Minimizing Collateral Damage by Proactive Surge Protection
|
|
- Dortha Moore
- 5 years ago
- Views:
Transcription
1 Minimizing Collateral Damage by Proactive Surge Protection Jerry Chou, Bill Lin University of California, San Diego Subhabrata Sen, Oliver Spatscheck AT&T Labs-Research ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007
2 Problem Large-scale bandwidth-based DDoS attacks can quickly knock out substantial parts of the network before reactive defenses can respond All traffic that share common route links will suffer collateral damage even if OD pair is not under direct attack ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 2
3 Problem Potential for large-scale bandwidth-based DDoS attacks exist e.g. large botnets with more than 100,000 bots exist today that, when combined with the prevalence of high-speed Internet access, can give attackers multiple tens of Gb/s of attack capacity Moreover, core networks are oversubscribed (e.g. some core routers in Abilene have more than 30 Gb/s incoming traffic from access networks, but only 20 Gb/s of outgoing capacity to the core ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 3
4 Problem Router-based defenses like Random Early Drop (RED, RED-PD, etc) can prevent congestion by dropping packets early before congestion But may drop normal traffic indiscriminately, causing responsive TCP flows to severely degrade Approximate fair dropping schemes aim to provide fair sharing between flows But attackers can launch many seemingly legitimate TCP connections with spoofed IP addresses and port numbers Both aggregate-based and flow-based router defense mechanisms can be defeated ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 4
5 Problem Router-based defenses like Random Early Drop (RED, RED-PD, etc) can prevent congestion by dropping packets early before congestion But may drop normal traffic indiscriminately, causing responsive TCP flows to severely degrade In general, defenses based on unauthenticated header information Approximate such fair dropping schemes aim to provide fair as sharing IP addresses between and flows port numbers may not be reliable But attackers can launch many seemingly legitimate TCP connections with spoofed IP addresses and port numbers Both aggregate-based and flow-based router defense mechanisms can be defeated ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 5
6 Example Scenario Seattle/NY: 3 Gb/s Seattle New York Sunnyvale Kansas City Indianapolis Sunnyvale/NY: 3 Gb/s Houston Atlanta Suppose under normal condition Traffic between Seattle/NY + Sunnyvale/NY under 10 Gb/s ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 6
7 Example Scenario Seattle/NY: 3 Gb/s Seattle New York Sunnyvale Kansas City Indianapolis Sunnyvale/NY: 3 Gb/s Houston Atlanta Houston/Atlanta: Attack 10 Gb/s Suppose sudden attack between Houston/Atlanta Congested links suffer high rate of packet loss Serious collateral damage on crossfire OD pairs ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 7
8 Impact on Collateral Damage OD pairs are classified into 3 types with respect to the attack traffic Even a small percentage of attack flows can affect substantial parts of the network ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 8
9 Our Solution Provide bandwidth isolation between OD pairs, independent of IP spoofing or number of TCP/UDP connections We call this method Proactive Surge Protection (PSP) as it aims to proactively limit the damage that can be caused by sudden demand surges, e.g. sudden bandwidth-based DDoS attacks ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 9
10 Basic Idea: Bandwidth Isolation Seattle/NY: Limit: 3.5 Gb/s Actual: 3 Gb/s All admitted as High Traffic received in NY: Seattle: 3 Gb/s Sunnyvale: 3 Gb/s Seattle New York Sunnyvale Kansas City Indianapolis Sunnyvale/NY: Limit: 3.5 Gb/s Actual: 3 Gb/s All admitted as High Houston Atlanta Houston/Atlanta: Limit: 3 Gb/s Actual: 10 Gb/s High: 3 Gb/s Low: 7 Gb/s Reserve bandwidth for expected OD pair demand Meter and tag packets on ingress as HIGH or LOW Drop LOW packets under congestion inside network ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 10
11 Basic Idea: Bandwidth Isolation Seattle/NY: Limit: 3.5 Gb/s Actual: 3 Gb/s All admitted as High Traffic received in NY: Seattle: 3 Gb/s Sunnyvale: 3 Gb/s Unlike conventional admission control, Seattle New York Unlike conventional admission control, Kansas packets are permitted into City the network even when Sunnyvale reserved bandwidth has Indianapolis been exceeded when reserved bandwidth has been exceeded Sunnyvale/NY: Limit: 3.5 Gb/s Actual: 3 Gb/s All admitted as High Houston Atlanta Houston/Atlanta: Limit: 3 Gb/s Actual: 10 Gb/s modern routers High: 3 Gb/s Low: 7 Gb/s Proposed mechanism readily available in Reserve bandwidth for expected OD pair demand Meter and tag packets on ingress as HIGH or LOW Drop LOW packets under congestion inside network ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 11
