downstream knowledge upstream re-feedback

Bob BriscoeArnaud Jacquet, Carla Di Cairano-Gilfedder, Andrea Soppera & Martin KoyabeBT Research

Communications Innovation Institute

goals & non-goals, approach

• goals & non-goals• goal: fix Internet’s resource allocation and accountability architecture• non-goal: solve the whole DoS problem• non-goal: solve app-layer/user-space flooding• goal: foundation for wider DoS solution(s)

• approach• part of effort to determine new Internet architecture• mechanism for non-co-operative end-game in case things get nasty• network economics & incentives, but no fiddling with retail pricing• network operators (not users) assumed to be rational

• work in progress• simulations in progress• not even submitted yet

now next future

the problem: rate policing• short & long term congestion

• short: e.g. policing TCP-friendliness (or any agreed response)• long: e.g. policing zombie hosts, p2p file-sharing (selfish not malicious)

• user congestion response voluntary• why is TCP compliance stable? what shouldn’t we do to keep it?

• TCP-friendly malware?? imagine a TCP virus

• network congestion response voluntary• why care if my users cause congestion in downstream networks?

TCP-friendly

access capacity rate

pathcongestion,ρ

cumulativeTCPs

packet headers

1probability

dropmark ave queue

length

ACKnowledgement packets network transportdata

probabilisticpacket marking algorithm

on all egress interfacesmarked packet

marked ACK

pre-requisite knowledge: explicit congestion notification (ECN)

bits 6 & 7 of IP DS byte

00: Not ECN Capable Transport (ECT)01 or 10: ECN Capable Transport - no Congestion Experienced (sender initialises)11: ECN Capable Transport - and Congestion Experienced (CE)

0 5 6 7

IETF proposed std: RFC3168Sep 2001most recent change to IPv4&6

path characterisationvia data headers

loss rate orexplicit congestion notification (ECN)

time to live (TTL)

1011111616

1016-5 -1

downstream knowledge upstream: the idea

control& info

infocontrol control

control& info

control

propg’n timecongestionhop countetc

control& info

re-inserted

before......after re-feedback

-5 -1-2

receiver aligned

downstream knowledge upstream— re-feedback

metric,h

nodesequence

index,i

0 1 2 i n... ...

h0(t+T)

sequence of relays on a network pathsender receiver

incentives

incentive framework

downstreampath metric,ρi

RcvSnd

congestionpricing

dropper

routingpolicer/scheduler

downstream path metric at receiver

downstreamcongestionprobabilitydistribution

downstreampath metricat rcvr, ρn

incentiveframework

dropper

naïvedropper

incentiveframework

penalising uncertain misbehaviour

adaptivedropprobability

systematiccheating, ρc

statelessdropper

dropperdropper

downstream path metric at receiver

incentiveframework

dropper

statelessdropper

no systematiccheating, ρc = 0

incentives

spawning focused droppers

• use penalty box technique [Floyd99]• examine (candidate) discards for any signature

• spawn child dropper to focus on subset that matches signature

• kill child dropper if no longer dropping (after random wait)

• push back• send hint upstream defining signature(s)

• if (any) upstream node has idle processing resource

test hint by spawning dropper focused on signature as above

• cannot DoS with hints, as optional & testable• no need for crypto authentication – no additional DoS vulnerability

incentive frameworkdownstreamcongestion,ρi

policer/scheduler

flowpolicer

congestion,delay, …

each packet header carriesview of its own downstream path

policer/scheduler

ratesample packetsto check/enforce the agreed

congestion responseno per flow state for honest flows

downstreamcongestion,

TCP policer – no state for well-behaved flows

TCP-friendly

incentives

incentive compatibility – hosts

• incentivise:• responsible actions

• honest words

net value to end-points,ΔU

overstatement of downstream path

metric at source Δρc

practical

scheduler/policer dropperdropper

push-back

0dominant strategy

incentives

inter-domain policing• bulk congestion charging emulates policing: passive & simple• capacity charge modulated by congestion charge• sending domain pays C = ηX + λQ to receiving domain (e.g. monthly)• η, λ are (relatively) fixed prices of capacity, X and congestion, Q resp.

