the need for collaboration between isps and p2p
play

The Need for Collaboration between ISPs and P2P 1 P2P systems from - PowerPoint PPT Presentation

Oct 16, 2022 •472 likes •1.07k views

The Need for Collaboration between ISPs and P2P 1 P2P systems from an ISP view Structured DHTs (distributed hash tables), e.g., Chord, Pastry, Tapestry, CAN, Tulip, Globally consistent protocol with efficient search

  1. The Need for Collaboration between ISPs and P2P 1

  2. P2P systems from an ISP view ❒ Structured ❍ DHTs (distributed hash tables), e.g., Chord, Pastry, Tapestry, CAN, Tulip, … ❍ Globally consistent protocol with “efficient” search ❍ Ignores the underlay, arbitrary placement of “data” ❍ Inefficient routing (log n is no good) ❒ Unstructured ❍ Arbitrary neighbors, e.g., Gnutella, FastTrack, … ❍ Ignores the underlay, neighbor selection, download location selection ❍ Inefficient routing ❍ Does its own “traffic engineering” 2

  3. P2P traffic ❒ Some source claim >50% of Internet traffic ❍ Examples: Bittorrent, eDonkey, Skype, GoogleTalk… Internet traffic distribution 2007 (Germany) Source: ipoque GmbH (Nov 2007) 3

  4. Application Detection 4

  5. Problem application detection ❒ Usually only by port number! ❒ Yet applications use arbitrary ports Benign reasons and malicious reasons ❒ Example: Network Intrusion Detection Systems Internet NIDS 5

  6. Ports accounting > 1% of conns. Port % Conns % Success % Payload Web 80 70.82% 68.13% 72.59% 445 3.53% 0.01% 0.00% Web 443 2.34% 2.08% 1.29% SSH 22 2.12% 1.75% 1.71% Mail 25 1.85% 1.05% 1.71% 1042 1.66% 0.00% 0.00% 1433 1.06% 0.00% 0.00% 135 1.04% 0.00% 0.00% < 1024 83.68% 73.73% 79.05% > 1024 16.32% 4.08% 20.95% 6

  7. Signature-based app. detection ❒ Port information offers no information for ports > 1024 ❒ l7-filter system application signatures ❒ HTTP highly attractive for hiding other applications ❒ Most successful conns. trigger expected signature ❒ FTP higher percentage of false negatives Method HTTP IRC FTP SMTP Port (succ.) 93,429K 75,876 151,700 1,447K Signature 94,326K 73,962 125,296 1,416K expected port 92,228K 71,467 98,017 1,415K other port 2,126K 2,495 27,279 265 7

  8. Signature detection: well known ports ❒ Some connections trigger more than one signature ❒ Not yet wide-spread abuse ❒ But some misappropriate use of well known ports Port HTTP IRC SMTP Other No match 80 92,228,291 59 0 41,086 1,158,977 666x 1,217 71,650 0 4,238 524 25 459 2 1,415,428 195 31,889 8

  9. Architecture for dynamic analysis ❒ Goals ❍ Detection scheme independence ❍ Dynamic analysis ❍ Modularity ❍ Efficiency ❍ Customizability ❒ Design (USENIX Security’06) ❍ Dynamic processing path ❍ Per connection dynamic analyzer trees 9

  10. Bro: a flexible NIDS ❒ Facts ❍ Open source ❍ Developed since 1995 by Vern Paxson ❍ Used in many research environments, e.g., UCB, LBL, TUM, The Grid, NERSC, ESnet, NCSA ❍ Supports anomaly as well as misuse detection ❒ Design goals ❍ Reliable detection of attacks ❍ High-performance ❍ Separation of base functionality from specific security policies ❍ Robust against attacks on itself 10

  11. Bro’s protocol analyzers ❒ Full analysis ❍ HTTP, FTP, telnet, rlogin, rsh, RPC, DCE/RPC, DNS, Windows Domain Service, SMTP, IRC, POP3, NTP, ARP, ICMP, Finger, Ident, Gnutella ❒ Partial analysis ❍ NFS, SMB, NCP, SSH, SSL, IPv6, TFTP, … ❒ In progress ❍ AIM, BGP, DHCP, Windows RPC, SMB, NetBIOS, NCP, Skype, Bittorent 11

