Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.
-
Upload
sara-lloyd -
Category
Documents
-
view
214 -
download
0
Transcript of Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.
![Page 1: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/1.jpg)
Reliable Internet Routing
Martin Suchara
Thesis advisor Prof. Jennifer Rexford
June 15, 2011
![Page 2: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/2.jpg)
2
The Importance of Service Availability Network service availability more important
than before
New critical network applications VoIP, teleconferencing, online banking
Routing is critical for availability Provides connectivity/reachability
Applications moving to the cloud Latency and disruptions affect performance
of enterprise applications
![Page 3: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/3.jpg)
3
Is Best Effort Availability Enough? Traditional approach: build reliable system out
of unreliable components
Networks with rich connectivity
Routing protocols that find an alternate path if the primary one fails
Transmission protocols retransmit data lost during transient disruptions link
cut
![Page 4: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/4.jpg)
4
Better than Best-Effort Availability Improper load balancing → service disruptions
Choose alternate paths after a link failure that allow good load balancing
Some configurations prevent convergence Router configurations that allow routing
protocols to (quickly) agree on a path
False announcement → choice of wrong path Prevent adversarial attacks on the routing
system
![Page 5: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/5.jpg)
5
The Three Problems Routers in a single autonomous system
search for optimal paths (after a failure) Cooperative model
Rational autonomous systems with conflicting business policies that do not allow them to agree on a route selection Rational model
Attacks by other autonomous systems Adversarial model
![Page 6: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/6.jpg)
6
In This Work
![Page 7: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/7.jpg)
PART IFailure Resilient Routing
Simple Failure Recovery with Load Balancing
Martin Suchara
in collaboration with:D. Xu, R. Doverspike,
D. Johnson and J. Rexford
![Page 8: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/8.jpg)
8
Failure Recovery and Traffic Engineering in IP Networks Uninterrupted data delivery when equipment
fails
Re-balance the network load after failure
This work: integrated failure recovery and traffic engineering with pre-calculated load balancing
Existing solutions either treat failure recovery and traffic engineering separately or require congestion feedback
![Page 9: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/9.jpg)
9
Architectural Goals
3. Detect and respond to failures
1. Simplify the network Allow use of minimalist cheap routers Simplify network management
2. Balance the load Before, during, and after each failure
![Page 10: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/10.jpg)
10
The Architecture – Components Management system
Knows topology, approximate traffic demands, potential failures
Sets up multiple paths and calculates load splitting ratios
Minimal functionality in routers Path-level failure notification Static configuration No coordination with other routers
![Page 11: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/11.jpg)
11
The Architecture• topology design• list of shared risks• traffic demands
t
s
• fixed paths• splitting ratios
0.25
0.25
0.5
![Page 12: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/12.jpg)
12
The Architecture
t
slink cutpath
probing
• fixed paths• splitting ratios
0.5
0.5
0
![Page 13: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/13.jpg)
13
The Architecture: Summary
1. Offline optimizations
2. Load balancing on end-to-end paths
3. Path-level failure detection
How to calculate the paths and
splitting ratios?
![Page 14: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/14.jpg)
14
Goal I: Find Paths Resilient to Failures
A working path needed for each allowed failure state (shared risk link group)
Example of failure states:S = {e1}, { e2}, { e3}, { e4}, { e5}, {e1, e2}, {e1, e5}
e1 e3e2e4 e5
R1 R2
![Page 15: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/15.jpg)
15
Goal II: Minimize Link Loads
minimize ∑s ws∑e
Φ(ues)
while routing all trafficlink utilization ue
s
costΦ(ues)
aggregate congestion cost weighted for all failures:
links indexed by e
ues =1
Cost function is a penalty for approaching capacity
failure state weight
failure states indexed by s
![Page 16: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/16.jpg)
16
Possible Solutions
capabilities of routers
cong
estio
n
Suboptimal solution
Solution not scalable
Good performance and practical?
Too simple solutions do not do well Diminishing returns when adding functionality
![Page 17: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/17.jpg)
17
Computing the Optimal Paths Solve a classical multicommodity flow for each
combination of edge failures:
min load balancing objectives.t. flow conservation
demand satisfaction edge flow non-negativity
Decompose flow into paths and splitting ratios
Paths used by our heuristics (coming next)
Solution also a performance upper bound
![Page 18: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/18.jpg)
18
1. State-Dependent Splitting: Per Observable Failure Custom splitting ratios for each observed
combination of failed paths
0.40.4
0.2
Failure Splitting Ratios
- 0.4, 0.4, 0.2
p2 0.6, 0, 0.4
… …
configuration:
0.6
0.4
p1
p2
p3
NP-hard unless paths are fixed
at most 2#paths entries
![Page 19: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/19.jpg)
19
2. State-Independent Splitting: Across All Failure Scenarios Fixed splitting ratios for all observable failures
0.40.4
0.2
p1, p2, p3:
0.4, 0.4, 0.2
configuration:
0.667
0.333
Non-convex optimization even with fixed paths
p1
p2
p3
Heuristic to compute splitting ratios Average of the optimal ratios
![Page 20: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/20.jpg)
20
Our Solutions
1. State-dependent splitting
2. State-independent splitting
How do they compare to the optimal solution?
