Abstract
While the differentiated services (DiftServ) infrastructure is scalable and robust in providing network quality of service (QoS), there are serious drawbacks with the services provided by DiffServ: (1) the services are coarse-grained and one-way only; (2) no service differentiation and resource isolation are provided to meta-data packets such as TCP SYN and ACK packets. Moreover the coarse-grained service differentiation and the lack of resource isolation at IP routers exposes its vulnerability to distributed denial of service (DDoS) attacks. Based on the concept of layer-4 service differentiation and resource isolation, where the transport-layer information is inferred from the IP headers and used for packet classification and resource management, we present a scalable fine-grained DiffServ (sf-DiffServ) architecture that provides fine-grained service differentiation and resource isolation among thinner behavior aggregates (BAs). The sf-DiffServ architecture consists of a fine-grained QoS classifier and an adaptive weight-based resource manager at IP routers. A two-stage packet classification mechanism is devised to decouple the fine-grained QoS lookup from the routing lookup at core routers. Due to its scalable QoS support for TCP control segments, sf-DiffServ supports bi-directional differentiated services for TCP sessions. Most importantly, the fine-grained resource isolation provided inside the sf-DiffServ is a powerful built-in protection mechanism to counter DDoS attacks, reducing the vulnerability of the Internet to DDoS attacks.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call