Aggressiveness Protective Fair
Queuing for Bursty Applications
Nir Halachmi (IDC)
Joint work with
Dr. Anat Bremler Barr (IDC) and Prof. Hanoch Levy (TAU)
APFQ - Nir Halachmi (IDC)
Background: Network planning
• Network Designers use the traffic properties
to plan the capacity of the network.
Link Capacity
APFQ - Nir Halachmi (IDC)
Background: Exploiters
• Exploiters
– Malicious: Denial of Service (DDOS)
– Innocent: pre-fetching, massive users
Drop
Link Capacity
Exploiter
APFQ - Nir Halachmi (IDC)
Background: Solution- Fair Scheduling
protection against Exploiters
• Weighted Fair Queuing (WFQ) mechanisms
provides that the resource is fairly (typically
equally) divided among all
Drop
1
Link Capacity
1
Exploiter
Drop
APFQ - Nir Halachmi (IDC)
Our main contribution
•
The user traffic is bursty.
•
WFQ cannot provide fair service to bursty
applications in the presence of aggressive users
•
We propose WFQ-like mechanism called
Aggressiveness Protective Fair Queuing
(APFQ) that solves this problem.
APFQ - Nir Halachmi (IDC)
Bursty Application
• Many application are bursty (model on/off ~
active/idle)
– Http
on
off
on
off
Time
APFQ - Nir Halachmi (IDC)
Bursty Traffic
• Network Designers use the traffic burstiness
property to plan the capacity of the network.
Drop
Link Capacity
Drop
APFQ - Nir Halachmi (IDC)
Aggressive Users
• Aggressive user use the idle time to get
more BW
Drop
Link Capacity
Drop
APFQ - Nir Halachmi (IDC)
WFQ defensives
• WFQ cannot provide good fairness in the
presence of such aggressive users.
Drop
Link Capacity
Drop
APFQ - Nir Halachmi (IDC)
The effect of aggressive user on
polite users (WFQ)
100.0%
80.0%
70.0%
60.0%
All Polite - Polite traffic avarege
50.0%
40.0%
Mixed users - Polite traffic avarege
30.0%
20.0%
Mixed users - Aggressive traffic
avarege
10.0%
63
0
61
0
59
0
57
0
55
0
53
0
51
0
49
0
47
0
45
0
43
0
41
0
39
0
37
0
35
0
33
0
31
0
29
0
27
0
0.0%
25
0
Percentage of Packets transmitted (%)
90.0%
Link Capacity (Kb/s)
APFQ - Nir Halachmi (IDC)
Aggressiveness Protective Fair
Queuing (APFQ)
We propose a new WFQ-like mechanism
called Aggressiveness Protective Fair
Queuing (APFQ) that solves this problem
by dynamically decreasing the weight of the
aggressive users.
APFQ - Nir Halachmi (IDC)
Agenda
•
•
•
•
•
Related Work.
Solution Requirements.
APFQ algorithm.
APFQ analysis
Simulation.
APFQ - Nir Halachmi (IDC)
Related Work
• Dynamic WFQ was proposed to handle the fact that
it is hard to assign static weight accurately [Shin and el.
2001][Makrakis and el. 2001].
– Fix the weight according to arrival rate or the queue
length.
– Does not address bursty traffic problem.
• Dynamic WFQ was proposed as part of a mechanism
to handle DDOS [Thomas and el. 2003]
– Penalty mechanism to flows
– Does not deal with traffic burstiness and does not suggest
or analyze the weight function mechanism
APFQ - Nir Halachmi (IDC)
Solution Requirements
• Provide fairness to polite users.
• The limitation imposed on the users is a
function of the system load.
– Protect innocent users by negatively discriminating
aggressive users on an overloaded Network.
Drop
Link Capacity
Drop
APFQ - Nir Halachmi (IDC)
APFQ
• Dynamic weight function that reduces the
weight assigned to aggressive users
• For every flow (user) the mechanism counts
the amount of traffic that a source has
generated in the near history
• It uses this amount to affect the weight
given to the user.
APFQ - Nir Halachmi (IDC)
Weight function
• BS – the assigned quota.
• SM(t) – offered traffic during the last sliding.
window in time t.
• wo original fix weight.
• α – punishment factor – configure by the system.
w0

