SafeGuard: Safe Forwarding during Route Changes Ang Li†, Xiaowei Yang†, and David Wetherall‡ †Duke University ‡UW/Intel Research

Real-time Applications Require High Network Availability Even short periods of packet loss can degrade the service ▫Video pixelization ▫Poor voice quality ▫Slow gaming experience

Network Changes Lead to Massive Packet Losses TTL expiration Link congestion Packet Loss! No valid route Packet Loss! Re-converge! (Hundreds of ms~seconds)

Network Changes Happen Frequently Planned events ▫Maintenance, policy change, traffic engineering Unplanned events ▫Fiber cut, router bug, configuration error Sprint: median inter link failure time is only 3 minutes [Iannaccone02]

Problem How to reduce forwarding disruption after network changes happen? ▫Intra-domain routing SafeGuard goals ▫Simple  No new routing convergence protocols  Routers can update in parallel and independently ▫Effective  Minimize disruption period to the failure detection time ▫Efficient  Suitable for hardware implementation

Comparison with Related Work MechanismSimpleEffectiveEfficient Convergence-free Routing [Lakshminarayanan07] ×√× Consensus Routing [John08] ×√√ Ordered FIB Update [Francois07] ××√ Fast Rerouting [Shand08] √×√ SafeGuard √√√

Insight: a path’s cost encodes much valuable information in a concise form Use cost as a Safeguard 1.Packets carry path costs to detect network changes 2.Routers use path costs to identify safe alternative paths Key Idea Src Cost Dst IP Packet

Overview Forwarding Table: SV KA 639 DstNhopCost KASV4456 ……… SV KA 3161 Forwarding Table: DstNhopCost KADV1934 ……… Alternative Paths DB: DstNhopCost KALA3161 ……… SV KA 2795 Loop-free!

Challenges How to encode the costs such that alternative paths can be uniquely identified? ▫Loops may occur if wrong paths are chosen How to obtain the alternative paths prior to network changes? How to forward packets efficiently? D A B C D C C 2 2 A A Loop!

Enhance the Costs with Random Noises Append a fixed length noise to each link cost An enhanced path cost is the sum of enhanced link costs Regular costs and noises are added separately Different paths will have different enhanced path costs with high probability for practical scenarios … Regular link cost 10-bit random noise Enhanced link cost

Encode Costs in IP Packets … bit cost label 10-bit random noise src dst IP Packet 0 0 Escort bit 32-bit label to encode an enhanced path cost An extra escort bit to denote whether the packet is under protection Potential places to store the cost label and the escort bit ▫MPLS label ▫IP Option ▫Overload unused header fields

Pre-compute Alternative Paths Compute the shortest path after removing each single component ▫Single component: a link, node, or SRLG Stored in the Alternative Path Database (APD) ▫A mapping table from (dst, enhanced cost) to nexthop Update APD after each topology change ▫Background computation D A B C (1,3) (1,4) (1,7) (1,8) C, (2,7)  B

Add Costs to the Forwarding Table Add the enhanced shortest path cost for each destination ▫Obtained from the normal shortest path computation with minimum overhead Also add the enhanced shortest path cost from each of the nexthops to the destination ▫Used to update the outgoing packet costs DestinationNexthops DB, C …… Path cost (2, 7) … Nexthop costs B: (1, 4), C: (1,8) …

Forwarding Algorithm Forward by comparing both cost and destination Two modes of forwarding ▫Normal mode (escort bit == 0)  Packets can be forwarded along any of the ECMPs ▫Escort mode (escort bit == 1)  Packets are forwarded along the path uniquely identified by the packet cost

Normal Mode Forwarding Each router n i only compares its own regular cost n i.cost with the packet’s regular cost pkt.cost 1.n i.cost == pkt.cost  Forward to any default nexthop n i+1  Update the packet cost using n i+1 ’s enhanced cost nini n i+1 Incoming packet S S (cost,noise) D D 0 0