• ‘usage’ related price λ ≥ 0 (safe against ‘denial of funds’)• any receiver contribution to usage settled through end to end clearinghouse

• congestion charge, Q over accounting period, Ta is Q = ΣTa ρi+

• ρi metered by single bulk counter on each interface• note: negative ρi worthless – creates incentive to deploy droppers

downstreampath metric, ρi

ρAB ρBD

congestion profit, Π: Π1 = – (λ ρ)12 Π2 = +(λ ρ)12 – (λ ρ)24 Π4 = + (λ ρ)24

per packet

Capacity price, η sign depends on relative connectivity

incentives

incentive frameworkdownstreamcongestion,ρi

congestionpricing

policer/scheduler

per-user policer

policer/scheduler

long term congestion incentives

cumulative multiple flows

• effectively shuts out zombie hosts• incentivises owners to fix them• (also incentivises off-peak file-sharing)

distributed denial of service

• merely enforcing congestion response • honest sources

• increase initial metric & reduce rate

• malicious sources – if do increase initial metric

• policer at attacker’s ingress forces rate response• have to space out packets even at flow start

– if don’t increase initial metric• negative either at the point of attack or before• distinguished from honest traffic and discarded• push back kicks in if persistent

deployment

migration

• approach• realign metrics by modifying sender and/or receiver stack only

• unchanged router path characterisation (protocol & routers)

• re-ECN possible without contravening existing ECN code-points

• reason: changing hosts: incremental; changing routers: flag day

• deployment path• network operators add incentive mechanisms to edge routers

• add policers & droppers, but permissively configured

• increasing strictness incentivises incremental host upgrades

classic origin

re-f/b origin

unchangedunchanged

incentive framework

discussion

summaryre-feedback incentive framework

downstreamcongestion,ρi

congestionpricingpolicer

/scheduler

policercongestion,delay, …

each packet header carriesview of its own downstream path

policer/scheduler

so just sample packetsto check/enforce the agreed

congestion response

TCP-friendly

premiumdownstreamcongestion,

adaptivedropprobability

systematiccheating, ρc

statelessdropper

dropperdropper

routing

downstream knowledge upstream re-feedback

Documents

Upstream, downstream, china, india

> Upstream > Midstream > Downstream > Chemical valve ... · > Upstream > Midstream > Downstream > Chemical valve applications Low temperature and cryogenic valve solutions. Your reliable

Editorial Upstream and Downstream of Recombinants

Upstream AUGs and upstream ORFs can regulate the downstream

Upstream Investment for Downstream Impact

Downstream knowledge upstream re-feedback Bob Briscoe Arnaud Jacquet, Andrea Soppera, Carla Di Cairano-Gilfedder & Martin Koyabe BT Research

Agile Upstream and Downstream Webinar - English

Wireless solutions for upstream and downstream applications

Towards upstream/ downstream hydrosolidarity

Manufacturing Upstream Downstream - Saja Energy

Upstream versus Downstream interventions · Upstream versus Downstream interventions Banny Banerjee Associate Professor Stanford d.school, Stanford Design Program Director, Stanford

Exploring Upstream and Downstream Fish Passage

Downstream Upstream Relationship and The Grand Ethiopian

SUMMARY OF UPSTREAM AND DOWNSTREAM FISH …

Learning and Innovation in Upstream-Downstream Relations ... · innovation and mutual knowledge exchanges between upstream-downstream relations in industrial development. Microeconometric

Upstream - Production $ Downstream Opportunities from Ethane Cracker

downstream knowledge upstream re-feedback

Revisiting Key Questions Regarding Upstream–Downstream

Research Article Influence of Upstream and Downstream

Overview of Upstream and Downstream Processing of