A Peer-to-Peer DNS Ilya Sukhar Venugopalan Ramasubramanian Emin Gün Sirer Cornell University.

Slides:

Advertisements

Similar presentations

Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,

Advertisements

P2P data retrieval DHT (Distributed Hash Tables) Partially based on Hellerstein’s presentation at VLDB2004.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Peer to Peer and Distributed Hash Tables

Pastry Peter Druschel, Rice University Antony Rowstron, Microsoft Research UK Some slides are borrowed from the original presentation by the authors.

P2PIR'06: "Distributed Cache Table (DCT)" Gleb Skobeltsyn, Karl Aberer D istributed T able: Efficient Query-Driven Processing of Multi-Term Queries in.

Scalable Content-Addressable Network Lintao Liu

Peer-to-Peer (P2P) Distributed Storage 1Dennis Kafura – CS5204 – Operating Systems.

Sergei Komarov. DNS  Mechanism for IP hostname resolution  Globally distributed database  Hierarchical structure  Comprised of three components.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility Antony Rowstron, Peter Druschel Presented by: Cristian Borcea.

Corona: A High Performance Publish-Subscribe System for the World Wide Web Authors: V. Ramasubramanian, R. Peterson and E.G. Sirer Cornell University Presenter:

Chord: A scalable peer-to- peer lookup service for Internet applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashock, Hari Balakrishnan.

1 Aug. 3 rd, 2007Conference on and Anti-Spam (CEAS’07) Slicing Spam with Occam’s Razor Chris Fleizach, Geoffrey M. Voelker, Stefan Savage University.

1 Accessing nearby copies of replicated objects Greg Plaxton, Rajmohan Rajaraman, Andrea Richa SPAA 1997.

1 Content Delivery Networks iBAND2 May 24, 1999 Dave Farber CTO Sandpiper Networks, Inc.

CoDoNs A High-Performance Alternative for the Domain Name System Emin Gün Sirer Venugopalan Ramasubramanian Computer Science, Cornell University.

Information-Centric Networks03c-1 Week 3 / Paper 3 The design and implementation of a next generation name service for the Internet –Venugopalan Ramasubramanian.

Beehive: Achieving O(1) Lookup Performance in P2P Overlays for Zipf-like Query Distributions Venugopalan Ramasubramanian (Rama) and Emin Gün Sirer Cornell.

An Engineering Approach to Computer Networking

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Storage Management and Caching in PAST, a large-scale, persistent peer- to-peer storage utility Authors: Antony Rowstorn (Microsoft Research) Peter Druschel.

Topics in Reliable Distributed Systems Lecture 2, Fall Dr. Idit Keidar.

P2P: Advanced Topics Filesystems over DHTs and P2P research Vyas Sekar.

SkipNet: A Scalable Overlay Network with Practical Locality Properties Nick Harvey, Mike Jones, Stefan Saroiu, Marvin Theimer, Alec Wolman Microsoft Research.

Application Layer At long last we can ask the question - how does the user interface with the network?

Chord-over-Chord Overlay Sudhindra Rao Ph.D Qualifier Exam Department of ECECS.

Squirrel: A decentralized peer- to-peer web cache Paul Burstein 10/27/2003.

Fixing the Embarrassing Slowness of OpenDHT on PlanetLab Sean Rhea, Byung-Gon Chun, John Kubiatowicz, and Scott Shenker UC Berkeley (and now MIT) December.

Topics in Reliable Distributed Systems Fall Dr. Idit Keidar.

Wide-area cooperative storage with CFS

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

Or, Providing Scalable, Decentralized Location and Routing Network Services Tapestry: Fault-tolerant Wide-area Application Infrastructure Motivation and.

1/25/2000 Active Names: Flexible Location and Transport of Wide-Area Resources Luis Rivera.

Hashing it Out in Public Common Failure Modes of DHT-based Anonymity Schemes Andrew Tran, Nicholas Hopper, Yongdae Kim Presenter: Josh Colvin, Fall 2011.

Storage management and caching in PAST PRESENTED BY BASKAR RETHINASABAPATHI 1.

1 Content Distribution Networks. 2 Replication Issues Request distribution: how to transparently distribute requests for content among replication servers.

