360 likes | 483 Views
Efficient Over-Provisioning of Network Systems and Services: Principles and Practices. Dong Xuan Department of Computer Science and Engineering The Ohio-State University http://www.cse.ohio-state.edu/~xuan. What is Over-Provisioning?.
E N D
Efficient Over-Provisioning of Network Systems and Services: Principles and Practices Dong Xuan Department of Computer Science and Engineering The Ohio-State University http://www.cse.ohio-state.edu/~xuan The Ohio State University
What is Over-Provisioning? • Resources are allocated conservatively, depending on expected demands • Examples: replicated content, replicated servers, allocating more bandwidth, multi-path routing etc. The Ohio State University
Outline • Objective • Principles • Practices in Overlay Networks • Practices in Sensor Networks • Final Remarks The Ohio State University
Objective • Providing high performance, reliability and security to network systems and services The Ohio State University
Challenges and Opportunities • Challenges: • Traffic amount • Dynamics of traffic pattern • Malicious and non-conforming participants • Opportunities: • Resources, such as bandwidth, storage, processing power are no longer the bottlenecks that used to be so in the past The Ohio State University
Why Over-Provisioning? • Enable uninterrupted services • Reaction under extreme operating conditions are milder if not eliminated • Maintenance and corresponding dynamics are easier if done properly • System update is easier The Ohio State University
However…… • Over provisioning is not always good • Over provisioning also comes at the price of increased maintenance • Resource come at a price, they are not free • Resource availability is unbalanced The Ohio State University
What We Want to Do? • Study the principles of over provisioning • Practices in a wide spectrum of network systems and services The Ohio State University
Related Work • Bandwidth over-provisioning by ISPs (Internet Service Providers) • Data backup for fault tolerant services • Over-deployment in sensor networks The Ohio State University
Principles • A case study – bandwidth over provisioning in networks • Currently it is conducted in an ad hoc manner by ISPs • QOP: Quantitative Over Provisioning • Our work on Transaction on Networking 04 [1] and RTSS 01 [2] The Ohio State University
Further Study on Over Provisioning Principles • System resources • System nodes • Connectivity • Network Paths • Data content, energy and storage • Dynamics due to failures and attacks The Ohio State University
Practical Applications of Over-Provisioning • Overlay Networks • Sensor Networks The Ohio State University
Practices in Overlay Networks • Secure Overlay Forwarding Systems • Resilient Structured Peer to Peer Systems • QoS aware and Reliable Overlay Multicast and Anycast Services The Ohio State University
Overlay Networks The Ohio State University
Secure Overlay Forwarding Systems • It is an intermediate forwarding overlay system to defend against DDoS attacks • Layering: Each node only knows the next layer nodes • Access to target controlled by a set of filters • Target is known only to filters The Ohio State University
Design Features • The number of layers: 3 layers of hierarchy between sources and a target • Mapping degree: Number of next layer neighbors • Node density: Number of nodes per layer • Under random congestion attacks, path availabilities are high if mapping degree is high The Ohio State University
The Generalized Secure Overlay Forwarding System • We have generalized the system in ICDCS 04 [8] • Design features are flexible The Ohio State University
Combination of Congestion-based attacks and break-in based attacks Congestion attacks result in node being non-functional for the duration of the attack Successful break-in attacks result in disclosure of next layer neighbors Intelligent DDoS Attacks The Ohio State University
System Performance Observation • Over Provisioning is not always good • Care should be exercised The Ohio State University
Resilient Structured P2P Systems • Structured P2P systems • Distributed Hash Table (DHT) based • Node ID and data ID match together • CAN, CHORD, PASTRY and TAPSTRY • These systems are not resilient to malicious attacks ! • Our solutions: • Over provisioning in neighbor connectivity • RCHORD [4] and CAN-SW [3] The Ohio State University
QoS Aware Overlay Multicast and Anycast • Unicast, multicast and anycast • Network layer multicast and anycast • We have proposed an efficient fault-tolerant multicast routing protocol in TPDS 99 [5] (38) • We have proposed a routing protocol for anycast messages in TPDS 00 [6], 04 [7] (38, 39) • Overlay multicast and anycast • Multiple path over provisioning based approaches The Ohio State University
Practices in Sensor Networks • Sensor network deployment using limited mobility sensors • Defending against Physical Attacks The Ohio State University
Sensor Networks • A new paradigm of networking • A lot of applications like tracking intruders, monitoring animals, forest fires, and warehouse monitoring • Cheap, easy to deploy, but limited in energy Base station A simple sensor network MTS 310 CA sensor The Ohio State University
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 Sensor Networks Deployment using Limited Mobility Sensors • Sensor network deployment • Issues • Sensors may be damaged • Sensor may be out of energy • Manual redeployment is hard • Solutions • Over-provision sensor nodes • Exploit sensor mobility 2D-grid The Ohio State University
Limited Mobile Sensors • Mobility in sensors is an energy consuming operation • XYZ sensor platform can move up to 165 m • DARPA has already built limited mobility sensors, whose maximum movement is 100 hops • Resource of sensor nodes are redundant but their mobility is limited The Ohio State University
Our Deployment Problem • Problem definition • Given 2-D grid sensor network model, determine a movement plan for the sensors to minimize variance in number of sensors among all regions from and simultaneously minimize the required number of movements • Variance = • No. of movement hops = The Ohio State University
1 2 3 4 1 2 3 4 2 2 2 5 6 7 8 5 6 7 8 2 2 2 9 10 11 12 9 10 11 12 1 13 14 15 16 13 14 15 16 1 1 (a) (b) 2 0 4 0 2 2 4 0 0 0 0 6 0 2 4 2 6 2 2 2 1 1 2 4 2 1 2 2 2 3 2 2 An Example • Sensor Network with 16 regions and =2 • A simple, purely localized solution • Regions 14, 15 and 16 have less than 2 sensors The Ohio State University
Discussions on Our Deployment Problem • Each region has sensors, which is over-provisioned to provide reliable services • It is a non-linear optimal problem. However, when = 1, the problem is changed to a linear one [10] • The problem is harder due to over-provisioning The Ohio State University
Our Solutions • We proposed two classes of solutions • Max-flow based solutions • Translate non linear variance problem into linear weight assignment problem • Translate sensor network into a graph structure and determine minimum cost maximum weighted flow plan • It is optimal if run in a centralized manner • Can also execute in a distributed manner • Simple Peak-Pit solution • Pits request sensors from peaks. • Requests contain weights depending on sensors needed • Requests are served in descending order of weights • Performance is good under favorable deployment conditions The Ohio State University
Defending against Physical Attacks in Sensor Networks • Physical attacks: destroy sensors physically • Physical attacks are inevitable in sensor networks • Sensor network applications that operate in hostile environments • Volcanic monitoring • Battlefield applications • Small form factor of sensors • Unattended and distributed nature of deployment • Different from other types of electronic attacks • Can be fatal to sensor networks • Simple to launch • Defending physical attacks • Tampering-resistant packaging helps, but not enough • We adopt sensor node over-provisioning approach The Ohio State University
Blind Physical Attacks The Ohio State University
Search-Based Physical Attacks The Ohio State University
The Impacts of Physical Attacks Lifetime Vs. Attack arrival rate The Ohio State University
Defense Strategies • Over-provisioning sensor nodes • Deploying more sensors to compensate the damage of blind attacks [9] • Using sacrificial node to compensate the weakness of sensors in sensing capacity compared with the attacker [11] The Ohio State University
Final Remarks • The principles of Over Provisioning • QOP: Quantitative Over Provisioning on network resources • Practices of Over Provisioning in • Overlay Networks • Secure Overlay Forwarding Systems – Layers and Connectivity • Resilient Structure P2P systems –Neighbor connectivity • QoS aware Overlay multicast and anycast – Path • Sensor networks • Reliable sensor network – limited mobility sensor nodes • Resilience to Physical attacks – node and structure The Ohio State University
References • S. Wang, Dong Xuan, R. Bettati and W. Zhao, “Providing Absolute Differentiated Services for Real-Time Applications in Static-Priority Scheduling Networks”, in IEEE/ACM Transactions on Networking (ToN), Vol 12, No. 2, April 2004. • S. Wang, Dong Xuan, R. Bettati and W. Zhao, “Differentiated Services with Statistical Real-Time Guarantees in Static-Priority Scheduling Networks”, in Proc. of IEEE RTSS, 2001. • S. Wang, Dong Xuan and W. Zhao, “On Resilience of Structured Peer-to-Peer Systems”, in Proc. of IEEE GLOBECOM, Dec. 2003. • Dong Xuan, S. Chellappan and M. Krishnamoorthy, “RChord: An Enhanced Chord System Resilient to Routing Attacks”, in Proc. of IEEE ICCNMC, Oct. 2003. • W. Jia, W. Zhao, Dong Xuan, and G. Xu, “An Efficient Fault-Tolerant Multicast Routing Protocol with Core-Based Tree Techniques”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 10, No. 10, Oct. 1999. • Dong Xuan, W. Jia, W. Zhao, and H. Zhu, “A Routing Protocol for Anycast Messages”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol. 11, No. 6, June 2000. • W. Jia, Dong Xuan, W. Tu, L. Lin and W. Zhao, “Distributed Admission Control for Anycast Flows”, in IEEE Transactions on Parallel and Distributed Systems (TPDS), Vol 15, No. 8, August 2004. • Dong Xuan, S. Chellappan, X. Wang and S. Wang, ”Analyzing the Secure Overlay Services Architecture under Intelligent DDoS Attacks”, in Proc. of IEEE International Conference on Distributed Computing Systems (ICDCS), March 2004. • Xun Wang, Wenjun Gu, Sriram Chellappan, Kurt Schosek, Dong Xuan, “Lifetime Optimization of Sensor Networks under Physical Attacks ”, IEEE ICC 2005. • S. Chellappan, X. Bai, B. Ma and Dong Xuan, Mobility Limited Flip-based Sensor Network Deployment, accepted by IEEE Transactions on Parallel and Distributed Systems (TPDS), Oct. 2005. • W. Gu, X. Wang, S. Chellappan, Dong Xuan and Ten H. Lai, Defending against Search-based Physical Attacks in Sensor Networks, to appear in Proc. of IEEE MASS, Nov. 2005 The Ohio State University