1 Quality of Service vs. Any Service at All 10th IEEE/IFIP Conference on Network Operations and Management Systems (NOMS 2006) Vancouver, BC, Canada April.

Slides:



Advertisements
Similar presentations
Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.
Advertisements

Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
1 Resonance: Dynamic Access Control in Enterprise Networks Ankur Nayak, Alex Reimers, Nick Feamster, Russ Clark School of Computer Science Georgia Institute.
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Programmable Measurement Architecture for Data Centers Minlan Yu University of Southern California 1.
Traffic Shaping Why traffic shaping? Isochronous shaping
5-Network Defenses Dr. John P. Abraham Professor UTPA.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 7 “Denial-of-Service-Attacks”.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
High speed links, distributed services, can’t modify routers  Lack of visibility But, need for more visibility and control  Increased number and complexity.
Router Architecture : Building high-performance routers Ian Pratt
SANE: A Protection Architecture for Enterprise Networks Offense by: Amit Mondal Bert Gonzalez.
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
What's inside a router? We have yet to consider the switching function of a router - the actual transfer of datagrams from a router's incoming links to.
10 - Network Layer. Network layer r transport segment from sending to receiving host r on sending side encapsulates segments into datagrams r on rcving.
1 NSF DRAFT PROPOSAL Protecting Networks with COPS: Making Networks More Robust by Checking, Observing, and Protecting Services Randy H. Katz, Scott Shenker,
1 Action Breakout Session Anil, AP, Nina Bhatti, Charles Berdnall, Joe Hellerstein, Wei Hu, Anthony Joseph, Randy Katz, Li, Machi Mukund Kimmo Raatikanen,
Beyond the perimeter: the need for early detection of Denial of Service Attacks John Haggerty,Qi Shi,Madjid Merabti Presented by Abhijit Pandey.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
1 Protecting Networks with COPS: Making Networks More Robust by Checking, Observing, and Protecting Services Randy H. Katz, Scott Shenker, Ion Stoica Computer.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.
1 Quality of Service vs. Any Service at All IWQoS 2005 Passau Germany Randy H. Katz Computer Science Division Electrical Engineering and Computer Science.
1 SAHARA and OASIS Overviews NTT MCL Visit November 6, 2003 Randy H. Katz Computer Science Division Electrical Engineering and Computer Science Department.
Lecture 15 Denial of Service Attacks
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
Router Architectures An overview of router architectures.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
Chapter 1: Hierarchical Network Design
Association of Communications Engineers Corralling the Broadband Stampede May 7 – 9, 2012 Fort Worth, Texas.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 8 – Denial of Service.
Workpackage 3 New security algorithm design ICS-FORTH Paris, 30 th June 2008.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.
1 Enterprise Networks under Stress. 2 = 60% growth/year Vern Paxson, ICIR, “Measuring Adversaries”
1 Liquid Software Larry Peterson Princeton University John Hartman University of Arizona
INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Salim Hariri HPDC Laboratory Enhanced General Switch Management Protocol Salim Hariri Department of Electrical and Computer.
Univ. of TehranAdv. topics in Computer Network1 Advanced topics in Computer Networks University of Tehran Dept. of EE and Computer Engineering By: Dr.
1 Topic 2: Lesson 3 Intro to Firewalls Summary. 2 Basic questions What is a firewall? What is a firewall? What can a firewall do? What can a firewall.
1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies
Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.
CINBAD CERN/HP ProCurve Joint Project on Networking 26 May 2009 Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN.
Denial of Service Sharmistha Roy Adversarial challenges in Web Based Services.
April 4th, 2002George Wai Wong1 Deriving IP Traffic Demands for an ISP Backbone Network Prepared for EECE565 – Data Communications.
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
Denial of Service Attack 발표자 : 전지훈. What is Denial of Service Attack?  Denial of Service Attack = DoS Attack  Service attacks on a Web server floods.
Chapter 7 Denial-of-Service Attacks Denial-of-Service (DoS) Attack The NIST Computer Security Incident Handling Guide defines a DoS attack as: “An action.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.
Forwarding.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
Firewalls. Intro to Firewalls Basically a firewall is a barrier to keep destructive forces away from your computer network.
An Analysis of Using Reflectors for Distributed Denial-of- Service Attacks Paper by Vern Paxson.
1 A quick tutorial on IP Router design Optics and Routing Seminar October 10 th, 2000 Nick McKeown
ITU ccTLD Workshop March 3, 2003 A Survey of ccTLD DNS Vulnerabilities.
CCNP Routing and Switching Exam Pass4sure.
Distributed Network Monitoring in the Wisconsin Advanced Internet Lab Paul Barford Computer Science Department University of Wisconsin – Madison Spring,
Preliminaries: EE807 Software-defined Networked Computing KyoungSoo Park Department of Electrical Engineering KAIST.
Network Processing Systems Design
Quality and Value for the Exam 100% Guarantee to Pass Your Exam Based on Real Exams Scenarios Verified Answers Researched by Industry.
High Performance Computing Lab.
Action Breakout Session
Queue Management Jennifer Rexford COS 461: Computer Networks
Firewall – Survey Purpose of a Firewall Characteristic of a firewall
Presentation transcript:

1 Quality of Service vs. Any Service at All 10th IEEE/IFIP Conference on Network Operations and Management Systems (NOMS 2006) Vancouver, BC, Canada April 2006 Randy H. Katz Computer Science Division Electrical Engineering and Computer Science Department University of California, Berkeley Berkeley, CA

2 Networks Under Stress

3 = 60% growth/year Vern Paxson, ICIR, “Measuring Adversaries”

4 = 596% growth/year Vern Paxson, ICIR, “Measuring Adversaries” “Background” Radiation -- Dominates traffic in many of today’s networks

