Title: Efficient Over-Provisioning of Network Systems and Services: Principles and Practices
1Efficient Over-Provisioning of Network Systems
and Services Principles and Practices
Dong Xuan Department of Computer Science and
Engineering The Ohio-State University http//www.
cse.ohio-state.edu/xuan
2What is Over-Provisioning?
- Resources are allocated conservatively, depending
on expected demands - Examples replicated content, replicated servers,
allocating more bandwidth, multi-path routing
etc.
3Outline
- Objective
- Principles
- Practices in Overlay Networks
- Practices in Sensor Networks
- Final Remarks
4Objective
- Providing high performance, reliability and
security to network systems and services
5Challenges and Opportunities
- Challenges
- Traffic amount
- Dynamics of traffic pattern
- Malicious and non-conforming participants
- Opportunities
- Resources, such as bandwidth, storage, processing
power are no longer the bottlenecks that used to
be so in the past
6Why Over-Provisioning?
- Enable uninterrupted services
- Reaction under extreme operating conditions are
milder if not eliminated - Maintenance and corresponding dynamics are easier
if done properly - System update is easier
7However
- Over provisioning is not always good
- Over provisioning also comes at the price of
increased maintenance - Resource come at a price, they are not free
- Resource availability is unbalanced
8What We Want to Do?
- Study the principles of over provisioning
- Practices in a wide spectrum of network systems
and services
9Related Work
- Bandwidth over-provisioning by ISPs (Internet
Service Providers) - Data backup for fault tolerant services
- Over-deployment in sensor networks
10Principles
-
- A case study bandwidth over provisioning in
networks - Currently it is conducted in an ad hoc manner by
ISPs - QOP Quantitative Over Provisioning
- Our work on Transaction on Networking 04 1 and
RTSS 01 2
11Further Study on Over Provisioning Principles
- System resources
- System nodes
- Connectivity
- Network Paths
- Data content, energy and storage
- Dynamics due to failures and attacks
12Practical Applications of Over-Provisioning
- Overlay Networks
- Sensor Networks
13Practices in Overlay Networks
- Secure Overlay Forwarding Systems
- Resilient Structured Peer to Peer Systems
- QoS aware and Reliable Overlay Multicast and
Anycast Services
14Overlay Networks
15Secure Overlay Forwarding Systems
- It is an intermediate forwarding overlay system
to defend against DDoS attacks - Layering Each node only knows the next layer
nodes - Access to target controlled by a set of filters
- Target is known only to filters
16Design Features
- The number of layers 3 layers of hierarchy
between sources and a target - Mapping degree Number of next layer neighbors
- Node density Number of nodes per layer
- Under random congestion attacks, path
availabilities are high if mapping degree is high
17The Generalized Secure Overlay Forwarding System
- We have generalized the system in ICDCS 04 8
- Design features are flexible
18Intelligent DDoS Attacks
- Combination of Congestion-based attacks and
break-in based attacks - Congestion attacks result in node being
non-functional for the duration of the attack - Successful break-in attacks result in disclosure
of next layer neighbors
19System Performance Observation
- Over Provisioning is not always good
- Care should be exercised
20Resilient Structured P2P Systems
- Structured P2P systems
- Distributed Hash Table (DHT) based
- Node ID and data ID match together
- CAN, CHORD, PASTRY and TAPSTRY
- These systems are not resilient to malicious
attacks ! - Our solutions
- Over provisioning in neighbor connectivity
- RCHORD 4 and CAN-SW 3
21QoS Aware Overlay Multicast and Anycast
- Unicast, multicast and anycast
- Network layer multicast and anycast
- We have proposed an efficient fault-tolerant
multicast routing protocol in TPDS 99 5 (38) - We have proposed a routing protocol for anycast
messages in TPDS 00 6, 04 7 (38, 39) - Overlay multicast and anycast
- Multiple path over provisioning based approaches
22Practices in Sensor Networks
- Sensor network deployment using limited mobility
sensors - Defending against Physical Attacks
-
23Sensor Networks
- A new paradigm of networking
- A lot of applications like tracking intruders,
monitoring animals, forest fires, and warehouse
monitoring - Cheap, easy to deploy, but limited in energy
-
Base station
A simple sensor network
MTS 310 CA sensor
24Sensor Networks Deployment using Limited Mobility
Sensors
- Sensor network deployment
- Issues
- Sensors may be damaged
- Sensor may be out of energy
- Manual redeployment is hard
- Solutions
- Over-provision sensor nodes
- Exploit sensor mobility
2D-grid
25Limited Mobile Sensors
- Mobility in sensors is an energy consuming
operation - XYZ sensor platform can move up to 165 m
- DARPA has already built limited mobility sensors,
whose maximum movement is 100 hops - Resource of sensor nodes are redundant but their
mobility is limited
26Our Deployment Problem
- Problem definition
- Given 2-D grid sensor network model, determine a
movement plan for the sensors to minimize
variance in number of sensors among all regions
from and simultaneously minimize the required
number of movements - Variance
- No. of movement hops
27An Example
- Sensor Network with 16 regions and 2
- A simple, purely localized solution
- Regions 14, 15 and 16 have less than 2 sensors
28Discussions on Our Deployment Problem
- Each region has sensors, which is
over-provisioned to provide reliable services - It is a non-linear optimal problem. However, when
1, the problem is changed to a linear one
10 - The problem is harder due to over-provisioning
29Our Solutions
- We proposed two classes of solutions
- Max-flow based solutions
- Translate non linear variance problem into linear
weight assignment problem - Translate sensor network into a graph structure
and determine minimum cost maximum weighted flow
plan - It is optimal if run in a centralized manner
- Can also execute in a distributed manner
- Simple Peak-Pit solution
- Pits request sensors from peaks.
