Overlay Networks: An Akamai Perspective

Ramesh K. Sitaraman, mangesh kasbekar, Woody Lichtenstein, and Manish Jain

Akamai Technologies IncUniverisy of Massachusetts, Amherst

Presented by Huazhe Wang

Akamai Technologies, Inc. is a content delivery network and cloud services provider headquartered in Cambridge, Massachusetts, in the United States.

Outline

Motivation Overview of Overlay Networks Caching Overlays Routing Overlays Security Overlays

Content Distribution using the Internet The Internet is increasingly being used for digital

content and media delivery. Business, commerce, entertainment, news and social

interactions

Requirements: high reliability, performance, security, scalability and low operating costs. Major e-commerce sites require 99.99% of reliability TransportingTens of petabits per second of data to

support High quality television

Deficiencies of the Internet A heterogeneous network of

networks Access traverses multiple

networks to obtain content

“Best effort”

Failures and performance degradation are common

Major shortcomings of the Internet Outrages

Misconfigured routers, DDoS attacks, cable cuts, power disruptions…

Congestion High traffic demand Economic reasons

Lack of scalability One point failure Over/under provisioning

server

C0

client 1

client 2

client n

Major shortcomings of the Internet

Slow adaptability Large investment Business relations

Lack of security Growing Distributed denial

of service (DDoS) attacks Cost additional servers and

bandwidth

Challenges: How to bridge the gap between what modern Internet-based services need and what the Internet actually provides? Redesign of the Internet

Hard to implement given the wide-adoption of the current technology

Overlay Networks

Overview of Overlay Networks Fundamental idea: virtually great what you

want with what you have. Fragmented storage to a single, contiguous virtual

memory space Virtual machine Internet was built as a overlay on top of the

telephone network

Overview of Overlay Networks

An overlay network is built on top of the public Internet to provide the stringent requirements that rich Internet-based services need.

Peer to peer (P2P) Overlays

P2P uses end users’ host to form overlays that can be used for downloading content. Unnecessary long distance Traversing multiple Ass

P2P Problem : Network Inefficiency P2P applications are largely network-

oblivious and may not be network efficient Verizon (2008)

average P2P bit traverses 1,000 miles on network average P2P bit traverses 5.5 metro-hops

Karagiannis et al. on BitTorrent, a university network (2005) 50%-90% of existing local pieces in active users are

downloaded externally

Peer to peer (P2P) Overlays

Hybrid approaches that combine P2P principles with a dedicated overlay infrastructure are widely used.

Overlays described in the paper use a dedicated server infrastructure owned and operated by the overlay provider, rather than the computers belonging to users.

Overlay Architecture Overlays used to deliver content, applications and services

Origins One or a few, locates in core

Edge servers Hundreds thousand Locates at the edges, close to users

Transport system High reliability and performance

Outline

Motivation Overview of Overlay Networks Caching Overlays Routing Overlays Security Overlays

Caching Overlays Caching HTTP/HTTPS

proxy servers

Usage Static objects can be cached for some period

Embedded image on a web page, a movie, a music, a software download, or a software update

Benefits Availability, performance and origin offload

Performance benefits

30 agents located in Asia, Europe, and North America The agents hourly download a popular web page Origin servers locate in Dallas

Origin offload benefits Origin offload

Is equal to the ratio of the volume of traffic served by the origin without the overlay to the volume of traffic served by the origin with the overlay. A large decrease in server, bandwidth, expenses.

Popular vs cold traffic Cache hierarchy

Adding a layer of parent servers Increases the origin offload, easy to implement

Performance benefits

Origin offload increases with deployment of cache hierarchy

Performance benefits

Outline

Motivation Overview of Overlay Networks Caching Overlays Routing Overlays Security Overlays

Yale LANS

Routing Overlays Usage

Not all content on the Internet is cacheable for long time Gaming, live streams.

Benefits Discovering better ‘overlay path’ to improve performance

and availability

Yale LANS

Routing Overlays

Some issues to be considered An overlay construction algorithm to compute a set of

candidate overlay paths Real-time latency, loss, available bandwidth Choosing which of these paths to use depends on real-time

testing of the different path options.

Yale LANS

Routing Overlays Formulating overlay construction as multi-

commodity flow

Yale LANS

Routing Overlays Link costs can be defined in different ways to construct different types of routing overlays.

Latency vs bandwidth price e.g. finding the fastest overlay routes while avoiding links that are too expensive, or finding the cheapest overlay paths while avoiding paths that are too slow.

Throughput Minimizing latency is important when delivering small-size responses. Maximizing throughput is important for large responses.

TCP performance The overlay paths must remain “sticky" over longer periods of time.

Yale LANS

Routing Overlays Selecting the reverse proxy

Choosing a reverse proxy close to the origin Low latency, loss, Shared link Reducing penalty to set up a new TCP connection

Performance benefits

The significantly greater performance is due to the ability of the routing overlay to find alternate paths that avoid the failed links between different parts of Asia to the Boston origin.

Performance benefits Without major Internet outrage

Outline

Motivation Overview of Overlay Networks Caching Overlays Routing Overlays Security Overlays

Yale LANS

Security Overlays Defending against DDoS attacks

Not provided by Internet architecture In caching/routing overlay networks, performing

security tasks at the edge server of overlay networks is effective.

Security overlay Architecture

Yale LANS

Security Overlays Security overlay Architecture

Shared attack capacity Is flexible to increase bandwidth capacity at some locations

on-demand as needed. Cost effective.

Shared expertise and lower costs A team of security experts provides high level of defense with

low costs.

Advanced security features Security features to defend against all kind of attacks, like a

networking stack, firewall.

Yale LANS

Security Overlays Shielding the origin

Shielding the origin from accesses coming from strange end hosts

Control design Controls are provided for individual content providers

Performance benefits 50 to 9000

during a DDoS attack

90% of attacker’s requests are denied

Summary

Overlays hold the keys to the rapid evolution of Internet services.

Three key types of overlays.

Thank you and Questions