On the Performance of TCP Splicing for URL-aware Redirection Ariel Cohen, Sampath Rangarajan, and Hamilton Slye The 2 nd USENIX Symposium on Internet Technologies.

Slides:



Advertisements
Similar presentations
VOYAGER: Yet Another Secure Web Browser to Demonstrate Secure Socket Layer Working and Implementation By : Shrinivas G. Deshpande Advisor: Dr. Chung E.
Advertisements

IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.
Scalable Content-aware Request Distribution in Cluster-based Network Servers Jianbin Wei 10/4/2001.
Introduction to Content-aware Switch Presented by Li Zhao.
Transparent Caching The art of caching network traffic without requiring user / browser side configuration.
Page: 1 Director 1.0 TECHNION Department of Computer Science The Computer Communication Lab (236340) Summer 2002 Submitted by: David Schwartz Idan Zak.
1 Design and Implementation of A Content-aware Switch using A Network Processor Li Zhao, Yan Luo, Laxmi Bhuyan University of California, Riverside Ravi.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
1 Improving Web Servers performance Objectives:  Scalable Web server System  Locally distributed architectures  Cluster-based Web systems  Distributed.
TCP Splicing for URL-aware Redirection
Understanding Networks. Objectives Compare client and network operating systems Learn about local area network technologies, including Ethernet, Token.
1 Web Proxies Dr. Rocky K. C. Chang 6 November 2005.
Design and Implementation of Web Switch
Design and Implementation of a Server Director Project for the LCCN Lab at the Technion.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Proxy Servers CS-480b Dick Steflik Proxy Servers Part of an overall Firewall strategy Sits between the local network and the external network Originally.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Middleboxes & Network Appliances EE122 TAs Past and Present.
TCP/IP Web Design & Layout January 23, TCP/IP For Dummies  The guts and the rules of the Internet and World Wide Web. A set of protocols, services,
A Brief Taxonomy of Firewalls
BY- NIKHIL TRIPATHI 12MCMB10.  What is a FIREWALL?  Can & Can’t in Firewall perspective  Development of Firewalls  Firewall Architectures  Some Generalization.
CN2668 Routers and Switches Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.
Chapter 17 Networking Dave Bremer Otago Polytechnic, N.Z. ©2008, Prentice Hall Operating Systems: Internals and Design Principles, 6/E William Stallings.
Syllabus outcomes Describes and applies problem-solving processes when creating solutions Designs, produces and evaluates appropriate solutions.
Chapter 6: Packet Filtering
INTERNET DATA FLOW Created by David Whitchurch for ISDS 4120 Louisiana State University.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.
Jaringan Komputer Dasar OSI Transport Layer Aurelio Rahmadian.
Chapter 1: Introduction to Web Applications. This chapter gives an overview of the Internet, and where the World Wide Web fits in. It then outlines the.
Enabling Embedded Systems to access Internet Resources.
Othman Othman M.M., Koji Okamura Kyushu University 1.
Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.
Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.
H.323 An International Telecommunications Union (ITU) standard. Architecture consisting of several protocols oG.711: Encoding and decoding of speech (other.
Information Flow Across the Internet. What is the Internet? A large group of computers that link together to form the Worldwide Area Network (WAN)
Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.
Othman Othman M.M., Koji Okamura Kyushu University 1.
Homework 02 NAT 、 DHCP 、 Firewall 、 Proxy. Computer Center, CS, NCTU 2 Basic Knowledge  DHCP Dynamically assigning IPs to clients  NAT Translating addresses.
Multimedia and Networks. Protocols (rules) Rules governing the exchange of data over networks Conceptually organized into stacked layers – Application-oriented.
Presented by Rebecca Meinhold But How Does the Internet Work?
IT ELECTRONIC COMMERCE THEORY NOTES
Network and the internet Part eight Introduction to computer, 2nd semester, 2009/2010 Mr.Nael Aburas Faculty of Information.
INTERNET PROTOCOLS. Microsoft’s Internet Information Server Home Page Figure IT2031 UNIT-3.
Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.
INTRODUCTION Firewall is a concept which blocks unwanted traffic and passes desirable traffic to and from both sides of the network.
Introduction to Content-aware Switch Presented by Li Zhao.
1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.
TPOT Translucent Proxying of TCP Pablo Rodriguez, Sandeep Sibal, Oliver Spatscheck AT&T Labs - Research.
CompTIA Security+ Study Guide (SY0-401)
NAT、DHCP、Firewall、FTP、Proxy
Gijeong Kim ,Junho Kim ,Sungwon Lee Kyunghee University
Module 3: Enabling Access to Internet Resources
Affinity Depending on the application and client requirements of your Network Load Balancing cluster, you can be required to select an Affinity setting.
SCTP Handoff for Cluster Servers
Introduction and Overview of Network and Telecommunications (contd.)
Processes The most important processes used in Web-based systems and their internal organization.
Introduction to Networking
Introducing To Networking
Working at a Small-to-Medium Business or ISP – Chapter 7
Network Architecture Introductory material
Working at a Small-to-Medium Business or ISP – Chapter 7
Review of Important Networking Concepts
Working at a Small-to-Medium Business or ISP – Chapter 7
Multimedia and Networks
Lecture 2: Overview of TCP/IP protocol
Presentation transcript:

