The Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Presented By: Kamalakar Kambhatla

Similar documents
Venugopal Ramasubramanian Emin Gün Sirer SIGCOMM 04

Proactive Caching for Better than Single-Hop Lookup Performance

Naming. To do. q What s in a name q Flat naming q Structured naming q Attribute-based naming q Next: Content distribution networks

Introduction to Peer-to-Peer Systems

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Naming WHAT IS NAMING? Name: Entity: Slide 3. Slide 1. Address: Identifier:

Peer-to-peer systems and overlay networks

CSC2231: DNS with DHTs

Peer-to-Peer Systems. Network Science: Introduction. P2P History: P2P History: 1999 today

CS555: Distributed Systems [Fall 2017] Dept. Of Computer Science, Colorado State University

March 10, Distributed Hash-based Lookup. for Peer-to-Peer Systems. Sandeep Shelke Shrirang Shirodkar MTech I CSE

Lecture 6: Overlay Networks. CS 598: Advanced Internetworking Matthew Caesar February 15, 2011

Server Selection Mechanism. Server Selection Policy. Content Distribution Network. Content Distribution Networks. Proactive content replication

Today. Why might P2P be a win? What is a Peer-to-Peer (P2P) system? Peer-to-Peer Systems and Distributed Hash Tables

Reminder: Distributed Hash Table (DHT) CS514: Intermediate Course in Operating Systems. Several flavors, each with variants.

CS519: Computer Networks. Lecture 6: Apr 5, 2004 Naming and DNS

Distributed Hash Tables: Chord

Peer-to-Peer Systems and Distributed Hash Tables

Content Overlays. Nick Feamster CS 7260 March 12, 2007

Chapter 10: Peer-to-Peer Systems

Peer-to-Peer Systems. Chapter General Characteristics

Veracity: Practical Secure Network Coordinates via Vote-Based Agreements

Hoda Rohani Anastasios Poulidis Supervisor: Jeroen Scheerder. System and Network Engineering July 2014

SecSpider: Distributed DNSSEC Monitoring and Key Learning

CSE 5306 Distributed Systems. Naming

Peer-to-peer computing research a fad?

THE AUTHORITATIVE GUIDE TO DNS TERMINOLOGY

Early Measurements of a Cluster-based Architecture for P2P Systems

Bayeux: An Architecture for Scalable and Fault Tolerant Wide area Data Dissemination

Exploiting Communities for Enhancing Lookup Performance in Structured P2P Systems

Distributed Hash Tables

Ossification of the Internet

CSE 5306 Distributed Systems

Motivation for peer-to-peer

Naming in Distributed Systems

Kademlia: A peer-to peer information system based on XOR. based on XOR Metric,by P. Maymounkov and D. Mazieres

EECS 122: Introduction to Computer Networks Overlay Networks and P2P Networks. Overlay Networks: Motivations

Internet Indirection Infrastructure (i3) Ion Stoica, Daniel Adkins, Shelley Zhuang, Scott Shenker, Sonesh Surana. UC Berkeley SIGCOMM 2002

08 Distributed Hash Tables

Replication, Load Balancing and Efficient Range Query Processing in DHTs

Flooded Queries (Gnutella) Centralized Lookup (Napster) Routed Queries (Freenet, Chord, etc.) Overview N 2 N 1 N 3 N 4 N 8 N 9 N N 7 N 6 N 9

DHT Overview. P2P: Advanced Topics Filesystems over DHTs and P2P research. How to build applications over DHTS. What we would like to have..

Slides for Chapter 10: Peer-to-Peer Systems. From Coulouris, Dollimore, Kindberg and Blair Distributed Systems: Concepts and Design

Distributed System: Definition

Naming. Distributed Systems IT332

Searching for Shared Resources: DHT in General

Security for Structured Peer-to-peer Overlay Networks. Acknowledgement. Outline. By Miguel Castro et al. OSDI 02 Presented by Shiping Chen in IT818

Distributed Hash Table

Slides for Chapter 10: Peer-to-Peer Systems

Overlay Networks: Motivations. EECS 122: Introduction to Computer Networks Overlay Networks and P2P Networks. Motivations (cont d) Goals.

