RouteLite: One-hop path splicing with path migration

As Internet applications demand high flexibility and reliability, giving an end-user control over routing while not breaking the Internet has been attractive to both end-users and Internet Services Providers (ISPs). In this paper, we present RouteLite, a lightweight routing scheme that achieves “controlled flexibility”, i.e., provide users with flexibility in selecting routes while only behaving users are granted such flexibility. RouteLite consists of one-hop path splicing and path migration, where we can migrate traffic seamlessly between different paths during transmission based on an end-user's behavior. RouteLite can not only grant an end-user control over routing through her behavior but also help ISPs operate their network efficiently and securely while achieving flexibility on the part of the users. The controlled flexibility can be realized through a credit-based accounting mechanism, through measurement based on the feedback on end-user's past behavior to control and trigger the path migration. We implement a prototype of such a RouteLite system and the experimental and simulation results show the efficiency of our proposed RouteLite scheme even with malicious users attempting to abuse the system causing DDoS-type congestion.

[1]  John W. Stewart,et al.  BGP4 : inter-domain routing in the Internet , 1998 .

[2]  Shunji Abe,et al.  IP Packet Size Entropy-Based Scheme for Detection of DoS/DDoS Attacks , 2008, IEICE Trans. Inf. Syst..

[3]  Roch Guérin,et al.  On the robustness of router-based denial-of-service (DoS) defense systems , 2005, CCRV.

[4]  Steven M. Bellovin,et al.  Implementing Pushback: Router-Based Defense Against DDoS Attacks , 2002, NDSS.

[5]  Filip De Turck,et al.  Multiprotocol Label Switching (MPLS) , 2003 .

[6]  Srikanth Kandula,et al.  Dynamic load balancing without packet reordering , 2007, CCRV.

[7]  Yin Zhang,et al.  On selfish routing in Internet-like environments , 2003, IEEE/ACM Transactions on Networking.

[8]  Stefan Savage,et al.  The end-to-end effects of Internet path selection , 1999, SIGCOMM '99.

[9]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[10]  Sandro Rodrigo Gonçalves Bastos Multiprotocol Label Switching - MPLS , 2003 .

[11]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[12]  Xiaowei Yang,et al.  Source selectable path diversity via routing deflections , 2006, SIGCOMM.

[13]  Manuel Blum,et al.  reCAPTCHA: Human-Based Character Recognition via Web Security Measures , 2008, Science.

[14]  Amin Vahdat,et al.  Detour: informed Internet routing and transport , 1999, IEEE Micro.

[15]  Jennifer Rexford,et al.  MIRO: multi-path interdomain routing , 2006, SIGCOMM.

[16]  Scott Shenker,et al.  Routing as a Service , 2006 .

[17]  SavageStefan,et al.  The end-to-end effects of Internet path selection , 1999 .

[18]  Krishna P. Gummadi,et al.  Improving the Reliability of Internet Paths with One-hop Source Routing , 2004, OSDI.

[19]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[20]  Shunji Abe,et al.  Detecting DoS attacks using packet size distribution , 2007, 2007 2nd Bio-Inspired Models of Network, Information and Computing Systems.

[21]  Amin Vahdat,et al.  Detour: a Case for Informed Internet Routing and Transport , 2007 .

[22]  X.. Yang,et al.  NIRA: A New Inter-Domain Routing Architecture , 2007, IEEE/ACM Transactions on Networking.

[23]  Akihiro Nakao,et al.  Overfort: Combating DDoS with peer-to-peer DDoS puzzle , 2008, 2008 IEEE International Symposium on Parallel and Distributed Processing.

[24]  Santosh S. Vempala,et al.  Path splicing , 2008, SIGCOMM '08.

[25]  K. Raza Juniper Networks , 2009 .