VIEWS: 11 PAGES: 31 CATEGORY: Business POSTED ON: 1/20/2011
Dissertation Proposal on Advertisement document sample
Foundations of Inter-Domain Routing Ph.D. Dissertation Defense Vijay Ramachandran Dissertation Director: Joan Feigenbaum Committee Members: Jim Aspnes, Paul Hudak, Tim Griffin (University of Cambridge) Overview This dissertation develops a theoretical framework for the design and analysis of path-vector protocols primarily used for Internet inter-domain routing. The framework can be used to understand the interactions of local routing policies and their effects on protocol behavior. It can also be used to understand the design space of path-vector protocols and inherent trade-offs among desirable protocol properties. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 2 Background: Internet Routing April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 3 BGP Route Processing IP Forwarding Table Install forwarding entries for best routes Apply Import Routing Best Route Apply Export Policies Table Selection Policies Receive Apply Policy = Based on Apply Policy = Transmit filter routes & Storage filter routes & BGP attribute BGP tweak of routes tweak updates values updates attributes attributes Open-ended programming: constrained only by vendor configuration language April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 4 BGP Route-Selection Procedure 1. Highest local preference 2. Shortest AS-path length 3. For each AS next-hop, lowest MED value 4. eBGP routes over iBGP routes 5. Shortest iBGP distance to egress point April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 5 Motivation (1) Given certain policy inputs, BGP will oscillate or converge nondeterministically. [VGE ’00, GSW ’02, MGWR ’02, Cisco ’01] These anomalies are difficult for operators to debug because the problems traverse autonomously administered networks. New features are often implemented without testing resulting worst-case scenarios. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 6 Motivation (2) The BGP specification contains no guidance on how to provide “good” routing policies. Policies are unconstrained. Can policies be constrained to guarantee convergence, and how can those constraints be described? What is lost, if anything? Formal models allow rigorous analysis and design at different levels of abstraction. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 7 Protocol-Divergence Example 120 20 120 210 10 1 2 20 10 210 10 20 Prefer sending Prefer sending traffic through traffic through neighbor 2 neighbor 1 0 0 0 April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 8 Related Work: Formally Modeling Policy Semantics [GSW ’02] introduced the Stable Paths Problem (SPP) as the underlying theoretical problem that BGP is trying to solve. SPP is NP-hard; solvability convergence. An SPP instance is a graph in which each node represents one AS and has a policy in the form of a linear preference ordering on paths. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 9 SPP Results [GSW ’02] DISAGREE (multiple solutions) Dispute Wheel No dispute wheel implies BAD GADGET (no solution) robust convergence. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 10 Related Work: Local and Global Constraints [GR ’01] showed that Hierarchical BGP Local (HBGP) is robust. constraint Neighborsare divided into three classes: customers, providers, and peers. Preference and scoping rules apply to routes learned from different types of neighbors. Global No customer/provider cycles. constraint [GGR ’01] added an attribute to HBGP to allow safe back-up routing. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 11 The Design Space of Path-Vector Protocols [GJR ’03] Robustness: Does the protocol predictably converge, even after node and link failures? Expressiveness: What routing policies are permitted? Autonomy: What degree of independence do operators have in local-policy configuration? Policy Opaqueness: Can local route settings be kept private? Transparency: How directly does the protocol apply local- policy transformations to route data? Global Constraint: What network assumptions are needed? April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 12 Three Levels of Abstraction [JR ’05] Path-Vector Algebras [Sob. ’03] Sets of A description of the most important criteria involved in determining Protocols best routes. Does not include implementation details, e.g., a route advertisement is considered an atomic action. Path-Vector Policy Systems (PVPS) [GJR ’03] A combination of message-passing system (protocol), policy language, Protocols and global constraint. The underlying path-vector system models import & export policies, path selection, and route data structures. Instances of the Stable Paths Problem (SPP) [GSW ’02] A routing configuration, indicating the preference order of permitted Networks paths on a given network. Solutions are consistent assignments; unique solutions give predictable convergence to a stable assignment. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 13 Path-Vector Policy Systems [GJR ’03] Formal model of path-vector routing: ( PV , PL , K ) Path-Vector System: Global Constraint: The underlying message-exchange What assumptions about the system for route information. What network must be true to is exchanged and how? achieve robustness? Policy Language: Question: How can policies be described? What role do these components PL acts as a local constraint on the play in achieving protocol design expressiveness of policies. goals? April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 14 Linear Best-Route Selection Model Ignore iBGP and MED-attribute values. Assume that the route-selection procedure, at each node, for each destination: 1. maps each route to a rank in some totally ordered set based on its attribute values; and 2. chooses as best the path with minimal rank. Rank is influenced by local policy, but the ranking criteria are the same at each node. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 15 Robustness Condition [GJR ’03, Sob. ’03] Conjecture: No path-vector policy system can exactly capture all robust configurations. Theorem: A protocol in which a path’s rank monotonically increases as it is extended (imported by a neighbor) is robust. This is the broadest-known sufficient condition for robustness, equivalent to dispute-wheel freeness on SPP instances. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 16 Trade-Offs in Implementation [GJR ’03] Theorem. A globally unconstrained PVPS expressive enough to capture all increasing configurations either does not support autonomy of neighbor ranking or is not transparent, or both. Theorem. A transparent, robust PVPS that supports autonomy of neighbor ranking and is at least as expressive as shortest paths must have a non-trivial global constraint. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 17 Algebras and PVPSes (1) [JR ’05] BGP Protocols Both, Both, Protocols For both, using primarily primarily using local some network instances are length length loc. pref. preference convergent Shortest Paths Robust protocols Strictly Monotone Shortest Paths with Monotone preferences monotone (or arbitrary) preference tie-breaking with length tie-breaking preferences preferences April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 18 Algebras and PVPSes (2) [JR ’05] The expressiveness of an algebra or PVPS is the set of SPP equivalence classes permitted as legal routing configurations. Given an algebra, we can construct a canonical PVPS that is exactly as expressive. Given a PVPS, we can construct a canonical algebra that describes the same rank criteria. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 19 Class-Based Systems [JR’ 04] The PVPS framework can be used to generalize the HBGP constraints from [GR’ 01, GGR’ 01]. A class-based PVPS is described by: A set of classes (types of neighbor assignments, e.g., customer/provider/peer) and consistency relationships Class relative-preference and scoping rules These systems are transparent and have “some” autonomy of neighbor ranking; they require a nontrivial global constraint. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 20 Relative Preference and Scope Relative Scope: Preference: If class i routes If class i is to be cannot be preferred to a exported over class-k then node class j, neighbor, v should prefer then node u will routes from node only learn about w over those from the path uvxQ. node x. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 21 Class-Based Robustness [JR’ 04] From the class description alone, we can construct a global constraint involving a check on pairs of class assignments. Networks obeying this constraint are robust. Networks violating this constraint allow nodes to write policies that induce routing anomalies. We give two types of enforcement algorithms: a centralized algorithm that detects a set of nodes whose class assignments permit a policy-induced anomaly; and a distributed algorithm that detects whether two specific nodes’ class assignments could induce an anomaly. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 22 Nonlinear Route-Selection Model Recent work generalizes the PVPS framework to include protocols that do not assume linear route-selection procedures. permits modeling the MED attribute and This both iBGP and eBGP sessions. Because previous convergence constraints depend on a notion of rank, these do not apply in the generalized case. Relies on generalized SPP [GW ’02]. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 23 Generalized SPP [GW ’02] Recall BGP selection: lowest MED value from paths to the same AS; then shortest IGP distance. IGP distances are shown near intra-domain links. MED values are shown in parentheses near inter- domain links. This example oscillates. MED-EVIL (no solution) April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 24 Independent Route Ranking MED-EVIL (condensed) April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 25 Generalized Path Relations April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 26 Generalized Dispute Digraphs Given a GSPP instance, form its generalized dispute digraph: nodes are paths; edges correspond to the four relations. Theorem. If a GSPP is not robust, this graph contains a cycle. MED-EVIL Dispute Digraph April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 27 Proof Method Cycle in MED-EVIL protocol-selection states. Given a protocol oscillation, choose a path whose first node is the last oscillating node on the path. Follow the oscillation until the selection changes; this change occurred because of a linear or nonlinear selection. This corresponds to some relation between two paths; repeat with the ‘related’ path. Choose a subpath to find the last oscillating node. Because the oscillation is finite, we must re-visit a path. We have just traced a cycle in the dispute digraph. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 28 Protocol-Design Applications Multiple-Path Broadcast [B+ ’02]and [MC ’04] propose changing BGP to broadcast additional routes to avoid MED-induced oscillations. We can prove the effect of this behavior using our formal model. Improvement: Detect an IRR violation on-the-fly and request the needed route. “Compare-all-MEDs” and “Set AS-distinct local preferences” [MGWR ’02] can be proven correct. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 29 Summary The PVPS framework allows for a study of path- vector-protocol design—most importantly, a rigorous way to prove: what balance of local and global constraints are needed for robustness; and what else is lost when these constraints are implemented. The framework has provided concrete and reasonable guidelines for class-based systems. The framework has been extended to include protocols with IRR-violating selection procedures. April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 30 Open Questions Analogous local constraints for the generalized case Real, deployable policy-configuration languages More examples of exact trade-offs between local and global constraints (to date, only class-based systems give this) Full characterization of robust systems? April 20, 2005 V. Ramachandran — Ph.D. Dissertation Defense 31