Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

Slides - Interdomain Routing and Games

advertisement 
Interdomain Routing and Games
Hagay Levin, Michael Schapira and Aviv Zohar
The Hebrew University
1
On the Agenda
• Motivation: Are Internet protocols incentive compatible?
• Interdomain routing & path vector protocols
• Convergence issues
• BGP as a game
• Hardness of approximation of social welfare
• Incentive compatibility
• Conclusions
2
Are Current Network Protocols
Incentive Compatible?
• Protocols for the network have been
dictated by some designer
• Okay for cooperative settings
• But what if nodes try to optimize
regardless of harm to others?
• Example: TCP congestion control
– Requires sender to transmit less when the
network is congested
– This is not optimal for the sender (always
better off sending more)
3
Secure Network Protocols
• A lot of effort is going into re-designing network
protocols to be secure.
• Routing protocols are currently known to be very
susceptible to attacks.
– Even inadvertent configuration errors of routers have
caused global catastrophes.
• Designers are also concerned about incentive
issues in this context.
• Our work highlights some connections between
incentives and security of BGP.
4
Interdomain Routing
• Messages in the Internet are passed from one router
to the other until reaching the destination.
• Goal of routing protocols: decide how to route packets
between nodes on the net.
• The network is partitioned into Autonomous Systems
(ASes) each owned by an economic entity.
– Within ASes routing is cooperative
– Between ASes inherently non-cooperative
• Routing preferences are complex and uncoordinated.
Always choose
shortest paths.
Load-balance my
outgoing traffic.
UUNET
AT&T
My link to UUNET is for
backup purposes only.
Comcast
Qwest
Avoid routes
through AT&T if
at all possible.
5
Path Vector Protocols
• The only protocol currently used to establish
routes between ASes (interdomain routing):
The Border Gateway Protocol (BGP).
• Performed independently for every destination
autonomous system in the network.
• The computation by each node is an infinite
sequence of actions:
receive
routes from
neighbors
choose
“best”
neighbor
send
updates
to neighbors
6
Example of BGP Execution
5
4 41d
41d
23d
1d
1
1d
23d
2 23d
23d
3d
3d
3
d d d
d
receive
routes from
neighbors
choose
“best”
neighbor
send
updates
to neighbors
7
Our Main Results Informally
• Theorem: In “reasonable economic
settings”, BGP is almost incentivecompatible (And can be tweaked to be
incentive compatible).
• Theorem: In these same settings it is
also almost collusion proof.
– To make it fully collusion proof we need a
somewhat stronger assumption.
8
BGP – Not Guaranteed to Converge
1
12d
1d
…
2d
2
23d
2d
...
12d
1d
d
31d
3
31d
3d
…
• Other examples may fail to converge for
certain timings and succeed for others.
9
Finding Stable States
• Previously known: It’s NP-Hard to determine
if a stable state even exists. [Griffin, Wilfong]
We add:
• Theorem: Determining the existence of a
stable state requires exponential
communication.
• In practice, BGP does converge in the Internet!
Why?
10
The Gao-Rexford Framework: An economic
explanation for network convergence.
Neighboring pairs of ASes have one of:
• a customer-provider relationship
• a peering relationship
peer
providers
peer
customers
Restrict the possible graphs and preferences:
• No customer-provider cycles (cannot be your own customer)
• Prefer to route through customers over peers, and peers
over providers.
• Only provide transit services to customers.
Guarantees convergence of BGP.
11
Dispute Wheels
• A Dispute Wheel [Griffin et. al.]
– A sequence of nodes ui and routes
Ri, Qi.
– ui prefers RiQi+1 over Qi.
• If the network has no
dispute wheels, BGP will always
converge.
• Also guarantees convergence
with node & link failures.
Gao-Rexford
Shortest Path
No Dispute
Wheel
Robust
Convergence
12
Modeling Path Vector Protocols as
a Game
• The interaction is very complex.
– Multi-round
– Asynchronous
– Partial-information
• Network structure, schedule, other player’s types are all unknown.
• No monetary transfers!
– More realistic
– Unlike most works on incentive-compatibility in interdomain
routing.
13
Routing as a Game
• The source-nodes are the strategic agents
• Agent i has a value vi(R) for any route R
• The game has an infinite number of rounds
• Timing decided by an entity called the scheduler
– Decides which nodes are activated in each round.
– Delays update messages along selective links.
14
Routing as a Game (2)
• A node that is activated in a certain round can
– Read update messages announcing routes.
– Send update messages announcing routes.
– Choose a neighboring node to forward traffic to.
• The gain of node i from the game is:
– vi(R) if from some point on it has an unchanging route
R.
– 0 otherwise. (can be defined as the maximal gained
path in an oscillation as well).
• a node’s strategy is its choice of a routing
protocol.
– Executing BGP is a strategy.
15
Approximating Social Welfare

