Can SDN controller based NSCs help improve user experience of

Can SDN controller based NSCs help improve user
experience of online games?
Capstone Research Paper
April 30, 2015
Faculty Advisor:
Mark Dehus
Professor
University of Colorado Boulder
Shrinidhi Bhat
Gauri Kanitkar
Pavithra Kannan
Sandeep Nair
Interdisciplinary Telecom Program
University of Colorado Boulder
Industry Advisor:
Scott Hogg
CTO
Global Technology Resource Inc.
week. Out of these respondents, 68% of online gamers play
every day [Fig1][2].
Abstract - Latency is an important aspect that affects online
gaming traffic. According to a survey that we conducted, 71%
of gamers claimed that their gaming experience is affected by
latency issues. One way of mitigating latency is by changing the
way traffic is prioritized in data centers. In our research, we
have implemented Software Defined Networking (SDN) based
network service chaining (NSC) on VMware platform. We
have built a virtualized service chain that can be deployed in
any data center architecture in order to improve the latency
issues faced by online gamers. This NSC improves uptime of
gaming servers by securing them against SYN flood Denial of
Service (DoS) and Distributed Denial of Service (DDoS) attacks
using a Python code. Our innovation lies in successfully
implementing an OpenDayLight (ODL) SDN controller to
manage an Open vSwitch (OVS) installed on a Virtual
Machine (VM) and dynamically adding flows to allow and
deny traffic. We have also proposed two Peer-to-Peer (P2P)
architectures that would help reduce latency and enhance user
gaming experience. Thus, through our research we have
innovatively implemented an SDN based secured NSC on a
VMware platform and proposed new P2P gaming
architectures as a solution to improvise how gaming traffic is
served in data centers.
Fig. 1. Frequency at which online games are played [Survey Result] [2]
Keywords - SDN; ODL; OVS; latency
I.
INTRODUCTION
77% of respondents invest more than an hour in a
gaming session [Fig2][2]. These statistics reiterate the fact
that the online gaming industry has a very high demand. This
makes it essential that user experience for online games is
should be improved in order that this industry keeps at par
with its increasing requirement for high quality.
A. Statement of the Problem
Online gaming is a popular form of entertainment. The
online gaming industry has grown steadily over the past
decade [1]. According to an online survey that we conducted,
52% of respondents play online games multiple times a
1
concentrated on prioritizing the service of gaming traffic
entering into a data center over any other type of traffic.
We have built a Network Service Chain by chaining
different network elements. The service chain that we have
built is fully virtualized and is implemented on a VMware
ESXi 5.5 hypervisor [3] [Fig5]. We have separated
management and data traffic flowing through the inherent
VMware vDistributed Switch (vDS). We have configured
our virtual network such that the OVS switches the data
traffic flowing through the VMware hypervisor while vDS
switches the management traffic. The service chain consists
of different network components like a data center entry
point router, a data scrubber that sniffs traffic, an Open
vSwitch 2.3.1, an SDN controller (OpenDayLight – Helium),
and content distribution servers. These network functions are
implemented on separate virtual machines that are
configured to form a network service chain. The traffic from
the entry point router is port mirrored into the data scrubber
and the OVS. The scrubber then sniffs packets to identify
latency sensitive traffic and provides XML input to ODL
which is used to create flows. ODL pushes flows tagged as
high priority into the OVS. OVS plays the most important
role in switching the traffic such that latency sensitive traffic
gets the highest priority. Thus, through our research we have
innovatively implemented an SDN based network service
chain on a VMware platform as a solution to improve the
way latency sensitive traffic is serviced in a data center. We
have stated the results of the same in section IV.
Fig. 2. Length of online gaming sessions [Survey Result] [2]
User experience of online games depends upon a number
of factors. Some of the major factors are latency, blurry
graphics, session loss, and bandwidth congestion. Our survey
revealed that 71% of respondents believed that their user
experience suffered due to latency issues [Fig3][2]. Online
gaming traffic is extremely sensitive to latency. For example,
in a First Person Shooter [FPS] game, if there is lag between
a gamer shooting a bullet at his/her target, the bullet might
reach its target after the target has moved. This would
drastically affect user gaming experience.
