Presentation is loading. Please wait.

Presentation is loading. Please wait.

GLOBECOM 2007 Exit Policy Violations in Multi-hop Overlay Routes Srinivasan Seetharaman, Mostafa Ammar Networking and Telecommunications Group College.

Published byAmice Greene Modified over 9 years ago

Similar presentations

Presentation on theme: "GLOBECOM 2007 Exit Policy Violations in Multi-hop Overlay Routes Srinivasan Seetharaman, Mostafa Ammar Networking and Telecommunications Group College."— Presentation transcript:

1 GLOBECOM 2007 Exit Policy Violations in Multi-hop Overlay Routes Srinivasan Seetharaman, Mostafa Ammar Networking and Telecommunications Group College of Computing Georgia Institute of Technology

2 GLOBECOM 2007 Objective of overlay layer: Offer better latency routes to end-systems But, what is assumed here? The overlay traffic is just a small fraction The underlying ASes do not object Colorado State Univ Harvard Univ Univ of NC 30 ms 24 ms 61 ms Typically in Service Overlays…

3 GLOBECOM 2007 Typically in Service Overlays… Objective of native layer: Enforce inter-domain policies Provider 1 Client 1 Client 1 A Client 2 Client 2 B Client 3 C Provider 2 Peer Legitimate native route Multi-hop overlay route Exit violation $ Transit violation $$ Unhappy Money Load

4 GLOBECOM 2007 Analyzed earlier Policy violation Deviation from legitimate route. Types of policy violation Exit violation: Change in the egress point somewhere downstream Transit violation: Violating the valley-free property of AS paths Exit violations can occur either at an intermediate AS or the source AS a host AS or a non-host AS. Definition of Policy Violations Transit violation

5 GLOBECOM 2007 Our goal Characterize the different forms of these violations Determine their extent in a realistic environment Investigate the level of performance degradation when ASes enforce policies by filtering overlay traffic Develop a mutually agreeable solution to mitigate violations

6 GLOBECOM 2007 Forms of Exit Policy Violation 1. Next hop AS violated 2. Exit router changed 3. Next hop AS violation elsewhere causing exit router violation 4. Exit router violation elsewhere causing next hop AS violation

7 GLOBECOM 2007 Topology: 58 geographically distributed Planetlab nodes (Univ + Commercial). This represents 3306 overlay paths Measurement steps: 1. Determine AS path of each overlay link (Rockettrace / traceroute for hop list + IP  AS mapping) 2. Determine overlay path based on shortest path algo (For Cost = latency, 56.6% overlay paths prefer relaying) 3. AS relationships inferred using Gao’s algorithm See: http://www.cc.gatech.edu/~srini/code Planetlab Overlay Measurements

8 GLOBECOM 2007 Only multi-hop paths are violating Extent of exit policy violations in multihop paths Each transit violation has a corresponding exit violation upstream Measurement Results Violation Type% paths Next hop AS violated72.05 Exit point violated15.63 Total87.68

9 GLOBECOM 2007 Only multihop overlay paths are violating No violation if the intermediate node is at a provider Extent of transit policy violations in multihop paths Measurement Results Violation Type% paths Provider-AS-Provider63.1 Provider-AS-Peer 2.4 Peer-AS-Provider 2.0 Peer-AS-Peer 2.4 Total69.9

10 GLOBECOM 2007 Policy Enforcement by Native Layer As ISPs become aware of the negative impact of overlays and commence filtering, this leads to drastic deterioration in overlay route performance commensurate with the number of ASes enforcing policy Penalty = Post-filtering latency Latency before filtering

11 GLOBECOM 2007 Overlay Service Provider (OSP) shares some of the cost incurred by the native layer  Adopts a combination of the following strategies for achieving good legitimate paths: 1. Obtain transit permit from certain AS for $T 2. Add new node to certain provider AS for $N 3. Obtain exit permit from certain AS for $E Resolving Conflict Cost-sharing approach Proposed earlier

12 GLOBECOM 2007 With no filtering, Illustration of Mitigation Strategy 31 21 32 22 1113 23 33 Cust-Prov relation Peering relation Transit violation AS hosting overlay node Tier-1 provider Tier-2 provider Stub customer Exit violation

13 GLOBECOM 2007 With filtering, we have no multi-hop paths Illustration of Mitigation Strategy (contd.) 31 21 32 22 1113 23 33 Cust-Prov relation Peering relation AS hosting overlay node Tier-1 provider Tier-2 provider Stub customer

14 GLOBECOM 2007 Option 1: Add new overlay node to provider AS 22 + Obtain exit permit from AS 31 Option 2: Obtain transit permit from stub AS 32 + Obtain exit permit from AS 31 Illustration of Mitigation Strategy (contd.) 31 21 32 22 1113 23 33 Cust-Prov relation Peering relation AS hosting overlay node Tier-1 provider Tier-2 provider Stub customer 22

