[Show abstract][Hide abstract] ABSTRACT: A concurrent prefix hijack happens when an unauthorized network originates IP prefixes of multiple other networks. Its extreme case is leaking the entire routing table, i.e., hijacking all the prefixes in the table. This is a well-known problem and there exists a preventive measure in practice to safeguard against it. However, we investigated and uncovered many concurrent prefix hijacks that didn't involve a full-table leak. We report these events and their impact on Internet routing. y correlating suspicious routing announcements and comparing it with a network's past routing announcements, we develop a method to detect a network's abnormal behavior of offending multiple other networks simultaneously. Applying the detection algorithm to BGP routing updates from 2003 through 2010, we identify five to twenty concurrent prefix hijacks every year, most of which are previously unknown to the research and operation communities at large. They typically hijack prefixes owned by a few tens of networks, last from a few minutes to a few hours, and pollute routes at most vantage points.
Proceedings of the 2012 ACM conference on Internet measurement conference; 11/2012
[Show abstract][Hide abstract] ABSTRACT: Content Delivery Networks (CDN) are overlay network of servers being used to deliver growing traffic demands on the Internet. As a result, CDNs are facing ever-increasing operating costs. Internet Service Providers (ISP) charge CDNs on server traffic, computed using common usage-based charging models, e.g. 95th Percentile charging. We propose Network Cost Aware Request Routing, NetReq, that assign user requests to reduce server charging volume. We compare NetReq against nearest-available server request routing in large scale simulations for both Web and multicast traffic requests. NetReq reduces charging volume for both traffic request types, thereby reducing cost. NetReq provides comparable network performance for multicast traffic by introducing end-to-end delay as a constraint in the request-routing. NetReq marginally increases network performance for Web traffic, when content maybe available at every server.
Local Computer Networks (LCN), 2012 IEEE 37th Conference on; 01/2012
[Show abstract][Hide abstract] ABSTRACT: Internet Service Providers (ISPs) route traffic at the IP layer with the preference of less inter-carrier payments while Content Distribution Networks (CDNs) route traffic at the application layer with the preference of better application performance. Such mismatch of routing preferences leads to conflicts that eventually result in higher operational cost for both ISPs and CDNs. In this paper, we propose to make CDN and ISP routing mutually beneficial through ISP's non-uniform bandwidth charging and CDN's bandwidth cost-aware request routing. More specifically, ISPs charge different prices for traffic that traverses different types of inter-domain links and CDNs, in routing user requests to their servers, try to minimize their ISP payments by taking the pricing information into consideration. We evaluate the solution in large scale simulations. The greedy solution presents the lowest bandwidth cost for CDNs but at the expense of network performance for users. With end-to-end delay introduced as a constraint in the optimization process, the solution maintains good network performance for users while achieving significant savings in bandwidth cost. Compared with conventional nearest-available policy in CDN request routing, our solution moves significant amount of inter-domain traffic from provider routes to peer or customer routes, reducing operational costs for ISPs and CDNs.
2011 International Conference on Distributed Computing Systems, ICDCS 2011, Minneapolis, Minnesota, USA, June 20-24, 2011; 01/2011
[Show abstract][Hide abstract] ABSTRACT: Internet routing tables have been growing rapidly due to factors such as edge-site multihoming, traffic engineering, and disjoint address allocations. To address the routing scalability problems caused by this rapid growth, we propose an evolutionary approach that is incrementally deployable and provides immediate benefits to any adopting ASes. The basic premise of the approach is that route aggregation removes from routing tables the unnecessary topological details about remote portions of the Internet. We demonstrate that aggregation can be applied incrementally starting from local scopes within individual routers and individual ASes, and gradually expanded to the global Internet scope. The evaluation studies show that route aggregation is effective in addressing FIB scalability problems within a router and within a network.
IEEE Journal on Selected Areas in Communications 11/2010; 28(8-28):1363 - 1375. DOI:10.1109/JSAC.2010.101013 · 3.45 Impact Factor
[Show abstract][Hide abstract] ABSTRACT: We present a distributed multi-scale dead-reckoning (MSDR-D) algorithm for network localization that utilizes local distance
and angular information for nearby sensors. The algorithm is anchor-free and does not require particular network topology,
rigidity of the underlying communication graph, or high average connectivity. The algorithm scales well to large and sparse
networks with complex topologies and outperforms previous algorithms when the noise levels are high. The algorithm is simple
to implement and is available, along with source code, executables, and experimental results, at
[Show abstract][Hide abstract] ABSTRACT: Internet-scale dissemination of streaming contents (e.g., live sports games) can be achieved by infrastructure-based overlay multicast networks, where multicast service providers deliver the contents via dedicated servers strategically placed over the Internet. Given the huge amount of data traffic, one of the major operation costs is the ISP cost for network access. However, existing overlay multicast protocols only consider network performance metrics in building dissemination trees without taking into account the potentially high ISP cost they may incur. This paper presents a scheme, revenue-driven overlay multicast networks (ROMaN), to assign users to different servers in order to maximize the profit derived from providing multicast services. ROMaN exploits the fact that ISP charging functions are concave by assigning users to the cheapest available servers, and dynamically adjusts the assignment to accommodate the churns of group membership. The evaluation shows that ROMaN not only can reduce ISP cost substantially, but also has shorter end-to-end delay due to smaller overlay size, and the longer a user stays in the group the better the service it will receive.
[Show abstract][Hide abstract] ABSTRACT: Databases and networks currently have dif-ferent service models. Database services are data-centric in that users typically describe the content of data and the system finds and returns matching data. However, traditional Internet services are server-centric in that users have to know the location of data (e.g., a URL) in order to retrieve it. We envision a future in which Internet services are data-centric. Users specify their interests and publishers describe their data. Based on the matching between user interests and data contents, users can pull data from publishers, and publishers can push data to interested users. We propose a unified system design called Net-X to support data-centric Internet services seamlessly under a common framework. In Net-X , user interests and data contents are characterized by polynomial signatures. These signatures are stored in a distributed hash table, on which interest matching is performed. Users can download matching data from publishers and publishers can push data to many interested users via per-document data-driven dissemination trees. By leveraging a wide range of database and networking techniques, Net-X provides a scalable, flexible, and secure infrastructure for data-centric Internet services.
[Show abstract][Hide abstract] ABSTRACT: Prefix hijacking, in which an unauthorized network announces IP prefixes of other networks, is a major threat to the Internet routing security. Existing detection systems either generate many false positives, requiring frequent human intervention, or are designed to protect a small number of specific prefixes. Therefore they are not suitable to protect data traffic at networks other than the prefix owner during on-going hijacks. We design and implement a system that detects a specific type of prefix hi-jacking, large route leaks, at real time and without requiring authoritative prefix ownership information. In a large route leak, an unauthorized network hijacks prefixes owned by multiple different networks. By correlating suspicious routing announcements along the time dimension and comparing with a net-work's past behavior, we are able to identify a network's abnormal behavior of offending multiple other networks at the same time. Applying the detection algorithm to routing data from 2003 through 2009, we identify five to twenty large route leaks every year. They typically hijack prefixes owned by a few tens of other networks, last from a few minutes to a few hours, and pollute routes at most vantage points of the data collector. In 2009 there are ten events detected, none of which was mentioned on operator mailing lists, but most are confirmed through our communication with individual operators of affected networks. The system can take real-time routing data feed and conduct the detection quickly, enabling automated response to these attacks without requiring authoritative prefix ownership information or hu-man intervention.