Métaroutage L’école d’été RÉSCOM 2007 Calcotoggio, Corse, 21 Juin

Tutorial Outline Motivation : shortage of routing protocols Review of Metarouting paper [GS_MR] Open problems –Expressive power of “abstract metalanguage” –User-oriented languages –Compilation –Forwarding –Other applications? MANET routing.

Architecture of Dynamic Routing AS 1 AS 2 EGP (= BGP) EGP = Exterior Gateway Protocol IGP = Interior Gateway Protocol Metric based: OSPF, IS-IS, RIP, EIGRP (cisco) Policy based: BGP The Routing Domain of BGP is the entire Internet IGP

Topology information is flooded within the routing domain Best end-to-end paths are computed locally at each router. Best end-to-end paths determine next-hops. Based on minimizing some notion of distance Works only if policy is shared and uniform Examples: OSPF, IS-IS Each router knows little about network topology Only best next-hops are chosen by each router for each destination network. Best end-to-end paths result from composition of all next-hop choices Does not require any notion of distance Does not require uniform policies at all routers Examples: RIP, BGP Link StateVectoring Technology of Distributed Routing

The Gang of Four Link StateVectoring EGP IGP BGP RIP IS-IS OSPF BGP !!

The Joy of Interdomain Routing A B C RBNet AT&T Cable & Wireless CAIS Above Net Telefonica A = HP Palo Alto B =Intel Berkeley C =Moscow State U A B C 257 ms 201 ms 4 ms

The Problem Small number of routing protocols Design, implementation, deployment, standardization  long, slow process BGP is being pressed into service as an IGP –No convergence guarantees –BGP Wedgies (RFC 4264) Endless stream of BGP extensions –Cost Communities –Use of BGP for VPN routing (RFC 2547)

What is a BGP Wedgie? [RFC 4264] BGP policies make sense locally Interaction of local policies allows multiple stable routings Some routings are consistent with intended policies, and some are not –If an unintended routing is installed (BGP is “wedged”), then manual intervention is needed to change to an intended routing When an unintended routing is installed, no single group of network operators has enough knowledge to debug the problem The half wedgie The full wedgie

Half Wedgie Example AS 1 implements backup link by sending AS 2 a “depref me” community. AS 2 implements this community so that the resulting local pref is below that of routes from it’s upstream provider (AS 3 routes) AS 1 AS 2 AS 3AS 4 customer provider peer provider customer provider backup link primary link

And the Routings are… AS 1 AS 2 AS 3AS 4 Intended Routing AS 1 AS 2 AS 3AS 4 Unintended Routing Note: This is easy to reach from the intended routing just by “bouncing” the BGP session on the primary link. Note: this would be the ONLY routing if AS2 translated its “depref me” community to a “depref me” community of AS 3

Recovery AS 1 AS 2 AS 3AS 4 AS 1 AS 2 AS 3AS 4 AS 1 AS 2 AS 3AS 4 Bring down AS 1-2 sessionBring it back up! Requires manual intervention Can be done in AS 1 or AS 2

What the heck is going on? There is no guarantee that a BGP configuration has a unique routing solution. –When multiple solutions exist, the (unpredictable) order of updates will determine which one is wins. There is no guarantee that a BGP configuration has any solution! –And checking configurations NP-Complete –Lab demonstrations of BGP configs never converging Complex policies (weights, communities setting preferences, and so on) increase chances of routing anomalies. –… yet this is the current trend!

Load Balancing Example primary link for prefix P1 backup link for prefix P2 AS 1 AS 2 AS 3AS 4 provider peer provider customer AS 5 customer primary link for prefix P2 backup link for prefix P1 Simple session reset my not work!!

Can’t un-wedge with session resets! —2 down1—5 down 1—2 up1—5 up P2 wedged P1 wedged INTENDED Reset 1—2 Reset 1— BOTH P1 & P2 wedged 1—2 & 1—5 down —2 & 1—5 down all up Note that when bringing all up we could actually land the system in any one of the 4 stable states --- depends on message order….

Recovery —2 down1—5 down 1—2 up1—5 up P2 wedged P1 wedged INTENDED Temporarily filter P2 from 1—5 session Temporarily filter P1 from 1—2 session Who among us could figure this one out? When 1—2 is in New York and 1—5 is in Tokyo?

