Akamai vs. Flash Crowds and Distributed Denial of Service Akamai Technologies & Carnegie Mellon Bruce Maggs.

Slides:



Advertisements
Similar presentations
EDNS0 Client-Subnet for DNS based CDNs
Advertisements

Akamai Content Delivery Network Slides from Bruce Maggs.
CS 4700 / CS 5700 Network Fundamentals Lecture 15: Content Delivery Networks (Over 1 billion served … each day) Revised 10/22/2014.
Akamai DNS Offerings RSA © Conference ©2013 AKAMAI | FASTER FORWARD TM Akamai DNS Solutions Enhanced DNS (eDNS) Scalable, outsourced, DNS solution.
Amazon CloudFront An introductory discussion. What is Amazon CloudFront? 5/31/20122© e-Zest Solutions Ltd. Amazon CloudFront is a web service for content.
1 Server Selection & Content Distribution Networks (slides by Srini Seshan, CS CMU)
Netflix Content Delivery RIPE – April 2012 – David Temkin 1.
Key Algorithms in a Content Delivery System Akamai Technologies and Carnegie Mellon University Bruce Maggs.
Engineering a Content Delivery Network COMPSCI 214 Computer Networks and Distributed Systems Bruce Maggs.
Engineering a Content Delivery Network Bruce Maggs.
19 Historical overview Main challenge: How to distribute content in high quality over the Internet cost-effectively? • Traditional “Best-effort” model:
Spring 2003CS 4611 Content Distribution Networks Outline Implementation Techniques Hashing Schemes Redirection Strategies.
Internet Content Providers End Users The Internet: Simple on the Outside…
Criticisms of I3 Zhichun Li. General Issues Functionality Security Performance Practicality If not significant better than existing schemes, why bother?
The Internet Useful Definitions and Concepts About the Internet.
EEC-484/584 Computer Networks Discussion Session for HTTP and DNS Wenbing Zhao
CDNs & Replication Prof. Vern Paxson EE122 Fall 2007 TAs: Lisa Fowler, Daniel Killebrew, Jorge Ortiz.
IMC 2004Jeff Pang 1 Availability, Usage, and Deployment Characteristics of the Domain Name System Jeffrey Pang *, James Hendricks *, Aditya Akella *, Roberto.
Flash Crowds And Denial of Service Attacks: Characterization and Implications for CDNs and Web Sites Aaron Beach Cs395 network security.
Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
ECOMMERCE TECHNOLOGY SUMMER 2002 COPYRIGHT © 2002 MICHAEL I. SHAMOS eCommerce Technology Web Content Delivery.
1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:
Content Delivery Networks. History Early 1990s sees 100% growth in internet traffic per year 1994 o Netscape forms and releases their first browser.
AKAMAI Content Delivery Services AKAMAI Content Delivery Services CIS726 : PRESENTATION Avinash Ponugoti Avinash Ponugoti Nagarjuna Nagulapati Sathish.
Caching and Content Distribution Networks. Web Caching r As an example, we use the web to illustrate caching and other related issues browser Web Proxy.
Content Delivery Networks (CDN) Dr. Yingwu Zhu Reverse Proxy Reverse Proxy Reverse Proxy Intranet Web Cache Architecure Browser Local ISP cache L4 Switch.
Content Distribution Networks (CDNs) Mike Freedman COS 461: Computer Networks Lectures: MW 10-10:50am in Architecture N101
OARtech Patrick W. Gilmore April 11, 2001.
Asfandyar Qureshi (MIT) Rick Weber (Akamai) Hari Balakrishnan (MIT) John Guttag (MIT) Bruce Maggs (Duke/Akamai) cutting the electric bill for internet-
