Thinning akamai

  • Authors:
  • Ao-Jan Su;Aleksandar Kuzmanovic

  • Affiliations:
  • Northwestern University, Evanston, IL, USA;Northwestern University, Evanston, IL, USA

  • Venue:
  • Proceedings of the 8th ACM SIGCOMM conference on Internet measurement
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

Global-scale Content Distribution Networks (CDNs), such as Akamai, distribute thousands of servers worldwide providing a highly reliable service to their customers. Not only has reliability been one of the main design goals for such systems - they are engineered to operate under severe and constantly changing number of server failures occurring at all times. Consequently, in addition to being resilient to component or network outages, CDNs are inherently considered resilient to denial-of-service (DoS) attacks as well. In this paper, we focus on Akamai's (audio and video) streaming service and demonstrate that the current system design is highly vulnerable to intentional service degradations. We show that (i) the discrepancy among streaming flows' lifetimes and DNS redirection timescales, (ii) the lack of isolation among customers and services, (e.g., video on demand vs. live streaming), (iii) a highly transparent system design, (iv) a strong bias in the stream popularity, and (v) minimal clients' tolerance for low-quality viewing experiences, are all factors that make intentional service degradations highly feasible. We demonstrate that it is possible to impact arbitrary customers' streams in arbitrary network regions: not only by targeting appropriate points at the streaming network's edge, but by effectively provoking resource bottlenecks at a much higher level in Akamai's multicast hierarchy. We provide countermeasures to help avoid such vulnerabilities and discuss how lessons learned from this research could be applied to improve DoS-resiliency of large-scale distributed and networked systems in general.