SM (t )  BS

BS 
w(t )  
w0  (
) SM (t )  BS

SM (t )
APFQ - Nir Halachmi (IDC)
APFQ Illustrated
• Polite user transmit data:
Time
• Aggressive User Transmitted data under WFQ
• Aggressive User Transmitted data under APFQ
APFQ - Nir Halachmi (IDC)
APFQ algorithm
KBytes
1
7
Time
W(0)
Weight
Time
APFQ - Nir Halachmi (IDC)
Analysis pre conditions
•
•
•
•
•
•
Polite user transmits at rate R for Ton and idle for Toff.
Aggressive user transmits at constant peak rate R.
N concurrently active users.
K aggressive users , N-K polite users.
For each user original fix weight wo = 1
Packets that are not transmitted within a period of ∆ from
their arrival time are dropped.
• B is the output link capacity.
• ∆ = Ton + Toff = sliding window size.
• ƒ = burst factor = To nTo ff  
To n
To n
APFQ - Nir Halachmi (IDC)
Polite User
• Offered Data
R (t ) 
 R t  Ton

 0 t  Ton
• Transmitted Data WFQ
B
D polite  N  Ton
W FQ
• Transmitted Data APFQ
B
B
APFQ
 Ton  D polite 
 Ton
N
N K
APFQ - Nir Halachmi (IDC)
Naive Aggressive User
• Offered Data
R (t )  R
•Total offered Data
R    f  BS
• Transmitted Data WFQ
Dnaive 
W FQ
B

N
APFQ - Nir Halachmi (IDC)
Naive Aggressive User
•Transmitted Data APFQ
B
N K
D


 1
APFQ


 Ton  Ton    dt   Dnaive
To n

t 

APFQ
naive
B

N


1 


 Ton  T on  
dt
Ton 

t 

• For α =1
D
APFQ
naive
 Ton (1  log f ) 
B
N
• For α=2
f 1 B
Dnaive  Ton (1 f )  N
APFQ
APFQ - Nir Halachmi (IDC)
Continuous Naive Aggressive
• Continuous Naive Aggressive - an aggressive user
that was active in the previous window size.
• I.e., offered traffic during the last sliding
SM (t )  R  
• Hence the assigned weight is fixed
 
BS
w(t ) 
R


1
  
f
APFQ - Nir Halachmi (IDC)
Continuous Naive Aggressive
•Transmitted Data APFQ

1

Dcontnaive f
APFQ

1

Dcontnaive f
APFQ
 1
 1
B
 Ton
N
B
 Ton
N K
•For α =1
Exactly as polite use under APFQ
• For α=2
1
Exactly as f polite use under APFQ
APFQ - Nir Halachmi (IDC)
t
s
o
f
f
e
r
• Sophisticated Aggressive user
is assumed to know
the function used by APFQeand optimizes its offered
d
traffic in order to maximize tthe traffic APFQ will
transmit for him.
r
a
f
f
• An approach for the sophisticated
aggressive user is
to offer the same amount of itraffic as the mechanism
c
allow her to transmit.
i
APFQ - Nir Halachmi (IDC)
n
Sophisticated Aggressive
Sophisticated User Upper Bound
• Lemma: Under APFQ a sophisticated
aggressive user cannot transmit in a period
of duration ∆ more than (m+2)·BS traffic
m 
where m is derived from equation i1i  f 1
 1
D
APFQ
sophisticated
 2
D
APFQ
sophisticated


 2   f 1  2  BS


 3 3   f  1  2  BS
APFQ - Nir Halachmi (IDC)
Sketch of proof
wi 
t
t
1
w1  
1
1
w2  
2
1
i
 t i 
i 1

i 1
1

i
 R  BS
 t i  i  Ton

m

 Ton  Ton  
i
i 1
1
w3  
3
APFQ - Nir Halachmi (IDC)
Sophisticated User Lower Bound
• Lemma: There is a strategy where the sophisticated
aggressive user can transmit during an interval of
length ∆ under APFQ with α at least (m+1)·BS
traffic where m is derived from equation

