When statistical multiplexing is used to provide connectivity to a number of client hosts through a high-delay link, the original TCP as well as TCP variants designed to improve performance on those links often provide poor performance and sub-optimal QoS properties. Centralised and collaborative resource management tools like C2ML have been proposed to guarantee intra-protocol fairness, inter-protocol friendliness, low queues utilisation and optimal throughput along with the reliable delivery of packets. However, such tools offer only very limited security guarantees. Both good citizenship and security from flooding attacks are fundamental conditions for the provision of fairness, especially in mission-critical networks. For example, perpetrators of a man-provoked disaster may want to perform a resource exhaustion attack on the network supporting disaster recovery operations, so as to cut out legitimate users from the communications and increase the emergency impact. In this paper we present Queue Rate Management (QRM), an Active Queue Management scheme able to provide protection from traffic overflow attacks in scenarios where access to the shared link is controlled by a tool that assigns to client hosts a bandwidth upper bound. The proposed algorithm checks whether a node is exceeding its allowed rate, and consequently decides whether to keep or drop packets coming from that host. We mathematically prove that with QRM the gateway queue size can never exceed the Bandwidth-Delay Product of the channel. Furthermore, we employ the ns-3 network simulator to compare QRM with CoDel, RED and GREEN, showing how QRM provides better performance in terms of both throughput and QoS guarantees in the aforementioned scenarios.

QRM: A queue rate management for fairness and TCP flooding protection in mission-critical networks / Casoni, Maurizio; Grazia, CARLO AUGUSTO; Klapez, Martin; Patriciello, Natale. - In: COMPUTER NETWORKS. - ISSN 1389-1286. - ELETTRONICO. - 93:Part 1(2015), pp. 54-65. [10.1016/j.comnet.2015.10.010]

QRM: A queue rate management for fairness and TCP flooding protection in mission-critical networks

CASONI, Maurizio;GRAZIA, CARLO AUGUSTO;KLAPEZ, MARTIN;PATRICIELLO, NATALE
2015

Abstract

When statistical multiplexing is used to provide connectivity to a number of client hosts through a high-delay link, the original TCP as well as TCP variants designed to improve performance on those links often provide poor performance and sub-optimal QoS properties. Centralised and collaborative resource management tools like C2ML have been proposed to guarantee intra-protocol fairness, inter-protocol friendliness, low queues utilisation and optimal throughput along with the reliable delivery of packets. However, such tools offer only very limited security guarantees. Both good citizenship and security from flooding attacks are fundamental conditions for the provision of fairness, especially in mission-critical networks. For example, perpetrators of a man-provoked disaster may want to perform a resource exhaustion attack on the network supporting disaster recovery operations, so as to cut out legitimate users from the communications and increase the emergency impact. In this paper we present Queue Rate Management (QRM), an Active Queue Management scheme able to provide protection from traffic overflow attacks in scenarios where access to the shared link is controlled by a tool that assigns to client hosts a bandwidth upper bound. The proposed algorithm checks whether a node is exceeding its allowed rate, and consequently decides whether to keep or drop packets coming from that host. We mathematically prove that with QRM the gateway queue size can never exceed the Bandwidth-Delay Product of the channel. Furthermore, we employ the ns-3 network simulator to compare QRM with CoDel, RED and GREEN, showing how QRM provides better performance in terms of both throughput and QoS guarantees in the aforementioned scenarios.
2015
93
Part 1
54
65
QRM: A queue rate management for fairness and TCP flooding protection in mission-critical networks / Casoni, Maurizio; Grazia, CARLO AUGUSTO; Klapez, Martin; Patriciello, Natale. - In: COMPUTER NETWORKS. - ISSN 1389-1286. - ELETTRONICO. - 93:Part 1(2015), pp. 54-65. [10.1016/j.comnet.2015.10.010]
Casoni, Maurizio; Grazia, CARLO AUGUSTO; Klapez, Martin; Patriciello, Natale
File in questo prodotto:
File Dimensione Formato  
CompNets_QRM_UNIMORE_Original_2.pdf

Accesso riservato

Descrizione: Articolo originale
Tipologia: Versione pubblicata dall'editore
Dimensione 2.02 MB
Formato Adobe PDF
2.02 MB Adobe PDF   Visualizza/Apri   Richiedi una copia
Pubblicazioni consigliate

Licenza Creative Commons
I metadati presenti in IRIS UNIMORE sono rilasciati con licenza Creative Commons CC0 1.0 Universal, mentre i file delle pubblicazioni sono rilasciati con licenza Attribuzione 4.0 Internazionale (CC BY 4.0), salvo diversa indicazione.
In caso di violazione di copyright, contattare Supporto Iris

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11380/1073726
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus 7
  • ???jsp.display-item.citation.isi??? 3
social impact