1 / 36

Path-Vector Policy Systems

Path-Vector Policy Systems. Vijay Ramachandran Official Graduate Student Talk September 30, 2003 Advisor: Joan Feigenbaum. Overview. Routing with BGP is determined using semantically rich routing policies. Expressiveness can lead to unpredictable global routing anomalies.

sheri
Download Presentation

Path-Vector Policy Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Path-Vector Policy Systems Vijay RamachandranOfficial Graduate Student TalkSeptember 30, 2003Advisor: Joan Feigenbaum Ramachandran: OGST

  2. Overview • Routing with BGP is determined using semantically rich routing policies. • Expressiveness can lead to unpredictable global routing anomalies. • Design principles for policies and policy languages can ameliorate this problem. • This work gives a framework for the design of path-vector protocols and policy languages. Ramachandran: OGST

  3. Outline • Motivation • Dimensions of the Design Space • Path-Vector Policy Systems • Trade-offs in the Design Space • An Application • Open Problems Ramachandran: OGST

  4. Dynamics of Path-Vector Routing Ramachandran: OGST

  5. BGP Route Processing IP Forwarding Table Install forwarding entries for best routes Apply Import Policies Best Route Selection Best Route Table Apply Export Policies Apply Policy = filter routes & tweak attributes Apply Policy = filter routes & tweak attributes Receive BGP updates Based on attribute values Transmit BGP updates Storageof routes Open-ended programming: constrained only by vendor configuration language Ramachandran: OGST

  6. Consequences • Use of “hacks” to encode information, e.g., AS-path padding • Complex policies usingcommunity values Ramachandran: OGST

  7. Examples of Anomalies • “Route pinning:” backup routes carry traffic even when primary link is active • Protocol divergenceK. Varadhan, R. Govindan, and D. Estrin. “Persistent Route Oscillations in Inter-Domain Routing.” Computer Networks32, 2000. • Troubles from “cold-potato” routingD. McPherson, V. Gill, D. Walton, and A. Retana. “BGP Persistent Route Oscillation Condition.” Manuscript, 2002.Cisco Field Note. “Endless BGP Convergence Problem in Cisco IOS Software Releases.” October 2001. Ramachandran: OGST

  8. The Problem • Local configuration can coax the protocol to execute complex routing decisions. • Increased incidence of routing anomaliescomes with richer policy expressiveness. • Lack of design principles for policy languages Ramachandran: OGST

  9. Outline • Motivation • Dimensions of the Design Space • Path-Vector Policy Systems • Trade-offs in the Design Space • An Application • Open Problems Ramachandran: OGST

  10. Expressiveness • Desire: Maximal expressiveness without sacrificing other design goals • Measure: How many routing configurations can be expressed? Use SPP as a semantic domain.* 2 3 12 3 4 12 12 5 12 3 4 5 1 3 2 5 13 4 5 13 4 13 1 2 3 * Griffin, Shepherd, and Wilfong. “The Stable Paths Problem and Interdomain Routing.” IEEE/ACM TON10(2), 2002. 1 4 5 14 3 2 5 14 3 14 1 5 4 5 15 2 1 Ramachandran: OGST

  11. Robustness • Definition: Unique solvability for any configuration, even after link and node failures • Primary constraint on expressiveness Deleting edge{1, 5} results ina configurationwith no predictable solution. 2 3 12 3 4 12 12 5 12 3 4 5 1 3 2 5 13 4 5 13 4 13 1 2 3 1 4 5 14 3 2 5 14 3 14 1 5 4 5 15 2 1 Ramachandran: OGST

  12. Other Design-Space Dimensions • Transparency: Can policy writers understand the effects of their policies? • Policy Opaqueness: Can routing-policy details remain private? • Autonomy: What degree of independence do policy writers have in configuration? • Global Constraint: What global conditions must be checked? Ramachandran: OGST

  13. A Slice of the Design Space:Robust and Transparent Systems Ramachandran: OGST

  14. Outline • Motivation • Dimensions of the Design Space • Path-Vector Policy Systems • Trade-offs in the Design Space • An Application • Open Problems Ramachandran: OGST

  15. Path-Vector Policy Systems Formal model of path-vector routing: ( PV , PL , K ) Path-Vector System: The underlying message-exchange system for route information. What is exchanged and how? Global Constraint: What assumptions about the network must be true to achieve robustness? Policy Language: How can policies be described? PL acts as a local constraint on the expressiveness of policies. Question: What role do these components play in achieving our design goals? Ramachandran: OGST

  16. Path-Vector-System Components (1) Path Descriptors: The data structure for routes—the attributes in a route record used to advertise routes and calculate best routes Example 1 (Lowest-Cost Paths): Example 2 (Simplified BGP): Destination Path Cost AS Path (Vector) Destination Local Preference AS Path (Vector) Next Hop Color Ramachandran: OGST

  17. Path-Vector-System Components (2) Ranking Function (): A description of how attribute values influence “best-route” choice Example 1 (Lowest-Cost Paths): Example 2 (Simplified BGP): (d, c, P) = cLower cost = More preferred Destination Path Cost N AS Path (Vector) Destination Local Preference AS Path (Vector) Next Hop Color Prefer larger local pref, then shorter path length, then smaller next-hop value Ramachandran: OGST

  18. Path-Vector-System Components (3) Local Constraints: A description of legal import and export policies Example 1 (Lowest-Cost Paths):Routers can only increment path-cost value bya non-negative integer. Example 2 (Simplified BGP):Routers can only set local-preference (to any integer) and color values. Destination Path Cost N AS Path (Vector) Destination Local Preference AS Path (Vector) Next Hop Color Ramachandran: OGST