Justine Sherry*, Shaddi Hasan*, Colin Scott*, Arvind Krishnamurthy†,

{ Content Distribution Networks ECE544 Dhananjay Makwana Principal Software Engineer, Semandex Networks 5/2/14ECE544.

PIC: Practical Internet Coordinates for Distance Estimation Manuel Costa joint work with Miguel Castro, Ant Rowstron, Peter Key Microsoft Research Cambridge.

SAINT ‘01 Proactive DNS Caching: Addressing a Performance Bottleneck Edith Cohen AT&T Labs-Research Haim Kaplan Tel-Aviv University.

Global NetWatch Copyright © 2003 Global NetWatch, Inc. Factors Affecting Web Performance Getting Maximum Performance Out Of Your Web Server.

The Design and Implementation of a Next Generation Name Service for the Internet Leo Bhebhe

Content Overlays (Nick Feamster). 2 Content Overlays Distributed content storage and retrieval Two primary approaches: –Structured overlay –Unstructured.

Paper Presentation – CAP Page 2 Outline Review - DNS Proposed Solution Simulation Results / Evaluation Discussion.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

The Impact of DHT Routing Geometry on Resilience and Proximity K. Gummadi, R. Gummadi..,S.Gribble, S. Ratnasamy, S. Shenker, I. Stoica.

1 Distributed Hash Tables (DHTs) Lars Jørgen Lillehovde Jo Grimstad Bang Distributed Hash Tables (DHTs)

Peer-to-Peer Name Service (P2PNS) Ingmar Baumgart Institute of Telematics, Universität Karlsruhe IETF 70, Vancouver.

Architecture for Caching Responses with Multiple Dynamic Dependencies in Multi-Tier Data- Centers over InfiniBand S. Narravula, P. Balaji, K. Vaidyanathan,

Perils of Transitive Trust in the Domain Name System Chen Xi Chen Xi.

An IP Address Based Caching Scheme for Peer-to-Peer Networks Ronaldo Alves Ferreira Joint work with Ananth Grama and Suresh Jagannathan Department of Computer.

Scalable Content- Addressable Networks Prepared by Kuhan Paramsothy March 5, 2007.

Paper Survey of DHT Distributed Hash Table. Usages Directory service  Very little amount of information, such as URI, metadata, … Storage  Data, such.

1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.

Plethora: Infrastructure and System Design. Introduction Peer-to-Peer (P2P) networks: –Self-organizing distributed systems –Nodes receive and provide.

A Comparative Study of the DNS Design with DHT-Based Alternatives 95/08/31 Chen Chih-Ming.

Information-Centric Networks Section # 3.3: DNS Issues Instructor: George Xylomenos Department: Informatics.

CS 6401 Overlay Networks Outline Overlay networks overview Routing overlays Resilient Overlay Networks Content Distribution Networks.

Introduction to Active Directory

LOOKING UP DATA IN P2P SYSTEMS Hari Balakrishnan M. Frans Kaashoek David Karger Robert Morris Ion Stoica MIT LCS.

Large Scale Sharing Marco F. Duarte COMP 520: Distributed Systems September 19, 2004.

COMP 431 Internet Services & Protocols

The Design and Implementation of a Next Generation Name Service for the Internet V. Ramasubramanian, E. Gun Sirer Cornell Univ. SIGCOMM 2004 Ciprian Tutu.

1 Plaxton Routing. 2 History Greg Plaxton, Rajmohan Rajaraman, Andrea Richa. Accessing nearby copies of replicated objects, SPAA 1997 Used in several.

TRUST Self-Organizing Systems Emin G ü n Sirer, Cornell University.

THE DOMAIN NAME SYSTEM AS AN ADDRESS DIRECTORY FOR THE WORLDWIDE WEB. 1.

Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications * CS587x Lecture Department of Computer Science Iowa State University *I. Stoica,

Accessing nearby copies of replicated objects

Distributed Peer-to-peer Name Resolution

Presentation transcript:

A Peer-to-Peer DNS Ilya Sukhar Venugopalan Ramasubramanian Emin Gün Sirer Cornell University

What’s wrong with DNS? Failure Resilience Delegation Bottlenecks Physical Bottlenecks Performance Latency tradeoff Misconfiguration & Load Imbalance

Failure Resilience – Delegation Bottlenecks 75% of domains are served by only two nameservers. Not a reflection of popularity – 62.8% in Top 500 have the same problem

Failure Resilience – Physical Bottlenecks Majority of domains are physically bottlenecked at a single gateway or router Delegation redundancy is deceiving – many backup nameservers reside in the same subnet.

