Resilient Overlay Networks

1
Resilient Overlay Networks

• Robert Morris
• Frans Kaashoek and Hari Balakrishnan
• MIT LCS
• http//nms.lcs.mit.edu/projects/ron/

2
Problems with ISP-Based Routing

• Users cannot select routing metrics.
• Sophisticated routing only within each ISP.
• Only ISPs assemble measurements.
• Hop-by-hop model is error-prone.

3
Example Problem Policy Routing
Site 2
Site 3
ISP1
ISP2
Site 1
ISP3
Site 5
Site 4
The red path may be legal but forbidden by policy.
4
RON Approach

• Move routing control towards end systems.
• Take advantage of small scale.
• Base decisions on end-to-end monitoring.

5
A Resilient Overlay Network
Site 2
Site 3
Virtual RON link
N2
N3
RON node / edge router
ISP1
ISP2
N1
ISP3
Site 1
N5
N4
RON nodes exchange measurements and choose routes.
6
End-System Control Enables Sophisticated
Applications

• End-to-end QoS requirements.
• End-to-end metrics and trust.
• Aggressive adaptive re-routing algorithms.
• Application-oriented policy interpretation.
• Coordinated reactions to DoS attacks.

7
Example Reliable Routing
N2
N3
ISP1
ISP2
x
N1
ISP3
Overload
N5
N4
8
Example Perimeter Defense (1)

• Analyzing DoS attacks requires cooperation.
• Detect near target, control near source.
• Variable routing confuses historic traffic
  analysis.
• Asymmetric routing hides one-way flows.
• Hard to guess ingress even w/ true source addr.
• Groups of ISPs can deploy monitoring nodes.
• Use RON for reliable coordination.

9
Example Perimeter Defense (2)
C1
C2
1. Look for unusual traffic.
R2
R1
ISP1
ISP2
2. Exchange alerts over RON.
ISP3
R4
R3
3. Detect and control sources.
C4
C3
Attacker
Attacker
10
RON Implementation Challenges

• Measurements
• Topology choice
• Adaptive Routing
• Security

11
Measurements

• Characterize alternate paths
• Do they fail independently?
• How often do they perform better?
• Are there multiple sensible metrics?
• Are measurements predictive?
• Time scales long enough for adaptive routing?

12
Topology Choice
N4
N2
N3
ISP1
ISP2
N1
N5
ISP3
N7
N6
IP routing prefers short virtual links for high
reliability. Gnutella prefers long links for fast
query propagation.
13
Adaptive Routing

• Goal Good paths through the RON topology.
• Tools
• Application-provided guidance.
• Small scale ? aggressive algorithms.
• Cooperative measurement infrastructure.
• RON-level source routing obviates consistency.
• Example choose best 2-hop path.

14
Security

• Protection of data
• End-to-end or IPSec over RON virtual links.
• Protection of routing and control traffic
• Sites can choose whom to trust.
• Protection against DoS attacks on RON
• End-to-end authentication, hash cash.

15
Project Plan

• Measure existing Internet for validation.
• Design topology and routing algorithms.
• Deploy RON nodes.
• Build initial app real-time collaboration.
• Generalize API (content distribution, peer to
  peer file sharing).

16
Summary

• RON moves routing control to end systems.
• Well suited to collaborating groups of sites.
• Benefits
• More robust routing than the Internet.
• More control over QoS.
• Platform for cooperative defenses.