Efficient Over-Provisioning of Network Systems and Services: Principles and Practices - PowerPoint PPT Presentation

1 / 36
About This Presentation
Title:

Efficient Over-Provisioning of Network Systems and Services: Principles and Practices

Description:

Efficient Over-Provisioning of Network Systems and Services: Principles and Practices Dong Xuan Department of Computer Science and Engineering The Ohio-State University – PowerPoint PPT presentation

Number of Views:147
Avg rating:3.0/5.0
Slides: 37
Provided by: SAIT6
Category:

less

Transcript and Presenter's Notes

Title: Efficient Over-Provisioning of Network Systems and Services: Principles and Practices


1
Efficient Over-Provisioning of Network Systems
and Services Principles and Practices
Dong Xuan Department of Computer Science and
Engineering The Ohio-State University http//www.
cse.ohio-state.edu/xuan
2
What is Over-Provisioning?
  • Resources are allocated conservatively, depending
    on expected demands
  • Examples replicated content, replicated servers,
    allocating more bandwidth, multi-path routing
    etc.

3
Outline
  • Objective
  • Principles
  • Practices in Overlay Networks
  • Practices in Sensor Networks
  • Final Remarks

4
Objective
  • Providing high performance, reliability and
    security to network systems and services

5
Challenges and Opportunities
  • Challenges
  • Traffic amount
  • Dynamics of traffic pattern
  • Malicious and non-conforming participants
  • Opportunities
  • Resources, such as bandwidth, storage, processing
    power are no longer the bottlenecks that used to
    be so in the past

6
Why Over-Provisioning?
  • Enable uninterrupted services
  • Reaction under extreme operating conditions are
    milder if not eliminated
  • Maintenance and corresponding dynamics are easier
    if done properly
  • System update is easier

7
However
  • Over provisioning is not always good
  • Over provisioning also comes at the price of
    increased maintenance
  • Resource come at a price, they are not free
  • Resource availability is unbalanced

8
What We Want to Do?
  • Study the principles of over provisioning
  • Practices in a wide spectrum of network systems
    and services

9
Related Work
  • Bandwidth over-provisioning by ISPs (Internet
    Service Providers)
  • Data backup for fault tolerant services
  • Over-deployment in sensor networks

10
Principles
  • A case study bandwidth over provisioning in
    networks
  • Currently it is conducted in an ad hoc manner by
    ISPs
  • QOP Quantitative Over Provisioning
  • Our work on Transaction on Networking 04 1 and
    RTSS 01 2

11
Further Study on Over Provisioning Principles
  • System resources
  • System nodes
  • Connectivity
  • Network Paths
  • Data content, energy and storage
  • Dynamics due to failures and attacks

12
Practical Applications of Over-Provisioning
  • Overlay Networks
  • Sensor Networks

13
Practices in Overlay Networks
  • Secure Overlay Forwarding Systems
  • Resilient Structured Peer to Peer Systems
  • QoS aware and Reliable Overlay Multicast and
    Anycast Services

14
Overlay Networks
15
Secure Overlay Forwarding Systems
  • It is an intermediate forwarding overlay system
    to defend against DDoS attacks
  • Layering Each node only knows the next layer
    nodes
  • Access to target controlled by a set of filters
  • Target is known only to filters

16
Design Features
  • The number of layers 3 layers of hierarchy
    between sources and a target
  • Mapping degree Number of next layer neighbors
  • Node density Number of nodes per layer
  • Under random congestion attacks, path
    availabilities are high if mapping degree is high

17
The Generalized Secure Overlay Forwarding System
  • We have generalized the system in ICDCS 04 8
  • Design features are flexible

18
Intelligent DDoS Attacks
  • Combination of Congestion-based attacks and
    break-in based attacks
  • Congestion attacks result in node being
    non-functional for the duration of the attack
  • Successful break-in attacks result in disclosure
    of next layer neighbors

19
System Performance Observation
  • Over Provisioning is not always good
  • Care should be exercised

20
Resilient Structured P2P Systems
  • Structured P2P systems
  • Distributed Hash Table (DHT) based
  • Node ID and data ID match together
  • CAN, CHORD, PASTRY and TAPSTRY
  • These systems are not resilient to malicious
    attacks !
  • Our solutions
  • Over provisioning in neighbor connectivity
  • RCHORD 4 and CAN-SW 3

21
QoS Aware Overlay Multicast and Anycast
  • Unicast, multicast and anycast
  • Network layer multicast and anycast
  • We have proposed an efficient fault-tolerant
    multicast routing protocol in TPDS 99 5 (38)
  • We have proposed a routing protocol for anycast
    messages in TPDS 00 6, 04 7 (38, 39)
  • Overlay multicast and anycast
  • Multiple path over provisioning based approaches

22
Practices in Sensor Networks
  • Sensor network deployment using limited mobility
    sensors
  • Defending against Physical Attacks

23
Sensor Networks
  • A new paradigm of networking
  • A lot of applications like tracking intruders,
    monitoring animals, forest fires, and warehouse
    monitoring
  • Cheap, easy to deploy, but limited in energy

Base station
A simple sensor network
MTS 310 CA sensor
24
Sensor Networks Deployment using Limited Mobility
Sensors
  • Sensor network deployment
  • Issues
  • Sensors may be damaged
  • Sensor may be out of energy
  • Manual redeployment is hard
  • Solutions
  • Over-provision sensor nodes
  • Exploit sensor mobility

2D-grid
25
Limited Mobile Sensors
  • Mobility in sensors is an energy consuming
    operation
  • XYZ sensor platform can move up to 165 m
  • DARPA has already built limited mobility sensors,
    whose maximum movement is 100 hops
  • Resource of sensor nodes are redundant but their
    mobility is limited