12 Architecture Forecaster Forecaster Forecast Matrix Bandwidth Bandwidth Allocator Allocator forwarded packets Bandwidth Allocation Matrix Deployed at Network Routers Preferential Preferential Dropping Dropping tagged packets Differential Differential Tagging Tagging Policy Plane Data Plane arriving packets dropped packets Deployed at Network Perimeter High priority Low priority ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 12
13 Forecasting and Allocation We use historical network measurements as a forecast of expected normal traffic e.g. average weekday traffic demand at 3pm EDT over past 2 months More sophisticated forecasting methods (e.g. Bayesian schemes) possible, but already good results with simple forecasting To account for forecasting inaccuracies and to provide headroom for traffic burstiness, proportionally scale forecast matrix to fully allocate available network capacity ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 13
14 Proportional Scaling Iteratively scale bandwidth allocation in water-filling manner A B C A B C BW Forecast Matrix AB A B C st round BC CB Links 1 1 BA Bandwidth Allocation A B C BW AB A B C nd round BC CB Links 4 BA ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 14
15 Networks Abilene US public academic network 11 nodes, 14 links (b/s) Traffic data: 10/01/06-12/06/06 US Backbone US Private ISP tier1 backbone network 700 nodes, 2000 links (1.5Mb/s b/s) Traffic data: 09/01/06-11/17/06 Europe Backbone Europe private ISP tier1 backbone network 900 nodes, 3000 links (1.5Mb/s b/s) Traffic data: 11/18/06-12/18/06 ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 15
16 DDoS Attack Data Abilene Bottleneck links Denver, Kansas City, Indianapolis Chicago (5G each) US Backbone Commercial anomaly detection alarm Pick the alarm with most flows, and scale their demand by 1000x Europe Backbone Seattle Synthetic attack flow generator Chicago New York Sunnyvale Denver Los Angeles Indianapolis Kansas City Washington Houston Atlanta Randomly generate attack flows among 0.1% OD pairs. ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 16
17 Packet Drop Rate Comparison Abilene ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 17
18 Packet Drop Rate Comparison US ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 18
19 Packet Drop Rate Comparison Europe ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 19
20 Behavior Under Scaled Attacks Packet drop rate under attack demand scaled by factor 0 to 3x Abilene PSP provides greater improvement as attack scale increases ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 20
21 Behavior Under Scaled Attacks Packet drop rate under attack demand scaled by factor 0 to 3x US PSP provides greater improvement as attack scale increases ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 21
22 Behavior Under Scaled Attacks Packet drop rate under attack demand scaled by factor 0 to 3x Europe PSP provides greater improvement as attack scale increases ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 22
23 Summary of Contributions Proposed proactive solution provides network operators with first line of defense when sudden DDoS attacks occur Solution not dependent on unauthenticated header information, thus robust to IP and TCP sproofing Minimize collateral damage by providing bandwidth isolation between traffic Solution readily deployable using existing router mechanism Simulation results show up to 95.5% of network could suffer collateral damage Solution reduced collateral damage by % ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007 Slide 23
24 Questions? ACM SIGCOMM LSAD Workshop, Kyoto, Japan, August 27, 2007
Provision of Quality of Service with Router Support
Provision of Quality of Service with Router Support Hongli Luo Department of Computer and Electrical Engineering Technology and Information System and Technology Indiana University Purdue University Fort
More informationLecture 24: Scheduling and QoS
Lecture 24: Scheduling and QoS CSE 123: Computer Networks Alex C. Snoeren HW 4 due Wednesday Lecture 24 Overview Scheduling (Weighted) Fair Queuing Quality of Service basics Integrated Services Differentiated
More informationModeling Internet Application Traffic for Network Planning and Provisioning. Takafumi Chujo Fujistu Laboratories of America, Inc.
