Performance Analysis of Offloading Application-Layer Tasks to Network Processors

Mahadevan, Soumya

01 January 2007

Offloading tasks to a network processor is one of the important ways to increase server performance. Hardware offloading of Transmission Control Protocol/Internet Protocol (TCP/IP) intensive tasks is known to significantly improve performance. When the entire application is considered for offloading, the impact on the server can be significant because it significantly reduces the load on the server. The goal of this thesis is to consider such a system with application-level offloading, rather than hardware offloading, and gauge its performance benefits. I am implementing this project on an Apache httpd server (running RedHat Linux), on a system that utilizes a co-located network processor system (IXP2855). The performance of the two implementations is measured using the SPECweb2005 benchmark, which is the accepted industry standard for evaluating Web server performance.

network processors

web servers

offloading

performance analysis

Engineering

A memory-based load balancing technique for distributed web servers

Bennur, Harsha

01 January 1998

No description available.

Computer networks -- Workload

Web servers

Computer Sciences

Physical Sciences and Mathematics

TCP Connection Management Mechanisms for Improving Internet Server Performance

Shukla, Amol

January 2005

This thesis investigates TCP connection management mechanisms in order to understand the behaviour and improve the performance of Internet servers during overload conditions such as flash crowds. We study several alternatives for implementing TCP connection establishment, reviewing approaches taken by existing TCP stacks as well as proposing new mechanisms to improve server throughput and reduce client response times under overload. We implement some of these connection establishment mechanisms in the Linux TCP stack and evaluate their performance in a variety of environments. We also evaluate the cost of supporting half-closed connections at the server and assess the impact of an abortive release of connections by clients on the throughput of an overloaded server. Our evaluation demonstrates that connection establishment mechanisms that eliminate the TCP-level retransmission of connection attempts by clients increase server throughput by up to 40% and reduce client response times by two orders of magnitude. Connection termination mechanisms that preclude support for half-closed connections additionally improve server throughput by up to 18%.

Computer Science

TCP

Server Performance

Flash Crowds

Web Servers

TCP Connection Management

Políticas de atendimento para servidores Web com serviços diferenciados baseadas nas características das requsições / Atttendance politics for Web servers with differentiated services based on the features of Web requests

Traldi, Ottone Alexandre

12 December 2008

Este trabalho propõe mecanismos de diferenciação de serviços para servidores Web, visando a melhorar o desempenho desses sistemas quando são consideradas as características das requisições Web nas políticas de atendimento. Optou-se por adotar o contexto do comércio eletrônico para a realização das pesquisas, uma vez que esse ambiente é um dos mais impactados negativamente quando há um comportamento inadequado do servidor em situações de sobrecarga. Para isso, foi realizada uma investigação das características das requisições Web típicas do e-commerce, para que tais características pudessem ser usadas como diretrizes para os mecanismos e melhorar o desempenho dos servidores. Em seguida, foram propostos um modelo de carga de trabalho e um modelo de simulação para a realização dos experimentos. Com isso, foi possível avaliar os resultados obtidos com a inserção dos diversos mecanismos no Servidor Web com Diferenciação de Serviços (SWDS), um modelo de servidor cuja arquitetura o torna capaz de fornecer serviços diferenciados a seus usuários e aplicações. Foram propostos novos mecanismos de escalonamento de requisições bem como novos mecanismos de controle de admissão. Diversas simulações foram realizadas e os resultados obtidos mostram que a exploração das características das requisições Web, além de ser fundamental para um bom entendimento do comportamento do servidor, possibilita a melhoria de desempenho do sistema / This work proposes differentiated services mechanisms for Web servers, aiming at improving their performance when the features of Web requests are considered. The electronic commerce (e-commerce) context was adopted to develop the researches once this environment is one of the most negatively influenced when there is an inadequate behavior of the server under overload situations. Thus, it was realized an investigation on the features of ecommerce Web requests, so that these features could be used both as guidelines for the mechanisms and to improve the performance of the servers. Afterwards, a workload model and a simulation model were proposed to implement the experiments. Thus, it was possible to evaluate the results obtained with the insertion of several mechanisms in the Web Server with Differentiated Services (WSDS), a server model with an architecture that makes it capable of supplying differentiated services to its users and applications. New request scheduling mechanisms were proposed as well as new mechanisms for admission control. Several simulations were realized and the obtained results show that the exploration of the Web request features, besides being fundamental for a good understanding of the server behavior, makes possible to improve the system performance

