Network Resilience. From Concepts to Experimentation. FIRE Research Workshop - May 16 th 2011

Size: px

Start display at page:

Download "Network Resilience. From Concepts to Experimentation. FIRE Research Workshop - May 16 th 2011"

Briana Teresa Blankenship
8 years ago
Views:

1 Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Network Resilience From Concepts to Experimentation FIRE Research Workshop - May 16 th 2011 Georg Carle, TU München work in collaboration with the ResumeNet Consortium Credits: Ali Fessi (TUM) Yue Yu and Michael Fry (USyd) Matthew Broadbent, Alberto Schaeffer-Filho, Paul Smith and David Hutchison (ULANC) Mathias Fischer and Merkouris Karaliopoulos (ETHZ)

2 Motivation The Internet has become a critical infrastructure But was not designed to be one! Needed: a new approach towards a resilient Internet 2

3 DNS SIP AAA Voice user database SIP Complex and vulnerable infrastructure 3

4 Internet Structure Analysis 4

5 Internet Structure Data struktures from BGP updates Anomaly detection Example: earthquake in Japan, March

6 Motivation Challenges in the current Internet Topology Failures Cable cut, router crash, routing misbehaviour, Overload Network congestions, DoS attacks, Lack of integrity DNS poisoning, PKI poisoning, Software faults Development faults, e.g., buffer overflow in router implementation Configuration faults, e.g., misconfigured firewall Domino Effects Failures may propagate due to dependencies, e.g., DNS failure 6

7 ResumeNet: From Concepts to Experimentation Framework Challenge modeling ResilienceMetrics Control loops Resilience policies Multi-level resilience Mechanisms and algorithms Network resilience (redundancy, diversity in routing, transport, incentives for collaboration, challenge detection) Service resilience (overlays/p2p, virtualization, challenge detection, machine learning) Validation by Experimentation Resilient Service provision (Web, VoIP) using virtualization Wireless Mesh Networks (WMN) Opportunistic Networks Smart Environments 7

8 Control Loops Inner Control Loop (D 2 R 2 ) Real-time Control Loop Defend, Detect, Remediate, Recover Defend Diagnose Detect Outer control loop (DR) Diagnose, Refine long-term, slow reaction humans in the loop : re-design, policy change Recover Refine Remediate 8

9 Control Loop Implementation View Idealised system operation + + Off line Loop: DR Refine (Human) Defence Mechanisms Design & Policies Real time Loop: D 2 R 2 Challenges Resilience Target Resilience Estimator Resilience Manager Network & Services Resilience Mechanisms Service provided to users Resilience Knowledge Challenge Analysis Diagnose 9

10 Multi-stage Challenge Analysis Approach Incremental on-demand challenge analysis and remediation Challenge analysis strategy tailored to the: Deployment context Mechanism capabilities (Type of) challenge Use policies to define detection (and remediation) strategies Enables reusability and adaptation of approaches at run-time Less complete & Lightweight inform Challenge Analysis inform More complete & Heavier weight Coarse grain Remediation Challenge specific Time 10

11 Mechanisms Link Monitor IDS Classifier Less complete & Lightweight inform Challenge Analysis inform More complete & Heavier weight Coarse grain Remediation Challenge specific Limit (Link) Limit (Dest) Limit (Flow) Time 11

12 High Traffic Volume Challenge Detection and Remediation LocalManage LinkMonitor IDS RateLimiter Classifier FlowExporter r 12 setthreshold(t) load(link) start(link) limit(link) detect(dest) start(dest) limit(dest) classify(flow) classification(label, flow) limit(flow)

13 Policy-driven Resilience Simulator Policies Ponder2 Event on <event> if <condition> do <action> in/router N RPC obj in/router E RemediationInterface Managed objects (XMLRPC adaptors) RPC obj OMNeT++ Network Simulator RemediationInterface Adaptive actions 13

14 Experiments 1. Attack starts 2. The LinkMonitor detects threshold breach RateLimiter rate limits affected link (50%) 3. The IntrusionDetection identifies target IP address RateLimiter configured to limit to target (70%) and FlowExporter started 4. The Classifier identifies malicious flows RateLimiter blocks malicious flows 5. Final malicious flow classified and blocked 14

