Loading in 2 Seconds...

Foundations of Inter-Domain Routing Ph.D. Dissertation Defense

Loading in 2 Seconds...

- By
**Lucy** - Follow User

- 231 Views
- Uploaded on

Download Presentation
## PowerPoint Slideshow about 'foundations of inter-domain routing ph.d. dissertation defense' - Lucy

**An Image/Link below is provided (as is) to download presentation**

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript

### Foundations ofInter-Domain RoutingPh.D. Dissertation Defense

Vijay Ramachandran

Dissertation Director: Joan Feigenbaum

Committee Members: Jim Aspnes, Paul Hudak,Tim Griffin (University of Cambridge)

Overview

- This dissertation develops a theoretical framework for the design and analysis of path-vector protocols primarily used for Internet inter-domain routing.
- The framework can be used to understand the interactions of local routing policies and their effects on protocol behavior.
- It can also be used to understand the design space of path-vector protocols and inherent trade-offs among desirable protocol properties.

V. Ramachandran — Ph.D. Dissertation Defense

Background: Internet Routing

V. Ramachandran — Ph.D. Dissertation Defense

BGP Route Processing

IP Forwarding Table

Install forwarding

entries for best routes

Apply Import

Policies

Routing Table

Best Route

Selection

Apply Export

Policies

Apply Policy =

filter routes &

tweak attributes

Apply Policy =

filter routes &

tweak attributes

Based on

attribute

values

Transmit

BGP

updates

Receive

BGP

updates

Storageof routes

Open-ended programming:

constrained only by vendor configuration language

V. Ramachandran — Ph.D. Dissertation Defense

BGP Route-Selection Procedure

- Highest local preference
- Shortest AS-path length
- For each AS next-hop, lowest MED value
- eBGP routes over iBGP routes
- Shortest iBGP distance to egress point

V. Ramachandran — Ph.D. Dissertation Defense

Motivation (1)

- Given certain policy inputs, BGP will oscillate or converge nondeterministically. [VGE ’00, GSW ’02, MGWR ’02, Cisco ’01]
- These anomalies are difficult for operatorsto debug because the problems traverse autonomously administered networks.
- New features are often implemented without testing resulting worst-case scenarios.

V. Ramachandran — Ph.D. Dissertation Defense

Motivation (2)

- The BGP specification contains no guidance on how to provide “good” routing policies.
- Policies are unconstrained.
- Can policies be constrained to guarantee convergence, and how can those constraintsbe described?
- What is lost, if anything?
- Formal models allow rigorous analysis and design at different levels of abstraction.

V. Ramachandran — Ph.D. Dissertation Defense

Protocol-Divergence Example

120

20

120

210

1

2

10

20

10

210

10

20

Prefer sendingtraffic throughneighbor 1

Prefer sendingtraffic throughneighbor 2

0

0

0

V. Ramachandran — Ph.D. Dissertation Defense

Related Work:Formally Modeling Policy Semantics

- [GSW ’02] introduced the Stable Paths Problem (SPP) as the underlying theoretical problem that BGP is trying to solve.
- SPP is NP-hard; solvability convergence.

An SPP instance is a graph in which each node represents one AS and has a policy in the form of a linear preference ordering on paths.

V. Ramachandran — Ph.D. Dissertation Defense

SPP Results [GSW ’02]

DISAGREE (multiple solutions)

Dispute Wheel

No dispute wheel impliesrobust convergence.

BAD GADGET (no solution)

V. Ramachandran — Ph.D. Dissertation Defense

Related Work:Local and Global Constraints

- [GR ’01] showed that Hierarchical BGP (HBGP) is robust.
- Neighbors are divided into three classes: customers, providers, and peers.
- Preference and scoping rules apply to routes learned from different types of neighbors.
- No customer/provider cycles.
- [GGR ’01] added an attribute to HBGP to allow safe back-up routing.

