Policing congestion response in an internetwork using re-feedback Bob Briscoe 1,2 Arnaud Jacquet 1, Carla Di Cairano- Gilfedder 1, Alessandro Salvatori.

Slides:



Advertisements
Similar presentations
Using Edge-To-Edge Feedback Control to Make Assured Service More Assured in DiffServ Networks K.R.R.Kumar, A.L.Ananda, Lillykutty Jacob Centre for Internet.
Advertisements

Using Self-interest to Prevent Malice Fixing the Denial of Service Flaw of the Internet Bob Briscoe Chief Researcher, BT Group Oct 2006 Credits: Martin.
Re-ECN: Adding Accountability for Causing Congestion to TCP/IP draft-briscoe-tsvwg-re-ecn-tcp-03 Bob Briscoe, BT & UCL Arnaud Jacquet, Alessandro Salvatori.
Re-ECN: Adding Accountability for Causing Congestion to TCP/IP draft-briscoe-tsvwg-re-ecn-tcp draft-briscoe-tsvwg-re-ecn-tcp Bob Briscoe, BT & UCL Arnaud.
Florin Dinu T. S. Eugene Ng Rice University Inferring a Network Congestion Map with Traffic Overhead 0 zero.
TELE202 Lecture 8 Congestion control 1 Lecturer Dr Z. Huang Overview ¥Last Lecture »X.25 »Source: chapter 10 ¥This Lecture »Congestion control »Source:
ConEx Abstract Protocol What’s the Credit marking for? draft-mathis-conex-abstract-mech-00.txt draft-mathis-conex-abstract-mech-00.txt apologies from Bob.
Resource Pooling A system exhibits complete resource pooling if it behaves as if there was a single pooled resource. The Internet has many mechanisms for.
XCP: Congestion Control for High Bandwidth-Delay Product Network Dina Katabi, Mark Handley and Charlie Rohrs Presented by Ao-Jan Su.
CPSC Topics in Multimedia Networking A Mechanism for Equitable Bandwidth Allocation under QoS and Budget Constraints D. Sivakumar IBM Almaden Research.
Shivkumar Kalyanaraman Rensselaer Polytechnic Institute 1 ECSE-6600: Internet Protocols Informal Quiz #11 Shivkumar Kalyanaraman: GOOGLE: “Shiv RPI”
Differentiated Services. Service Differentiation in the Internet Different applications have varying bandwidth, delay, and reliability requirements How.
15-441: Computer Networking Lecture 26: Networking Future.
1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168) Limited Transmit (RFC 3042)
UCB Implementing QoS Jean Walrand EECS. UCB Outline What? Bandwidth, Delay Where? End-to-End, Edge-to-Edge, Edge-to-End, Overlay Mechanisms Access Control.
1 Internet Networking Spring 2003 Tutorial 11 Explicit Congestion Notification (RFC 3168)
DoS-resistant Internet - progress Bob Briscoe Jun 2005.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #8 Explicit Congestion Notification (RFC 3168) Limited Transmit.
Lecture 5: Congestion Control l Challenge: how do we efficiently share network resources among billions of hosts? n Last time: TCP n This time: Alternative.
An Architecture for Differentiated Services
CS 268: Lecture 11 (Differentiated Services) Ion Stoica March 6, 2001.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
A broadband incentive solution re-feedback Bob Briscoe, BT Research Nov 2005 CFP broadband incentives w-g.
Whither Congestion Control? Sally Floyd E2ERG, July
Controlling Internet Quality with Price Market Managed Multi-service Internet Bob Briscoe BTexact Research, Edge Lab, University College London & M3I Technical.
{vp, sra, Security in Differentiated Services Networks Venkatesh Prabhakar Srinivas R.
Quality of Service (QoS)
QOS مظفر بگ محمدی دانشگاه ایلام. 2 Why a New Service Model? Best effort clearly insufficient –Some applications need more assurances from the network.
Quick-Start for TCP and IP A.Jain, S. Floyd, M. Allman, and P. Sarolahti ICSI, April 2006 This and earlier presentations::
ConEx Concepts and Uses Toby Moncaster John Leslie (JLC) Bob Briscoe (BT) Rich Woundy (ComCast) draft-moncaster-conex-concepts-uses-01.
Interconnect QoS business requirements Bob Briscoe BT Group CTO.
Downstream knowledge upstream re-feedback Bob Briscoe Arnaud Jacquet, Andrea Soppera, Carla Di Cairano-Gilfedder & Martin Koyabe BT Research.
Investment and load control incentives: broadband evolution from value to cost Bob Briscoe BT Networks Research Centre May 2005.
1 Lecture 14 High-speed TCP connections Wraparound Keeping the pipeline full Estimating RTT Fairness of TCP congestion control Internet resource allocation.
Beyond Best-Effort Service Advanced Multimedia University of Palestine University of Palestine Eng. Wisam Zaqoot Eng. Wisam Zaqoot November 2010 November.
Congestion marking for low delay (& admission control) Bob Briscoe BT Research Mar 2005.
Controlling Internet Quality with Price Market Managed Multiservice Internet Bob Briscoe BT Research, Edge Lab, University College London & M3I Technical.
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
Differentiated Services for the Internet Selma Yilmaz.
Re’Arch 2008 Policing Freedom… to use the Internet Resource Pool Arnaud.Jacquet, Bob.Briscoe, Toby.Moncaster December
1 Congestion Control Computer Networks. 2 Where are we?
Congestion exposure BoF candidate protocol: re-ECN Bob Briscoe Chief Researcher, BT Nov 2009 This work is partly funded by Trilogy, a research project.
Downstream knowledge upstream re-feedback Bob Briscoe Arnaud Jacquet, Carla Di Cairano- Gilfedder, Andrea Soppera & Martin Koyabe BT Research.
CS640: Introduction to Computer Networks Aditya Akella Lecture 20 - Queuing and Basics of QoS.
Guaranteed QoS Synthesiser (GQS) Bob Briscoe, Peter Hovell BT Research Jan 2005.
Re-ECN: Adding Accountability for Causing Congestion to TCP/IP Bob Briscoe, BT & UCL Arnaud Jacquet, BT Alessandro Salvatori, BT CRN DoS w-g, Apr 2006.
Re-ECN: Adding Accountability for Causing Congestion to TCP/IP Bob Briscoe, BT & UCL Arnaud Jacquet, BT Alessandro Salvatori, BT IETF-64 tsvwg Nov 2005.
Making stuff real re-feedback Bob Briscoe, BT Research Nov 2005 CRN DoS resistant Internet w-g.
Solving this Internet resource sharing problem... and the next, and the next Bob Briscoe Chief Researcher BT Group (& UCL) Lou Burness, Toby Moncaster,
Interconnect QoS settlements & impairments Bob Briscoe BT Group CTO.
Users, Pricing and Resource Reservation: Managing Expectations. Jon Crowcroft,
End-to-End Principle Brad Karp UCL Computer Science CS 6007/GC15/GA07 25 th February, 2009.
Explicit Allocation of Best-Effort Service Goal: Allocate different rates to different users during congestion Can charge different prices to different.
NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong Talk:
Differentiated Services IntServ is too complex –More focus on services than deployment –Functionality similar to ATM, but at the IP layer –Per flow QoS.
NC STATE UNIVERSITY / MCNC Protecting Network Quality of Service Against Denial of Service Attacks Douglas S. Reeves  S. Felix Wu  Fengmin Gong DARPA.
An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.
Providing QoS in IP Networks
DigiComm II-1 TAPAS EB/IAB Meeting Newcastle, 5/9/02 Real inter-domain paths are unlikely to offer explicit SLA although limited local SLAs are avail.
Internet Networking recitation #9
Topics discussed in this section:
Queue Management Jennifer Rexford COS 461: Computer Networks
Bob Briscoe, BT Murari Sridharan, Microsoft IETF-84 ConEx Jul 2012
Bob Briscoe, BT IETF-72 tsvwg Jul 2008
COS 461: Computer Networks
EE 122: Lecture 18 (Differentiated Services)
Internet Networking recitation #10
Congestion Control, Quality of Service, & Internetworking
1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.
EE 122: Differentiated Services
Presentation transcript:

policing congestion response in an internetwork using re-feedback Bob Briscoe 1,2 Arnaud Jacquet 1, Carla Di Cairano- Gilfedder 1, Alessandro Salvatori 1,3, Andrea Soppera 1 & Martin Koyabe 1 1 BT Research, 2 UCL, 3 Eurécom

2 intro the problem: policing congestion response host response to congestion: voluntary short and long term congestion short: policing TCP-friendliness (or any agreed response) long: policing file-sharing (selfish), zombie hosts (malicious/careless) network policing users’ congestion response: voluntary a network doesn’t care if users cause congestion in other networks access capacity rate eg. TCP T √ρ rate path congestion, ρ cumulative flows inverse prop’nal response

3 intro very serious problem a few unresponsive (UDP) flows wasn’t a problem converged IP network initially ~30-50% of bits inelastic (mostly voice), for BT internetwork similar can’t police required response to path congestion, if you don’t know it each element only sees local congestion network can’t reliably see e2e feedback (IPsec encryption, lying, route asymmetry) can’t hope inelastic apps ask to be unresponsive (Diffserv/signalling) because those that don’t ask can free-ride anyway due to lack of evidence of their ‘crime’ capacity investment risk unacceptable if can’t prevent free-riding uncontrollable demand dynamics and suppressed incentive to supply risk of repeated congestion collapse (alarmist?)

