Download presentation
Presentation is loading. Please wait.
Published byAubrey Ball Modified over 8 years ago
1
Googling the Internet (and Beyond) Aleksandar Kuzmanovic EECS Department Northwestern University http://networks.cs.northwestern.edu
2
A. KuzmanovicFrom TCP to Net Neutrality and Back 2 Today’s Talk TCP congestion control DoS against streaming CDNs Googling the Internet A. Kuzmanovic Googling the Internet (and Beyond)
3
A. KuzmanovicFrom TCP to Net Neutrality and Back 3 TCP Congestion Control Question –Why do we care about TCP congestion control in the year 2009? Overwhelming opinion: –TCP research is incremental –Not relevant any more –It is boring –No high-impact breakthroughs are possible any more A. Kuzmanovic Googling the Internet (and Beyond)
4
A. KuzmanovicFrom TCP to Net Neutrality and Back 4 Non-Incremental Advances are Possible A. Kuzmanovic, “The Power of Explicit Congestion Notification,” in ACM SIGCOMM 2005. “… throughput increases by more than 40% while the average web response time simultaneously decreases by nearly an order of magnitude.” A. Kuzmanovic, A. Mondal, S. Floyd, and K. K. Ramakrishnan, “Adding Explicit Congestion Notification (ECN) to TCP’s SYN/ACK Packets,” IETF Draft, work in progress. Server A. Kuzmanovic Googling the Internet (and Beyond)
5
A. KuzmanovicFrom TCP to Net Neutrality and Back 5 Congestion Control Fundamentals Congestion collapse –1986: throughput from LBL to UC Berkeley dropped from 32 Kbps to 40 bps V. Jacobson, “Congestion Avoidance and Control,” in ACM CCR, 18(4): 314-329, Aug 1988. –Slow start –Dynamic window sizing –RTT variance estimation –Exponential retransmit timer backoff A. Kuzmanovic Googling the Internet (and Beyond)
6
A. KuzmanovicFrom TCP to Net Neutrality and Back 6 Why Exponential Backoff? Jacobson adopted exponential backoff from the classical shared-medium Ethernet protocol –“IP gateway has essentially the same behavior as Ether in a shared-medium network.” A. Kuzmanovic Googling the Internet (and Beyond)
7
A. KuzmanovicFrom TCP to Net Neutrality and Back 7 Why Exponential Backoff? Jacobson adopted exponential backoff from the classical shared-medium Ethernet protocol –“IP gateway has essentially the same behavior as Ether in a shared-medium network.” – Not true! C C A. Kuzmanovic Googling the Internet (and Beyond)
8
A. KuzmanovicFrom TCP to Net Neutrality and Back 8 Our Result Implicit packet conservation principle –When to resend a packet: As soon as the retransmission timeout expires –End-to-end performance can only improve if we remove the exponential backoff from TCP (proof in the paper) A. Mondal and A. Kuzmanovic, “Removing Exponential Backoff from TCP,” in ACM CCR, October 2008. A. Kuzmanovic Googling the Internet (and Beyond)
9
A. KuzmanovicFrom TCP to Net Neutrality and Back 9 Today’s Talk TCP congestion control DoS against streaming CDNs Googling the Internet A. Kuzmanovic Googling the Internet (and Beyond)
10
A. KuzmanovicFrom TCP to Net Neutrality and Back Background ● CDNs (e.g., Akamai) perform extensive network and server measurements Publish the results via DNS over short time scales Global Monitoring Infrastructure Edge Server 1 Edge Server 2 feedback update DNS Server New edge server IP 10 A. Kuzmanovic Googling the Internet (and Beyond)
11
A. KuzmanovicFrom TCP to Net Neutrality and Back 11 CDN-Driven One-Hop Source Routing S A1 An A2 …….. D DNS ServerEnE2E1 A.-J. Su, D. Choffnes, A. Kuzmanovic, and F. Bustamante, “Drafting Behind Akamai (Travelocity-Based Detouring),” in ACM SIGCOMM 2006. A. Kuzmanovic Googling the Internet (and Beyond)
12
A. KuzmanovicFrom TCP to Net Neutrality and Back 12 Relative Network Positioning Wide-area distributed network systems can benefit from network positioning systems Key idea: –Infer relative network distance by overlapping CDN replica servers A.-J. Su, D. Choffnes, F. Bustamante, and A. Kuzmanovic, “Relative Network Positioning via CDN Redirections,” in IEEE ICDCS 2008. Client 1 Replica servers R2 0.8 0.2 Client 2 R1 Redirection frequency for Client 1 to replica server R1 0.8 0.2 A. Kuzmanovic Googling the Internet (and Beyond)
13
A. KuzmanovicFrom TCP to Net Neutrality and Back Motivation 13 A. Kuzmanovic Googling the Internet (and Beyond) ● >50% of online users would leave and never come back to a streaming site when streaming quality is bad [Akamai ’07]
14
A. KuzmanovicFrom TCP to Net Neutrality and Back Akamai’s Streaming Architecture Entry Points Reflectors Edge Servers Is DNS-based load balancing resilient to DoS attacks? A. Kuzmanovic Googling the Internet (and Beyond)
15
A. KuzmanovicFrom TCP to Net Neutrality and Back Slow Load Balancing Experiment A. Kuzmanovic Googling the Internet (and Beyond)
16