Content Delivery Networks - Principles & Practice Northeastern& Akamai Technologies Ravi Sundaram.
Content Distribution Networks CPE 401 / 601 Computer Network Systems Modified from Ravi Sundaram, Janardhan R. Iyengar, and others.
DDoS Attack and Its Defense1 CSE 5473: Network Security Prof. Dong Xuan.
The Role of Content Delivery Networks in Protecting Web Sites from Attacks Bruce Maggs VP for Research, Akamai Technologies.
1 Content Distribution Networks. 2 Replication Issues Request distribution: how to transparently distribute requests for content among replication servers.
Content Distribution March 8, : Application Layer1.
CSE 534 – Fundamentals of Computer Networks Lecture 11: Content Delivery Networks (Over 1 billion served … each day) Based on slides by D. NEU.
Barracuda Load Balancer Server Availability and Scalability.
{ Content Distribution Networks ECE544 Dhananjay Makwana Principal Software Engineer, Semandex Networks 5/2/14ECE544.
Global NetWatch Copyright © 2003 Global NetWatch, Inc. Factors Affecting Web Performance Getting Maximum Performance Out Of Your Web Server.
Global Internet Content Delivery Akamai Technologies and Carnegie Mellon University Bruce Maggs.
Final Introduction ---- Web Security, DDoS, others
Akamai Technologies - Overview RSA ® Conference 2013.
How Akamai Handles Large Events Bruce Maggs Carnegie Mellon Duke Akamai Technologies.
CONTENT DELIVERY NETWORKS
DYNAMIC LOAD BALANCING ON WEB-SERVER SYSTEMS by Valeria Cardellini Michele Colajanni Philip S. Yu.
Overlay Networks: An Akamai Perspective Ramesh K. Sitaraman, mangesh kasbekar, Woody Lichtenstein, and Manish Jain Akamai Technologies Inc Univerisy of.
Bruce Maggs Duke University Akamai Technologies Carnegie Mellon University delivering content to the next billion.
Globally Distributed Content Delivery Presenter: Baoning Wu 03/25/2003.
Content Distribution Network, Proxy CDN: Distributed Environment
CS 6401 Overlay Networks Outline Overlay networks overview Routing overlays Resilient Overlay Networks Content Distribution Networks.
Overlay Networks : An Akamai Perspective
Kona Security Solutions - Overview
Content Delivery Networks: Status and Trends Speaker: Shao-Fen Chou Advisor: Dr. Ho-Ting Wu 5/8/
Content Delivery Networks in Flux Bruce Maggs Duke University Akamai Technologies.
Content Distribution Networks (CDNs)
Engineering a Content Delivery Network Bruce Maggs.
Internet Traffic Engineering Motivation: –The Fish problem, congested links. –Two properties of IP routing Destination based Local optimization TE: optimizing.
John S. Otto Mario A. Sánchez John P. Rula Fabián E. Bustamante Northwestern, EECS.
Multicast in Information-Centric Networking March 2012.
Content Distribution Networks
Content Distribution Networks
Engineering a Content Delivery Network
Practical Censorship Evasion Leveraging Content Delivery Networks
AKAMAI INTELLIGENT PLATFORM™
AWS Cloud Computing Masaki.
Engineering a Content Delivery Network
Content Delivery and Remote DNS services
AKAMAI Content Delivery Services
Engineering a Content Delivery Network
The Evolution of a Content Delivery Network: A 21-Year Perspective
Presentation transcript:

