We propose a novel architecture for providing bandwidth allocation and reservation that is both scalable and robust. Scalability is achieved by not requiring routers to maintain per-flow state on either the data or control planes. To achieve robustness, we develop two key techniques. First, we use an admission control mechanism based on lightweight certificates and random sampling to prevent malicious users from claiming reservations that were never allocated to them. Second, we use a recursive monitoring algorithm to detect misbehaving flows that exceed their reservations. We randomly divide the traffic into large aggregates, and then compare the data arrival rate of each aggregate to its reservation. If an aggregate misbehaves, i.e., its arrival rate is greater than its reservation, we split and monitor that aggregate recursively until we detect the misbehaving flow(s). These misbehaving flows are then policed separately. We conduct extensive simulations to evaluate our solutions. The results show that the proposed solution is very effective in protecting well-behaved flows when the fraction of misbehaving flows is limited.




Download Full History