  12. Reliable detection of non-standard ports ❒ UCB: 1 day internal remote FTP servers: 6 17 HTTP servers: 568 54,830 IRC servers: 2 33 SMTP servers: 8 8 ❒ MWN similar ❒ Non-standard port connection ❍ UCB: 99% HTTP (28% Gnutella, 22% Apache) ❍ MWN: 92% HTTP (21% BitTorrent, 20% Gnutella), 7% FTP ❍ Two open HTTP proxy detected: now closed ❍ SMTP server that allowed relay: now closed 12

  13. Payload inspection of FTP data transfers ❒ FTP data transfers use arbitrary ports ❒ No longer a problem: dynamic prediction table ❒ File analyzer examines connection’s payload ❍ Can determine file-type (LIBMAGIC) ❍ Can check if actual file-type == expected file-type ❒ Extensions: ❍ SMTP analyzer (using pipeline) ❍ Virus checker 13

  14. Detecting IRC-based Botnets ❒ Idea ❍ Botnets like IRC protocol (remote control features) ❍ Botnet detector on top of IRC analyser • Checks client nickname for typical patterns • Checks channel topics for typical botnet commands • Checks if new clients connect with IRC to identified bot-servers ❒ Results ❍ MWN: • > 100 distinct IPs with Botnet clients • Now part of a automatic prevention system ❍ UCB: • 15 distinct IPs 14

  15. Summary: dynamic app. analysis ❒ Ideas: ❍ Dynamic processing path ❍ Per connection dynamic analyzer trees ❒ Operational at three large-scale networks ❒ Detected significant number of security incidents ❒ Bot-detection now automatically blocks IP 15

  16. The Need for Collaboration between ISPs and P2P 16

  17. P2P from an ISPs view ❒ Good: ❍ P2P applications fill a void ❍ P2P applications are easy to develop and deploy ❍ P2P applications spur broadband demand ❒ Bad: ❍ P2P systems form overlays at application layer ❍ Routing layer functionality duplicated at app layer ❍ P2P topology agnostic of underlay � performance loss ❍ Traffic engineering difficult with P2P traffic ❒ ISPs are in a dilemma 17

  18. ISP dilemma: Unstructured networks Random/RTT-based peer selection � inefficient network resource usage 18

  19. Solution? ISP-P2P cooperation ❒ Insight: ISP knows its network ❍ Node: bandwidth, geographical location, service class ❍ Routing: policy, OSPF/BGP metrics, distance to peers 19

  20. Solution?: ISP-P2P cooperation ❒ Insight: ISP knows its network ❍ Node: bandwidth, geographical location, service class ❍ Routing: policy, OSPF/BGP metrics, distance to peers ❒ One proposal: ❍ ISPs: offer oracle that provides network distance info ❍ P2P: use oracle to build P2P neighborhoods 20

  21. Solution?: ISP-P2P cooperation ❒ Insight: ISP knows its network ❍ Node: bandwidth, geographical location, service class ❍ Routing: policy, OSPF/BGP metrics, distance to peers ❒ One proposal: ❍ ISPs: offer oracle that provides network distance info ❍ P2P: use oracle to build P2P neighborhoods ❒ General proposal: ❍ Offer network based interfaces to applications ❍ To enable information exchange ❍ To enable pushing services inside the network ❍ Network based enablers… 21

  22. Solution?: ISP-P2P cooperation ❒ Insight: ISP knows its network ❍ Node: bandwidth, geographical location, service class ❍ Routing: policy, OSPF/BGP metrics, distance to peers ❒ Oracle concept ❍ Service of AS / ISP ❍ Input: list of possible dst IPs ❍ Ouput: ranked list of dst IPs • E.g. according to distances between src IP and dst IPs 22

  23. Oracle service 23

  24. Oracle service (2.) Oracle-based peer selection � for topology and content exchange 24

  25. Oracle service (3.) Oracle-based peer selection � localizes topology and traffic 25

  26. ISP-P2P cooperation? ❒ ISP-aided optimal P2P neighbour selection ❍ Simple and general solution, open for all overlays ❍ Run as Web server or UDP service at known location ❒ Benefits: P2P ❍ No need to measure path characteristics ❍ Easy to avoid bottlenecks => better performance ❒ Benefits: ISPs ❍ Regains control over traffic ❍ Cost savings ❍ No legal issues (as no content is cached) 26

  27. Evaluation????? ❒ Impact ❍ Topology ❍ Congestion ❍ End-user performance ❒ Methodology ???? 27

  28. Evaluation????? ❒ Impact ❍ Topology ❍ Congestion ❍ End-user performance ❒ Methodology ❍ Sensitivity study ❍ Use different ISP / P2P topologies ❍ Use different user behavioral patterns • Content availability, churn, query patterns ❍ Evaluate effects of on end-user experience 28

