Credit-based Network Management Jilong Wang Tsinghua National Lab. for IS&Tech Network Research Center Tsinghua University Email: wjl@cernet.edu.cn Dah Ming Chiu Information Engineering Department The Chinese University of Hong Kong Email: dmchiu@ie.cuhk.edu.hk John C.S. Lui Computer Science & Eng. Department The Chinese University of Hong Kong Email: cslui@cse.cuhk.edu.hk Abstract—Increasingly, a computer network administrator’s job is pre-occupied with user behavioral problems rather than physical failures of network and system components. A small number of malicious users can cause problems that affect a large number of users; more often, by not following proper procedures a user may let his/her system be used by malicious users; and there are various other misuses that all leave the network in a state of the tragedy of the commons. In this paper, we introduce the concept of credit-based networking - borrowing ideas from financial management and adapting them to network management. We first focus on a campus network by studying concrete scenarios of how credit-based network management can be applied. We then discuss how the concept is generally applicable to managing network behaviors as well by applying it to managing ISP peering relationships. We argue that the cascading effect of credit-based network management can enhance network management efficiency and improve the global network environment we all live in. I. Introduction Nowadays, computer network administrators are facing in- creasing challenges. The job of managing the network is no longer limited to learning about new technologies, upgrading software and hardware components, replacing broken equip- ments and such routine network management tasks. The new headaches are often caused by user behavioral problems. For example, all sizeable networks get various security attacks on a routine basis. The methods for defense are mostly remedial: first find out where the security hole is, then download some patches to close the security hole. Currently, there is no strong deterrent against people who instigated the attacks because they are hard to catch; and no deterrent against people who open up security holes to be exploited either because they can only be accused of being negligent. Another type of behavioral problem is concerned with excessive use of network resources, to the extent causing service outage for other users. This type of scenario is quite common with the advent of various P2P content distribution applications. If the network capacity cannot be justifiably increased, then this becomes a network administrator’s nightmare. Some network protocol designers are sensitive to these seemingly social issues. They design protocols to promote fair resource allocation to users, to the extent possible; they design systems to be difficult for malicious users to take advantage of; and in some protocol designs, mechanism design theory is used to build incentive for the software to do the socially acceptable thing. Yet in network management literature, there is little discussion about how to effectively manage user behavioral problems. When faced with real users who do react to incentives, there is hardly any positive reinforcement for good behavior. In fact, authors in[8] suggest that how to manage user behavior is one of the most important challenges in network management. The thesis of this paper is credit-based networking. In a nutshell, credit-based networking is to build incentives into ways people use the network so as to provide deterrence to bad behavior. This is similar to the use of credit in financial transactions to discourage and avoid bad outcome. We argue it can also be used to discourage and avoid bad network usage, and provide a more scalable solution to network management. There are many technical challenges and issues in credit- based network management. For example, one basic question is whether there exists natural classification of users so that the high risk subclasses of users can be easily identified for more focused monitoring. For certain category of behaviors, a small number of individual users can cause significant negative impact to others. How to dynamically identify these users and keep their credit ratings is also a challenging problem. We discuss these issues in detail based on case studies. In this paper, our discussions are based on the results and experience we have in managing a major university network in China (e.g., with approximately 35,000 users). We first show that based on past traffic analysis and trends, there is a need for credit-based network management techniques. We then discuss how credit rating might be kept and what might be in the administrator’s discretion to do to users with different credit ratings. To illustrate the utility of credit-based management, we apply the methodology to two specific problems: (1) security attacks based on ARP-spoofing, and (2) bottleneck caused by P2P traffics. We then discuss how the concept of credit-based networking can be generally applied to other scenarios of networking, for example ISP peering. Finally we conclude and suggestion several directions for further research. II. User Behavior on a Large Campus Network Increasingly, network management problems are caused by abnormal user behaviors rather than other abnormal events. Figure 1 and 2 show the percentages of different abnormal events in the network, collected from a major university in China. The percentage of those problems caused by user behavior is 55% in 2006, and increases to 63% in 2007.