Simulations with shared risks for AT&T topology 954 failures, up to 20 links simultaneously
![Page 21: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/21.jpg)
21
Congestion Cost – AT&T’s IP Backbone with SRLG Failures
increasing load
Additional router capabilities improve performance up to a point
obje
ctiv
e va
lue
network traffic
State-dependent splitting indistinguishable from optimum
State-independent splitting not optimal but simple
How do we compare to OSPF? Use optimized OSPF link weights [Fortz, Thorup ’02].
![Page 22: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/22.jpg)
22
Congestion Cost – AT&T’s IP Backbone with SRLG Failures
increasing load
OSPF uses equal splitting on shortest paths. This restriction makes the performance worse.
obje
ctiv
e va
lue
network traffic
OSPF with optimized link weights can be suboptimal
![Page 23: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/23.jpg)
23
Number of Paths – Various Topologies
More paths for larger and more diverse topologies
number of pathsnumber of paths
cdf
![Page 24: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/24.jpg)
24
Summary Simple mechanism combining path protection
and traffic engineering
Favorable properties of state-dependent splitting algorithm:
Path-level failure information is just as good as complete failure information
![Page 25: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/25.jpg)
PART IIBGP Safety Analysis
The Conditions of BGP Convergence
Martin Suchara
in collaboration with:Alex Fabrikant and
Jennifer Rexford
![Page 26: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/26.jpg)
26
The Internet is a Network of Networks
Some route policies do not allow convergence
Past work: “reasonable” policies that are sufficient for convergence
This work: necessary and sufficient conditions of convergence
Previous part focuses on a single autonomous system (AS)
~35,000 independently administered ASes cooperate to find routes
![Page 27: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/27.jpg)
27
The Border Gateway Protocol (BGP) BGP calculates paths to each address prefix
Each Autonomous System (AS) implements its own custom policies
Can prefer an arbitrary path
Can export the path to a subset of neighbors
Prefix d
Data traffic
“I can reach
d via AS 1”44
55
33
“I can reach d” 11
22“I can reach
d via AS 1”
![Page 28: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/28.jpg)
28
Business Driven Policies of ASes
Peer-Peer Relationship
Export only customer routers to a peer
Export peer routes only to customers
Customer-Provider Relationship
Provider exports its customer’s routes to everybody
Customer exports provider’s routes only to downstream customers
![Page 29: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/29.jpg)
29
BGP Safety Challenges 35,000 ASes and 300,000 address blocks
Routing convergence usually takes minutes
But the system does not always converge…
0
1 2
d
Prefer 120 to 10
Prefer 210 to 20
Use 20Use 10Use 120
Use 210
![Page 30: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/30.jpg)
30
Results on BGP Safety
Necessary or sufficient conditions of safety (Gao and Rexford, 2001), (Gao, Griffin and Rexford, 2001), (Griffin, Jaggard and Ramachandran, 2003), (Feamster, Johari and Balakrishnan, 2005), (Sobrinho, 2005), (Fabrikant and Papadimitriou, 2008), (Cittadini, Battista, Rimondini and Vissicchio, 2009), …
Absence of a “dispute wheel” sufficient for safety (Griffin, Shepherd, Wilfong, 2002)
Verifying safety is computationally hard (Fabrikant and Papadimitriou, 2008), (Cittadini, Chiesa, Battista and Vissicchio, 2011)
![Page 31: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/31.jpg)
31
Models of BGP Existing models (variants of SPVP)
Widely used to analyze BGP properties Simple but do not capture spurious
behavior of BGP
This work A new model of BGP with spurious updates Spurious updates have major consequences More detailed model makes proofs easier!
![Page 32: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/32.jpg)
32
SPVP– Traditional Model of BGP (Griffin and Wilfong, 2000)
12010ε
Permitted paths
The topology
2
0
1
The higher the more preferred
21020ε
The destination
Always includes the empty path
Activation models the processing of BGP update messages sent by neighbors
System is safe if all “fair” activation sequences lead to a stable path assignment
Selected path: 210
![Page 33: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/33.jpg)
33
What are Spurious Updates? A phenomenon: router announces a route
other than the highest ranked one
Spurious BGP update 230:
Selected path: 20
Behavior not allowed in SPVP
0
1 2
3
123010
30
21020230
230
![Page 34: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/34.jpg)
34
What Causes Spurious Updates?
