Controlling High Bandwidth Aggregates in the Network Ratul
Controlling High Bandwidth Aggregates in the Network Ratul Mahajan, Steven M. Bellovin, Sally Floyd, John Ioannidis, Vern Paxson, and Scott Shenker ACM SIGCOMM Computer Communication Review �� July 2002 Presented by J. H. Su 9/6/2021 OPlab, IM, NTU 1
Outline l l l Introduction Local ACC Pushback mechanism Simulation Conclusions 9/6/2021 OPlab, IM, NTU 2
Introduction(1/3) l Persistent overloads can arise for several reasons. • A single flow not using end-to-end congestion • control. A general excess of traffic. • denial of service (Do. S) • flash crowds • Slashdot effect 9/6/2021 OPlab, IM, NTU 3
Introduction(2/3) l l The persistent congestion is due to a particular aggregate of packets causing the overload, and these offending packets are usually spread across many flows. Congestion caused by aggregates cannot be controlled by conventional flow-based protection mechanisms. 9/6/2021 OPlab, IM, NTU 4
Introduction(3/3) l Aggregate-based congestion control(ACC) • Local ACC • Identification algorithm • Control algorithm • Pushback • Allows a router to request adjacent upstream routers to rate-limit the specified aggregates. 9/6/2021 OPlab, IM, NTU 6
Local ACC l l Local ACC can be broken down into detection and control ACC Agent • responsible for identifying aggregates and computing a rate limit for them(by drop rate). l Rate-Limiter • responsible for classifying packets, ratelimiting those belonging to a rate-limited aggregate. 9/6/2021 OPlab, IM, NTU 7
Local ACCrate limiting architecture Rate-Limiter Packet surviving the rate-limiter Y In High-BW Agg? Drop? N N FIFO output queue Y Information on Identified aggregates 9/6/2021 ACC Agent OPlab, IM, NTU 8 out
Detecting Congestion l l The identification process in the ACC Agent is triggered when the output queue experiences sustained high congestion. Define sustained congestion as a drop rate of more than Phigh over a period of K seconds. 9/6/2021 OPlab, IM, NTU 9
Identification of High Bandwidth Aggregates l identify high-bandwidth aggregates based on the destination address. • • 1. Identify high-bandwidth aggregates based on the destination address(32 -bits). 2. Cluster these addresses into 24 -bit prefixes. 3. For each of these clusters try obtaining a longer prefix that still contains most of the drops. 4. All these clusters are then sorted in decreasing order based on the number of drops associated with them. 9/6/2021 OPlab, IM, NTU 10
Determining the Rate Limit for Aggregates(1/2) l l l The ACC Agent has a sorted list of aggregates, starting with the aggregate with the most drops from the drop history. The ACC Agent estimate the arrival rate from each aggregate over the most recent seconds. The ACC Agent next calculates Rexcess , the excess arrival rate at the output queue used Ptarget. 9/6/2021 OPlab, IM, NTU 11
Determining the Rate Limit for Aggregates(2/2) l Determines the minimum number of aggregates that could be rate-limited. • total number of rate-limited aggregates must be at most Max. Sessions. l If the ACC Agent has determined that it can rate-limit the i top aggregates, it next computes the rate-limit L to be applied to each aggregate such that 9/6/2021 OPlab, IM, NTU 12
Rate-limiter l The rate-limiter is a pre-filter before the output queue that merely decides whether or not to drop each arriving packet in the aggregate. • • drop packets from the aggregate when the aggregate’s arrival rate to the rate-limiter is above the specified limit. Else forwarded packet to the real output queue. 9/6/2021 OPlab, IM, NTU 13
Notation(1/2) Phigh drop rate to trigger aggregate-based congestion control Max. Sessions maximum number of aggregates to rate-limit simultaneously Ptarget Target ambient drop rate at output queue 9/6/2021 OPlab, IM, NTU 14
Notation(2/2) Restimate arrival rate estimate Drop. Log drop history Rtarget (Link BW)/(1 - Ptarget ) 9/6/2021 OPlab, IM, NTU 15
Algorithms(1/2) 9/6/2021 OPlab, IM, NTU 16
Algorithms(2/2) 9/6/2021 OPlab, IM, NTU 17
Simulation without Local ACC All 9/6/2021 OPlab, IM, NTU 18
Simulation with Local ACC 9/6/2021 OPlab, IM, NTU 19
Pushback Highly congested 9/6/2021 OPlab, IM, NTU 20
Deciding when to Invoke Pushback l l After detecting aggregate-based congestion, the ACC Agent must decide whether to invoke pushback by calling the Pushback Agent at the router. Two situations warrant the invocation of pushback • when the drop rate for an aggregate in the • rate limiter remains high for several seconds. when the Pushback Agent has other information that a Do. S attack is in progress. 9/6/2021 OPlab, IM, NTU 21
Sending the Pushback Requests Upstream l l l Pushback Agent does not send a pushback request to non-contributing links. Pushback Agent determine how much traffic in the aggregate each link contributes. Pushback Agent determines the limit-rate and sends a pushback request message to those routers. 9/6/2021 OPlab, IM, NTU 22
Feedback to Downstream Routers l l The upstream send pushback status messages to the downstream router, reporting the total arrival rate for that aggregate from upstream. Downstream router determine how to divide the new bandwidth limit among the upstream routers. 9/6/2021 OPlab, IM, NTU 24
Feedback to Downstream Routers Estimate the total arrival rate for the aggregate as 23. 5 Mbps 9/6/2021 OPlab, IM, NTU 25
Simulation l l l The bad sources send attack traffic to the victim destination D The poor sources are innocent sources that happen to send traffic to the destination when it is under attack. The good sources send traffic to destinations other than D. 9/6/2021 OPlab, IM, NTU 26
Simulation without ACC 9/6/2021 OPlab, IM, NTU 27
Simulation with only local ACC 9/6/2021 OPlab, IM, NTU 28
Simulation with local ACC and pushback 9/6/2021 OPlab, IM, NTU 29
Simulation with DDo. S Attacks 9/6/2021 OPlab, IM, NTU 30
Simulation with DDo. S Attacks 9/6/2021 OPlab, IM, NTU 31
Simulation with Flash Crowds l l Flash crowds with the “flash” traffic from 32 sources sending Web traffic to the same destination. The good traffic comes from ten other sources sending Web traffic to various other destinations. 9/6/2021 OPlab, IM, NTU 32
Simulation with Flash Crowds More than 80% good transfer complete within 6’s with pushback less than 40% Good transfer Complete within 6’s Without pushback 9/6/2021 OPlab, IM, NTU 33
Conclusions l l Proposed both local and cooperative mechanisms for aggregate-based congestion control. These mechanisms are promising directions to control both Do. S attacks and flash crowds. Need to understand the pitfalls and limitations of ACC itself. Expect the ACC mechanisms to be heavily in fluenced by policy. 9/6/2021 OPlab, IM, NTU 34
- Slides: 32