1. reddy@ee.tamu.eduTexas A & M University1 Design, and Evaluation of a Partial State Router Phani Achanta A. L. Narasimha Reddy Dept. of Electrical Engineering Texas A&M University June 22 2004, ICC

2. reddy@ee.tamu.eduTexas A & M University2 Motivation Increasing non-responsive traffic Multimedia traffic reduced fairness Increased DoS attacks Bandwidth denial attacks appear as non- responsive traffic Need for mechanisms to control the high bandwidth flows Identification of high bandwidth flows Control of High bandwidth flows

3. reddy@ee.tamu.eduTexas A & M University3 Previous work Per-flow queuing mechanisms address these issues Maintain per flow state FQ, LQD Scalability concerns Scalable single queue mechanisms cannot provide ‘ flow isolation ’ Stateless schemes base decisions on overall characteristics observable at the router Droptail, RED, Diffserv Fail to contain aggressive flows

4. reddy@ee.tamu.eduTexas A & M University4 Previous work Denial of Service Attacks are addressed on a per-attack basis Network ingress filtering Need for scalable mechanisms Partial state mechanisms

5. reddy@ee.tamu.eduTexas A & M University5 Observations Internet traffic is heavy tailed Bulk of traffic is carried by a few flows (elephants) Bulk of the flows are short-lived (mice) Dropping packets from short-term flows does not alleviate the network congestion Class based congestion control does not take into account responsiveness of the traffic Need a scheme for a quantitative policy- driven control of bandwidth Partial State schemes

6. reddy@ee.tamu.eduTexas A & M University6 Partial State Routers Maintain a fixed amount of state State is managed by sampling or caching techniques Challenge: How do you manage state effectively to capture information about elephants?

7. reddy@ee.tamu.eduTexas A & M University7 Scheme - Outline Partial state can be used to identify non-responsive flows, bandwidth hogs or high bandwidth flows Normal flows are handled in a stateless fashion

8. reddy@ee.tamu.eduTexas A & M University8 LRU-FQ Partial state scheme Identification of high-bandwidth, non- responsive flows Cache contains Least Recently Used (LRU) flows Probabilistically replaces the bottom entry of LRU List contains mostly non-responsive high bandwidth flows Penalizing of non-responsive flows Employ fair queuing mechanism between non- responsive (cached) and responsive classes Ensures granular control of the proportion of non- responsive traffic that a router wants to handle

9. reddy@ee.tamu.eduTexas A & M University9 LRU-FQ flow chart – enqueue event Packet Arrival Is Flow in Cache? Yes No Does Cache Have space? Yes Admit flow with Probability ‘p’ No Is Flow Admitted? Record flow details Initialize ‘count’ to 0 Yes Increment ‘count’ Move flow to top of cache No Is ‘count’ >= ‘threshold’ No Yes Enqueue in Partial state Queue Enqueue in Normal Queue

10. reddy@ee.tamu.eduTexas A & M University10 LRU-FQ flow chart – dequeue event Dequeue event results in selection of a packet from either queues based on the Start Time Fair Queue algorithm The weights assigned to the individual queues determine the service allotted to each class of flows

11. reddy@ee.tamu.eduTexas A & M University11 LRU cache behavior LRU policy with probabilistic admission ensures only high bandwidth flows remain over a period of time Non-responsive high bandwidth flows percolate to the top of the LRU cache. Web mice which might corrupt the cache are controlled by the ‘ threshold ’ parameter

12. reddy@ee.tamu.eduTexas A & M University12 Implementation Issues on Linux

13. reddy@ee.tamu.eduTexas A & M University13 Linux IP packet forwarding Packet Arrival Check & Store Packet Enqueue pkt Request Scheduler To invoke bottom half Device Prepares packet Packet Departure Error checking Verify Destination Route to destination Update Packet Packet Enqueued Scheduler invokes Bottom half Scheduler runs Device driver Local packet Deliver to upper layers UPPER LAYERS IP LAYER LINK LAYER Design space

14. reddy@ee.tamu.eduTexas A & M University14 Linux Kernel Traffic control Filters are used to distinguish between different classes of flows Each class of flows can be further categorized into subclasses using filters Queuing disciplines control how the packets are enqueued and dequeued

15. reddy@ee.tamu.eduTexas A & M University15 LRU-FQ Implementation LRU-FQ is distributed among various QoS components of Linux. LRU component of the scheme is implemented as a filter. All parameters of LRU – threshold, probability, and cache size – are passed as parameters to the filter LRU cache is maintained within the filter.

16. reddy@ee.tamu.eduTexas A & M University16 LRU-FQ implementation Start Time Fair queuing is implemented as a queuing discipline. Each queue is scheduled based on its weight Existing Linux FQ queue disciplines work only for flows within a queue. Modified packet structure skbuff to carry STFQ start and finish tags.

17. reddy@ee.tamu.eduTexas A & M University17 LRU-FQ Validation Timing Analysis

18. reddy@ee.tamu.eduTexas A & M University18 LRU-FQ validation

19. reddy@ee.tamu.eduTexas A & M University19 Experimental Setup and Results

20. reddy@ee.tamu.eduTexas A & M University20 Experimental Test bed

21. reddy@ee.tamu.eduTexas A & M University21 Experiment 1 – Non-responsive flows Containing non- responsive flows: cache size=12, threshold=125, p=1/50 20 TCP long term flows varying number of UDP flows to study cache efficacy on varying weights of the queues.