Performance – Latency Lookups are expensive ~20-40% of web object retrieval time spent on DNS ~20-30% of DNS lookups take more than 1s [Jung et al. 01, Huitema et al. 00, Wills & Shang 00, Bent & Voelker 01]

The Problems Failure Resilience Delegation and physical bottlenecks make attractive DDoS targets Latency Dilemma of choosing between lookup performance and update propagation. Timeout driven caching isn’t effective. Short TTL’s impose enormous overhead and drastically reduce cache hit rates. Static Hierarchy Load imbalance, points of failure

Our Approach Built on top of structured Distributed Hash Tables (DHTs) Self organizing Failure resilient Scalable Good performance

DHTs 101 Pastry Map all nodes onto common identifier space Map all objects onto the same space using a key (for DNS, the name). log b N hops to travel the ring Several round trips on the Internet – not so great, right? 0122 object 0121 hash(“ =

CoDoNS Adjusting the level of replication allows us to bound the latency of any lookup. As always, must find the optimal point in the space- time tradeoff. How? Use good mathematical properties of DNS query distribution Key intuition: we can do this per- object based on popularity and properties of our distribution!

CoDoNS In CoDoNS, each object is replicated at some level i. Object is stored on all nodes with i matching prefixes and looking it up requires at most i hops in the ring.

Performance Problem reduces to minimizing the level of caching such that average lookup performance remains under some constant bound C. –i = 1 for all objects yields O(1) lookups! Obviously not such a great idea. Lots of math leads us to a single, closed form solution to the optimization problem.

What’s the Big Deal? 1. Provides strict guarantee of average lookup latency Can achieve desired cache hit rate. C =.5 is perfectly feasible. 2. Utilizes as little bandwidth and space as possible despite constant time lookups. 3. Balances load – objects are replicated based on popularity. 4. Resilient against failures. 5. Update propagation is easy when each object’s location is described by a single level i.

Implementation Details Namespace management and query resolution are two different things. We improve the latter and don’t touch the former. For name owners, CoDoNS is insert, delete, and update and nothing more. For end users, CoDoNS is a resolver. Name hierarchy, administrative policies, politics, domain sales? We’re agnostic. CoDoNS serves the exact same namespace with the exact same interface.

Implementation Details Caching and authoritative services Caching: All names not explicitly inserted are resolved via traditional methods. Once inserted, only a single home node polls legacy DNS for updates. No undue stress is put upon existing systems.  Initial insertion is checked for validity at multiple locations and then signed by our private key. Authoritative: Domain is delegated to nsXX.codons.net Security Model If you believe in DNSSEC, you (should) believe in CoDoNS. Malicious or compromised nodes are not an issue unless the private key is stolen in which case you probably have bigger problems.

Bottom Line Serves two functions Caching / safety net for legacy DNS Authoritative name service Name hierarchy independent of server heirarchy Name delegations independent of server requirements Fully transparent and compatible with legacy DNS Legacy DNS

Our Current Deployment PlanetLab Global Consortium for “developing, deploying, and accessing planetary- scale services.” Translation: Access to many high powered boxes on fat pipes at universities and research labs nodes at 300+ sites.

Real World Performance Trace from MIT nameservers. 12 hours, December ~300k queries, ~50k domains. Most significant result: very fast average time for lookups!

Fast Lookups 213 ms337 ms90 th % 199 ms382 msmean 2 ms39 msmedian CoDoNSLegacy DNS

Electoral-Vote.com Peak: Nov 1st-8th Over 1 mil queries per day. Nobody bothered/dared to DDoS. No downtime. Andy Tanenbaum’s side project – a demanding first customer. In 2004, experienced malicious DDoS on nameservers. Back for revenge.

Conclusion Proactive caching based on analytical models derived from query distribution leads to strong bounds on lookup times. Low latency, efficient updates, self-configuring, real redundancy, etc. We’re looking to partner with ISPs and DNS providers to host CoDoNS nodes. We’re willing to host or backup your DDoS prone names. Any questions? {ilya,