Presentation is loading. Please wait.

Presentation is loading. Please wait.

L. Cittadini, G. Di Battista, M. Rimondini, S. Vissicchio

Published byAngela Gordon Modified over 6 years ago

Similar presentations

Presentation on theme: "L. Cittadini, G. Di Battista, M. Rimondini, S. Vissicchio"— Presentation transcript:

1 Wheel + Ring = Reel: the Impact of Route Filtering on the Stability of Policy Routing
L. Cittadini, G. Di Battista, M. Rimondini, S. Vissicchio Roma Tre University

2 Background: Routing Policies
What does a routing policy look like? It boils down to route filtering route ranking A simple BGP policy might look like this ip as-path access-list 1 deny _31337_ ip as-path access-list 1 permit .*$ route-map myPolicy permit 10 match as-path 1 set local-preference 120 route Filtering route Ranking

3 Autonomy and Expressiveness
BGP provides the expressiveness to specify arbitrary rankings and filters ASes can autonomously specify their routing policies Consequence: BGP policies can [GriffinShepherdWilfong02] and do [Carlzon06, Berger01] lead to oscillations Problem assume that ASes preserve complete autonomy and filtering expressiveness how expressive can rankings be? AKA Safety Under Filtering (SUF) problem [FeamsterJohariBalakrishnan05]

4 Definitions and State of the Art
Safety a BGP configuration is safe if it is free from oscillations a sufficient condition for safety (“no dispute wheel”) is given in [GriffinShepherdWilfong99,02] Safety under Filtering (SUF) a BGP configuration is SUF if it is safe under any combination of routing filters a necessary condition for SUF (“no dispute ring”) is given in [FeamsterJohariBalakrishnan05]

5 The “big picture” NO DW SUF SAFE HAS A STABLE STATE NO Dispute Ring Motivation: Fill the large gap between known necessary and sufficient conditions for stability

6 Our Contributions a characterization for SUF
we bind SUF to a particular structure (Dispute Reel) which depends only on the policies and the network topology does not depend on protocol dynamics a proof that robustness does not imply SUF robustness is safety under any link failures filters are more dangerous than link failures! a debugging technique for multiple stable states multiple stable states imply unsafety [SamiSchapiraZohar09] given two stable states, it is possible find a DR i.e., pinpoint the trouble points in the configuration

7 The new “big picture” HAS A STABLE STATE NO DW SAFE NO DISPUTE REEL SUF Filthy Gadget ROBUST NO Dispute Ring Deeper understanding of the interplay between autonomy, expressiveness, and stability

8 The Model: SPP BGP peerings are represented by a graph
the destination prefix is originated by special node 0 BGP policies are encoded in lists of paths paths that do not appear in a list have been filtered the list is ordered according to route rankings 140 10 20 210 1 2 40 410 4320 4 3 320

9 Wheels A Dispute Wheel is a cyclic structure of preferences
the structure is made of pivot nodes each pivot has a direct route each pivot has a route via its successor each pivot prefers the route via its successor to the direct route RU Qv QU Spoke Path Rim Path U Ru W Qu V Qv Pivot Node No Dispute Wheel => SUF [GriffinShepherdWilfong99,02]

10 Ideal vs Real Wheels When we think about a DW, we imagine it to be clean and simple Actually, a DW in a BGP configuration could be quite complex e.g., intersections between spoke/rim paths

11 Rings A Dispute Ring is a DW such that each node appears only once in the wheel SUF => No Dispute Ring [FeamsterJohariBalakrishnan05] Intuition meet in the middle to characterize SUF right! too complex too simple

12 Wheel + Ring = Reel A Dispute Reel (DR) is a particular kind of DW and a generalization of a Dispute Ring. A DR is a DW such that Pivot vertices appear in exactly three paths Spoke and rim paths do not intersect Spoke paths form a tree only intersections among rim paths are allowed A DW that does not satisfy these conditions does not pose stability problems

13 Roadmap to characterization
Theorem (5.1): No DR => SUF (not shown in this presentation) an oscillation implies a DW having special properties [GriffinShepherdWilfong02] such a DW is (or contains) a DR Theorem (4.1): Existence of a DR => Not SUF we first apply filters to the network then we show a routing oscillation

14 DR => Not SUF The proof is based on two different “types” of routing oscillations synchronous oscillations for DR having 2 pivots asynchronous oscillations for DR with >2 pivots

15 DRs with only 2 pivots Lemma (4.1): A DR consisting of two pivots can oscillate filter any path that does not appear in the DR synchronous oscillation U V

16 DRs with >2 pivots Lemma (4.3): A DR with >2 pivots can oscillate filter any path that does not appear in the DR asynchronous oscillation u x v y

17 Did I say “easy”? Spoke paths of DRs have a simple tree structure
Rim paths, instead, can be complex Ui+2 Ui Ui+1 When a DR has arbitrarily complex rim paths, showing an oscillation is not trivial

18 Some gory details What if a DR with 2 pivots has intersections between rim paths? this prevents the synchronous oscillation! Lemma (4.2): if there exists a DR with 2 pivots then there is a DR with 2 pivots and no intersections between rim paths What if a DR with >2 pivots is such that the announcement of a pivot cannot reach the next one (e.g., due to routing preferences)? this prevents the asynchronous oscillation! Lemma (4.4): in this case, we can find another DR having only 2 pivots

