Foundations of inter domain routing ph d dissertation defense
Download
1 / 31

Foundations of Inter-Domain Routing Ph.D. Dissertation Defense - PowerPoint PPT Presentation


  • 232 Views
  • Uploaded on

Foundations of Inter-Domain Routing Ph.D. Dissertation Defense. Vijay Ramachandran. Dissertation Director: Joan Feigenbaum Committee Members: Jim Aspnes, Paul Hudak, Tim Griffin (University of Cambridge). Overview.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Foundations of Inter-Domain Routing Ph.D. Dissertation Defense' - Lucy


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Foundations of inter domain routing ph d dissertation defense l.jpg

Foundations ofInter-Domain RoutingPh.D. Dissertation Defense

Vijay Ramachandran

Dissertation Director: Joan Feigenbaum

Committee Members: Jim Aspnes, Paul Hudak,Tim Griffin (University of Cambridge)


Overview l.jpg
Overview

  • This dissertation develops a theoretical framework for the design and analysis of path-vector protocols primarily used for Internet inter-domain routing.

  • The framework can be used to understand the interactions of local routing policies and their effects on protocol behavior.

  • It can also be used to understand the design space of path-vector protocols and inherent trade-offs among desirable protocol properties.

V. Ramachandran — Ph.D. Dissertation Defense


Background internet routing l.jpg
Background: Internet Routing

V. Ramachandran — Ph.D. Dissertation Defense


Bgp route processing l.jpg
BGP Route Processing

IP Forwarding Table

Install forwarding

entries for best routes

Apply Import

Policies

Routing Table

Best Route

Selection

Apply Export

Policies

Apply Policy =

filter routes &

tweak attributes

Apply Policy =

filter routes &

tweak attributes

Based on

attribute

values

Transmit

BGP

updates

Receive

BGP

updates

Storageof routes

Open-ended programming:

constrained only by vendor configuration language

V. Ramachandran — Ph.D. Dissertation Defense


Bgp route selection procedure l.jpg
BGP Route-Selection Procedure

  • Highest local preference

  • Shortest AS-path length

  • For each AS next-hop, lowest MED value

  • eBGP routes over iBGP routes

  • Shortest iBGP distance to egress point

V. Ramachandran — Ph.D. Dissertation Defense


Motivation 1 l.jpg
Motivation (1)

  • Given certain policy inputs, BGP will oscillate or converge nondeterministically. [VGE ’00, GSW ’02, MGWR ’02, Cisco ’01]

  • These anomalies are difficult for operatorsto debug because the problems traverse autonomously administered networks.

  • New features are often implemented without testing resulting worst-case scenarios.

V. Ramachandran — Ph.D. Dissertation Defense


Motivation 2 l.jpg
Motivation (2)

  • The BGP specification contains no guidance on how to provide “good” routing policies.

  • Policies are unconstrained.

    • Can policies be constrained to guarantee convergence, and how can those constraintsbe described?

    • What is lost, if anything?

  • Formal models allow rigorous analysis and design at different levels of abstraction.

V. Ramachandran — Ph.D. Dissertation Defense


Protocol divergence example l.jpg
Protocol-Divergence Example

120

20

120

210

1

2

10

20

10

210

10

20

Prefer sendingtraffic throughneighbor 1

Prefer sendingtraffic throughneighbor 2

0

0

0

V. Ramachandran — Ph.D. Dissertation Defense


Related work formally modeling policy semantics l.jpg
Related Work:Formally Modeling Policy Semantics

  • [GSW ’02] introduced the Stable Paths Problem (SPP) as the underlying theoretical problem that BGP is trying to solve.

  • SPP is NP-hard; solvability  convergence.

An SPP instance is a graph in which each node represents one AS and has a policy in the form of a linear preference ordering on paths.

V. Ramachandran — Ph.D. Dissertation Defense


Spp results gsw 02 l.jpg
SPP Results [GSW ’02]

DISAGREE (multiple solutions)

Dispute Wheel

No dispute wheel impliesrobust convergence.

BAD GADGET (no solution)

V. Ramachandran — Ph.D. Dissertation Defense


Related work local and global constraints l.jpg
Related Work:Local and Global Constraints

  • [GR ’01] showed that Hierarchical BGP (HBGP) is robust.

    • Neighbors are divided into three classes: customers, providers, and peers.

    • Preference and scoping rules apply to routes learned from different types of neighbors.

    • No customer/provider cycles.

  • [GGR ’01] added an attribute to HBGP to allow safe back-up routing.

