High performance distributed Denial-of-Service resilient web cluster architecture

Though the WWW has come a long way since when it was monikered the World Wide Wait, it is still not reliable during heavy workload conditions. Overloads due to sudden arrival of users (flash crowds) is known to exponentially increase download times. More recently, online banks and portals have been the target of Distributed Denial-of-Service (DDoS) attacks, which send a deluge of requests and drive away the legitimate users. These overloads pose a new set of challenges towards efficient operation at enterprises that host web content which this dissertation addresses by combining knowledge of the network as well as server performance. In particular, this dissertation proposes a web hosting architecture consisting of a grid of clusters, to provide high-performance in the presence of standard overload conditions as well as resilience during attacks. The architecture\´s high-performance component is provided by a server selection framework which selects the "best server" to serve a request as well as allows for an efficient multiplexing of resources across the entire cluster grid. Traditional approaches assume that minimizing network hop count minimizes client latency. In contrast, the proposed mechanism for server selection collects fine-grained server load and network latency measurements and forwards requests to the server that minimizes the total of estimated network and server delays. The architecture\´s DDoS- resilience is provided via a combination of anomaly detection and scheduling based mitigation of DDoS attacks. In contrast to prior work, the suspicion mechanism assigns a continuous valued vs. binary suspicion measure to each client session, and the scheduler utilizes these values to determine if and when to schedule a session\´s requests. Via a combination of analytical modeling and testbed experiments over an online bookstore implementation, the performance benefits achieved by the proposed cluster architecture are justified.