4 intro previous work detect high absolute rate [commercial boxes] sampled rate response to local congestion [RED + sin bin] transport control embedded in network [ATM] honest senders police feedback from rcvrs [ECN nonce]

5 intro wouldn’t it be nice if... source declared downstream path characteristics to network everyone was truthful: –endpoints and networks deployment could be incremental we could solve more general Internet Architecture problems –capacity allocn & accountability [NewArch] the big idea #1 then 2 sub-ideas based on... network economics & incentives rational networks (not users) no fiddling with user pricing challenge: break and improve incremental deployment idea #4 around unmodified IP routers BUT limited header bits slows attack detection considerably generalisations QoS DoS mitigation flow start incentives inter-domain traffic engineering non-IP internetworks...we can: our approach

6 path characterisation via data headers state of the art 0 ECN marking rate NANA NBNB NDND R1R1 S1S1 resource index along path 0.7% the idea 255 TTL resource index along path 0 0.5%

7 the idea before re-feedback after re-feedback – 242 downstream knowledge upstream N5N5 S1S1 R1R1 R2R2 N1N1 N2N S2S2 N3N3 N4N N5N5 S1S1 R1R1 R2R2 N1N1 N2N S2S2 N3N3 N4N – target at destination standardised to 16, say

8 downstream path characterisation 0 ECN rate NANA NBNB NDND R1R1 S1S1 0.5% resource index along path 0 re-ECN -0.5% 0.7% -0.7% the idea 255 TTL resource index along path re-TTL % -0.6%

9 incentives incentives: preamble so far, policing relies on self-incrimination?... focus initially on congestion header processing not just additive/subtractive generalises to monotonic functions (eg combinatorial probability of ECN marking) downstream unloaded delay (~TTL/2) has identical incentive properties to aid understanding solely graphical visualisation (see paper for maths) imagine that header carries a real number normalise: monotonically decreasing to target at zero downstream path metric ρ i resource index along path, i 0

10 incentives incentive framework: user-network policer incentivises understatement dropper incentivises overstatement downstream path metric, ρ i i Rcv Snd dropper policer

11 incentives 0 naïve dropper downstream path metric at rcvr, ρ n egress dropper policer incentivises understatement dropper incentivises overstatement i Rcv dropper downstream congestion probability distribution

12 policer incentivises understatement dropper incentivises overstatement i Rcv dropper incentives downstream congestion probability distribution 0 1 systematic cheating,  ρ nc  ρ nc penalising uncertain misbehaviour idea #2 downstream path metric at rcvr, ρ n stateless dropper truncated/dropped adaptive drop probability if signature prevalent in discards spawn focused dropper(s)

13 incentives 0 if everyone honest minimise false positives downstream path metric at rcvr, ρ n  ρ nc no systematic cheating,  ρ nc = 0 stateless dropper adaptive drop probability downstream congestion probability distribution policer incentivises understatement dropper incentivises overstatement i Rcv dropper

14 typical dropper simulation (note log scale) false positives false negatives 25% 75% incentives

15 incentives flow policer eg. TCP idea #3 incentive framework downstream path metric, ρ i Snd policer flow policer each packet header carries prediction of its own downstream path congestion, delay, … check/enforce agreed congestion response downstream congestion, ρ i rate TCP- friendly

16 unloaded delay, ρ 1,1 congestion, ρ 2,1 packet size, s incentives ingress TCP policer: stateful implementation downstream metrics in packet headers at internetwork ingress x = s/  t path congestion  downstr congestion p  ρ 2,1 path RTT  upstr RTT + 2 * downstr delay T  T ρ 1,1 ρ 1,1 ρ 2,1 s tt also bounded flow state policer implemented - using sampling

17 incentives incentive compatibility – hosts incentivise: responsible actions honest words net value to both end-points, ΔU overstatement of downstream path metric at source Δρ 0c practical ideal 0 R1R1 S1S1 scheduler /policer dropper dropper push-back Δρ 0c 0 dominant strategy

18 incentives incentive framework downstream path metric, ρ i i Rcv Snd congestion pricing dropper routing policer

19 incentives for networks to police their users ρ i is size of each packet factored by its downstream congestion metric metered between domains by single bulk counter automagically shares congestion revenue across domains, and within domains to direct upgrades can approximate congestion pricing with SLAs incentives downstream path metric, ρ i resource sequence index, i NANA NBNB NDND R1R1 S1S1 ρ AB ρ BD ~Profit A Profit B Profit D £ £ flat-priced revenue