Localconstraint

Globalconstraint

V. Ramachandran — Ph.D. Dissertation Defense

The Design Space of Path-Vector Protocols [GJR ’03]

- Robustness: Does the protocol predictably converge, even after node and link failures?
- Expressiveness: What routing policies are permitted?
- Autonomy: What degree of independence do operators have in local-policy configuration?
- Policy Opaqueness: Can local route settings be kept private?
- Transparency: How directly does the protocol apply local-policy transformations to route data?
- Global Constraint: What network assumptions are needed?

V. Ramachandran — Ph.D. Dissertation Defense

Three Levels of Abstraction [JR ’05]

Sets ofProtocols

Path-Vector Algebras [Sob. ’03]

A description of the most important criteria involved in determiningbest routes. Does not include implementation details, e.g., a routeadvertisement is considered an atomic action.

Protocols

Path-Vector Policy Systems (PVPS) [GJR ’03]

A combination of message-passing system (protocol), policy language,and global constraint. The underlying path-vector system modelsimport & export policies, path selection, and route data structures.

Networks

Instances of the Stable Paths Problem (SPP) [GSW ’02]

A routing configuration, indicating the preference order of permittedpaths on a given network. Solutions are consistent assignments;unique solutions give predictable convergence to a stable assignment.

V. Ramachandran — Ph.D. Dissertation Defense

Path-Vector Policy Systems [GJR ’03]

Formal model of path-vector routing:

( PV , PL , K )

Path-Vector System:

The underlying message-exchange system for route information. Whatis exchanged and how?

Global Constraint:

What assumptions about the network must be true to achieve robustness?

Policy Language:

How can policies be described?PLacts as a local constraint on the expressiveness of policies.

Question:

What role do these components play in achieving protocol design goals?

V. Ramachandran — Ph.D. Dissertation Defense

Linear Best-Route Selection Model

- Ignore iBGP and MED-attribute values.
- Assume that the route-selection procedure, at each node, for each destination:
- maps each route to a rank in some totally ordered set based on its attribute values; and
- chooses as best the path with minimal rank.
- Rank is influenced by local policy, but the ranking criteria are the same at each node.

V. Ramachandran — Ph.D. Dissertation Defense

Robustness Condition[GJR ’03, Sob.’03]

Conjecture: No path-vector policy system can exactly capture all robust configurations.

Theorem: A protocol in which a path’s rank monotonically increases as it is extended (imported by a neighbor) is robust.This is the broadest-known sufficient condition for robustness, equivalent to dispute-wheel freeness on SPP instances.

V. Ramachandran — Ph.D. Dissertation Defense

Trade-Offs in Implementation[GJR ’03]

Theorem. A globally unconstrained PVPS expressive enough to capture all increasing configurations either does not support autonomy of neighbor ranking or is not transparent, or both.

Theorem. A transparent, robust PVPS that supports autonomy of neighbor ranking and is at least as expressive as shortest paths must have a non-trivial global constraint.

V. Ramachandran — Ph.D. Dissertation Defense

Algebras and PVPSes (1) [JR ’05]

BGP

For both,some network instances are convergent

Protocolsusing localpreference

Both,primarilylength

Both,primarilyloc. pref.

Protocolsusinglength

ShortestPaths

Robust protocols

Monotone(or arbitrary)preferences

Strictly monotonepreferences

Shortest Paths withpreference tie-breaking

Monotone preferences with length tie-breaking

V. Ramachandran — Ph.D. Dissertation Defense

Algebras and PVPSes (2) [JR ’05]

- The expressiveness of an algebra or PVPSis the set of SPP equivalence classes permitted as legal routing configurations.
- Given an algebra, we can construct a canonical PVPS that is exactly as expressive.
- Given a PVPS, we can construct a canonical algebra that describes the same rank criteria.

V. Ramachandran — Ph.D. Dissertation Defense

Class-Based Systems [JR’ 04]

- The PVPS framework can be used to generalizethe HBGP constraints from [GR’ 01, GGR’ 01].
- A class-based PVPS is described by:
- A set of classes (types of neighbor assignments, e.g., customer/provider/peer) and consistency relationships
- Class relative-preference and scoping rules
- These systems are transparent and have “some” autonomy of neighbor ranking; they requirea nontrivial global constraint.