  19. Path-Vector-System Components (4) Policy-Application Functions: How routers should apply policies Example 1 (Lowest-Cost Paths):Apply path-cost increment as specified; add to AS path on export; check for loops on import. Example 2 (Simplified BGP):Set color as specified. Set AS path and hop and hide pref on export; check for loops and set pref on import. Destination Path Cost N AS Path (Vector) Destination Local Preference AS Path (Vector) Next Hop Color Ramachandran: OGST

  20. Policy Languages • High-level language to write routing policies • Probably involves compilation to low-level transformations on path descriptors • Generated policies should satisfy path-vector system’s local constraints if r.color = “Red” then r.local-pref := 50 else if first(r.as-path) = AS5 then r.local-pref := 25 r.color := “Blue” else r.local-pref := 100 Example (Simplified BGP): Ramachandran: OGST

  21. Definition of Transparency Policy application along an arc F(a, b)(X) = tin(a, b, f in(a, b), tout(b, a, f out(b, a), X) can be written F(a, b)(X) = Fin(a, b, T(Fout(b, a, X))) Ramachandran: OGST

  22. Autonomy (Informal) General Autonomy: How many ways can a node partition neighbors into preference classes? Autonomy of Neighbor Ranking: Can anode always prefer routes through one set of neighbors over routes through another set of neighbors? Ramachandran: OGST

  23. Outline • Motivation • Dimensions of the Design Space • Path-Vector Policy Systems • Trade-offs in the Design Space • An Application • Open Problems Ramachandran: OGST

  24. Example 1 Properties Shortest Paths Expressiveness … low Robust … yes Transparent … yes Aut. Nbr. Ranking … no Opaque … no Destination Path Cost N AS Path (Vector) Ramachandran: OGST

  25. Example 2 Properties Simplified BGP Expressiveness … high Robust … no Transparent … yes Aut. Nbr. Ranking … yes Opaque … yes Destination Local Preference AS Path (Vector) Next Hop Color Ramachandran: OGST

  26. A Natural Robust Class Conjecture {1}. No path-vector policy system can exactly capture all robust configurations. Theorem {5 & 6}. A path-vector policy systemin which a path’s absolute rank monotonically increases as it is exchanged among routersis robust. Example: Lowest-cost paths (This is the broadest-known sufficient condition for robustness.) Ramachandran: OGST

  27. Increasing: What is Lost? (1) 1. Filter out routes whose absolute rank does not increase on import/export. X Transparency u decreases local preference value for P P.pref = 75 P.pref = 25 u u P P s d s d uP.pref = 50vQ.pref = 25 uP.pref = 50vQ.pref = 25 Q Q v v Q.pref = 50 Q.pref = 50 Ramachandran: OGST

  28. Increasing: What is Lost? (2) 2. Have routers share all rank-determining attributes and constrain legal policies to those that increase absolute rank. X Autonomy and Policy Opaqueness u decreases local preference value for P, so s must adjust P.pref = 75 P.pref = 25 u u P P s d s d uP.pref = 50vQ.pref = 25 uP.pref = 20vQ.pref = 15 Q Q v v Q.pref = 50 Q.pref = 50 Ramachandran: OGST

  29. Increasing: What is Lost? (3) 3. Impose some global mechanism to check that paths are partially ordered with respect to the ranking function. i.e., for any configuration, check that all realizable path descriptors have increased absolute rank on import / export X In general, tractability of Global Constraint Ramachandran: OGST

  30. Summary of Trade-offs Theorem {7}. A path-vector policy system(without global constraint) expressive enough to capture all increasing configurations either does not support autonomy of neighbor ranking or is not transparent, or both. Theorem {8}. A transparent, robust path-vector policy system that supports autonomy of neighbor ranking and is at least as expressive as shortest paths must have a non-trivial global constraint. Ramachandran: OGST

  31. Outline • Motivation • Dimensions of the Design Space • Path-Vector Policy Systems • Trade-offs in the Design Space • An Application • Open Problems Ramachandran: OGST

  32. Class-Based Systems (1) • Assign each neighbor to a class • Classes have preference and scope rules • Prefer routes through neighbors of certain classes • Conditions for sharing routes with neighbors • Example (HBGP): • Classes are “peer,” “provider,” and “customer.” • Classes are preferred in the standard order. Ramachandran: OGST

  33. Class-Based Systems (2) Relative Preference: If class i is to be preferred over class j, then node v should prefer routes from node w over those from node x. Scope: If class i routes cannot be exported to a class-k neighbor, then node u will only learn about the path uvxQ. Ramachandran: OGST

  34. Class-Based Systems (3) • Use a BGP-like path-vector system with level and local-preference attributes. • Use policy languages that allow classification of neighbors, assignment of local preference, and adjustment of level. • What global constraint is needed? Theorem {9}. Constraint = class consistency + check that certain cycles do not existExample (HBGP): no customer-provider cycles Ramachandran: OGST

  35. Outline • Motivation • Dimensions of the Design Space • Path-Vector Policy Systems • Trade-offs in the Design Space • An Application • Open Problems Ramachandran: OGST

  36. Open Problems • Conjecture {1}, or necessary condition for robustness • Further study of class-based systems; in particular, tighten robustness check • Enforcement mechanisms for global constraints • Expressiveness of systems under poynomial-time-checkable global constraints • Policy language development • Non-deterministic systems and their dynamics • Security issues and study of the “forwarding plane” Ramachandran: OGST

More Related