Democratizing Content Publication with Coral

ROOT SERVERS MANAGEMENT AND SECURITY

EARM: An Efficient and Adaptive File Replication with Consistency Maintenance in P2P Systems.

DNSSEC DNS SECURITY EXTENSIONS INTRODUCTION TO DNSSEC FOR SECURING DNS QUERIES AND INFORMATION

Democratizing Content Publication with Coral

Assignment 5. Georgia Koloniari

In the Domain Name System s language, rcode 0 stands for: no error condition.

BEST PRACTICES FOR IMPROVING EXTERNAL DNS RESILIENCY AND PERFORMANCE

Today CSCI Coda. Naming: Volumes. Coda GFS PAST. Instructor: Abhishek Chandra. Main Goals: Volume is a subtree in the naming space

CONTENT DISTRIBUTION. Oliver Michel University of Illinois at Urbana-Champaign. October 25th, 2011

Searching for Shared Resources: DHT in General

Large-Scale Data Stores and Probabilistic Protocols

Challenges in the Wide-area. Tapestry: Decentralized Routing and Location. Global Computation Model. Cluster-based Applications

Overlay and P2P Networks. Introduction and unstructured networks. Prof. Sasu Tarkoma

Securing BGP. Geoff Huston November 2007

Protecting DNS from Routing Attacks -Two Alternative Anycast Implementations

This time. Digging into. Networking. Protocols. Naming DNS & DHCP

Load Sharing in Peer-to-Peer Networks using Dynamic Replication

Dynamic Metadata Management for Petabyte-scale File Systems

Domain Name System.

Distributed Systems. 21. Content Delivery Networks (CDN) Paul Krzyzanowski. Rutgers University. Fall 2018

CS November 2018

DMAP : Global Name Resolution Services Through Direct Mapping

Distributed Web Crawling over DHTs. Boon Thau Loo, Owen Cooper, Sailesh Krishnamurthy CS294-4

Seamless transition of domain name system (DNS) authoritative servers

Telematics Chapter 9: Peer-to-Peer Networks

DNS/DNSSEC Workshop. In Collaboration with APNIC and HKIRC Hong Kong. Champika Wijayatunga Regional Security Engagement Manager Asia Pacific

Squirrel case-study. Decentralized peer-to-peer web cache. Traditional centralized web cache. Based on the Pastry peer-to-peer middleware system

Goals. Facebook s Scaling Problem. Scaling Strategy. Facebook Three Layer Architecture. Workload. Memcache as a Service.

Herbivore: An Anonymous Information Sharing System

Chapter 5 Naming (2)

The Case for Pushing DNS. Mark Handley and Adam Greenhalgh

IP ADDRESSES, NAMING, AND DNS

Information Retrieval in Peer to Peer Systems. Sharif University of Technology. Fall Dr Hassan Abolhassani. Author: Seyyed Mohsen Jamali

Data-Centric Query in Sensor Networks

Replication Routing Indexes for XML Documents

Last Class: Consistency Models. Today: Implementation Issues

Overlay networks. To do. Overlay networks. P2P evolution DHTs in general, Chord and Kademlia. Turtles all the way down. q q q

Small-World Overlay P2P Networks: Construction and Handling Dynamic Flash Crowd

Evaluating Unstructured Peer-to-Peer Lookup Overlays

CompSci 356: Computer Network Architectures Lecture 21: Overlay Networks Chap 9.4. Xiaowei Yang

Outline Applications. Central Server Hierarchical Peer-to-peer. 31-Jan-02 Ubiquitous Computing 1

Distributed Information Processing

More on DNS and DNSSEC

Distributed Knowledge Organization and Peer-to-Peer Networks

Addressed Issue. P2P What are we looking at? What is Peer-to-Peer? What can databases do for P2P? What can databases do for P2P?