m
i1 i  1  f 1 .
 1
D
APFQ
sophisticated
 2
D


 2   f 1 1  BS
APFQ
sophisticated


 3 3   f  1  1  BS
APFQ - Nir Halachmi (IDC)
Optimal Strategy for
sophisticated aggressive
APFQ - Nir Halachmi (IDC)
Analysis Summery
User Type
WFQ transmitted
traffic
APFQ transmitted
traffic (α=1)
APFQ transmitted
traffic (α=2)
Polite user
1
1
1
Naïve aggressive user
ƒ
1 + log ƒ
2
Continuous naïve
aggressive user
ƒ
1
1
f
Sophisticated user
ƒ
2   f  1  2
3
3  ( f 1)  2
APFQ - Nir Halachmi (IDC)
Simulation
• Simulated APFQ on NS2
• NS2 code implementing WFQ contributed by
Paulo Losi
• APFQ was implemented as a software wrapper
around WFQ.
APFQ - Nir Halachmi (IDC)
Tests Set-up
Workstation 1
200Kb
200Kb
Workstation 2
Link Capacity
200Kb
Router
Workstation 3
Server
.
.
.
.
200Kb
Workstation N
APFQ - Nir Halachmi (IDC)
Experiment 1
• Examine the percentage of packets
transmitted per flow as a function of the
link capacity.
• Scenario 1: 12 polite users
• Scenario 2: 10 polite users and 2 aggressive
users.
APFQ - Nir Halachmi (IDC)
Experiment 1 Results
100.0%
80.0%
70.0%
60.0%
50.0%
All polite- WFQ Polite traffic avarege
40.0%
Mixed users - WFQ Polite traffic
avarege
Mixed users- WFQ Aggressive traffic
avarege
Mixed users- APFQ Polite traffic
avarege
Mixed users- APFQ Aggressive traffic
avarege
30.0%
20.0%
10.0%
63
0
61
0
59
0
57
0
55
0
53
0
51
0
49
0
47
0
45
0
43
0
41
0
39
0
37
0
35
0
33
0
31
0
29
0
27
0
0.0%
25
0
Percentage of Packets transmitted (%)
90.0%
Link Capacity (Kb/s)
APFQ - Nir Halachmi (IDC)
Experiment 2
• Examine how many aggressive users a
given network can handle without
negatively affecting the polite users.
• Test APFQ robustness to large networks.
APFQ - Nir Halachmi (IDC)
Experiment 2
• 300 users with a variable number of
aggressive users out of them.
• The number of aggressive users was
increased in each round.
• The Link-capacity was set to 9000Kb/sec.
APFQ - Nir Halachmi (IDC)
Experiment 2 Results
100.0%
80.0%
70.0%
60.0%
50.0%
40.0%
WFQ Polite traffic avarege
30.0%
WFQ Aggressive traffic avarege
(%)
Precentage of Packets transmitted
90.0%
20.0%
10.0%
APFQ polite traffic avarege
APFQ Aggressive traffic
avarege
0.0%
1
3
5
7
9
11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49
Number Of Aggressive Users
APFQ - Nir Halachmi (IDC)
Implementation consideration
• APFQ can use a regular WFQ.
• Experiments revealed that Dynamic WFQ, in
some scenarios, can causes disorder.
• The cause of the problem is that the WFQ
implementation implicitly assumed the weight
of the queues is constant (i.e. static weight).
APFQ - Nir Halachmi (IDC)
Conclusion
• Aggressive users use the idle time to get more
bandwidth.
• WFQ has a fairness problems in the presence
of aggressive users.
• APFQ is a mechanism that provide fairness in
such cases, using a dynamic weight function.
APFQ - Nir Halachmi (IDC)
Questions ?
Thank You
APFQ - Nir Halachmi (IDC)
Problem demonstration
V_t =0
6
5
4
3
2
1
0
Time
1
P4
F=4
P3
F=3
P2
F=2
P1
F=1
1
V_t =1
6
6
5
4
3
2
1
Time
P1
F=1
1
P5
F=5
P4
F=4
P3
F=3
P2
F=2
1
V_t =2
8
7
6
5
4
3
2
Time
P2
F=2
1
P6
F=9
P5
F=5
P4
F=4
P3
F=3
0.25
APFQ - Nir Halachmi (IDC)
P1
F=1
Problem demonstration
V_t =8.4
8
7
6
5
4
3
2
Time
P7
F=6
P5
F=5
P4
F=4
P3
F=3
P2
F=2
P1
F=1
p6
F=9
P7
F=6
P5
F=5
P4
F=4
P3
F=3
P2
F=2
P1
F=1
p6
F=9
P7
F=6
P5
F=5
P4
F=4
P3
F=3
1
P8
F=13
p6
F=9
0.25
V_t =9.2
8
7
6
5
4
3
2
Time
1
P8
F=13
0.25
V_t =10
8
7
6
5
4
3
2
Time
1
0.25
P8
F=13
P2
F=2
APFQ - Nir Halachmi (IDC)
P1
F=1
Problem demonstration
V_t =6
Time
P7
F=6
P8
F=13
p6
F=9
P5
F=5
The new flow arrive and it’s finish
time is set by the virtual time and not
by the real round time (it finish time
should have been 3)
1
P4
F=4
P3
F=3
P2
F=2
P1
F=1
P3
F=3
P2
F=2
P1
F=1
0.25
V_t =6.8
8
7
6
5
4
3
2
Time
P7
F=6
P8
F=13
p6
F=9
P4
F=4
1
P5
F=5
0.25
The new flow packet should have been
transmitted by now
V_t =7.6
8
7
6
5
4
3
2
Time
P7
F=6
P8
F=13
p6
F=9
1
0.25
P5
F=5
P4
F=4
P3
F=3
P2
F=2
APFQ - Nir Halachmi (IDC)
P1
F=1
Sketch of proof
1
wi  
i
1
w1  
1
1
w2  
2
1
w3  
3
APFQ - Nir Halachmi (IDC)