1 securing the frisbee multicast disk loader robert ricci, jonathon duerig university of utah
TRANSCRIPT
![Page 1: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/1.jpg)
1
Securing the Frisbee Multicast Disk Loader
Robert Ricci, Jonathon Duerig
University of Utah
![Page 2: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/2.jpg)
2
What is Frisbee?
![Page 3: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/3.jpg)
3
Frisbee is Emulab’s tool to install whole disk images from a
server to many clients using multicast
![Page 4: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/4.jpg)
4
What is our goal?
![Page 5: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/5.jpg)
5
Motivation
Frisbee was developed for a relatively trusting environment Existing features were to prevent accidents
Changing Environment More users More sensitive experiments More private images
![Page 6: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/6.jpg)
6
Security Goals
Confidentiality Integrity Protection Authentication
Ensure that an image is authentic Use cases
Public images Private images
![Page 7: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/7.jpg)
7
Our Contribution
Analyze and describe a new and interesting threat model
Protect against those threats while preserving Frisbee’s essential strengths
![Page 8: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/8.jpg)
8
Outline
Motivation Frisbee Background Threat Model Protecting Frisbee Evaluation
![Page 9: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/9.jpg)
9
Frisbee & Emulab
![Page 10: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/10.jpg)
10
Emulab
![Page 11: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/11.jpg)
11
Control Plane
![Page 12: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/12.jpg)
12
Frisbee’s Strengths
![Page 13: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/13.jpg)
13
Frisbee’s Strengths
Disk Imaging System General and versatile Robust
Fast Loads a machine in 2 minutes
Scalable Loads dozens of machines in 2 minutes
Hibler et al. (USENIX 2003)
![Page 14: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/14.jpg)
14
How Does Frisbee Work?
![Page 15: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/15.jpg)
15
Creation
Source
Frisbee Life Cycle
Installation
Targets
Fileserver
Distribution
Control Server
Storage
![Page 16: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/16.jpg)
16
Image Layout
Image is divide into chunks
Each chunk is independently installable Start receiving
chunks at any point Chunks are multicast
AllocatedBlocks
FreeBlocks
Source Disk
Header
CompressedData
Header
CompressedData
Stored Image
Chunk
![Page 17: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/17.jpg)
17
Outline
Motivation Frisbee Background Threat Model Protecting Frisbee Evaluation
![Page 18: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/18.jpg)
18
Potential Attackers
![Page 19: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/19.jpg)
19
Potential Attackers
Firewall Frisbee traffic can’t leave control network Forged Frisbee traffic can’t enter control
network Any attackers are inside Emulab
Compromised Emulab node Infiltrated Emulab server Emulab user
![Page 20: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/20.jpg)
20
Vectors for Attack in Emulab
Space Shared Multiple users on the testbed at the same time
Shared control network Frisbee runs on control network
No software solution to limit users Users have full root access to their nodes
![Page 21: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/21.jpg)
21
What do attackers want?
![Page 22: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/22.jpg)
22
What do attackers want?
Steal your data Malicious software (security research) Unreleased software (trade secrets)
Modify your image Denial of Service Add a backdoor
/etc/passwd ssh daemon
Tainting results
![Page 23: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/23.jpg)
23
Frisbee Weakpoints
![Page 24: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/24.jpg)
24
Frisbee Weakpoints
Targets
Fileserver
Steal &Modify
Control Server
Steal &Modify
Distribution
Installation
Storage
![Page 25: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/25.jpg)
25
How do the attacks work?