Localconstraint

Globalconstraint

V. Ramachandran — Ph.D. Dissertation Defense


The design space of path vector protocols gjr 03 l.jpg
The Design Space of Path-Vector Protocols [GJR ’03]

  • Robustness: Does the protocol predictably converge, even after node and link failures?

  • Expressiveness: What routing policies are permitted?

  • Autonomy: What degree of independence do operators have in local-policy configuration?

  • Policy Opaqueness: Can local route settings be kept private?

  • Transparency: How directly does the protocol apply local-policy transformations to route data?

  • Global Constraint: What network assumptions are needed?

V. Ramachandran — Ph.D. Dissertation Defense


Three levels of abstraction jr 05 l.jpg
Three Levels of Abstraction [JR ’05]

Sets ofProtocols

Path-Vector Algebras [Sob. ’03]

A description of the most important criteria involved in determiningbest routes. Does not include implementation details, e.g., a routeadvertisement is considered an atomic action.

Protocols

Path-Vector Policy Systems (PVPS) [GJR ’03]

A combination of message-passing system (protocol), policy language,and global constraint. The underlying path-vector system modelsimport & export policies, path selection, and route data structures.

Networks

Instances of the Stable Paths Problem (SPP) [GSW ’02]

A routing configuration, indicating the preference order of permittedpaths on a given network. Solutions are consistent assignments;unique solutions give predictable convergence to a stable assignment.

V. Ramachandran — Ph.D. Dissertation Defense


Path vector policy systems gjr 03 l.jpg
Path-Vector Policy Systems [GJR ’03]

Formal model of path-vector routing:

( PV , PL , K )

Path-Vector System:

The underlying message-exchange system for route information. Whatis exchanged and how?

Global Constraint:

What assumptions about the network must be true to achieve robustness?

Policy Language:

How can policies be described?PLacts as a local constraint on the expressiveness of policies.

Question:

What role do these components play in achieving protocol design goals?

V. Ramachandran — Ph.D. Dissertation Defense


Linear best route selection model l.jpg
Linear Best-Route Selection Model

  • Ignore iBGP and MED-attribute values.

  • Assume that the route-selection procedure, at each node, for each destination:

    • maps each route to a rank in some totally ordered set based on its attribute values; and

    • chooses as best the path with minimal rank.

  • Rank is influenced by local policy, but the ranking criteria are the same at each node.

V. Ramachandran — Ph.D. Dissertation Defense


Robustness condition gjr 03 sob 03 l.jpg
Robustness Condition[GJR ’03, Sob.’03]

Conjecture: No path-vector policy system can exactly capture all robust configurations.

Theorem: A protocol in which a path’s rank monotonically increases as it is extended (imported by a neighbor) is robust.This is the broadest-known sufficient condition for robustness, equivalent to dispute-wheel freeness on SPP instances.

V. Ramachandran — Ph.D. Dissertation Defense


Trade offs in implementation gjr 03 l.jpg
Trade-Offs in Implementation[GJR ’03]

Theorem. A globally unconstrained PVPS expressive enough to capture all increasing configurations either does not support autonomy of neighbor ranking or is not transparent, or both.

Theorem. A transparent, robust PVPS that supports autonomy of neighbor ranking and is at least as expressive as shortest paths must have a non-trivial global constraint.

V. Ramachandran — Ph.D. Dissertation Defense


Algebras and pvpses 1 jr 05 l.jpg
Algebras and PVPSes (1) [JR ’05]

BGP

For both,some network instances are convergent

Protocolsusing localpreference

Both,primarilylength

Both,primarilyloc. pref.

Protocolsusinglength

ShortestPaths

Robust protocols

Monotone(or arbitrary)preferences

Strictly monotonepreferences

Shortest Paths withpreference tie-breaking

Monotone preferences with length tie-breaking

V. Ramachandran — Ph.D. Dissertation Defense


Algebras and pvpses 2 jr 05 l.jpg
Algebras and PVPSes (2) [JR ’05]

  • The expressiveness of an algebra or PVPSis the set of SPP equivalence classes permitted as legal routing configurations.

  • Given an algebra, we can construct a canonical PVPS that is exactly as expressive.

  • Given a PVPS, we can construct a canonical algebra that describes the same rank criteria.

V. Ramachandran — Ph.D. Dissertation Defense


Class based systems jr 04 l.jpg
Class-Based Systems [JR’ 04]

  • The PVPS framework can be used to generalizethe HBGP constraints from [GR’ 01, GGR’ 01].