P2PNS: A Secure Distributed Name Service for P2PSIP

CS514: Intermediate Course in Computer Systems

DISTRIBUTED COMPUTER SYSTEMS ARCHITECTURES

Chapter 3: Naming Page 38. Clients in most cases find the Jini lookup services in their scope by IP

A Survey on Peer-to-Peer File Systems

Transcription:

The Design and Implementation of a Next Generation Name Service for the Internet (CoDoNS) Venugopalan Ramasubramanian Emin Gün Sirer Presented By: Kamalakar Kambhatla * Slides adapted from the paper - The Design and Implementation of a Next Generation Name Service for the Internet by Venugopalan Ramasubramanian and Emin Gün Sirer SIGCOMM 2004

Overview of DNS Root DNS Servers com DNS servers org DNS servers edu DNS servers yahoo.com DNS servers amazon.com DNS servers pbs.org DNS servers poly.edu northwestern.edu DNS servers DNS servers * Static, hierarchical partitioning of the namespace, top down lookup through delegations * TTL based caching, expensive, no bounds lookups

Problems * Performance bottlenecks Slow, cold misses lead to high latencies * Vulnerable to DoS attacks 80% of the domain names are served by just two nameservers and 0.8% by only one Top levels of hierarchy are served by a relatively smaller number of servers Recent DoS attack on Microsoft s DNS servers severely affected the availability of Microsoft s web services for several hours

Problems * Latency issues * Load imbalance * Manual configuration, implementation errors Large number of broken or inconsistent delegations * Cache coherency and updates

Bottlenecks * Resolvers in legacy DNS operate on behalf of clients to map queries to matching resource records * Several nameservers belong to same subnet

Latency * Name resolution latency is a significant component of the time required to access web services * Short TTLs eliminate caching and overload nameservers * Low performance mainly due to low cache hit rates, Zipf- like query distribution in DNS

Load Imbalance * Root and TLD handle a large load and are frequently subjected to DoS attacks * A massive distributed DoS attack in Nov 2002 rendered 9 of 13 root servers unresponsive now root is more than 60 nameservers and is served through a special- case support for BGP- level anycast!!

Update Propagation * Large scale caching poses problems for maintaining the consistency of cached records in presence of dynamic changes. * Selection of a suitable TTL value is tough short TTLs affect lookup performance and increase network load, while long TTLs interfere with service relocation * Nearly 40% of domain names use TTLs of one day or higher, which prohibits fast dissemination of unanticipated changes to records

Properties of Replacement DNS * High Performance Achieve lower latencies than legacy DNS and improve lookup performance in presence of high loads * Resilience to Attacks Remove vulnerabilities in the system and provide resistance against DoS attacks through decentralization and dynamic load balancing * Fast Update Propagation Enable changes in name- address mappings to quickly propagate to clients

CoDoNS - Overview * Derives scalability, decentralization, self- organization and failure resilience from structured p2p overlays * High lookup performance through proactive caching * Resilience to DoS attacks through automatic load balancing * Fast propagation of updates

CoDoNS - Overview * Achieves high performance through Beehive replication framework * Cryptographic delegation instead of host based physical delegation limits potential malfeasance by namespace operators * Backwards compatibility enables CoDoNS to serve as a backup for legacy DNS or even complete replacement

CoDoNS - Overview * Globally distributed CoDoNS servers self- organize to form a flat p2p network, behaving like a large, cooperative, shared cache * Clients contact CoDoNS through a local participant in the CoDoNS network, akin to the legacy DNS resolver * No changes to client- side resolver libraries, besides changing the ids of nameservers in the system configuration

Beehive - Overview * Proactive replication framework that enables prefix- matching DHTs to achieve O(1) lookup performance examples are Pastry and Tapestry * Objects and nodes have randomly assigned Ids from the same circular space, and each object is stored at the nearest node in the Id space, called the home node * Each node routes a request for an object, by successively matching prefixes; that is, by routing the request to a node that matches one more digit with the object until the home node, is reached

Beehive - Overview * Query issued for object 2101 * Pastry incurs 3 hops to find a copy of the object * By placing copies of the object at all nodes one hop prior to the home node in the request path, the lookup latency can be reduced by one hop

Beehive - Overview * O(logN) hops in the worst case to reach the home node * By choosing levels of replication, average lookup performance can be tuned to any desired constant * Can achieve O(1) lookups by replicating every object at every node, would incur excessive space overhead, consume significant bandwidth and lead to large update latencies

Beehive - Overview * Minimizes bandwidth and space consumption by posing an optimization problem * Minimize the total number of replicas subject to the constraint that the average lookup latency is less than a desired constant C * For Zipf- like query distributions, Beehive analytically derives the optimal closed- form solution to this problem * Expression for closed- form solution that minimizes total number of replicas for Zipf- like query distributions with parameter α<1 is

