1 June 2015 Validating Inter-Domain SLAs with a Programmable Traffic Control System Elisa Boschi

Slides:

Advertisements

Similar presentations

Holding the Internet Accountable David Andersen, Hari Balakrishnan, Nick Feamster, Teemu Koponen, Daekyeong Moon, Scott Shenker.

Advertisements

Chapter 1: Introduction to Scaling Networks

RIP V1 W.lilakiatsakun.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.

Jaringan Komputer Dasar Network Layer dan IP (1) Aurelio Rahmadian.

Guide to Network Defense and Countermeasures Second Edition

William Stallings Data and Computer Communications 7 th Edition Chapter 13 Congestion in Data Networks.

Page 1 / 14 The Mesh Comparison PLANET’s Layer 3 MAP products v.s. 3 rd ’s Layer 2 Mesh.

1 EL736 Communications Networks II: Design and Algorithms Class3: Network Design Modeling Yong Liu 09/19/2007.

MPLS: The Magic Behind the Myths Grenville Armitage Lucent Technologies.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 5: Inter-VLAN Routing Routing & Switching.

CS Spring 2012 CS 414 – Multimedia Systems Design Lecture 15 –QoS Admission, QoS Negotiation, and Establishment of AV Connections Klara Nahrstedt.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Securing the Border Gateway Protocol (S-BGP) Dr. Stephen Kent Chief Scientist - Information Security.

CPSC Topics in Multimedia Networking A Mechanism for Equitable Bandwidth Allocation under QoS and Budget Constraints D. Sivakumar IBM Almaden Research.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 13: Troubleshoot TCP/IP.

Differentiated Services. Service Differentiation in the Internet Different applications have varying bandwidth, delay, and reliability requirements How.

Resource Management – a Solution for Providing QoS over IP Tudor Dumitraş, Frances Jen-Fung Ning and Humayun Latif.

Application Layer Anycasting: A Server Selection Architecture and Use in a Replicated Web Service Presented in by Jayanthkumar Kannan On 11/26/03.

© 2007 Pearson Education Inc., Upper Saddle River, NJ. All rights reserved.1 Computer Networks and Internets with Internet Applications, 4e By Douglas.

ACN: IntServ and DiffServ1 Integrated Service (IntServ) versus Differentiated Service (Diffserv) Information taken from Kurose and Ross textbook “ Computer.

In-Band Flow Establishment for End-to-End QoS in RDRN Saravanan Radhakrishnan.

An Architecture for Differentiated Services

1 Version 3.0 Module 10 Routing Fundamentals and Subnetting.

1 25\10\2010 Unit-V Connecting LANs Unit – 5 Connecting DevicesConnecting Devices Backbone NetworksBackbone Networks Virtual LANsVirtual LANs.

(part 3).  Switches, also known as switching hubs, have become an increasingly important part of our networking today, because when working with hubs,

Virtual LANs. VLAN introduction VLANs logically segment switched networks based on the functions, project teams, or applications of the organization regardless.

EQ-BGP: an efficient inter- domain QoS routing protocol Andrzej Bęben Institute of Telecommunications Warsaw University of Technology,

{vp, sra, Security in Differentiated Services Networks Venkatesh Prabhakar Srinivas R.

1 Multi Protocol Label Switching Presented by: Petros Ioannou Dept. of Electrical and Computer Engineering, UCY.

Chapter 22 Network Layer: Delivery, Forwarding, and Routing

Semester 3, v Chapter 3: Virtual LANs

Integrated Services (RFC 1633) r Architecture for providing QoS guarantees to individual application sessions r Call setup: a session requiring QoS guarantees.

1 Multi-Protocol Label Switching (MPLS). 2 MPLS Overview A forwarding scheme designed to speed up IP packet forwarding (RFC 3031) Idea: use a fixed length.

Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.

An Analytical Approach for the Two-Tier Resource Management Model IPS-MOME March 2004 Y. Rebahi.

1 Introducing Routing 1. Dynamic routing - information is learned from other routers, and routing protocols adjust routes automatically. 2. Static routing.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE II - Network Service Level Agreement (SLA) Establishment EGEE’07 Mary Grammatikou.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.