- Requests contain weights depending on sensors
needed - Requests are served in descending order of
weights - Performance is good under favorable deployment
conditions
30Defending against Physical Attacks in Sensor
Networks
- Physical attacks destroy sensors physically
- Physical attacks are inevitable in sensor
networks - Sensor network applications that operate in
hostile environments - Volcanic monitoring
- Battlefield applications
- Small form factor of sensors
- Unattended and distributed nature of deployment
- Different from other types of electronic attacks
- Can be fatal to sensor networks
- Simple to launch
- Defending physical attacks
- Tampering-resistant packaging helps, but not
enough - We adopt sensor node over-provisioning approach
31Blind Physical Attacks
32Search-Based Physical Attacks
33The Impacts of Physical Attacks
- Lifetime Vs. Attack arrival rate
34Defense Strategies
- Over-provisioning sensor nodes
- Deploying more sensors to compensate the damage
of blind attacks 9 - Using sacrificial node to compensate the weakness
of sensors in sensing capacity compared with the
attacker 11
35Final Remarks
- The principles of Over Provisioning
- QOP Quantitative Over Provisioning on network
resources - Practices of Over Provisioning in
- Overlay Networks
- Secure Overlay Forwarding Systems Layers and
Connectivity - Resilient Structure P2P systems Neighbor
connectivity - QoS aware Overlay multicast and anycast Path
- Sensor networks
- Reliable sensor network limited mobility sensor
nodes - Resilience to Physical attacks node and
structure
36References
- S. Wang, Dong Xuan, R. Bettati and W. Zhao,
Providing Absolute Differentiated Services for
Real-Time Applications in Static-Priority
Scheduling Networks, in IEEE/ACM Transactions
on Networking (ToN), Vol 12, No. 2, April 2004. - S. Wang, Dong Xuan, R. Bettati and W. Zhao,
Differentiated Services with Statistical
Real-Time Guarantees in Static-Priority
Scheduling Networks, in Proc. of IEEE RTSS,
2001. - S. Wang, Dong Xuan and W. Zhao, On Resilience of
Structured Peer-to-Peer Systems, in Proc. of
IEEE GLOBECOM, Dec. 2003. - Dong Xuan, S. Chellappan and M. Krishnamoorthy,
RChord An Enhanced Chord System Resilient to
Routing Attacks, in Proc. of IEEE ICCNMC, Oct.
2003. - W. Jia, W. Zhao, Dong Xuan, and G. Xu, An
Efficient Fault-Tolerant Multicast Routing
Protocol with Core-Based Tree Techniques, in
IEEE Transactions on Parallel and Distributed
Systems (TPDS), Vol. 10, No. 10, Oct. 1999. - Dong Xuan, W. Jia, W. Zhao, and H. Zhu, A
Routing Protocol for Anycast Messages, in IEEE
Transactions on Parallel and Distributed Systems
(TPDS), Vol. 11, No. 6, June 2000. - W. Jia, Dong Xuan, W. Tu, L. Lin and W. Zhao,
Distributed Admission Control for Anycast
Flows, in IEEE Transactions on Parallel and
Distributed Systems (TPDS), Vol 15, No. 8, August
2004. - Dong Xuan, S. Chellappan, X. Wang and S. Wang,
Analyzing the Secure Overlay Services
Architecture under Intelligent DDoS Attacks, in
Proc. of IEEE International Conference on
Distributed Computing Systems (ICDCS), March
2004. - Xun Wang, Wenjun Gu, Sriram Chellappan, Kurt
Schosek, Dong Xuan, Lifetime Optimization of
Sensor Networks under Physical Attacks , IEEE
ICC 2005. - S. Chellappan, X. Bai, B. Ma and Dong Xuan,
Mobility Limited Flip-based Sensor Network
Deployment, accepted by IEEE Transactions on
Parallel and Distributed Systems (TPDS), Oct.
2005. - W. Gu, X. Wang, S. Chellappan, Dong Xuan and Ten
H. Lai, Defending against Search-based Physical
Attacks in Sensor Networks, to appear in Proc. of
IEEE MASS, Nov. 2005