foundations of inter domain routing ph d dissertation defense
Download
Skip this Video
Download Presentation
Foundations of Inter-Domain Routing Ph.D. Dissertation Defense

Loading in 2 Seconds...

play fullscreen
1 / 31

foundations of inter-domain routing ph.d. dissertation defense - PowerPoint PPT Presentation


  • 231 Views
  • Uploaded on

Foundations of Inter-Domain Routing Ph.D. Dissertation Defense. Vijay Ramachandran. Dissertation Director: Joan Feigenbaum Committee Members: Jim Aspnes, Paul Hudak, Tim Griffin (University of Cambridge). Overview.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'foundations of inter-domain routing ph.d. dissertation defense' - Lucy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
foundations of inter domain routing ph d dissertation defense

Foundations ofInter-Domain RoutingPh.D. Dissertation Defense

Vijay Ramachandran

Dissertation Director: Joan Feigenbaum

Committee Members: Jim Aspnes, Paul Hudak,Tim Griffin (University of Cambridge)

overview
Overview
  • This dissertation develops a theoretical framework for the design and analysis of path-vector protocols primarily used for Internet inter-domain routing.
  • The framework can be used to understand the interactions of local routing policies and their effects on protocol behavior.
  • It can also be used to understand the design space of path-vector protocols and inherent trade-offs among desirable protocol properties.

V. Ramachandran — Ph.D. Dissertation Defense

background internet routing
Background: Internet Routing

V. Ramachandran — Ph.D. Dissertation Defense

bgp route processing
BGP Route Processing

IP Forwarding Table

Install forwarding

entries for best routes

Apply Import

Policies

Routing Table

Best Route

Selection

Apply Export

Policies

Apply Policy =

filter routes &

tweak attributes

Apply Policy =

filter routes &

tweak attributes

Based on

attribute

values

Transmit

BGP

updates

Receive

BGP

updates

Storageof routes

Open-ended programming:

constrained only by vendor configuration language

V. Ramachandran — Ph.D. Dissertation Defense

bgp route selection procedure
BGP Route-Selection Procedure
  • Highest local preference
  • Shortest AS-path length
  • For each AS next-hop, lowest MED value
  • eBGP routes over iBGP routes
  • Shortest iBGP distance to egress point

V. Ramachandran — Ph.D. Dissertation Defense

motivation 1
Motivation (1)
  • Given certain policy inputs, BGP will oscillate or converge nondeterministically. [VGE ’00, GSW ’02, MGWR ’02, Cisco ’01]
  • These anomalies are difficult for operatorsto debug because the problems traverse autonomously administered networks.
  • New features are often implemented without testing resulting worst-case scenarios.

V. Ramachandran — Ph.D. Dissertation Defense

motivation 2
Motivation (2)
  • The BGP specification contains no guidance on how to provide “good” routing policies.
  • Policies are unconstrained.
    • Can policies be constrained to guarantee convergence, and how can those constraintsbe described?
    • What is lost, if anything?
  • Formal models allow rigorous analysis and design at different levels of abstraction.

V. Ramachandran — Ph.D. Dissertation Defense

protocol divergence example
Protocol-Divergence Example

120

20

120

210

1

2

10

20

10

210

10

20

Prefer sendingtraffic throughneighbor 1

Prefer sendingtraffic throughneighbor 2

0

0

0

V. Ramachandran — Ph.D. Dissertation Defense

related work formally modeling policy semantics
Related Work:Formally Modeling Policy Semantics
  • [GSW ’02] introduced the Stable Paths Problem (SPP) as the underlying theoretical problem that BGP is trying to solve.
  • SPP is NP-hard; solvability  convergence.

An SPP instance is a graph in which each node represents one AS and has a policy in the form of a linear preference ordering on paths.

V. Ramachandran — Ph.D. Dissertation Defense

spp results gsw 02
SPP Results [GSW ’02]

DISAGREE (multiple solutions)

Dispute Wheel

No dispute wheel impliesrobust convergence.

BAD GADGET (no solution)

V. Ramachandran — Ph.D. Dissertation Defense

related work local and global constraints
Related Work:Local and Global Constraints
  • [GR ’01] showed that Hierarchical BGP (HBGP) is robust.
    • Neighbors are divided into three classes: customers, providers, and peers.
    • Preference and scoping rules apply to routes learned from different types of neighbors.
    • No customer/provider cycles.
  • [GGR ’01] added an attribute to HBGP to allow safe back-up routing.