1. Limited visibility to improve scalability Internal structure of ASes Cluster-based router architectures
2. Timers and delays to prevent instabilities and reduce overhead Route flap damping Minimal Route Advertisement Interval timer Grouping updates to priority classes Finite size message queues in routers
![Page 35: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/35.jpg)
35
DPVP– A More General Model of BGP DPVP = Dynamic Path Vector Protocol
Transient period τ after each route change Spurious updates with a less preferred
recently available route
Only allows the “right” kind of spurious updates Every spurious update has a cause in BGP General enough and future-proof
![Page 36: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/36.jpg)
36
DPVP– A More General Model of BGP
12010ε
The permitted paths and their ranking
2
0
1
20
21020ε
Spurious update
Selected path: 210
Spurious updates are allowed only if current time < StableTime
Spurious updates may include paths that were recently available or the empty path
Remember all recently available paths (e.g. 20, 210)
StableTime = τ after last path change
![Page 37: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/37.jpg)
37
Consequences of Spurious Updates Spurious behavior is temporary, can it have
long-term consequences?
Yes, it may trigger oscillations in otherwise safe configurations!
Which results do not hold in the new model?
![Page 38: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/38.jpg)
38
Analogs of Previous Results in DPVP Most previous results in SPVP also hold for
DPVP Absence of a “dispute wheel” sufficient for
safety in SPVP (Griffin, Shepherd, Wilfong, 2002)
Still sufficient in DPVP
Some results cannot be extended Slightly different conditions of convergence Exponentially slower convergence possible
![Page 39: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/39.jpg)
39
DPVP Makes Analysis Easier No need to prove that:
Announced route is the highest ranked one Announced route is the last one learned from
the downstream neighbor
We changed the problem PSPACE complete vs. NP complete
![Page 40: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/40.jpg)
40
Necessary and Sufficient Conditions How can we prove a system may oscillate?
Classify each node as “stable” or “coy” At least one “coy” node exists Prove that “stable” nodes must be stable Prove that “coy” nodes may oscillate
Easy in a model with spurious announcements
![Page 41: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/41.jpg)
41
Necessary and Sufficient Conditions
Coy nodes may make spurious announcements
Stable nodes have a permanent path
Theorem: DPVP oscillates if and only if it has a CoyOTE
Definition: CoyOTE is a triple (C, S, Π) satisfying several conditions
One path assigned to each node proves if the node is coy or stable
0
1 2
3
123010
30
21020230
![Page 42: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/42.jpg)
Verifying the Convergence Conditions = Finding a CoyOTE In general an NP-hard problem
Can be checked in polynomial time for most “reasonable” network configurations!
42
e.g.
![Page 43: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/43.jpg)
43
DeCoy – Safety Verification Algorithm Goal: verify safety in polynomial time
Key observation: greedy algorithm works!
1. Let the origin be in the stable set S
2. Keep expanding the stable set S until stuck
If all nodes become stable system is safe
Otherwise system can oscillate
![Page 44: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/44.jpg)
44
Summary DPVP: best of both worlds
More accurate model of BGP Model simplifies theoretical analysis
Key results
![Page 45: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/45.jpg)
PART IIIHow Small Groups can Secure Routing
Martin Suchara
in collaboration with:Ioannis Avramopoulos and Jennifer Rexford
![Page 46: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/46.jpg)
46
Vulnerabilities – Example 1
11
33
22
Invalid origin attack Nodes 1, 3 and 4 route to the adversary The true destination is blackholed
55
77Genuine originAttacker
66
44
12.34.* 12.34.*
![Page 47: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/47.jpg)
47
Vulnerabilities – Example 2
11
33
22
Adversary spoofs a shorter path Node 4 routes through 1 instead of 2 The traffic may be blackholed or intercepted
55
77Genuine origin
44
66 Thinks route thru 2 shorter
12.34.*
No attack
![Page 48: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/48.jpg)
48
Vulnerabilities – Example 2
11
33
22
Adversary spoofs a shorter path Node 4 routes through 1 instead of 2 The traffic may be blackholed or intercepted
55
77Genuine origin
Announce 17
44
66 Thinks route thru 1 shorter
12.34.*
![Page 49: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/49.jpg)
49
State of the Art – S-BGP and soBGP
S-BGP Certificates to verify origin AS Cryptographic attestations added to routing
announcements at each hop
Mechanism: identify which routes are invalid and filter them
soBGP Build a (partial) AS level topology database
![Page 50: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/50.jpg)
50
How Our Solution Helps
Benefits of previous solutions only for large deployments (10,000 ASes) No incentive for early adopters
Our goal: Provide incentives to early adopters!
