Content-oriented Networking Platform:
This presentation is the property of its rightful owner.
Sponsored Links
1 / 16

Content-oriented Networking Platform: A Focus on DDoS Countermeasure ( In incremental deployment perspective) PowerPoint PPT Presentation


  • 52 Views
  • Uploaded on
  • Presentation posted in: General

Content-oriented Networking Platform: A Focus on DDoS Countermeasure ( In incremental deployment perspective). Authors: Junho Suh, Hoon-gyu Choi, Wonjun Yoon @Seoul National University. Outline. Introduction Content-oriented Networking Architecture Communication Procedure Main components

Download Presentation

Content-oriented Networking Platform: A Focus on DDoS Countermeasure ( In incremental deployment perspective)

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Content oriented networking platform a focus on ddos countermeasure in incremental deployment perspective

Content-oriented Networking Platform:A Focus on DDoS Countermeasure(In incremental deployment perspective)

Authors:

Junho Suh, Hoon-gyu Choi, Wonjun Yoon

@Seoul National University


Outline

Outline

  • Introduction

  • Content-oriented Networking Architecture

    • Communication Procedure

    • Main components

    • Scenario

  • Summary


Change in communication paradigm

Change in Communication Paradigm

  • Move to Content-oriented Network

    • Internet traffic is already content-oriented

      • CDN, multimedia, P2P…

    • Users/applications care “what to receive”

      • They don’t care “from whom”

      • Host based communication model is outdated


Ip networking vs content networking

IP networking vs. Content networking

  • IP networking

    • Lookup-by-name

      • Indirection (from name to locator)

        • Availability concerned

      • Locators can be aggregated

        • Achieving routing scalability

  • Content-oriented networking

    • Route-by-name

      • No indirection

        • Better availability

      • Scalability issue

        • Content name is flat

      • No backward compatibility


Content networking under ip network

Content networking under IP network

  • Observations

    • Current IP networking leverages network prefixes in routing

      • Routing scalability is good

    • Content-oriented networking is not good for routing, but good for availability

      • Huge scaling burden

    • No backward compatibility in content-oriented networking

  • Content routing and IP routing should be combined

  • We propose a grassroots approach

    • Some popular contents will be cached

    • Routing info. for those contents can be propagated in local and best-effort manner


Content oriented networking platform

Content-oriented networking platform

  • Objectives

    • Exploit content networking to adopt current Internet

  • New entities

    • Content-aware Agent

      • Interact content based network and IP network

  • Achievements

    • Security, accountability, incremental deployment to the current Internet


Content request

Content Request

  • IP-less communication

  • Assumption

    • Lookup “Content Name” by web search

    • Content Name

      • URI form

      • http://youtube.com/south-afreeca-worldcup-2010.avi

  • Communication inside domain

    • Requests are relayed to CAA by L2 forwarding

    • CAA contacts DNS

    • Consumer cannot contact server directly

1: I want a particular content (e.g. HTTP URI)

internet

CAA

consumer

2: Here you are


Content distribution

Content Distribution

  • Registers its domain name in DNS

    • Agent’s IP address (of the egress link)

1: a request for your content

internet

CAA

publisher

2: here you are


Content aware agent caa

Content-Aware Agent (CAA)

  • Proxy for interacting with IP network

    • Handle content requests/response

      • FQDN to obtain IP address for publisher’s CAA

        • Authority content server’s CAA

    • Caching the requested contents

  • Gateway for heterogeneous networks

    • Protocol translate or Tunneling

    • Relay contents in inter-domain environment


General architecture

General Architecture

Content based Communication

Content Distribution

IP based Communication

DNS

Content distribution

Agent’s IP address

Gateway A

Content request

Agent

Publisher

Agent

host

Gateway B

Domain Name System

Content-Aware Agent (CAA)

Content-Aware Router (CAR)


Scenario

Scenario

  • DDoS can happen by requesting content (using HTTP URIs)

    • Many hosts across multiple ISPs

  • Agent of the publisher detects first

    • Informs the all the gateways of this event

    • To request countermeasure

  • A gateway solicits other gateway to reduce the content request rate to the publisher under attack

* DDoS might not be activated by some admission control


Implementation

Implementation

4. Make decision whether DDoS or not

CPU

RxQ

CPU

RxQ

CPU

RxQ

CPU

RxQ

MAC

TxQ

MAC

TxQ

MAC

TxQ

MAC

TxQ

3. Accounting flow

2. Monitoring Requested contents

Software

Openflowdatapath

Agent

Driver

nf2c0

nf2c1

nf2c2

nf2c3

ioctl

PCI Bus

DMA

Registers

CPU

TxQ

CPU

TxQ

CPU

TxQ

CPU

TxQ

nf2_reg_grp

NetFPGA-Openflow

1. Capture URI/URL

user data path

MAC

RxQ

MAC

RxQ

MAC

RxQ

MAC

RxQ

Ethernet


Implementation1

Implementation

  • In the header parser http_get messages are captured, and then forwarded to the nc2c0

  • Otherwise, the module bypasses normal packets


Implementation2

Implementation

  • Controller

    • Each agent solicits other agents to reduce the content request rate to the publisher under attack via controller

      • To all connected Agent

  • Agent

    • Checks and limits the rate (if # of request > threshold)


Scenario example

Scenario Example

HTTP GET

TCP flow

Control flow

controller

Attacker

Attacker

Content

Server

Agent

Regular

host


Summary

Summary

  • Grassroots approach

  • Content-oriented Networking Platform

    • Content-Aware Agent (CAA)


  • Login