Automatic provisioning in multi-domain software defined networking

Multi-domain Software Defined Networking (SDN) is the extension of the SDN paradigm to multi-domain networking and the interconnection of different administrative domains. By utilising SDN in the core telecommunication networks, benefits are found including improved traffic flow control, fast route updates and the potential for routing centralisation across domains. The Border Gateway Protocol (BGP) was designed three decades ago, and efforts to redesign interdomain routing that would include a replacement or upgrade to the existing BGP have yet to be realised. For the near real-time flow control provided by SDN, the domain boundary presents a challenge that is difficult to overcome when utilising existing protocols. Replacing the existing gateway mechanism, that provides routing updates between the different administrative domains, with a multi-domain centralised SDN-based solution may not be supported by the network operators, so it is a challenge to identify an approach that works within this constraint. In this research, BGP was studied and selected as the inter-domain SDN communication protocol, and it was used as the baseline protocol for a novel framework for automatic multi-domain SDN provisioning. The framework utilises the BGP UPDATE message with Communities and Extended Communities as the attributes for message exchange. A new application called Inter-Domain Provisioning of Routing Policy in ONOS (INDOPRONOS), for the framework implementation, was developed and tested. This application was built as an ONOS controller application, which collaborated with the existing ONOS SDN-IP application. The framework implementation was tested to verify the information exchange mechanism between domains, and it successfully carried out the provisioning actions that are triggered by that exchanged information. The test results show that the framework was successfully verified. The information carried inside the two attributes can successfully be transferred between domains, and it can be used to trigger INDOPRONOS to create and install new alternative intents to override the default intents of the ONOS controller. The intents installed by INDOPRONOS immediately change the route of the existing connection, which demonstrated that the correct request sent from the other domain, can carry out a modification in network settings inside a domain. Finally, the framework was tested using a bandwidth on demand use case. In this use case, a customer network administrator can immediately change the network service bandwidth which was provided by the service provider, without any intervention from the service provider administrator, based on an agreed-predefined configuration setting. This ability will provide benefits for both customer and service provider, in terms of customer satisfaction and network operations efficiency

AS-Path Prepending: There is no rose without a thorn

Inbound traffic engineering (ITE) - -the process of announcing routes to, e.g., maximize revenue or minimize congestion - -is an essential task for Autonomous Systems (ASes). AS Path Prepending (ASPP) is an easy to use and well-known ITE technique that routing manuals show as one of the first alternatives to influence other ASes' routing decisions. We observe that origin ASes currently prepend more than 25% of all IPv4 prefixes. ASPP consists of inflating the BGP AS path. Since the length of the AS path is the second tie-breaker in the BGP best path selection, ASPP can steer traffic to other routes. Despite being simple and easy to use, the appreciation of ASPP among operators and researchers is diverse. Some have questioned its need, effectiveness, and predictability, as well as voiced security concerns. Motivated by these mixed views, we revisit ASPP. Our longitudinal study shows that ASes widely deploy ASPP, and its utilization has slightly increased despite public statements against it. We surprisingly spot roughly 6k ASes originating at least one prefix with prepends that achieve no ITE goal. With active measurements, we show that ASPP effectiveness as an ITE tool depends on the AS location and the number of available upstreams; that ASPP security implications are practical; identify that more than 18% of the prepended prefixes contain unnecessary prepends that achieve no apparent goal other than amplifying existing routing security risks. We validate our findings in interviews with 20 network operators

Measuring Effectiveness of Address Schemes for AS-level Graphs

This dissertation presents measures of efficiency and locality for Internet addressing schemes. Historically speaking, many issues, faced by the Internet, have been solved just in time, to make the Internet just work~\cite{justWork}. Consensus, however, has been reached that today\u27s Internet routing and addressing system is facing serious scaling problems: multi-homing which causes finer granularity of routing policies and finer control to realize various traffic engineering requirements, an increased demand for provider-independent prefix allocations which injects unaggregatable prefixes into the Default Free Zone (DFZ) routing table, and ever-increasing Internet user population and mobile edge devices. As a result, the DFZ routing table is again growing at an exponential rate. Hierarchical, topology-based addressing has long been considered crucial to routing and forwarding scalability. Recently, however, a number of research efforts are considering alternatives to this traditional approach. With the goal of informing such research, we investigated the efficiency of address assignment in the existing (IPv4) Internet. In particular, we ask the question: ``how can we measure the locality of an address scheme given an input AS-level graph?\u27\u27 To do so, we first define a notion of efficiency or locality based on the average number of bit-hops required to advertize all prefixes in the Internet. In order to quantify how far from ``optimal the current Internet is, we assign prefixes to ASes ``from scratch in a manner that preserves observed semantics, using three increasingly strict definitions of equivalence. Next we propose another metric that in some sense quantifies the ``efficiency of the labeling and is independent of forwarding/routing mechanisms. We validate the effectiveness of the metric by applying it to a series of address schemes with increasing randomness given an input AS-level graph. After that we apply the metric to the current Internet address scheme across years and compare the results with those of compact routing schemes

