Welcome to CS 395/495 Advanced Networking

What is this class about? Goal: to help you learn how to do the networking research –Read research papers –Argue and convey your ideas –Execute a research project –Write a research paper –Test your ability to generate research ideas –Learn about hot topics in networking and Internet security

Typical Path Pick a research topic (e.g., security, congestion control, ad-hoc wireless nets, etc.) Learn as much as you can about the topic (read papers) Generate a research idea (something that nobody else did before) Execute your idea (e.g., modeling, simulations, implementation, measurements) Write a paper and submit to a conference/journal Present the paper at a conference

Typical Problems You may know a topic that you are interested in Yet, you don’t know the related work It is sometimes hard to generate an idea, even if you know the related work By the time you come up with an idea, several quarters may pass (it took me 2 years!)

How to do it all? Projects: –I’ll provide you with a well-defined, yet open, research projects –The goal is to submit your research papers to top networking conferences Classes: –Discuss various networking research topics (e.g., security, congestion control, ad-hoc wireless nets, etc.) –Learn how to read papers Final: –Generate a research idea (something that nobody else did before)

What do I expect from you: This is not an ordinary class –This is a reality show! I’ll treat you as my PhD students I’ll expect you to behave as my PhD students: –Independent –Self-motivated –Hard-working

Overview Administrative stuff Classes: –Reading papers –Paper reviews –Presentations/debating –Research idea Projects: –Topics

Seminar class: paper reading + a big project –Each class a new paper –More on the class structure later We will have some classes with the Internet Security class –How many of you can make it Mon and 2pm Course Overview

Instructor Aleksandar Kuzmanovic Office Hours: for Classes Fri. 2-3pm (2:00pm – for next week’s Mon class; 2:30pm – for next week’s Wed class;) for Projects Group 1: Monday, after the class; Group 2: Wednesday, after the class; Rm 356, 1890 Maple Ave.

TA Stefan Birrer Office Hours: TBA

Prerequisites and Course Materials Required: CS340 (Intro to computer networking) Highly Recommended: OS or having some familiarity with Unix systems programming No required textbook – paper reading! Recommended (see webpage for a complete list) o Computer Networking: A Top-Down Approach Featuring the Internet, [KR], Second Edition, James Kurose and Keith Ross, Addison Wesley, 2005 Computer Networking: A Top-Down Approach Featuring the Internet

Grading No exams for this class Class: 50% –Paper reading summary 10% –In class paper presentation and debating 25% –Class participation and discussion (when you are not directly debating) 15% Project 50% –Proposal 5% (up to 3 pages) –Midterm report 5% (up to 6 pages) –Weekly report and meeting 10% –Project presentation 10% –Final report, 12 pages, 20% Research idea 10% –Required, up to 3 pages, 10%

Communication and Policies Web page: es/CS495-s05/ es/CS495-s05/ Newsgroup (cs.advnet) is available Group Send s to instructor and TA for questions inappropriate in newsgroup Paper reading summary is due by noon on Mon and Wed –Send both to TA and myself –You can miss one paper summary without any consequences

Overview Administrative stuff Classes: –Topics –Paper readings and reviews –Presentations/debating –Research idea Projects: –Topics

I tried to pick interesting papers (breadth vs. depth) –Network architectures –Congestion control –Wireless / ad-hoc networks –Worms and viruses –Denial of service attacks (in P2P and stealthy DoS) vs flash crowds –Network false diagnostics –BGP/routing anomalies –Measurement-based inference Course Topics

Reading papers Why read? Decide what to read Reading for breadth: build a framework Reading in depth: Challenge what you read –if you will lead a debate

Reviews Should… –Point out the paper's contributions, strengths as well as weaknesses. Think in terms of what makes good research? What qualities make a good paper? What are the potential future impacts of the work? Note that there is no right or wrong answer to these questions A review's quality will mainly depend on its thoughtfulness. Restating the abstract/conclusion of the paper will not earn a top grade.

Writing Reviews (2) Write a very brief summary of each paper, to be ed to the TA and me before the class (.txt please) Summary should include: –Paper title and its author(s) –A short paragraph summary (what is this paper about?) –A paragraph of the most significant new insight(s) you took away from the paper (what is good? what is the contribution?) –A paragraph of the one or two most significant flaw(s) of the paper (what is bad?) –Explain what reference would you read next and why –Give a grade to the paper (1-5)

Overview Administrative stuff Classes: –Topics –Paper readings and reviews –Presentations/debating –Research idea Projects: –Topics

Defense (1) 30 minutes; should present as if it were his/her own The point is to make a compelling case why the contribution is significant. the context of the contribution, prior work, –If an older paper: how the work has influenced the research community or industry's directions (impact) –If newer paper: arguments for the potential impact

Defense (2) –should go well beyond a paper "summary“ –The defense should not critique the work other than to try to pre-empt attacks from the offense (e.g., by explicitly limiting the scope of the contribution). –The defense should also try to look up related work to support their case

Offense (1) 20 minutes; should act as Michael Jackson’s attorney Should critique the work, and make a case for –missing links, unaddressed issues, lack of impact, inappropriateness of the problem formulation, etc. The more insightful and less obvious the criticisms the better While the offense should prepare remarks in advance, they should also react to the points made by the defense. Hint: The offense should also try to look up related work to support their case

Offense (2) The defense and offense will be allowed follow up arguments, The class will question either side either for clarifications or to add to the discussions and controversy and make their own points on either side. Use Powerpoint (feel free to use existing presentations from the Web)

Internet Security class We will have some of the classes with the Internet Security group The structure in the joint classes will be –½ debates and –½ presentations and discussions –On average, each student will give 1 presentation (offense, defense, or presentation) once in 2 weeks (4 presentations totally)

Overview Administrative stuff Classes: –Topics –Paper readings and reviews –Presentations/debating –Research idea Projects: –Topics

Research Idea (1) At the end of semester, you should hand in a research proposal Up to 3 pages including references Something that nobody else did before –What would you do? –How would you do it?

Research idea (2) Writing the research-idea documents: –What is the main idea? –Why is it important/interesting? –What is the related work? –What would you actually do? How would you execute the idea: –Modeling, simulations, experiments? –What is the expected outcome?

Overview Administrative stuff Classes: –Topics –Paper readings and reviews –Presentations/debating –Research idea Projects: –Topics

Timetable Week 1 (Wednesday 3/30 - tomorrow) Find a partner, choose a topic for your project, and meet with the instructor. Week 3 (Monday 4/11) Write an introduction describing the problem and how you plan to approach it (what will you actually do?). Include motivation (why does the problem matter?) and related work (what have others already done about it?). 3 pages total. Week 6 (Wednesday 5/4) Update your paper to include your preliminary results. 6 pages total. Week 10 (Wednesday 6/1): Presentations by all groups. Week 11 (Friday 6/10) Turn in your completed paper. 12 pages total.

Projects (1) I am providing you with 2 projects I need 2 group representatives right now! –If you don’t like the projects you should come-up with your own ideas and convince me that you should really do that

Projects (2) Project 1: “On the Effects of Selfish Web Browsing”, 3 students –Targeted conference: Infocom 2006 (Apr 23-29), Barcelona, Spain; deadline July 6, Project 2: “Denial of Service Attacks against Web Proxies”, 2 students –Targeted conference: NSDI 2006 (May), San Jose, CA; deadline October 15, 2005.

Project 1 background: HTTP connections Nonpersistent HTTP issues: requires 2 RTTs per object OS must work and allocate host resources for each TCP connection but browsers often open parallel TCP connections to fetch referenced objects Persistent HTTP server leaves connection open after sending response subsequent HTTP messages between same client/server are sent over connection Persistent without pipelining: client issues new request only when previous response has been received one RTT for each referenced object Persistent with pipelining: default in HTTP/1.1 client sends requests as soon as it encounters a referenced object as little as one RTT for all the referenced objects

Problem (1) It has been detected that some web browsers (e.g., Internet Explorer) use persistent parallel connections with pipelining Example: –Page has 6 objects: 3 connections, 2 objects each Motivation: –To speed up the download times for big pages during flash crowds by pushing competing flows

Problem (2) Intuitively, this is a selfish, yet a good way to improve download times However, it is not clear whether such a behavior can always give you a better performance The hypothesis of this project such a behavior can significantly degrade your performance –because the TCP connection establishment price can be extremely high (3 sec initial timeout)

Project 1 Goals When is parallel-TCP download worse than a single-TCP download Parameters –Number of parallel TCP flows –Number and size of objects in the web page –Packet loss ratio at the bottleneck –Etc.,

Methodology Modeling –Treat the problem analytically –I will provide initial ideas and references Simulations –NS-2 simulator (C, C++) –I will provide initial code Testbed experiments –Room 242 (my lab)

Project 2 Project 2: “Denial of Service Attacks against Web Proxies”, 2 students

Web caches (proxy server) user sets browser: Web accesses via cache browser sends all HTTP requests to cache –object in cache: cache returns object –else cache requests object from origin server, then returns object to client Goal: satisfy client request without involving origin server client Proxy server client HTTP request HTTP response HTTP request HTTP response origin server origin server