Another critical problem that can mar user gaming
experience is downtime of gaming servers. A data center
hosting gaming servers can face downtime caused due to
DoS or DDoS attacks. Through our NSC, we have also built
a mechanism to block SYN flood DoS and DDoS attempts
directed to internal servers thereby guaranteeing a prolonged
uptime and enhanced user experience. SYN flood DoS attack
affects hosts that are running TCP server processes [4]. The
SYN flood method exploits the state retention feature of TCP
after a SYN packet has been received on a port that has been
put into LISTEN state [4].
In our research, we have also conducted a qualitative
analysis to propose a peer-to-peer (P2P) gaming architecture.
As per our survey results, 56% respondents prefer to play
online games with friends [Fig4][2]. Therefore, in this
research paper, we propose a P2P gaming architecture for
gamers who wish to play with known contenders within
vicinity and a cloud based P2P server model for known
contenders who are located in remote locations. This gaming
model aims at improving the gaming experience of its
participants by building a P2P tunnel between two or more
known gamers.
Fig. 3. Issues faced by gamers while playing online games [Survey
Result] [2]
B. Research Question
It is necessary to mitigate the latency observed for
gaming traffic in order to enhance user gaming experience.
In our research, we have defined our scope to mitigate
latency for gaming traffic once it enters a data center
environment where gaming servers are located. Different
types of traffic enter into data centers depending on the
content that is hosted on the servers. In our research, we have
2
used) and created flows on ODL controller to allocate
priority for gaming traffic.
Many companies are providing virtual services like
Amazon’s EC2 [8], S3 [9], Route 53 [10] and Microsoft’s
Azure [11]. These services can be expanded or reduced as
per the user’s requirement. This ensures optimum usage of
network resources. Microsoft Azure’s white paper explains
the implementation of network security by customer
infrastructure isolation [11]. Network security is
accomplished in Azure using a distributed virtual firewall
[11]. Our research aims at achieving network security by
mitigating SYN flood based DoS and DDoS attacks. A
python code on the scrubber checks the packets for SYN
flood based DoS and DDoS attacks and mitigates it by
creating a flow with implicit deny for such packets in the
controller.
Fig. 4. User choice for who they like to play online games with [Survey
Result] [2]
In this research paper, section II summarizes the
literature review that we conducted for this research. In
section III, we define the research methodology that was
adopted during this research; section IV and V states the
results and conclusions drawn from performance analysis
tests of the NSC that we built. Section VI concludes and
describes ideas for future research.
II.
Massive networks are often adversely affected by DoS
and DDoS attacks. Security issues associated with SDN
networks is identified in [12]. SDN networks are more
flexible but with flexibility comes vulnerability. Some of
the vulnerabilities for SDN controllers include intrusion and
Distributed Denial of Service (DDoS) attacks [12]. This
paper also suggests various techniques to identify and
mitigate these attacks. The mitigation measures suggested
include machine learning techniques such as Neural
Networks, Bayesian Network, Support Vector Machine,
Genetic Algorithm and Fuzzy Logic. In our research, we
have implemented SYN flood based DoS and DDoS
mitigation using a python code. The code is used for
detection of TCP SYN packets received above a certain
threshold value within a particular time interval. These
packets are dropped by the OVS via a deny flow. Thus, DoS
and DDoS attacks are detected and no traffic is allowed to
flow through the network.
LITERATURE REVIEW
Packet prioritization is an important parameter which
needs to be considered for gaming networks. Delay in
gaming traffic affects the user’s gaming experience. A
relation between game-playing time and network QoS is
explained in [5]. The existing state of the art for addressing
this problem is explained briefly in [6]. It uses a
combination of statistical multiplexing and QoS is used to
aggregate multiple flows and prioritize the bundle [6].