AS 1 AS 2 AS 3AS 4 customer provider peer provider customer provider primary link Full Wedgie Example AS 5 backup links AS 1 implements backup links by sending AS 2 and AS 5 a “depref me” communities. AS 2 implements its community so that the resulting local pref is below that of its upstream providers and it’s peers (AS 3 and AS 5 routes) AS 5 implements its community so that the resulting local pref is below its peers (AS 2) but above that of its providers (AS 3) customer peer

And the Routings are… AS 1 AS 2 AS 3AS 4 AS 5 AS 1 AS 2 AS 3AS 4 AS 5 Intended Routing Unintended Routing

Resetting 1—2 does not help!! AS 1 AS 2 AS 3AS 4 AS 5 AS 1 AS 2 AS 3AS 4 AS 5 Bring down AS 1-2 session Bring up AS 1-2 session

Recovery AS 1 AS 2 AS 3AS 4 AS 5 AS 1 AS 2 AS 3AS 4 AS 5 Bring down AS 1-2 session AND AS 1-5 session AS 1 AS 2 AS 3AS 4 AS 5 A lot of “non-local” knowledge is required to arrive at this recovery strategy! Try to convince AS 5 and AS 1 that their session has be reset (or filtered) even though it is not associated with an active route! Bring up AS 1-2 session AND AS 1-5 session

That Can’t happen in MY network!! AU++ AP EMEA LA NA An “normal” global global backbone (ISP or Corporate Intranet) implemented with 5 regional ASes

The Full Wedgie Example, in a new Guise AU EMEA NAAP LA Intended Routing for some prefixes in AU, implemented with communities. DOES THIS LOOK FAMILIAR?? Message: Same problems can arise with “traffic engineering” across regional networks.

The Problem Small number of routing protocols Design, implementation, deployment, standardization  long, slow process BGP is being pressed into service as an IGP –No convergence guarantees –BGP Wedgies (RFC 4264) Endless stream of BGP extensions –Cost Communities –Use of BGP for VPN routing (RFC 2547)

Is there a Betterer way?

Metarouting = Let Operators Decide We don't know how to define generic IGPs for every network ---- let the operators decide. We don't know how to define IBGPs for every network --- let the operators decide. We don't know how to fix EBGP or how to evolve it for changing requirements --- let the operators decide. Operators can decide, if only they are given the right tools.

Central Dogma How routes are described How routes are compared How policy is described How policy is applied Routing Protocol = Routing language + Routing Algorithms + Proof How routing solutions are computed How adjacencies are established and maintained … Does the protocol converge? Is resulting forwarding loop-free? …

Basic Thesis Allow the operator community to define routing languages and routing protocols that fit the needs of their networks (IGPs, IBGPs). Allow the operator community to standardize and evolve interdomain routing languages. Routing languages should not be hard-coded into protocols specifications and implementations.

How? Routing Protocol = Routing Language + Routing Algorithms + Proof Define a metalanguage for the specification of routing languages. This language must be carefully constructed to be highly expressiveness while at the same time allowing the automatic derivation of properties required for proofs. Standardize the metalanguage (IETF?) Standardize (IETF) and implement a generic (routing language Independent) set of algorithms such as BGP-like hard state path vector, RIP-like soft-state path-vector, OSPF-like link state flooding and generalized Dijkstra. Proofs are automated: simply match the derived properties of the metalanguage specification with the required properties of each algorithm used. LIBERATE NETWORK OPERATORS FROM THE IETF

Routing Algebras [JS_Alg] m + n m n Generalize Shortest Paths

Routing Algebras An ordered set of signatures is a set of policy labels Is the policy application function Note : the notations in this tutorial differ a bit from those in [JS_Alg, GS_MR].

Important Properties Non-decreasing Increasing (ND) (IN) Monotonicity (M) (SI) Strict Monotonicity

What makes these algorithms work? Generalized Dijkstra (Think Link State) –Correctness proof uses M, –Loop-freedom for hop-by-hop forwarding uses IN. Generalized Bellman-Ford (Vectoring) –Convergence proof uses IN, –Loop-freedom for hop-by-hop forwarding uses strict IN

An algebra for OSPF? (1, )   v   v)   (1,  v  ) (1,  v  ) (2, ) (2,  v  ) (2,  v  )  v   v)    v  v)     v  v)     v  v  v  v   v      = intra-area route = inter-area route = “normal” route, > = type I external, > = type II external (hand-coded from careful reading of RFC 2328 I’m not sure that it is correct, but that’s not the point….)

