Improving Internet Availability with Path Splicing Nick Feamster Georgia Tech Joint work with...
-
Upload
erin-cowan -
Category
Documents
-
view
215 -
download
0
Transcript of Improving Internet Availability with Path Splicing Nick Feamster Georgia Tech Joint work with...
Improving Internet Availabilitywith Path Splicing
Nick FeamsterGeorgia Tech
Joint work with Murtaza Motiwala and Santosh Vempala
2
“It is not difficult to create a list of desired characteristics for a new Internet. Deciding how to design and deploy a network that achieves these goals is much harder. Over time, our list will evolve. It should be:
1. Robust and available. The network should be as robust, fault-tolerant and available as the wire-line telephone network is today.
2. …
Can the Internet be “Always On”?
• Various studies (Paxson, etc.) show the Internet is at about 2.5 “nines”
• More “critical” (or at least availability-centric) applications on the Internet
• At the same time, the Internet is getting more difficult to debug– Scale, complexity, disconnection, etc.
3
Availability of Other Services
• Carrier Airlines (2002 FAA Fact Book)– 41 accidents, 6.7M departures– 99.9993% availability
• 911 Phone service (1993 NRIC report +)– 29 minutes per year per line– 99.994% availability
• Std. Phone service (various sources)– 53+ minutes per line per year– 99.99+% availability
4
Threats to Availability
• Natural disasters• Physical failures (node, link)• Implementation bugs• Misconfiguration• Mis-coordination• Denial-of-service (DoS) attacks• Changes in traffic patterns (e.g., flash crowd)• …
5
Availability: Two Aspects
• Reliability: Connectivity in the routing tables should approach the that of the underlying graph– If two nodes s and t remain connected in the
underlying graph, there is some sequence of hops in the routing tables that will result in traffic
• Recovery: In case of failure (i.e., link or node removal), nodes should quickly be able to discover a new path
6
Multipath: Promise and Problems
• Bad: If any link fails on both paths, s is disconnected from t
• Want: End systems remain connected unless the underlying graph has a cut
ts
7
Path Splicing: Main Idea
• Step 1 (Perturbations): Run multiple instances of the routing protocol, each with slightly perturbed versions of the configuration
• Step 2 (Slicing): Allow traffic to switch between instances at any node in the protocol
ts
Compute multiple forwarding trees per destination.Allow packets to switch slices midstream.
8
Generating Slices
• Goal: Each instance provides different paths• Mechanism: Each edge is given a weight that is
a slightly perturbed version of the original weight– Two schemes: Uniform and degree-based
ts
3
3
3
“Base” Graph
ts
3.5
4
5 1.5
1.5
1.25
Perturbed Graph
9
Constructing Paths
• Goal: Allow multiple instances to co-exist• Mechanism: Virtual forwarding tables
a
t
c
s b
t a
t c
Slice 1
Slice 2
dst next-hop
10
Forwarding Traffic
• Packet has shim header with forwarding bits
• Routers use lg(k) bits to index forwarding tables– Shift bits after inspection
• To access different (or multiple) paths, end systems simply change the forwarding bits– Incremental deployment is trivial– Persistent loops cannot occur
• Various optimizations are possible
11
Evaluation
• Defining reliability
• Does path splicing improve reliability?– How close can splicing get to the best possible
reliability (i.e., that of the underlying graph)?
• Can path splicing enable fast recovery?– Can end systems (or intermediate nodes) find
alternate paths fast enough?
12
Defining Reliability
• Reliability: the probability that, upon failing each edge with probability p, the graph remains connected
• Reliability curve: the fraction of source-destination pairs that remain connected for various link failure probabilities p
• The underlying graph has an underlying reliability (and reliability curve)– Goal: Reliability of routing system should approach that of the underlying graph.
13
Reliability Curve: Illustration
Probability of link failure (p)
Fraction of source-dest pairs disconnected
Better reliability
More edges available to end systems -> Better reliability
14
Reliability Approaches Optimal• Sprint (Rocketfuel) topology• 1,000 trials• p indicates probability edge was removed from base graph
Reliability approaches optimal
Average stretch is only 1.3
Sprint topology,degree-based perturbations
15
Recovery: Two Mechanisms
• End-system recovery– Switch slices at every hop with probability 0.5
• Network-based recovery– Router switches to a random slice if next hop is
unreachable– Continue for a fixed number of hops till
destination is reached
15
16
Simple Recovery Strategies Work Well
• Which paths can be recovered within 5 trials?– Sequential trials: 5 round-trip times– …but trials could also be made in parallel
Recovery approaches maximum possible
Adding a few more slices improves recovery beyond best possible reliability with fewer slices.
17
Splicing Improves Availability
• Reliability: Connectivity in the routing tables should approach the that of the underlying graph– Approach: Overlay trees generated using random link-
weight perturbations. Allow traffic to switch between them
– Result: Splicing ~ 10 trees achieves near-optimal reliability
• Recovery: In case of failure, nodes should quickly be able to discover a new path– Approach: End nodes randomly select new bits– Result: Recovery within 5 trials approaches best possible
18
Open Questions
• How does splicing interact with traffic engineering? Sources controlling traffic?
• What are the best mechanisms for generating slices and recovering paths?
• Can splicing eliminate dynamic routing?
19
Conclusion• Simple: Forwarding bits provide access to
different paths through the network
• Scalable: Exponential increase in available paths, linear increase in state
• Stable: Fast recovery does not require fast routing protocols
http://www.cc.gatech.edu/~feamster/papers/splicing-hotnets.pdf
20
21
How to Perturb the Link Weights?
• Uniform: Perturbation is a function of the initial weight of the link
• Degree-based: Perturbation is a linear function of the degrees of the incident nodes– Intuition: Deflect traffic away from nodes where traffic
might tend to pass through by default
22
Putting It Together
• End system sets forwarding bits in packet header• Forwarding bits specify slice to be used at any hop• Router: examines/shifts forwarding bits, and forwards
ts
23
What About Loops?
• Persistent loops are avoidable– In the simple scheme, path bits are exhausted from
the header– Never switching back to the same
• Transient loops can still be a problem because they increase end-to-end delay (“stretch”)– Longer end-to-end paths– Wasted capacity
24
Significant Novelty for Modest Stretch
• Novelty: difference in nodes in a perturbed shortest path from the original shortest path
Example
s d
Novelty: 1 – (1/3) = 2/3
Fraction of edges on short path shared with long path
25
Extension: Interdomain Paths• Observation: Many routers already learn multiple
alternate routes to each destination.• Idea: Use the forwarding bits to index into these
alternate routes at an AS’s ingress and egress routers.
• Storing multiple entries per prefix • Indexing into them based on packet headers• Selecting the “best” k routes for each destination
Required new functionality
ddefault
alternate
Splice paths at ingress and egress routers