Interdomain Routing Security (BGP-4)

The Border Gateway Protocol (BGP) is the most important protocol for the interconnectivity of the Internet. Although it has shown acceptable performance, there are many issues about its capability to meet the scale of the growth of the Internet, mainly because of the security issues that surround interdomain routing. The Internet is important to many organisations in various contexts. Thus, it is required to provide a highly secure protocol to keep the normal operation of the Internet. BGP suffers from many security issues. In this dissertation, we cover those issues and provide the security requirements for this protocol. We enumerate the numerous attacks that can be conducted against BGP. The aim of this study is to examine two considerably discussed protocols. Secure-BGP (S-BGP) and secure origin BGP (soBGP) have shown a revolutionary view on interdomain routing since they endeavour to providing security mechanisms at the protocol level. The objective is extended to comparing these two solutions by examining their contribution to the Border Gateway Protocol in terms of security. Moreover, we study their interoperability, efficiency, performance, and the residual vulnerabilities that each solution failed to resolve. Our findings have revealed that ultimately, the solution chosen will be dependent on the desired level of security and deployability. As is often the case with security, a compromise between security and feasibility is of a major concern and cost-effectiveness is the main driver behind deployment

Technologies, routing policies and relationships between autonomous systems in inter-domain routing

A deep exploration of the issues related to routing decisions in inter-domain routing is the scope of this thesis, through the analysis of the interconnection structure and the network hierarchy, the examination of the inter-domain routing protocol used to exchange network reachability information with other systems, the examination of the routing decision process between the entities according to their attributes and policies, the study of the topology generators of the AS relationships, reviewing the most interesting proposals in this area, describing why these issues are difficult to solve, and proposing solutions allowing to better understand the routing process and optimally solve the trade-off of implementing a Peering Engagement between two Autonomous Systems, against the extra cost that this solution represent. More specifically this thesis introduces a new scheme for the routing decision in a BGP speaker through a formalization of the routing decision process, and proposes a formulation of a real and exhaustive mathematical model of a Peering Engagement between Autonomous Systems, to be solved as a problem of maximization with an ad-hoc built Decision Support System (XESS) able to find an optimal reduced set of solutions to the proposed problem. -------------------------------------------------------------------------- ABSTRACT [IT] Un’analisi approfondita delle tematiche inerenti le decisioni di routing nel routing interdominio è oggetto di questa tesi, attraverso l’esame della struttura di interconnessione e delle gerarchia del network, lo studio del protocollo utilizzato nel routing interdominio per scambiare le informazioni di reachability con gli altri sistemi, l’analisi del processo decisionale tra le entità coinvolte nello scambio di tali informazioni in accordo con le politiche e gli attributi, lo studio delle topologie sintetiche derivate dallo studio delle relazioni tra gli AS, attraverso i lavori di ricerca in quest’area, la descrizione dei problemi e delle difficoltà, e offrendo un contributo atto a fornire una maggiore comprensione del processo decisionale nel routing interdominio e una soluzione per l’implementazione di un processo di Peering tra Autonomous System. In particolare, questa tesi introduce un nuovo modello per il processo decisionale in uno speaker BGP attraverso la formalizzazione del routing decision process, e propone un modello matematico esaustivo delle meccaniche legate al processo di Peering Engagement tra Autonomous System, da analizzare come problema di massimizzazione e da risolvere con un Decision Support System (XESS) creato per trovare un sottoinsieme ottimo di soluzioni al problema matematico proposto

An Introduction to Computer Networks

An open textbook for undergraduate and graduate courses on computer networks