Interdomain routing and games
This presentation is the property of its rightful owner.
Sponsored Links
1 / 24

Interdomain Routing and Games PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on
  • Presentation posted in: General

Interdomain Routing and Games. Hagay Levin, Michael Schapira and Aviv Zohar The Hebrew University. On the Agenda. Motivation: Are Internet protocols incentive compatible? Interdomain routing & path vector protocols Convergence issues BGP as a game

Download Presentation

Interdomain Routing and Games

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Interdomain routing and games

Interdomain Routing and Games

Hagay Levin, Michael Schapira and Aviv Zohar

The Hebrew University


On the agenda

On the Agenda

  • Motivation: Are Internet protocols incentive compatible?

  • Interdomain routing & path vector protocols

  • Convergence issues

  • BGP as a game

  • Hardness of approximation of social welfare

  • Incentive compatibility

  • Conclusions


Are current network protocols incentive compatible

Are Current Network Protocols Incentive Compatible?

  • Protocols for the network have been dictated by some designer

  • Okay for cooperative settings

  • But what if nodes try to optimize regardless of harm to others?

  • Example: TCP congestion control

    • Requires sender to transmit less when the network is congested

    • This is not optimal for the sender (always better off sending more)


Secure network protocols

Secure Network Protocols

  • A lot of effort is going into re-designing network protocols to be secure.

  • Routing protocols are currently known to be very susceptible to attacks.

    • Even inadvertent configuration errors of routers have caused global catastrophes.

  • Designers are also concerned about incentive issues in this context.

  • Our work highlights some connections between incentives and security of BGP.


Interdomain routing

UUNET

AT&T

Comcast

Qwest

Interdomain Routing

  • Messages in the Internet are passed from one router to the other until reaching the destination.

  • Goal of routing protocols: decide how to route packets between nodes on the net.

  • The network is partitioned into Autonomous Systems (ASes) each owned by an economic entity.

    • Within ASes routing is cooperative

    • Between ASes inherently non-cooperative

  • Routing preferences are complex and uncoordinated.

Always chooseshortest paths.

Load-balance myoutgoing traffic.

Avoid routes through AT&T if at all possible.

My link to UUNET is forbackup purposes only.


Path vector protocols

receive routes from neighbors

send updatesto neighbors

choose“best” neighbor

Path Vector Protocols

  • The only protocol currently used to establish routes between ASes (interdomain routing): The Border Gateway Protocol (BGP).

  • Performed independently for every destination autonomous system in the network.

  • The computation by each node is an infinite sequence of actions:


Example of bgp execution

Example of BGP Execution

5

4

41d

41d

23d

23d

2

23d

1d

1

23d

3d

3

1d

3d

d

d

d

d

receive routes from neighbors

send updatesto neighbors

choose“best” neighbor


Our main results informally

Our Main Results Informally

  • Theorem: In “reasonable economic settings”, BGP is almost incentive-compatible (And can be tweaked to be incentive compatible).

  • Theorem: In these same settings it is also almost collusion proof.

    • To make it fully collusion proof we need a somewhat stronger assumption.


Bgp not guaranteed to converge

BGP – Not Guaranteed to Converge

1

2

  • Other examples may fail to converge for certain timings and succeed for others.

2d

23d

2d

...

12d

1d

1d

12d

d

31d

3d

31d

3


Finding stable states

Finding Stable States

  • Previously known: It’s NP-Hard to determine if a stable state even exists. [Griffin, Wilfong]

    We add:

  • Theorem: Determining the existence of a stable state requires exponential communication.

  • In practice, BGP does converge in the Internet! Why?


The gao rexford framework an economic explanation for network convergence

The Gao-Rexford Framework: An economic explanation for network convergence.

Neighboring pairs of ASes have one of:

  • a customer-provider relationship

  • a peering relationship

    Restrict the possible graphs and preferences:

  • No customer-provider cycles (cannot be your own customer)

  • Prefer to route through customers over peers, and peers over providers.

  • Only provide transit services to customers.

    Guarantees convergence of BGP.

peer

providers

peer

customers


Dispute wheels

Dispute Wheels

  • A Dispute Wheel [Griffin et. al.]

    • A sequence of nodes ui and routes Ri, Qi.

    • ui prefers RiQi+1 over Qi.