Modeling Internet Application Traffic for Network Planning and Provisioning Takafumi Chujo Fujistu Laboratories of America, Inc. Traffic mix on converged IP networks IP TRAFFIC MIX - P2P SCENARIO IP TRAFFIC
More informationAn Analysis of ISP Backbone Availability
An Analysis of ISP Backbone Availability Katsushi Kobayashi ikob@ni.aist.go.jp All results in this talk are based only with the IS-IS messages provided by Internet2 observatory. Therefore, the results
More informationCombining Speak-up with DefCOM for Improved DDoS Defense
Combining Speak-up with DefCOM for Improved DDoS Defense Mohit Mehta, Kanika Thapar, George Oikonomou Computer and Information Sciences University of Delaware Newark, DE 19716, USA Jelena Mirkovic Information
More informationCongestion Control In the Network
Congestion Control In the Network Brighten Godfrey cs598pbg September 9 2010 Slides courtesy Ion Stoica with adaptation by Brighten Today Fair queueing XCP Announcements Problem: no isolation between flows
More informationCongestion Control for High Bandwidth-delay Product Networks. Dina Katabi, Mark Handley, Charlie Rohrs
Congestion Control for High Bandwidth-delay Product Networks Dina Katabi, Mark Handley, Charlie Rohrs Outline Introduction What s wrong with TCP? Idea of Efficiency vs. Fairness XCP, what is it? Is it
More informationCS 268: Lecture 7 (Beyond TCP Congestion Control)
Outline CS 68: Lecture 7 (Beyond TCP Congestion Control) TCP-Friendly Rate Control (TFRC) explicit Control Protocol Ion Stoica Computer Science Division Department of Electrical Engineering and Computer
More informationRouter s Queue Management
Router s Queue Management Manages sharing of (i) buffer space (ii) bandwidth Q1: Which packet to drop when queue is full? Q2: Which packet to send next? FIFO + Drop Tail Keep a single queue Answer to Q1:
More informationCall Admission Control in IP networks with QoS support
Call Admission Control in IP networks with QoS support Susana Sargento, Rui Valadas and Edward Knightly Instituto de Telecomunicações, Universidade de Aveiro, P-3810 Aveiro, Portugal ECE Department, Rice
More informationDiagnosing Path Inflation of Mobile Client Traffic
Diagnosing Path Inflation of Mobile Client Traffic Kyriakos Zarifis, Tobias Flach, Srikanth Nori, David Choffnes, Ramesh Govindan, Ethan Katz- Bassett, Z. Morley Mao, Matt Welsh University of Southern
More informationAdvanced Computer Networks
Advanced Computer Networks QoS in IP networks Prof. Andrzej Duda duda@imag.fr Contents QoS principles Traffic shaping leaky bucket token bucket Scheduling FIFO Fair queueing RED IntServ DiffServ http://duda.imag.fr
More informationCS644 Advanced Networks
What we know so far CS644 Advanced Networks Lecture 6 Beyond TCP Congestion Control Andreas Terzis TCP Congestion control based on AIMD window adjustment [Jac88] Saved Internet from congestion collapse
More informationUnit 2 Packet Switching Networks - II
Unit 2 Packet Switching Networks - II Dijkstra Algorithm: Finding shortest path Algorithm for finding shortest paths N: set of nodes for which shortest path already found Initialization: (Start with source
More informationSummary Report. Prepared for: Refresh Date: 28 Oct :02
Prepared for: Selected Test: Test Type: Test Steps: 8 Dynatrace Mobile Demo Refresh Date: 28 Oct 2016 15:02 Time Period: Summary 259 Key Indicators Response Time (sec) Yesterday (27 Oct 2016 00:00 to 28
More informationQoS Services with Dynamic Packet State
QoS Services with Dynamic Packet State Ion Stoica Carnegie Mellon University (joint work with Hui Zhang and Scott Shenker) Today s Internet Service: best-effort datagram delivery Architecture: stateless
More informationRouting Bottlenecks in the Internet: Causes, Exploits, and Countermeasures. ECE Department and CyLab, Carnegie Mellon University
Routing Bottlenecks in the Internet: Causes, Exploits, and Countermeasures Min Suk Kang Virgil D. Gligor ECE Department and CyLab, Carnegie Mellon University Nov 4, 2014 2 Route Diversity is Critical to
More informationThe Network Layer and Routers
The Network Layer and Routers Daniel Zappala CS 460 Computer Networking Brigham Young University 2/18 Network Layer deliver packets from sending host to receiving host must be on every host, router in
More informationCSE 123b Communications Software
