UC BERKELEY
EECS technical reports
TECHNICAL REPORTS


CSD-01-1144.pdf
CSD-01-1144.ps
Conditions of Use

Archive Home Page

Furies: A Scalable Framework for Traffic Policing and Admission Control

Authors:
Chuah, Chen-Nee
Subramanian, Lakshminarayanan
Katz, Randy
Technical Report Identifier: CSD-01-1144
May 2001
CSD-01-1144.pdf
CSD-01-1144.ps

Abstract: Furies provides a control framework for scalable, efficient admission control and traffic policing. Furies leverages the knowledge of traffic demand distributions between ingress-egress pairs and the network topology within an ISP in making admission control decisions. We propose to aggregate admitted flows for policing at edge routers instead of monitoring individual flows. Furies achieves this by assigning a unique flow-identifier to every admitted flow based on its ingress and egress point. As a result, the amount of states maintained by the edge routers can be reduced from O(n) to O(square root of n), where n is the number of admitted flows, while core routers are stateless. Simulation results show that we can successfully detect a majority (64-83%) of the malicious flows with virtually zero false-alarms without maintaining per-flow state at the edge. Our implementation demonstrates that Furies adds minimal processing overhead to edge routers and can be incrementally deployed.