Our Solution: raise the bar for the adversary significantly
10-20 cooperating nodes
The challenge: few participants relying on many non-participants
![Page 51: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/51.jpg)
51
Lessons Learned from Experimentation
![Page 52: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/52.jpg)
52
Our Approach – Key Ideas
Hijack the hijacker: all participants announce the protected prefix
Hire a few large ISPs to help
Detect invalid routes accurately with data plane detectors
Circumvent the adversary with secure overlay routing
![Page 53: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/53.jpg)
53
Our Approach – Key Ideas
Hijack the hijacker: all participants announce the protected prefix
Hire a few large ISPs to help
Detect invalid routes accurately with data plane detectors
Circumvent the adversary with secure overlay routing
![Page 54: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/54.jpg)
54
Our Approach – Key Ideas
Hijack the hijacker: all participants announce the protected prefix
Hire a few large ISPs to help
Detect invalid routes accurately with data plane detectors
Circumvent the adversary with secure overlay routing
![Page 55: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/55.jpg)
55
Our Approach – Key Ideas
Hijack the hijacker: all participants announce the protected prefix
Hire a few large ISPs to help
Detect invalid routes accurately with data plane detectors
Circumvent the adversary with secure overlay routing
![Page 56: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/56.jpg)
Secure Overlay Routing (SBone)
Overlay of participants’ networks
Protects intra-group traffic
Bad paths detected by probing
55 44
66
33
77
11 22
Use longer route
Use peer route
11
55
22
77
Use provider route
12.34.*56
12.34.*
; 12.34.1.1
; 12.34.1.1Detected as bad
Nonparticipant
Participant
![Page 57: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/57.jpg)
Secure Overlay Routing (SBone) Traffic may go through an intermediate node
57
44
77
Uses path through intermediate node 3
33
66
?
?
?11
?
12.34.*
12.34.*
; 12.34.1.1
; 12.34.1.1
55
12.8.1.1
; 12.8.1.1
Forwards traffic for 1
22
![Page 58: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/58.jpg)
58
SBone – 30 Random + Help of SomeLarge ISPs
Per
cent
age
of S
ecur
e P
artic
ipan
ts
Group Size (ASes)
5 large ISPs3 large ISPs1 large ISP0 large ISPs
![Page 59: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/59.jpg)
59
SBone – Multiple Adversaries
With 5 adversaries, the performance degrades
Solution: enlist more large ISPs!
Group Size (ASes)
Per
cent
age
of S
ecur
e P
artic
ipan
ts
5 large ISPs3 large ISPs1 large ISP0 large ISPs
![Page 60: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/60.jpg)
60
SBone – Properties
![Page 61: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/61.jpg)
Hijacking the Hijacker – Shout Secure traffic from non-participants All participants announce the protected prefix Once the traffic enters the overlay, it is securely
forwarded to the true prefix owner
61
11
33
22
44
66
55
77
Prefers short customer’s path leading to adversary
12.34.*
Node 4 shouts
Use shortest path 1412.34.*
12.34.*
12.34.* 12.34.*
![Page 62: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/62.jpg)
62
Shout + SBone – 1 Adversary
With as few as 10 participants + 3 large ISPs, 95% of all ASes can reach the victim!
Per
cent
age
of S
ecur
e A
Ses
Group Size (ASes)
5 large ISPs3 large ISPs1 large ISP0 large ISPs
![Page 63: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/63.jpg)
63
Shout + SBone – 5 Adversaries
More adversaries larger groups required!
Per
cent
age
of S
ecur
e A
Ses
Group Size (ASes)
5 large ISPs3 large ISPs1 large ISP0 large ISPs
![Page 64: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/64.jpg)
64
Shout – Properties
![Page 65: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/65.jpg)
65
Summary
The proposed solution
SBone and Shout are novel mechanisms that allow small groups to secure BGP
![Page 66: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/66.jpg)
Conclusion
![Page 67: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/67.jpg)
67
Better than Best-Effort Availability Our three solutions:
Improved reliability of the Internet
![Page 68: Reliable Internet Routing Martin Suchara Thesis advisor Prof. Jennifer Rexford June 15, 2011.](https://reader036.fdocuments.in/reader036/viewer/2022062511/5513d25155034679748b4d62/html5/thumbnails/68.jpg)
68
Thank You!