Resource reservation is performed for this aggregate [6]. In
our research, we have prioritized the packets depending
upon flow priority. We have created a single flow on the
ODL for similar type of packets. A single flow for the
aggregate makes prioritization easier and less time
consuming.
Latency issues are of high concern in online games
which use client-server architecture. It can be reduced using
peer-to-peer communication. A process known as UDP hole
punching is explained in [13]. Using UDP hole punching, a
peer-to-peer tunnel is set up between multiple users
avoiding further communication with centralized server
[13]. The process of UDP hole punching is related to section
5.1 of RFC 3027 [14]. In this process, the users register to a
centralized server using connect messages. The server then
shares the IP address and port number of a user to all the
other peers. Thus, users can form a peer-to-peer tunnel
based on this information thus eliminating the need of
centralized server for further communication. In our
research, we propose using a SDN controller which gathers
this information and helps in the formation of a peer-to-peer
tunnel.
Virtualization of network devices has changed the
perception of network design and implementation. The
current state of art is explained briefly in [7]. The paper
introduces the concept of “Hypernet gaming” which is a
term coined for games that run on dynamically deployed
SDN game servers [7]. These game servers are optimally
deployed depending on the requirement of gaming servers.
The requirements mentioned are the number of gamers
simultaneously connected to the gaming server and also, the
graphics of the game being played [7]. Dynamically
deploying game servers reduces latency. In our research, we
are reducing delay in online gaming by using an SDN-based
network architecture. We have sniffed gaming traffic from
online multiplayer games to analyze their packets (ports
All client-server architectures involve high latency as
compared to direct client-client communication. The paper,
“Peer-to-peer support for low-latency Massively
3
Multiplayer Online Games in the cloud”, proposes the use
of cloud server in order to distribute the functionality of the
gaming servers and avoid the client-server model [15]. The
cloud center can act as a distributed gaming server and serve
the gaming requests. This can reduce the RTT for the
gaming traffic. To achieve peer-to-peer based Massively
Multiplayer online games, the list of factors to be taken care
of is discussed in [16]. It explains the need to distribute the
gaming data on multiple gamer’s devices keeping the game
consistent. In our qualitative analysis, we also propose the
importance of these requirements for setting up a P2P tunnel
for online gaming.
III.
OVS and the Server [Fig6][2]. On ‘Clients’ portgroup of the
same, we have Client and Router; and on
‘InternalPortgroup1’ portgroup we have Router, OVS and
Data Scrubber [Fig6][2].
RESEARCH METHODOLOGY
A. Reducing latency through QoS
In order that online gaming traffic suffers minimal
latency, we have implemented an NSC on a VMware based
platform. We have used VMware ESXi 5.5 as the hypervisor
and VMware vSphere 5 for management purposes. The
service chain consists of the following components [Fig5] –
i.
Client VM (Windows 8.1)
ii.
Server VM (Windows 8.1)
iii.
VM acting as router (running CentOS minimal)
iv.
Open vSwitch 2.3.1 on VM running CentOS minimal
v.
OpenDayLight Helium
vi.
VM acting as data scrubber (running CentOS minimal)
Fig. 6. Virtualized Network Diagram
The router is the entry point of the virtualized data center.
We have implemented routing capability on the router by
enabling IP forwarding. A Windows 8.1 machine acting as
client is connected to the router. For our research, we have
implemented the client VM on the virtual environment. In
the real world, these clients would lie in the publicly routable
world and will be routed to the data center via the internet. In
order to emulate real world in our proof of concept, we have
implemented NAT on the router VM. The client, therefore,
has a private IP that can reach the data center by first getting
a new (publically routable) IP with the help of the NAT
functionality on the router.
