PSMCProxy Server-based Multipath

Connection

CS 526

Advanced Networking

- Richard White

Overview

Network Architectures Network Overlays SCOLD PSMC Issues Conclusion

On Proxy Server Based Multipath Connections

Yu Cai, PhD Dissertation, UCCS, 2005

Network Architecture

• Clients• Servers

• Routers• Links

• Name Servers

Client/Server Model

1. Client requests DNS name translaton

2. Router directs query to local proxy server 3. Proxy server redirects shortest path to host

Client/Server Problems

1. Client requests DNS name translation

2. Router directs query to local proxy server 3. Proxy server redirects shortest path to host

• Shortest path not always fastest!

• Wasted bandwidth!

Client/Server Vulnerability

1. Client requests DNS name translation

2. Router directs query to local proxy server 3. Proxy server redirects shortest path to host

• Shortest path not always fastest!

• Wasted bandwidth!

• Distributed Denial of Service (DDoS) Attack!

Layered Architecture

Service Overlays

• Build on existing capabilities• Don’t need to retrofit existing services• Modular compatibility for adding and removing

Secure Collective Defense (SCOLD)

• SCOLD Coordinator• SCOLD Proxy Servers

Secure Collective Defense (SCOLD)

• SCOLD Coordinator• SCOLD Proxy Servers

• Defends against DDoS attacks!

Secure Collective Defense (SCOLD)

• SCOLD Coordinator blocks incoming attack on main gateway• Notifies trusted DNSs to use trusted proxys• Trusted proxys route requests through alternate gateways

SCOLD Performance

• SCOLD overhead incurs performance delays• SCOLD overhead is insignicant compared to attacks!

Proxy Server-based Multipath Connection (PSMC)

• Can we extend the SCOLD concept to enhance network perfromance?• Shortest path not always fastest!

• Wasted bandwidth!

PSMC Architecture

• Sender module responsible for packet distribution among multiple paths• Some packets go through normal “direct route”• Some packets go through “indirect routes”• Receiver module reassembles packets in correct order.

Proxy Server-based Multipath Connection (PSMC)

• Aggregating bandwidth increases throughput• Multiple paths increase reliability, decrease vulnerability

123456

Proxy Server-based Multipath Connection (PSMC)

• PSMC increases probability packets arrive out of order

123456 125643 12

123456

Proxy Server-based Multipath Connection (PSMC)

• PSMC increases probability packets arrive out of order

123456 125643

• Resulting in significantly higher retransmit requests

56 4 3

123456Buffer 2

Buffer 1

125643123456

Proxy Server-based Multipath Connection (PSMC)

123456 125643

• PSMC increases probability packets arrive out of order• Resulting in significantly higher retransmit requests• Solution: Create a double receiving buffer!

PSMC Performance

• PSMC without double buffering was worse than standard routing!• PSMC with double buffering was significantly better than standard routing!

Issues

Detecting compromised proxy servers

Controlling malicious users

More efficient double-buffer management

Investigating quality of service capabilities

Conclusion

Increase bandwidth utilization

Decrease vulnerability to attack & failure

Can be used to implement quality of service proportional differentiation