15 GLOBECOM 2007 Objective of Mitigation Strategy For a certain budget, determine which ASes to obtain transit permit from to add new node to to obtain exit permit from … so as to achieve the best possible gain Gain = Native route latency – Overlay path latency Native route latency

16 GLOBECOM 2007 Skeleton of Greedy Algorithm Until total_cost < budget threshold, do Obtain transit permit from “certain” stub AS Obtain exit permit from AS with high # of exit violations exit permit fee Until total_cost < budget, do Add overlay node to “certain” upstream provider Obtain exit permit from AS with high # of exit violations exit permit fee

17 GLOBECOM 2007 Greedy Algorithm Until total_cost < budget threshold Obtain transit permits from stub ASes that have high betweenness transit fee Obtain exit permit from AS with highest # of exit violations exit permit fee Until total_cost < budget Add overlay nodes to upstream providers, starting with the overlay paths with highest gain new node fee Obtain exit permit from AS with highest # of exit violations exit permit fee

18 GLOBECOM 2007 Mitigation Results When all permit fee = P, new node fee = N Add new nodePermit

19 GLOBECOM 2007 Conclusions Overlay routing gains advantage by violating native layer policy As overlay applications and overlay traffic surge, the native layer policy violations have a bigger impact Our cost-sharing approach is a mutually agreeable solution to improve gain without causing violations.

Download ppt "GLOBECOM 2007 Exit Policy Violations in Multi-hop Overlay Routes Srinivasan Seetharaman, Mostafa Ammar Networking and Telecommunications Group College."

Similar presentations

Multihoming and Multi-path Routing

Multihoming and Multi-path Routing
Multihoming and Multi-path Routing

Multihoming and Multi-path Routing
LASTor: A Low-Latency AS-Aware Tor Client

LASTor: A Low-Latency AS-Aware Tor Client
Ningning HuCarnegie Mellon University1 Optimizing Network Performance In Replicated Hosting Peter Steenkiste (CMU) with Ningning Hu (CMU), Oliver Spatscheck.

Ningning HuCarnegie Mellon University1 Optimizing Network Performance In Replicated Hosting Peter Steenkiste (CMU) with Ningning Hu (CMU), Oliver Spatscheck.
1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)

1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)
Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.

Censorship Resistance: Decoy Routing Amir Houmansadr CS660: Advanced Information Assurance Spring 2015 Content may be borrowed from other resources. See.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.

By Hitesh Ballani, Paul Francis, Xinyang Zhang Slides by Benson Luk for CS 217B.
1 Internet Path Inflation Xenofontas Dimitropoulos.

1 Internet Path Inflation Xenofontas Dimitropoulos.
Part II: Inter-domain Routing Policies. March 8, 20042 What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!

Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!
Progress in inferring business relationships between ASs Dmitri Krioukov 4 th CAIDA-WIDE Workshop.

Progress in inferring business relationships between ASs Dmitri Krioukov 4 th CAIDA-WIDE Workshop.
Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.

Zhang Fu, Marina Papatriantafilou, Philippas Tsigas Chalmers University of Technology, Sweden 1 ACM SAC 2010 ACM SAC 2011.
Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada ISP-Friendly Peer Matching without ISP Collaboration Mohamed Hefeeda (Joint.

Mohamed Hefeeda 1 School of Computing Science Simon Fraser University, Canada ISP-Friendly Peer Matching without ISP Collaboration Mohamed Hefeeda (Joint.
On Multi-Path Routing Aditya Akella 03/25/02. What is Multi-Path Routing?  Dynamically route traffic Multiple paths to a destination Path taken dependant.

On Multi-Path Routing Aditya Akella 03/25/02. What is Multi-Path Routing?  Dynamically route traffic Multiple paths to a destination Path taken dependant.
1 Interdomain Routing Policy Reading: Sections 4.3.3 plus optional reading COS 461: Computer Networks Spring 2008 (MW 1:30-2:50 in COS 105) Jennifer Rexford.

1 Interdomain Routing Policy Reading: Sections plus optional reading COS 461: Computer Networks Spring 2008 (MW 1:30-2:50 in COS 105) Jennifer Rexford.
Wen Xu and Jennifer Rexford Princeton University MIRO : Multi-path Interdomain ROuting.

Wen Xu and Jennifer Rexford Princeton University MIRO : Multi-path Interdomain ROuting.
University of Massachusetts, Amherst 1 On the Evaluation of AS Relationship Inferences Jianhong Xia and Lixin Gao Department of Electrical and Computer.

University of Massachusetts, Amherst 1 On the Evaluation of AS Relationship Inferences Jianhong Xia and Lixin Gao Department of Electrical and Computer.
Inter-domain Routing Outline Border Gateway Protocol.

Inter-domain Routing Outline Border Gateway Protocol.
1 Content Distribution Networks. 2 Replication Issues Request distribution: how to transparently distribute requests for content among replication servers.

1 Content Distribution Networks. 2 Replication Issues Request distribution: how to transparently distribute requests for content among replication servers.

Similar presentations

Ads by Google