  29. End-user performance evaluation ❒ Packet-level simulations ❍ Scalable Simulation Framework (SSFNet) ❍ Models for IP, TCP, HTTP, BGP, OSPF, etc. ❍ Limited to about 700 overlay peers (memory constraints) ❒ Gnutella-based P2P system ❍ Content search via flooding ❍ Content exchange via HTTP ❒ Topologies: several ❒ User behavioral patterns: several 29

  30. Topologies: ISP vs. P2P ❒ Germany ❍ 12 ISP’s (subset derived from published measurements) ❍ 700 peers distributed according to ISP-published customer numbers ❒ USA ❍ 25 Major ISP’s (from Rocketfuel) ❍ 700 peers distributed in AS’s according to city population ❒ World topologies ❍ Sub-sample of measured Internet AS-Topologies: 16 AS’s, 700 peers Tier1 (# AS / Tier2 (# AS / Tier3 (# AS / # peers) # peers) # peers) World1 1 / 10 5 / 46 10 / 46 World2 1 / 355 5 / 23 10 / 23 World3 1 / 50 5 / 46 10 / 42 30

  31. P2P user behavior ❒ Churn: online/offline duration ❍ Pareto and Weibull – close to observed behavior ❍ Uniform – base comparison ❍ Poisson – reflects worst-case scenario ❒ Content: type, availability and distribution ❍ Constant size (512kB) ❍ Pareto and Weibull – typical (many free-riders) ❍ Uniform – base comparison ❍ Poisson – hypothetical case (most peers sharing) 31

  32. ISP experience: Intra-AS content ❒ Content stays within ISPs network ❍ Without oracle 10 to 35% ❍ With oracle 55 to 80% ❒ Consistent with Telefonica field trial results for BBC 32

  33. ISP experience: Intra AS content (2.) ❒ Content stays within ISPs network 33

  34. User experience: Download time ❒ Mean download time reduction: 1 – 3 secs (16 – 34%) ❒ Consistent across topologies 34

  35. User experience: Download time (2.) ❒ Reduced mean download time 35

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Collaboration with ISPs for Large-Scale Deployment of eduroam in Japan Hideaki Goto NII /

Collaboration with ISPs for Large-Scale Deployment of eduroam in Japan Hideaki Goto NII /

31st APAN meeting Feb. 21-25, 2011, Hong Kong Collaboration with ISPs for Large-Scale Deployment of eduroam in Japan Hideaki Goto NII / Tohoku University, Japan 1 eduroam JP National eduroam operation and promotion 19 institutions

165 views • 12 slides
ISPS 2011 First Results of the International Sports Press Survey 2011 Design of ISPS 2011 80

ISPS 2011 First Results of the International Sports Press Survey 2011 Design of ISPS 2011 80

Prof. Dr. Thomas Horky/Dr. Jrg-Uwe Nieland, Kln, 3.10.2011 ISPS 2011 First Results of the International Sports Press Survey 2011 Design of ISPS 2011 80 newspapers of 22 countries (incl. Switzerland German/French language) African and

451 views • 16 slides
Peering in Hong Kong Che-Hoo CHENG CUHK/HKIX www.hkix.net How Internet Operates in simple

Peering in Hong Kong Che-Hoo CHENG CUHK/HKIX www.hkix.net How Internet Operates in simple

Peering in Hong Kong Che-Hoo CHENG CUHK/HKIX www.hkix.net How Internet Operates in simple terms Internet is composed of networks of ISPs and users User networks connect to ISPs Small ISPs connect to large ISPs ISPs

577 views • 23 slides
TSV P2P Efforts From an ISPs Perspec7ve Richard

TSV P2P Efforts From an ISPs Perspec7ve Richard

TSV P2P Efforts From an ISPs Perspec7ve Richard Woundy DECADE and CDNI co-chair Presenta7on Overview Current applica7on traffic levels

290 views • 15 slides
Best Prac*ces for ISPs Che-Hoo Cheng CUHK/HKIX

Best Prac*ces for ISPs Che-Hoo Cheng CUHK/HKIX

Best Prac*ces for ISPs Che-Hoo Cheng CUHK/HKIX 2014.08.01 www.hkix.net What Providers Care About Cost / Performance / Resilience / Interconnec3ons /

750 views • 42 slides
New levels of cooperation between eyeball ISPs and OTT/CDNs. RIPE 75 Dubai Oct 24, 2017

