Overlay Networks: An Akamai Perspective Ramesh K. Sitaraman, mangesh kasbekar, Woody Lichtenstein, and Manish Jain Akamai Technologies Inc Univerisy of Massachusetts, Amherst Presented by Huazhe Wang Akamai Technologies, Inc. is a content delivery network and cloud services provider headquartered in Cambridge, Massachusetts, in the United States. Outline Motivation Overview of Overlay Networks Caching Overlays Routing Overlays Security Overlays Content Distribution using the Internet The Internet is increasingly being used for digital content and media delivery. Business, commerce, entertainment, news and social interactions Requirements: high reliability, performance, security, scalability and low operating costs. Major e-commerce sites require 99.99% of reliability TransportingTens of petabits per second of data to support High quality television Deficiencies of the Internet A heterogeneous network of networks Access traverses multiple networks to obtain content “Best effort” Failures and performance degradation are common Major shortcomings of the Internet Outrages Misconfigured routers, DDoS attacks, cable cuts, power disruptions… server C0 Congestion client 1 High traffic demand Economic reasons client n Lack of scalability One point failure Over/under provisioning client 2 Major shortcomings of the Internet Slow adaptability Large investment Business relations Lack of security Growing Distributed denial of service (DDoS) attacks Cost additional servers and bandwidth Challenges: How to bridge the gap between what modern Internet-based services need and what the Internet actually provides? Redesign of the Internet Hard to implement given the wide-adoption of the current technology Overlay Networks Overview of Overlay Networks Fundamental idea: virtually great what you want with what you have. Fragmented storage to a single, contiguous virtual memory space Virtual machine Internet was built as a overlay on top of the telephone network Overview of Overlay Networks An overlay network is built on top of the public Internet to provide the stringent requirements that rich Internet-based services need. Peer to peer (P2P) Overlays P2P uses end users’ host to form overlays that can be used for downloading content. Unnecessary long distance Traversing multiple Ass P2P Problem : Network Inefficiency P2P applications are largely networkoblivious and may not be network efficient Verizon (2008) average P2P bit traverses 1,000 miles on network average P2P bit traverses 5.5 metro-hops Karagiannis et al. on BitTorrent, a university network (2005) 50%-90% of existing local pieces in active users are downloaded externally Peer to peer (P2P) Overlays Hybrid approaches that combine P2P principles with a dedicated overlay infrastructure are widely used. Overlays described in the paper use a dedicated server infrastructure owned and operated by the overlay provider, rather than the computers belonging to users. Overlay Architecture Overlays used to deliver content, applications and services Origins Edge servers One or a few, locates in core Hundreds thousand Locates at the edges, close to users Transport system High reliability and performance Outline Motivation Overview of Overlay Networks Caching Overlays Routing Overlays Security Overlays Caching Overlays Caching HTTP/HTTPS proxy servers Usage Static objects can be cached for some period Embedded image on a web page, a movie, a music, a software download, or a software update Benefits Availability, performance and origin offload Performance benefits 30 agents located in Asia, Europe, and North America The agents hourly download a popular web page Origin servers locate in Dallas Origin offload benefits Origin offload Is equal to the ratio of the volume of traffic served by the origin without the overlay to the volume of traffic served by the origin with the overlay. A large decrease in server, bandwidth, expenses. Popular vs cold traffic Cache hierarchy Adding a layer of parent servers Increases the origin offload, easy to implement Performance benefits Origin offload increases with deployment of cache hierarchy Performance benefits Outline Motivation Overview of Overlay Networks Caching Overlays Routing Overlays Security Overlays Routing Overlays Usage Not all content on the Internet is cacheable for long time Gaming, live streams. Benefits Discovering better ‘overlay path’ to improve performance and availability Yale LANS Routing Overlays Some issues to be considered An overlay construction algorithm to compute a set of candidate overlay paths Real-time latency, loss, available bandwidth Choosing which of these paths to use depends on real-time testing of the different path options. Yale LANS Routing Overlays Formulating overlay construction as multicommodity flow Yale LANS Routing Overlays Link costs can be defined in different ways to construct different types of routing overlays. Latency vs bandwidth price Throughput e.g. finding the fastest overlay routes while avoiding links that are too expensive, or finding the cheapest overlay paths while avoiding paths that are too slow. Minimizing latency is important when delivering small-size responses. Maximizing throughput is important for large responses. TCP performance The overlay paths must remain “sticky" over longer periods of time. Yale LANS Routing Overlays Selecting the reverse proxy Choosing a reverse proxy close to the origin Low latency, loss, Shared link Reducing penalty to set up a new TCP connection Yale LANS Performance benefits The significantly greater performance is due to the ability of the routing overlay to find alternate paths that avoid the failed links between different parts of Asia to the Boston origin. Performance benefits Without major Internet outrage Outline Motivation Overview of Overlay Networks Caching Overlays Routing Overlays Security Overlays Security Overlays Defending against DDoS attacks Not provided by Internet architecture In caching/routing overlay networks, performing security tasks at the edge server of overlay networks is effective. Security overlay Architecture Yale LANS Security Overlays Security overlay Architecture Shared attack capacity Shared expertise and lower costs Is flexible to increase bandwidth capacity at some locations on-demand as needed. Cost effective. A team of security experts provides high level of defense with low costs. Advanced security features Security features to defend against all kind of attacks, like a networking stack, firewall. Yale LANS Security Overlays Shielding the origin Shielding the origin from accesses coming from strange end hosts Control design Controls are provided for individual content providers Yale LANS Performance benefits 50 to 9000 during a DDoS attack 90% of attacker’s requests are denied Summary Overlays hold the keys to the rapid evolution of Internet services. Three key types of overlays. Thank you and Questions