Verifying Policy-based Routing at Internet Scale

Routing policy configuration plays a crucial role in determining the path that network traffic takes to reach a destination. Network administrators/operators typically decide the routing policy for their networks/routers independently. The paths/routes resulted from these independently configured routing policies might not necessarily meet the intent of the network administrators/operators. Even the very basic networkwide properties of the routing policies such as reachability between a pair of nodes need to be verified.In this paper, we propose a scheme that characterizes routingpolicy verification problems into a Satisfiability Modulo Theories (SMT) problems. The key idea is to formulate the SMT model in a policy-aware manner so as to reduce/eliminate the mutual dependencies between variables as much as possible. Further, we reduce the size of the generated SMT model through pruning. We implement and evaluate the policy-aware model through an outof-box SMT solver. The experimental results show that the policyaware model can reduce the time it takes to perform verification by as much as 100x even under a modest topology size. It takes only a few minutes to answer a query for a topology containing tens of thousands of nodes.

[1]  Ratul Mahajan,et al.  Fast Control Plane Analysis Using an Abstract Representation , 2016, SIGCOMM.

[2]  Randy Bush,et al.  iSPY: Detecting IP Prefix Hijacking on My Own , 2008, IEEE/ACM Transactions on Networking.

[3]  Carolyn L. Talcott,et al.  A reduction-based approach towards scaling up formal analysis of internet configurations , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[4]  Joan Feigenbaum,et al.  A new approach to interdomain routing based on secure multi-party computation , 2012, HotNets-XI.

[5]  Naoki Tateishi,et al.  A Method to Detect Prefix Hijacking by Using Ping Tests , 2008, APNOMS.

[6]  Farnam Jahanian,et al.  Internet inter-domain traffic , 2010, SIGCOMM '10.

[7]  Carolyn L. Talcott,et al.  Analyzing BGP Instances in Maude , 2011, FMOODS/FORTE.

[8]  Sheng Zhong,et al.  Privacy-Preserving Cross-Domain Routing Optimization - A Cryptographic Approach , 2015, 2015 IEEE 23rd International Conference on Network Protocols (ICNP).

[9]  Aditya Akella,et al.  Tiramisu: Fast and General Network Verification , 2019, ArXiv.

[10]  Ratul Mahajan,et al.  Control plane compression , 2018, SIGCOMM.

[11]  Paul Francis,et al.  A study of prefix hijacking and interception in the internet , 2007, SIGCOMM '07.

[12]  Nikolaj Bjørner,et al.  Z3: An Efficient SMT Solver , 2008, TACAS.

[13]  James Won-Ki Hong,et al.  IP prefix hijacking detection using the collection of as characteristics , 2011, 2011 13th Asia-Pacific Network Operations and Management Symposium.

[14]  Carolyn L. Talcott,et al.  Reduction-Based Formal Analysis of BGP Instances , 2012, TACAS.

[15]  Patrick D. McDaniel,et al.  Toward Valley-Free Inter-domain Routing , 2007, 2007 IEEE International Conference on Communications.

[16]  Limin Jia,et al.  FSR: Formal Analysis and Implementation Toolkit for Safe Interdomain Routing , 2011, IEEE/ACM Transactions on Networking.

[17]  Dario Rossi,et al.  Violation of Interdomain Routing Assumptions , 2014, PAM.

[18]  George Varghese,et al.  Efficient Network Reachability Analysis Using a Succinct Control Plane Representation , 2016, OSDI.

[19]  Amogh Dhamdhere,et al.  The Internet is flat: modeling the transition from a transit hierarchy to a peering mesh , 2010, CoNEXT.

[20]  Michael D. Ernst,et al.  Scalable verification of border gateway protocol configurations with an SMT solver , 2016, OOPSLA.

[21]  Sharon Goldberg,et al.  A survey of interdomain routing policies , 2013, CCRV.

[22]  A. Dammer How Secure are Secure Interdomain Routing Protocols , 2011 .

[23]  Alberto Dainotti,et al.  ARTEMIS: Neutralizing BGP Hijacking Within a Minute , 2018, IEEE/ACM Transactions on Networking.

[24]  Bernhard Ager,et al.  A Comparative Look into Public IXP Datasets , 2016, CCRV.

[25]  Marco Chiesa,et al.  Computational complexity of traffic hijacking under BGP and S-BGP , 2012, Theor. Comput. Sci..

[26]  Kang G. Shin,et al.  Internet routing resilience to failures: analysis and implications , 2007, CoNEXT '07.

[27]  Anja Feldmann,et al.  Anatomy of a large european IXP , 2012, SIGCOMM '12.

[28]  Ratul Mahajan,et al.  A General Approach to Network Configuration Verification , 2017, SIGCOMM.

[29]  Sharon Goldberg,et al.  Rationality and traffic attraction: incentives for honest path announcements in bgp , 2008, SIGCOMM '08.

[30]  Ítalo S. Cunha,et al.  Investigating Interdomain Routing Policies in the Wild , 2015, Internet Measurement Conference.

[31]  Zongpeng Li,et al.  The Flattening Internet Topology: Natural Evolution, Unsightly Barnacles or Contrived Collapse? , 2008, PAM.

[32]  Scott Shenker,et al.  Privacy-Preserving Interdomain Routing at Internet Scale , 2017, Proc. Priv. Enhancing Technol..

[33]  Lixin Gao,et al.  Stable Internet routing without global coordination , 2000, SIGMETRICS '00.

[34]  Gabi Nakibly,et al.  Analyzing Internet Routing Security Using Model Checking , 2015, LPAR.