New levels of cooperation between eyeball ISPs and OTT/CDNs. RIPE 75 Dubai Oct 24, 2017

New levels of cooperation between eyeball ISPs and OTT/CDNs. RIPE 75 Dubai Oct 24, 2017 Falk von Bornstaedt, DTAG ICSS 1 LACK OF TRANSPARENCY IMPAIRS internet performance Clouds &amp; Content Traffic Generators Operators Users

485 views • 11 slides
The Implication of Overlay Routing The Implication of Overlay Routing on ISPs Connecting

The Implication of Overlay Routing The Implication of Overlay Routing on ISPs Connecting

The Implication of Overlay Routing The Implication of Overlay Routing on ISPs Connecting Strategies Graduate School of Information Science and Technology, Osaka University Xun Shao, Go Hasegawa, Yoshiaki Taniguchi, and Hirotaka Nakano IP

310 views • 17 slides
ISPs, Backbones and Peering 14-740: Fundamentals of Computer Networks Bill Nace Material from

ISPs, Backbones and Peering 14-740: Fundamentals of Computer Networks Bill Nace Material from

ISPs, Backbones and Peering 14-740: Fundamentals of Computer Networks Bill Nace Material from Computer Networking: A Top Down Approach, 6 th edition. J.F. Kurose and K.W. Ross Administrivia Norton2010 Paper Review for today Lab0 is

648 views • 37 slides
VytautasValancius, Cristian Lumezanu, Nick Feamster, Ramesh Johari, and Vijay V. Vazirani

VytautasValancius, Cristian Lumezanu, Nick Feamster, Ramesh Johari, and Vijay V. Vazirani

VytautasValancius, Cristian Lumezanu, Nick Feamster, Ramesh Johari, and Vijay V. Vazirani Sellers Large ISPs Level3 National or international reach Buyers Traffic Invoice Smaller ISPs Enterprises CAIDA Content

324 views • 18 slides
How Dynamic is the ISPs Address Space? Towards Internet-Wide DHCP Churn Estimation Giovane C. M.

How Dynamic is the ISPs Address Space? Towards Internet-Wide DHCP Churn Estimation Giovane C. M.

How Dynamic is the ISPs Address Space? Towards Internet-Wide DHCP Churn Estimation Giovane C. M. Moura , Carlos Gan, Qasim Lone, Payam Poursaied, Hadi Asghari, and Michel van Eeten

92 views • 6 slides
Australias Implementation of the ISPS Code ARF 4th Inter Sessional Meeting Maritime Security

Australias Implementation of the ISPS Code ARF 4th Inter Sessional Meeting Maritime Security

Australias Implementation of the ISPS Code ARF 4th Inter Sessional Meeting Maritime Security Anthony Gibson Maritime Operational Policy Office of Transport Security Department of Infrastructure and Transport For Thought Does voluntary

303 views • 13 slides
The Pan-European IPv6 IX Backbone Towards deployment of IPv6 in Telcos / ISPs Jordi Palet

The Pan-European IPv6 IX Backbone Towards deployment of IPv6 in Telcos / ISPs Jordi Palet

The Pan-European IPv6 IX Backbone Towards deployment of IPv6 in Telcos / ISPs Jordi Palet (jordi.palet@consulintel.es) CEO/CTO - Consulintel Berlin, 14th December 2004 - 1 Euro6IX: The Concept How to pronounce it: forget IX and read 6

758 views • 31 slides
The Pan-European IPv6 IX Backbone Towards deployment of IPv6 in Telcos / ISPs Jordi Palet

The Pan-European IPv6 IX Backbone Towards deployment of IPv6 in Telcos / ISPs Jordi Palet

The Pan-European IPv6 IX Backbone Towards deployment of IPv6 in Telcos / ISPs Jordi Palet (jordi.palet@consulintel.es) CEO/CTO - Consulintel 6NET Workshop 21/05/2003 - 1 Support the fast introduction of IPv6 in Europe. Main Steps:

509 views • 18 slides
The Pan-European IPv6 IX Backbone Towards deployment of IPv6 in Telcos / ISPs Jordi Palet

The Pan-European IPv6 IX Backbone Towards deployment of IPv6 in Telcos / ISPs Jordi Palet

The Pan-European IPv6 IX Backbone Towards deployment of IPv6 in Telcos / ISPs Jordi Palet (jordi.palet@consulintel.es) CEO/CTO - Consulintel Moscow, Nov. 2004 - 1 Euro6IX: The Concept How to pronounce it: forget IX and read 6 (SIX)

