Design Space • Caching Content Distribution Networks – explicit – transparent (hijacking connections) Outline • Replication Implementation Techniques – server farms Hashing Schemes Redirection Strategies – geographically dispersed (CDN) Spring 2002 CS 461 1 Spring 2002 CS 461 2 Denial of Service Attacks (DoS) Story for CDNs • Traditional: Performance (Response Time) – move content closer to the clients client client – avoid server bottlenecks • New: Flash Crowds & DDoS (System Throughput) – distribute load over massive resources – multiplicatively raise level of resources needed to attack client server attacker Spring 2002 CS 461 3 Spring 2002 CS 461 4
Distributed DoS (DDoS) Redirection Overlay Geographically distributed server clusters zombie R R client attacker R client R Internet Backbone server R R slave attacker R zombie client R clients Distributed request-redirectors zombie zombie Spring 2002 CS 461 5 Spring 2002 CS 461 6 Techniques CDN Components • DNS aaa.com bbb.com ccc.com – one name maps onto many addresses – works for both servers and reverse proxies Backen d server s Cache • HTTP – requires an extra round trip Geogra phically distri bute d • Router surroga te server s – one address, select a server (reverse proxy) – content-based routing (near client) Redirect ors • URL Rewriting Clients – embedded links Spring 2002 CS 461 7 Spring 2002 CS 461 8
Redirection: Which Replica? Hashing Schemes: Modulo • Balance Load • Easy to compute svr0 • Cache Locality • Evenly distributed • Good for fixed number of • Network Delay URL (key) servers % • Many mapping changes after a single server change svr N Spring 2002 CS 461 9 Spring 2002 CS 461 10 Highest Random Weight (HRW) Consistent Hashing (CHash) high url-0 URL weight0 • Hash server, then URL • Hash(url, svrAddr) svr0 svr N • Deterministic order of access set of • Closest match weight1 servers sort RH • Only local mapping changes svr1 • Different order for different URLs after adding or removing svr0 weight2 • Load evenly distributed after server servers changes svr1 • Used by State-of-the-art CDNs svr2 weight0 url-1 svr svr2 svr weight N Unit circle svrN low Spring 2002 CS 461 11 Spring 2002 CS 461 12
Redirection Strategies Redirection Strategies (cont) • Random (Rand) • Coarse Dynamic Replication (CDR) – Requests randomly sent to cooperating servers – Using HRW hashing to generate ordered server list – Baseline case, no pathological behavior – Walk through server list to find a lightly loaded one • Replicated Consistent Hashing (R-CHash) – # of replicas for each URL dynamically adjusted – Each URL hashed to a fixed # of server replicas – Coarse grained server load information – For each request, randomly select one replica • Fine Dynamic Replication (FDR) • Replicated Highest Random Weight (R-HRW) – Bookkeeping min # of replicas of URL (popularity) – Similar to R-CHash, but use HRW hashing – Let more popular URL use more replicas – Less likely two URLs have same set of replicas – Keep less popular URL from extra replication Spring 2002 CS 461 13 Spring 2002 CS 461 14 Network Topology Simulation C S S S R C C C R C R R R WA R R • Identifying bottlenecks MI MA S IL C C – Server overload, network congestion… C R R R • End-to-end network simulator prototype PA CA NE R C DC – Models network, application, and OS CO R R S S – Built on NS + LARD simulators R S GA – 100s of servers, 1000s of clients SD CA S TX R – >60,000 req/s using full-TCP transport C R S – Measure capacity, latency, and scalability R C C C S – Server, C – Client, R - Router Spring 2002 CS 461 15 Spring 2002 CS 461 16
Capacity: 64 server case Simulation Setup Normal Operation 35000 • Workload 30000 – Static documents from Web Server trace, available at Throughput req/s 25000 each cooperative server 20000 – Attackers from random places, repeat requesting a 15000 subset of random files 10000 • Simulation process 5000 0 – Gradually increase offered request load – End when servers very heavily overloaded Rand R-CHash R-HRW CDR FDR FDR-Ideal A single server can handle ~600 req/s in simulation Spring 2002 CS 461 17 Spring 2002 CS 461 18 Latency: 64 Servers Under Attack Capacity: 64 server case Under Attack (250 zombies, 10 files, avg 6KB) Random’s Max: 11.2k req/s R-CHash Max: 19.8k req/s 50000 R-HRW R-CHash FDR R-HRW R-CHash CDR Rand FDR CDR Throughput req/s 40000 100 100 30000 CDF of Response CDF of Response 80 80 20000 60 60 10000 40 40 0 20 20 Rand R-CHash R-HRW 0 0 CDR FDR FDR-Ideal 0.1 1 10 100 0.1 1 10 100 A single server can handle ~600 req/s in simulation Response Time in Logscale (Seconds) Response Time in Logscale (Seconds) Spring 2002 CS 461 19 Spring 2002 CS 461 20
Latency At CDR’s Max: 35.1k req/s Capacity Scalability Normal Operation Under Attack (250 zombies, 10 files) FDR CDR 45000 50000 100 40000 45000 Throughput req/s 40000 35000 CDF of Response Throughput req/s 80 35000 30000 30000 25000 60 25000 20000 20000 15000 15000 40 10000 10000 5000 5000 20 0 0 0 0 16 32 48 64 80 96 112 128 0 16 32 48 64 80 96 112 128 0.1 1 10 100 Num of Servers Num of Servers Response Time in Logscale (Seconds) CDR R-HRW Rand CDR R-HRW Rand Spring 2002 CS 461 21 Spring 2002 CS 461 22 Various Attacks (32 servers) Deployment Issues 1 victim file, 1 KB 10 victim files, avg 6KB • Servers join DDoS protection overlay 35000 30000 30000 – Same story as Akamai 25000 Throughput req/s Throughput req/s 25000 20000 – Get protection and performance 20000 15000 • Clients use DDoS protection service 15000 10000 10000 – Same story as proxy caching 5000 5000 – Incrementally deployable 0 0 – Get faster response and help others 100 200 300 400 500 600 700 800 100 200 300 400 500 600 700 800 Num of Zombies (slave attackers) Num of Zombies (slave attackers) Rand R-HRW CDR Rand R-HRW CDR Spring 2002 CS 461 23 Spring 2002 CS 461 24
Recommend
More recommend
