Content-oriented Networking Platform:

A Focus on DDoS Countermeasure

(In incremental deployment perspective)

Authors:Junho Suh, Hoon-gyu Choi,

Wonjun Yoon@Seoul National University

Outline

• Introduction

• Content-oriented Networking Architecture– Communication Procedure–Main components– Scenario

• Summary

2

Change in Communication Paradigm

• Move to Content-oriented Network– Internet traffic is already content-

oriented• CDN, multimedia, P2P…

– Users/applications care “what to receive”• They don’t care “from whom”• Host based communication model is

outdated3

IP networking vs. Content networking

• IP networking– Lookup-by-name

• Indirection (from name to locator)– Availability concerned

• Locators can be aggregated– Achieving routing scalability

• Content-oriented networking– Route-by-name

• No indirection– Better availability

• Scalability issue– Content name is flat

• No backward compatibility

4

Content networking under IP network

• Observations– Current IP networking leverages network prefixes in

routing• Routing scalability is good

– Content-oriented networking is not good for routing, but good for availability• Huge scaling burden

– No backward compatibility in content-oriented networking

• Content routing and IP routing should be combined

• We propose a grassroots approach– Some popular contents will be cached– Routing info. for those contents can be propagated in

local and best-effort manner

5

Content-oriented networking platform

• Objectives– Exploit content networking to adopt

current Internet• New entities– Content-aware Agent• Interact content based network and IP

network

• Achievements– Security, accountability, incremental

deployment to the current Internet

6

Content Request• IP-less communication• Assumption

– Lookup “Content Name” by web search– Content Name

• URI form• http://youtube.com/south-afreeca-worldcup-2010.avi

• Communication inside domain– Requests are relayed to CAA by L2 forwarding– CAA contacts DNS– Consumer cannot contact server directly

1: I want a particular content (e.g. HTTP URI)

2: Here you areconsumer CAA

internet

7

Content Distribution

• Registers its domain name in DNS– Agent’s IP address (of the egress link)

8

publisher CAA

internet1: a request for your content

2: here you are

Content-Aware Agent (CAA)

• Proxy for interacting with IP network– Handle content requests/response

• FQDN to obtain IP address for publisher’s CAA– Authority content server’s CAA

– Caching the requested contents

• Gateway for heterogeneous networks– Protocol translate or Tunneling– Relay contents in inter-domain

environment

9

General Architecture

Agent

Gateway A

Gateway B

Publisher

Content request

Agent’s IP address

Agent

DNS

Content based Communication IP based Communication

host

Content Distribution

Domain Name System

Content-Aware Agent (CAA)

Content-Aware Router (CAR)

10

Content distribution

Scenario

• DDoS can happen by requesting content (using HTTP URIs)–Many hosts across multiple ISPs

• Agent of the publisher detects first– Informs the all the gateways of this event– To request countermeasure

• A gateway solicits other gateway to reduce the content request rate to the publisher under attack

11* DDoS might not be activated by some admission control

Implementation

12

Software

PCI Bus

CPURxQCPURxQ

CPUTxQCPUTxQ

CPURxQCPURxQ

CPUTxQCPUTxQ

CPURxQCPURxQ

CPUTxQCPUTxQ

CPURxQCPURxQ

CPUTxQCPUTxQ

nf2_reg_grpnf2_reg_grp

user data pathuser data path

nf2c0nf2c0 nf2c1nf2c1 nf2c2nf2c2 nf2c3nf2c3 ioctlioctl

MACTxQMACTxQ

MACRxQMACRxQ

MACTxQMACTxQ

MACRxQMACRxQ

MACTxQMACTxQ

MACRxQMACRxQ

MACTxQMACTxQ

MACRxQMACRxQ

Ethernet

2. Monitoring Requested contents

NetFPGA-Openflow1. Capture URI/URL

3. Accounting flow

4. Make decision whether DDoS or

not

Implementation

13

– In the header parser http_get messages are captured, and then forwarded to the nc2c0

– Otherwise, the module bypasses normal packets

Implementation

14

• Controller– Each agent solicits other agents to

reduce the content request rate to the publisher under attack via controller• To all connected Agent

• Agent– Checks and limits the rate (if # of

request > threshold)

Scenario Example

15

Attacker

Attacker

ContentServer

Regularhost

controller

Agent

HTTP GET

TCP flowControl flow

Summary

• Grassroots approach

• Content-oriented Networking Platform– Content-Aware Agent (CAA)

16