Controlling High Bandwidth Aggregates in the Network (Extended Version)

The current Internet infrastructure has very few built-in protection mechanisms and is therefore vulnerable to attacks and failures. In particular, recent events have illustrated the Internet's vulnerability to both denial of service (DoS) attacks and flash crowds in which one or more links in the network (or servers at the edge of the network) become severely congested. In both flash crowds and DoS attacks the congestion is not due to a single flow, nor to a general increase in traffic, but to a well-defined subset of the traffic -- an aggregate. This paper discusses mechanisms for detecting and controlling such high bandwidth aggregates. Our approach involves both a local mechanism for detecting and controlling an aggregate at a single router, and a cooperative pushback mechanism in which a router can ask adjacent routers to control an aggregate upstream. These mechanisms, while certainly not a panacea, provide relief from flash crowds and flooding-style DoS attacks.