  • If the network has no dispute wheels, BGP will always converge.

  • Also guarantees convergence with node & link failures.

Gao-Rexford

No Dispute Wheel

Robust Convergence

Shortest Path


Modeling path vector protocols as a game

Modeling Path Vector Protocols as a Game

  • The interaction is very complex.

    • Multi-round

    • Asynchronous

    • Partial-information

      • Network structure, schedule, other player’s types are all unknown.

  • No monetary transfers!

    • More realistic

    • Unlike most works on incentive-compatibility in interdomain routing.


Routing as a game

Routing as a Game

  • The source-nodes are the strategic agents

  • Agent i has a value vi(R) for any route R

  • The game has an infinite number of rounds

  • Timing decided by an entity called the scheduler

    • Decides which nodes are activated in each round.

    • Delays update messages along selective links.


Routing as a game 2

Routing as a Game (2)

  • A node that is activated in a certain round can

    • Read update messages announcing routes.

    • Send update messages announcing routes.

    • Choose a neighboring node to forward traffic to.

  • The gain of node i from the game is:

    • vi(R) if from some point on it has an unchanging route R.

    • 0 otherwise. (can be defined as the maximal gained path in an oscillation as well).

  • a node’s strategy is its choice of a routing protocol.

    • Executing BGP is a strategy.


Approximating social welfare

Approximating Social Welfare

  • Theorem: Getting an approximation to the optimal social welfare is impossible unless P=NP even in Gao-Rexford settings.(Improvement on a bound achieved by [Feigenbaum,Sami,Shenker])

  • Theorem: It requires exponential communication to approximate social welfare up to


Manipulating in the protocol

Manipulating in The Protocol

  • A node is said to deviate from BGP (or to manipulate BGP) if it does not follow BGP.

  • We want nodes to comply with the alg. Otherwise, suffer a loss when they deviate

  • Which forms of manipulation are available to nodes?

    • Misreporting preferences.

    • Reporting inconsistent information.

    • Announcing nonexistent routes.

    • Denying routes.


No optimal protocols

No Optimal Protocols

  • Theorem: Any routing protocol that:

    • Guarantees convergence to a solution for any timing with any preference profile

    • Resists manipulation

      Must contain a (weak) dictator: A node that always gets its most preferred path.

      (Simple to prove using a variant of the Gibbard-Satterthwaite theorem)


Interdomain routing and games

  • Suppose node 1 is a weak dictator.

  • If it wants some crazy path, it must get it.

  • This feels like an unreasonable protocol.

5

4

6

3

2

7

1

d


Is bgp incentive compatible

m1d

m12d

m1d

m12d

1

1

m

m

12d

1d

12d

1d

d

d

2

2

2md

2d

2md

2d

with manipulation

without manipulation

Is BGP Incentive-Compatible?

  • Theorem: BGP is not incentive compatible even in Gao-Rexford settings.


Can we fix this

Can we fix this?

  • We define a property:

    • Route verification means that an AS can verify that a route is available to a neighboring AS.

  • Route verification is:

    • Achievable via computational means (cryptographic signatures).

    • An important part of secure BGP implementation.


Incentive compatibility

Incentive Compatibility

  • Theorem: If the “No Dispute Wheel” condition holds, then BGP with route verification is incentive-compatible in ex-post Nash equilibrium.

  • Theorem: If the “No Dispute Wheel” condition holds, then BGP with route verification is collusion-proof in ex-post Nash equilibrium.


Open questions

Open Questions

  • Characterizing robust BGP convergence (“No dispute wheel” is sufficient but not necessary).

  • Does robust BGP convergence with route verification imply incentive compatibility?

  • Can network formation games help to explain the Internet’s commercial structure?

  • Maintain incentive compatibility if the protocol is changed to deal with attacks and other security issues?

  • How do congestion and load fit in?


Conclusions

Conclusions

  • Our results help explain BGP’s resilience to manipulation in practice.

    • Manipulation requires extensive knowledge on network topology & preferences of ASes.

    • Faking routes requires manipulation of TCP/IP too.

    • Manipulations by coalitions require Herculean efforts, and tight coordination.

  • We show that proposed security improvements would benefit incentives in the protocol.

  • Work in progress: other natural asynchronous games.

    • “Best Reply Mechanisms” with Noam Nisam and Michael Schapira


  • Login