1 / 30

On Proxy Server based Multipath Connections (PSMC)

On Proxy Server based Multipath Connections (PSMC). PhD Proposal Yu Cai 10/2003 University of Colorado at Colorado Springs. Presentation outline. Introduction Related work Algorithms for PSMC proxy server selection. Protocols for PSMC packets handling. PSMC applications

afric
Download Presentation

On Proxy Server based Multipath Connections (PSMC)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Proxy Server based Multipath Connections (PSMC) PhD Proposal Yu Cai 10/2003 University of Colorado at Colorado Springs

  2. Presentation outline • Introduction • Related work • Algorithms for PSMC proxy server selection. • Protocols for PSMC packets handling. • PSMC applications • Security issues of PSMC. • Conclusion

  3. Introduction • The connections between two network nodes are mostly single path connections in today’s network environment. • Multipath connections provide potentially multiple paths between network nodes, so that the traffic from a source can be spread over multiple paths and transmitted in parallel through the network. Single path connection vs. multipath connections

  4. The benefits of multipath connections • Utilize the network resources more efficiently, • Improve the effective bandwidth of network nodes, • Increase the packet delivery liability, • Provide quality-of-service guarantee, • Cope well with network congestion, link breakage and burst traffic.

  5. Related works on multipath connections • The IBM Systems Network Architecture (SNA) network in 1974. • N. F. Maxemchuk in 1975 (dispersity routing). The research was extended to virtual circuit networks and ATM network. • Categories of multipath connections based on OSI network 7 layer model 1. Physical layer: One is Multipath Interference, causes FM radio sounds staticy. 2. Data link layer: Link Aggregation, defined in IEEE 802.3ad.

  6. Related works on multipath connections 3. Network layer: been studied extensively as multipath routing. a. Wired network: Table-driven routing (link state or distance vector), Source Routing, MultiProtocol Label Switching (MPLS). b. Wireless ad hoc network Table-driven routing (link state or distance vector), Source Routing, 4. Transport layer: Linux multipath connections for multiple ISP connections

  7. Proxy Server based Multipath Connections (PSMC) • We propose to study proxy servers based multipath connections (PSMC). It is a cross-layer implementation. • The key idea of PSMC is as followings. • By using a set of connection relay proxy servers, we could set up indirect routes via the proxy servers, and transport packets over the network through the indirect routes. • By enhancing existing TCP/IP protocols, we could efficiently distribute and reassemble packets among multiple paths at two end nodes, and increase end-to-end TCP throughput. • The approach offers applications the ability to increase the network performance, efficiency, stability, availability and security.

  8. PSMC diagram

  9. Why PSMC • PSMC has advantages like other multipath connections approaches • Flexibility: PSMC can be more conveniently and adaptively deployed in various network environments. PSMC don’t require changes on physical network infrastructure, but only feasible changes on network software and protocols. PSMC also give the end users more control on setting up multipath connections. • Compatibility: PSMC utilizes existing TCP/IP protocols and network infrastructure. This ensures the compatibility with current Internet. It also ensures the performance, efficiency, reliability, and hides the complexity from end-users. • Applications: A large number of applications in various categories could benefit from utilizing PSMC. For example, secure collective defense network (SCOLD), providing additional bandwidth based on operational requirement, or providing QoS for video streaming.

  10. Three components in PSMC • The multipath sender is responsible to efficiently and adaptively distribute packets over the selected multiple paths. Some of the packets will go through the normal direct route, other packets will go through the indirect routes via the proxy servers. • The intermediate connection relay proxy servers, examine the incoming packets and forward them to the destinations through the selected path. • The multipath receiver, collects the packets arrived from multiple paths, reassemble them in order and deliver them to the user.

  11. Algorithms for PSMC • Proxy servers selection is a critical part in PSMC. Different proxy server selections result in different performance. • We have developed heuristic algorithms to choose best mirror sites for parallel download from multiple mirror sites, which can be viewed as a sub problem of PSMC.

  12. Server Location Problem • Needs to solve the following two proxy servers selection problems. 1) Server Selection Problem. Given the target server location and a set of proxy servers, choose the best proxy server(s) for a client or for a group of client, to achieve best performance, in terms of bandwidth. 2) Server Placement Problem. Given the target server location and a set of nodes, choose the best node(s) to place the proxy servers, for certain connection requirements, like maximize the network aggregated bandwidth. • Likely NP problems. Heuristic algorithms, or loosing the optimal constrains to simplify the problem

  13. Diagram of sever selection/placement problem Sever selection problem Sever placement problem

  14. Related work on algorithms • Mirror servers and web cache servers selection problem has been studied recent years. • Two types of approaches. 1) Formal approach: based on graphic theory. Common assumptions of getting network graph are: a) network topology pre-known, b) path cost pre-known, c) single and static connection. Algorithms including: a) random algorithm, b) greedy algorithm, c) tree-based algorithm, d) k-min algorithm. 2) Practical approach: no assumption, for real world. a) IDMap, b) Client clustering.

  15. Why PSMC algorithms? • Even though there are various sever selection algorithms and approaches, the ad hoc selection is still the main approaches used in practice. • Existing server selection algorithms only study the cases for mirror servers and cache servers. But the proxy servers in PSMC have several uniqueness, this will result in different optimal constrains and optimal goals. • Further study on algorithms needs to be done.

