Decoupling Policy from Mechanism in Internet Routing Alex C. Snoeren and Barath Raghavan University of California, San Diego.

Slides:

Advertisements

Similar presentations

Jennifer Rexford Princeton University MW 11:00am-12:20pm Logically-Centralized Control COS 597E: Software Defined Networking.

Advertisements

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Routing Basics.

Review: Routing algorithms Distance Vector algorithm. –What information is maintained in each router? –How to distribute the global network information?

1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)

Sign What You Really Care About - $ecure BGP AS Paths Efficiently Yang Xiang Zhiliang Wang Jianping Wu Xingang Shi Xia Yin Tsinghua University, Beijing.

Network Layer: Internet-Wide Routing & BGP Dina Katabi & Sam Madden.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

© 2004 The MITRE Corporation. All rights reserved DTN Security Susan Symington March 2005 IETF DTN meeting.

11 TROUBLESHOOTING Chapter 12. Chapter 12: TROUBLESHOOTING2 OVERVIEW  Determine whether a network communications problem is related to TCP/IP.  Understand.

Hierarchy of Routing Knowledge IP Routing: All routers within domains that carry transit traffic have to maintain both interior and exterior routing information.

The need for BGP AfNOG Workshops Philip Smith. “Keeping Local Traffic Local”

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.

Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

HLP: A Next Generation Interdomain Routing Protocol Lakshminarayanan Subramanian* Matthew Caesar* Cheng Tien Ee*, Mark Handley° Morley Maoª, Scott Shenker*

MIRED: Managing IP Routing is Extremely Difficult Jennifer Rexford Internet and Networking Systems AT&T Labs - Research; Florham Park, NJ

Slide Set 15: IP Multicast. In this set What is multicasting ? Issues related to IP Multicast Section 4.4.

Postmodern Internet Architecture Defense Zhaosheng Zhu Kevin Tan.

Stable Internet Routing Without Global Coordination Jennifer Rexford AT&T Labs--Research

A System for Authenticated Policy-Compliant Routing Barath Raghavan and Alex C. Snoeren UC San Diego.

Stable Internet Routing Without Global Coordination Jennifer Rexford AT&T Labs--Research

A Study of MPLS Department of Computing Science & Engineering DE MONTFORT UNIVERSITY, LEICESTER, U.K. By PARMINDER SINGH KANG

Layer-3 Routing Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.

Computer Networks Layering and Routing Dina Katabi

Towards a Logic for Wide- Area Internet Routing Nick Feamster Hari Balakrishnan.

Introduction to Routing and Routing Protocols By Ashar Anwar.

Network Sensitivity to Hot-Potato Disruptions Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),

Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.

1 Pertemuan 20 Teknik Routing Matakuliah: H0174/Jaringan Komputer Tahun: 2006 Versi: 1/0.

1 Computer Communication & Networks Lecture 22 Network Layer: Delivery, Forwarding, Routing (contd.)

9/15/2015CS622 - MIRO Presentation1 Wen Xu and Jennifer Rexford Department of Computer Science Princeton University Chuck Short CS622 Dr. C. Edward Chow.

M.Menelaou CCNA2 ROUTING. M.Menelaou ROUTING Routing is the process that a router uses to forward packets toward the destination network. A router makes.

Cisco – Chapter 11 Routers All You Ever Wanted To Know But Were Afraid to Ask.

CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.

By Sylvia Ratnasamy, Andrey Ermolinskiy, Scott Shenker Presented by Fei Jia Revisiting IP Multicast.

CCNA 1 Module 10 Routing Fundamentals and Subnets.

10/8/2015CST Computer Networks1 IP Routing CST 415.

Reducing Transient Disconnectivity using Anomaly-Cognizant Forwarding Andrey Ermolinskiy, Scott Shenker University of California – Berkeley and ICSI.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.

Univ. of TehranAdv. topics in Computer Network1 Advanced topics in Computer Networks University of Tehran Dept. of EE and Computer Engineering By: Dr.

1 Internet Routing. 2 Terminology Forwarding –Refers to datagram transfer –Performed by host or router –Uses routing table Routing –Refers to propagation.

1 Network Layer Lecture 13 Imran Ahmed University of Management & Technology.

1 Countering DoS Through Filtering Omar Bashir Communications Enabling Technologies

Interdomain Routing Security. How Secure are BGP Security Protocols? Some strange assumptions? – Focused on attracting traffic from as many Ases as possible.

Routing and Routing Protocols

1 Circuit switch controller: Routing and signaling Malathi Veeraraghavan University of Virginia Circuit switch –Routing –Signaling Difference in use of.

