BGP Safety with Spurious Updates Martin Suchara in collaboration with: Alex Fabrikant and Jennifer Rexford IEEE INFOCOM April 14, 2011.

Slides:

Advertisements

Similar presentations

Reliable Internet Routing

Advertisements

BGP Safety with Spurious Updates The Conditions of BGP Convergence Martin Suchara in collaboration with: Alex Fabrikant and Jennifer Rexford January 12,

Chapter 4 Distributed Bellman-Ford Routing

1 Incentive-Compatible Inter-Domain Routing Joan Feigenbaum Yale University Colloquium at Cornell University; October.

Part IV: BGP Routing Instability. March 8, BGP routing updates  Route updates at prefix level  No activity in “steady state”  Routing messages.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

Does BGP Solve the Shortest Paths Problem? Timothy G. Griffin Joint work with Bruce Shepherd and Gordon Wilfong Bell Laboratories, Lucent Technologies.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

1 Interdomain Routing and Games Hagay Levin, Michael Schapira and Aviv Zohar The Hebrew University.

1 BGP Anomaly Detection in an ISP Jian Wu (U. Michigan) Z. Morley Mao (U. Michigan) Jennifer Rexford (Princeton) Jia Wang (AT&T Labs)

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

SCHOOL OF INFORMATION UNIVERSITY OF MICHIGAN si.umich.edu Searching for Stability in Interdomain Routing Rahul Sami (University of Michigan) Michael Schapira.

Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.

Announcement  Slides and reference materials available at  Slides and reference materials available.

Can Economic Incentives Make the ‘Net Work? Jennifer Rexford Princeton University

STABLE PATH PROBLEM Presented by: Sangeetha A. J. Based on The Stable Path Problem and Interdomain Routing Timothy G. Griffin, Bruce Shepherd, Gordon Wilfong.

Game Theoretic and Economic Perspectives on Interdomain Routing Michael Schapira Yale University and UC Berkeley.

Towards a Lightweight Model of BGP Safety Matvey Arye Princeton University Joint work with: Rob Harrison, Richard Wang, Jennifer Rexford (Princeton) Pamela.

Lecture 14: Inter-domain Routing Stability CS 268 class March 8 th, 2004 (slides from Timothy Griffin’s tutorial and Craig Labovitz’s NANOG talk)

1 Finding a Needle in a Haystack: Pinpointing Significant BGP Routing Changes in an IP Network Jian Wu (University of Michigan) Z. Morley Mao (University.

1 Policy Disputes in Path-Vector Protocols A Safe Path-Vector Protocol Zacharopoulos Dimitris

S ufficient C onditions to G uarantee P ath V isibility Akeel ur Rehman Faridee

1 An Experimental Analysis of BGP Convergence Time Timothy Griffin AT&T Research & Brian Premore Dartmouth College.

Improving BGP Convergence Through Consistency Assertions Dan Pei, Lan Wang, Lixia Zhang UCLA Xiaoliang Zhao, Daniel Massey, Allison Mankin, USC/ISI S.

MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

BGP: Inter-Domain Routing Protocol Noah Treuhaft U.C. Berkeley.

Slide -1- February, 2006 Interdomain Routing Gordon Wilfong Distinguished Member of Technical Staff Algorithms Research Department Mathematical and Algorithmic.

On the Stability of Rational, Heterogeneous Interdomain Route Selection Hao Wang Yale University Joint work with Haiyong Xie, Y. Richard Yang, Avi Silberschatz,

Interdomain Routing as Social Choice Ronny R. Dakdouk, Semih Salihoglu, Hao Wang, Haiyong Xie, Yang Richard Yang Yale University IBC ’ 06.

Inherently Safe Backup Routing with BGP Lixin Gao (U. Mass Amherst) Timothy Griffin (AT&T Research) Jennifer Rexford (AT&T Research)

Stable Internet Routing Without Global Coordination Jennifer Rexford AT&T Labs--Research

Stable Internet Routing Without Global Coordination Jennifer Rexford AT&T Labs--Research Joint work with Lixin Gao.

Hot Potatoes Heat Up BGP Routing Jennifer Rexford AT&T Labs—Research Joint work with Renata Teixeira, Aman Shaikh, and.

Game Dynamics Out of Sync Michael Schapira (Yale University and UC Berkeley) Joint work with Aaron D. Jaggard and Rebecca N. Wright.

Interdomain Routing and the Border Gateway Protocol (BGP) Reading: Section COS 461: Computer Networks Spring 2011 Mike Freedman

ROUTING PROTOCOLS Rizwan Rehman. Static routing  each router manually configured with a list of destinations and the next hop to reach those destinations.

