Distributed flow detection over multi-path sessions

Recently, there has been great interest in performing flow inspection within devices in the network. Frequently, a session passing through the network is routed through several paths either due to network architecture or due to malicious intent. This paper presents a re-routing layer that enables, for the first time, multi-path flow inspection. At any point in time, each session is inspected by a single inspection device using existing single-path flow inspection algorithms. Session packets that arrive at other devices are forwarded to the designated device. Our scheme takes into account the history of packet arrival among all collaborating devices for optimized re-routing. We show that the proposed mechanism is highly efficient in terms of the storage and communication overhead imposed on the network due to packet re-routing. The per-packet computation overhead at the devices is shown to be minimal and in the order of O(1).

[1]  Anjali Agarwal,et al.  Securing MPLS Networks with Multi-path Routing , 2007, Fourth International Conference on Information Technology (ITNG'07).

[2]  Yanghee Choi,et al.  Dynamic constrained multipath routing for MPLS networks , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[3]  Gerhard J. Woeginger,et al.  Online Algorithms , 1998, Lecture Notes in Computer Science.

[4]  George C. Polyzos,et al.  A Parameterizable Methodology for Internet Traffic Flow Profiling , 1995, IEEE J. Sel. Areas Commun..

[5]  Yossi Azar,et al.  Load balancing of temporary tasks in the lp norm , 2006, Theor. Comput. Sci..

[6]  Ross W. Callon,et al.  Use of OSI IS-IS for routing in TCP/IP and dual environments , 1990, RFC.

[7]  George Varghese,et al.  Fast and scalable layer four switching , 1998, SIGCOMM '98.

[8]  Yossi Azar On-line Load Balancing , 1996, Online Algorithms.

[9]  J. J. Garcia-Lunes-Aceves Loop-free routing using diffusing computations , 1993 .

[10]  Jianping Wang,et al.  Traffic Engineering with AIMD in MPLS Networks , 2002, Protocols for High-Speed Networks.

[11]  Allan Borodin,et al.  Online computation and competitive analysis , 1998 .

[12]  Biswanath Mukherjee,et al.  DIDS (distributed intrusion detection system)—motivation, architecture, and an early prototype , 1997 .

[13]  George Varghese,et al.  Scalable packet classification , 2001, SIGCOMM 2001.

[14]  Cheng Jin,et al.  MATE: MPLS adaptive traffic engineering , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[15]  Jing Wang,et al.  An Efficient Method for Optimal Probe Deployment of Distributed IDS , 2005, IEICE Trans. Inf. Syst..

[16]  Nick McKeown,et al.  Packet classification on multiple fields , 1999, SIGCOMM '99.

[17]  Parimal Patel,et al.  Distributed IDS using Reconfigurable Hardware , 2007, 2007 IEEE International Parallel and Distributed Processing Symposium.

[18]  Yossi Azar,et al.  Ancient and New Algorithms for Load Balancing in the lp Norm , 1998, SODA '98.

[19]  Ioannis Caragiannis,et al.  Tight Bounds for Selfish and Greedy Load Balancing , 2006, ICALP.

[20]  Niv Gilboa,et al.  Distributed flow detection over multi path sessions , 2008, SecureComm.

[21]  Hyesook Lim,et al.  Parallel multiple hashing for packet classification , 2005, HPSR. 2005 Workshop on High Performance Switching and Routing, 2005..

[22]  Subhash Suri,et al.  Space Decomposition Techniques for Fast Layer-4 Switching , 1999, Protocols for High-Speed Networks.

[23]  J. J. Garcia-Luna-Aceves,et al.  Loop-free multipath routing using generalized diffusing computations , 1998, Proceedings. IEEE INFOCOM '98, the Conference on Computer Communications. Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies. Gateway to the 21st Century (Cat. No.98.

[24]  Venkatachary Srinivasan,et al.  Packet classification using tuple space search , 1999, SIGCOMM '99.

[25]  Gang Feng,et al.  An integrated design of multipath routing with failure survivability in MPLS networks , 2004, The Ninth International Conference onCommunications Systems, 2004. ICCS 2004..

[26]  Ioannis Caragiannis,et al.  Better bounds for online load balancing on unrelated machines , 2008, SODA '08.

[27]  Yanghee Choi,et al.  A constrained multipath traffic engineering scheme for MPLS networks , 2002, 2002 IEEE International Conference on Communications. Conference Proceedings. ICC 2002 (Cat. No.02CH37333).

[28]  Susanne Albers,et al.  On randomized online scheduling , 2002, STOC '02.

[29]  Yossi Azar,et al.  On-line load balancing , 1992, Proceedings., 33rd Annual Symposium on Foundations of Computer Science.

[30]  Marek Karpinski,et al.  On-Line Load Balancing for Related Machines , 1997, J. Algorithms.

[31]  A. Krikelis,et al.  Associative processing and processors , 1994, Computer.

[32]  H. Chernoff A Measure of Asymptotic Efficiency for Tests of a Hypothesis Based on the sum of Observations , 1952 .

[33]  Pankaj Gupta,et al.  Packet Classification using Hierarchical Intelligent Cuttings , 1999 .

[34]  Ricardo Staciarini Puttini,et al.  A fully distributed IDS for MANET , 2004, Proceedings. ISCC 2004. Ninth International Symposium on Computers And Communications (IEEE Cat. No.04TH8769).

[35]  Stephen Taylor,et al.  Practical Dynamic Load Balancing for Irregular Problems , 1996, IRREGULAR.

[36]  Gianfranco Ciardo,et al.  Analytic modeling of load balancing policies for tasks with heavy-tailed distributions , 2000, WOSP '00.

[37]  Ming-Yuh Huang,et al.  A large scale distributed intrusion detection framework based on attack strategy analysis , 1999, Comput. Networks.

[38]  J. J. Garcia-Luna-Aceves,et al.  MDVA: a distance-vector multipath routing protocol , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[39]  J. J. Garcia-Luna-Aceves,et al.  EIGRP--A Fast Routing Protocol based on Distance Vectors , 1994 .