![Page 26: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/26.jpg)
26
Storage Attack
Images are stored on a common fileserver All users have shell access on this server Images are protected by UNIX
permissions Any escalation of privilege attacks
compromise images
![Page 27: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/27.jpg)
27
Distribution Attack
Emulab is space shared A single control network is used to
communicate with all nodes Join multicast group
No security protection in IP multicast Receive copies of packets Inject packets into stream
![Page 28: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/28.jpg)
28
Multicast
Targets
Frisbee Server
![Page 29: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/29.jpg)
29
Outline
Motivation Frisbee Background Threat Model Protecting Frisbee Evaluation
![Page 30: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/30.jpg)
30
Storage and Distribution Attacks
Two birds with one stone End-to-end encryption & authentication
Image creation: Encrypt & Sign Image installation: Decrypt & Verify Same techniques prevent both attacks
Distribution protocol remains identical
![Page 31: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/31.jpg)
31
Confidentiality
Encrypted at image creation Remains encrypted on fileserver
Decrypted only at image installation Details
Encryption algorithm: Blowfish Encrypt after compression
![Page 32: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/32.jpg)
32
Integrity Protection & Authentication Calculate cryptographic hash
Breaks backwards compatibility Sign hash using public-key cryptography
(RSA)
![Page 33: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/33.jpg)
33
Chunk by Chunk
Each chunk is self-describing
Hash & sign each chunk independently
CBC restarts at each chunk
Each header must have Digital Signature Initialization Vector
Header
EncryptedData
Header
EncryptedData
Chunk
Header
CompressedData
Header
CompressedData
![Page 34: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/34.jpg)
34
Image Authentication
Weakness Cut and paste attacks
Give each image a unique UUID and put that in chunk headers UUID is a 128 bit universal identifier Can be selected randomly
![Page 35: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/35.jpg)
35
Key Distribution
Through secure control channel Already part of Emulab Encrypted using SSL with well-known certificate TCP spoofing prevented by Utah Emulab’s network
setup No forged MAC addresses No forged IP addresses
Key can come from user Flexible policy for images
Not yet integrated into Emulab
![Page 36: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/36.jpg)
36
Outline
Motivation Frisbee Background Threat Model Protecting Frisbee Evaluation
![Page 37: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/37.jpg)
37
Experimental Procedure
Machine Specs 3 GHz Pentium IV Xeon 2 GB RAM
Measurement CPU time
Network and disk usage unaffected
Per chunk Typical Image has 300 chunks (300 MB)
![Page 38: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/38.jpg)
38
Performance
53.8
208.8
44.5
198.5
34.3
187.9
0 50 100 150 200 250
Install
Create
Time per chunk (ms)
Base
Signed Hash
Signed Hash +{En,De}cryption
![Page 39: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/39.jpg)
39
Conclusion
![Page 40: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/40.jpg)
40
Conclusion
Frisbee faces an unusual set of attacks Cause: Space sharing of infrastructure
Frisbee can be secured against these attacks Cost: An extra 6 seconds for an average
image
![Page 41: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/41.jpg)
41
Emulab
http://www.emulab.net
![Page 42: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/42.jpg)
42
![Page 43: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/43.jpg)
43
Preventing Disk Leakage
![Page 44: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/44.jpg)
44
Disk Leakage
Disks are time shared Frisbee is aware of
filesystem Does not write free blocks Old image will not be
completely overwritten
Another user could read the unwritten parts
![Page 45: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/45.jpg)
45
Fixing Disk Leakage
Zero out disks on next disk load
Implemented in Frisbee Much slower
![Page 46: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/46.jpg)
46
Comparison to Symantec Ghost
![Page 47: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/47.jpg)
47
![Page 48: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/48.jpg)
48
Image Creation (CPU per chunk)
Time
(ms)
Overhead (ms)
Overhead
(%)
Base 187.9
Signed Hash
198.5 10.5 5.6%
Signed Hash +
Encryption
208.8 20.9 11.1%
![Page 49: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/49.jpg)
49
Image Installation (CPU per chunk)
Time
(ms)
Overhead (ms)
Overhead
(%)
Base 34.3
Signed Hash
44.5 10.2 29.5%
Signed Hash +
Decryption
53.8 19.5 56.8%
![Page 50: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/50.jpg)
50
Disk Imaging Matters
Data on a disk or partition, rather than file, granularity
Uses OS installation Catastrophe recovery
Environments Enterprise Clusters Utility computing Research/education environments
![Page 51: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/51.jpg)
51
Key Design Aspects