Defense by Amit Saha March 25 th, 2004, Rice University ANTS : A Toolkit for Building and Dynamically Deploying Network Protocols David Wetherall, John.

Othman Othman M.M., Koji Okamura Kyushu University 1.

11 SECURING YOUR NETWORK PERIMETER Chapter 10. Chapter 10: SECURING YOUR NETWORK PERIMETER2 CHAPTER OBJECTIVES  Establish secure topologies.  Secure.

Aadil Zia Khan and Shahab Baqai LUMS School of Science and Engineering QoS Aware Path Selection in Content Centric Networks Fahad R. Dogar Carnegie Mellon.

Chapter 9. Implementing Scalability Features in Your Internetwork.

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.

1 Route Optimization for Large Scale Network Mobility Assisted by BGP Feriel Mimoune, Farid Nait-Abdesselam, Tarik Taleb and Kazuo Hashimoto GLOBECOM 2007.

15.1 Chapter 15 Connecting LANs, Backbone Networks, and Virtual LANs Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.

Nicolas Simar – DANTE - Sequin: Monitoring Infrastructure Monitoring Premium IP.

Module 1: Configuring Routing by Using Routing and Remote Access.

Cisco S3C3 Virtual LANS. Why VLANs? You can define groupings of workstations even if separated by switches and on different LAN segments –They are one.

- 1 IPv6 Quality of Service Measurement Issues and Solutions Alessandro Bassi Hitachi Europe SAS RIPE 50 meeting Stockholm, 2 nd May 2005.

1 Computer Communication & Networks Lecture 21 Network Layer: Delivery, Forwarding, Routing Waleed.

Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.

STORE AND FORWARD & CUT THROUGH FORWARD Switches can use different forwarding techniques— two of these are store-and-forward switching and cut-through.

ICS 156: Networking Lab Magda El Zarki Professor, ICS UC, Irvine.

SLA/SLS Fundamental concepts SLAs/SLSs are the essential mechanisms for agreeing, configuring, delivering, guaranteeing and evaluating the obtained QoS.

Routing and Routing Protocols PJC CCNA Semester 2 Ver. 3.0 by William Kelly.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Course Introduction.

Company LOGO Network Management Architecture By Dr. Shadi Masadeh 1.

IETF 62 NSIS WG1 Porgress Report: Metering NSLP (M-NSLP) Georg Carle, Falko Dressler, Changpeng Fan, Ali Fessi, Cornelia Kappler, Andreas Klenk, Juergen.

An End-to-End Service Architecture r Provide assured service, premium service, and best effort service (RFC 2638) Assured service: provide reliable service.

Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates Zhenhai Duan, Xin Yuan Department of Computer Science Florida State.

Layer 3 Routing and Addressing. Layer 3 Responsibilities Move data through a set of networks. Use a hierarchical addressing scheme. Segment network and.

Chapter 8: Monitoring the Network

Presentation transcript:

1 June 2015 Validating Inter-Domain SLAs with a Programmable Traffic Control System Elisa Boschi Matthias Bossardt Thomas Dübendorfer IWAN 2005

1 June 2015 MOTIVATION Services (VoIP, multimedia streaming…) require a minimum level of performance –Negotiated in Service Level Agreements When Service Level Agreements cross ISP boundaries: –how to validate the compliance of network services to the guarantees in an SLA Problems –ISPs have minimal information about characteristics and performance of other networks –Performance of specific path portions

1 June 2015 SCENARIO (jitter measurement)  Requires dynamic configuration of devices located in different domains –Major security concerns

1 June 2015 HOW CAN WE ACHIEVE THIS Deploying measurement logic on distributed programmable Traffic Processing Devices (TPDs) –Attached to routers –Located in several Autonomous Systems Almost abitrary service logic (flexibility) Configuration on-demand of TPDs on the end-to- end path Delegation of partial management capabilities to network users –Security against misuse...