20 incentives congestion competition – inter-domain routing if congestion → profit for a network, why not fake it? upstream networks will route round more highly congested paths N A can see relative costs of paths to R 1 thru N B & N C the issue of monopoly paths incentivise new provision collusion issues require market regulation NANA NBNB NCNC NDND R1R1 S1S1 ? down- stream route cost, Q i resource sequence index, i faked congestio n ? routin g choice

21 deployment re-ECN (sketch idea #4) on every EchoCE from TCP, set ECT(0) at any point on path, diff between rates of ECT(0) & CE is downstream congestion works with unchanged routers code- point standard designation 00not-ECT 10ECT(0) 01ECT(1) 11CE mechanism (approx) ECT(1) 0 …i… n 0% 100% code-point rate resource index 0% re-ECN, ρ i -3% -2.6% NANA NBNB NDND R1R1 S1S1 3% 97% ρ i = ECT(0) - CE ECT(0) CE 0.4% CE standard EchoCE in TCP

22 deployment deployment incentives re-ECN deployment by incremental sender upgrades re-TTL can be hacked for legacy receivers deploy policers and droppers permissively config’d allows new & legacy behaviours to co-exist incrementally increase strictness throttles legacy stacks: upgrade incentive knob beware: slow to catch cheaters with one bit re-ECN

23 generalise edge QoS = our original motivation once timely truthful path visible... ingress network can allow spectrum of responses to incipient congestion ( w -weighted policer) equivalent* to offering differentiated QoS (*caveat: see paper) like [Kelly98] but without the need for congestion pricing of users purely by local (sender↔ingress) arrangement no authorisation on any other network elements (equal marking) would need suitable back-pressure – e.g. higher flat fee other networks reimbursed automagically by inter-domain congestion pricing (SLA model also possible) x wx TCP

24 generalise no time for… (see paper) long term per-user policing (complements per-flow) throttles down sources of persistent long term congestion encourages p2p file-sharing apps to avoid peaks & fill troughs DDoS mitigation extreme downstream congestion prompts extreme policing at all ingresses long term per-user policing throttles out zombies not claiming we can discriminate intent flow-start incentives deliberate dilemma: downstream metric during flow start? creates slow-start incentive downstream congestion, ρ i i

25 info & control R1R1 S1S1 info re-feedback summary reinsert feedback to align path characterisations at receiver packets arrive at each router predicting downstream path arranged for dominant strategy of all parties to be honesty incremental deployment + upgrade incentive knob hangs new capabilities on ECN deployment, not just performance a simple idea for the Internet’s accountability architecture democratises path information either network or source can control (control requires timely information) designed for tussle: preserves e2e principle, but endpoint control optional summary latent control R1R1 S1S1 info no info control

policing congestion response in an internetwork using re-feedback Q&A

27 intro path congestion typically at both edges congestion risk highest in access nets cost economics of fan-out but small risk in cores/backbones failures, anomalous demand 00 bandwidth cost, C £/bps aggregate pipe bandwidth, B /bps C  1  B NANA NBNB NDND R1R1 S1S1

28 incentives last hop dropper: discrimination sensitivity fraction of dishonest arrivals true positives truncation rate of dishonest traffic false positives truncation rate of honest traffic cheating level of dishonest sources

29 incentives spawning focused droppers use sin-bin technique [Floyd99] examine (candidate) discards for any signature spawn child dropper to focus on subset that matches signature kill child dropper if no longer dropping (after random wait) push back send hint upstream defining signature(s) if (any) upstream node has idle processing resource test hint by spawning dropper focused on signature as above cannot DoS with hints, as optional & testable no need for crypto authentication – no additional DoS vulnerability

30 generalise incentive framework downstream congestion, ρ i Snd congestion pricing policer /scheduler per-user policer policer /scheduler rate downstream congestion, ρ i long term congestion incentives cumulative multiple flows effectively throttles out zombie hosts incentivises owners to fix them incentivises file-sharing in congestion troughs

31 distributed denial of service merely enforcing congestion response honest sources increase initial metric & reduce rate malicious sources –if do increase initial metric policer at attacker’s ingress forces rate response have to space out packets even at flow start –if don’t increase initial metric negative either at the point of attack or before distinguished from honest traffic and discarded push back kicks in if persistent downstream congestion, ρ i i generalise

32 generalise initial value of metric(s) for new flows? undefined – deliberately creates dilemma if too low, may be dropped at egress if too high, may be deprioritised at ingress without re-feedback (today) if congested: all other flows share cost equally with new flow if not congested: new flow rewarded with full rate with re-feedback risk from lack of path knowledge carried solely by new flow creates slow-start incentive once path characterised, can rise directly to appropriate rate also creates incentive to share path knowledge can insure against the risk (see differentiated service) slow-enough-start R1R1 S1S1 scheduler/ policer dropper scheduler/ policer dropper push- back