26
Our Deployment Problem
  • Problem definition
  • Given 2-D grid sensor network model, determine a
    movement plan for the sensors to minimize
    variance in number of sensors among all regions
    from and simultaneously minimize the required
    number of movements
  • Variance
  • No. of movement hops

27
An Example
  • Sensor Network with 16 regions and 2
  • A simple, purely localized solution
  • Regions 14, 15 and 16 have less than 2 sensors

28
Discussions on Our Deployment Problem
  • Each region has sensors, which is
    over-provisioned to provide reliable services
  • It is a non-linear optimal problem. However, when
    1, the problem is changed to a linear one
    10
  • The problem is harder due to over-provisioning

29
Our Solutions
  • We proposed two classes of solutions
  • Max-flow based solutions
  • Translate non linear variance problem into linear
    weight assignment problem
  • Translate sensor network into a graph structure
    and determine minimum cost maximum weighted flow
    plan
  • It is optimal if run in a centralized manner
  • Can also execute in a distributed manner
  • Simple Peak-Pit solution
  • Pits request sensors from peaks.
  • Requests contain weights depending on sensors
    needed
  • Requests are served in descending order of
    weights
  • Performance is good under favorable deployment
    conditions

30
Defending against Physical Attacks in Sensor
Networks
  • Physical attacks destroy sensors physically
  • Physical attacks are inevitable in sensor
    networks
  • Sensor network applications that operate in
    hostile environments
  • Volcanic monitoring
  • Battlefield applications
  • Small form factor of sensors
  • Unattended and distributed nature of deployment
  • Different from other types of electronic attacks
  • Can be fatal to sensor networks
  • Simple to launch
  • Defending physical attacks
  • Tampering-resistant packaging helps, but not
    enough
  • We adopt sensor node over-provisioning approach

31
Blind Physical Attacks
32
Search-Based Physical Attacks
33
The Impacts of Physical Attacks
  • Lifetime Vs. Attack arrival rate

34
Defense Strategies
  • Over-provisioning sensor nodes
  • Deploying more sensors to compensate the damage
    of blind attacks 9
  • Using sacrificial node to compensate the weakness
    of sensors in sensing capacity compared with the
    attacker 11

35
Final Remarks
  • The principles of Over Provisioning
  • QOP Quantitative Over Provisioning on network
    resources
  • Practices of Over Provisioning in
  • Overlay Networks
  • Secure Overlay Forwarding Systems Layers and
    Connectivity
  • Resilient Structure P2P systems Neighbor
    connectivity
  • QoS aware Overlay multicast and anycast Path
  • Sensor networks
  • Reliable sensor network limited mobility sensor
    nodes
  • Resilience to Physical attacks node and
    structure

36
References
  1. S. Wang, Dong Xuan, R. Bettati and W. Zhao,
    Providing Absolute Differentiated Services for
    Real-Time Applications in Static-Priority
    Scheduling Networks,  in IEEE/ACM Transactions
    on Networking (ToN), Vol 12, No. 2, April 2004.
  2. S. Wang, Dong Xuan, R. Bettati and W. Zhao,
    Differentiated Services with Statistical
    Real-Time Guarantees in Static-Priority
    Scheduling Networks, in Proc. of  IEEE RTSS,
    2001.
  3. S. Wang, Dong Xuan and W. Zhao, On Resilience of
    Structured Peer-to-Peer Systems,  in Proc. of
    IEEE   GLOBECOM, Dec. 2003.
  4. Dong Xuan, S. Chellappan and M. Krishnamoorthy,
    RChord An Enhanced Chord System Resilient to
    Routing Attacks, in Proc. of  IEEE ICCNMC, Oct.
    2003.
  5. W. Jia, W. Zhao, Dong Xuan, and G. Xu, An
    Efficient Fault-Tolerant Multicast Routing
    Protocol with Core-Based Tree Techniques, in
    IEEE Transactions on Parallel and Distributed
    Systems (TPDS), Vol. 10, No. 10, Oct. 1999.
  6. Dong Xuan, W. Jia, W. Zhao, and H. Zhu, A
    Routing Protocol for Anycast Messages, in IEEE
    Transactions on Parallel and Distributed Systems
    (TPDS), Vol. 11, No. 6, June 2000.
  7. W. Jia, Dong Xuan, W. Tu, L. Lin and W. Zhao,
    Distributed Admission Control for Anycast
    Flows, in IEEE Transactions on Parallel and
    Distributed Systems (TPDS), Vol 15, No. 8, August
    2004.
  8. Dong Xuan, S. Chellappan, X. Wang and S. Wang,
     Analyzing the Secure Overlay Services
    Architecture under Intelligent DDoS Attacks,  in
    Proc. of   IEEE International Conference on
    Distributed Computing Systems (ICDCS), March
    2004.
  9. Xun Wang, Wenjun Gu, Sriram Chellappan, Kurt
    Schosek, Dong Xuan, Lifetime Optimization of
    Sensor Networks under Physical Attacks , IEEE
    ICC 2005.
  10. S. Chellappan, X. Bai, B. Ma and Dong Xuan,
    Mobility Limited Flip-based Sensor Network
    Deployment, accepted by IEEE Transactions on
    Parallel and Distributed Systems (TPDS), Oct.
    2005.
  11. W. Gu, X. Wang, S. Chellappan, Dong Xuan and Ten
    H. Lai, Defending against Search-based Physical
    Attacks in Sensor Networks, to appear in Proc. of
    IEEE MASS, Nov. 2005
Write a Comment
User Comments (0)
About PowerShow.com