interdomain routing and games
Download
Skip this Video
Download Presentation
Interdomain Routing and Games

Loading in 2 Seconds...

play fullscreen
1 / 24

Interdomain Routing and Games - PowerPoint PPT Presentation


  • 111 Views
  • Uploaded on

Interdomain Routing and Games. Hagay Levin, Michael Schapira and Aviv Zohar The Hebrew University. On the Agenda. Motivation: Are Internet protocols incentive compatible? Interdomain routing & path vector protocols Convergence issues BGP as a game

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Interdomain Routing and Games' - finn


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
interdomain routing and games

Interdomain Routing and Games

Hagay Levin, Michael Schapira and Aviv Zohar

The Hebrew University

on the agenda
On the Agenda
  • Motivation: Are Internet protocols incentive compatible?
  • Interdomain routing & path vector protocols
  • Convergence issues
  • BGP as a game
  • Hardness of approximation of social welfare
  • Incentive compatibility
  • Conclusions
are current network protocols incentive compatible
Are Current Network Protocols Incentive Compatible?
  • Protocols for the network have been dictated by some designer
  • Okay for cooperative settings
  • But what if nodes try to optimize regardless of harm to others?
  • Example: TCP congestion control
    • Requires sender to transmit less when the network is congested
    • This is not optimal for the sender (always better off sending more)
secure network protocols
Secure Network Protocols
  • A lot of effort is going into re-designing network protocols to be secure.
  • Routing protocols are currently known to be very susceptible to attacks.
    • Even inadvertent configuration errors of routers have caused global catastrophes.
  • Designers are also concerned about incentive issues in this context.
  • Our work highlights some connections between incentives and security of BGP.
interdomain routing

UUNET

AT&T

Comcast

Qwest

Interdomain Routing
  • Messages in the Internet are passed from one router to the other until reaching the destination.
  • Goal of routing protocols: decide how to route packets between nodes on the net.
  • The network is partitioned into Autonomous Systems (ASes) each owned by an economic entity.
    • Within ASes routing is cooperative
    • Between ASes inherently non-cooperative
  • Routing preferences are complex and uncoordinated.

Always chooseshortest paths.

Load-balance myoutgoing traffic.

Avoid routes through AT&T if at all possible.

My link to UUNET is forbackup purposes only.

path vector protocols

receive routes from neighbors

send updatesto neighbors

choose“best” neighbor

Path Vector Protocols
  • The only protocol currently used to establish routes between ASes (interdomain routing): The Border Gateway Protocol (BGP).
  • Performed independently for every destination autonomous system in the network.
  • The computation by each node is an infinite sequence of actions:
example of bgp execution
Example of BGP Execution

5

4

41d

41d

23d

23d

2

23d

1d

1

23d

3d

3

1d

3d

d

d

d

d

receive routes from neighbors

send updatesto neighbors

choose“best” neighbor

our main results informally
Our Main Results Informally
  • Theorem: In “reasonable economic settings”, BGP is almost incentive-compatible (And can be tweaked to be incentive compatible).
  • Theorem: In these same settings it is also almost collusion proof.
    • To make it fully collusion proof we need a somewhat stronger assumption.
bgp not guaranteed to converge
BGP – Not Guaranteed to Converge

1

2

  • Other examples may fail to converge for certain timings and succeed for others.

2d

23d

2d

...

12d

1d

1d

12d

d

31d

3d

31d

3

finding stable states
Finding Stable States
  • Previously known: It’s NP-Hard to determine if a stable state even exists. [Griffin, Wilfong]

We add:

  • Theorem: Determining the existence of a stable state requires exponential communication.
  • In practice, BGP does converge in the Internet! Why?
the gao rexford framework an economic explanation for network convergence
The Gao-Rexford Framework: An economic explanation for network convergence.

Neighboring pairs of ASes have one of:

  • a customer-provider relationship
  • a peering relationship

Restrict the possible graphs and preferences:

  • No customer-provider cycles (cannot be your own customer)
  • Prefer to route through customers over peers, and peers over providers.
  • Only provide transit services to customers.

Guarantees convergence of BGP.

peer

providers

peer

customers

dispute wheels
Dispute Wheels
  • A Dispute Wheel [Griffin et. al.]
    • A sequence of nodes ui and routes Ri, Qi.
    • ui prefers RiQi+1 over Qi.
  • If the network has no dispute wheels, BGP will always converge.
  • Also guarantees convergence with node & link failures.

