Marc Wyss (ETH Zurich), Yih-Chun Hu (University of Illinois at Urbana-Champaign), Vincent Lenders (University of Luxembourg), Roland Meier (armasuisse), Adrian Perrig (ETH Zurich)
Ensuring fair bandwidth allocations on the public Internet is challenging. Congestion control algorithms (CCAs) often fail in achieving fairness, especially when different CCAs operate simultaneously. This challenge becomes even more pronounced during volumetric distributed denial-of-service (DDoS) attacks, where legitimate traffic can be starved entirely. One approach to address this challenge is to enforce fairness by allocating bandwidth directly at routers. However, existing solutions generally fall into two categories: those that are easy to deploy but fail to provide secure in-network bandwidth isolation, and those that offer strong isolation guarantees but rely on complex assumptions that hinder real-world deployment.
To bridge the gap between these two categories, we introduce a new fairness model based on the notion of a per-stream Fractional Fair Share (FFS). At each on-path node, a stream’s FFS, represented as packet labels and updated along the forwarding path, conveys its current fair share of egress bandwidth. The combination of a packet-carried FFS and probabilistic forwarding enables effective and scalable isolation of streams with minimal overhead. FFS is the first system to combine low implementation and deployment overhead with effective bandwidth isolation, while remaining robust against source address spoofing and volumetric DDoS attacks, and delivering high performance, scalability, as well as minimal latency and jitter.
We show that FFS effectively isolates bandwidth across 15 different CCAs while keeping latency and jitter minimal. Our high-speed implementation sustains a 160 Gbps line rate on commodity hardware. Evaluated on realistic Internet topologies, FFS outperforms several of the most recent and secure bandwidth isolation systems in both median and total bandwidth allocation. In our security analysis, we prove that FFS guarantees a non-zero lower bound on bandwidth allocation for every traffic stream, ensuring that volumetric DDoS attacks, even when combined with source address spoofing, cannot prevent legitimate communication. Finally, we present an extension of FFS that provides accurate and secure rate feedback to the sender, allowing rapid rate adaptation with minimal packet loss.