0.9 10.8.0.10 10.8.0.14 June 8, 2003 Data streaming in computer networking - MPDS 2003

Unidimensional clusters 10.8.0.0/28 500 10.8.0.0/29 120 10.8.0.8/29 380 10.8.0.0/30 50 10.8.0.4/30 70 10.8.0.8/30 305 75 10.8.0.12/30 10.8.0.10/31 10.8.0.2/31 50 10.8.0.4/31 70 10.8.0.8/31 270 35 75 10.8.0.14/31 15 35 30 40 160 110 35 75 10.8.0.2 10.8.0.3 10.8.0.4 10.8.0.5 10.8.0.8 10.8.0.9 10.8.0.10 10.8.0.14 June 8, 2003 Data streaming in computer networking - MPDS 2003

Unidimensional clusters 10.8.0.0/28 500 10.8.0.0/29 120 10.8.0.8/29 380 10.8.0.8/30 305 10.8.0.8/31 270 160 110 10.8.0.8 10.8.0.9 June 8, 2003 Data streaming in computer networking - MPDS 2003

Unidimensional clusters 10.8.0.0/28 500 10.8.0.0/29 120 10.8.0.8/29 380 10.8.0.8/30 305 10.8.0.8/31 270 160 110 10.8.0.8 10.8.0.9 June 8, 2003 Data streaming in computer networking - MPDS 2003

Multidimensional clusters Two dimensions Source network Protocol (traffic type) Trees turn into lattice Multiple parents Nodes overlap June 8, 2003 Data streaming in computer networking - MPDS 2003

Data streaming in computer networking - MPDS 2003 Offline solution June 8, 2003 Data streaming in computer networking - MPDS 2003

Data streaming in computer networking - MPDS 2003 Sample report June 8, 2003 Data streaming in computer networking - MPDS 2003