On the Performance of TCP Splicing for URL-aware Redirection Ariel Cohen, Sampath Rangarajan, and Hamilton Slye The 2 nd USENIX Symposium on Internet Technologies & Systems Network Computing Lab, EECS, KAIST Hyun-ju Lee

Network Computing Lab.2 Content Introduction Solution approach Implementation detail Performance Conclusion

Network Computing Lab.3 Introduction(1) Overview  Describe the design, implementation and performance of a layer-7 switch which support URL-aware redirection of HTTP traffic Solution approach  URL-aware switch in the Linux kernel that uses TCP splicing Contribution  Discuss in detail the design and implementation of URL- aware switch  Show the benefit of TCP splicing for small TCP sessions  Re-affirm the benefit of TCP splicing for transform of large amount of data

Network Computing Lab.4 Introduction(2) Basic layer-4 switch  Redirect traffic based on transport-layer(TCP) and network- layer(IP) information  Uses : redirecting web traffic to caches, server load balancing, fault tolerance URL-aware redirection  Capability of a switch located in front of clients or servers to redirect HTTP requests to servers based on the URL specified by the client in its GET request  Extend the scope of information to layer-7 information  Benefit : direct requests to optimized server, direct requests for dynamic content to live servers, reduce the need for replication

Network Computing Lab.5 Introduction(3) Layer-4 switch  Redirect the initial SYN packet from the client to the choosen destination  Redirect all subsequent packets on the connection to the same destination  Use mechanisms such as NAT, PAT URL-aware redirection  Connection must be established between a client and a switch before application-level information can be received  Approaches –TCP gateway –TCP Connection hop

Network Computing Lab.6 Introduction(4) TCP Connection hop  Move the switch side end point of client-switch TCP connection to the server  Establish a direct TCP connection between the client and the server  TCP/IP stack at the back-end server needs to be extended TCP gateway  Two TCP connections –Establish client-switch TCP connection –Receive GET request from client, Determine destination –Establish switch-server TCP connection –Forward GET request to the destination, receive the response –Transfer the response to the client

Network Computing Lab.7 Solution approach TCP gateway  Overhead due to the use of two TCP connection  Go up the protocol stack to the application layer and down the protocol stack TCP splicing  Once the two TCP connections are established, they are spliced together  IP packets are forwarded from one end point to the other at the network layer  Address translation and sequence number modification is required

Network Computing Lab.8 Implementation detail(1) Application-level proxy(proxy-s) Splice module(sp-mod) NEPPI(Network Element for Programmable Packet Injector) Linux ipchains firewall

Network Computing Lab.9 Implementation detail(2)  Establish client-URL- aware proxy TCP connection  URL-aware proxy :Receive GET request from client  sp-mod : record seq, ack_seq  Determine destination  Splice commend to sp-mod  Send GET request to server  Sp-mod : record seq, ack_seq  Splice instruction to NEPPI  NEPPI : address, sequence # translation  All packet are redirected at network layer

Network Computing Lab.10 Performance(1) Experiments  run for a period of three minutes with a concurrent HTTP request of 75  Once all the data is received, a new batch of requests is issued  proxy-s : TCP splicing proxy-ns : do not utilize TCP splicing Internal / external workload  Proxy-s : significantly higher number of connections(47% higher) & lower CPU utilization

Network Computing Lab.11 Performance(2) Impact of using TCP splicing on different file size  The biggest performance gain for large transfers  One might expect to obtain larger number of connections for smaller file (CPU was not fully utilized)

Network Computing Lab.12 Conclusion URL-aware redirection switch  Loadable kernel modules for the Linux OS along with a user-level proxy TCP splicing  Significant performance improvement

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.