SIBRA: Scalable Internet Bandwidth Reservation Architecture

TL;DR

SIBRA introduces a scalable, stateless bandwidth reservation system that effectively counters DDoS attacks, supports dynamic leased lines, and operates efficiently at routers, transforming inter-domain resource management.

Contribution

The paper presents SIBRA, a novel architecture for scalable, inter-domain bandwidth reservation that is botnet-size independent and enables efficient, stateless operations for DDoS mitigation.

Findings

Demonstrates full implementation of SIBRA with efficient router operation.

Shows SIBRA's effectiveness against large-scale DDoS attacks.

Introduces DILLs for new ISP business models.

Abstract

This paper proposes a Scalable Internet Bandwidth Reservation Architecture (SIBRA) as a new approach against DDoS attacks, which, until now, continue to be a menace on today's Internet. SIBRA provides scalable inter-domain resource allocations and botnet-size independence, an important property to realize why previous defense approaches are insufficient. Botnet-size independence enables two end hosts to set up communication regardless of the size of distributed botnets in any Autonomous System in the Internet. SIBRA thus ends the arms race between DDoS attackers and defenders. Furthermore, SIBRA is based on purely stateless operations for reservation renewal, flow monitoring, and policing, resulting in highly efficient router operation, which is demonstrated with a full implementation. Finally, SIBRA supports Dynamic Interdomain Leased Lines (DILLs), offering new business opportunities for ISPs.