Documente Academic
Documente Profesional
Documente Cultură
Outline
Implementation Techniques
Hashing Schemes
Redirection Strategies
Spring 2002
CS 461
Design Space
Caching
explicit
transparent (hijacking connections)
Replication
server farms
geographically dispersed (CDN)
Spring 2002
CS 461
Spring 2002
CS 461
client
client
attacker
Spring 2002
server
CS 461
client
4
client
client
server
slave attacker
zombie
client
zombie
Spring 2002
zombie
CS 461
Redirection Overlay
Geographically distributed server clusters
R
R
R
Internet Backbone
R
R
R
clients
Spring 2002
Distributed request-redirectors
CS 461
Techniques
DNS
one name maps onto many addresses
works for both servers and reverse proxies
HTTP
requires an extra round trip
Router
one address, select a server (reverse proxy)
content-based routing (near client)
URL Rewriting
embedded links
Spring 2002
CS 461
Spring 2002
CS 461
URL (key)
Easy to compute
Evenly distributed
Good for fixed number of
servers
Many mapping changes after a
single server change
svrN
Spring 2002
CS 461
svrN
url-1
svr2
Unit circle
Spring 2002
CS 461
10
weight0
RH
sort
svr0
svr1
svr2
svr
svr
svrN
Spring 2002
Hash(url, svrAddr)
Deterministic order of access set of
servers
Different order for different URLs
Load evenly distributed after server
changes
weight1
weight2
weight0
weightN
low
CS 461
11
Redirection Strategies
Random (Rand)
Requests randomly sent to cooperating servers
Baseline case, no pathological behavior
CS 461
12
Spring 2002
CS 461
13
Simulation
Identifying bottlenecks
Server overload, network congestion
Spring 2002
CS 461
14
Network Topology
WA
PACA
MA
IL
MI
NE
CO
R
R
S
DC
R
SDCA
GA
TX
R
C
R
C
C
C
15
Simulation Setup
Workload
Static documents from Web Server trace, available at
each cooperative server
Attackers from random places, repeat requesting a
subset of random files
Simulation process
Gradually increase offered request load
End when servers very heavily overloaded
Spring 2002
CS 461
16
Normal Operation
35000
30000
25000
20000
15000
10000
5000
0
Rand
CDR
R-CHash
FDR
R-HRW
FDR-Ideal
CS 461
17
R-CHash
FDR
R-HRW
FDR-Ideal
CS 461
18
R-CHash
Rand
FDR
80
80
60
60
CDFof Response
100
CDFof Response
100
40
20
0
R-CHash
CDR
40
20
0
0.1
1
10
100
Response Time in Logscale (Seconds)
Spring 2002
0.1
1
10
100
Response Time in Logscale (Seconds)
CS 461
19
CDR
CDF of Response
100
80
60
40
20
0
0.1
1
10
100
Response Time in Logscale (Seconds)
Spring 2002
CS 461
20
Capacity Scalability
Under Attack (250 zombies, 10 files)
45000
40000
35000
30000
25000
20000
15000
10000
5000
0
Throughput req/s
Throughput req/s
Normal Operation
16
32
48
64 80
96 112 128
Num of Servers
CDR
R-HRW
Rand
Spring 2002
50000
45000
40000
35000
30000
25000
20000
15000
10000
5000
0
0
16
32
48
64
80
96 112 128
Num of Servers
CDR
CS 461
R-HRW
Rand
21
35000
30000
25000
25000
Throughput req/s
Throughput req/s
30000
20000
15000
10000
5000
0
20000
15000
10000
5000
0
100
200
300
400
500
600
700
Rand
R-HRW
Spring 2002
800
100
200
300
400
500
600
700
CDR
Rand
CS 461
R-HRW
CDR
22
800
Deployment Issues
Servers join DDoS protection overlay
Same story as Akamai
Get protection and performance
Spring 2002
CS 461
23