  • A class-based PVPS is described by:

    • A set of classes (types of neighbor assignments, e.g., customer/provider/peer) and consistency relationships

    • Class relative-preference and scoping rules

  • These systems are transparent and have “some” autonomy of neighbor ranking; they requirea nontrivial global constraint.

V. Ramachandran — Ph.D. Dissertation Defense


Relative preference and scope l.jpg
Relative Preference and Scope

Relative Preference:

If class i is to be preferred over class j, then node v should prefer routes from node w over those from node x.

Scope:

If class i routes cannot be exported to a class-k neighbor, then node u will only learn about the path uvxQ.

V. Ramachandran — Ph.D. Dissertation Defense


Class based robustness jr 04 l.jpg
Class-Based Robustness [JR’ 04]

  • From the class description alone, we can construct a global constraint involving a check on pairs of class assignments.

    • Networks obeying this constraint are robust.

    • Networks violating this constraint allow nodes to write policies that induce routing anomalies.

  • We give two types of enforcement algorithms:

    • a centralized algorithm that detects a set of nodes whose class assignments permit a policy-induced anomaly; and

    • a distributed algorithm that detects whether two specific nodes’ class assignments could induce an anomaly.

V. Ramachandran — Ph.D. Dissertation Defense


Nonlinear route selection model l.jpg
Nonlinear Route-Selection Model

  • Recent work generalizes the PVPS framework to include protocols that do not assume linear route-selection procedures.

    • This permits modeling the MED attribute and both iBGP and eBGP sessions.

    • Because previous convergence constraints depend on a notion of rank, these do not applyin the generalized case.

  • Relies on generalized SPP [GW ’02].

V. Ramachandran — Ph.D. Dissertation Defense


Generalized spp gw 02 l.jpg
Generalized SPP [GW ’02]

  • Recall BGP selection:

    • lowest MED value from paths to the same AS; then

    • shortest IGP distance.

  • IGP distances are shown near intra-domain links.

  • MED values are shown in parentheses near inter-domain links.

  • This example oscillates.

MED-EVIL (no solution)

V. Ramachandran — Ph.D. Dissertation Defense


Independent route ranking l.jpg
Independent Route Ranking

MED-EVIL (condensed)

V. Ramachandran — Ph.D. Dissertation Defense


Generalized path relations l.jpg
Generalized Path Relations

V. Ramachandran — Ph.D. Dissertation Defense


Generalized dispute digraphs l.jpg
Generalized Dispute Digraphs

  • Given a GSPP instance, form its generalized dispute digraph:

    • nodes are paths;

    • edges correspond to the four relations.

  • Theorem. If a GSPP is not robust, this graph contains a cycle.

MED-EVIL Dispute Digraph

V. Ramachandran — Ph.D. Dissertation Defense


Proof method l.jpg
Proof Method

Cycle in MED-EVIL protocol-selection states.

  • Given a protocol oscillation, choose a path whose first node is the last oscillating node on the path.

  • Follow the oscillation until the selection changes; this change occurred because of a linear or nonlinear selection. This corresponds to some relation between two paths; repeat with the ‘related’ path. Choose a subpath to find the last oscillating node.

  • Because the oscillation is finite, we must re-visit a path.We have just traced a cycle in the dispute digraph.

V. Ramachandran — Ph.D. Dissertation Defense


Protocol design applications l.jpg
Protocol-Design Applications

  • Multiple-Path Broadcast

    • [B+ ’02] and [MC ’04] propose changing BGP to broadcast additional routes to avoid MED-induced oscillations.

    • We can prove the effect of this behavior using ourformal model.

    • Improvement: Detect an IRR violation on-the-fly and request the needed route.

  • “Compare-all-MEDs” and “Set AS-distinct local preferences” [MGWR ’02] can be proven correct.

V. Ramachandran — Ph.D. Dissertation Defense


Summary l.jpg
Summary

  • The PVPS framework allows for a study of path-vector-protocol design—most importantly, a rigorous way to prove:

    • what balance of local and global constraints areneeded for robustness; and

    • what else is lost when these constraints are implemented.

  • The framework has provided concrete and reasonable guidelines for class-based systems.

  • The framework has been extended to include protocols with IRR-violating selection procedures.

V. Ramachandran — Ph.D. Dissertation Defense


Open questions l.jpg
Open Questions

  • Analogous local constraints for the generalized case

  • Real, deployable policy-configuration languages

  • More examples of exact trade-offs between local and global constraints (to date, only class-based systems give this)

  • Full characterization of robust systems?

V. Ramachandran — Ph.D. Dissertation Defense