In order to play online games, users need to connect to a
gaming server in their vicinity. Thus, they need to form a
TCP connection with that gaming server. Different games
use different ports for this purpose [17]. Thus, when a client
(user) tries to connect to a gaming server in the data center, it
is actually forming a TCP session with the gaming server. In
our research, we analyzed the packets for the online game
World of Warcraft (WOW) [18]. WOW uses port 1119 for
TCP connections with its users [17]. Thus, gaming traffic
can be identified by the destination port specified in the
traffic frame. Similarly, a user might be accessing other data
in the data center; for example, a social networking site. As
the data center serves traffic in a random manner, latency
sensitive traffic like gaming traffic is not given priority. In
our research, we have deduced that if traffic destined towards
the gaming server is prioritized over other types of traffic,
like the HTTP traffic, then the latency experienced by
gamers can be reduced.
Fig. 5. VMware based NSC
As shown in figure 6, we have implemented our
architecture on the vDS of VMware vSphere. We
constructed two vDS – the first one, vDS1, has uplinks
connected to the actual physical Network Interface Card
[NIC] and the other vDS, vDSInternal, has no uplinks
specified [Fig6]. Thus, the second vDS is an ‘internal’
switch.
We used an SDN controller – ODL and an OVS to give
priority to gaming traffic entering a data center. In our
implementation, we installed the OVS on a VM on the
VMware ESXi hypervisor. In order to achieve traffic
chaining, we separated data traffic and management traffic
such that the data traffic was switched via the OVS while the
management traffic was switched through the vDs. We built
The vDS1 has the following VMs connected to its
‘Production’ portgroup – Router, ODL Helium, OVS, and
Data Scrubber [Fig6][2]. The vDSInternal has the following
VMs connected to the ‘InternalPortgroup2’ portgroup –
4
two bridges on the OVS and attached one Ethernet interface
of the OVS VM to each bridge. After establishing the virtual
network, we inserted flows into the OVS that gives priority
to gaming traffic. These flows are inserted by the ODL after
being inspected by the Python code on the data scrubber
VM. The flows inserted on OVS are present on Github [19].
Data scrubber receives all the packets that are coming
into the network. We have also connected the data scrubber
to the ODL controller. Two python programs run in the
background on Data Scrubber:
We gave a higher priority to TCP traffic destined towards
gaming port 1119 (WOW traffic) over the TCP traffic
destined towards port 80 (HTTP traffic). We conducted
experiments to test this setup and noted the results in section
IV.
1.
Code to install
(Program1)
flows
into
ODL
controller
2.
Code to detect SYN Flood based DoS and DDoS
attacks. Delete the respective flows from ODL
controller which would have allowed the packets
belonging to DDoS attacks to the concerned server.
Create a deny flow on OVS by ODL (Program2).
B. Mitigating SYN Flood DoS and DDoS protection
We ran program 1 continuously in the background on
Data Scrubber to match the incoming packets to unique
combination of [destination IP, destination port] so as to
create flows on the ODL for the servers that are located
within the Datacenter. These unique combinations are
created based on a file received from OVS which has server
to open port mappings. We have an HTTP server [X.X.X.X
IP, 80 port] and Gaming server in the Datacenter [Y.Y.Y.Y
IP, 1119 port]. Therefore, we have checked for these two
combinations in the Python code using the sniff function
provided by SCAPY module and two flows were created for
these two combinations. We have not considered source IP
and Source port when we create flows on ODL because it
decreases the number of flows required to allow traffic
through to the server. We have used SCAPY module of
Python to capture incoming packets with these two
combinations. SCAPY is an Open Source network
programming language and is based on Python [20]. Other
packet capture tools that could have been used are
TCPDUMP and Wireshark. We used SCAPY, because it
provided us objects with which we can work to make “if
else” decisions in lesser lines of code. For example “a=sniff
(function)” stored the packets that were caught within the
object “a”. “a.sprintf” function was then used to make “if
else” decisions. Here “sniff” and “sprint” are functions
within the SCAPY module.
Servers hosted inside data centers are vulnerable to DoS
and DDoS attacks. This reduces the uptime for the services
hosted on these servers. To mitigate this issue, we have
implemented an ODL SDN Controller in our Data Center
which allows legitimate traffic through the OVS and detects
SYN flood based DoS and DDoS attacks. We have installed
flows on ODL with respect to OVS in order to allow traffic
through to servers within the data center. Flows are installed
from Data Scrubber VM on Helium ODL using the REST
API provided by Helium ODL. We have created flows which
are uniquely identified using a combination of destination IP
and destination port.