533 views • 40 slides
A Modeling Framework to Understand the Tussle between ISPs and Peer-to-Peer File Sharing Users

A Modeling Framework to Understand the Tussle between ISPs and Peer-to-Peer File Sharing Users

A Modeling Framework to Understand the Tussle between ISPs and Peer-to-Peer File Sharing Users Michele Garetto Univ. of T orino Daniel Figueiredo Fed. Univ. of Rio de Janeiro Rossano Gaeta Univ. of T orino Matteo Sereno

450 views • 32 slides
Border Gateway Protocol (BGP) Structure of the Internet Networks (ISPs, CDNs, etc.) group with

Border Gateway Protocol (BGP) Structure of the Internet Networks (ISPs, CDNs, etc.) group with

Border Gateway Protocol (BGP) Structure of the Internet Networks (ISPs, CDNs, etc.) group with IP prefixes Networks are richly interconnected, often using IXPs Prefix B1 Prefix D1 Prefix C1 ISP B CDN D IXP CDN C IXP Prefix E1

669 views • 27 slides
iLab TCP / UDP Minoo Rouhi rouhi@net.in.tum.de Slides by Florian Wohlfart wohlfart@in.tum.de

iLab TCP / UDP Minoo Rouhi rouhi@net.in.tum.de Slides by Florian Wohlfart wohlfart@in.tum.de

iLab TCP / UDP Minoo Rouhi rouhi@net.in.tum.de Slides by Florian Wohlfart wohlfart@in.tum.de Chair of Network Architectures and Services Department of Informatics Technical University of Munich Lab 4 17ws 1 / 43 Outline Meta

1.55k views • 57 slides
Welcom ome! e! Campaign for Community Wellness June 26, 2020 10:00 a.m. to 11:30 a.m. Zoom

Welcom ome! e! Campaign for Community Wellness June 26, 2020 10:00 a.m. to 11:30 a.m. Zoom

Welcom ome! e! Campaign for Community Wellness June 26, 2020 10:00 a.m. to 11:30 a.m. Zoom Meeting Meeting Protocols Please use the mute button on your phone or in Zoom to eliminate background noise. Mute and unmute mic if using

607 views • 11 slides
Welcome in Heraklion! The Schedule for Today Keynote Please Respect the Timing 15 minutes

Welcome in Heraklion! The Schedule for Today Keynote Please Respect the Timing 15 minutes

Welcome in Heraklion! The Schedule for Today Keynote Please Respect the Timing 15 minutes per presenter in total Please plan on wrapping up your presentation in 12 minutes to leave sufficient time for Q&amp;A Dont Forget the Poster

512 views • 11 slides
Exploratory testing in theory and practice Jan Jaap Cannegieter Principal consultant Squerist

Exploratory testing in theory and practice Jan Jaap Cannegieter Principal consultant Squerist

8-5-2019 Specialisten in vooruitgang Exploratory testing in theory and practice Jan Jaap Cannegieter Principal consultant Squerist Software testen Business Process Transformation Security testen 1 Exploratory testing in theory and practice

381 views • 18 slides
How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and

How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and

MonNet a project for network and traffic monitoring How is SUNET really used? Results of traffic classification on backbone data Wolfgang John and Sven Tafvelin Dept. of Computer Science and Engineering Chalmers University of Technology

760 views • 21 slides
Networking CS217 Fall2001 1 Client/Server

Networking CS217 Fall2001 1 Client/Server

Networking CS217 Fall2001 1 Client/Server Server:processthatprovidesaservice e.g.,fileserver,webserver,mailserver calledapassiveparticipant:waitstobecontacted

643 views • 4 slides
2020 Projections were then developed by 2020 Projections were then developed by aggregating

2020 Projections were then developed by 2020 Projections were then developed by aggregating

2020 Projections were then developed by 2020 Projections were then developed by aggregating segments into major mail classes aggregating segments into major mail classes Volume Forecast Key drivers Volume Forecast Key drivers Fall to approx.

500 views • 3 slides
The secrets of WFM Call Centre Helper conference 2 nd April 2019 John Casey Ccplanning

The secrets of WFM Call Centre Helper conference 2 nd April 2019 John Casey Ccplanning

The secrets of WFM Call Centre Helper conference 2 nd April 2019 John Casey Ccplanning John.Casey@ccplanning.net The secrets of WFM Making Resource Planning real The secrets of WFM Top Tip The secrets of WFM Principles of WFM These

467 views • 21 slides

More recommend