5 Network Protection Internet reasonably robust to point problems like link and router failures (“fail stop”) Successfully operates under a wide range of loading conditions and over diverse technologies During 9/11/01, Internet worked well, under heavy traffic conditions and with some major facilities failures in Lower Manhattan

6 Network Protection Networks awash in illegitimate traffic: port scans, propagating worms, p2p file swapping –Legitimate traffic starved for bandwidth –Essential network services (e.g., DNS, NFS) compromised Need: active management of network services to achieve good performance and resilience even in the face of network stress –Self-aware network environment –Observing and responding to traffic changes –Sustaining the ability to control the network

7 Berkeley Experience Campus Network –Unanticipated traffic renders the network unmanageable –DoS attacks, latest worm, newest file sharing protocol largely indistinguishable--surging traffic –In-band control is starved, making it difficult to manage and recover the network Department Network –Suspected DoS attack against DNS –Poorly implemented spam appliance overloads DNS –Difficult to access Web or mount file systems

8 Why and How Networks Fail Complex phenomenology of failure Traffic surges break enterprise networks “Unexpected” traffic as deadly as high net utilization –Cisco Express Forwarding: random IP addresses --> flood route cache --> force traffic thru slow path --> high CPU utilization --> dropped router table updates –Route Summarization: powerful misconfigured peer overwhelms weaker peer with too many router table entries –SNMP DoS attack: overwhelm SNMP ports on routers –DNS attack: response-response loops in DNS queries generate traffic overload

9 Technology Trends Integration of servers, storage, switching, and routing –Blade Servers, Stateful Routers, Inspection-and-Action Boxes (iBoxes) Packet flow manipulations at L4-L7 –Inspection/segregation/accounting of traffic –Packet marking/annotating Building blocks for network protection –Pervasive observation and statistics collection –Analysis, model extraction, statistical correlation and causality testing –Actions for load balancing and traffic shaping Load Balancing Traffic Shaping

10 Generic Network Element Architecture Interconnection Fabric Input Ports Output Ports Buffers “Tag” Mem CP AP Action Processor CP Classification Processor Rules & Programs

11 Active Network Elements Server Edge Network Edge Device Edge Network Edge Server Edge Device Edge Server Load Balancing Storage Nets NAT, Access Control Network-Device Configuration Firewall, IDS Traffic Shaper iBox

12 iBoxes: Observe, Analyze, Act Inspection-and-Action Boxes: Deep multiprotocol packet inspection No routing; observation & marking Policing points: drop, fence, block Enterprise Network Architecture

13 Observe- Analyze-Act Control exercised, traffic classified, resources allocated Statistics collection, prioritizing, shaping, blocking, … Minimize/mitigate effects of attacks & traffic surges Classify traffic into good, bad, and ugly (suspicious) –Good: standing patterns and operator-tunable policies –Bad: evolves faster, harder to characterize –Ugly: cannot immediately be determined as good or bad Filter the bad, slow the suspicious, preserve for the good –Sufficient to reduce false positives –Suspicious-looking good traffic may be slowed down, but won’t be blocked

14 Internet Edge PC Access Edge MS FS Spam Filter DNS Server Edge Scenario Distribution Tier

15 Observed Operational Problems User visible services: –NFS mount operations time out –Web access also fails intermittently due to time outs Failure causes: –Independent or correlated failures? –Problem in access, server, or Internet edge? –File server failure? –Internet denial of service attack?

16 Network Dashboard b/w consumed time Gentle rise in ingress b/w FS CPU utilization time No unusual pattern MS CPU utilization time Mail traffic growing DNS CPU utilization time Unusual step jump/ DNS xact rates Access Edge b/w consumed time Decline in access edge b/w In Web Out Web

17 Network Dashboard b/w consumed time FS CPU utilization time MS CPU utilization time DNS CPU utilization time Access Edge b/w consumed time Gentle rise in ingress b/w No unusual pattern Mail traffic growing Unusual step jump/ DNS xact rates Decline in access edge b/w In Web Out Web CERT Advisory! DNS Attack!

18 Observed Correlations Mail traffic up MS CPU utilization up –Service time up, service load up, service queue longer, latency longer DNS CPU utilization up –Service time up, request rate up, latency up Access edge b/w down Causality no surprise! How does mail traffic cause DNS load?

19 Run Experiment Shape Mail Traffic MS CPU utilization time Mail traffic limited DNS CPU utilization time DNS down Access Edge b/w consumed time Access edge b/w returns Root cause:  Spam appliance --> DNS lookups to verify sender domains;  Spam attack hammers internal DNS, degrading other services: NFS, Web In Web Out Web

20 Policies and Actions Restore the Network Shape mail traffic –Mail delay acceptable to users? –Can’t do this forever unless mail is filtered at the Internet edge Load balance DNS services –Increase resources faster than incoming mail rate –Actually done: dedicated DNS server for Spam appliance Other actions? Traffic priority, QoS knobs

21 Analysis Root causes difficult to diagnose –Transitive and hidden causes Key is pervasive observation –iBoxes provide the needed infrastructure –Observations to identify correlations –Perform active experiments to “suggest” causality

22 Many Challenges Policy specification: how to express? Service Level Objectives? Experimental plan –Distributed vs. centralized development –Controlling the experiments … when the network is stressed –Sequencing matters, to reveal “hidden” causes Active experiments –Making things worse before they get better –Stability, convergence issues Actions –Beyond shaping of classified flows, load balancing, server scaling?

23 Implications for Network Operations and Management Processing-in-the-Network is real Enables pervasive monitoring and actions Statistical models to discover correlations and to detect anomalies Automated experiments to reveal causality Policies drive actions to reduce network stress

24 Networks Under Stress

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.