Summary: | Improving end-to-end Quality of Service (QoS) in existing network systems is a fundamental problem, as it can be affected by many factors, including congestion, packet scheduling, attacks, and air-time allocation. This dissertation addresses QoS in two critical environments: home WiFi and cloud networks.
In home networks, we focus on improving QoS over WiFi networks, the dominant means for home Internet access. Three major reasons for end-to-end QoS efforts fail in WiFi networks are its: 1) inherent wireless channel characteristics, 2) approach to access control of the shared broadcast channel, and 3) impact on transport layer protocols, such as TCP, that operate end-to-end, and over-react to the loss or delay caused by the single WiFi link. We present our cross-layer design, Virtual Wire, leveraging the philosophy of centralization in modern networking to address the problem at the point of entry/egress into the WiFi network. Based on network conditions measured from buffer sizes, airtime, and throughput, flows are scheduled to the optimal utility. Unlike most existing WiFi QoS approaches, our design only relies on transparent modifications, requiring no changes to the network (including link layer) protocols, applications, or user intervention. Through extensive experimental investigation, we show that our design significantly enhances the reliability and predictability of WiFi performance, providing a ``virtual wire''-like link to the targeted application.
In cloud networks, we explore mechanisms to improve availability during DDoS attacks. The availability of cloud servers is impacted when excessive loads induced by DDoS attacks cause the servers to crash or respond too slowly to legitimate session requests. We model and analyze the effectiveness of a shuffling mechanism: the periodic, randomized re-assignment of users to servers. This shuffling mechanism not only complicates malicious users’ abilities to target specific servers but also, over time, allows a system to identify who the malicious users are. We design and evaluate improved classifiers which can, with statistical accuracy and well-defined levels of confidence, identify malicious users. We also propose and explore the effectiveness of a two-tiered system in which servers are partitioned in two, where one partition serves only ”filtered” users who have demonstrated non-malicious behavior. Our results show how shuffling with these novel classifiers can improve the QoS of the system, which is evaluated by the survival probability, the probability of a legitimate session not being affected by attacks.
|