  16. PSMC Protocols: packets handling • Protocols need to be designed to distribute, reassemble and transmit packets. • Packets distribution and reassembling: add a thin layer between TCP/UDP and IP. Linux kernel enhancement. Linux Virtual Server packet handling. ATCP packet handling. • Why adding a thin layer? a) Utilize existing TCP/IP protocols, particularly the packets re-sequencing and re-sending mechanism. b) Hide the complexity of multipath connections from upper layer users c) Maintain the high end-to-end TCP throughput.

  17. PSMC Protocols: packet transmission • Packets transmission: after investigate various approaches, like SOCKS proxy server, Zebedee, we proposed to use IP Tunnel or IPSec to enable indirect routes via proxy servers. • IP Tunneling is well developed and widely available. It is a layer 2 protocol, transparent to higher layer. IP Tunneling performance is acceptable. • Tunneling protocols enhancement for PSMC. Like tunnel handshake, host authentication, security mechanism. VPN tunneling protocols.

  18. Special issues on PSMC Protocols • Two special issues for PSMC protocols • Fail-over, packets resend and packet re-sequencing mechanism when packets are lost or connections are broken. • Sticky-connection mechanism when packets need to be sent through a particular route, like http keep alive. • Inside cooperate environment, alternate solutions for setting up multipath connections include: • Modify the routing table in the router • MPLS • Source routing

  19. PSMC prototypes and applications • Secure Collective Defense (SCOLD) network. SCOLD tolerates the DDoS attacks through indirect routes via proxy servers, and improves network performance by spreading packets through multiple indirect routes. SCOLD incorporates various cyber security techniques, like secure DNS update, Autonomous Anti-DDoS network, IDIP protocols. • We have finished the prototype of SCOLD system. We plan to enhance SCOLD for better scalability, reliability, performance and security.

  20. Intrusion defense mechanism • Intrusion Prevention • General Security Policy • Ingress/Egress Filtering • Intrusion Detection • Honey pot • Host-based IDS Tripwire • Anomaly Detection • Misuse Detection • Intrusion Response • Identification/Trace back/Pushback • Intrusion Tolerance: SCOLD

  21. SCOLD: victim under DDoS attacks A.com B.com C.com ... ... ... a a a a b b b b c c c c C B DNS2 DNS3 DNS1 A DDoS Attack Traffic Client Traffic R R3 R2 R1 DNS Back door: Alternate Gateways target.com Victim Main gateway R under attacks, we want to inform Clients to go through the “back door” - alternate gateways R1- R3. We needs to hide IPs of R1-R3, otherwise they are subject to potential attacks too. how to inform Clients? how to hide IPs of R1-R3?

  22. SCOLD: raise alarm (1) and inform clients (2) Proxy1 A.com B.com C.com ... ... ... a a a a b b b b c c c c C B DNS2 DNS3 DNS1 A 2: inform clients R RerouteCoordinator 1: raise alarm DNS R3 R2 R1 Victim target.com 1. IDS on gateway R detects intrusion, raise alarm to Reroute Coordinator. 2. Coordinator informs clients for new route: a) inform clients’ DNS; b) inform clients’ network proxy server; c) inform clients directly; d) inform the proxy servers and ask the proxy server do (a – c).

  23. SCOLD: set up new indirect route (3) Proxy2 Proxy1 Proxy3 A.com B.com C.com ... ... ... a a a a b b b b c c c c C B DNS2 DNS3 DNS1 A 3: new route R RerouteCoordinator R3 R2 R1 DNS Victim target.com 3. Clients set up new indirect route to target via proxy servers. Proxy servers: equipped with IDS to defend attacks; hide alternate gateway and reroute coordinator; provide potential multiple paths.

  24. SCOLD Testbed

  25. Performance of SCOLD Table 1: Ping Response Time (on 3 hop route) Table 2: SCOLD FTP/HTTP download Test (from client to target)

  26. Other PSMC applications • Other PSMC applications includes: • PSMC in wireless ad hoc network: good test for PSMC’s ability to adapt to dynamic environment, packets resending and re-sequencing. • Indirect route upon operational requests: provides additional bandwidth and backup route based on operational requirements. • Providing QoS for video streaming: send different portion of stream through different paths. • Parallel download from multiple mirror sites: sever selection algorithm implementation.

  27. PSMC applications evaluation • We will evaluate the overhead of multipath connections, including tunneling overhead, handshake overhead, packets distribution/reassembling overhead. • We will evaluate the performance of multipath connections in terms of response time, throughput and bandwidth. • We will also compare PSMC with other multipath connections approaches, like source routing, or Linux multipath connections. • We will conduct extensive simulation study on PSMC applications in virtual network, real network, small scale network and large scale network.

  28. Security issues related to PSMC • Potential security issues raised by misusing of PSMC: how to control aggressive clients? • Potential attacks against PSMC: Tunneling to death? (similar to ping to death). • Detect comprised nodes in PSMC network (through dynamic IP ?). • Study the collective defend mechanism to tie different organizations with better cooperation and collaboration.

  29. Contributions: • Systematically study the proxy server based multipath connections (PSMC), including • Algorithms for server selections, • Protocols for packet handling, • Applications and prototypes • Security issues.

  30. Conclusion • PSMC offers applications the ability to increase the network performance, efficiency, stability, availability and security. • In addition, PSMC offers more flexibility, compatibility and usability than other type of multipath connections. • Study on PSMC could have boarder impact on today’s Internet topology and security.

More Related