Content-oriented Networking Platform: A Focus on DDoS Countermeasure ( In incremental deployment perspective) Authors: Junho Suh, Hoon-gyu Choi, Wonjun.

Slides:



Advertisements
Similar presentations
Identifying MPLS Applications
Advertisements

IPv4 - IPv6 Integration and Coexistence Strategies Warakorn Sae-Tang Network Specialist Professional Service Department A Subsidiary.
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
FIREWALLS Chapter 11.
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
Location vs. Identities in Internet Content: Applying Information-Centric Principles in Today’s Networks Instructor: Assoc. Prof. Chung-Horng Lung Group.
Module 5: Configuring Access to Internal Resources.
Review of Important Networking Concepts
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
CDNs & Replication Prof. Vern Paxson EE122 Fall 2007 TAs: Lisa Fowler, Daniel Killebrew, Jorge Ortiz.
Computer Network Architecture and Programming
Anycast Jennifer Rexford Advanced Computer Networks Tuesdays/Thursdays 1:30pm-2:50pm.
Introduction to Management Information Systems Chapter 5 Data Communications and Internet Technology HTM 304 Fall 07.
1 Review of Important Networking Concepts Introductory material. This module uses the example from the previous module to review important networking concepts:
Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Vocabulary URL = uniform resource locator: web address protocol –set of rules that networked computers follow in order to share data and coordinate communications.
A Scalable, Commodity Data Center Network Architecture.
Cellular IP: Proxy Service Reference: “Incorporating proxy services into wide area cellular IP networks”; Zhimei Jiang; Li Fung Chang; Kim, B.J.J.; Leung,
Network based IP VPN Architecture using Virtual Routers Jessica Yu CoSine Communications, Inc. Feb. 19 th, 2001.
1 Review of Important Networking Concepts Introductory material. This slide uses the example from the previous module to review important networking concepts:
1 TCP/IP architecture A set of protocols allowing communication across diverse networks Out of ARPANET Emphasize on robustness regarding to failure Emphasize.
1 Content Distribution Networks. 2 Replication Issues Request distribution: how to transparently distribute requests for content among replication servers.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
Intranet, Extranet, Firewall. Intranet and Extranet.
Communications Recap Duncan Smeed. Introduction 1-2 Chapter 1: Introduction Our goal: get “feel” and terminology more depth, detail later in course.
1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
Chapter 6: Packet Filtering
Chapter 4 Networking and the Internet Introduction to CS 1 st Semester, 2015 Sanghyun Park.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Chapter 1: Introduction to Web Applications. This chapter gives an overview of the Internet, and where the World Wide Web fits in. It then outlines the.
CSx760 Computer Networks1 Introduction to Network Protocols Kang Li.
Computer Networks (CS 132/EECS148) General Networking Example Karim El Defrawy Donald Bren School of Information and Computer Science University of California.
Private Network Interconnection Chapter 20. Introduction Privacy in an internet is a major concern –Contents of datagrams that travel across the Internet.
1 Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example.
The Inter-network is a big network of networks.. The five-layer networking model for the internet.
Review of the literature : DMND:Collecting Data from Mobiles Using Named Data Takashima Daiki Park Lab, Waseda University, Japan 1/15.
A Firewall for Routers: Protecting Against Routing Misbehavior1 June 26, A Firewall for Routers: Protecting Against Routing Misbehavior Jia Wang.
1 Network Administration Module 3 ARP/RARP. 2 Address Resolution The problem Physical networks use physical addresses, not IP addresses Need the physical.
The Intranet.
An analysis of Skype protocol Presented by: Abdul Haleem.
Multimedia & Mobile Communications Lab.
Presented by Rebecca Meinhold But How Does the Internet Work?
TCP/IP (Transmission Control Protocol / Internet Protocol)
Net 221D:Computer Networks Fundamentals
Santhosh Rajathayalan ( ) Senthil Kumar Sevugan ( )
1. Layered Architecture of Communication Networks: TCP/IP Model
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
J. Liebeher (modified by M. Veeraraghavan) 1 Introduction Complexity of networking: An example Layered communications The TCP/IP protocol suite.
Networking (Cont’d). Congestion Control l Is achieved by informing nodes along a route that congestion has occurred and asking them to reduce their packet.
- 1 - DPNM Review of Important Networking Concepts J. Won-Ki Hong Dept. of Computer Science and Engineering POSTECH Tel:
John S. Otto Mario A. Sánchez John P. Rula Fabián E. Bustamante Northwestern, EECS.
Cryptography and Network Security
@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.
IPv6 Security Issues Georgios Koutepas, NTUA IPv6 Technology and Advanced Services Oct.19, 2004.
Presented by Deepak Varghese Reg No: Introduction Application S/W for server load balancing Many client requests make server congestion Distribute.
Mobile IP THE 12 TH MEETING. Mobile IP  Incorporation of mobile users in the network.  Cellular system (e.g., GSM) started with mobility in mind. 
A quick intro to networking
Computer Data Security & Privacy
Network Architecture Introductory material
Distributed Content in the Network: A Backbone View
Review of Important Networking Concepts
COMP/ELEC 429/556 Introduction to Computer Networks
EE 122: Lecture 22 (Overlay Networks)
Review of Important Networking Concepts
Presentation transcript:

Content-oriented Networking Platform: A Focus on DDoS Countermeasure ( In incremental deployment perspective) Authors: Junho Suh, Hoon-gyu Choi, Wonjun National University

Outline Introduction Content-oriented Networking Architecture –Communication Procedure –Main components –Scenario Summary 2

Change in Communication Paradigm Move to Content-oriented Network –Internet traffic is already content-oriented CDN, multimedia, P2P… –Users/applications care “what to receive” They don’t care “from whom” Host based communication model is outdated 3

IP networking vs. Content networking IP networking –Lookup-by-name Indirection (from name to locator) –Availability concerned Locators can be aggregated –Achieving routing scalability Content-oriented networking –Route-by-name No indirection –Better availability Scalability issue –Content name is flat No backward compatibility 4

Content networking under IP network Observations –Current IP networking leverages network prefixes in routing Routing scalability is good –Content-oriented networking is not good for routing, but good for availability Huge scaling burden –No backward compatibility in content-oriented networking Content routing and IP routing should be combined We propose a grassroots approach –Some popular contents will be cached –Routing info. for those contents can be propagated in local and best-effort manner 5

Content-oriented networking platform Objectives –Exploit content networking to adopt current Internet New entities –Content-aware Agent Interact content based network and IP network Achievements –Security, accountability, incremental deployment to the current Internet 6

Content Request IP-less communication Assumption –Lookup “Content Name” by web search –Content Name URI form Communication inside domain –Requests are relayed to CAA by L2 forwarding –CAA contacts DNS –Consumer cannot contact server directly 1: I want a particular content (e.g. HTTP URI) 2: Here you are consumer CAA internet 7

Content Distribution Registers its domain name in DNS –Agent’s IP address (of the egress link) 8 publisher CAA internet 1: a request for your content 2: here you are

Content-Aware Agent (CAA) Proxy for interacting with IP network –Handle content requests/response FQDN to obtain IP address for publisher’s CAA –Authority content server’s CAA –Caching the requested contents Gateway for heterogeneous networks –Protocol translate or Tunneling –Relay contents in inter-domain environment 9

General Architecture Agent Gateway A Gateway B Publisher Content request Agent’s IP address Agent DNS Content based Communication IP based Communication host Content Distribution Domain Name System Content-Aware Agent (CAA) Content-Aware Router (CAR) 10 Content distribution

Scenario DDoS can happen by requesting content (using HTTP URIs) –Many hosts across multiple ISPs Agent of the publisher detects first –Informs the all the gateways of this event –To request countermeasure A gateway solicits other gateway to reduce the content request rate to the publisher under attack 11 * DDoS might not be activated by some admission control

Implementation 12 Software PCI Bus CPU RxQ CPU RxQ CPU TxQ CPU TxQ CPU RxQ CPU RxQ CPU TxQ CPU TxQ CPU RxQ CPU RxQ CPU TxQ CPU TxQ CPU RxQ CPU RxQ CPU TxQ CPU TxQ nf2_reg_grp user data path nf2c0 nf2c1 nf2c2 nf2c3 ioctl MAC TxQ MAC TxQ MAC RxQ MAC RxQ MAC TxQ MAC TxQ MAC RxQ MAC RxQ MAC TxQ MAC TxQ MAC RxQ MAC RxQ MAC TxQ MAC TxQ MAC RxQ MAC RxQ Ethernet 2. Monitoring Requested contents NetFPGA-Openflow 1. Capture URI/URL 3. Accounting flow 4. Make decision whether DDoS or not

Implementation 13 –In the header parser http_get messages are captured, and then forwarded to the nc2c0 –Otherwise, the module bypasses normal packets

Implementation 14 Controller –Each agent solicits other agents to reduce the content request rate to the publisher under attack via controller To all connected Agent Agent –Checks and limits the rate (if # of request > threshold)

Scenario Example 15 Attacker Content Server Regular host controller Agent HTTP GET TCP flow Control flow

Summary Grassroots approach Content-oriented Networking Platform –Content-Aware Agent (CAA) 16

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.