Localconstraint

Globalconstraint

V. Ramachandran — Ph.D. Dissertation Defense

the design space of path vector protocols gjr 03
The Design Space of Path-Vector Protocols [GJR ’03]
  • Robustness: Does the protocol predictably converge, even after node and link failures?
  • Expressiveness: What routing policies are permitted?
  • Autonomy: What degree of independence do operators have in local-policy configuration?
  • Policy Opaqueness: Can local route settings be kept private?
  • Transparency: How directly does the protocol apply local-policy transformations to route data?
  • Global Constraint: What network assumptions are needed?

V. Ramachandran — Ph.D. Dissertation Defense

three levels of abstraction jr 05
Three Levels of Abstraction [JR ’05]

Sets ofProtocols

Path-Vector Algebras [Sob. ’03]

A description of the most important criteria involved in determiningbest routes. Does not include implementation details, e.g., a routeadvertisement is considered an atomic action.

Protocols

Path-Vector Policy Systems (PVPS) [GJR ’03]

A combination of message-passing system (protocol), policy language,and global constraint. The underlying path-vector system modelsimport & export policies, path selection, and route data structures.

Networks

Instances of the Stable Paths Problem (SPP) [GSW ’02]

A routing configuration, indicating the preference order of permittedpaths on a given network. Solutions are consistent assignments;unique solutions give predictable convergence to a stable assignment.

V. Ramachandran — Ph.D. Dissertation Defense

path vector policy systems gjr 03
Path-Vector Policy Systems [GJR ’03]

Formal model of path-vector routing:

( PV , PL , K )

Path-Vector System:

The underlying message-exchange system for route information. Whatis exchanged and how?

Global Constraint:

What assumptions about the network must be true to achieve robustness?

Policy Language:

How can policies be described?PLacts as a local constraint on the expressiveness of policies.

Question:

What role do these components play in achieving protocol design goals?

V. Ramachandran — Ph.D. Dissertation Defense

linear best route selection model
Linear Best-Route Selection Model
  • Ignore iBGP and MED-attribute values.
  • Assume that the route-selection procedure, at each node, for each destination:
    • maps each route to a rank in some totally ordered set based on its attribute values; and
    • chooses as best the path with minimal rank.
  • Rank is influenced by local policy, but the ranking criteria are the same at each node.

V. Ramachandran — Ph.D. Dissertation Defense

robustness condition gjr 03 sob 03
Robustness Condition[GJR ’03, Sob.’03]

Conjecture: No path-vector policy system can exactly capture all robust configurations.

Theorem: A protocol in which a path’s rank monotonically increases as it is extended (imported by a neighbor) is robust.This is the broadest-known sufficient condition for robustness, equivalent to dispute-wheel freeness on SPP instances.

V. Ramachandran — Ph.D. Dissertation Defense

trade offs in implementation gjr 03
Trade-Offs in Implementation[GJR ’03]

Theorem. A globally unconstrained PVPS expressive enough to capture all increasing configurations either does not support autonomy of neighbor ranking or is not transparent, or both.

Theorem. A transparent, robust PVPS that supports autonomy of neighbor ranking and is at least as expressive as shortest paths must have a non-trivial global constraint.

V. Ramachandran — Ph.D. Dissertation Defense

algebras and pvpses 1 jr 05
Algebras and PVPSes (1) [JR ’05]

BGP

For both,some network instances are convergent

Protocolsusing localpreference

Both,primarilylength

Both,primarilyloc. pref.

Protocolsusinglength

ShortestPaths

Robust protocols

Monotone(or arbitrary)preferences

Strictly monotonepreferences

Shortest Paths withpreference tie-breaking

Monotone preferences with length tie-breaking

V. Ramachandran — Ph.D. Dissertation Defense

algebras and pvpses 2 jr 05
Algebras and PVPSes (2) [JR ’05]
  • The expressiveness of an algebra or PVPSis the set of SPP equivalence classes permitted as legal routing configurations.
  • Given an algebra, we can construct a canonical PVPS that is exactly as expressive.
  • Given a PVPS, we can construct a canonical algebra that describes the same rank criteria.

