Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS

Slides:



Advertisements
Similar presentations
Deployment of MPLS VPN in Large ISP Networks
Advertisements

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Scalable Content-Addressable Network Lintao Liu
NDN in Local Area Networks Junxiao Shi The University of Arizona
FIREWALLS Chapter 11.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan Presented.
Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.
Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.
High speed links, distributed services, can’t modify routers  Lack of visibility But, need for more visibility and control  Increased number and complexity.
1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
15-441: Computer Networking Lecture 26: Networking Future.
Traffic Engineering With Traditional IP Routing Protocols
1 Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications Robert Morris Ion Stoica, David Karger, M. Frans Kaashoek, Hari Balakrishnan.
On Proxy Server based Multipath Connections (PSMC) PhD Proposal Yu Cai 10/2003 University of Colorado at Colorado Springs.
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
Can ISPs and P2P Users Cooperate for Improved Performance? Vinay Aggarwal, Anja Feldmann (German Telecom Laboratories) Christian Scheideler (TU, Munchen)
1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)
The Case for Network-Layer, Peer-to-Peer Anonymization Michael J. Freedman Emil Sit, Josh Cates, Robert Morris MIT Lab for Computer Science IPTPS’02March.
IPv6 and Overlays EE122 Introduction to Communication Networks Discussion Section.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
CS 672 Paper Presentation Presented By Saif Iqbal “CarNet: A Scalable Ad Hoc Wireless Network System” Robert Morris, John Jannotti, Frans Kaashoek, Jinyang.
Worm Defense. Outline  Internet Quarantine: Requirements for Containing Self-Propagating Code  Netbait: a Distributed Worm Detection Service  Midgard.
1 Routing as a Service Karthik Lakshminarayanan (with Ion Stoica and Scott Shenker) Sahara/i3 retreat, January 2004.
Tarzan: A Peer-to-Peer Anonymizing Network Layer Michael J. Freedman, NYU Robert Morris, MIT ACM CCS 2002
Bandwidth DoS Attacks and Defenses Robert Morris Frans Kaashoek, Hari Balakrishnan, Students MIT LCS.
Game-based Analysis of Denial-of- Service Prevention Protocols Ajay Mahimkar Class Project: CS 395T.
An Overview Zhang Fu Outline What is DDoS ? How it can be done? Different types of DDoS attacks. Reactive VS Proactive Defence.
RON: Resilient Overlay Networks David Andersen, Hari Balakrishnan, Frans Kaashoek, and Robert Morris MIT Laboratory for Computer Science
CSE 461 University of Washington1 Topic Peer-to-peer content delivery – Runs without dedicated infrastructure – BitTorrent as an example Peer.
Using Routing and Tunnelling to Combat DoS Attacks Adam Greenhalgh, Mark Handley, Felipe Huici Dept. of Computer Science University College London
1 Meeyoung Cha, Sue Moon, Chong-Dae Park Aman Shaikh Placing Relay Nodes for Intra-Domain Path Diversity To appear in IEEE INFOCOM 2006.
ICN Considerations for ISP’s Existing Networks Lichun Li, Xin Xu, Jun Wang, Zhenwu Hao {xu.xin18, wang.jun17,
CS An Overlay Routing Scheme For Moving Large Files Su Zhang Kai Xu.
Peer to Peer Research survey TingYang Chang. Intro. Of P2P Computers of the system was known as peers which sharing data files with each other. Build.
RON: Resilient Overlay Networks David Andersen, Hari Balakrishnan, Frans Kaashoek, Robert Morris MIT Laboratory for Computer Science
SOS: Security Overlay Service Angelos D. Keromytis, Vishal Misra, Daniel Rubenstein- Columbia University ACM SIGCOMM 2002 CONFERENCE, PITTSBURGH PA, AUG.
RON: Resilient Overlay Networks David Andersen, Hari Balakrishnan, Frans Kaashoek, Robert Morris MIT Laboratory for Computer Science
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
A Routing Underlay for Overlay Networks Akihiro Nakao Larry Peterson Andy Bavier SIGCOMM’03 Reviewer: Jing lu.
Resilient Overlay Networks By David Andersen, Hari Balakrishnan, Frans Kaashoek, and Robert Morris MIT RON Paper from ACM Oct Advanced Operating.
A comparison of overlay routing and multihoming route control Hayoung OH
1 SOS: Secure Overlay Services A. D. Keromytis V. Misra D. Runbenstein Columbia University.
1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.
Application Architecture Internet Architecture David D. Clark MIT CSAIL September 2005.
High-Speed Policy-Based Packet Forwarding Using Efficient Multi-dimensional Range Matching Lakshman and Stiliadis ACM SIGCOMM 98.
Emergency Services Workshop, 21th-24 th of October, Vienna, Austria Page 1 IP-Based Emergency Applications and Services for Next Generation Networks PEACE.
Measurement in the Internet Measurement in the Internet Paul Barford University of Wisconsin - Madison Spring, 2001.
CS 6401 Overlay Networks Outline Overlay networks overview Routing overlays Resilient Overlay Networks Content Distribution Networks.
End-to-End Principle Brad Karp UCL Computer Science CS 6007/GC15/GA07 25 th February, 2009.
Masking Failures Using Anti Entropy and Redundant Independent Paths Rebecca Braynard and Amin Vahdat Internet Systems and Storage Group Duke University.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 Course Introduction.
CS 347Notes081 CS 347: Parallel and Distributed Data Management Notes 08: P2P Systems.
Lecture 17 Page 1 CS 236, Spring 2008 Distributed Denial of Service (DDoS) Attacks Goal: Prevent a network site from doing its normal business Method:
Overlay Networking Srinivasan Seetharaman Fall 2006.
1 Effective Diagnosis of Routing Disruptions from End Systems Ying Zhang Z. Morley Mao Ming Zhang.
1 Secure Peer-to-Peer File Sharing Frans Kaashoek, David Karger, Robert Morris, Ion Stoica, Hari Balakrishnan MIT Laboratory.
Internet Traffic Engineering Motivation: –The Fish problem, congested links. –Two properties of IP routing Destination based Local optimization TE: optimizing.
Placing Relay Nodes for Intra-Domain Path Diversity Meeyoung Cha Sue Moon Chong-Dae Park Aman Shaikh Proc. of IEEE INFOCOM 2006 Speaker 游鎮鴻.
Distributed Network Monitoring in the Wisconsin Advanced Internet Lab Paul Barford Computer Science Department University of Wisconsin – Madison Spring,
1 Scalability and Accuracy in a Large-Scale Network Emulator Nov. 12, 2003 Byung-Gon Chun.
SDN challenges Deployment challenges
Zueyong Zhu† and J. William Atwood‡
Securing the Network Perimeter with ISA 2004
Kris, Karthik, Ansley, Sean, Jeremy Dick, David K, Frans, Hari
Who should be responsible for risks to basic Internet infrastructure?
Guide: Dr. Vishal Sharma Group 8: Pujara Chirag ( )
Hari Balakrishnan Hari Balakrishnan Computer Networks
Presentation transcript:

Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS

Problems with ISP-Based Routing Users cannot select routing metrics. Sophisticated routing only within each ISP. Only ISPs assemble measurements. Hop-by-hop model is error-prone.

Example Problem: Policy Routing ISP3 ISP1ISP2 Site 1 Site 5Site 4 Site 3 Site 2 The red path may be legal but forbidden by policy.

RON Approach Move routing control towards end systems. Take advantage of small scale. Base decisions on end-to-end monitoring.

A Resilient Overlay Network ISP3 ISP1ISP2 N1 N5N4 N3 N2 RON node / edge router Site 2 Virtual RON link RON nodes exchange measurements and choose routes. Site 1 Site 3

End-System Control Enables Sophisticated Applications End-to-end QoS requirements. End-to-end metrics and trust. Aggressive adaptive re-routing algorithms. Application-oriented policy interpretation. Coordinated reactions to DoS attacks.

Example: Reliable Routing ISP3 ISP1ISP2 N1 N5N4 N3 N2 Overload x

Example: Perimeter Defense (1) Analyzing DoS attacks requires cooperation. –Detect near target, control near source. –Variable routing confuses historic traffic analysis. –Asymmetric routing hides one-way flows. –Hard to guess ingress even w/ true source addr. Groups of ISPs can deploy monitoring nodes. –Use RON for reliable coordination.

Example: Perimeter Defense (2) ISP3 ISP1ISP2 C1 C4 C3 C2 R4R3 R2R1 1. Look for unusual traffic. 2. Exchange alerts over RON. Attacker 3. Detect and control sources.

RON Implementation Challenges Measurements Topology choice Adaptive Routing Security

Measurements Characterize alternate paths: –Do they fail independently? –How often do they perform better? –Are there multiple sensible metrics? Are measurements predictive? Time scales long enough for adaptive routing?

Topology Choice ISP3 ISP1ISP2 N1 N7 N6 N4 N2 N5 N3 IP routing prefers short virtual links for high reliability. Gnutella prefers long links for fast query propagation.

Adaptive Routing Goal: Good paths through the RON topology. Tools: –Application-provided guidance. –Small scale  aggressive algorithms. –Cooperative measurement infrastructure. –RON-level source routing obviates consistency. Example: choose best 2-hop path.

Security Protection of data: –End-to-end or IPSec over RON virtual links. Protection of routing and control traffic: –Sites can choose whom to trust. Protection against DoS attacks on RON: –End-to-end authentication, hash cash.

Project Plan 1.Measure existing Internet for validation. 2.Design topology and routing algorithms. 3.Deploy RON nodes. 4.Build initial app: real-time collaboration. 5.Generalize API (content distribution, peer to peer file sharing).

Summary RON moves routing control to end systems. Well suited to collaborating groups of sites. Benefits: –More robust routing than the Internet. –More control over QoS. –Platform for cooperative defenses.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.