Overlay Networks: An Akamai Perspective

advertisement
Overlay Networks:
An Akamai Perspective
Ramesh K. Sitaraman, mangesh kasbekar,
Woody Lichtenstein, and Manish Jain
Akamai Technologies Inc
Univerisy of Massachusetts, Amherst
Presented by Huazhe Wang
Akamai Technologies, Inc. is a content delivery
network and cloud services provider headquartered
in Cambridge, Massachusetts, in the United States.
Outline





Motivation
Overview of Overlay Networks
Caching Overlays
Routing Overlays
Security Overlays
Content Distribution using the Internet

The Internet is increasingly being used for digital
content and media delivery.


Business, commerce, entertainment, news and social
interactions
Requirements: high reliability, performance,
security, scalability and low operating costs.


Major e-commerce sites require 99.99% of reliability
TransportingTens of petabits per second of data to
support High quality television
Deficiencies of the Internet

A heterogeneous network
of networks

Access traverses multiple
networks to obtain content

“Best effort”

Failures and performance
degradation are common
Major shortcomings of the Internet

Outrages

Misconfigured routers,
DDoS attacks, cable cuts,
power disruptions…
server
C0

Congestion


client 1
High traffic demand
Economic reasons
client n

Lack of scalability


One point failure
Over/under provisioning
client 2
Major shortcomings of the Internet

Slow adaptability


Large investment
Business relations

Lack of security


Growing Distributed denial
of service (DDoS) attacks
Cost additional servers and
bandwidth
Challenges: How to bridge the gap between
what modern Internet-based services need
and what the Internet actually provides?

Redesign of the Internet


Hard to implement given the wide-adoption of the
current technology
Overlay Networks
Overview of Overlay Networks

Fundamental idea: virtually great what you
want with what you have.



Fragmented storage to a single, contiguous virtual
memory space
Virtual machine
Internet was built as a overlay on top of the
telephone network
Overview of Overlay Networks

An overlay network is built on top of the public
Internet to provide the stringent requirements
that rich Internet-based services need.
Peer to peer (P2P) Overlays

P2P uses end users’ host to form overlays that
can be used for downloading content.


Unnecessary long distance
Traversing multiple Ass
P2P Problem : Network Inefficiency

P2P applications are largely networkoblivious and may not be network efficient

Verizon (2008)



average P2P bit traverses 1,000 miles on network
average P2P bit traverses 5.5 metro-hops
Karagiannis et al. on BitTorrent, a university
network (2005)

50%-90% of existing local pieces in active users are
downloaded externally
Peer to peer (P2P) Overlays

Hybrid approaches that combine P2P principles
with a dedicated overlay infrastructure are
widely used.

Overlays described in the paper use a dedicated
server infrastructure owned and operated by the
overlay provider, rather than the computers
belonging to users.
Overlay Architecture

Overlays used to deliver content, applications
and services

Origins



Edge servers




One or a few,
locates in core
Hundreds thousand
Locates at the edges,
close to users
Transport system

High reliability and performance
Outline





Motivation
Overview of Overlay Networks
Caching Overlays
Routing Overlays
Security Overlays
Caching Overlays

Caching HTTP/HTTPS
proxy servers

Usage

Static objects can be cached for some period


Embedded image on a web page, a movie, a music, a
software download, or a software update
Benefits

Availability, performance and origin offload
Performance benefits



30 agents located in Asia, Europe, and North America
The agents hourly download a popular web page
Origin servers locate in Dallas
Origin offload benefits

Origin offload



Is equal to the ratio of the volume of traffic served by
the origin without the overlay to the volume of traffic
served by the origin with the overlay.
A large decrease in server, bandwidth, expenses.
Popular vs cold traffic

Cache hierarchy


Adding a layer of parent servers
Increases the origin offload, easy to implement
Performance benefits

Origin offload increases with deployment of
cache hierarchy
Performance benefits
Outline





Motivation
Overview of Overlay Networks
Caching Overlays
Routing Overlays
Security Overlays
Routing Overlays

Usage

Not all content on the Internet is cacheable for long time


Gaming, live streams.
Benefits

Discovering better ‘overlay path’ to improve performance
and availability
Yale LANS
Routing Overlays

Some issues to be considered

An overlay construction algorithm to compute a set of
candidate overlay paths


Real-time latency, loss, available bandwidth
Choosing which of these paths to use depends on real-time
testing of the different path options.
Yale LANS
Routing Overlays

Formulating overlay construction as multicommodity flow
Yale LANS
Routing Overlays

Link costs can be defined in different ways to
construct different types of routing overlays.

Latency vs bandwidth price


Throughput


e.g. finding the fastest overlay routes while avoiding links that are
too expensive, or finding the cheapest overlay paths while
avoiding paths that are too slow.
Minimizing latency is important when delivering small-size
responses. Maximizing throughput is important for large
responses.
TCP performance

The overlay paths must remain “sticky" over longer periods of
time.
Yale LANS
Routing Overlays

Selecting the reverse proxy

Choosing a reverse proxy close to the origin


Low latency, loss, Shared link
Reducing penalty to set up a new TCP connection
Yale LANS
Performance benefits

The significantly greater performance is due to the ability of the routing
overlay to find alternate paths that avoid the failed links between different
parts of Asia to the Boston origin.
Performance benefits

Without major Internet outrage
Outline





Motivation
Overview of Overlay Networks
Caching Overlays
Routing Overlays
Security Overlays
Security Overlays

Defending against DDoS attacks



Not provided by Internet architecture
In caching/routing overlay networks, performing
security tasks at the edge server of overlay networks
is effective.
Security overlay Architecture
Yale LANS
Security Overlays

Security overlay Architecture

Shared attack capacity



Shared expertise and lower costs


Is flexible to increase bandwidth capacity at some locations
on-demand as needed.
Cost effective.
A team of security experts provides high level of defense with
low costs.
Advanced security features

Security features to defend against all kind of attacks, like a
networking stack, firewall.
Yale LANS
Security Overlays

Shielding the origin


Shielding the origin from accesses coming from strange end
hosts
Control design

Controls are provided for individual content providers
Yale LANS
Performance benefits

50 to 9000
during a
DDoS attack

90% of
attacker’s
requests are
denied
Summary


Overlays hold the keys to the rapid evolution of
Internet services.
Three key types of overlays.
Thank you and Questions
Download