19 Multiple stable states
Multiple stable states (e.g., BGP wedgies) imply the presence of a DR (Theorem 4.2) as a consequence, the network is provably not SUF If we are given two stable states then we can find a DW [GriffinShepherdWilfong02] we show that this DW is actually a DR as such, it does pose stability problems that is, it is possible to pinpoint trouble points in the network (pivot nodes of the DR) just by analyzing the routing tables, no need to know the routing policies analysis takes linear time

20 Filters vs Cable Cuts SUF trivially implies Robustness (i.e., stability under arbitrary link faults) The converse does not hold this network (“Filthy-Gadget”) is robust but is not SUF misconfigured filters are worse than cable cuts! X 2 3 1 1XY20 10 230 20 3ZX40 30 Y Z 4 X40 XY20 4YZ10 40 Y230 Y20 YZ10 Z10 ZX40

21 Conclusions Step forward in BGP formal analysis Practical implication
Characterization for SUF SUF bound to a structure of routing policies such a property does not depend on network dynamics Robustness does not imply SUF NOCs might be more dangerous than scissors Practical implication Easy to find trouble points given multiple stable states without knowledge of the policies Future Work How hard is finding a DR in a BGP configuration? Implications on iBGP?

Download ppt "L. Cittadini, G. Di Battista, M. Rimondini, S. Vissicchio"

Similar presentations

ABSTRACT Due to the Internets sheer size, complexity, and various routing policies, it is difficult if not impossible to locate the causes of large volumes.

ABSTRACT Due to the Internets sheer size, complexity, and various routing policies, it is difficult if not impossible to locate the causes of large volumes.
Path Splicing with Network Slicing

Path Splicing with Network Slicing
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
The Connectivity and Fault-Tolerance of the Internet Topology

The Connectivity and Fault-Tolerance of the Internet Topology
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
Does BGP Solve the Shortest Paths Problem? Timothy G. Griffin Joint work with Bruce Shepherd and Gordon Wilfong Bell Laboratories, Lucent Technologies.

Does BGP Solve the Shortest Paths Problem? Timothy G. Griffin Joint work with Bruce Shepherd and Gordon Wilfong Bell Laboratories, Lucent Technologies.
Part IV BGP Modeling. 2 BGP Is Not Guaranteed to Converge!  BGP is not guaranteed to converge to a stable routing. Policy inconsistencies can lead to.

Part IV BGP Modeling. 2 BGP Is Not Guaranteed to Converge!  BGP is not guaranteed to converge to a stable routing. Policy inconsistencies can lead to.
Putting BGP on the Right Path: A Case for Next-Hop Routing Michael Schapira Joint work with Yaping Zhu and Jennifer Rexford (Princeton University)

Putting BGP on the Right Path: A Case for Next-Hop Routing Michael Schapira Joint work with Yaping Zhu and Jennifer Rexford (Princeton University)
1 Interdomain Routing and Games Hagay Levin, Michael Schapira and Aviv Zohar The Hebrew University.

1 Interdomain Routing and Games Hagay Levin, Michael Schapira and Aviv Zohar The Hebrew University.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
SCHOOL OF INFORMATION UNIVERSITY OF MICHIGAN si.umich.edu Searching for Stability in Interdomain Routing Rahul Sami (University of Michigan) Michael Schapira.

SCHOOL OF INFORMATION UNIVERSITY OF MICHIGAN si.umich.edu Searching for Stability in Interdomain Routing Rahul Sami (University of Michigan) Michael Schapira.
Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.

Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.
Inferring Autonomous System Relationships in the Internet Lixin Gao.

Inferring Autonomous System Relationships in the Internet Lixin Gao.
Part II: Inter-domain Routing Policies. March 8, 20042 What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!

Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!
Distributed Route Aggregation on the Global Network (DRAGON) João Luís Sobrinho 1 Laurent Vanbever 2, Franck Le 3, Jennifer Rexford 2 1 Instituto Telecomunicações,

Distributed Route Aggregation on the Global Network (DRAGON) João Luís Sobrinho 1 Laurent Vanbever 2, Franck Le 3, Jennifer Rexford 2 1 Instituto Telecomunicações,
STABLE PATH PROBLEM Presented by: Sangeetha A. J. Based on The Stable Path Problem and Interdomain Routing Timothy G. Griffin, Bruce Shepherd, Gordon Wilfong.

STABLE PATH PROBLEM Presented by: Sangeetha A. J. Based on The Stable Path Problem and Interdomain Routing Timothy G. Griffin, Bruce Shepherd, Gordon Wilfong.
BGP Safety with Spurious Updates Martin Suchara in collaboration with: Alex Fabrikant and Jennifer Rexford IEEE INFOCOM April 14, 2011.

BGP Safety with Spurious Updates Martin Suchara in collaboration with: Alex Fabrikant and Jennifer Rexford IEEE INFOCOM April 14, 2011.
Towards a Lightweight Model of BGP Safety Matvey Arye Princeton University Joint work with: Rob Harrison, Richard Wang, Jennifer Rexford (Princeton) Pamela.

Towards a Lightweight Model of BGP Safety Matvey Arye Princeton University Joint work with: Rob Harrison, Richard Wang, Jennifer Rexford (Princeton) Pamela.
1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:

1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:
1 Policy Disputes in Path-Vector Protocols A Safe Path-Vector Protocol Zacharopoulos Dimitris

1 Policy Disputes in Path-Vector Protocols A Safe Path-Vector Protocol Zacharopoulos Dimitris

Similar presentations

Ads by Google