Today - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Today

Description:

Exposes internal architecture to external view ... E.g. http://www.abc.com/path1/object2.jpg = http://server1.abc.com/object2.jpg ... – PowerPoint PPT presentation

Number of Views:33
Avg rating:3.0/5.0
Slides: 16
Provided by: briandd
Category:
Tags: abc | com | the | today | view

less

Transcript and Presenter's Notes

Title: Today


1
Today
  • Special Topics (finish Ch8 Wed)
  • Caching without permission
  • ./ Effect
  • WWW Load Balancing
  • Global Expansion
  • WUME Projects (if time)
  • This week
  • Steve, Prof. Cheng guest lectures

2
Chapter 7 Quiz
  • What is the difference between an active and a
    passive intruder?
  • What is the purpose of a nonce in an
    authentication protocol?

3
Chapter 7 Quiz Answers
  • Q What is the difference between an active and a
    passive intruder?A A passive intruder only
    monitors (sniffs, intercepts) messages. An
    active intruder can also monitor traffic, but
    will also actively send messages into the
    network.
  • Q What is the purpose of a nonce in an
    authentication protocol?A A nonce is used to
    ensure that the person being authenticated is
    live. Nonces thus are used to combat playback
    attacks.

4
Caching without permission
  • Youve been hired as a consultant
  • Upstream connection is overloaded
  • You suggest the use of a proxy cache to reduce
    upstream Web traffic needs
  • A normal forward proxy requires each client to
    configure their browser to use it
  • Many users will ignore requests to change their
    configuration
  • You suggest filtering all port 80 traffic except
    from the proxy cache
  • Users will complain loudly and bitterly about
    taking away their network access
  • IT help desk will be overloaded with calls on how
    to make the correct configuration change too
    expensive
  • What else can you do?

5
Caching without permission
  • Interception proxy can transparently redirect
    traffic to a cache without client-side changes
  • A router or switch can redirect Web traffic to
    a cache, with a network interface operating in
    promiscuous mode
  • Essentially, policy-based routing using info from
    layer 4 (port number)
  • Sometimes called a Web switch
  • Thus, the cache will accept HTTP requests
    destined to any IP address, and use IP spoofing
    to make it look like the response is also from
    that IP address
  • Essentially, a cache-in-the-middle attack
  • Such proxies are common in some ISPs, such as
    cable services

6
/. Effect
  • Your amazing, but otherwise low-traffic web site
    has been mentioned in an interesting article on
    www.slashdot.com
  • Your site is now essentially unreachable because
    of the unexpected traffic
  • You know that the extra traffic could pay (by
    advertising) for improvements
  • What do you do?

7
Handling high Web loads
  • Buy more bandwidth
  • Get multiple connections (to different ISPs or
    same ISP which has multiple connections)
  • Buy a bigger server
  • Eventually gets very expensive
  • Still a single point of failure
  • Still has same limits on port numbers, etc. which
    limits simultaneous access
  • Install a reverse proxy cache to handle static
    content
  • Buy multiple inexpensive servers
  • How do you distribute load across those servers?

8
WWW Load Balancing
  • Optimal use of hardware suggests that each system
    have the same load
  • Problem applies to cluster of proxies or to
    cluster of servers
  • DNS Round-robin
  • Each machine has IP address that is in DNS entry
    for hostname
  • On each request, the DNS server gives the list in
    a different order
  • Response is cached by other DNS servers
  • No guarantee of even load distribution
  • because of caching, variations in request cost,
    etc.
  • Each machine must be equal in capabilities (same
    content)
  • Multiple potential points of failure

9
WWW Load Balancing
  • HTTP Redirection
  • Server sends back response saying the resource
    has moved
  • E.g., http//www.abc.com/path1/resource2.jpg gt
    moved to http//server1.abc.com/resource2.jpg
  • Can provide good load balancing and fault
    tolerance
  • Can have specialized servers for static vs.
    dynamic objects
  • Exposes internal architecture to external view
  • User can see final URL, bookmark location, link
    to location
  • Causes problems with load balancing (not using
    central redirection process)
  • Causes problems with robustness when architecture
    changes

10
WWW Load Balancing
  • Proxy with URL re-writing
  • Different servers can have different
    capa-bilities and processing capacities
  • Might serve from cache
  • If not in cache, take URL, re-write according
    to rules, and issue request
  • E.g. http//www.abc.com/path1/object2.jpg gt
    http//server1.abc.com/object2.jpg
  • Proxy is single point of failure and connection
    bottleneck
  • Can provide server fault tolerance, load-balancing

11
WWW Load Balancing
  • Load-balancing switch can redirect Web request
    to least loaded server
  • Use layer 4 information (IPport)
  • Needs to keep forwarding packets for lifetime of
    connection
  • If heterogeneous servers, use layer 7 information
    (URL requested)
  • Can cause problems with persistent connections
  • For best performance/consistency, may want
    cache/server affinity
  • Use cookie from request

12
Global expansion
  • You have a large, successful e-commerce site
  • Cluster of servers in Calif. ISP data center
  • You are concerned about a natural disaster
    (earthquake, energy crisis, backhoe operators,
    etc.) and handling flash crowds
  • You want to improve service to other parts of the
    country and world
  • What do you do?
  • Open second data center
  • Use content delivery network services
  • Both

13
Geographic load balancing
  • Which data center serves a user?
  • Policies Load-balancing, nearest, etc.
  • DNS Round Robin
  • Not good for nearest, or load-balancing or
    failover
  • DNS responding with IP of nearest/best data
    center
  • Determine nearness statically (analyze request IP
    address) or dynamically (first response from
    multiple sites)
  • Might not really be nearest/best performing
  • DNS response might be cached longer than expected
  • Routing all data centers advertise same network
    address
  • No DNS mess
  • BGP automatically finds best/nearest center
  • Routing instabilities could cause connection
    failures

14
Content Delivery Networks
  • E.g., Akamai, Digital Island, Speedera, Mirror
    Image
  • Operates a distributed set of servers/caches
  • Same problem of finding nearest/best server
  • Not all servers/caches have needed data
  • Originally just for static data, streaming media
  • Now ESI approach can dynamically build pages at
    edge servers
  • Near future, edge servers can run some
    applications for content provider (J2EE, .NET)

15
Networking Projects in WUME
  • WUME Web Understanding, Modeling, and
    Evaluation Laboratory (PL251)
  • Some Projects
  • WWW Proxy Evaluation
  • Transparent WWW appliance evaluation
  • Gnutella Mapping and Measurement
  • Gnutella-WWW Gatew ay
  • Search engine development
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Today" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!