1 / 2 
O
n
• Theorem: Getting an

approximation to the optimal social welfare is
impossible unless P=NP even in Gao-Rexford
settings.
(Improvement on a bound achieved by
[Feigenbaum,Sami,Shenker])
• Theorem: It requires exponential communication
1
to approximate social welfare up to O n
 
16
Manipulating in The Protocol
• A node is said to deviate from BGP (or to
manipulate BGP) if it does not follow BGP.
• We want nodes to comply with the alg.
Otherwise, suffer a loss when they deviate
• Which forms of manipulation are available to
nodes?
–
–
–
–
–
Misreporting preferences.
Reporting inconsistent information.
Announcing nonexistent routes.
Denying routes.
…
17
No Optimal Protocols
•
Theorem: Any routing protocol that:
1. Guarantees convergence to a solution for
any timing with any preference profile
2. Resists manipulation
Must contain a (weak) dictator: A node
that always gets its most preferred path.
(Simple to prove using a variant of the
Gibbard-Satterthwaite theorem)
18
• Suppose node 1 is a weak
dictator.
• If it wants some crazy
6
path, it must get it.
• This feels like an
unreasonable protocol.
5
4
3
7
2
1
d
19
Is BGP Incentive-Compatible?
• Theorem: BGP is not incentive compatible
even in Gao-Rexford settings.
m1d
m12d
12d
1d
1
m
m1d
m12d
12d
1d
1
m
d
d
2md
2d
2
without
manipulation
2md
2d
2
with
manipulation
20
Can we fix this?
• We define a property:
– Route verification means that an AS can verify
that a route is available to a neighboring AS.
• Route verification is:
– Achievable via computational means
(cryptographic signatures).
– An important part of secure BGP
implementation.
21
Incentive Compatibility
• Theorem: If the “No Dispute Wheel”
condition holds, then BGP with route
verification is incentive-compatible in expost Nash equilibrium.
• Theorem: If the “No Dispute Wheel”
condition holds, then BGP with route
verification is collusion-proof in ex-post
Nash equilibrium.
22
Open Questions
• Characterizing robust BGP convergence (“No
dispute wheel” is sufficient but not necessary).
• Does robust BGP convergence with route
verification imply incentive compatibility?
• Can network formation games help to explain the
Internet’s commercial structure?
• Maintain incentive compatibility if the protocol is
changed to deal with attacks and other security
issues?
• How do congestion and load fit in?
23
Conclusions
• Our results help explain BGP’s resilience to
manipulation in practice.
– Manipulation requires extensive knowledge on
network topology & preferences of ASes.
– Faking routes requires manipulation of TCP/IP too.
– Manipulations by coalitions require Herculean efforts,
and tight coordination.
• We show that proposed security improvements
would benefit incentives in the protocol.
• Work in progress: other natural asynchronous
games.
– “Best Reply Mechanisms” with Noam Nisam and
Michael Schapira
24
Related documents
6.033 Computer System Engineering
6.033 Computer System Engineering
1. Jones and Manuelli (1990) explains Piketty (2014)
1. Jones and Manuelli (1990) explains Piketty (2014)
1. An Endogenous Growth Model
1. An Endogenous Growth Model
Sue Moon
Sue Moon
Towards a Logic for Wide-Area Internet Routing Nick Feamster Hari Balakrishnan
Towards a Logic for Wide-Area Internet Routing Nick Feamster Hari Balakrishnan
Typical use of IP traffic flow measurements in telecom operators Paolo Lucente,
Typical use of IP traffic flow measurements in telecom operators Paolo Lucente,
On Inferring Autonomous System Relationships in the Internet Lixin
On Inferring Autonomous System Relationships in the Internet Lixin
MUHAZIN. P. M P.O.Box:16842, logic building Doha jadeed,Qatar
MUHAZIN. P. M P.O.Box:16842, logic building Doha jadeed,Qatar
Download
advertisement