2. Higher Local Cost n i.cost > pkt.cost Router is aware of a failure/unaware of a restoration ▫Default shortest paths are still safe  Forward to any default nexthop n i+1  Update the packet cost using the n i+1 ’s cost  Turn on the escort bit nini n i+1 Incoming packet S S (cost,noise) D D 0 0

3. Lower Local Cost n i.cost < pkt.cost Router is unaware of a failure/aware of a restoration ▫Default shortest path is no longer safe  Lookup an alternative nexthop n’ i+1 from the APD using the full packet cost (pkt.cost, pkt.noise)  Forward to the alternative nexthop  Turn on the escort bit nini n’ i+1 Incoming packet S S (cost,noise) D D 0 0

Escort Mode Forwarding Always try to find a path with the exact enhanced packet cost ▫Default shortest path ▫Alternative path through APD lookup If not found, drop the packet ▫To prevent loops in case multiple concurrent failures happen nini n’ i+1 Incoming packet S S (cost,noise) D D 1 1

Loop-free Forwarding with ECMPs D A B C D (1,3)(1,4) (1,7) (1,8) C C 2 2 A A C C (2,7) A A 1 1 Loop-free!

SafeGuard Properties When network is steady, packets can reach their destinations through any of the ECMPs After one network element changes its status, a packet can still reach its destination ▫Not considering failure detection time ▫Assume enhanced costs are distinct A packet will not be trapped in a loop without being discarded

Evaluation Router performance ▫A prototype using NetFPGA and Quagga  Forwarding overhead is only 48ns  Practical memory and computational overhead ▫Suitable for hardware implementation ▫Details are in paper Network performance ▫Event-driven simulations under realistic settings ▫Comparison with the vanilla IP forwarding and a state- of-the-art IP fast restoration technique

SafeGuard Forwarding is Loop-Free Single link failure Two links failure Sprint topology from Rocketfuel Cumulative Fraction Flow Amplifying Factor SafeGuard + OSPF IP Fast Restoration Vanilla IP + OSPF Flow Amplifying Factor Cumulative Fraction SafeGuard + OSPF IP Fast Restoration Vanilla IP + OSPF

SafeGuard Minimizes Disruption Single link failure Failure happens Failure detected (~200ms) Packet Loss Rate Time (s) 0.5 SafeGuard + OSPF IP Fast Restoration Vanilla IP + OSPF

SafeGuard Does not Delay Convergence Convergence Time (s) link down link up node down node up 2 links down SafeGuard/Vanilla IP + OSPF IP Fast Restoration

Conclusion SafeGuard ▫Minimize disruption after network changes ▫Does not modify routing convergence Use costs as path hints ▫Detect network changes ▫Identify alternative paths Simple, effective, and efficient

Thank You! Questions and comments:

Noise Collision Suppose c paths have the same normal cost and each noise has k-bits, the collision probability is: ▫The birthday probability ▫Try different noise if collision exists k-bitCollision c=5

Simulation Parameters

Simulation Settings Realistic topologies and link costs ▫Real and inferred topologies from Rocketfuel ▫A random topology with asymmetrical link costs Practical OSPF configuration ▫Achieve fast convergence (sub-second) Comparisons ▫No protection: OSPF + vanilla IP forwarding ▫State-of-the-art: Ordered FIB update (oFIB) + NotVia

Practical Memory and Computation Overhead Protect all single link and node failures On average |APD| < 3 * |FIB| APD computation time < 100ms Topology# of FIB Entries# of APD EntriesAPD Computation Time (ms) Abilene Sprint Random

SafeGuard Forwarding is Loop-Free Update Type# of Tests Containing Loops Total # of Micro-loops Loop Duration (ms) AvgMaxMinStddev OSPF Link Failure Node Failure Link Up Node Up Two Link Failures oFIB Two Link Failures , tests with the Sprint topology

SafeGuard does not Increase Convergence Time

Convergence Time (s) link down link up node down node up 2 links down SafeGuard+OSPF IP Fast Restoration