Avaliação de desempenho

Performance valuation

Qualidade de serviços

Quality of service

Servidores Web

Simulação

Simulation

Web servers

A Study of Replicated and Distributed Web Content

John, Nitin Abraham

10 August 2002

" With the increase in traffic on the web, popular web sites get a large number of requests. Servers at these sites are sometimes unable to handle the large number of requests and clients to such sites experience long delays. One approach to overcome this problem is the distribution or replication of content over multiple servers. This approach allows for client requests to be distributed to multiple servers. Several techniques have been suggested to direct client requests to multiple servers. We discuss these techniques. With this work we hope to study the extent and method of content replication and distribution at web sites. To understand the distribution and replication of content we ran client programs to retrieve headers and bodies of web pages and observed the changes in them over multiple requests. We also hope to understand possible problems that could face clients to such sites due to caching and standardization of newer protocols like HTTP/1.1. The main contribution of this work is to understand the actual implementation of replicated and distributed content on multiple servers and its implication for clients. Our investigations showed issues with replicated and distributed content and its effects on caching due to incorrect identifers being send by different servers serving the same content. We were able to identify web sites doing application layer switching mechanisms like DNS and HTTP redirection. Lower layers of switching needed investigation of the HTTP responses from servers, which were hampered by insuffcient tags send by servers. We find web sites employ a large amount of distribution of embedded content and its ramifcations on HTTP/1.1 need further investigation. "

HTTP/1.1

replicated

caching

load balancing

web content

distributed

World wide web

Web servers

Adaptive Multimedia Content Delivery for Scalable Web Servers

Pradhan, Rahul

02 May 2001

The phenomenal growth in the use of the World Wide Web often places a heavy load on networks and servers, threatening to increase Web server response time and raising scalability issues for both the network and the server. With the advances in the field of optical networking and the increasing use of broadband technologies like cable modems and DSL, the server and not the network, is more likely to be the bottleneck. Many clients are willing to receive a degraded, less resource intensive version of the requested content as an alternative to connection failures. In this thesis, we present an adaptive content delivery system that transparently switches content depending on the load on the server in order to serve more clients. Our system is designed to work for dynamic Web pages and streaming multimedia traffic, which are not currently supported by other adaptive content approaches. We have designed a system which is capable of quantifying the load on the server and then performing the necessary adaptation. We designed a streaming MPEG server and client which can react to the server load by scaling the quality of frames transmitted. The main benefits of our approach include: transparent content switching for content adaptation, alleviating server load by a graceful degradation of server performance and no requirement of modification to existing server software, browsers or the HTTP protocol. We experimentally evaluate our adaptive server system and compare it with an unadaptive server. We find that adaptive content delivery can support as much as 25% more static requests, 15% more dynamic requests and twice as many multimedia requests as a non-adaptive server. Our, client-side experiments performed on the Internet show that the response time savings from our system are quite significant.

