Policy Based QoS support using BGP Routing

Abstract -Routing protocols are important to exchange routing information between neighboring routers. Such information is Key words: BGP, QoS, Autonomous System (AS) Introduction Current Internet architecture is based on the Best Effort (BE) model, where packets can be dropped indiscriminately in the event of congestion. Such architecture attempts to deliver all traffic as soon as possible within the limits of its abilities, but without any guarantee about throughput, delay, packet loss, etc. Though such a model works well for certain traditional applications such as FTP, E-mail and less QoS constrained applications, it can be intolerable for newly emerged real-time, multimedia applications such as Internet Telephony (VoIP), Video-Conferencing and Video on-Demand, as well as future services. Hence, with massive deployment of Internet based applications in recent years and the need to manage them efficiently, current Internet structure needs a major shift from the BE model to a service oriented model with support for desired QoS. Current research in this direction is focused towards providing better than BE service over the Internet through a new architecture. Also the new architecture should be both scalable and guarantee end-to-end QoS for different services/applications while supporting different levels of performance. Current Internet architecture lacks standardization while deployed across various domains, hence affecting end-to-end QoS significantly. In this paper our effort is to find a scalable and uniform solution mainly addressing routing and its effect on end to end QoS. In this regard, we consider current inter-domain routing based on BGP as the central component and develop an algorithm allowing QoS domains to be easily identified and enable policy based routing to support QoS for various applications. One of the main objectives in setting up an end-to-end path for any service over the Internet is providing support for its service requirements to achieve necessary QoS, and such tasks are difficult to achieve through current Internet architecture. In this regard, our algorithm is designed to address such heterogeneous service parameter requirements for different services between ASs, and tries to find a viable solution by integrating network policies with routing and traffic engineering objectives. We mainly focus on Inter-domain traffic engineering issues in resolving the policy requirements of different services. In doing so, we have identified and addressed two core problems in the Internet today in relation to QoS

A FRAMEWORK FOR DEFENDING AGAINST PREFIX HIJACK ATTACKS

Border Gateway Protocol (BGP) prefix hijacking is a serious problem in the Internet today. Although there are several services being offered to detect a prefix hijack, there has been little work done to prevent a hijack or to continue providing network service during a prefix hijack attack. This thesis proposes a novel framework to provide defense against prefix hijacking which can be offered as a service by Content Distribution Networks and large Internet Service Providers. Our experiments revealed that the hijack success rate reduced from 90.36% to 30.53% at Tier 2, 84.65% to 10.98% at Tier 3 and 82.45% to 8.39% at Tier 4 using Autonomous Systems (ASs) of Akamai as Hijack Prevention Service Provider. We also observed that 70% of the data captured by Hijack Prevention Service Provider (HPSP) can be routed back to Victim. However if we use tunneling, i.e. trying to route data to neighbors of Victims which in turn sends the traffic to Victims, we observed that data can be routed to Victim 98.09% of the time. Also, the cost of such redirection is minimal, since the average increase in path length was observed to be 2.07 AS hops

Proactive techniques for correct and predictable Internet routing

Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, February 2006.This electronic version was submitted by the student author. The certified thesis is available in the Institute Archives and Special Collections.Includes bibliographical references (p. 185-193).The Internet is composed of thousands of autonomous, competing networks that exchange reachability information using an interdomain routing protocol. Network operators must continually reconfigure the routing protocols to realize various economic and performance goals. Unfortunately, there is no systematic way to predict how the configuration will affect the behavior of the routing protocol or to determine whether the routing protocol will operate correctly at all. This dissertation develops techniques to reason about the dynamic behavior of Internet routing, based on static analysis of the router configurations, before the protocol ever runs on a live network. Interdomain routing offers each independent network tremendous flexibility in configuring the routing protocols to accomplish various economic and performance tasks. Routing configurations are complex, and writing them is similar to writing a distributed program; the (unavoidable) consequence of configuration complexity is the potential for incorrect and unpredictable behavior. These mistakes and unintended interactions lead to routing faults, which disrupt end-to-end connectivity. Network operators writing configurations make mistakes; they may also specify policies that interact in unexpected ways with policies in other networks.(cont.) To avoid disrupting network connectivity and degrading performance, operators would benefit from being able to determine the effects of configuration changes before deploying them on a live network; unfortunately, the status quo provides them no opportunity to do so. This dissertation develops the techniques to achieve this goal of proactively ensuring correct and predictable Internet routing. The first challenge in guaranteeing correct and predictable behavior from a routing protocol is defining a specification for correct behavior. We identify three important aspects of correctness-path visibility, route validity, and safety-and develop proactive techniques for guaranteeing that these properties hold. Path visibility states that the protocol disseminates information about paths in the topology; route validity says that this information actually corresponds to those paths; safety says that the protocol ultimately converges to a stable outcome, implying that routing updates actually correspond to topological changes. Armed with this correctness specification, we tackle the second challenge: analyzing routing protocol configurations that may be distributed across hundreds of routers.(cont.) We develop techniques to check whether a routing protocol satisfies the correctness specification within a single independently operated network. We find that much of the specification can be checked with static configuration analysis alone. We present examples of real-world routing faults and propose a systematic framework to classify, detect, correct, and prevent them. We describe the design and implementation of rcc ("router configuration checker"), a tool that uses static configuration analysis to enable network operators to debug configurations before deploying them in an operational network. We have used rcc to detect faults in 17 different networks, including several nationwide Internet service providers (ISPs). To date, rcc has been downloaded by over seventy network operators. A critical aspect of guaranteeing correct and predictable Internet routing is ensuring that the interactions of the configurations across multiple networks do not violate the correctness specification. Guaranteeing safety is challenging because each network sets its policies independently, and these policies may conflict. Using a formal model of today's Internet routing protocol, we derive conditions to guarantee that unintended policy interactions will never cause the routing protocol to oscillate.(cont.) This dissertation also takes steps to make Internet routing more predictable. We present algorithms that help network operators predict how a set of distributed router configurations within a single network will affect the flow of traffic through that network. We describe a tool based on these algorithms that exploits the unique characteristics of routing data to reduce computational overhead. Using data from a large ISP, we show that this tool correctly computes BGP routing decisions and has a running time that is acceptable for many tasks, such as traffic engineering and capacity planning.by Nicholas Greer Feamster.Ph.D

A performance evaluation of BGP-based traffic engineering

Many Internet Service Providers tune the configuration of the Border Gateway Protocol on their routers to control their traffic. Content providers often need to control their outgoing traffic while access providers need to control their incoming traffic. We show, by means of measurements and simulations, that controlling the flow of the incoming interdomain traffic is a difficult problem. For this purpose, we first rely on detailed measurements to show the limitations of AS-Path prepending