Problem Servers are well protected No protection available for web caches! Denial-of-service: –Polluting web caches with irrelevant content and significantly degrade the file hit ratio Disrupting the file locality Creating a false file locality –Keep the polluted content alive: very low-rate activity –Together with a simple parallel download on the access link, this can significantly degrade the system performance origin servers public Internet institutional network 10 Mbps LAN 1.5 Mbps access link institutional cache

Project 2 Goals To understand, create, and evaluate –stealthy denial-of-service attacks against web caches and –protection mechanisms Parameters –LAN and access-link speeds, number of clients –Cache size and file distribution –Cache replacement algorithm –Cooperative DoS strategies –Protection mechanisms

Methodology Modeling –Treat the problem analytically (replacement strategies, system parameters) –I will provide initial references Simulations –Design a simulator to explore the problem –Using real-world cache logs Experiments –Design a simple (yet malicious) web crawler and –Perform a DoS against the Northwestern CS cache server!

Group meetings Group 1: –Meet me tomorrow after the class Group 2: –Meet me tomorrow 30 min. after the class

Questions

Format of the Presentation Presentation should include the following –Motivation –Classification of related work/background –Main ideas –Evaluation and results –Open issues Send the slides to the TA and me for review at least 24 hours ahead of the class Guidelines online

Projects The most important part of class –Group of 2+ people Project list will be online soon Proposal – April 8 –3-4 pages with another 1-2 pages references. Design Document – April 15 –4-5 pages with a detailed description of the software design, load distribution among group members. Weekly Meeting and Progress Report – 4/13-5/25 –Each team will schedule a weekly meeting (30 minutes) with me. A work-in-progress report (except the 4/13 week) of 1-2 pages is due 24 hours ahead of the meeting. Project Presentation – June 1 and 3 Final Report – June 9

Project 1 background: HTTP connections Nonpersistent HTTP At most one object is sent over a TCP connection. HTTP/1.0 uses nonpersistent HTTP Persistent HTTP Multiple objects can be sent over single TCP connection between client and server. HTTP/1.1 uses persistent connections in default mode

Nonpersistent HTTP Suppose user enters URL 1a. HTTP client initiates TCP connection to HTTP server (process) at on port HTTP client sends HTTP request message (containing URL) into TCP connection socket. Message indicates that client wants object someDepartment/home.index 1b. HTTP server at host waiting for TCP connection at port 80. “accepts” connection, notifying client 3. HTTP server receives request message, forms response message containing requested object, and sends message into its socket time (contains text, references to 10 jpeg images)

Nonpersistent HTTP (cont.) 5. HTTP client receives response message containing html file, displays html. Parsing html file, finds 10 referenced jpeg objects 6. Steps 1-5 repeated for each of 10 jpeg objects 4. HTTP server closes TCP connection. time

Response time modeling Definition of RRT: time to send a small packet to travel from client to server and back. Response time: one RTT to initiate TCP connection one RTT for HTTP request and first few bytes of HTTP response to return file transmission time total = 2RTT+transmit time time to transmit file initiate TCP connection RTT request file RTT file received time

More about Web caching Cache acts as both client and server Typically cache is installed by ISP (university, company, residential ISP) Why Web caching? Reduce response time for client request. Reduce traffic on an institution’s access link. Internet dense with caches enables “poor” content providers to effectively deliver content (but so does P2P file sharing)

Caching example Assumptions average object size = 100,000 bits avg. request rate from institution’s browsers to origin servers = 15 req/sec delay from institutional router to any origin server and back to router = 2 sec Consequences utilization on LAN = 15% utilization on access link = 100% total delay = Internet delay + access delay + LAN delay = 2 sec + minutes + milliseconds origin servers public Internet institutional network 10 Mbps LAN 1.5 Mbps access link institutional cache

Caching example (cont) Possible solution increase bandwidth of access link to, say, 10 Mbps Consequences utilization on LAN = 15% utilization on access link = 15% Total delay = Internet delay + access delay + LAN delay = 2 sec + msecs + msecs often a costly upgrade origin servers public Internet institutional network 10 Mbps LAN 10 Mbps access link institutional cache

Caching example (cont) Install cache suppose hit rate is.4 Consequence 40% requests will be satisfied almost immediately 60% requests satisfied by origin server utilization of access link reduced to 60%, resulting in negligible delays (say 10 msec) total avg delay = Internet delay + access delay + LAN delay =.6*(2.01) secs + milliseconds < 1.4 secs origin servers public Internet institutional network 10 Mbps LAN 1.5 Mbps access link institutional cache