Multimedia

Content Adaptation

Scalable

Content Delivery

Web servers

Multimedia systems

Load sharing

Understanding Flaws in the Deployment and Implementation of Web Encryption

Sivakorn, Suphannee

January 2018

In recent years, the web has switched from using the unencrypted HTTP protocol to using encrypted communications. Primarily, this resulted in increasing deployment of TLS to mitigate information leakage over the network. This development has led many web service operators to mistakenly think that migrating from HTTP to HTTPS will magically protect them from information leakage without any additional effort on their end to guar- antee the desired security properties. In reality, despite the fact that there exists enough infrastructure in place and the protocols have been “tested” (by virtue of being in wide, but not ubiquitous, use for many years), deploying HTTPS is a highly challenging task due to the technical complexity of its underlying protocols (i.e., HTTP, TLS) as well as the complexity of the TLS certificate ecosystem and this of popular client applications such as web browsers. For example, we found that many websites still avoid ubiquitous encryption and force only critical functionality and sensitive data access over encrypted connections while allowing more innocuous functionality to be accessed over HTTP. In practice, this approach is prone to flaws that can expose sensitive information or functionality to third parties. Thus, it is crucial for developers to verify the correctness of their deployments and implementations. In this dissertation, in an effort to improve users’ privacy, we highlight semantic flaws in the implementations of both web servers and clients, caused by the improper deployment of web encryption protocols. First, we conduct an in-depth assessment of major websites and explore what functionality and information is exposed to attackers that have hijacked a user’s HTTP cookies. We identify a recurring pattern across websites with partially de- ployed HTTPS, namely, that service personalization inadvertently results in the exposure of private information. The separation of functionality across multiple cookies with different scopes and inter-dependencies further complicates matters, as imprecise access control renders restricted account functionality accessible to non-secure cookies. Our cookie hijacking study reveals a number of severe flaws; for example, attackers can obtain the user’s saved address and visited websites from e.g., Google, Bing, and Yahoo allow attackers to extract the contact list and send emails from the user’s account. To estimate the extent of the threat, we run measurements on a university public wireless network for a period of 30 days and detect over 282K accounts exposing the cookies required for our hijacking attacks. Next, we explore and study security mechanisms purposed to eliminate this problem by enforcing encryption such as HSTS and HTTPS Everywhere. We evaluate each mechanism in terms of its adoption and effectiveness. We find that all mechanisms suffer from implementation flaws or deployment issues and argue that, as long as servers continue to not support ubiquitous encryption across their entire domain, no mechanism can effectively protect users from cookie hijacking and information leakage. Finally, as the security guarantees of TLS (in turn HTTPS), are critically dependent on the correct validation of X.509 server certificates, we study hostname verification, a critical component in the certificate validation process. We develop HVLearn, a novel testing framework to verify the correctness of hostname verification implementations and use HVLearn to analyze a number of popular TLS libraries and applications. To this end, we found 8 unique violations of the RFC specifications. Several of these violations are critical and can render the affected implementations vulnerable to man-in-the-middle attacks.

Computer science

Data encryption (Computer science)

Web servers

Internet--Security measures

A pattern-driven process for secure service-oriented applications

Unknown Date

During the last few years, Service-Oriented Architecture (SOA) has been considered to be the new phase in the evolution of distributed enterprise applications. Even though there is a common acceptance of this concept, a real problem hinders the widespread use of SOA : A methodology to design and build secure service-oriented applications is needed. In this dissertation, we design a novel process to secure service-oriented applications. Our contribution is original not only because it applies the MDA approach to the design of service-oriented applications but also because it allows their securing by dynamically applying security patterns throughout the whole process. Security patterns capture security knowledge and describe security mechanisms. In our process, we present a structured map of security patterns for SOA and web services and its corresponding catalog. At the different steps of a software lifecycle, the architect or designer needs to make some security decisions. / An approach using a decision tree made of security pattern nodes is proposed to help making these choices. We show how to extract a decision tree from our map of security patterns. Model-Driven Architecture (MDA) is an approach which promotes the systematic use of models during a system's development lifecycle. In the dissertation we describe a chain of transformations necessary to obtain secure models of the service-oriented application. A main benefit of this process is that it decouples the application domain expertise from the security expertise that are both needed to build a secure application. Security knowledge is captured by pre-defined security patterns, their selection is rendered easier by using the decision trees and their application can be automated. A consequence is that the inclusion of security during the software development process becomes more convenient for the architects/designers. / A second benefit is that the insertion of security is semi-automated and traceable. Thus, the process is flexible and can easily adapt to changing requirements. Given that SOA was developed in order to provide enterprises with modular, reusable and adaptable architectures, but that security was the principal factor that hindered its use, we believe that our process can act as an enabler for service-oriented applications. / by Nelly A. Delessy. / Thesis (Ph.D.)--Florida Atlantic University, 2008. / Includes bibliography. / Electronic reproduction. Boca Raton, FL : 2008 Mode of access: World Wide Web.