CSE 123b Communications Software Spring 2002 Lecture 10: Quality of Service Stefan Savage Today s class: Quality of Service What s wrong with Best Effort service? What kinds of service do applications
More informationGeneric Architecture. EECS 122: Introduction to Computer Networks Switch and Router Architectures. Shared Memory (1 st Generation) Today s Lecture
Generic Architecture EECS : Introduction to Computer Networks Switch and Router Architectures Computer Science Division Department of Electrical Engineering and Computer Sciences University of California,
More informationH3C S9500 QoS Technology White Paper
H3C Key words: QoS, quality of service Abstract: The Ethernet technology is widely applied currently. At present, Ethernet is the leading technology in various independent local area networks (LANs), and
More informationCS268: Beyond TCP Congestion Control
TCP Problems CS68: Beyond TCP Congestion Control Ion Stoica February 9, 004 When TCP congestion control was originally designed in 1988: - Key applications: FTP, E-mail - Maximum link bandwidth: 10Mb/s
More informationAdvanced Attack Response and Mitigation
Advanced Attack Response and Mitigation Agenda Overview of cloud DDoS detection and mitigation which features geographically diverse scrubbing and high velocity auto-mitigation capabilities. - Overview
More informationModular Quality of Service Overview on Cisco IOS XR Software
Modular Quality of Service Overview on Cisco IOS XR Software Quality of Service (QoS) is the technique of prioritizing traffic flows and providing preferential forwarding for higher-priority packets. The
More informationEECS 122: Introduction to Computer Networks Switch and Router Architectures. Today s Lecture
EECS : Introduction to Computer Networks Switch and Router Architectures Computer Science Division Department of Electrical Engineering and Computer Sciences University of California, Berkeley Berkeley,
More informationCongestion Control for High Bandwidth-delay Product Networks
Congestion Control for High Bandwidth-delay Product Networks Dina Katabi, Mark Handley, Charlie Rohrs Presented by Chi-Yao Hong Adapted from slides by Dina Katabi CS598pbg Sep. 10, 2009 Trends in the Future
More informationQuality of Service (QoS)
Quality of Service (QoS) EE 122: Intro to Communication Networks Fall 2007 (WF 4-5:30 in Cory 277) Vern Paxson TAs: Lisa Fowler, Daniel Killebrew & Jorge Ortiz http://inst.eecs.berkeley.edu/~ee122/ Materials
More informationAnnouncements. Quality of Service (QoS) Goals of Today s Lecture. Scheduling. Link Scheduling: FIFO. Link Scheduling: Strict Priority
Announcements Quality of Service (QoS) Next week I will give the same lecture on both Wednesday (usual ) and next Monday Same and room Reminder, no lecture next Friday due to holiday EE : Intro to Communication
More informationXCP: explicit Control Protocol
XCP: explicit Control Protocol Dina Katabi MIT Lab for Computer Science dk@mit.edu www.ana.lcs.mit.edu/dina Sharing the Internet Infrastructure Is fundamental Much research in Congestion Control, QoS,
More informationLecture Outline. Bag of Tricks
Lecture Outline TELE302 Network Design Lecture 3 - Quality of Service Design 1 Jeremiah Deng Information Science / Telecommunications Programme University of Otago July 15, 2013 2 Jeremiah Deng (Information
More informationYour projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /30 * 100
You should worry if you are below this point Your projected and optimistically projected grades should be in the grade center soon o Projected: Your current weighted score /0 * 100 o Optimistic: (Your
More informationANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS
ANALYSIS AND EVALUATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS IDENTIFICATION METHODS Saulius Grusnys, Ingrida Lagzdinyte Kaunas University of Technology, Department of Computer Networks, Studentu 50,
More informationProblems with IntServ. EECS 122: Introduction to Computer Networks Differentiated Services (DiffServ) DiffServ (cont d)
Problems with IntServ EECS 122: Introduction to Computer Networks Differentiated Services (DiffServ) Computer Science Division Department of Electrical Engineering and Computer Sciences University of California,
More informationNetwork Support for Multimedia
