Overview
Network Architectures Network Overlays SCOLD PSMC Issues Conclusion
On Proxy Server Based Multipath Connections
Yu Cai, PhD Dissertation, UCCS, 2005
Client/Server Model
1. Client requests DNS name translaton
2. Router directs query to local proxy server 3. Proxy server redirects shortest path to host
Client/Server Problems
1. Client requests DNS name translation
2. Router directs query to local proxy server 3. Proxy server redirects shortest path to host
• Shortest path not always fastest!
• Wasted bandwidth!
Client/Server Vulnerability
1. Client requests DNS name translation
2. Router directs query to local proxy server 3. Proxy server redirects shortest path to host
• Shortest path not always fastest!
• Wasted bandwidth!
• Distributed Denial of Service (DDoS) Attack!
Service Overlays
• Build on existing capabilities• Don’t need to retrofit existing services• Modular compatibility for adding and removing
Secure Collective Defense (SCOLD)
• SCOLD Coordinator• SCOLD Proxy Servers
• Defends against DDoS attacks!
Secure Collective Defense (SCOLD)
• SCOLD Coordinator blocks incoming attack on main gateway• Notifies trusted DNSs to use trusted proxys• Trusted proxys route requests through alternate gateways
SCOLD Performance
• SCOLD overhead incurs performance delays• SCOLD overhead is insignicant compared to attacks!
Proxy Server-based Multipath Connection (PSMC)
• Can we extend the SCOLD concept to enhance network perfromance?• Shortest path not always fastest!
• Wasted bandwidth!
PSMC Architecture
• Sender module responsible for packet distribution among multiple paths• Some packets go through normal “direct route”• Some packets go through “indirect routes”• Receiver module reassembles packets in correct order.
Proxy Server-based Multipath Connection (PSMC)
• Aggregating bandwidth increases throughput• Multiple paths increase reliability, decrease vulnerability
123456
Proxy Server-based Multipath Connection (PSMC)
• PSMC increases probability packets arrive out of order
123456 125643 12
123456
Proxy Server-based Multipath Connection (PSMC)
• PSMC increases probability packets arrive out of order
123456 125643
• Resulting in significantly higher retransmit requests
56 4 3
123456Buffer 2
Buffer 1
125643123456
Proxy Server-based Multipath Connection (PSMC)
123456 125643
• PSMC increases probability packets arrive out of order• Resulting in significantly higher retransmit requests• Solution: Create a double receiving buffer!
PSMC Performance
• PSMC without double buffering was worse than standard routing!• PSMC with double buffering was significantly better than standard routing!
Issues
Detecting compromised proxy servers
Controlling malicious users
More efficient double-buffer management
Investigating quality of service capabilities