A Python code is run in the form of a cron job, every ten
minutes, on the OVS VM which detects the open ports on
different internal servers using the nmap utility in linux. It
creates a file which contains mapping of the server to its
open ports and compares it to the file created ten minutes
ago. If there was a change in the file it means that new ports
have been opened or closed on servers or servers have been
added or removed from the internal network. According to
this information, the filter for sniffing traffic is adjusted, so
that if a packet is received for any open port on any of the
internal servers, a flow can be created by ODL on OVS for
this packet to be allowed through to the server. Hence, the
flow creation is dynamic in nature. The code for sniffing
traffic and creating flows is explained in a later section.
For http and gaming packets, we created XML files with
hard coded values, which were: URN, flow-id, table-id,
priority, Hard-timeout, idle-timeout, and ipv4-destination.
These XML files denote flows that have been created on the
ODL controller. The code passes the XML files as input to
the CURL command which inserts flows into ODL
controller [Fig7]. This was done only for the first packet that
we received for a unique combination of destination port and
destination IP. The subsequent packets for this combination
does not create a flow on the ODL controller. This was
achieved by doing a wget to the ODL controller to obtain the
existing flows and compare the incoming packets to check if
a flow already exists or needs to be created.
We have also monitored incoming traffic to servers for
preventing any SYN Flood based DoS and DDoS attacks on
servers. We have done this by removing the existing flow on
ODL controller to the server which would be under SYN
Flood based DDoS attack. If a SYN flood based DoS attack
is detected then a deny flow is installed on the OVS by ODL.
Since the flows allowing traffic to the servers are identified
by a unique combination of destination port and destination
IP, the servers can be protected from SYN Flood based
DDoS by removing the flow which allows traffic to the
server. The servers can be protected from SYN flood based
DoS attack by creating a deny policy with source IP as the IP
address of the client which is detected to have performed the
SYN flood based DoS attack.
5
C. Reducing latency through P2P architecture
In order to improve online gaming user experience, we
performed qualitative analysis of different network
architectures that can reduce latency. Identifying which type
of gaming architecture is useful to a user depends upon
several parameters such as which type of online game does
the user play, whom does the user like to play it with, and
how geographically apart are the users located. Moreover,
modification to the gaming architecture requires
compatibility with user’s gaming device’s hardware
specifications and the availability of internet resources.
Hence, it is important to know the device’s CPU and
memory specifications, the user’s internet speed and the
availability of a graphics card. In order to identify the current
trend of games played and the existing hardware possessed
with the users, we conducted an online survey targeted
towards online gamers. We used “SurveyMonkey” for
creating the survey. The survey was published on social
media websites such as Facebook (Gaming groups) and
Twitter (Gaming league pages). After analyzing the survey
results and based on the research on P2P architectures, we
proposed two types of gaming architectures for decreasing
latency. They are hole punching and peer-to-peer in cloud.
Fig. 7. DoS and DDoS SYN flood mitigation
SYN flood based DoS and DDoS attacks can cause loss
of income and damage of reputation for companies hosting
services on servers. We have used Ostinato tool to generate a
SYN flood based DoS and DDoS attack. It is an open source
packet generator tool. We generated a SYN flood DoS attack
pattern, by generating 500 SYN packets from a client VM
destined for server VM on port 80. We generated a SYN
flood DDoS attack pattern, by generating 1000 SYN packets
simultaneously from two client VMs destined for the same
server on port 80.
We have used a separate Python program (program 2)
running in the background to catch any SYN Flood based
DoS and DDoS attacks. The program catches these attacks
for all (IP, port) combinations that exist within our internal
server network. The sniff function of SCAPY module had a
count of 500 packets for the unique combination of
destination IP and destination port coming from a unique
source IP for detecting SYN flood based DoS attack. For
detecting a SYN flood based DDoS attack, SCAPY module
had a count of 2000 packets for the unique combination of
destination IP and destination port. We used an arbitrary
count for triggering a situation which suggested a SYN
flood DoS and DDoS attack.
