Pub Date : 2011-10-17DOI: 10.1109/ICNP.2011.6089061
Dan Li, Henggang Cui, Yan Hu, Yong Xia, Xin Wang
Multicast benefits data center group communications in saving network bandwidth and increasing application throughput. However, it is challenging to scale Multicast to support tens of thousands of concurrent group communications due to limited forwarding table memory space in the switches, particularly the low-end ones commonly used in modern data centers. Bloom Filter is an efficient tool to compress the Multicast forwarding table, but significant traffic leakage may occur when group membership testing is false positive. To reduce the Multicast traffic leakage, in this paper we bring forward a novel multi-class Bloom Filter (MBF), which extends the standard Bloom Filter by embracing element uncertainty. Specifically, MBF sets the number of hash functions in a per-element level, based on the probability for each Multicast group to be inserted into the Bloom Filter. We design a simple yet effective algorithm to calculate the number of hash functions for each Multicast group. We have prototyped a software based MBF forwarding engine on the Linux platform. Simulation and prototype evaluation results demonstrate that MBF can significantly reduce Multicast traffic leakage compared to the standard Bloom Filter, while causing little system overhead.
{"title":"Scalable data center multicast using multi-class Bloom Filter","authors":"Dan Li, Henggang Cui, Yan Hu, Yong Xia, Xin Wang","doi":"10.1109/ICNP.2011.6089061","DOIUrl":"https://doi.org/10.1109/ICNP.2011.6089061","url":null,"abstract":"Multicast benefits data center group communications in saving network bandwidth and increasing application throughput. However, it is challenging to scale Multicast to support tens of thousands of concurrent group communications due to limited forwarding table memory space in the switches, particularly the low-end ones commonly used in modern data centers. Bloom Filter is an efficient tool to compress the Multicast forwarding table, but significant traffic leakage may occur when group membership testing is false positive. To reduce the Multicast traffic leakage, in this paper we bring forward a novel multi-class Bloom Filter (MBF), which extends the standard Bloom Filter by embracing element uncertainty. Specifically, MBF sets the number of hash functions in a per-element level, based on the probability for each Multicast group to be inserted into the Bloom Filter. We design a simple yet effective algorithm to calculate the number of hash functions for each Multicast group. We have prototyped a software based MBF forwarding engine on the Linux platform. Simulation and prototype evaluation results demonstrate that MBF can significantly reduce Multicast traffic leakage compared to the standard Bloom Filter, while causing little system overhead.","PeriodicalId":202059,"journal":{"name":"2011 19th IEEE International Conference on Network Protocols","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132216427","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-10-17DOI: 10.1109/ICNP.2011.6089047
Fei Chen, Bruhadeshwar Bezawada, A. Liu
Network reachability is one of the key factors for capturing end-to-end network behavior and detecting the violation of security policies. While quantifying network reachability within one administrative domain is already difficult, quantifying network reachability across multiple administrative domains is more difficult because the privacy of security policies becomes a serious concern and needs to be protected through this process. In this paper, we propose the first cross-domain privacy-preserving protocol for quantifying network reachability. Our protocol constructs equivalent representations of the Access Control List (ACL) rules and determines network reachability while preserving the privacy of the individual ACLs. This protocol can accurately determine the network reachability along a network path through different administrative domains. We have implemented and evaluated our protocol on both real and synthetic ACLs. The experimental results show that the online processing time of an ACL with thousands of rules is less than 25 seconds, the comparison time of two ACLs is less than 6 seconds, and the communication cost between two ACLs with thousands of rules is less than 2100 KB.