Gao-Rexford

No Dispute Wheel

Robust Convergence

Shortest Path

modeling path vector protocols as a game
Modeling Path Vector Protocols as a Game
  • The interaction is very complex.
    • Multi-round
    • Asynchronous
    • Partial-information
      • Network structure, schedule, other player’s types are all unknown.
  • No monetary transfers!
    • More realistic
    • Unlike most works on incentive-compatibility in interdomain routing.
routing as a game
Routing as a Game
  • The source-nodes are the strategic agents
  • Agent i has a value vi(R) for any route R
  • The game has an infinite number of rounds
  • Timing decided by an entity called the scheduler
    • Decides which nodes are activated in each round.
    • Delays update messages along selective links.
routing as a game 2
Routing as a Game (2)
  • A node that is activated in a certain round can
    • Read update messages announcing routes.
    • Send update messages announcing routes.
    • Choose a neighboring node to forward traffic to.
  • The gain of node i from the game is:
    • vi(R) if from some point on it has an unchanging route R.
    • 0 otherwise. (can be defined as the maximal gained path in an oscillation as well).
  • a node’s strategy is its choice of a routing protocol.
    • Executing BGP is a strategy.
approximating social welfare
Approximating Social Welfare
  • Theorem: Getting an approximation to the optimal social welfare is impossible unless P=NP even in Gao-Rexford settings.(Improvement on a bound achieved by [Feigenbaum,Sami,Shenker])
  • Theorem: It requires exponential communication to approximate social welfare up to
manipulating in the protocol
Manipulating in The Protocol
  • A node is said to deviate from BGP (or to manipulate BGP) if it does not follow BGP.
  • We want nodes to comply with the alg. Otherwise, suffer a loss when they deviate
  • Which forms of manipulation are available to nodes?
    • Misreporting preferences.
    • Reporting inconsistent information.
    • Announcing nonexistent routes.
    • Denying routes.
no optimal protocols
No Optimal Protocols
  • Theorem: Any routing protocol that:
    • Guarantees convergence to a solution for any timing with any preference profile
    • Resists manipulation

Must contain a (weak) dictator: A node that always gets its most preferred path.

(Simple to prove using a variant of the Gibbard-Satterthwaite theorem)

slide19
Suppose node 1 is a weak dictator.
  • If it wants some crazy path, it must get it.
  • This feels like an unreasonable protocol.

5

4

6

3

2

7

1

d

is bgp incentive compatible

m1d

m12d

m1d

m12d

1

1

m

m

12d

1d

12d

1d

d

d

2

2

2md

2d

2md

2d

with manipulation

without manipulation

Is BGP Incentive-Compatible?
  • Theorem: BGP is not incentive compatible even in Gao-Rexford settings.
can we fix this
Can we fix this?
  • We define a property:
    • Route verification means that an AS can verify that a route is available to a neighboring AS.
  • Route verification is:
    • Achievable via computational means (cryptographic signatures).
    • An important part of secure BGP implementation.
incentive compatibility
Incentive Compatibility
  • Theorem: If the “No Dispute Wheel” condition holds, then BGP with route verification is incentive-compatible in ex-post Nash equilibrium.
  • Theorem: If the “No Dispute Wheel” condition holds, then BGP with route verification is collusion-proof in ex-post Nash equilibrium.
open questions
Open Questions
  • Characterizing robust BGP convergence (“No dispute wheel” is sufficient but not necessary).
  • Does robust BGP convergence with route verification imply incentive compatibility?
  • Can network formation games help to explain the Internet’s commercial structure?
  • Maintain incentive compatibility if the protocol is changed to deal with attacks and other security issues?
  • How do congestion and load fit in?
conclusions
Conclusions
  • Our results help explain BGP’s resilience to manipulation in practice.
    • Manipulation requires extensive knowledge on network topology & preferences of ASes.
    • Faking routes requires manipulation of TCP/IP too.
    • Manipulations by coalitions require Herculean efforts, and tight coordination.
  • We show that proposed security improvements would benefit incentives in the protocol.
  • Work in progress: other natural asynchronous games.
    • “Best Reply Mechanisms” with Noam Nisam and Michael Schapira
ad