1 June 2015 „GOLDEN RULES“ TRAFFIC OWNERSHIP: traffic control is restricted to the „owner“ of source IP address or destination IP address Source and destination IP addresses cannot be modified The TTL field of IP packets cannot be modified The packet rate must not increase. The amount of traffic leaving the TPD must be equal or less than the amount of traffic entering it.

1 June 2015 TRAFFIC CONTROL SYSTEM (TCS) A user registers with the Traffic Control Service Provider (TCSP) The TCSP manages the Traffic Control services –Checks user‘s identity –Verifies the IP Addresses ownership with Internet Number Authorities –Sets up contracts with ISPs ISPs attach Traffic Processing Devices to (some of) their routers –Enable their network management system to program and configure them

1 June 2015 NODE ARCHITECTURE The router is extended with a programmable Traffic Processing Device (TPD)

1 June 2015 DEPLOYMENT PROCESS The deployment process is subdivided in layers For each service a layer offers, a service descriptor specifies –The mapping to sub-services –Mandatory and optional parameters –Restrictions Deployment logic on each layer maps the service request to services provided by the layer below –Based on service descriptors

1 June 2015 SERVICE REQUEST

1 June 2015 DELAY VARIATION DEPLOYMENT (1/2) The service offered by the TCSP and the required parameters are described in a service descriptor The service request contains –User identification –Parameter values: src and dest address Uplink I/F of A to ISP1 Downlink I/F from ISPn to Z Collector address ….

1 June 2015 DELAY VARIATION DEPLOYMENT (2/2) The TCSP –selects the ISPs according to the Restrictions BGP path from A to Z –AS numbers are taken from the Context Database –Maps the request to sub-services The ISPs –select the Traffic Processing Devices Only on egress routers from prevAS to next AS and on uplink and downlink I/Fs

1 June 2015 SERVICE COMPONENTS deployed on all TPDs Timestamp, packet ID, paket size are exported to the collector

1 June 2015 CONCLUSIONS Guarantees given in an inter-domain SLA can be validated Measurement services are executed on a programmable TCS –The TCS safely delegates partial control over TPDs to network user –Measurement logic is deployed to TPDs in different ASs –Highly modular (  reusability of components) –Secure against misuse („golden rules“) Other metrics possible Other services possible (DDoS mitigation)

1 June 2015 SCALABILITY CONSIDERATIONS Scaling factors –# service subscribers –# ISPs deploying the service –# service components installed / user –Bandwidth  Service logic and state per TPD –Memory needed is modest  Signalling effort –Small messages to few thousands ISPs not a bottleneck  Traffic processing capacity –HW solutions (FPGA) allow packet filtering at 10Gbps

1 June 2015 STATE OF THE ART in inter-domain measurement NIMI: SW system for building measurement infrastructures. Tools can be added (wrapper) IPMP: Active measurement protocol based on packet probes suited to measure delay at router level 6QM: Measurements are configured by sending an XML- based document to controllers on the end-to-end path Generally missing: –Flexible system to automatically deploy the service to the appropriate device –Adequate guarantees for network data privacy and against misuse

1 June 2015 INTER-DOMAIN QoS MODELS BILATERAL –2 providers interconnect at one or more points and agree on a set of metrics, methods... –Just 2, no reausability COOPERATIVE –Set of rules a cooperating group of ISPs has to follow –Standards needed THIRD-PARTY –Composes end-to-end results, responsible for site-to-site measurement –More flexible

1 June 2015 OUTLINE Motivation Scenario: inter-domain jitter measurement Traffic Control System Node Architecture Deployment process Conclusions

1 June 2015 BACK TO THE SCENARIO: JITTER MEASUREMENT

1 June 2015 components

1 June 2015 SERVICE REQUEST

1 June GOLDEN RULES (explaination) –Such rerouting could wreak havoc easily (causing routing loops, interference with other routing mechanisms, transparent source spoofing, or “forwarding” of attack traffic). –as it aims to set an upper bound of network resources a packet is able to use. –we need to prevent that the service can cause amplifying network-like effects. The amount of the network traffic leaving the traffic processing device must be equal or less compared to the amount of traffic entering it. I.e. packet size may only stay the same or become smaller.