Abstract
The current state of security and availability of the Internet is far from being commensurate with its importance. The number and strength of DDoS attacks conducted at the network layer have been steadily increasing. However, the single path (SP) routing used in today’s Internet lacks a mitigation scheme to rapidly recover from network attacks or link failure. In case of a link failure occurs, it can take several minutes until failover. In contrast, multi-path routing can take advantage of multiple alternative paths and rapidly switch to another working path. According to the level of available path control, we classfy the multi-path routing into two types, first-hop multi-path (FMP) and multi-hop multi-path (MMP) routing. Although FMP routing supported by networks, such as SD-WAN, shows marginal improvements over the current SP routing of the Internet, MMP routing supported by a global Internet architecture provides strong improvement under network attacks and link failure. MMP routing enables changing to alternate paths to mitigate the network problem in other hops, which cannot be controlled by FMP routing. To show this comparison with practical outcome, we evaluate network performance in terms of latency and loss rate to show that MMP routing can mitigate Internet hazards and provide high availability on global networks by 18 participating ASes in six countries. Our evaluation of global networks shows that, if network attacks or failures occur in other autonomous systems (ASes) that FMP routing cannot avoid, it is feasible to deal with such problems by switching to alternative paths by using MMP routing. When the global evaluation is under a transit-link DDoS attack, the loss rates of FMP that pass the transit-link are affected significantly by a transit-link DDoS attack, but the other alternative MMP paths show stable status under the DDoS attack with proper operation.
Highlights
We show that first-hop multi-path (FMP) mitigates certain cases of network problems, but multi-hop multi-path (MMP) gains impressively lower loss rate by comparison
This evaluation does not cover the whole cases of the multi-path but it shows the point of comparison for the main characteristics among single path (SP), FMP, and MMP routing
We evaluated multi-path routing on MMP and compared MMP with SP and FMP on a global network
Summary
The Internet provides single path (SP) routing, which lacks a rapid mitigation mechanism to counter Internet hazards, such as network congestion, link failures, or DDoS attacks. Path outages even lead to significant disruptions in communication, which may last tens of minutes or longer [5,6,7] If such a network congestion or network failure occurs from a link that an autonomous system (AS) cannot handle, sophisticated operations or cooperation among AS administrators will be required. Unlike a traditional DDoS attack, Comelt [17] or CrossFire [18] have shown that, by attacking only the core links, an adversary can effectively degrade the victim’s network connectivity or cause it to fail using only a small number of resources. If a DDoS attack or a link failure occurs from a link that a victim AS has no control over, rerouting from a traditional Internet environment would be a challenge
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