Akamai vs. Flash Crowds and Distributed Denial of Service Akamai Technologies & Carnegie Mellon Bruce Maggs

Outline AkamaiAkamai Content Delivery on 9/11Content Delivery on 9/11 Impact of the “Slammer” WormImpact of the “Slammer” Worm FirstPointFirstPoint SiteShieldSiteShield

Akamai Services and Products windowsupdate.microsoft.com/

Akamai’s Platform for Delivering Content and Applications Akamai Servers at Network Edge Content Providers End Users NAP

Current Installations Network Deployment Servers Networks 65+ Countries

Content Delivery Using Akamai <html><head> Welcome to xyz.com! Welcome to xyz.com! </head><body> <img src=“ Welcome to our Web site! Welcome to our Web site! Click here to enter Click here to enter </body></html> Embedded URLs are Converted to ARLs ak

End User Akamai DNS Resolution Akamai High-Level DNS Servers 10 g.akamai.net 1 Browser’s Cache OS 2 Local Name Server 3 xyz.com’s nameserver 6 ak.xyz.com 7 a212.g.akamai.net Akamai Low-Level DNS Servers 12 a212.g.akamai.net xyz.com.com.net Root (InterNIC) akamai.net8 select cluster select servers within cluster

Content Delivery on 9/11 Akamai’s network had capacity for all content providers requesting serviceAkamai’s network had capacity for all content providers requesting service Total bits served on September 11 was approximately 3.5 times normalTotal bits served on September 11 was approximately 3.5 times normal Traffic was higher on September 12Traffic was higher on September 12 (But not as high as January 7, 2002)(But not as high as January 7, 2002)

News Site A – FreeFlow Traffic

News Site A – FreeFlow Streaming

News Site B – EdgeSuite Traffic

News Site B – FreeFlow Traffic

News Site B – FreeFlow Streaming

Portal A – FreeFlow traffic

Sports Site A – FreeFlow traffic

Steve Jobs Keynote

Impact of Sapphire/Slammer Worm Web site performance severely impacted Congestion in core of Internet Significant route flapping

Military Web Site - Performance

71 content providers; 17 agents

Military Web Site - Reliability

Video

Aggregate Routing Activity 11:30 PM EST Friday

Routing Activity by Network 11:30 PM EST Friday

DOS attacks Coordinated attacks From multiple compromised machines On website or upstream Goal – to overwhelm Hacker-based e.g., – Microsoft, Yahoo! Voluntary sit-ins e.g., – World Economic Forum

Microsoft

What is FirstPoint Traffic management system for mirrored websitesTraffic management system for mirrored websites Directs browser to the optimal mirrorDirects browser to the optimal mirror DNS basedDNS based Application level anycastApplication level anycast

Why FirstPoint Content providers have mirrored websitesContent providers have mirrored websites Content providers only want to offload embedded contentContent providers only want to offload embedded content -Control -Security -Performance

Mapping Problem How to improve user experience?

What is the Mapping Problem Problem of directing requests to servers so as to optimize end-user experienceProblem of directing requests to servers so as to optimize end-user experience -reduce latency -reduce loss -reduce jitter Assumption - servers are fine Assumption - servers are fine Applicable to 2 mirrors or 1500 Akamai locationsApplicable to 2 mirrors or 1500 Akamai locations

Attempt Measure which is closerMeasure which is closer -Closeness changes over time Measure frequentlyMeasure frequently -Bothers people -Too many to do ~500,000 unique nameservers on any given day 10 sec per measurement cycle

Idea TopologyTopology -relatively static -changes in BGP time -order of hours if not days CongestionCongestion -dynamic -changes in round-trip time -order of milliseconds

Topology Discovery - Proxy points Data exchange

Topology Discovery 500,000 nameservers 500,000 nameservers reduced to 90,000 proxy points (clusters)

Congestion Measurement Problem - Still too many measurements to do. 90,000 measurements every 10s with 32B packets requires a few Mbps per mirror. Problem - Still too many measurements to do. 90,000 measurements every 10s with 32B packets requires a few Mbps per mirror. Solution - Importance based sampling Solution - Importance based sampling

CDF of End-user Load

Load Estimation 500,000 nameservers reduced to 90,000 clusters 90,000 clusters 7,000 account for 95% end-user load!

Mapping Problem – Solved? Maps built every 10s

FirstPoint Customers - how to tell?Customers - how to tell? -look for CNAME to akadns.net Customers - who?Customers - who? -High traffic content providers -Yahoo!, Microsoft, TicketMaster etc Price - don’t ask :)Price - don’t ask :) Competitors - whoCompetitors - who -one-of-a-kind service -boxes: Cisco, F5, Foundry

FirstPoint - other aspects Load-balancingLoad-balancing -estimate-based -feedback-based : https, snmp -cost-based: 95/5 Fast cutout in case of failoverFast cutout in case of failover Highly fault-tolerantHighly fault-tolerant -hardware duplication, leader election -overlay routing, BGP-based anycast Integration with other servicesIntegration with other services -DOS/Load failover

SiteShield Content provider’s website Hacker! AKAMAIAKAMAI AKAMAIAKAMAI AKAMAIAKAMAI

SiteShield IP address of origin shielded Akamai can be attacked But Akamai will respond by Diffusion – load balancing, & Resurrection – reviving unpinned servers

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.