Welcome to CS 395/495Advanced Networking

What is this class about?

• Goal: to help you learn how to do the networking research

– Read research papers

– Argue and convey your ideas

– Execute a research project

– Write a research paper

– Test your ability to generate research ideas

– Learn about hot topics in networking and Internet security

Typical Path

• Pick a research topic (e.g., security, congestion control, ad-hoc wireless nets, etc.)

• Learn as much as you can about the topic (read papers)

• Generate a research idea (something that nobody else did before)

• Execute your idea (e.g., modeling, simulations, implementation, measurements)

• Write a paper and submit to a conference/journal

• Present the paper at a conference

Typical Problems

• You may know a topic that you are interested in

• Yet, you don’t know the related work

• It is sometimes hard to generate an idea, even if you know the related work

• By the time you come up with an idea, several quarters may pass (it took me 2 years!)

How to do it all?

• Projects:

– I’ll provide you with a well-defined, yet open, research projects

– The goal is to submit your research papers to top networking conferences

• Classes:

– Discuss various networking research topics (e.g., security, congestion control, ad-hoc wireless nets, etc.)

– Learn how to read papers

• Final:

– Generate a research idea (something that nobody else did before)

What do I expect from you:

• This is not an ordinary class

– This is a reality show!

• I’ll treat you as my PhD students

• I’ll expect you to behave as my PhD students:

– Independent

– Self-motivated

– Hard-working

Overview

• Administrative stuff

• Classes:

– Reading papers

– Paper reviews

– Presentations/debating

– Research idea

• Projects:

– Topics

• Seminar class: paper reading + a big project

– Each class a new paper

– More on the class structure later

• We will have some classes with the Internet Security class

– How many of you can make it Mon and Wed @ 2pm

Course Overview

Instructor• Aleksandar Kuzmanovic (

akuzma@cs.northwestern.edu),

Office Hours: for Classes Fri. 2-3pm

(2:00pm – for next week’s Mon class;

2:30pm – for next week’s Wed class;)

for Projects

Group 1: Monday, after the class;

Group 2: Wednesday, after the class;

Rm 356, 1890 Maple Ave.

TA

• Stefan Birrer

(s-birrer@cs.northwestern.edu) Office Hours: TBA

Prerequisites and Course Materials

• Required: CS340 (Intro to computer networking)

• Highly Recommended: OS or having some familiarity with Unix systems programming

• No required textbook – paper reading!

• Recommended (see webpage for a complete list)

o Computer Networking: A Top-Down Approach Featuring the Internet, [KR], Second Edition, James Kurose and Keith Ross, Addison Wesley, 2005

Grading• No exams for this class

• Class: 50%

– Paper reading summary 10%

– In class paper presentation and debating 25%

– Class participation and discussion (when you are not directly debating) 15%

• Project 50%

– Proposal 5% (up to 3 pages)

– Midterm report 5% (up to 6 pages)

– Weekly report and meeting 10%

– Project presentation 10%

– Final report, 12 pages, 20%

• Research idea 10%

– Required, up to 3 pages, 10%

Communication and Policies• Web page:

http://www.cs.northwestern.edu/~akuzma/classes/CS495-s05/

• Newsgroup (cs.advnet) is available

• Group e-mail advnet-s05@cs.northwestern.edu

• Send emails to instructor and TA for questions inappropriate in newsgroup

• Paper reading summary is due by noon on Mon and Wed

– Send both to TA and myself

– You can miss one paper summary without any consequences

Overview

• Administrative stuff

• Classes:

– Topics

– Paper readings and reviews

– Presentations/debating

– Research idea

• Projects:

– Topics

• I tried to pick interesting papers (breadth vs. depth)

– Network architectures

– Congestion control

– Wireless / ad-hoc networks

– Worms and viruses

– Denial of service attacks (in P2P and stealthy DoS) vs flash crowds

– Network false diagnostics

– BGP/routing anomalies

– Measurement-based inference

Course Topics

Reading papers

• Why read?

• Decide what to read

• Reading for breadth: build a framework

• Reading in depth: Challenge what you read

– if you will lead a debate

Reviews

• Should… – Point out the paper's contributions, strengths as well as

weaknesses.

• Think in terms of what makes good research?

• What qualities make a good paper?

• What are the potential future impacts of the work?

• Note that there is no right or wrong answer to these questions

• A review's quality will mainly depend on its thoughtfulness.

• Restating the abstract/conclusion of the paper will not earn a top grade.

Writing Reviews (2)• Write a very brief summary of each paper, to be

emailed to the TA and me before the class (.txt please)

• Summary should include:

– Paper title and its author(s)

– A short paragraph summary (what is this paper about?)

– A paragraph of the most significant new insight(s) you took away from the paper (what is good? what is the contribution?)

– A paragraph of the one or two most significant flaw(s) of the paper (what is bad?)

– Explain what reference would you read next and why

– Give a grade to the paper (1-5)

Overview

• Administrative stuff

• Classes:

– Topics

– Paper readings and reviews

– Presentations/debating

– Research idea

• Projects:

– Topics

Defense (1)

• 30 minutes; should present as if it were his/her own

• The point is to make a compelling case why the contribution is significant.