Network Support for Multimedia Daniel Zappala CS 460 Computer Networking Brigham Young University Network Support for Multimedia 2/33 make the best of best effort use application-level techniques use CDNs
More informationRECHOKe: A Scheme for Detection, Control and Punishment of Malicious Flows in IP Networks
> REPLACE THIS LINE WITH YOUR PAPER IDENTIFICATION NUMBER (DOUBLE-CLICK HERE TO EDIT) < : A Scheme for Detection, Control and Punishment of Malicious Flows in IP Networks Visvasuresh Victor Govindaswamy,
More informationRouters: Forwarding EECS 122: Lecture 13
Routers: Forwarding EECS 122: Lecture 13 epartment of Electrical Engineering and Computer Sciences University of California Berkeley Router Architecture Overview Two key router functions: run routing algorithms/protocol
More informationConfiguring QoS. Finding Feature Information. Prerequisites for QoS. General QoS Guidelines
Finding Feature Information, on page 1 Prerequisites for QoS, on page 1 Restrictions for QoS, on page 2 Information About QoS, on page 2 How to Configure QoS, on page 10 Monitoring Standard QoS, on page
More information15-744: Computer Networking. Overview. Queuing Disciplines. TCP & Routers. L-6 TCP & Routers
TCP & Routers 15-744: Computer Networking RED XCP Assigned reading [FJ93] Random Early Detection Gateways for Congestion Avoidance [KHR02] Congestion Control for High Bandwidth-Delay Product Networks L-6
More informationDistributed Denial of Service (DDoS)
Distributed Denial of Service (DDoS) Defending against Flooding-Based DDoS Attacks: A Tutorial Rocky K. C. Chang Presented by Adwait Belsare (adwait@wpi.edu) Suvesh Pratapa (suveshp@wpi.edu) Modified by
More informationLecture 14: Performance Architecture
Lecture 14: Performance Architecture Prof. Shervin Shirmohammadi SITE, University of Ottawa Prof. Shervin Shirmohammadi CEG 4185 14-1 Background Performance: levels for capacity, delay, and RMA. Performance
More informationAn Efficient and Practical Defense Method Against DDoS Attack at the Source-End
An Efficient and Practical Defense Method Against DDoS Attack at the Source-End Yanxiang He Wei Chen Bin Xiao Wenling Peng Computer School, The State Key Lab of Software Engineering Wuhan University, Wuhan
More informationA Survey on Quality of Service and Congestion Control
A Survey on Quality of Service and Congestion Control Ashima Amity University Noida, U.P, India batra_ashima@yahoo.co.in Sanjeev Thakur Amity University Noida, U.P, India sthakur.ascs@amity.edu Abhishek
More informationEffect of RED and different packet sizes on Multimedia performance over wireless networks
Effect of RED and different packet sizes on Multimedia performance over wireless networks T. Vu TU Ilmenau, Germany Abstract. We consider the adaptation of random early detection (RED) as an active queue
More informationCommunities of Interest for Internet Traffic Prioritization
Communities of Interest for Internet Traffic Prioritization Andrew J. Kalafut Indiana University Bloomington, IN 47401 Email: akalafut@cs.indiana.edu Jacobus van der Merwe AT&T Labs Research Florham Park,
More informationMitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats
Solution Brief Mitigating Outgoing Spam, DoS/DDoS Attacks and Other Security Threats 2006 Allot Communications Ltd. Allot Communications, NetEnforcer and the Allot logo are registered trademarks of Allot
More informationSections Describing Standard Software Features
30 CHAPTER This chapter describes how to configure quality of service (QoS) by using automatic-qos (auto-qos) commands or by using standard QoS commands. With QoS, you can give preferential treatment to
More informationPeer to Peer Infrastructure : QoS enabled traffic prioritization. Mary Barnes Bill McCormick
Peer to Peer Infrastructure : QoS enabled traffic prioritization Mary Barnes (mary.barnes@nortel.com) Bill McCormick (billmcc@nortel.com) p2pi - QoS 1/24/09 1 Overview!! Discuss the mechanisms and implications
More informationRouters: Forwarding EECS 122: Lecture 13
Input Port Functions Routers: Forwarding EECS 22: Lecture 3 epartment of Electrical Engineering and Computer Sciences University of California Berkeley Physical layer: bit-level reception ata link layer:
More informationCHOKe - A simple approach for providing Quality of Service through stateless approximation of fair queueing. Technical Report No.