Domain-specific data compression Two-level data segmentation LAN-optimized custom multicast protocol High levels of concurrency in the client
![Page 52: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/52.jpg)
52
Image Creation
Segments images into self-describing “chunks”
Compresses with zlib Can create “raw” images with opaque
contents Optimizes some common filesystems
ext2, FFS, NTFS Skips free blocks
![Page 53: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/53.jpg)
53
Image Distribution Environment
LAN environment Low latency, high bandwidth IP multicast Low packet loss
Dedicated clients Consuming all bandwidth and CPU OK
![Page 54: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/54.jpg)
54
Custom Multicast Protocol
Receiver-driven Server is stateless Server consumes no bandwidth when idle
Reliable, unordered delivery “Application-level framing” Requests block ranges within 1MB chunk
![Page 55: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/55.jpg)
55
Client Operation
Joins multicast channel One per image
Asks server for image size Starts requesting blocks
Requests are multicast
Client start not synchronized
![Page 56: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/56.jpg)
56
Client Requests
Request
![Page 57: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/57.jpg)
57
Client Requests
Block
![Page 58: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/58.jpg)
58
Tuning is Crucial
Client side Timeouts Read-ahead amount
Server side Burst size Inter-burst gap
![Page 59: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/59.jpg)
59
Image Installation
Pipelined with distribution Can install chunks in any
order Segmented data makes
this possible
Three threads for overlapping tasks
Disk write speed the bottleneck Can skip or zero free blocks
Decompression Disk Writer
Blocks Chunk
Distribution
DecompressedData
![Page 60: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/60.jpg)
60
Evaluation
![Page 61: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/61.jpg)
61
Performance
Disk image FreeBSD installation used on Emulab 3 GB filesystem, 642 MB of data 80% free space Compressed image size is 180 MB
Client PCs 850 MHz CPU, 100 MHz memory bus UDMA 33 IDE disks, 21.4 MB/sec write speed 100 Mbps Ethernet, server has Gigabit
![Page 62: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/62.jpg)
62
Speed and Scaling
![Page 63: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/63.jpg)
63
FS-Aware Compression
![Page 64: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/64.jpg)
64
Packet Loss
![Page 65: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/65.jpg)
65
Related Work
Disk imagers without multicast Partition Image [www.partimage.org]
Disk imagers with multicast PowerQuest Drive Image Pro Symantec Ghost
Differential Update rsync 5x slower with secure checksums
Reliable multicast SRM [Floyd ’97] RMTP [Lin ’96]
![Page 66: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/66.jpg)
66
Ghost with Packet Loss
![Page 67: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/67.jpg)
67
How Frisbee Changed our Lives(on Emulab, at least) Made disk loading between experiments
practical Made large experiments possible
Unicast loader maxed out at 12 Made swapping possible
Much more efficient resource usage
![Page 68: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/68.jpg)
68
The Real Bottom Line
“I used to be able to go to lunch while I loaded a disk, now I can’t even go to the bathroom!”
- Mike Hibler (first author)
![Page 69: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/69.jpg)
69
Conclusion
Frisbee is Fast Scalable Proven
Careful domain-specific design from top to bottom is key
Source available at www.emulab.net
![Page 70: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/70.jpg)
70
![Page 71: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/71.jpg)
71
Comparison to rsync Timestamps not robust Checksums slow Conclusion: Bulk writes beat
data comparison
0 50 100 150 200
Frisbee:Write
rsync:Checksum
rsync:Timestamps
Seconds
![Page 72: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/72.jpg)
72
How to Synchronize Disks
Differential update - rsync Operates through filesystem + Only transfers/writes changes + Saves bandwidth
Whole-disk imaging Operates below filesystem + General + Robust + Versatile
Whole-disk imaging essential for our task
![Page 73: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/73.jpg)
73
Image Distribution Performance: Skewed Starts
![Page 74: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/74.jpg)
74
Future
Server pacing Self tuning
![Page 75: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/75.jpg)
75
The Frisbee Protocol
ChunkFinished?
More ChunksLeft?
Wait forBLOCKs
OutstandingRequests?
SendREQUEST
Start
Finished
NoBLOCK
ReceivedYes
Yes
Yes
Timeout
No
No
![Page 76: 1 Securing the Frisbee Multicast Disk Loader Robert Ricci, Jonathon Duerig University of Utah](https://reader038.vdocument.in/reader038/viewer/2022110320/56649cab5503460f9496ccd0/html5/thumbnails/76.jpg)
76
The Evolution of Frisbee
First disk imager: Feb, 1999 Started with NFS distribution Added compression
Naive FS-aware
Overlapping I/O Multicast30 minutes down to 34 seconds!
0
200
400
600
800
1000
1200
1400
1600
1800
2000
GenerationS
eco
nd
s