Professional Documents
Culture Documents
Aoe Ddos
Aoe Ddos
Server
Throttle
Aggressive flow for S
To S
Throttle
To S’
for S’
Deployment router
C: Each victim has a leaky bucket for rate limit.
Small memory and computationoverhead!
Operating System Concepts 1.6
Key Design Problems
Resource allocation: who is entitled to
what?
need to keep server operating within load limits
notion of fairness, and how to achieve it?
Need global, rather than router-local,
fairness
How to respond to network and user
dynamics (e.g., fluctuation of traffic)?
Feedback control strategy is needed
Server
Hysteresis control
high and low water marks for server load, to
strengthen or relax router throttle
6.25
0.22 0.22
14.1
15.51
59.9 0.01
Server 6.25
17.73
6.25 1.40 17.73
20.53 0.61
0.95
0.95 0.61
Operating System Concepts 1.15
Interesting Questions
Step size
ANALOGY!!!
Operating System Concepts 1.18
Feedback Control Model (Us=1750;Ls=1650)
Constant
Source of 20
Constant
Source of 30
Constant
Source of 25
Constant
Source of 4000
Constant
Source of 2800
Square Pulse
On Linux router
loadable kernel module
CPU resource reservation
Deployment platform
Pentium 4/2G Hz PC
multiple 10/100 Mb/s Ethernet
interfaces
http://www.cse.cuhk.edu.hk/~cslui/ANSRlab/software/o
pera/
A Linux-based package for implementing a software
programmable router architecture with the aim to facilitate
networking experiments for the research community. Using
this architecture, one can dynamically load new extension
and services into the programmable router. Some interesting
extensions include QoS support and traceback of DDoS
attacks.)