CHOKe - A simple approach for providing Quality of Service through stateless approximation of fair queueing Rong Pan Balaji Prabhakar Technical Report No.: CSL-TR-99-779 March 1999 CHOKe - A simple approach
More informationCS 268: Computer Networking
CS 268: Computer Networking L-6 Router Congestion Control TCP & Routers RED XCP Assigned reading [FJ93] Random Early Detection Gateways for Congestion Avoidance [KHR02] Congestion Control for High Bandwidth-Delay
More informationConfiguring QoS. Understanding QoS CHAPTER
29 CHAPTER This chapter describes how to configure quality of service (QoS) by using automatic QoS (auto-qos) commands or by using standard QoS commands on the Catalyst 3750 switch. With QoS, you can provide
More informationToward a Reliable Data Transport Architecture for Optical Burst-Switched Networks
Toward a Reliable Data Transport Architecture for Optical Burst-Switched Networks Dr. Vinod Vokkarane Assistant Professor, Computer and Information Science Co-Director, Advanced Computer Networks Lab University
More informationOptical Technologies in Terabit Networks. Dr. John Ryan Principal & Chief Analyst RHK
Optical Technologies in Terabit Networks Dr. John Ryan Principal & Chief Analyst RHK Optical Internetworking Forum, Atlanta, June 5th, 2000 IP Traffic Is Exploding... RHK's Internet Traffic Forecast 18,000,000
More informationReal-Time Protocol (RTP)
Real-Time Protocol (RTP) Provides standard packet format for real-time application Typically runs over UDP Specifies header fields below Payload Type: 7 bits, providing 128 possible different types of
More informationConfiguring QoS CHAPTER
CHAPTER 36 This chapter describes how to configure quality of service (QoS) by using automatic QoS (auto-qos) commands or by using standard QoS commands on the Catalyst 3750 switch. With QoS, you can provide
More informationResource Guide Implementing QoS for WX/WXC Application Acceleration Platforms
Resource Guide Implementing QoS for WX/WXC Application Acceleration Platforms Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, CA 94089 USA 408 745 2000 or 888 JUNIPER www.juniper.net Table
More informationAlcatelLucent.Selftestengine.4A0-107.v by.Ele.56q. Exam Code: 4A Exam Name: Alcatel-Lucent Quality of Service
AlcatelLucent.Selftestengine.4A0-107.v2013-12-14.by.Ele.56q Number: 4a0-107 Passing Score: 800 Time Limit: 120 min File Version: 16.5 http://www.gratisexam.com/ Exam Code: 4A0-107 Exam Name: Alcatel-Lucent
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 8 Denial of Service First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Denial of Service denial of service (DoS) an action
More informationCSCD 433/533 Advanced Networks Spring Lecture 22 Quality of Service
CSCD 433/533 Advanced Networks Spring 2016 Lecture 22 Quality of Service 1 Topics Quality of Service (QOS) Defined Properties Integrated Service Differentiated Service 2 Introduction Problem Overview Have
More informationResearch Letter A Simple Mechanism for Throttling High-Bandwidth Flows
Hindawi Publishing Corporation Research Letters in Communications Volume 28, Article ID 74878, 5 pages doi:11155/28/74878 Research Letter A Simple Mechanism for Throttling High-Bandwidth Flows Chia-Wei
More informationCongestion Control and Resource Allocation
Problem: allocating resources Congestion control Quality of service Congestion Control and Resource Allocation Hongwei Zhang http://www.cs.wayne.edu/~hzhang The hand that hath made you fair hath made you
More informationNetwork Configuration Example
Network Configuration Example Configuring CoS Hierarchical Port Scheduling Release NCE 71 Modified: 2016-12-16 Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, California 94089 USA 408-745-2000 www.juniper.net
More informationIndustry Perspectives on Optical Networking. Joe Berthold 28 September 2004
Industry Perspectives on Optical Networking Joe Berthold 28 September 2004 CIENA LightWorks Architecture Vision Benefits for Network Operators Reduce OpEx by Process Automation Reduce CapEx by Functional
More informationRED behavior with different packet sizes
RED behavior with different packet sizes Stefaan De Cnodder, Omar Elloumi *, Kenny Pauwels Traffic and Routing Technologies project Alcatel Corporate Research Center, Francis Wellesplein, 1-18 Antwerp,
More informationCloud Control with Distributed Rate Limiting. Raghaven et all Presented by: Brian Card CS Fall Kinicki
Cloud Control with Distributed Rate Limiting Raghaven et all Presented by: Brian Card CS 577 - Fall 2014 - Kinicki 1 Outline Motivation Distributed Rate Limiting Global Token Bucket Global Random Drop
More informationCS244a: An Introduction to Computer Networks
Grade: MC: 7: 8: 9: 10: 11: 12: 13: 14: Total: CS244a: An Introduction to Computer Networks Final Exam: Wednesday You are allowed 2 hours to complete this exam. (i) This exam is closed book and closed