• the context of the contribution,

• prior work,

– If an older paper: how the work has influenced the research community or industry's directions (impact)

– If newer paper: arguments for the potential impact

Defense (2)

– should go well beyond a paper "summary“

– The defense should not critique the work other than to try to pre-empt attacks from the offense (e.g., by explicitly limiting the scope of the contribution).

– The defense should also try to look up related work to support their case

Offense (1)

• 20 minutes; should act as Michael Jackson’s attorney

• Should critique the work, and make a case for – missing links, unaddressed issues, lack of impact,

inappropriateness of the problem formulation, etc.

• The more insightful and less obvious the criticisms the better

• While the offense should prepare remarks in advance, they should also react to the points made by the defense.

• Hint: The offense should also try to look up related work to support their case

Offense (2)

• The defense and offense will be allowed follow up arguments,

• The class will question either side either for clarifications or to add to the discussions and controversy and make their own points on either side.

• Use Powerpoint (feel free to use existing presentations from the Web)

Internet Security class

• We will have some of the classes with the Internet Security group

• The structure in the joint classes will be

– ½ debates and

– ½ presentations and discussions

– On average, each student will give 1 presentation (offense, defense, or presentation) once in 2 weeks (4 presentations totally)

Overview

• Administrative stuff

• Classes:

– Topics

– Paper readings and reviews

– Presentations/debating

– Research idea

• Projects:

– Topics

Research Idea (1)

• At the end of semester, you should hand in a research proposal

• Up to 3 pages including references

• Something that nobody else did before

– What would you do?

– How would you do it?

Research idea (2)

• Writing the research-idea documents:

– What is the main idea?

– Why is it important/interesting?

– What is the related work?

– What would you actually do?

• How would you execute the idea:

– Modeling, simulations, experiments?

– What is the expected outcome?

Overview

• Administrative stuff

• Classes:

– Topics

– Paper readings and reviews

– Presentations/debating

– Research idea

• Projects:

– Topics

Timetable

• Week 1 (Wednesday 3/30 - tomorrow) Find a partner, choose a topic for your project, and meet with the instructor.

• Week 3 (Monday 4/11) Write an introduction describing the problem and how you plan to approach it (what will you actually do?). Include motivation (why does the problem matter?) and related work (what have others already done about it?). 3 pages total.

• Week 6 (Wednesday 5/4) Update your paper to include your preliminary results. 6 pages total.

• Week 10 (Wednesday 6/1): Presentations by all groups.

• Week 11 (Friday 6/10) Turn in your completed paper. 12 pages total.

Projects (1)

• I am providing you with 2 projects

• I need 2 group representatives right now!

– If you don’t like the projects

• you should come-up with your own ideas and

• convince me that you should really do that

Projects (2)

• Project 1: “On the Effects of Selfish Web Browsing”, 3 students

– Targeted conference: Infocom 2006 (Apr 23-29), Barcelona, Spain; deadline July 6, 2005.

• Project 2: “Denial of Service Attacks against Web Proxies”, 2 students

– Targeted conference: NSDI 2006 (May), San Jose, CA; deadline October 15, 2005.

Project 1 background:HTTP connections

Nonpersistent HTTP issues:

• requires 2 RTTs per object

• OS must work and allocate host resources for each TCP connection

• but browsers often open parallel TCP connections to fetch referenced objects

Persistent HTTP

• server leaves connection open after sending response

• subsequent HTTP messages between same client/server are sent over connection

Persistent without pipelining:

• client issues new request only when previous response has been received

• one RTT for each referenced object

Persistent with pipelining:

• default in HTTP/1.1

• client sends requests as soon as it encounters a referenced object

• as little as one RTT for all the referenced objects

Problem (1)

• It has been detected that some web browsers (e.g., Internet Explorer) use persistent parallel connections with pipelining

• Example:

– Page has 6 objects: 3 connections, 2 objects each

• Motivation:

– To speed up the download times

• for big pages

• during flash crowds by pushing competing flows

Problem (2)

• Intuitively, this is a selfish, yet a good way to improve download times

• However, it is not clear whether such a behavior can always give you a better performance

• The hypothesis of this project such a behavior can significantly degrade your performance

– because the TCP connection establishment price can be extremely high (3 sec initial timeout)

Project 1 Goals

• When is parallel-TCP download worse than a single-TCP download

• Parameters

– Number of parallel TCP flows

– Number and size of objects in the web page

– Packet loss ratio at the bottleneck

– Etc.,

Methodology

• Modeling

– Treat the problem analytically

– I will provide initial ideas and references

• Simulations

– NS-2 simulator (C, C++)

– I will provide initial code

• Testbed experiments

– Room 242 (my lab)

Project 2

• Project 2: “Denial of Service Attacks against Web Proxies”, 2 students

Web caches (proxy server)

• user sets browser: Web accesses via cache

• browser sends all HTTP requests to cache

– object in cache: cache returns object

– else cache requests object from origin server, then returns object to client

Goal: satisfy client request without involving origin server

client

Proxyserver

client

HTTP request

HTTP request

HTTP response

HTTP response

HTTP request

HTTP response

origin server

origin server

Problem

• Servers are well protected

• No protection available for web caches!

• Denial-of-service:

– Polluting web caches with irrelevant content and significantly degrade the file hit ratio

• Disrupting the file locality

• Creating a false file locality

– Keep the polluted content alive: very low-rate activity

– Together with a simple parallel download on the access link, this can significantly degrade the system performance

originservers

public Internet

institutionalnetwork 10 Mbps LAN

1.5 Mbps access link

institutionalcache

Project 2 Goals

• To understand, create, and evaluate

– stealthy denial-of-service attacks against web caches and

– protection mechanisms

• Parameters

– LAN and access-link speeds, number of clients

– Cache size and file distribution

– Cache replacement algorithm

– Cooperative DoS strategies

– Protection mechanisms

Methodology

• Modeling– Treat the problem analytically (replacement strategies,

system parameters)

– I will provide initial references

• Simulations– Design a simulator to explore the problem

– Using real-world cache logs

• Experiments– Design a simple (yet malicious) web crawler and

– Perform a DoS against the Northwestern CS cache server!

Group meetings

• Group 1:

– Meet me tomorrow after the class

• Group 2:

– Meet me tomorrow 30 min. after the class

Questions

Format of the Presentation• Presentation should include the following

– Motivation

– Classification of related work/background

– Main ideas

– Evaluation and results

– Open issues

• Send the slides to the TA and me for review at least 24 hours ahead of the class

• Guidelines online

Projects• The most important part of class

– Group of 2+ people

• Project list will be online soon

• Proposal – April 8– 3-4 pages with another 1-2 pages references.

• Design Document – April 15– 4-5 pages with a detailed description of the software design,

load distribution among group members.

• Weekly Meeting and Progress Report – 4/13-5/25– Each team will schedule a weekly meeting (30 minutes) with

me. A work-in-progress report (except the 4/13 week) of 1-2 pages is due 24 hours ahead of the meeting.

• Project Presentation – June 1 and 3

• Final Report – June 9

Project 1 background:HTTP connections

Nonpersistent HTTP

• At most one object is sent over a TCP connection.

• HTTP/1.0 uses nonpersistent HTTP

Persistent HTTP

• Multiple objects can be sent over single TCP connection between client and server.

• HTTP/1.1 uses persistent connections in default mode

Nonpersistent HTTPSuppose user enters URL www.someSchool.edu/someDepartment/home.index

1a. HTTP client initiates TCP connection to HTTP server (process) at www.someSchool.edu on port 80

2. HTTP client sends HTTP request message (containing URL) into TCP connection socket. Message indicates that client wants object someDepartment/home.index

1b. HTTP server at host www.someSchool.edu waiting for TCP connection at port 80. “accepts” connection, notifying client

3. HTTP server receives request message, forms response message containing requested object, and sends message into its socket

time

(contains text, references to 10

jpeg images)

Nonpersistent HTTP (cont.)

5. HTTP client receives response message containing html file, displays html. Parsing html file, finds 10 referenced jpeg objects

6. Steps 1-5 repeated for each of 10 jpeg objects

4. HTTP server closes TCP connection.

time

Response time modeling

Definition of RRT: time to send a small packet to travel from client to server and back.

Response time:

• one RTT to initiate TCP connection

• one RTT for HTTP request and first few bytes of HTTP response to return

• file transmission time

total = 2RTT+transmit time

time to transmit file

initiate TCPconnection

RTT

requestfile

RTT

filereceived

time time

More about Web caching

• Cache acts as both client and server

• Typically cache is installed by ISP (university, company, residential ISP)

Why Web caching?

• Reduce response time for client request.

• Reduce traffic on an institution’s access link.

• Internet dense with caches enables “poor” content providers to effectively deliver content (but so does P2P file sharing)

Caching example Assumptions

• average object size = 100,000 bits

• avg. request rate from institution’s browsers to origin servers = 15 req/sec

• delay from institutional router to any origin server and back to router = 2 sec

Consequences

• utilization on LAN = 15%

• utilization on access link = 100%

• total delay = Internet delay + access delay + LAN delay

= 2 sec + minutes + milliseconds

originservers

public Internet

institutionalnetwork 10 Mbps LAN

1.5 Mbps access link

institutionalcache

Caching example (cont)Possible solution

• increase bandwidth of access link to, say, 10 Mbps

Consequences

• utilization on LAN = 15%

• utilization on access link = 15%

• Total delay = Internet delay + access delay + LAN delay

= 2 sec + msecs + msecs

• often a costly upgrade

originservers

public Internet

institutionalnetwork 10 Mbps LAN

10 Mbps access link

institutionalcache

Caching example (cont)

Install cache• suppose hit rate is .4

Consequence• 40% requests will be satisfied

almost immediately

• 60% requests satisfied by origin server

• utilization of access link reduced to 60%, resulting in negligible delays (say 10 msec)

• total avg delay = Internet delay + access delay + LAN delay = .6*(2.01) secs + milliseconds < 1.4 secs

originservers

public Internet

institutionalnetwork 10 Mbps LAN

1.5 Mbps access link

institutionalcache