Presentation is loading. Please wait.

Presentation is loading. Please wait.

Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS

Published byHoratio Johns Modified over 9 years ago

Similar presentations

Presentation on theme: "Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS"— Presentation transcript:

1 Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS http://nms.lcs.mit.edu/projects/ron/

2 Problems with ISP-Based Routing Users cannot select routing metrics. Sophisticated routing only within each ISP. Only ISPs assemble measurements. Hop-by-hop model is error-prone.

3 Example Problem: Policy Routing ISP3 ISP1ISP2 Site 1 Site 5Site 4 Site 3 Site 2 The red path may be legal but forbidden by policy.

4 RON Approach Move routing control towards end systems. Take advantage of small scale. Base decisions on end-to-end monitoring.

5 A Resilient Overlay Network ISP3 ISP1ISP2 N1 N5N4 N3 N2 RON node / edge router Site 2 Virtual RON link RON nodes exchange measurements and choose routes. Site 1 Site 3

6 End-System Control Enables Sophisticated Applications End-to-end QoS requirements. End-to-end metrics and trust. Aggressive adaptive re-routing algorithms. Application-oriented policy interpretation. Coordinated reactions to DoS attacks.

7 Example: Reliable Routing ISP3 ISP1ISP2 N1 N5N4 N3 N2 Overload x

8 Example: Perimeter Defense (1) Analyzing DoS attacks requires cooperation. –Detect near target, control near source. –Variable routing confuses historic traffic analysis. –Asymmetric routing hides one-way flows. –Hard to guess ingress even w/ true source addr. Groups of ISPs can deploy monitoring nodes. –Use RON for reliable coordination.

9 Example: Perimeter Defense (2) ISP3 ISP1ISP2 C1 C4 C3 C2 R4R3 R2R1 1. Look for unusual traffic. 2. Exchange alerts over RON. Attacker 3. Detect and control sources.

10 RON Implementation Challenges Measurements Topology choice Adaptive Routing Security

11 Measurements Characterize alternate paths: –Do they fail independently? –How often do they perform better? –Are there multiple sensible metrics? Are measurements predictive? Time scales long enough for adaptive routing?

12 Topology Choice ISP3 ISP1ISP2 N1 N7 N6 N4 N2 N5 N3 IP routing prefers short virtual links for high reliability. Gnutella prefers long links for fast query propagation.

13 Adaptive Routing Goal: Good paths through the RON topology. Tools: –Application-provided guidance. –Small scale  aggressive algorithms. –Cooperative measurement infrastructure. –RON-level source routing obviates consistency. Example: choose best 2-hop path.

14 Security Protection of data: –End-to-end or IPSec over RON virtual links. Protection of routing and control traffic: –Sites can choose whom to trust. Protection against DoS attacks on RON: –End-to-end authentication, hash cash.

15 Project Plan 1.Measure existing Internet for validation. 2.Design topology and routing algorithms. 3.Deploy RON nodes. 4.Build initial app: real-time collaboration. 5.Generalize API (content distribution, peer to peer file sharing).

16 Summary RON moves routing control to end systems. Well suited to collaborating groups of sites. Benefits: –More robust routing than the Internet. –More control over QoS. –Platform for cooperative defenses.

Download ppt "Resilient Overlay Networks Robert Morris Frans Kaashoek and Hari Balakrishnan MIT LCS"

Similar presentations

Deployment of MPLS VPN in Large ISP Networks

Deployment of MPLS VPN in Large ISP Networks
Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.

Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan MIT and Berkeley presented by Daniel Figueiredo Chord: A Scalable Peer-to-peer.
Scalable Content-Addressable Network Lintao Liu 2001.11.19.

Scalable Content-Addressable Network Lintao Liu
NDN in Local Area Networks Junxiao Shi The University of Arizona 2014-09-04 1.

NDN in Local Area Networks Junxiao Shi The University of Arizona
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.

 Natural consequence of the way Internet is organized o Best effort service means routers don’t do much processing per packet and store no state – they.
Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan Presented.

Chord: A Scalable Peer-to-Peer Lookup Service for Internet Applications Ion Stoica, Robert Morris, David Karger, M. Frans Kaashoek, Hari Balakrishnan Presented.
Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.

Dynamic Routing Scalable Infrastructure Workshop, AfNOG2008.
Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.

Lecture 6 Overlay Networks CPE 401/601 Computer Network Systems slides are modified from Jennifer Rexford.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
High speed links, distributed services, can’t modify routers  Lack of visibility But, need for more visibility and control  Increased number and complexity.

High speed links, distributed services, can’t modify routers  Lack of visibility But, need for more visibility and control  Increased number and complexity.
1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?

1 LINK STATE PROTOCOLS (contents) Disadvantages of the distance vector protocols Link state protocols Why is a link state protocol better?
Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,

Building a Peer-to-Peer Anonymizing Network Layer Michael J. Freedman NYU Dept of Computer Science Public Design Workshop September 13,
15-441: Computer Networking Lecture 26: Networking Future.

15-441: Computer Networking Lecture 26: Networking Future.
Traffic Engineering With Traditional IP Routing Protocols

Traffic Engineering With Traditional IP Routing Protocols
1 Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications Robert Morris Ion Stoica, David Karger, M. Frans Kaashoek, Hari Balakrishnan.

1 Chord: A Scalable Peer-to-peer Lookup Service for Internet Applications Robert Morris Ion Stoica, David Karger, M. Frans Kaashoek, Hari Balakrishnan.
On Proxy Server based Multipath Connections (PSMC) PhD Proposal Yu Cai 10/2003 University of Colorado at Colorado Springs.

On Proxy Server based Multipath Connections (PSMC) PhD Proposal Yu Cai 10/2003 University of Colorado at Colorado Springs.
An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.

An Effective Placement of Detection Systems for Distributed Attack Detection in Large Scale Networks Telecommunication and Security LAB. Dept. of Industrial.
Can ISPs and P2P Users Cooperate for Improved Performance? Vinay Aggarwal, Anja Feldmann (German Telecom Laboratories) Christian Scheideler (TU, Munchen)

Can ISPs and P2P Users Cooperate for Improved Performance? Vinay Aggarwal, Anja Feldmann (German Telecom Laboratories) Christian Scheideler (TU, Munchen)
1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

Similar presentations

Ads by Google