{"title":"Privacy-preserving cross-domain network reachability quantification","authors":"Fei Chen, Bruhadeshwar Bezawada, A. Liu","doi":"10.1109/ICNP.2011.6089047","DOIUrl":"https://doi.org/10.1109/ICNP.2011.6089047","url":null,"abstract":"Network reachability is one of the key factors for capturing end-to-end network behavior and detecting the violation of security policies. While quantifying network reachability within one administrative domain is already difficult, quantifying network reachability across multiple administrative domains is more difficult because the privacy of security policies becomes a serious concern and needs to be protected through this process. In this paper, we propose the first cross-domain privacy-preserving protocol for quantifying network reachability. Our protocol constructs equivalent representations of the Access Control List (ACL) rules and determines network reachability while preserving the privacy of the individual ACLs. This protocol can accurately determine the network reachability along a network path through different administrative domains. We have implemented and evaluated our protocol on both real and synthetic ACLs. The experimental results show that the online processing time of an ACL with thousands of rules is less than 25 seconds, the comparison time of two ACLs is less than 6 seconds, and the communication cost between two ACLs with thousands of rules is less than 2100 KB.","PeriodicalId":202059,"journal":{"name":"2011 19th IEEE International Conference on Network Protocols","volume":"102 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123039662","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-10-17DOI: 10.1109/ICNP.2011.6089050
Ioannis Pefkianakis, Chi-Yu Li, Songwu Lu
The IEEE 802.11n standard has proposed a new Spatial Multiplexing Power Save (SMPS) feature, which allows for a station to retain one active receive chain, to mitigate MIMO circuitry power consumption. But does it work in all cases? Our experiments reveal that SMPS may not always save power compared with multiple active chains at the receiver. Even when it does, it may be proven more energy hungry. In this work, we seek to uncover the “good”, the “bad” and the “ugly” of SMPS using real experiments. We further devise a MIMO Receiver Energy Save (MRES) algorithm, which seeks to identify and set the most energy-efficient receive chain setting, by using a novel, low-overhead sampling scheme. Our prototype experiments show that, MRES outperforms SMPS with energy savings up to 37%.
{"title":"What is wrong/right with IEEE 802.11n Spatial Multiplexing Power Save feature?","authors":"Ioannis Pefkianakis, Chi-Yu Li, Songwu Lu","doi":"10.1109/ICNP.2011.6089050","DOIUrl":"https://doi.org/10.1109/ICNP.2011.6089050","url":null,"abstract":"The IEEE 802.11n standard has proposed a new Spatial Multiplexing Power Save (SMPS) feature, which allows for a station to retain one active receive chain, to mitigate MIMO circuitry power consumption. But does it work in all cases? Our experiments reveal that SMPS may not always save power compared with multiple active chains at the receiver. Even when it does, it may be proven more energy hungry. In this work, we seek to uncover the “good”, the “bad” and the “ugly” of SMPS using real experiments. We further devise a MIMO Receiver Energy Save (MRES) algorithm, which seeks to identify and set the most energy-efficient receive chain setting, by using a novel, low-overhead sampling scheme. Our prototype experiments show that, MRES outperforms SMPS with energy savings up to 37%.","PeriodicalId":202059,"journal":{"name":"2011 19th IEEE International Conference on Network Protocols","volume":"75 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114837879","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-10-17DOI: 10.1109/ICNP.2011.6089038
Hongcheng Tian, J. Bi, Wei Zhang, Xiaoke Jiang
IP traceback can be used to find the origins and paths of attacking traffic. However, so far, no Internet-level IP traceback system has ever been deployed because of deployment difficulties. In this paper, we present an easily-deployable light-weight IP traceback based on flow (EasyTrace). In EasyTrace, it is not necessary to deploy any dedicated traceback software and hardware at routers, and an AS-level overlay network is built for incremental deployment. We theoretically analyze the quantitative relation among the probability that a flow is successfully traced back various AS-level hop number, independently sampling probability, and the number of packets that the flow comprises.
{"title":"EasyTrace: An easily-deployable light-weight IP traceback on an AS-level overlay network","authors":"Hongcheng Tian, J. Bi, Wei Zhang, Xiaoke Jiang","doi":"10.1109/ICNP.2011.6089038","DOIUrl":"https://doi.org/10.1109/ICNP.2011.6089038","url":null,"abstract":"IP traceback can be used to find the origins and paths of attacking traffic. However, so far, no Internet-level IP traceback system has ever been deployed because of deployment difficulties. In this paper, we present an easily-deployable light-weight IP traceback based on flow (EasyTrace). In EasyTrace, it is not necessary to deploy any dedicated traceback software and hardware at routers, and an AS-level overlay network is built for incremental deployment. We theoretically analyze the quantitative relation among the probability that a flow is successfully traced back various AS-level hop number, independently sampling probability, and the number of packets that the flow comprises.","PeriodicalId":202059,"journal":{"name":"2011 19th IEEE International Conference on Network Protocols","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129344592","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-10-17DOI: 10.1109/ICNP.2011.6089071
An Chan, Henrik Lundgren, T. Salonidis
The IEEE 802.11n standard supports very high physical layer data rates using Multiple Input Multiple Output (MIMO) antenna technologies. Despite such high rates, High Definition (HD) video streaming is still challenging in WLAN deployments. In this paper, we show that the wireless channel probing overhead of existing 802.11n data rate adaptation mechanisms can be detrimental to HD video performance. We propose VARA, a Video-Aware Rate Adaptation protocol that addresses this problem by adapting the frequency and timing of wireless probing to both video encoding rate variations and wireless channel variations. In addition, VARA employs novel strategies that multiplex several Variable Bit Rate (VBR) HD video streams by minimizing their aggregate peak rate requirement. Our experimental evaluations for static and mobile scenarios in a MIMO 802.11n wireless testbed demonstrate the practical benefits of VARA over state-of-the-art 802.11n rate adaptation protocols.
{"title":"Video-Aware Rate Adaptation for MIMO WLANs","authors":"An Chan, Henrik Lundgren, T. Salonidis","doi":"10.1109/ICNP.2011.6089071","DOIUrl":"https://doi.org/10.1109/ICNP.2011.6089071","url":null,"abstract":"The IEEE 802.11n standard supports very high physical layer data rates using Multiple Input Multiple Output (MIMO) antenna technologies. Despite such high rates, High Definition (HD) video streaming is still challenging in WLAN deployments. In this paper, we show that the wireless channel probing overhead of existing 802.11n data rate adaptation mechanisms can be detrimental to HD video performance. We propose VARA, a Video-Aware Rate Adaptation protocol that addresses this problem by adapting the frequency and timing of wireless probing to both video encoding rate variations and wireless channel variations. In addition, VARA employs novel strategies that multiplex several Variable Bit Rate (VBR) HD video streams by minimizing their aggregate peak rate requirement. Our experimental evaluations for static and mobile scenarios in a MIMO 802.11n wireless testbed demonstrate the practical benefits of VARA over state-of-the-art 802.11n rate adaptation protocols.","PeriodicalId":202059,"journal":{"name":"2011 19th IEEE International Conference on Network Protocols","volume":"30 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"131279616","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-10-17DOI: 10.1109/ICNP.2011.6089078
Shuo Guo, S. Kim, Ting Zhu, Yu Gu, T. He
Flooding in low-duty-cycle wireless sensor networks is very costly due to asynchronous schedules of sensor nodes. To adapt existing flooding-tree-based designs for low-duty-cycle networks, we shall schedule nodes of common parents wake up simultaneously. Traditionally, energy optimality in a designated flooding-tree is achieved by selecting parents with the highest link quality. In this work, we demonstrate that surprisingly more energy can be saved by considering link correlation. Specifically, this work first experimentally verifies the existence of link correlation and mathematically proves that the energy consumption of broadcasting can be reduced by letting nodes with higher correlation receive packets simultaneously. A novel flooding scheme, named Correlated Flooding, is then designed so that nodes with high correlation are assigned to a common sender and their receptions of a broadcasting packet are only acknowledged by a single ACK. This unique feature effectively ameliorates the ACK implosion problem, saving energy on both data packets and ACKs. We evaluate Correlated Flooding with extensive simulations and a testbed implementation with 20 MICAz nodes. We show that Correlated Flooding saves more than 66% energy on ACKs and 15%–50% energy on data packets for most network settings, while having similar performance on flooding delay and reliability.
{"title":"Correlated flooding in low-duty-cycle wireless sensor networks","authors":"Shuo Guo, S. Kim, Ting Zhu, Yu Gu, T. He","doi":"10.1109/ICNP.2011.6089078","DOIUrl":"https://doi.org/10.1109/ICNP.2011.6089078","url":null,"abstract":"Flooding in low-duty-cycle wireless sensor networks is very costly due to asynchronous schedules of sensor nodes. To adapt existing flooding-tree-based designs for low-duty-cycle networks, we shall schedule nodes of common parents wake up simultaneously. Traditionally, energy optimality in a designated flooding-tree is achieved by selecting parents with the highest link quality. In this work, we demonstrate that surprisingly more energy can be saved by considering link correlation. Specifically, this work first experimentally verifies the existence of link correlation and mathematically proves that the energy consumption of broadcasting can be reduced by letting nodes with higher correlation receive packets simultaneously. A novel flooding scheme, named Correlated Flooding, is then designed so that nodes with high correlation are assigned to a common sender and their receptions of a broadcasting packet are only acknowledged by a single ACK. This unique feature effectively ameliorates the ACK implosion problem, saving energy on both data packets and ACKs. We evaluate Correlated Flooding with extensive simulations and a testbed implementation with 20 MICAz nodes. We show that Correlated Flooding saves more than 66% energy on ACKs and 15%–50% energy on data packets for most network settings, while having similar performance on flooding delay and reliability.","PeriodicalId":202059,"journal":{"name":"2011 19th IEEE International Conference on Network Protocols","volume":"55 5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132892841","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-10-17DOI: 10.1109/ICNP.2011.6089083
Florin Dinu, T. Ng
This paper proposes a purely passive method for inferring a congestion map of a network. The congestion map is computed using the congestion markings carried in existing traffic, and is continuously updated as traffic is received. Consequently, congestion changes can be tracked in a real-time fashion with zero traffic overhead. Unlike active congestion reporting methods, our novel passive method is more robust during periods of congestion because there are no congestion report messages that could be lost and existing congestion is never aggravated. Our solution has several applications ranging from informing IP fast re-route algorithms and traffic engineering schemes to assisting in inter-domain path selection.
{"title":"Inferring a network congestion map with zero traffic overhead","authors":"Florin Dinu, T. Ng","doi":"10.1109/ICNP.2011.6089083","DOIUrl":"https://doi.org/10.1109/ICNP.2011.6089083","url":null,"abstract":"This paper proposes a purely passive method for inferring a congestion map of a network. The congestion map is computed using the congestion markings carried in existing traffic, and is continuously updated as traffic is received. Consequently, congestion changes can be tracked in a real-time fashion with zero traffic overhead. Unlike active congestion reporting methods, our novel passive method is more robust during periods of congestion because there are no congestion report messages that could be lost and existing congestion is never aggravated. Our solution has several applications ranging from informing IP fast re-route algorithms and traffic engineering schemes to assisting in inter-domain path selection.","PeriodicalId":202059,"journal":{"name":"2011 19th IEEE International Conference on Network Protocols","volume":"36 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120904599","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-10-17DOI: 10.1109/ICNP.2011.6089068
Eugene Chai, K. Shin
The uncoordinated deployment of many high-bandwidth 802.11a/g/n access points (APs) in urban areas offers the potential for WLANs to be a strong complement to cellular networks in providing ubiquitous connectivity. However, given that the bandwidth of the backhaul links connected to these APs is often an order-of-magnitude lower than that of the WLAN channel, aggregating the throughput from multiple APs is often necessary in order for the client to achieve an acceptable level of network performance. In this paper, we present Sidekick — a simple and novel AP aggregation protocol that exploits effective communication between 802.11a/g/n nodes on partially overlapping channels to attain high aggregate throughput in the face of dynamic WLAN and backhaul link conditions. Sidekick is built upon Aileron, which provides an extremely reliable and low-overhead control channel over which the APs and clients can coordinate the aggregation process. The use of such a control channel over partially overlapping channels enables Sidekick to quickly respond to varying bandwidth availability and probe for new transmission opportunities with little overhead. Our evaluation results indicate that Sidekick can make more than 30% improvement in throughput over FatVAP in a variety of situations.
{"title":"Sidekick: AP aggregation over partially overlapping channels","authors":"Eugene Chai, K. Shin","doi":"10.1109/ICNP.2011.6089068","DOIUrl":"https://doi.org/10.1109/ICNP.2011.6089068","url":null,"abstract":"The uncoordinated deployment of many high-bandwidth 802.11a/g/n access points (APs) in urban areas offers the potential for WLANs to be a strong complement to cellular networks in providing ubiquitous connectivity. However, given that the bandwidth of the backhaul links connected to these APs is often an order-of-magnitude lower than that of the WLAN channel, aggregating the throughput from multiple APs is often necessary in order for the client to achieve an acceptable level of network performance. In this paper, we present Sidekick — a simple and novel AP aggregation protocol that exploits effective communication between 802.11a/g/n nodes on partially overlapping channels to attain high aggregate throughput in the face of dynamic WLAN and backhaul link conditions. Sidekick is built upon Aileron, which provides an extremely reliable and low-overhead control channel over which the APs and clients can coordinate the aggregation process. The use of such a control channel over partially overlapping channels enables Sidekick to quickly respond to varying bandwidth availability and probe for new transmission opportunities with little overhead. Our evaluation results indicate that Sidekick can make more than 30% improvement in throughput over FatVAP in a variety of situations.","PeriodicalId":202059,"journal":{"name":"2011 19th IEEE International Conference on Network Protocols","volume":"96 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-17","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115177952","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-10-01DOI: 10.1109/ICNP.2011.6089034
Wei Wang, B. Leong, Wei Tsang Ooi
It is well known that the pervasive IEEE 802.11 MAC is intrinsically unfair [1, 3]. In particular, in the topology shown in Fig. 1(a), when links AB and CD both carry backlogged transmissions, the packets from sender A experience persistent collisions at node B while sender C enjoys collision-free transmission to D. Node A can transmit successfully only if it is able to “insert” its packets into the small inter-packet gaps of C's packets. Thus, we refer to the topology in Fig. 1(a) as the unfair topology and to C and A as the superior and inferior nodes respectively.
{"title":"Understanding and mitigating TCP starvation in 802.11 wireless mesh networks","authors":"Wei Wang, B. Leong, Wei Tsang Ooi","doi":"10.1109/ICNP.2011.6089034","DOIUrl":"https://doi.org/10.1109/ICNP.2011.6089034","url":null,"abstract":"It is well known that the pervasive IEEE 802.11 MAC is intrinsically unfair [1, 3]. In particular, in the topology shown in Fig. 1(a), when links AB and CD both carry backlogged transmissions, the packets from sender A experience persistent collisions at node B while sender C enjoys collision-free transmission to D. Node A can transmit successfully only if it is able to “insert” its packets into the small inter-packet gaps of C's packets. Thus, we refer to the topology in Fig. 1(a) as the unfair topology and to C and A as the superior and inferior nodes respectively.","PeriodicalId":202059,"journal":{"name":"2011 19th IEEE International Conference on Network Protocols","volume":"148 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116561562","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2011-10-01DOI: 10.1109/ICNP.2011.6089052
Bingyang Liu, J. Bi, Y. Zhu
Filtering IP packets with spoofed source addresses not only improves network security, but also helps with network diagnosis and management. Compared with filtering spoofing packets at the edge of network which involves high deployment and maintenance cost, filtering at autonomous system (AS) borders is more cost-effective. Inter-AS anti-spoofing, as its name suggests, is implemented on AS border routers to filter spoofing packets before their entering or leaving an AS. Existing inter-AS anti-spoofing approaches focus on filtering efficiency, but lacks of deployability. In this paper we first introduce three properties of a deployable inter-AS anti-spoofing approach, incremental deployability, high deployment incentives and low deployment cost. Then we propose DIA, the first inter-AS anti-spoofing approach meeting the three properties. We present the design of DIA and evaluate its deployability with real Internet data. The evaluation results show that DIA provides high deployment incentives for Internet Service Providers by significantly mitigating spoofing based denial of service attacks. Our implementation proves that DIA can be easily implemented in commodity routers and minimize the deployment cost.
{"title":"A deployable approach for inter-AS anti-spoofing","authors":"Bingyang Liu, J. Bi, Y. Zhu","doi":"10.1109/ICNP.2011.6089052","DOIUrl":"https://doi.org/10.1109/ICNP.2011.6089052","url":null,"abstract":"Filtering IP packets with spoofed source addresses not only improves network security, but also helps with network diagnosis and management. Compared with filtering spoofing packets at the edge of network which involves high deployment and maintenance cost, filtering at autonomous system (AS) borders is more cost-effective. Inter-AS anti-spoofing, as its name suggests, is implemented on AS border routers to filter spoofing packets before their entering or leaving an AS. Existing inter-AS anti-spoofing approaches focus on filtering efficiency, but lacks of deployability. In this paper we first introduce three properties of a deployable inter-AS anti-spoofing approach, incremental deployability, high deployment incentives and low deployment cost. Then we propose DIA, the first inter-AS anti-spoofing approach meeting the three properties. We present the design of DIA and evaluate its deployability with real Internet data. The evaluation results show that DIA provides high deployment incentives for Internet Service Providers by significantly mitigating spoofing based denial of service attacks. Our implementation proves that DIA can be easily implemented in commodity routers and minimize the deployment cost.","PeriodicalId":202059,"journal":{"name":"2011 19th IEEE International Conference on Network Protocols","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2011-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130274902","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: