ABSTRACT
In the current Internet, there is no clean way for affected parties to react to poor forwarding performance: to detect and assess Service Level Agreement (SLA) violations by a contractual partner, a domain must resort to ad-hoc monitoring using probes. Instead, we propose Network Confessional, a new, systematic approach to the problem of forwarding-performance verification. Our system relies on voluntary reporting, allowing each network domain to disclose its loss and delay performance to its customers and peers and, potentially, a regulator. Most importantly, it enables verifiable performance measurements, i.e., domains cannot abuse it to significantly exaggerate their performance. Finally, our system is tunable, allowing each participating domain to determine how many resources to devote to it independently (i.e., without any inter-domain coordination), exposing a controllable trade-off between performance-verification quality and resource consumption. Our system comes at the cost of deploying modest functionality at the participating domains' border routers; we show that it requires reasonable resources, well within modern network capabilities.
- Gilbert-Elliot Loss Model. http://www.eecs.tu-berlin.de/fileadmin/fg112/Papers/tkn_report02.pdf.Google Scholar
- USNO GPS Time Transfer. http://tycho.usno.navy.mil/gpstt.html.Google Scholar
- BGP Table Data. http://bgp.potaroo.net/as6447, October 2009.Google Scholar
- Ofcom Reveals UK Real Broadband Speeds. http://www.ofcom.org.uk/media/features/broadbandspeedsjy, 2009.Google Scholar
- Office of Communications, Traffic Management and Net Neutrality. http://www.ofcom.org.uk/consult/condocs/net-neutrality/summary/, June 2010.Google Scholar
- K. Argyraki, P. Maniatis, D. R. Cheriton, and S. Shenker. Providing Packet Obituaries. In Proceedings of the ACM Workshop on Hot Topics in Networking (HotNets), November 2004.Google Scholar
- K. Argyraki, P. Maniatis, O. Irzak, S. Ashish, and S. Shenker. Loss and Delay Accountability for the Internet. In Proceedings of the IEEE International Conference on Network Protocols (ICNP), October 2007.Google ScholarCross Ref
- K. Argyraki, P. Maniatis, and A. Singla. Verifiable Network-Performance Measurements. Technical report, EPFL, Switzerland, November 2010.Google Scholar
- J. Burbank, W. Kasch, J. Martin, and D. Mills. Network Time Protocol Version 4 Protocol and Algorithms Specification. http://tools.ietf.org/html/draft-ietf-ntp-ntpv4-proto-06, May 2007.Google Scholar
- M. Dobrescu, N. Egi, K. Argyraki, B.-G. Chun, K. Fall, G. Iannaccone, A. Knies, M. Manesh, and S. Ratnasamy. RouteBricks: Exploiting Parallelism to Scale Software Routers. In Proceedings of the ACM Symposium on Operating Systems Principles (SOSP), October 2009. Google ScholarDigital Library
- N. Duffield and M. Grossglauser. Trajectory Sampling for Direct Traffic Observation. IEEE/ACM Transactions on Networking, 9(3):280--292, June 2001. Google ScholarDigital Library
- L. Gharai, C. Perkins, and T. Lehman. Packet reordering, high speed networks and transport protocol performance. In Proceedings of the International Conference on Computer Communications and Networks (ICCCN), October 2004.Google ScholarCross Ref
- S. Goldberg, D. Xiao, B. Barak, and J. Rexford. A Cryptographic Study of Secure Internet Measurement. Technical Report TR-783-07, Princeton University, May 2007.Google Scholar
- S. Goldberg, D. Xiao, E. Tromer, B. Barak, and J. Rexford. Path-Quality Monitoring in the Presence of Adversaries. In Proceedings of the ACM SIGMETRICS Conference, June 2008. Google ScholarDigital Library
- E. Katz-Bassett, H. V. Madhyastha, V. K. Adhikari, C. Scott, J. Sherry, P. van Wesep, T. Anderson, and A. Krishnamurthy. Reverse Traceroute. In Proceedings of the USENIX Conference on Networked Systems Design and Implementation (NSDI), April 2010. Google ScholarDigital Library
- E. Katz-Bassett, H. V. Madhyastha, J. P. John, A. Krishnamurthy, D. Wetherall, and T. Anderson. Studying Black Holes in the Internet with Hubble. In Proceedings of the USENIX Conference on Networked Systems Design and Implementation (NSDI), April 2008. Google ScholarDigital Library
- R. R. Kompella, K. Levchenko, A. C. Snoeren, and G. Varghese. Every Microsecond Counts: Tracking Fine-Grain Latencies with a Lossy Difference Aggregator. In Proceedings of the ACM SIGCOMM Conference, August 2009. Google ScholarDigital Library
- P. Laskowski and J. Chuang. Network Monitors and Contracting Systems. In Proceedings of the ACM SIGCOMM Conference, September 2006. Google ScholarDigital Library
- N. McKeown, T. Anderson, H. Balakrishnan, G. Parulkar, L. Peterson, J. Rexford, S. Shenker, and J. Turn. OpenFlow: Enabling Innovation in Campus Networks. ACM Computer Communications Review, 38(2), April 2008. Google ScholarDigital Library
- M. Molina, S. Niccolini, and N. G. Duffield. A Comparative Experimental Study of Hash Functions Applied to Packet Sampling. In Proceedings of International Teletraffic Congress (ITC), September 2005.Google Scholar
- P. Phaal and S. Panchen. Sampling Basics. http://www.sflow.org/packetSamplingBasics/index.htm.Google Scholar
- J. Sommers, P. Barford, N. Duffied, and A. Ron. Accurate and Efficient SLA Compliance Monitoring. In Proceedings of the ACM SIGCOMM Conference, August 2007. Google ScholarDigital Library
- X. Zhang, A. Jain, and A. Perrig. Packet-dropping Adversary Identification for Data Plane Security. In Proceedings of the ACM CoNext Conference, 2008. Google ScholarDigital Library
Index Terms
- Verifiable network-performance measurements
Recommendations
Performance evaluation of important ad hoc network protocols
A wireless ad hoc network is a collection of specific infrastructureless mobile nodes forming a temporary network without any centralized administration. A user can move anytime in an ad hoc scenario and, as a result, such a network needs to have ...
Performance Improvement by Means of Collaboration between Network Intrusion Detection Systems
CNSR '09: Proceedings of the 2009 Seventh Annual Communication Networks and Services Research ConferenceBecause of today's increased traffic volume and sophisticated attacks, implementing a network intrusion detection/prevention system (NIDS/NIPS) with a single workstation has been challenging. In this paper, we propose Brownie, a system for improving ...
Network intrusion detection
Intrusion detection is a new, retrofit approach for providing a sense of security in existing computers and data networks, while allowing them to operate in their current "open" mode. The goal of intrusion detection is to identify unauthorized use, ...
Comments