22. reddy@ee.tamu.eduTexas A & M University22 Results – Non-responsive

23. reddy@ee.tamu.eduTexas A & M University23 Experiment 2 – Non-responsive flows To study effectiveness of scheme with reduced non-responsive flow rates threshold = 125, probability = 1/50 cache size=12 20 long term TCP flows

24. reddy@ee.tamu.eduTexas A & M University24 Results – Non-responsive

25. reddy@ee.tamu.eduTexas A & M University25 Experiment 3 – Web mice vs Elephants Web mice versus elephants effect of long term loads on web mice long term load contains both responsive an non- responsive loads probability=1/50, threshold=125, cache=12

26. reddy@ee.tamu.eduTexas A & M University26 Results – Web mice

27. reddy@ee.tamu.eduTexas A & M University27 Results – Web mice

28. reddy@ee.tamu.eduTexas A & M University28 Experiment 4 – Cache size Effect of varying cache size to study impact of cache size on performance of the scheme probability= 1/55, threshold = 125 number of TCP flows=20 equal weights for both queues.

29. reddy@ee.tamu.eduTexas A & M University29 Results – Cache size

30. reddy@ee.tamu.eduTexas A & M University30 Experiment 5 - Workloads Performance under normal workloads working of scheme when non-responsive loads are absent or use their fair share of bandwidth cache size = 9, threshold =125 probability = 1/55

31. reddy@ee.tamu.eduTexas A & M University31 Results – Normal workload

32. reddy@ee.tamu.eduTexas A & M University32 Results – Mixed workload

33. reddy@ee.tamu.eduTexas A & M University33 Conclusion Proposed, implemented and evaluated an LRU based partial state scheme (LRU-FQ) LRU-FQ shown to enable quantitative control of non-responsive traffic LRU-FQ shown to provide better performance for web mice flows

34. reddy@ee.tamu.eduTexas A & M University34 Future work Study of aggregate traffic instead of flow-specific schemes source based aggregation can help identifying DoS attacks from a single network Identification of proportion of non- responsive traffic in order to automate tuning of the LRU-FQ scheme

35. reddy@ee.tamu.eduTexas A & M University35 DropTail FIFO based - Easy to implement Full Queues and Lock-Out problems variants – Drop from front, Random Drop RED manages the average queue length by marking or dropping packets early does not contain aggressive flows Stateless AQM schemes

36. reddy@ee.tamu.eduTexas A & M University36 Stateless AQM schemes BLUE bases decisions on two events – packet losses due to Full queues and link idle times. the two events control congestion signaling probability does not contain aggressive flows. CHOKe Incoming packets are matched with random packet in queue to arrive at a drop strategy. does not contain aggressive flows.

37. reddy@ee.tamu.eduTexas A & M University37 Stateful AQM schemes Longest Queue Drop (LQD) per flow queue of packets packets from longest queue dropped upon exhaustion of buffers Flow RED (FRED) employs per flow RED and Fair Queuing alleviates some RED problems but requires per-flow queue

38. reddy@ee.tamu.eduTexas A & M University38 Packet State AQM schemes Diffserv packets marked ‘ in ’ and ‘ out ’ based on QoS contract. ‘ out ’ packets dropped disproportionately thus securing QoS for ‘ in ’ packets. Core-Stateless Fair Queuing packets carry the edge router ’ s estimate of fair rate on the outgoing link the fair rate is used to arrive at the forwarding probability.

39. reddy@ee.tamu.eduTexas A & M University39 Partial State AQM schemes Stabilized RED: SRED identification of misbehaving flows – ‘ zombie ’ list list is pruned by probabilistic replacement of a random entry with the incoming packet SACRED random sampling and holding to maintain a cache of ‘ marked ’ flows Random flows observed when average queue length exceeds a sampling threshold. At dropping threshold, packets are dropped from observed flows exceeding a limit share threshold

40. reddy@ee.tamu.eduTexas A & M University40 Partial State AQM schemes Red-PD makes use of the drop history observed at an RED router arrives at a list of flows exceeding a target threshold LRU-RED maintains an LRU to identify top ‘ n ’ flows. modifies RED to penalize them more than normal flows.

41. reddy@ee.tamu.eduTexas A & M University41 Active Queue Management schemes 1. Stateless decisions based on overall characteristics observable at the router queue like average queue length, aggregate arrival and departure rates etc. DropTail, RED, BLUE, CHOKe 2. Stateful per-flow state maintained to administer the scheme. Longest Queue Drop (LQD), FRED

42. reddy@ee.tamu.eduTexas A & M University42 Active Queue Management schemes 3. Packet state state is maintained within packets routers base decisions on the state within packets Diffserv, CSFQ 4. Partial state maintain a limited amount of state state is pruned using sampling and caching SRED, SACRED, RED-PD, LRU-RED

43. reddy@ee.tamu.eduTexas A & M University43 Denial of Service Solutions Network ingress filtering filter spoofed addresses Traceback algorithms throttle the attacker at the source network MULTOPS multi-level tree containing packet statistics proposed for bandwidth attack detection

44. reddy@ee.tamu.eduTexas A & M University44 Observations Stateful schemes are effective but not scalable Stateless schemes fail to protect normal flows from aggressive flows Earlier partial state schemes rely on RED mechanism for resource control Earlier work provides qualitative improvement of performance for responsive flows and short term flows

45. reddy@ee.tamu.eduTexas A & M University45 Possible Applications of Partial State schemes Control of non-responsive proportion of traffic Identification of top bandwidth hogs to alleviate certain DoS scenarios Better service for web mice lower delay bounds and larger connection rates weights of the fair queuing control the delay Control of Bandwidth allocation for normal traffic buffers assigned per queue control the bandwidth