Beehive - Overview * Any targeted average lookup latency can be achieved by selecting an appropriate C * CoDoNS - C=0.5 hops, which means that a large percentage of requests are answered immediately * Minimal bandwidth and storage overhead * Replicating objects across several nodes balances the load, improves resilience against DoS attacks * Level of replication can be used to quickly determine the location of all object replicas, and update them when necessary

CoDoNS - Architecture * Globally distributed nodes that self organize to form a p2p network * Provides query resolution services to clients using the same wire format and protocol as legacy DNS, and thus requires no changes to client resolvers * Decouples namespace management from query resolution * No restrictions on hierarchical structure of the namespace * API: insert, delete and update

CoDoNS - Architecture * Associates the node whose ID is closest to consistent hash of the domain name as the home node for that domain name * Home node stores a permanent copy of the resource records owned by that domain name and manages their replication * If home node fails, next closest node in ID space automatically becomes the new home node. * Replicates all records on several nodes adjacent to home node in ID space to avoid data loss due to node failures

CoDoNS Query Resolution

CoDoNS - Implementation * Layered on top of Pastry and Beehive * Each CoDoNS server implements a complete, recursive, caching DNS resolver * Supports inverse queries that map IP addresses to a domain name * Domain names have unique 128- bit IDs * Home node, the closest node in the ID space, stores permanent copies of resource records of the domain name and maintains their consistency in the system * Home node uses the TTL specified by legacy DNS as the duration to store the records. Refetches records from legacy DNS after TTL duration, and propagates updated records to all replicas if records change

Issues and Implications * Decouples namespace management from the physical location of nameservers * Uses cryptographic delegations and self- verifying records based on DNSSEC standard * Every namespace operator has a public- private key pair; private key used to digitally sign DNS records managed by operator * Chain of certificates terminating at a small number of well- known public keys for globally trusted authorities * Signature and public key stored in DNS as resource records of type sig and key * Clients can verify the authenticity of a resource record by fetching the sig record and the key record from the DNS

Issues and Implications * DNSSEC not yet widely deployed, hence cannot rely on legacy DNS to provide certificates for resource records * CoDoNS uses own centralized authority to sign resource records fetched from legacy DNS * Queries to legacy DNS directed to a small pool of certifying resolvers, which fetch authoritative resource records from legacy DNS, sign them, and append the sig records to the legacy DNS response * Requires trust to be placed in the certifying resolvers * Malicious participants may disrupt the system by corrupting the routing tables of peers and misrouting or dropping queries * Can use secure routing tables to limit impact of corrupt nodes, but may increase lookup delay

Evaluation * P2p network of servers of globally distributed PlanetLab nodes * Results show that CoDoNS provides low latency resolution service, resists flash- crowds and provides support for fast update propagation.

Setup Started with no initial DNS records After some time, issue DNS requests from a real workload to the server at each node Measure lookup latency and periodically record the load handled and overhead incurred by each node Workload obtained from traces collected at MIT Workload comprises of 281,943 queries for 47,230 unique domain names. Popularity of domain names closely follows a Zipf- like distribution with parameter 0.91. Measurements taken from a deployment on 75 distributed PlanetLab nodes.

Lookup Performance Cumulative Distribution of Latency Median Latency vs Time Query Resolution Latency

Flash- crowd Effect Median Latency vs Time with introduction of a Flash- crowd at the 6 th hour

Load Balance Load Balance vs Time *Coefficient of variation defined as the ratio of standard deviation of the load across all the nodes to the mean nodes

Update Propagation 98% of the replicas are updated within 1sec Latency to update 99% of replicas one hop from the home node is about 1 second Overall, update propagation latency depends on the extent of replication Worst case logn hops to update all nodes Update Propagation Time

Summary * CoDoNS provides low latencies for query resolution * Massive replication for the most popular records, but a modest number of replicas, achieves high performance with low overhead * Eliminating static query processing hierarchy and scheduling load dynamically onto peer nodes greatly decreases the vulnerability to DoS attacks * Self- organization and continuous replication avoids bottlenecks in presence of flash crowds * Proactive update propagation ensures that unanticipated changes can be quickly disseminated and cached in the system

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback