Crossbow: a vertically integrated QoS stack

This paper describes a new architecture which addresses Quality of Service (QoS) by creating unique flows for applications, services, or subnets. A flow is a dedicated and independent path from the NIC hardware to the socket layer in which the QoS layer is integrated into the protocol stack instead of being implemented as a separate layer. Each flow has dedicated hardware and software resources allowing applications to meet their specified quality of service within the host. The architecture efficiently copes with Distributed Denial of Service (DDoS) attacks by creating zero or limited band-width flows for the attacking traffic. The unwanted packets can be dropped by the NIC hardware itself at no cost. A collection of flows on more than one host can be assigned the same Differentiated Services Code Point (DSCP) label which forms a path dedicated to a service across the enterprise network and enables end-to-end QoS within the data center.

[1]  Bengt Ahlgren,et al.  Scheduling TCP in the Nemesis Operating System , 1999, Protocols for High-Speed Networks.

[2]  Jon Crowcroft,et al.  QoS's downfall: at the bottom, or not at all! , 2003, RIPQoS '03.

[3]  Ian T. Foster,et al.  End-to-end quality of service for high-end applications , 2004, Comput. Commun..

[4]  Grenville J. Armitage Revisiting IP QoS: why do we care, what have we learned? ACM SIGCOMM 2003 RIPQOS workshop report , 2003, CCRV.

[5]  Kang G. Shin,et al.  Detecting SYN flooding attacks , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[6]  Thomas Henry Ptacek,et al.  Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection , 1998 .

[7]  Stephen Northcutt,et al.  Network intrusion detection , 2003 .

[8]  Patrick Lincoln,et al.  TCP SYN Flooding Defense , 1999 .

[9]  Dawson R. Engler,et al.  Exokernel: an operating system architecture for application-level resource management , 1995, SOSP.

[10]  Yong Tang,et al.  Stateful DDoS attacks and targeted filtering , 2007, J. Netw. Comput. Appl..

[11]  Andrew Smith,et al.  An Informal Management Model for Diffserv Routers , 2002, RFC.

[12]  Markus G. Kuhn,et al.  Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[13]  Wen-Yu Cai,et al.  Cross-layer QoS optimization design for wireless sensor networks , 2007 .

[14]  Richard McDougall,et al.  Solaris Internals: Solaris 10 and OpenSolaris Kernel Architecture , 2006 .

[15]  A. Kumar,et al.  Implementation of an 8-Core, 64-Thread, Power-Efficient SPARC Server on a Chip , 2008, IEEE Journal of Solid-State Circuits.

[16]  V. Jacobson,et al.  Congestion avoidance and control , 1988, CCRV.

[17]  Bruce S. Davie,et al.  Deployment experience with differentiated services , 2003, RIPQoS '03.

[18]  Pekka Nikander,et al.  DOS-Resistant Authentication with Client Puzzles , 2000, Security Protocols Workshop.

[19]  Sunay Tripathi,et al.  Crossbow: from hardware virtualized NICs to virtualized networks , 2009, VISA '09.

[20]  María Blanca Caminero,et al.  An autonomic network-aware scheduling architecture for grid computing , 2007, MGC '07.

[21]  Scott Shenker,et al.  Integrated Services in the Internet Architecture : an Overview Status of this Memo , 1994 .