More informationImproving QOS in IP Networks. Principles for QOS Guarantees
Improving QOS in IP Networks Thus far: making the best of best effort Future: next generation Internet with QoS guarantees RSVP: signaling for resource reservations Differentiated Services: differential
More informationCSCI-1680 Transport Layer III Congestion Control Strikes Back Rodrigo Fonseca
CSCI-1680 Transport Layer III Congestion Control Strikes Back Rodrigo Fonseca Based partly on lecture notes by David Mazières, Phil Levis, John Jannotti, Ion Stoica Last Time Flow Control Congestion Control
More informationLecture 13. Quality of Service II CM0256
Lecture 13 Quality of Service II CM0256 Types of QoS Best Effort Services Integrated Services -- resource reservation network resources are assigned according to the application QoS request and subject
More informationSections Describing Standard Software Features
27 CHAPTER This chapter describes how to configure quality of service (QoS) by using automatic-qos (auto-qos) commands or by using standard QoS commands. With QoS, you can give preferential treatment to
More informationCongestion Control in Communication Networks
Congestion Control in Communication Networks Introduction Congestion occurs when number of packets transmitted approaches network capacity Objective of congestion control: keep number of packets below
More informationSENSS: Software-defined Security Service
SENSS: Software-defined Security Service Minlan Yu University of Southern California Joint work with Abdulla Alwabel, Ying Zhang, Jelena Mirkovic 1 Growing DDoS Attacks Average monthly size of DDoS attacks
More informationConfiguring QoS CHAPTER
CHAPTER 34 This chapter describes how to use different methods to configure quality of service (QoS) on the Catalyst 3750 Metro switch. With QoS, you can provide preferential treatment to certain types
More informationDESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN
------------------- CHAPTER 4 DESIGN AND DEVELOPMENT OF MAC LAYER BASED DEFENSE ARCHITECTURE FOR ROQ ATTACKS IN WLAN In this chapter, MAC layer based defense architecture for RoQ attacks in Wireless LAN
More informationA Preferred Service Architecture for Payload Data Flows. Ray Gilstrap, Thom Stone, Ken Freeman
A Preferred Service Architecture for Payload Data Flows Ray Gilstrap, Thom Stone, Ken Freeman NASA Research and Engineering Network NASA Advanced Supercomputing Division NASA Ames Research Center Outline
More informationCase Studies in Intra-Domain Routing Instability
Case Studies in Intra-Domain Routing Instability Zhang Shu National Institute of Information and Communications Technology, Japan NANOG31 San Francisco, 2004/5/25 Overview Intra-domain routing instability
More informationCoarse optical circuit switching by default, rerouting over circuits for adaptation
Vol. 8, No. 1 / January 29 / JOURNAL OF OPTICAL NETWORKING 33 Coarse optical circuit switching by default, rerouting over circuits for adaptation Jerry Chou* and Bill Lin University of California San Diego,
More informationDDOS Attack Prevention Technique in Cloud
DDOS Attack Prevention Technique in Cloud Priyanka Dembla, Chander Diwaker CSE Department, U.I.E.T Kurukshetra University Kurukshetra, Haryana, India Email: priyankadembla05@gmail.com Abstract Cloud computing
More informationEpisode 5. Scheduling and Traffic Management
Episode 5. Scheduling and Traffic Management Part 3 Baochun Li Department of Electrical and Computer Engineering University of Toronto Outline What is scheduling? Why do we need it? Requirements of a scheduling
More informationA Better-Than-Best Effort Forwarding Service For UDP
University of North Carolina at Chapel Hill A Better-Than-Best Effort Forwarding Service For UDP Lightweight Active Queue Management for Multimedia Networking Kevin Jeffay Mark Parris Don Smith http://www.cs.unc.edu/reseach/dirt
More informationTraffic Engineering with Forward Fault Correction
Traffic Engineering with Forward Fault Correction Harry Liu Microsoft Research 06/02/2016 Joint work with Ratul Mahajan, Srikanth Kandula, Ming Zhang and David Gelernter 1 Cloud services require large
More informationPerformance Evaluation of Controlling High Bandwidth Flows by RED-PD
Performance Evaluation of Controlling High Bandwidth Flows by RED-PD Osama Ahmed Bashir Md Asri Ngadi Universiti Teknology Malaysia (UTM) Yahia Abdalla Mohamed Mohamed Awad ABSTRACT This paper proposed
More informationContents. QoS overview 1
Contents QoS overview 1 QoS service models 1 Best-effort service model 1 IntServ model 1 DiffServ model 1 QoS techniques overview 1 Deploying QoS in a network 2 QoS processing flow in a device 2 Configuring
More informationDENIAL OF SERVICE ATTACKS
DENIAL OF SERVICE ATTACKS Ezell Frazier EIS 4316 November 6, 2016 Contents 7.1 Denial of Service... 2 7.2 Targets of DoS attacks... 2 7.3 Purpose of flood attacks... 2 7.4 Packets used during flood attacks...