V. Ramachandran — Ph.D. Dissertation Defense

class based systems jr 04
Class-Based Systems [JR’ 04]
  • The PVPS framework can be used to generalizethe HBGP constraints from [GR’ 01, GGR’ 01].
  • A class-based PVPS is described by:
    • A set of classes (types of neighbor assignments, e.g., customer/provider/peer) and consistency relationships
    • Class relative-preference and scoping rules
  • These systems are transparent and have “some” autonomy of neighbor ranking; they requirea nontrivial global constraint.

V. Ramachandran — Ph.D. Dissertation Defense

relative preference and scope
Relative Preference and Scope

Relative Preference:

If class i is to be preferred over class j, then node v should prefer routes from node w over those from node x.

Scope:

If class i routes cannot be exported to a class-k neighbor, then node u will only learn about the path uvxQ.

V. Ramachandran — Ph.D. Dissertation Defense

class based robustness jr 04
Class-Based Robustness [JR’ 04]
  • From the class description alone, we can construct a global constraint involving a check on pairs of class assignments.
    • Networks obeying this constraint are robust.
    • Networks violating this constraint allow nodes to write policies that induce routing anomalies.
  • We give two types of enforcement algorithms:
    • a centralized algorithm that detects a set of nodes whose class assignments permit a policy-induced anomaly; and
    • a distributed algorithm that detects whether two specific nodes’ class assignments could induce an anomaly.

V. Ramachandran — Ph.D. Dissertation Defense

nonlinear route selection model
Nonlinear Route-Selection Model
  • Recent work generalizes the PVPS framework to include protocols that do not assume linear route-selection procedures.
    • This permits modeling the MED attribute and both iBGP and eBGP sessions.
    • Because previous convergence constraints depend on a notion of rank, these do not applyin the generalized case.
  • Relies on generalized SPP [GW ’02].

V. Ramachandran — Ph.D. Dissertation Defense

generalized spp gw 02
Generalized SPP [GW ’02]
  • Recall BGP selection:
    • lowest MED value from paths to the same AS; then
    • shortest IGP distance.
  • IGP distances are shown near intra-domain links.
  • MED values are shown in parentheses near inter-domain links.
  • This example oscillates.

MED-EVIL (no solution)

V. Ramachandran — Ph.D. Dissertation Defense

independent route ranking
Independent Route Ranking

MED-EVIL (condensed)

V. Ramachandran — Ph.D. Dissertation Defense

generalized path relations
Generalized Path Relations

V. Ramachandran — Ph.D. Dissertation Defense

generalized dispute digraphs
Generalized Dispute Digraphs
  • Given a GSPP instance, form its generalized dispute digraph:
    • nodes are paths;
    • edges correspond to the four relations.
  • Theorem. If a GSPP is not robust, this graph contains a cycle.

MED-EVIL Dispute Digraph

V. Ramachandran — Ph.D. Dissertation Defense

proof method
Proof Method

Cycle in MED-EVIL protocol-selection states.

  • Given a protocol oscillation, choose a path whose first node is the last oscillating node on the path.
  • Follow the oscillation until the selection changes; this change occurred because of a linear or nonlinear selection. This corresponds to some relation between two paths; repeat with the ‘related’ path. Choose a subpath to find the last oscillating node.
  • Because the oscillation is finite, we must re-visit a path.We have just traced a cycle in the dispute digraph.

V. Ramachandran — Ph.D. Dissertation Defense

protocol design applications
Protocol-Design Applications
  • Multiple-Path Broadcast
    • [B+ ’02] and [MC ’04] propose changing BGP to broadcast additional routes to avoid MED-induced oscillations.
    • We can prove the effect of this behavior using ourformal model.
    • Improvement: Detect an IRR violation on-the-fly and request the needed route.
  • “Compare-all-MEDs” and “Set AS-distinct local preferences” [MGWR ’02] can be proven correct.

V. Ramachandran — Ph.D. Dissertation Defense

summary
Summary
  • The PVPS framework allows for a study of path-vector-protocol design—most importantly, a rigorous way to prove:
    • what balance of local and global constraints areneeded for robustness; and
    • what else is lost when these constraints are implemented.
  • The framework has provided concrete and reasonable guidelines for class-based systems.
  • The framework has been extended to include protocols with IRR-violating selection procedures.

V. Ramachandran — Ph.D. Dissertation Defense

open questions
Open Questions
  • Analogous local constraints for the generalized case
  • Real, deployable policy-configuration languages
  • More examples of exact trade-offs between local and global constraints (to date, only class-based systems give this)
  • Full characterization of robust systems?

V. Ramachandran — Ph.D. Dissertation Defense

ad