V. Ramachandran — Ph.D. Dissertation Defense

Relative Preference and Scope

Relative Preference:

If class i is to be preferred over class j, then node v should prefer routes from node w over those from node x.

Scope:

If class i routes cannot be exported to a class-k neighbor, then node u will only learn about the path uvxQ.

V. Ramachandran — Ph.D. Dissertation Defense

Class-Based Robustness [JR’ 04]

- From the class description alone, we can construct a global constraint involving a check on pairs of class assignments.
- Networks obeying this constraint are robust.
- Networks violating this constraint allow nodes to write policies that induce routing anomalies.
- We give two types of enforcement algorithms:
- a centralized algorithm that detects a set of nodes whose class assignments permit a policy-induced anomaly; and
- a distributed algorithm that detects whether two specific nodes’ class assignments could induce an anomaly.

V. Ramachandran — Ph.D. Dissertation Defense

Nonlinear Route-Selection Model

- Recent work generalizes the PVPS framework to include protocols that do not assume linear route-selection procedures.
- This permits modeling the MED attribute and both iBGP and eBGP sessions.
- Because previous convergence constraints depend on a notion of rank, these do not applyin the generalized case.
- Relies on generalized SPP [GW ’02].

V. Ramachandran — Ph.D. Dissertation Defense

Generalized SPP [GW ’02]

- Recall BGP selection:
- lowest MED value from paths to the same AS; then
- shortest IGP distance.
- IGP distances are shown near intra-domain links.
- MED values are shown in parentheses near inter-domain links.
- This example oscillates.

MED-EVIL (no solution)

V. Ramachandran — Ph.D. Dissertation Defense

Generalized Path Relations

V. Ramachandran — Ph.D. Dissertation Defense

Generalized Dispute Digraphs

- Given a GSPP instance, form its generalized dispute digraph:
- nodes are paths;
- edges correspond to the four relations.
- Theorem. If a GSPP is not robust, this graph contains a cycle.

MED-EVIL Dispute Digraph

V. Ramachandran — Ph.D. Dissertation Defense

Proof Method

Cycle in MED-EVIL protocol-selection states.

- Given a protocol oscillation, choose a path whose first node is the last oscillating node on the path.
- Follow the oscillation until the selection changes; this change occurred because of a linear or nonlinear selection. This corresponds to some relation between two paths; repeat with the ‘related’ path. Choose a subpath to find the last oscillating node.
- Because the oscillation is finite, we must re-visit a path.We have just traced a cycle in the dispute digraph.

V. Ramachandran — Ph.D. Dissertation Defense

Protocol-Design Applications

- Multiple-Path Broadcast
- [B+ ’02] and [MC ’04] propose changing BGP to broadcast additional routes to avoid MED-induced oscillations.
- We can prove the effect of this behavior using ourformal model.
- Improvement: Detect an IRR violation on-the-fly and request the needed route.
- “Compare-all-MEDs” and “Set AS-distinct local preferences” [MGWR ’02] can be proven correct.

V. Ramachandran — Ph.D. Dissertation Defense

Summary

- The PVPS framework allows for a study of path-vector-protocol design—most importantly, a rigorous way to prove:
- what balance of local and global constraints areneeded for robustness; and
- what else is lost when these constraints are implemented.
- The framework has provided concrete and reasonable guidelines for class-based systems.
- The framework has been extended to include protocols with IRR-violating selection procedures.

V. Ramachandran — Ph.D. Dissertation Defense

Open Questions

- Analogous local constraints for the generalized case
- Real, deployable policy-configuration languages
- More examples of exact trade-offs between local and global constraints (to date, only class-based systems give this)
- Full characterization of robust systems?

V. Ramachandran — Ph.D. Dissertation Defense

Download Presentation

Connecting to Server..