Reliable internet routing

Network routing algorithms responsible for selecting paths to destinations have a profound impact on network reliability experienced by the network users. Unfortunately, performance of state-of-the-art routing algorithms often falls short of users' expectations. (i) The flexibility with which operators of independently administered networks can choose their routing policies allows them to make selections that are "conflicting" and may lead to route oscillations. Oscillating routes have a negative impact on performance experienced by the user, and also cause overloading of the routers with control messages. (ii) Interdomain routing in the Internet is based on trust. As a result, false route announcements can be made by a malicious network operator. Such false announcements can be made even without knowledge of the network operator, e.g., due to accidentally misconfigurations or router hijacking. False route announcements may lead to denial of service, or worse yet, traffic can be intercepted without detection of both the sender and recipient. (iii) Even if network routes are stable and secure, unexpected equipment failures may cause performance degradation. It is difficult to pre-configure current routing protocols with all possible failures in mind, and not enough flexibility is offered to balance load in the network evenly. This thesis addresses these three challenging problems. (i) We provide a new theoretical model of interdomain routing and derive the necessary and sufficient conditions that determine which policy combinations lead to route oscillations. Moreover, we also provide a practical polynomial-time algorithm that allows network operators to verify the existence of such conflicts. (ii) To secure routing against malicious attacks, we offer a new secure routing protocol that, unlike earlier attempts, is incrementally deployable. Our solution can protect both participants and non-participants if as few as 5–10 independently administered domains deploy our solution. (iii) To handle traffic engineering in the presence of failures, we propose a new architecture that optimizes load balancing for a wide range of failure scenarios. Our architecture supports flexible splitting of traffic over multiple precomputed paths, with efficient path-level failure detection and automatic load balancing over the remaining paths. Collectively, the contributions of the dissertation provide tools that improve routing reliability and as a result network performance perceived by the user.

[1]  Gordon T. Wilfong,et al.  The stable paths problem and interdomain routing , 2002, TNET.

[2]  Davor Obradovic,et al.  Real-time model and convergence time of BGP , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[3]  Dave Katz,et al.  Bidirectional Forwarding Detection (BFD) , 2010, RFC.

[4]  Giuseppe Di Battista,et al.  How Stable is Stable in Interdomain Routing: Efficiently Detectable Oscillation-Free Configurations , 2008 .

[5]  Nick McKeown,et al.  OpenFlow: enabling innovation in campus networks , 2008, CCRV.

[6]  Hervé Rivano,et al.  Shared Risk Resource Group Complexity and Approximability Issues , 2007, Parallel Process. Lett..

[7]  Ravishanker Chandra,et al.  BGP Route Reflection An alternative to full mesh IBGP , 1996, RFC.

[8]  John Moy,et al.  OSPF Version 2 , 1998, RFC.

[9]  Evangelos Kranakis,et al.  On interdomain routing security and pretty secure BGP (psBGP) , 2007, TSEC.

[10]  Jennifer Rexford,et al.  Autonomous security for autonomous systems , 2008, Comput. Networks.

[11]  Yih-Chun Hu,et al.  SPV: secure path vector routing for securing BGP , 2004, SIGCOMM 2004.

[12]  Lixin Gao,et al.  Detecting bogus BGP route information: Going beyond prefix hijacking , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.

[13]  Ted Hardie,et al.  Distributing Authoritative Name Servers via Shared Unicast Addresses , 2002, RFC.

[14]  Gordon T. Wilfong,et al.  An analysis of BGP convergence properties , 1999, SIGCOMM '99.

[15]  Albert G. Greenberg,et al.  VL2: a scalable and flexible data center network , 2009, SIGCOMM '09.

[16]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[17]  Jennifer Rexford,et al.  Don't Secure Routing Protocols, Secure Data Delivery , 2006, HotNets.

[18]  Richard M. Karp,et al.  Reducibility Among Combinatorial Problems , 1972, 50 Years of Integer Programming.

[19]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocols , 2006, SIGMETRICS '06/Performance '06.

[20]  Daniel Massey,et al.  PHAS: A Prefix Hijack Alert System , 2006, USENIX Security Symposium.

[21]  Nick Feamster,et al.  Implications of Autonomy for the Expressiveness of Policy Routing , 2005, IEEE/ACM Transactions on Networking.