More informationADVANCED TOPICS FOR CONGESTION CONTROL
ADVANCED TOPICS FOR CONGESTION CONTROL Congestion Control The Internet only functions because TCP s congestion control does an effective job of matching traffic demand to available capacity. TCP s Window
More informationCSC 401 Data and Computer Communications Networks
CSC 401 Data and Computer Communications Networks Computer Networks and The Inter Sec 1.3 Prof. Lina Battestilli Fall 2017 Outline Computer Networks and the Inter (Ch 1) 1.1 What is the Inter? 1.2 work
More informationInvestigating Bandwidth Broker s inter-domain operation for dynamic and automatic end to end provisioning
Investigating Bandwidth Broker s inter-domain operation for dynamic and automatic end to end provisioning Christos Bouras and Dimitris Primpas Research Academic Computer Technology Institute, N.Kazantzaki
More informationCOMP/ELEC 429/556 Introduction to Computer Networks
COMP/ELEC 429/556 Introduction to Computer Networks Weighted Fair Queuing Some slides used with permissions from Edward W. Knightly, T. S. Eugene Ng, Ion Stoica, Hui Zhang T. S. Eugene Ng eugeneng at cs.rice.edu
More informationWide-Area Networking at SLAC. Warren Matthews and Les Cottrell (SCS Network Group) Presented at SLAC, April
Wide-Area Networking at SLAC Warren Matthews and Les Cottrell (SCS Network Group) Presented at SLAC, April 6 2001. Overview SLAC s Connections to WANs Utilization End-to-end Performance The Future Note:
More informationNetwork Layer Enhancements
Network Layer Enhancements EECS 122: Lecture 14 Department of Electrical Engineering and Computer Sciences University of California Berkeley Today We have studied the network layer mechanisms that enable
More informationExperience with SPM in IPv6
Experience with SPM in IPv6 Mingjiang Ye, Jianping Wu, and Miao Zhang Department of Computer Science, Tsinghua University, Beijing, 100084, P.R. China yemingjiang@csnet1.cs.tsinghua.edu.cn {zm,jianping}@cernet.edu.cn
More informationMohammad Hossein Manshaei 1393
Mohammad Hossein Manshaei manshaei@gmail.com 1393 Voice and Video over IP Slides derived from those available on the Web site of the book Computer Networking, by Kurose and Ross, PEARSON 2 Multimedia networking:
More informationQuality of Service (QoS) Computer network and QoS ATM. QoS parameters. QoS ATM QoS implementations Integrated Services Differentiated Services
1 Computer network and QoS QoS ATM QoS implementations Integrated Services Differentiated Services Quality of Service (QoS) The data transfer requirements are defined with different QoS parameters + e.g.,
More informationSwitch Configuration message sent 1 (1, 0, 1) 2
UNIVESITY COLLEGE LONON EPATMENT OF COMPUTE SCIENCE COMP00: Networked Systems Problem Set istributed: nd November 08 NOT ASSESSE, model answers released: 9th November 08 Instructions: This problem set
More informationLab Test Report DR100401D. Cisco Nexus 5010 and Arista 7124S
Lab Test Report DR100401D Cisco Nexus 5010 and Arista 7124S 1 April 2010 Miercom www.miercom.com Contents Executive Summary... 3 Overview...4 Key Findings... 5 How We Did It... 7 Figure 1: Traffic Generator...
More informationCore-Stateless Fair Queueing: Achieving Approximately Fair Bandwidth Allocations in High Speed Networks. Congestion Control in Today s Internet
Core-Stateless Fair Queueing: Achieving Approximately Fair Bandwidth Allocations in High Speed Networks Ion Stoica CMU Scott Shenker Xerox PARC Hui Zhang CMU Congestion Control in Today s Internet Rely
More informationIntegrated and Differentiated Services. Christos Papadopoulos. CSU CS557, Fall 2017
Integrated and Differentiated Services Christos Papadopoulos (Remixed by Lorenzo De Carli) CSU CS557, Fall 2017 1 Preliminary concepts: token buffer 2 Characterizing Traffic: Token Bucket Filter Parsimonious
More informationCSCD 433/533 Advanced Networks
CSCD 433/533 Advanced Networks Lecture 2 Network Review Winter 2017 Reading: Chapter 1 1 Topics Network Topics Some Review from CSCD330 Applications Common Services Architecture OSI Model AS and Routing
More informationConfiguring QoS. Finding Feature Information. Prerequisites for QoS
Finding Feature Information, page 1 Prerequisites for QoS, page 1 Restrictions for QoS, page 3 Information About QoS, page 4 How to Configure QoS, page 28 Monitoring Standard QoS, page 80 Configuration
More informationMulticast and Quality of Service. Internet Technologies and Applications
Multicast and Quality of Service Internet Technologies and Applications Aims and Contents Aims Introduce the multicast and the benefits it offers Explain quality of service and basic techniques for delivering
More information