The python code ran only for a specific time period
which can be set according to the definition of SYN Flood
DoS and DDoS attack that we are considering. For example,
if a DoS SYN flood attack is defined by 500 SYN packets
per second to a particular server, then the python code will
run for every one second and the threshold count will be 500
in the sniff function. If a DoS attack occurs with rate greater
than 500 SYN packets per second then the python code will
capture it and create a deny flow for this [destination IP,
destination port, source IP] combination on ODL controller.
This flow will then be pushed to the OVS. Similarly, to
mitigate SYN flood DDoS attack, if 2000 SYN packets
arrive per second for a particular combination of
[destination IP, destination port] then the existing flow for
this combination will be deleted from OVS so that no traffic
is allowed through to the server. As a result, a SYN flood
DoS and DDoS attack will be mitigated and would protect
the server from being compromised thus maintaining the
server uptime.
Before hole punching, the user requests for playing
online game starts with a connect message to the gaming
server. Through this connect message, the gaming server
collects information about public IP address and port number
of the users. The gaming server can forward this information
to the SDN controller to analyze the user details and
accordingly insert flows on the user’s NAT router to punch a
hole and form a peer-to-peer tunnel between the users public
IP address. After hole punching, the user request will be
forwarded directly to the peer, thereby reducing latency. This
approach is beneficial when the users are in close vicinity.
In client-server model, the entire game is accessed from a
distant server. In cases where the users are far from each
other, accessing information from a single distant server can
lead to latency issues in online gaming. In order to overcome
these delay issues, based on our qualitative analysis we
suggest implementing a peer-to-peer in cloud architecture as
described in [2]. The user requests for the game can be
forwarded to the centralized game server. The centralized
game server can provide input to the analysis engine which
will determine the need of the peer-to-peer in cloud
architecture. This analysis engine will then provide the
details of the user to the SDN controller. The SDN controller
will then locate the nearest cloud server for the user and
insert flows in the cloud server to build P2P tunnel. Thus, the
cloud servers can form P2P tunnel between themselves to
exchange data.
As per our qualitative analysis, the user device in P2P
gaming architecture needs to support consistency of data
6
among users which requires CPU intensive operations. As
there is no centralized gaming server to do this, the user
device should have faster and better CPU processors and
RAM memory to share the load [17]. In order to achieve
scalability in P2P architecture, the users need to send update
messages to each other [17]. Having P2P tunnels and cloud
servers that are closer to the user can reduce the latency in
sending these updates.
IV.
multiplayer games as opposed to single player game
[Fig4][2]. About 56% of the respondents enjoy playing
games with friends in vicinity and around 48% of them enjoy
playing with friends in different geographic locations
[Fig4][2]. Thus, we have a high number of respondents who
would appreciate a P2P tunnel which can decrease latency in
online gaming.
As per the qualitative analysis performed for identifying
P2P architecture that can reduce the latency for online
gaming, we propose two types of gaming architectures. For
players who want to play in the same city, we can implement
a process known as ‘hole punching’ so that the players can
communicate with each other over a P2P tunnel. For players
who enjoy playing with players in different cities, we
propose using P2P in cloud architecture.
RESEARCH RESULTS
For testing our setup for QoS, we established two parallel
TCP connections from the client to the server. The server
listened on ports 1119 and 80. We used iperf tool to transmit
packets from client to server to both these ports for a fixed
period of time [21]. Once the transmission was complete, we
measured the number of packets that were processed through
the OVS. We found out that in each run, more number of
packets with destination port 1119 (gaming packets) were
transmitted than the ones with destination port as 80. We
have plotted the graph of number of packets processed with
default and specific priority for ports 1119 and 80.