Routing Algebras are a good start, but… The algebraic framework does not, by itself, provide a way of constructing new and complex algebras. –Algebra definition is hard… –Proofs are tedious… –Modifications to an algebra’s definitions are difficult to manage…

Routing Algebra Meta-Language A ::= B (base algebras) | Op(A) (unary operator) | A Op A (binary operators) “Abstract syntax” for generating new Algebras Key innovation: automatically derive properties (ND, IN, …) of the algebra represented by an expression from properties of base algebras and preservation properties of operators Other goals –Simplicity –Expressiveness

Some Examples: Lexicographic Product

Property Preservation with Lex Product ND IN ND IN ND IN EQ,SM MM SM A design pattern: SM EQ All at least NDIN Don’t care! IN

Disjoint Label Union Same order Structure

Disjoint Union : Property Preservation ND IN ND IN ND IN ND IN M SI M SM M M M M M

Local Preference, Origin Preference (Always ND, M) (NOT NICE!)

BGP-like Partition internal external internal

Scoped Product

Scoped Product : Property Preservation IN ND IN ND IN These rules can be automatically derived

Area Product

Area Product : Property Preservation ND IN ND IN ND IN These rules can be automatically derived

Current work and Open Problems Current prototype implemented in Ocaml –Compilation : generating C code implementation –using Quagga and XORP code base Modeling –Forwarding, tunneling –Administrative distance –Protocol interaction –Protocol migration Design and implementation of routing metalanguage –Relational algebra vs. SQL Novel IGP design and testing What is the right mathematical setting for the metalanguage?

Quadrants Model of Algebraic Routing WORK IN PROGRESS

Languages for defining Languages A space of Routing Languages Routing Languages that can be expressed in a fixed meta-language Question: What is a good formalism for the space of routing languages?

Mind the Gap Maze Solving (1800’s) Shortest paths (1950’s) Semiring routing (1970’s …) BGP analysis (mid 1990’s  present) Sobrinho’s QoS Algebra (2002) Sobrinho’s Routing Algebra (2003) Metarouting. tgg & Sobrinho (2005)

3 Basic Structures Antisymmetric Total Bounded … commutative selective has identity element has absorbtive element … Blue = optional properties has identity closed under composition idempotent …

Two Approaches to Path Weight … Algebraic Functional …

Two Approaches to Path “Selection” AlgebraicOrdered weights

Quadrants Model BisemigoupOrder Semigroup Semigroup Transforms Order Trasforms

Coverage BisemigroupOrder Semigroup Semigroup Tranforms Order Transforms Vast literature on semiring routing, starting in 1970’s Non-commutative structures Monoid endomporphisms M. Minoux (1976) Sobrinho Routing Algebras. SIGCOMM Sobrinho QoS Algebras. ToN Ordered Semigroups

CRASH COURSE in Semigroups is a semigroup a nonempty set a binary operation This operation must be associative:

Semigroup Examples Boolean : Powerset : Free semigroup: Projections: is concatenation

Some (Optional) Properties Commutative ( comm ): Idempotent ( idem ): Selective ( sel ):

Special Elements (Optional) Neutral element Absorbing element If it exist, then it is unique. Note: if, then the semigroup is trivial,

Examples revisited Nameproperties commidemsel commidemsel commidem commidem sel

More Examples! min max min max Nameproperties commidemsel commidemsel commidemsel commidemsel comm

Natural Orders then If S is a commutative and idempotent,

Examples revisited Name

examples min max min max Name

Special Elements Neutral element: Absorbing element: From we get

Property Translations associativetransitive idempotentreflexive idempotent and commutativeanti-symmetric reflexive bounded selectivetotal

Cayley Maps

Include mappings in metalanguage …

… and property mappings

Acknowledgements John Billings Alex Gurney Samuel Hym Peter Sewell Joao Sobrinho Financial support thanks to

HELP WANTED 1 Studentship. 3 year PhD. 2 Post Doc Research Positions.

Suggested Reading (1) [JS_QoS] –"Algebra and Algorithms for QoS Path Computation and Hop-by- Hop Houting in the Internet," João L. Sobrinho. In Proc. IEEE INFOCOM 2001 –"Algebra and Algorithms for QoS Path Computation and Hop-by- Hop Routing in the Internet," João L. Sobrinho. IEEE/ACM Transactions on Networking, pp , August [JS_Alg] –“Network Routing with Path Vector Protocols: Theory and Applications” João L. Sobrinho. SIGCOMM 2003 –"An Algebraic Theory of Dynamic Network Routing," João L. Sobrinho. IEEE/ACM Transactions on Networking, pp , October [GS_MR] –Metarouting. Griffin & Sobrinho. SIGCOMM Metarouting project page:

Suggested Reading (2) Chapitre 1: Pré-semi-anneaux, semi-anneaux et dioïdes Chapitre 2: Propriétés combinatoires des (pré-)semi- anneaux Chapitre 3: Topologies des ensembles ordonnés Chapitre 4: Résolution de systèmes linéaires dans les dioïdes Chapitre 8: Répertoire de (pré)- semi-anneaux et dioïdes

END