Computer Networks Layering and Routing Dina Katabi

9/15/2015CS622 - MIRO Presentation1 Wen Xu and Jennifer Rexford Department of Computer Science Princeton University Chuck Short CS622 Dr. C. Edward Chow.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.

Dynamics of Hot-Potato Routing in IP Networks Jennifer Rexford AT&T Labs—Research Joint work with Renata Teixeira (UCSD),

David Wetherall Professor of Computer Science & Engineering Introduction to Computer Networks Hierarchical Routing (§5.2.6)

More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.

Routing Convergence Dan Massey Colorado State University.

Detecting Selective Dropping Attacks in BGP Mooi Chuah Kun Huang November 2006.

Distance Vector Routing Protocols Dynamic Routing.

Pitch Patarasuk Policy Disputes in Path-Vector Protocol A Safe Path Vector Protocol The Stable Paths Problem and Interdomain routing.

CS 4396 Computer Networks Lab BGP. Inter-AS routing in the Internet: (BGP)

An internet is a combination of networks connected by routers. When a datagram goes from a source to a destination, it will probably pass through many.

1 7-Jan-16 S Ward Abingdon and Witney College Dynamic Routing CCNA Exploration Semester 2 Chapter 3.

CSci5221: BGP Policies1 Inter-Domain Routing: BGP, Routing Policies, etc. BGP Path Selection and Policy Routing Stable Path Problem and Policy Conflicts.

1 Internet Routing: BGP Routing Convergence Jennifer Rexford Princeton University

Doing Don’ts: Modifying BGP Attributes within an Autonomous System Luca Cittadini, Stefano Vissicchio, Giuseppe Di Battista Università degli Studi RomaTre.

Jian Wu (University of Michigan)

L. Cittadini, G. Di Battista, M. Rimondini, S. Vissicchio

COS 561: Advanced Computer Networks

Hao Wang Yale University Joint work with

Interdomain routing V. Arun

Can Economic Incentives Make the ‘Net Work?

Inter-Domain Routing: BGP, Routing Policies, etc.

COS 561: Advanced Computer Networks

COS 561: Advanced Computer Networks

COS 561: Advanced Computer Networks

COS 561: Advanced Computer Networks

COS 561: Advanced Computer Networks

BGP Policies Jennifer Rexford

BGP Interactions Jennifer Rexford

COS 461: Computer Networks

COS 561: Advanced Computer Networks

BGP Instability Jennifer Rexford

Presentation transcript:

BGP Safety with Spurious Updates Martin Suchara in collaboration with: Alex Fabrikant and Jennifer Rexford IEEE INFOCOM April 14, 2011

2 The Border Gateway Protocol (BGP)  BGP calculates paths to each address prefix  Each Autonomous System (AS) implements its own custom policies Can prefer an arbitrary path Can export the path to a subset of neighbors Prefix d Data traffic “I can reach d via AS 1” “I can reach d” “I can reach d via AS 1”

3 BGP Safety Challenges  35,000 ASes and 300,000 address blocks  Routing convergence usually takes minutes But the system does not always converge… 0 12 d Prefer 120 to 10 Prefer 210 to 20 Use 20 Use 10 Use 120 Use 210

4 Results on BGP Safety  Necessary or sufficient conditions of safety (Gao and Rexford, 2001), (Gao, Griffin and Rexford, 2001), (Griffin, Jaggard and Ramachandran, 2003), (Feamster, Johari and Balakrishnan, 2005), (Sobrinho, 2005), (Fabrikant and Papadimitriou, 2008), (Cittadini, Battista, Rimondini and Vissicchio, 2009), …  Absence of a “dispute wheel” sufficient for safety (Griffin, Shepherd, Wilfong, 2002)  Verifying safety is computationally hard (Fabrikant and Papadimitriou, 2008), (Cittadini, Chiesa, Battista and Vissicchio, 2011)

5 Key Results  Existing models of BGP do not capture important transient phenomena  A new model of BGP Accurately capture the consequences of transient phenomena on convergence Retain simplicity of previous models  More accurate model makes proofs easier!

6 Overview I.Classical model of BGP: the SPVP III.The surprise: networks believed to be safe oscillate! IV.Convergence conditions: polynomial time verifiable V.Conclusion II.Spurious BGP updates: what are they?

7 Simple Path Vector Protocol (SPVP) Traditional BGP Model (Griffin and Wilfong, 2000) ε Permitted paths Network topology The higher the more preferred ε The destination

8 Simple Path Vector Protocol (SPVP) Traditional BGP Model (Griffin and Wilfong, 2000) ε ε Selected paths 2

9 Simple Path Vector Protocol (SPVP) Traditional BGP Model (Griffin and Wilfong, 2000) ε ε Activation 21  Activation models the processing of BGP update messages sent by neighbors

10 Simple Path Vector Protocol (SPVP) Traditional BGP Model (Griffin and Wilfong, 2000) ε ε Switch to best available 2 Activation 1  Activation models the processing of BGP update messages sent by neighbors

11 Simple Path Vector Protocol (SPVP) Traditional BGP Model (Griffin and Wilfong, 2000) ε ε  System is safe if all “fair” activation sequences lead to a stable path assignment Switch to best available 2 Activation 1

12 Overview I.Classical model of BGP: the SPVP III.The surprise: networks believed to be safe oscillate! IV.Convergence conditions: polynomial time verifiable V.Conclusion II.Spurious BGP updates: what are they?

13 What are Spurious Updates?  A phenomenon: router announces a route other than the highest ranked one Spurious BGP update 230: Selected path: 20  Behavior not allowed in SPVP

14 What Causes Spurious Updates? 1.Limited visibility to improve scalability Internal structure of ASes Cluster-based router architectures 2.Timers and delays to prevent instabilities and reduce overhead Route flap damping Minimal Route Advertisement Interval timer Grouping updates to priority classes Finite size message queues in routers

15 DPVP– A More General Model of BGP  DPVP = Dynamic Path Vector Protocol Transient period τ after each route change Spurious updates with a less preferred recently available route  Only allows the “right” kind of spurious updates Every spurious update has a cause in BGP General enough and future-proof

16 DPVP– A More General Model of BGP ε The permitted paths and their ranking ε Spurious update Selected path: 210  Spurious updates are allowed only if current time < StableTime  Spurious updates may include paths that were recently available or the empty path Remember all recently available paths (e.g. 20, 210) StableTime = τ after last path change

17 Overview I.Classical model of BGP: the SPVP III.The surprise: networks believed to be safe oscillate! IV.Convergence conditions: polynomial time verifiable V.Conclusion II.Spurious BGP updates: what are they?

18 Consequences of Spurious Updates  Spurious behavior is temporary, can it have long-term consequences?  Yes, it may trigger oscillations in otherwise safe configurations!

19 The Surprise: Spurious Announcements Trigger Permanent Oscillations!  Stable because node 3 cannot use route 30  Safe instance in all classical models of routing: Stable outcome

20 The Surprise: Spurious Announcements Trigger Permanent Oscillations!  Can be caused by route flap damping  Oscillates if node 3 announces route Spurious update 30

21 Some Results No Longer Hold  Absence of a “dispute reel” necessary and sufficient for safety under filtering in SPVP (Cittadini et al., 2009) Our result: permanent oscillations in DPVP even without a reel  Linear time convergence of BGP (Sami et al., 2009) Our result: exponential slowdown

22 Overview I.Classical model of BGP: the SPVP III.The surprise: networks believed to be safe oscillate! IV.Convergence conditions: polynomial time verifiable V.Conclusion II.Spurious BGP updates: what are they?

23 Convergence Conditions  Absence of a “dispute wheel” is still sufficient for safety in DPVP Most of the previous results of the past decade still hold under DPVP!  Absence of a “dispute wheel” sufficient for safety in SPVP (Griffin, Shepherd, Wilfong, 2002) One of the most cited results

24 DPVP Makes Analysis Easier  No need to prove that: Announced route is the highest ranked one Announced route is the last one learned from the downstream neighbor  We changed the problem PSPACE complete vs. NP complete

25 Necessary and Sufficient Conditions  How can we prove a system may oscillate? Classify each node as “stable” or “coy” At least one “coy” node exists Prove that “stable” nodes must be stable Prove that “coy” nodes may oscillate Easy in a model with spurious announcements

26 Necessary and Sufficient Conditions Coy nodes may make spurious announcements Stable nodes have a permanent path  Theorem: DPVP oscillates if and only if it has a CoyOTE  Definition: CoyOTE is a triple (C, S, Π ) satisfying several conditions One path assigned to each node proves if the node is coy or stable

Verifying the Convergence Conditions = Finding a CoyOTE  In general an NP-hard problem  Can be checked in polynomial time for most “reasonable” network configurations! 27 e.g.

28 DeCoy – Safety Verification Algorithm  Goal: verify safety in polynomial time  Key observation: greedy algorithm works! 1.Let the origin be in the stable set S 2.Keep expanding the stable set S until stuck If all nodes become stable system is safe Otherwise system can oscillate

29 Overview I.Classical model of BGP: the SPVP III.The surprise: networks believed to be safe oscillate! IV.Convergence conditions: polynomial time verifiable V.Conclusion II.Spurious BGP updates: what are they?

30 Conclusion  DPVP: best of both worlds More accurate model of BGP Model simplifies theoretical analysis  Key results

31 Thank You!