CS 4396 Computer Networks Lab BGP. Inter-AS routing in the Internet: (BGP)

Evolving Toward a Self-Managing Network Jennifer Rexford Princeton University

1 IEX8175 RF Electronics Avo Ots telekommunikatsiooni õppetool, TTÜ raadio- ja sidetehnika inst.

A Key Management Scheme for Distributed Sensor Networks Laurent Eschaenauer and Virgil D. Gligor.

Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved.

18-WAN Technologies and Dynamic routing Dr. John P. Abraham Professor UTPA.

Internet Traffic Engineering Motivation: –The Fish problem, congested links. –Two properties of IP routing Destination based Local optimization TE: optimizing.

Delivery and Forwarding Chapter 18 COMP 3270 Computer Networks Computing Science Thompson Rivers University.

K. Salah1 Security Protocols in the Internet IPSec.

Border Gateway Protocol. Intra-AS v.s. Inter-AS Intra-AS Inter-AS.

BGP Validation Russ White Rule11.us.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 Routing Working at a Small-to-Medium Business or ISP – Chapter 6.

Working at a Small-to-Medium Business or ISP – Chapter 6

Computer Networks Routing Algorithms.

Connecting an Enterprise Network to an ISP Network

NOX: Towards an Operating System for Networks

COS 561: Advanced Computer Networks

Introduction to Networking

Module Summary BGP is a path-vector routing protocol that allows routing policy decisions at the AS level to be enforced. BGP is a policy-based routing.

Department of Computer and IT Engineering University of Kurdistan

COS 461: Computer Networks Spring 2014

Working at a Small-to-Medium Business or ISP – Chapter 6

BGP Instability Jennifer Rexford

Presentation transcript:

Decoupling Policy from Mechanism in Internet Routing Alex C. Snoeren and Barath Raghavan University of California, San Diego

Mechanism vs. Policy Routing Mechanism  Path discovery for end-to-end connectivity  Hop-by-hop forwarding along a path Routing Policy  Deciding which routes to advertise For which destinations, to whom?  Determining which packets to forward Over what links, at what rate, for whom?

Wide-Area Routing Control Plane  Each AS computes paths to destinations using received advertisements Actual path selection based upon tuning parameters  Selectively exports routes to neighbors based upon business relationships Often changes/removes/rewrites tuning parameters Data Plane  Next hop selected according to local information Destination addresses, current router, arrival link, etc.  Possibly filter inappropriate traffic Drop traffic that “shouldn’t” be here

Some Current Frustrations BGP is extremely difficult to configure  Forced to use ‘assembly language’ to express mechanism and local business policy Poor performance  Recovery from failure can take a long time  Despite the existence of workable routes Poor flexibility  ASes can’t control routing outside of their network  Special-case modifications on human time-scales All symptoms of policy-mechanism link

Enforce all policies (only) while forwarding  We need some amount of filtering anyway  Removes complexity from control plane  Route discovery becomes policy neutral 8Could need lots of information at each router  Need descriptions of all applicable policies  Information required as input to policy decision Instead, compute policy decisions offline  Stamp each packet with a proof of compliance  Forwarding check reduces to stamp verification The Goal

Network Capabilities Verifiable attestation of policy compliance  Valid for a particular portion of the network  “Signed” by an authorized party  Designates a resource (billable) principal Capabilities are composable & transferable  Capabilities can be exchanged between entities  To use, need to bind to a particular packet  Packets can carry more than one capability

Capability Binding Authorization agent has a secret symmetric key, k, shared with routers in the region Define a per-capability secret, issued with c  s = MAC k (c) Compute a per-packet binding  B = MAC s (p) Routers can verify packet bindings  B’ = MAC MAC k (c) (p)

Platypus For now, loose source routing is an out  Capabilities to attest to policy compliance  (We don’t handle route discovery) Allow Intra-AS traffic engineering  Each ISP engineers its own network  ISPs can decide granularity of control Support accountability & (gasp!) billing  Capabilities identify a resource principal

Efficient Overlay Construction A B C R3 R1R2 R5R6 R4 R7 R8

Intra-AS Router Variation AS3549 (GBLX)  Lulea, Sweden, delay (msec) Anaheim, CA  AS3549 (GBLX), delay (msec) West Coast Mid West East Coast Western Europe

Intra-AS Router Variation AS3549 (GBLX)  Intel Berkeley, delay (msec) UCSD  AS3549 (GBLX), delay (msec) West Coast Mid West East Coast Western Europe

Ongoing work Capability Distribution  Broadcast encryption  Lightweight capability revocation Performance  Flow-based authentication  Probabilistic verification Accounting  Hierarchical resource principal naming  Distributed token buckets  Windowed Bloom filters?