Fig. 9. RAM capacity of user’s device [Survey Result] [2]
Fig. 8. Research results for QoS flow prioritization
Figure 8 explains that when traffic destined for ports
1119 (WOW traffic) and 80 (HTTP traffic) had default
priorities (32768), the number of packets processed for both
on OVS were random. Thus, the latency with respect to both
these ports was random. However, when port 1119 was
given a higher priority (50000), the number of packets
processed on OVS for it were higher than for port 80. Hence,
there was a definite decrease in latency for packets destined
to port 1119.
Fig. 10. CPU model of user’s device [Survey Result] [2]
We were able to detect the adding or removing of servers
within our internal network and adding or removing of open
ports on servers to create flows dynamically on the OVS by
ODL. We could mitigate SYN flood based DoS and DDoS
attacks using the data scrubber.
In order that the gamers PC can support P2P models, we
observed results of the current hardware possessed by them.
88% of the respondents have more than or equal to 4GB of
RAM and about 3/4th of the respondents have processors
better than Intel i3 and AMD A6 [Fig9][Fig10][2]. About
45% of the respondents had external video graphics card
which will help to enhance the graphics of the game [2]. In
terms of internet connectivity, 38% of respondents have
more than 10Mbps of internet subscription [2].
The observation from survey results suggest that 77% of
the survey respondents play more than one hour per gaming
session [Fig2][2]. 85% of the respondents like to play
7
V.
DISCUSSION OF RESULTS
Through our research, we are able to add flows to the
ODL dynamically. As a result, a network administrator does
not need to create flows on the OVS through ODL when a
new server is provisioned or a new port is opened on an
existing server in the data center. The data scrubber analyzed
the incoming traffic inserted flows with high priority into the
OVS. This helped in reducing latency for the gaming traffic.
By having a correlation between the incoming traffic and the
destination ports opened on the servers, we were able to
allow and deny flows on the OVS. This inherently acted as a
security feature and helped us in mitigating the SYN flood
DoS and DDoS attacks.
Based on the survey results, we concluded that most of the
respondents would appreciate having a P2P tunnel for
playing multiplayer online games. Also, the two methods of
building P2P tunnel between gamers will reduce latency with
respect to every gaming request.
VI.
Link
to
the
survey
[Online].
Available:
https://www.surveymonkey.com/summary/WOO_2FE7665HDOw7_
2FQE9eKTcV_2F0ke3WCHy93xiktoe0i8_3D
[3]
“vSphere
5.5
Release
Notes,”
https://www.vmware.com/support/vsphere5/doc/vsphere-esx-vcenterserver-55-release-notes.html, 07-Apr-2015. [Online]. Available:
https://www.vmware.com/support/vsphere5/doc/vsphere-esx-vcenterserver-55-release-notes.html. [Accessed: 25-Apr-2015].
[4]
W. Eddy, “RFC 4987 - TCP SYN Flooding Attacks and Common
Mitigations,”
Aug-2007.
[Online].
Available:
https://tools.ietf.org/html/rfc4987. [Accessed: 25-Apr-2015].
[5]
K.Chen, P.Huang, C. Lei, "How Sensitive are Online Gamers to
Network Quality??" Communications of the ACM, vol. 49, no. 11, pp.
34-38, Nov 2006.
[6]
P. Ghosh, K. Basu, and S. Das, “A cross-layer design to improve
quality of service in online multiplayer wireless gaming networks,” in
Broadband Networks, 2005. BroadNets 2005. 2nd International
Conference on, Oct. 2005, pp. 813–822 Vol. 2
[7]
S. Huang and J. Griffioen, “HyperNet games: Leveraging SDN
networks to improve multiplayer online games,” in 2013 18th
International Conference on Computer Games: AI, Animation,
Mobile, Interactive Multimedia, Educational Serious Games
(CGAMES), 2013, pp. 74–78.
[8]
Programming Amazon EC2. O’Reilly Media, 2011. [Online].
