Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Towards a Logic for Wide-Area Internet Routing Nick Feamster Hari Balakrishnan

advertisement 
Towards a Logic for Wide-Area
Internet Routing
Nick Feamster
Hari Balakrishnan
Introduction
Internet routing is a massive distributed
computing task
BGP4 is exceedingly complex
Complexity arises due to wide variety of
goals that must be met
Complicated interactions and
unintended side effects
Introduction (contd.)
Propose routing logic – a set of rules
Logic used to determine satisfaction of
desired properties
Demonstrate how this logic can be used
to analyze and aid implementation
Motivation
Complexity of BGP
Fast convergence to correct loop-free paths
Resilience to congestion
Avoid packet loss and failures
Connecting autonomous and mutually
distrusting domains
Motivation (contd.)
Complexity stems from dynamic
behavior during operation
Vast possibilities for configuration
Prior work highlights many undesirable
properties
Motivation (contd.)
Poor Integrity
DoS, integrity attacks, misconfiguration
Slow Convergence
Path instability, delayed convergence
Congestion scenario not well-understood
Motivation (contd.)
Unpredictability
BGP is distributed and asynchronous
Predicting effects of configuration change
challenging
Poor control of information flow
BGP implementation may expose
information not intended to be public
knowledge
Motivation (contd.)
Specific modifications have unintended
side effects
Need for something that reasons
‘correctness’ of the protocol
Classify protocols in terms of desired
properties
Desired Properties
Validity
Existence of route implies existence of path
Visibility
Existence of path implies existence of route
Safety/Stability
No participant should change its route in
response to other routes
Desired Properties (contd.)
Determinism
Protocol should arrive at same predictable
set of routes
Information-flow Control
Should not expose more information than
necessary
Routing Logic Inputs
Specification of how protocol behaves
Specification of protocol configuration
Policy configuration
General configuration, e.g. which routers
exchange routing information
Current version has no notion of time
Hierarchical Routing Scopes
Organize routing domains into
hierarchical levels called scopes
Protocol in scope ‘i’ forwards packets via
scope ‘i’ next-hop in that path
Scope ‘i’ routing uses scope ‘i+1’ path
to reach scope ‘i’ next hop
Routing Domains are Organized Hierarchically
Validity Rules
Reachability
Route transports packets to intended
destinations
Policy conformance
Conform to peering and transit agreements
Progress
Next-hop specified reduces total distance
to the destination
The Validity Rule
Underlying IGP can result in forwarding loops
Information Flow Control
Consists of objects, flow policy, partial
ordering of security levels
Policy defined in terms of partial
ordering expressed as a lattice
Flow model specifies
Process causing information flow
How flow should be controlled between
parties
An example information flow lattice
Information Objects
Policy
Peering and transit agreements
Router preferences
Reachability
Events affecting reachability
Topology
Internal network topology
Inter-AS connectivity
Noninterference Rule
Objects at higher security levels should
not be visible to objects at lower levels
Security level of message not higher than
level of recipient
BGP implementations can result in information
flow policy violations
Potential Applications
Static analysis of existing network
configuration
Providing framework for design of highlevel policy specification
Aid designers of new protocols
Configuration Analysis
Tool verifies properties of legacy router
configuration
Such tool under development
Used to check whether configuration
satisfies specified information flow
policy
Configuration Synthesis
Get rid of low-level configuration
languages
Remove complexity, frequent
misconfiguration
Synthesize low-level configuration by
translating high-level specification
Protocol Design
Implement set of protocol abstractions
Relate to routing logic, determine
satisfaction of properties
Less susceptible to violating wide-area
routing properties
Related Work
Inspired by use of BAN logic for
authentication protocol analysis
Application of BAN logic to Taos
Operating system
Builds on BGP anomalies noted by
various previous work
Conclusions
Presented a routing logic
Proving properties about protocol aspects
Formally describe how fundamental
properties of BGP lead to violations
Evaluate future proposed modifications to
BGP
Help design new protocols
From 10,000 feet …
Does not aim to fix all problems in BGP
Lays importance to formalizing current
approach of understanding things
Is a tool to analyze effects of
modifications to implementations
Approach extendable to other complex
protocols
Related documents
6.033 Computer System Engineering
6.033 Computer System Engineering
Speaker: Dr. Sunho Lim Title
Speaker: Dr. Sunho Lim Title
HELP TO FIND NUMBERS How to locate routing and checking information
HELP TO FIND NUMBERS How to locate routing and checking information
I acknowledge that I have read and agree to the above
I acknowledge that I have read and agree to the above
A Measurement Framework for Pin-Pointing Routing Changes Renata Teixeira
A Measurement Framework for Pin-Pointing Routing Changes Renata Teixeira
Slides - Interdomain Routing and Games
Slides - Interdomain Routing and Games
BGP instability
BGP instability
BGP: Convergence
BGP: Convergence
Routing Measurement
Routing Measurement
Routing Overlays and Virtualization (Nick Feamster) February 13, 2008
Routing Overlays and Virtualization (Nick Feamster) February 13, 2008
Recitation 5 COS 461
Recitation 5 COS 461
SIGMETRICS
SIGMETRICS
Download
advertisement