Presentation is loading. Please wait.

Presentation is loading. Please wait.

PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White."— Presentation transcript:

1 PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White

2 Overview Network Architectures Network Overlays SCOLD PSMC Issues Conclusion On Proxy Server Based Multipath Connections Yu Cai, PhD Dissertation, UCCS, 2005

3 Network Architecture Clients Servers Routers Links Name Servers

4 Client/Server Model 1. Client requests DNS name translaton 2. Router directs query to local proxy server 3. Proxy server redirects shortest path to host

5 Client/Server Problems 1. Client requests DNS name translation 2. Router directs query to local proxy server 3. Proxy server redirects shortest path to host Shortest path not always fastest! Wasted bandwidth!

6 Client/Server Vulnerability 1. Client requests DNS name translation 2. Router directs query to local proxy server 3. Proxy server redirects shortest path to host Shortest path not always fastest! Wasted bandwidth! Distributed Denial of Service (DDoS) Attack!

7 Layered Architecture

8 Service Overlays Build on existing capabilities Don’t need to retrofit existing services Modular compatibility for adding and removing

9 Secure Collective Defense (SCOLD) SCOLD Coordinator SCOLD Proxy Servers

10 Secure Collective Defense (SCOLD) SCOLD Coordinator SCOLD Proxy Servers Defends against DDoS attacks!

11 Secure Collective Defense (SCOLD) SCOLD Coordinator blocks incoming attack on main gateway Notifies trusted DNSs to use trusted proxys Trusted proxys route requests through alternate gateways

12 SCOLD Performance SCOLD overhead incurs performance delays SCOLD overhead is insignicant compared to attacks!

13 Proxy Server-based Multipath Connection (PSMC) Can we extend the SCOLD concept to enhance network perfromance? Shortest path not always fastest! Wasted bandwidth!

14 PSMC Architecture Sender module responsible for packet distribution among multiple paths Some packets go through normal “direct route” Some packets go through “indirect routes” Receiver module reassembles packets in correct order.

15 Proxy Server-based Multipath Connection (PSMC) Aggregating bandwidth increases throughput Multiple paths increase reliability, decrease vulnerability

16 123456 Proxy Server-based Multipath Connection (PSMC) PSMC increases probability packets arrive out of order 12345612564312

17 123456 Proxy Server-based Multipath Connection (PSMC) PSMC increases probability packets arrive out of order 123456125643 Resulting in significantly higher retransmit requests 5643

18 123456 Buffer 2 Buffer 1 125643123456 Proxy Server-based Multipath Connection (PSMC) 123456125643 PSMC increases probability packets arrive out of order Resulting in significantly higher retransmit requests Solution: Create a double receiving buffer!

19 PSMC Performance PSMC without double buffering was worse than standard routing! PSMC with double buffering was significantly better than standard routing!

20 Issues Detecting compromised proxy servers Controlling malicious users More efficient double- buffer management Investigating quality of service capabilities

21 Conclusion Increase bandwidth utilization Decrease vulnerability to attack & failure Can be used to implement quality of service proportional differentiation

Download ppt "PSMC Proxy Server-based Multipath Connection CS 526 Advanced Networking - Richard White."

Similar presentations

Interconnection Networks: Flow Control and Microarchitecture.

Interconnection Networks: Flow Control and Microarchitecture.
On Proxy Server based Multipath Connections (PSMC) PhD Proposal Yu Cai 12/2003 University of Colorado at Colorado Springs.

On Proxy Server based Multipath Connections (PSMC) PhD Proposal Yu Cai 12/2003 University of Colorado at Colorado Springs.
Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.

Cs/ee 143 Communication Networks Chapter 6 Internetworking Text: Walrand & Parekh, 2010 Steven Low CMS, EE, Caltech.
Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.

Clayton Sullivan PEER-TO-PEER NETWORKS. INTRODUCTION What is a Peer-To-Peer Network A Peer Application Overlay Network Network Architecture and System.
Overview of Distributed Denial of Service (DDoS) Wei Zhou.

Overview of Distributed Denial of Service (DDoS) Wei Zhou.
Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.

Distributed Denial of Service Attacks: Characterization and Defense Will Lefevers CS522 UCCS.
Criticisms of I3 Zhichun Li. General Issues Functionality Security Performance Practicality If not significant better than existing schemes, why bother?

Criticisms of I3 Zhichun Li. General Issues Functionality Security Performance Practicality If not significant better than existing schemes, why bother?
On Proxy Server based Multipath Connections (PSMC) PhD Proposal Yu Cai 10/2003 University of Colorado at Colorado Springs.

On Proxy Server based Multipath Connections (PSMC) PhD Proposal Yu Cai 10/2003 University of Colorado at Colorado Springs.
© 2003 By Default! A Free sample background from www.powerpointbackgrounds.com Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,

© 2003 By Default! A Free sample background from Slide 1 SAVE: Source Address Validity Enforcement Protocol Authors: Li,
Semester 1 2008-2009Copyright USM EEE442 Computer Networks Introduction: Protocols En. Mohd Nazri Mahmud MPhil (Cambridge, UK) BEng (Essex, UK)

Semester Copyright USM EEE442 Computer Networks Introduction: Protocols En. Mohd Nazri Mahmud MPhil (Cambridge, UK) BEng (Essex, UK)
ChowSCID1 Secure Collective Internet Defense (SCID) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCID1 Secure Collective Internet Defense (SCID) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Defense Network (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
Multipath Routing: Proxy Selection By Joseph A LaConte CS 591 – Semester Project December 07, 2005.

Multipath Routing: Proxy Selection By Joseph A LaConte CS 591 – Semester Project December 07, 2005.
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
EE 4272Spring, 2003 Protocols & Architecture A Protocol Architecture is the layered structure of hardware & software that supports the exchange of data.

EE 4272Spring, 2003 Protocols & Architecture A Protocol Architecture is the layered structure of hardware & software that supports the exchange of data.
Data Communications Architecture Models. What is a Protocol? For two entities to communicate successfully, they must “speak the same language”. What is.

Data Communications Architecture Models. What is a Protocol? For two entities to communicate successfully, they must “speak the same language”. What is.
Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003

Secure Collective Internet Defense (SCID) Yu Cai 05/30/2003
Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.

Enhanced Secure Dynamic DNS Update with Indirect Route David Wilkinson, C. Edward Chow, Yu Cai 06/11/2004 University of Colorado at Colorado Springs IEEE.
ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.

ChowSCOLD1 Secure Collective Internet Defense (SCOLD) C. Edward Chow Yu Cai Dave Wilkinson Sarah Jelinek Part of this project is sponsored by a grant from.
Overlay Architecture and API Fang Yu Noah Treuhaft Takashi Suzuki Matthew Caesar.

Overlay Architecture and API Fang Yu Noah Treuhaft Takashi Suzuki Matthew Caesar.

Similar presentations

Ads by Google