Available: http://aws.amazon.com/ec2/
[9]
“Amazon Simple Storage Service.” [Online]. Available: http://aws.
amazon.com/s3/
CONCLUSIONS AND FUTURE RESEARCH
Through our research we successfully implemented a
method to reduce latency experienced by users playing
online games. We also implemented a way of increasing
security and mitigating downtime of gaming servers caused
due to malicious attacks like SYN flood based DoS and
DDoS. Finally, through our qualitative analysis we propose
two P2P gaming architectures which can possibly decrease
latency and enhance user experience.
[10] “Using Amazon Web Services for Disaster Recovery,” October 2014.
[Online].
Available:
https://media.amazonwebservices.com/AWS_Disaster_Recovery.pdf
In order to protect server from SYN flood based DDoS
attack, we have dropped this traffic on OVS by deleting any
flow that might allow this traffic through the OVS to the
server. Instead of this, SYN cookie method could be used,
where the data scrubber itself replies to SYN requests from
clients to verify if they are causing any SYN flood DDoS
attacks. The effect on performance of this method in an SDN
environment could be analyzed to experiment the
improvement in game performance.
[11] D. Chappell, “Introducing Windows Azure for IT Professionals.”
[Online].
Available:
http://download.microsoft.com/download/D/6/7/D670D322-5771409E-BF345B98496DEB0A/Microsoft_Press_ebook_Introducing_Azure_PDF.p
df
[12] J. Ashraf and S. Latif, “Handling intrusion and DDoS attacks in
Software Defined Networks using machine learning techniques,” in
Software Engineering Conference (NSEC), 2014 National, 2014, pp.
55–60.
For future research, our network service chain can be
made compatible with IPv6. Further, the two P2P
architectures that we have proposed can be practically
implemented to analyze whether they can effectively be
implemented to decrease latency experienced by users
playing online games.
[13] UDP
Hole
Punching.
[Online].
Available:
https://www.usenix.org/legacy/event/usenix05/tech/general/full_pape
rs/ford/ford.pdf
[14] M. Holdrege and P. Srisuresh, “RFC 3027 - Protocol Complications
with
the
IP
Network
Address
Translator,”
https://tools.ietf.org/html/rfc3027, Jan-2001. [Online]. Available:
https://tools.ietf.org/html/rfc3027. [Accessed: 25-Apr-2015].
VII. REFERENCES
[1]
[2]
[15] R. Suselbeck, G. Schiele, and C. Becker, “Peer-to-peer support for
low-latency Massively Multiplayer Online Games in the cloud,” in
2009 8th Annual Workshop on Network and Systems Support for
Games (NetGames), 2009, pp. 1–2.
A. Nijholt, T. Romao, and D. Reidsma, Advances in Computer
Entertainment: 9th International Conference, ACE 2012, Kathmandu,
Nepal, November 3-5, 2012, Proceedings. Springer, 2012.
[16] G. Schiele, R. Suselbeck, A. Wacker, J. Hähner, C. Becker, and T.
Weis, “Requirements of Peer-to-Peer-based Massively Multiplayer
Online Gaming,” in Seventh IEEE International Symposium on
8
Cluster Computing and the Grid, 2007. CCGRID 2007, 2007, pp.
773–782.
[17] “Configuring Router and Firewall Ports - Battle.net Support,” 23Apr-2015.
[Online].
Available:
https://us.battle.net/support/en/article/configuring-router-and-firewallports. [Accessed: 25-Apr-2015].
[18] “World of WarCraft.” [Online]. Available: http://us.battle.net/wow/
[19] Github code. [Online].
CAPSTONE/Capstone
Available:
https://github.com/CU-ITP-
[20] “Scapy,” http://www.secdev.org/projects/scapy/, Aug-2007. [Online].
Available: http://www.secdev.org/projects/scapy/. [Accessed: 25Apr-2015].
[21] “Iperf - The TCP/UDP Bandwidth Measurement Tool,”
https://iperf.fr/. [Online]. Available: https://iperf.fr/. [Accessed: 25Apr-2015].
9