When statistical multiplexing is used to provide connectivity to a number of client hosts through a high-delay link, the original TCP as well as TCP variants designed to improve performance on those links often provide poor performance and sub-optimal QoS properties. Centralised and collaborative resource management tools like C2ML have been proposed to guarantee intra-protocol fairness, inter-protocol friendliness, low queues utilisation and optimal throughput along with the reliable delivery of packets. However, such tools offer only very limited security guarantees. Both good citizenship and security from flooding attacks are fundamental conditions for the provision of fairness, especially in mission-critical networks. For example, perpetrators of a man-provoked disaster may want to perform a resource exhaustion attack on the network supporting disaster recovery operations, so as to cut out legitimate users from the communications and increase the emergency impact. In this paper we present Queue Rate Management (QRM), an Active Queue Management scheme able to provide protection from traffic overflow attacks in scenarios where access to the shared link is controlled by a tool that assigns to client hosts a bandwidth upper bound. The proposed algorithm checks whether a node is exceeding its allowed rate, and consequently decides whether to keep or drop packets coming from that host. We mathematically prove that with QRM the gateway queue size can never exceed the Bandwidth-Delay Product of the channel. Furthermore, we employ the ns-3 network simulator to compare QRM with CoDel, RED and GREEN, showing how QRM provides better performance in terms of both throughput and QoS guarantees in the aforementioned scenarios.
QRM: A queue rate management for fairness and TCP flooding protection in mission-critical networks / Casoni, Maurizio; Grazia, CARLO AUGUSTO; Klapez, Martin; Patriciello, Natale. - In: COMPUTER NETWORKS. - ISSN 1389-1286. - ELETTRONICO. - 93:Part 1(2015), pp. 54-65. [10.1016/j.comnet.2015.10.010]
QRM: A queue rate management for fairness and TCP flooding protection in mission-critical networks
CASONI, Maurizio;GRAZIA, CARLO AUGUSTO;KLAPEZ, MARTIN;PATRICIELLO, NATALE
2015
Abstract
When statistical multiplexing is used to provide connectivity to a number of client hosts through a high-delay link, the original TCP as well as TCP variants designed to improve performance on those links often provide poor performance and sub-optimal QoS properties. Centralised and collaborative resource management tools like C2ML have been proposed to guarantee intra-protocol fairness, inter-protocol friendliness, low queues utilisation and optimal throughput along with the reliable delivery of packets. However, such tools offer only very limited security guarantees. Both good citizenship and security from flooding attacks are fundamental conditions for the provision of fairness, especially in mission-critical networks. For example, perpetrators of a man-provoked disaster may want to perform a resource exhaustion attack on the network supporting disaster recovery operations, so as to cut out legitimate users from the communications and increase the emergency impact. In this paper we present Queue Rate Management (QRM), an Active Queue Management scheme able to provide protection from traffic overflow attacks in scenarios where access to the shared link is controlled by a tool that assigns to client hosts a bandwidth upper bound. The proposed algorithm checks whether a node is exceeding its allowed rate, and consequently decides whether to keep or drop packets coming from that host. We mathematically prove that with QRM the gateway queue size can never exceed the Bandwidth-Delay Product of the channel. Furthermore, we employ the ns-3 network simulator to compare QRM with CoDel, RED and GREEN, showing how QRM provides better performance in terms of both throughput and QoS guarantees in the aforementioned scenarios.File | Dimensione | Formato | |
---|---|---|---|
CompNets_QRM_UNIMORE_Original_2.pdf
Accesso riservato
Descrizione: Articolo originale
Tipologia:
Versione pubblicata dall'editore
Dimensione
2.02 MB
Formato
Adobe PDF
|
2.02 MB | Adobe PDF | Visualizza/Apri Richiedi una copia |
Pubblicazioni consigliate
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris