With the advent of large-scale, wide-area networking testbeds,
researchers can deploy long-running distributed services that interact
with other resources on the Web. The CoDeeN Content Distribution
Network, deployed on PlanetLab, uses a network of caching Web proxy
servers to intelligently distribute and cache requests from a
potentially large client population. We have been running this system
nearly continuously since June 2003, allowing open access from any
client in the world. In that time, it has become the most heavily-used
long-running service on PlanetLab, handling over four million accesses
per day. In this paper, we discuss the design of our system, focusing
on the reliability and security mechanisms that have kept the service
in operation.
Our reliability mechanisms assess node health, preventing failing
nodes from disrupting the operation of the overall system. Our
security mechanisms protect nodes from being exploited and from being
implicated in malicious activities, problems that commonly plague
other open proxies. We believe that future services, especially
peer-to-peer systems, will require similar mechanisms as more services
are deployed on non-dedicated distributed systems, and as their
interaction with existing protocols and systems increases. Our
experiences with CoDeeN and our data on its
availability should serve as an important starting point for designers
of future systems.