[22]  Eric C. Rosen,et al.  Multiprotocol Label Switching Architecture , 2001, RFC.

[23]  Minlan Yu,et al.  Virtually eliminating router bugs , 2009, CoNEXT '09.

[24]  Gordon T. Wilfong,et al.  Analysis of the MED oscillation problem in BGP , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[25]  Charles Lynn,et al.  Secure Border Gateway Protocol (Secure-BGP) , 2000 .

[26]  Alia Atlas,et al.  Fast Reroute Extensions to RSVP-TE for LSP Tunnels , 2005, RFC.

[27]  Yanghee Choi,et al.  A constrained multipath traffic engineering scheme for MPLS networks , 2002, 2002 IEEE International Conference on Communications. Conference Proceedings. ICC 2002 (Cat. No.02CH37333).

[28]  Jennifer Rexford,et al.  BGP routing policies in ISP networks , 2005, IEEE Network.

[29]  Zhuoqing Morley Mao,et al.  Accurate Real-time Identification of IP Prefix Hijacking , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[30]  Amund Kvalbein,et al.  Multipath load-adaptive routing: putting the emphasis on robustness and simplicity , 2009, 2009 17th IEEE International Conference on Network Protocols.

[31]  Stewart E. Miller,et al.  Optical Fiber Telecommunications , 1979 .

[32]  Hao Che,et al.  End-to-End Optimal Algorithms for Integrated QoS, Traffic Engineering, and Failure Recovery , 2007, IEEE/ACM Transactions on Networking.

[33]  Gordon T. Wilfong,et al.  Policy disputes in path-vector protocols , 1999, Proceedings. Seventh International Conference on Network Protocols.

[34]  Lixin Gao,et al.  Stable Internet routing without global coordination , 2000, SIGMETRICS '00.

[35]  Timothy G. Griffin,et al.  The stratified shortest-paths problem , 2010, COMSNETS 2010.

[36]  Wai Sum Lai,et al.  Traffic engineering for MPLS , 2002, SPIE ITCom.

[37]  Giuseppe Di Battista,et al.  wheel + ring = reel: the impact of route filtering on the stability of policy routing , 2009, 2009 17th IEEE International Conference on Network Protocols.

[38]  Tzi-cker Chiueh,et al.  Viking: a multi-spanning-tree Ethernet architecture for metropolitan area and cluster networks , 2004, IEEE INFOCOM 2004.

[39]  João L. Sobrinho,et al.  An algebraic theory of dynamic network routing , 2005, IEEE/ACM Transactions on Networking.

[40]  Yin Zhang,et al.  R3: resilient routing reconfiguration , 2010, SIGCOMM '10.

[41]  Jeffrey C. Mogul,et al.  SPAIN: COTS Data-Center Ethernet for Multipathing over Arbitrary Topologies , 2010, NSDI.

[42]  Amin Vahdat,et al.  PortLand: a scalable fault-tolerant layer 2 data center network fabric , 2009, SIGCOMM '09.

[43]  Mateusz Zotkiewicz,et al.  On the complexity of resilient network design , 2010, Networks.

[44]  Hao Che,et al.  Adaptive control algorithms for decentralized optimal traffic engineering in the Internet , 2004, IEEE/ACM Transactions on Networking.

[45]  Philip Smith,et al.  RIPE Routing Working Group Recommendations on Route Aggregation , 2006 .

[46]  T. L. Schwartz The Logic of Collective Action , 1986 .

[47]  Chonggang Wang,et al.  Reliable Adaptive Multipath Provisioning with Bandwidth and Differential Delay Constraints , 2010, 2010 Proceedings IEEE INFOCOM.

[48]  Yanghee Choi,et al.  Dynamic constrained multipath routing for MPLS networks , 2001, Proceedings Tenth International Conference on Computer Communications and Networks (Cat. No.01EX495).

[49]  It Informatics,et al.  Border Gateway Protocol , 2013 .

[50]  Dongmei Wang,et al.  Efficient Distributed Bandwidth Management for MPLS Fast Reroute , 2008, IEEE/ACM Transactions on Networking.

[51]  Ratul Mahajan,et al.  Understanding BGP misconfiguration , 2002, SIGCOMM '02.

[52]  Piet Demeester,et al.  Network Recovery: Protection and Restoration of Optical, SONET-SDH, IP, and MPLS , 2004 .