15 From Concepts to Experimentation Framework Challenge modeling ResilienceMetrics Control loops Resilience policies Multi-level resilience Mechanisms and algorithms Network resilience (redundancy, diversity in routing, transport, incentives for collaboration, challenge detection) Service resilience (overlays/p2p, virtualization, challenge detection, machine learning) Validation by Experimentation Resilient Service provision (Web, VoIP) using virtualization Wireless Mesh Networks (WMN) Opportunistic Networks Smart Environments 15

16 Supervised P2P Networks for Resilient Services Supervisor provides verifiable identities (e.g., X.509 certificates) At the overlay layer: Node ID At the application layer: SIP address Supervisor, not a Single-Point-of-Failure 16

17 Cooperative SIP (CoSIP) Registration Session setup REGISTER SIP SIP SIP INVITE A A INVITE B STORE GET P2P P2P STORE(hash(alice@example.com), IP:port) GET(hash(alice@example.com) ) 17

18 CoSIP Modeling of Peer Churn Pr [ peer is online until t ] Traces Power-Law Model Weibull Model Lifetime t R Skype supernode ( t) = Pr[ peer is online until t] = e t λ α ; α = 0.52; λ = 8.84; 18

19 CoSIP Modeling of Peer Churn R ( t) = 1 (1 R ( t)) replica peer k Goal Infrastructure failures can be successfully handled with probability

20 From Concepts to Experimentation Framework Challenge modeling ResilienceMetrics Control loops Resilience policies Multi-level resilience Mechanisms and algorithms Network resilience (redundancy, diversity in routing, transport, incentives for collaboration, challenge detection) Service resilience (overlays/p2p, virtualization, challenge detection, machine learning) Validation by Experimentation Resilient Service provision (Web, VoIP) using virtualization Wireless Mesh Networks (WMN) Opportunistic Networks Smart Environments 20

21 Resilient Service Provision with Virtualization Use Virtualization as a generic service Virtual machine live migration Typically within the same LAN Wide-area live migration Virtual machine acquires a new IP address Need to keep connectivity between VM and clients 21

22 VM Wide-Area Live Migration with Indirection Point Wide area live migration with IP address change Keep connectivity using an indirection point vm.uni-tuebingen.de Migration vm.tu-muenchen.de proxy.uni-tuebingen.de proxy.tum.de Client 22

23 VM Wide-Area Live Migration with E2E Notification Wide area live migration with IP address change Keep connectivity using end-to-end notification 23

24 Wide-Area VM Migration with E2E Notification SIP use case, message flow 24

25 Putting Everything Together Case Study: VoIP provider Defence: SIP server hosted in VM VM images distributed in the network Location of SIP UAs stored at server + P2P Verifiable peer Identities Challenges Software or hardware failure Misconfiguration Network failure Detection Client-side: UAs cannot reach server Infrastructure-side: Monitoring probes Distributed challenge detection Event correlation REGISTER A STORE P2P SIP VM STORE(hash(alice@example.com), IP:port) 25

26 Resumenet Integrated Use Case Remediation Session setup Client-side: UAs use P2P network to establish sessions SIP SIP INVITE Infrastructure-side: use VM to Migrate or A INVITE B Start new VM image with a SIP server running GET P2P Recovery Notification about new server location DNS updates Back to normal operation GET(hash(alice@example.com) ) 26

27 Conclusions The Internet has become a critical infrastructure A systematic approach is required for Network Resilience Service Resilience We developed a Resilience framework To build resilient network and services by design Challenge modelling, resilience metrics, policies Different mechanisms can be integrated into the resilience framework Overlay/P2P networks, Virtualization,... Validation by experimentation on different testbed platforms VM live migration between different sites in PlanetLab and G-Lab 27

28 Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle Thank you! Questions?

Network Resilience & DDoS attacks

Network Resilience & DDoS attacks Paul Smith School of Computing and Communications Lancaster University p.smith@comp.lancs.ac.uk The ResiliNets Group @ Lancaster http://www.comp.lancs.ac.uk/resilience