A. KuzmanovicFrom TCP to Net Neutrality and Back Slow Load Balancing Result Start probing machines Edge server becomes overloaded DNS updated, stop probing machines DNS updated, stop probing machines Throughput recovers DNS-based system is too slow to react to overloaded conditions DNS-based system is too slow to react to overloaded conditions A. Kuzmanovic Googling the Internet (and Beyond)
17
A. KuzmanovicFrom TCP to Net Neutrality and Back Facts: -Akamai gathers streams from different customers into channels -Streams from the same region and the same channel map to the same reflector Facts: -Akamai gathers streams from different customers into channels -Streams from the same region and the same channel map to the same reflector Issue: How to attack reflectors? Challenge: Information about reflectors not publicly available Approach: Use edge servers as proxies Need mapping between edge servers and reflectors Issue: How to attack reflectors? Challenge: Information about reflectors not publicly available Approach: Use edge servers as proxies Need mapping between edge servers and reflectors Reflector-level Experiments Customers A. Kuzmanovic Googling the Internet (and Beyond)
18
A. KuzmanovicFrom TCP to Net Neutrality and Back Amplification Attack Service degradation at similar pace Service degradation at similar pace Throughput recovery It is possible to attack reflectors by using edge servers as “proxies” It is possible to attack reflectors by using edge servers as “proxies” Start probing machines Bottleneck observed, stop probing machines A. Kuzmanovic Googling the Internet (and Beyond)
19
A. KuzmanovicFrom TCP to Net Neutrality and Back Countermeasures Existing approaches –Stream replication –Resource-based admission control –Solving puzzles Our approach –Shielding internal administrative information –Secure edge-cluster design Key issues: –Tradeoff between transparency and DoS resiliency –Streaming-targeted bandwidth-based DoS attacks are feasible A-J. Su and A. Kuzmanovic, “Thinning Akamai,” in USENIX/ACM IMC 2008. A. Kuzmanovic Googling the Internet (and Beyond)
20
A. KuzmanovicFrom TCP to Net Neutrality and Back 20 Today’s Talk TCP congestion control DoS against streaming CDNs Googling the Internet A. Kuzmanovic Googling the Internet (and Beyond)
21
A. KuzmanovicFrom TCP to Net Neutrality and Back 21 Motivation Can we use Google for networking research? Can we systematically exploit search engines to harvest endpoint information available on the Internet? Huge amount of endpoint information available on the web A. Kuzmanovic Googling the Internet (and Beyond)
22
A. KuzmanovicFrom TCP to Net Neutrality and Back 22 Websites run logging software and display statistics Some popular proxy services also display logs Popular servers (e.g., gaming) IP addresses are listed Blacklists, banlists, spamlists also have web interfaces Even P2P information is available on the Internet since the first point of contact with a P2P swarm is a publicly available IP address Where Does the Information Come From? Servers Clients P2P Malicious A. Kuzmanovic Googling the Internet (and Beyond)
23
A. KuzmanovicFrom TCP to Net Neutrality and Back URL Hit text URL Hit text URL Hit text …. Rapid Match Domain name Keywords Domain name Keywords …. IP tagging IP Address xxx.xxx.xxx.xxx Website cache Search hits 23 Methodology – Web Classifier and IP Tagging A. Kuzmanovic Googling the Internet (and Beyond)
24
A. KuzmanovicFrom TCP to Net Neutrality and Back 24 Infer what applications people are using across the world without having access to network traces Infer what applications people are using across the world without having access to network traces Detecting Application Usage Trends A. Kuzmanovic Googling the Internet (and Beyond)
25
A. KuzmanovicFrom TCP to Net Neutrality and Back 25 Traffic Classification Problem – traffic classification Current approaches (port-based, payload signatures, numerical and statistical etc.) Our approach –Use information about destination IP addresses available on the Internet A. Kuzmanovic Googling the Internet (and Beyond)
26
A. KuzmanovicFrom TCP to Net Neutrality and Back No sampling UEP maintains a large classification ratio even at higher sampling rates BLINC stays in the dark 2% at sampling rate 100 26 Working with Sampled Traffic I. Trestian, S. Ranjan, A. Kuzmanovic, and A. Nucci, “Unconstrained Endpoint Profiling (Googling the Internet),” in ACM SIGCOMM 2008. A. Kuzmanovic Googling the Internet (and Beyond)
27
A. KuzmanovicFrom TCP to Net Neutrality and Back 27 Summary http://networks.cs.northwestern.edu Congestion control is fundamental Tradeoff between transparency and DoS-resiliency Information is all around us (and Google is cool) Other projects: Monitoring network neutrality (NSF and Google Inc.) Auditing search engines ISP-enabled ad targeting Feasibility of location-based services (Narus Inc.) A. Kuzmanovic Googling the Internet (and Beyond)
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.