1 / 21

PSMC Proxy Server-based Multipath Connection

PSMC Proxy Server-based Multipath Connection. CS 526 Advanced Networking - Richard White. Network Architectures Network Overlays SCOLD PSMC Issues Conclusion. On Proxy Server Based Multipath Connections Yu Cai, PhD Dissertation, UCCS, 2005. Overview. Network Architecture. Clients.

quasim
Download Presentation

PSMC Proxy Server-based Multipath Connection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. PSMCProxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White

  2. Network Architectures Network Overlays SCOLD PSMC Issues Conclusion On Proxy Server Based Multipath Connections Yu Cai, PhD Dissertation, UCCS, 2005 Overview

  3. Network Architecture • Clients • Servers • Name Servers • Routers • Links

  4. Client/Server Model 1. Client requests DNS name translaton 2. Router directs query to local proxy server 3. Proxy server redirects shortest path to host

  5. Client/Server Problems 1. Client requests DNS name translation 2. Router directs query to local proxy server 3. Proxy server redirects shortest path to host • Shortest path not always fastest! • Wasted bandwidth!

  6. Client/Server Vulnerability 1. Client requests DNS name translation 2. Router directs query to local proxy server 3. Proxy server redirects shortest path to host • Shortest path not always fastest! • Wasted bandwidth! • Distributed Denial of Service (DDoS) Attack!

  7. Layered Architecture

  8. Service Overlays • Build on existing capabilities • Don’t need to retrofit existing services • Modular compatibility for adding and removing

  9. Secure Collective Defense (SCOLD) • SCOLD Coordinator • SCOLD Proxy Servers

  10. Secure Collective Defense (SCOLD) • SCOLD Coordinator • SCOLD Proxy Servers • Defends against DDoS attacks!

  11. Secure Collective Defense (SCOLD) • SCOLD Coordinator blocks incoming attack on main gateway • Notifies trusted DNSs to use trusted proxys • Trusted proxys route requests through alternate gateways

  12. SCOLD Performance • SCOLD overhead incurs performance delays • SCOLD overhead is insignicant compared to attacks!

  13. Proxy Server-based Multipath Connection (PSMC) • Can we extend the SCOLD concept to enhance network perfromance? • Shortest path not always fastest! • Wasted bandwidth!

  14. PSMC Architecture • Sender module responsible for packet distribution among multiple paths • Some packets go through normal “direct route” • Some packets go through “indirect routes” • Receiver module reassembles packets in correct order.

  15. Proxy Server-based Multipath Connection (PSMC) • Aggregating bandwidth increases throughput • Multiple paths increase reliability, decrease vulnerability

  16. Proxy Server-based Multipath Connection (PSMC) • PSMC increases probability packets arrive out of order 6 6 5 5 4 4 3 3 2 2 1 1 3 4 6 5 2 2 1 1

  17. Proxy Server-based Multipath Connection (PSMC) • PSMC increases probability packets arrive out of order • Resulting in significantly higher retransmit requests 6 6 5 5 4 4 3 3 2 2 1 1 3 6 4 5 6 4 5 3 2 1

  18. Buffer 2 6 5 4 3 2 1 Buffer 1 Proxy Server-based Multipath Connection (PSMC) • PSMC increases probability packets arrive out of order • Resulting in significantly higher retransmit requests • Solution: Create a double receiving buffer! 6 6 5 5 4 4 3 3 2 2 1 1 3 3 4 4 6 6 5 5 2 2 1 1

  19. PSMC Performance • PSMC without double buffering was worse than standard routing! • PSMC with double buffering was significantly better than standard routing!

  20. Detecting compromised proxy servers Controlling malicious users More efficient double-buffer management Investigating quality of service capabilities Issues

  21. Increase bandwidth utilization Decrease vulnerability to attack & failure Can be used to implement quality of service proportional differentiation Conclusion

More Related