-
CloudCast: Characterizing Public Clouds Connectivity
Authors:
Noga H. Rotman,
Yaniv Ben-Itzhak,
Aran Bergman,
Israel Cidon,
Igor Golikov,
Alex Markuze,
Eyal Zohar
Abstract:
Public clouds are one of the most thriving technologies of the past decade. Major applications over public clouds require world-wide distribution and large amounts of data exchange between their distributed servers. To that end, major cloud providers have invested tens of billions of dollars in building world-wide inter-region networking infrastructure that can support high performance communicati…
▽ More
Public clouds are one of the most thriving technologies of the past decade. Major applications over public clouds require world-wide distribution and large amounts of data exchange between their distributed servers. To that end, major cloud providers have invested tens of billions of dollars in building world-wide inter-region networking infrastructure that can support high performance communication into, out of, and across public cloud geographic regions. In this paper, we lay the foundation for a comprehensive study and real time monitoring of various characteristic of networking within and between public clouds. We start by presenting CloudCast, a world-wide and expandable measurements and analysis system, currently (January 2019)collecting data from three major public clouds (AWS, GCPand Azure), 59 regions, 1184 intra-cloud and 2238 cross-cloud links (each link represents a direct connection between a pair of regions), amounting to a total of 3422 continuously monitored links and providing active measurements every minute.CloudCast is composed of measurement agents automatically installed in each public cloud region, centralized control, measurement data base, analysis engine and visualization tools. Then we turn to analyze the latency measurement data collected over almost a year . Our analysis yields surprising results. First, each public cloud exhibits a unique set of link latency behaviors along time. Second, using a novel, fair evaluation methodology, termed similar links, we compare the three clouds. Third, we prove that more than 50% of all links do not provide the optimal RTT through the methodology of triangles. Triangles also provide a framework to get around bottlenecks, benefiting not only the majority (53%-70%) of the cross-cloud links by 30% to 70%, but also a significant portion (29%-45%) of intra-cloud links by 14%-33%.
△ Less
Submitted 22 January, 2022; v1 submitted 18 January, 2022;
originally announced January 2022.
-
The Risks of WebGL: Analysis, Evaluation and Detection
Authors:
Alex Belkin,
Nethanel Gelernter,
Israel Cidon
Abstract:
WebGL is a browser feature that enables JavaScript-based control of the graphics processing unit (GPU) to render interactive 3D and 2D graphics, without the use of plug-ins. Exploiting WebGL for attacks will affect billions of users since browsers serve as the main interaction mechanism with the world wide web. This paper explores the potential threats derived from the recent move by browsers from…
▽ More
WebGL is a browser feature that enables JavaScript-based control of the graphics processing unit (GPU) to render interactive 3D and 2D graphics, without the use of plug-ins. Exploiting WebGL for attacks will affect billions of users since browsers serve as the main interaction mechanism with the world wide web. This paper explores the potential threats derived from the recent move by browsers from WebGL 1.0 to the more powerful WebGL 2.0. We focus on two possible abuses of this feature: distributed password cracking and distributed cryptocurrency mining. Our evaluation of the attacks also includes the practical aspects of successful attacks, such as stealthiness and user-experience. Considering the danger of WebGL abuse, as observed in the experiments, we designed and evaluated a proactive defense. We implemented a Chrome extension that proved itself effective in detecting and blocking WebGL. We demonstrate in our experiments the major improvements of WebGL 2.0 over WebGL 1.0 both in performance and in convenience. Furthermore, our results show that it is possible to use WebGL 2.0 in distributed attacks under real-world conditions. Although WebGL 2.0 shows similar hash rates as CPU-based techniques, WebGL 2.0 proved to be significantly harder to detect and has a lesser effect on user experience.
△ Less
Submitted 30 April, 2019;
originally announced April 2019.
-
Pied Piper: Rethinking Internet Data Delivery
Authors:
Aran Bergman,
Israel Cidon,
Isaac Keslassy,
Noga Rotman,
Michael Schapira,
Alex Markuze,
Eyal Zohar
Abstract:
We contend that, analogously to the transition from resource-limited on-prem computing to resource-abundant cloud computing, Internet data delivery should also be adapted to a reality in which the cloud offers a virtually unlimited resource, i.e., network capacity, and virtualization enables delegating local tasks, such as routing and congestion control, to the cloud. This necessitates rethinking…
▽ More
We contend that, analogously to the transition from resource-limited on-prem computing to resource-abundant cloud computing, Internet data delivery should also be adapted to a reality in which the cloud offers a virtually unlimited resource, i.e., network capacity, and virtualization enables delegating local tasks, such as routing and congestion control, to the cloud. This necessitates rethinking the traditional roles of inter- and intra-domain routing and conventional end-to-end congestion control.
We introduce Optimized Cloudified Delivery (OCD), a holistic approach for optimizing joint Internet/cloud data delivery, and evaluate OCD through hundreds of thousands of file downloads from multiple locations. We start by examining an OCD baseline approach: traffic from a source A to a destination B successively passes through two cloud virtual machines operating as relays - nearest to A and B; and the two cloud relays employ TCP split.
We show that even this naive strategy can outperform recently proposed improved end-to-end congestion control paradigms (BBR and PCC) by an order of magnitude.
Next, we present a protocol-free, ideal pipe model of data transmission, and identify where today's Internet data delivery mechanisms diverge from this model. We then design and implement OCD Pied Piper. Pied Piper leverages various techniques, including novel kernel-based transport-layer accelerations, to improve the Internet-Cloud interface so as to approximately match the ideal network pipe model.
△ Less
Submitted 20 December, 2018; v1 submitted 13 December, 2018;
originally announced December 2018.
-
Distributed Algorithms in Multihop Broadcast Networks
Authors:
Israel Cidon,
Osnat Mokryn
Abstract:
Broadcast networks are often used in modern communication systems. A common broadcast network is a single hop shared media system, where a transmitted message is heard by all neighbors, such as some LAN networks. In this work we consider a more complex environment, in which a transmitted message is heard only by a group of neighbors, such as Ad-Hoc networks, satellite and radio networks, as well…
▽ More
Broadcast networks are often used in modern communication systems. A common broadcast network is a single hop shared media system, where a transmitted message is heard by all neighbors, such as some LAN networks. In this work we consider a more complex environment, in which a transmitted message is heard only by a group of neighbors, such as Ad-Hoc networks, satellite and radio networks, as well as wireless multistation backbone system for mobile communication. It is important to design efficient algorithms for such environments. Our main result is a new Leader Election algorithm, with O(n) time complexity and O(n*lg(n)) message transmission complexity. Our distributed solution uses a propagation of information with feedback (PIF) building block tuned to the broadcast media, and a special counting and joining approach for the election procedure phase. The latter is required for achieving the linear time. It is demonstrated that the broadcast model requires solutions which are different from the known point-to-point model.
△ Less
Submitted 8 September, 1999;
originally announced September 1999.