[53]  Dan Pei,et al.  A light-weight distributed scheme for detecting ip prefix hijacks in real-time , 2007, SIGCOMM '07.

[54]  Antonio Nucci,et al.  IGP Link Weight Assignment for Operational Tier-1 Backbones , 2007, IEEE/ACM Transactions on Networking.

[55]  Z. Morley Mao,et al.  Accurate Real-time Identication of IP Prex Hijacking , 2007 .

[56]  Murali S. Kodialam,et al.  Dynamic routing of restorable bandwidth-guaranteed tunnels using aggregated network resource usage information , 2003, TNET.

[57]  Jennifer Rexford,et al.  A Pluralist Approach to Interdomain Communication Security , 2007 .

[58]  Katerina J. Argyraki,et al.  RouteBricks: exploiting parallelism to scale software routers , 2009, SOSP '09.

[59]  Philip Hunter Pakistan YouTube block exposes fundamental Internet security weakness , 2008 .

[60]  Jennifer Rexford,et al.  Inherently safe backup routing with BGP , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[61]  Mikkel Thorup,et al.  Optimizing OSPF/IS-IS weights in a changing world , 2002, IEEE J. Sel. Areas Commun..

[62]  Martín Casado,et al.  Dynamic route recomputation considered harmful , 2010, CCRV.

[63]  Christos H. Papadimitriou,et al.  The complexity of game dynamics: BGP oscillations, sink equilibria, and beyond , 2008, SODA '08.

[64]  Vishal Sharma,et al.  Framework for Multi-Protocol Label Switching (MPLS)-based Recovery , 2003, RFC.

[65]  Chen-Nee Chuah,et al.  Characterization of Failures in an Operational IP Backbone Network , 2008, IEEE/ACM Transactions on Networking.

[66]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[67]  Vijay Ramachandran,et al.  Design principles of policy languages for path vector protocols , 2003, SIGCOMM '03.

[68]  R. Braden,et al.  Resource reSer Vation Protocol (RSVP) , 1997 .

[69]  John W. Stewart,et al.  BGP4 : inter-domain routing in the Internet , 1998 .

[70]  Yu Liu,et al.  Approximating optimal spare capacity allocation by successive survivable routing , 2001, IEEE/ACM Transactions on Networking.

[71]  John E. Hopcroft,et al.  The Directed Subgraph Homeomorphism Problem , 1978, Theor. Comput. Sci..

[72]  Cheng Jin,et al.  MATE: MPLS adaptive traffic engineering , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[73]  Bijan Jabbari,et al.  Analytical framework for dynamic traffic partitioning in MPLS networks , 2000, 2000 IEEE International Conference on Communications. ICC 2000. Global Convergence Through Communications. Conference Record.

[74]  Nick G. Duffield,et al.  Trajectory sampling for direct traffic observation , 2001, TNET.

[75]  Michael Schapira,et al.  Searching for Stability in Interdomain Routing , 2009, IEEE INFOCOM 2009.

[76]  Adrian Perrig,et al.  Modeling adoptability of secure BGP protocol , 2006, SIGCOMM 2006.

[77]  Jianping Wang,et al.  Traffic Engineering with AIMD in MPLS Networks , 2002, Protocols for High-Speed Networks.

[78]  Wei Sun,et al.  Differentiated BGP Update Processing for Improved Routing Convergence , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[79]  Jennifer Rexford,et al.  There's something about MRAI: Timing diversity can exponentially worsen BGP convergence , 2011, 2011 Proceedings IEEE INFOCOM.

[80]  R. Cornes,et al.  The theory of externalities, public goods, and club goods: Externalities and private information , 1996 .

[81]  Mikkel Thorup,et al.  Increasing Internet Capacity Using Local Search , 2004, Comput. Optim. Appl..

[82]  Hiroyuki Saito,et al.  Traffic engineering using multiple multipoint-to-point LSPs , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[83]  Brighten Godfrey,et al.  YAMR: yet another multipath routing protocol , 2010, CCRV.

[84]  Daniel Massey,et al.  An analysis of BGP multiple origin AS (MOAS) conflicts , 2001, IMW '01.

[85]  Srikanth Kandula,et al.  Walking the tightrope: responsive yet stable traffic engineering , 2005, SIGCOMM '05.

[86]  M. Olson,et al.  The Logic of Collective Action , 1965 .