Computer network architectures

Web servers--Management

Software engineering

Expert systems (Computer science)

Asymmetric reversible parametric sequences approach to design a multi-key secure multimedia proxy: theory, design and implementation.

January 2003

Yeung Siu Fung. / Thesis (M.Phil.)--Chinese University of Hong Kong, 2003. / Includes bibliographical references (leaves 52-53). / Abstracts in English and Chinese. / Abstract --- p.ii / Acknowledgement --- p.v / Chapter 1 --- Introduction --- p.1 / Chapter 2 --- Multi-Key Encryption Theory --- p.7 / Chapter 2.1 --- Reversible Parametric Sequence --- p.7 / Chapter 2.2 --- Implementation of ARPSf --- p.11 / Chapter 3 --- Multimedia Proxy: Architectures and Protocols --- p.16 / Chapter 3.1 --- Operations to Request and Cache Data from the Server --- p.16 / Chapter 3.2 --- Operations to Request Cached Data from the Multimedia Proxy --- p.18 / Chapter 3.3 --- Encryption Configuration Parameters (ECP) --- p.19 / Chapter 4 --- Extension to multi-level proxy --- p.24 / Chapter 5 --- Secure Multimedia Library (SML) --- p.27 / Chapter 5.1 --- Proxy Pre-fetches and Caches Data --- p.27 / Chapter 5.2 --- Client Requests Cached Data From the Proxy --- p.29 / Chapter 6 --- Implementation Results --- p.31 / Chapter 7 --- Related Work --- p.40 / Chapter 8 --- Conclusion --- p.42 / Chapter A --- Function Prototypes of Secure Multimedia Library (SML) --- p.44 / Chapter A.1 --- CONNECTION AND AUTHENTICATION --- p.44 / Chapter A.1.1 --- Create SML Session --- p.44 / Chapter A.1.2 --- Public Key Manipulation --- p.44 / Chapter A.1.3 --- Authentication --- p.45 / Chapter A.1.4 --- Connect and Accept --- p.46 / Chapter A.1.5 --- Close Connection --- p.47 / Chapter A.2 --- SECURE DATA TRANSMISSION --- p.47 / Chapter A.2.1 --- Asymmetric Reversible Parametric Sequence and En- cryption Configuration Parameters --- p.47 / Chapter A.2.2 --- Bulk Data Encryption and Decryption --- p.48 / Chapter A.2.3 --- Entire Data Encryption and Decryption --- p.49 / Chapter A.3 --- Secure Proxy Architecture --- p.49 / Chapter A.3.1 --- Proxy-Server Connection --- p.49 / Chapter A.3.2 --- ARPS and ECP --- p.49 / Chapter A.3.3 --- Initial Sever Encryption --- p.50 / Chapter A.3.4 --- Proxy Re-Encryption --- p.51 / Chapter A.3.5 --- Client Decryption --- p.51 / Bibliography --- p.52

Data encryption (Computer science)

Computer networks--Security measures

Web servers--Security measures

Multimedia systems

TCP Connection Management Mechanisms for Improving Internet Server Performance

Shukla, Amol

January 2005

This thesis investigates TCP connection management mechanisms in order to understand the behaviour and improve the performance of Internet servers during overload conditions such as flash crowds. We study several alternatives for implementing TCP connection establishment, reviewing approaches taken by existing TCP stacks as well as proposing new mechanisms to improve server throughput and reduce client response times under overload. We implement some of these connection establishment mechanisms in the Linux TCP stack and evaluate their performance in a variety of environments. We also evaluate the cost of supporting half-closed connections at the server and assess the impact of an abortive release of connections by clients on the throughput of an overloaded server. Our evaluation demonstrates that connection establishment mechanisms that eliminate the TCP-level retransmission of connection attempts by clients increase server throughput by up to 40% and reduce client response times by two orders of magnitude. Connection termination mechanisms that preclude support for half-closed connections additionally improve server throughput by up to 18%.

Computer Science

TCP

Server Performance

Flash Crowds

Web Servers

TCP Connection Management