Scalable BGP Prefix Selection for Effective Inter-domain Traffic Engineering

Inter-domain Traffic Engineering for multi-homed networks faces a scalability challenge, as the size of BGP routing table continue to grow. In this context, the choice of the best path must be made potentially for each destination prefix, requiring all available paths to be characterised (e.g., through measurements) and compared with each other. Fortunately, it is well-known that a few number of prefixes carry the larger part of the traffic. As a natural consequence, to engineer large volume of traffic only few prefixes need to be managed. Yet, traffic characteristics of a given prefix can greatly vary over time, and little is known on the dynamism of traffic at this aggregation level, including predicting the set of the most significant prefixes in the near future. %based on past observations. Sophisticated prediction methods won't scale in such context. In this paper, we study the relationship between prefix volume, stability, and predictability, based on recent traffic traces from nine different networks. Three simple and resource-efficient methods to select the prefixes associated with the most important foreseeable traffic volume are then proposed. Such proposed methods allow to select sets of prefixes with both excellent representativeness (volume coverage) and stability in time, for which the best routes are identified. The analysis carried out confirm the potential benefits of a route decision engine

BGP Security in Partial Deployment: Is the Juice Worth the Squeeze?

As the rollout of secure route origin authentication with the RPKI slowly gains traction among network operators, there is a push to standardize secure path validation for BGP (i.e., S*BGP: S-BGP, soBGP, BGPSEC, etc.). Origin authentication already does much to improve routing security. Moreover, the transition to S*BGP is expected to be long and slow, with S*BGP coexisting in "partial deployment" alongside BGP for a long time. We therefore use theoretical and experimental approach to study the security benefits provided by partially-deployed S*BGP, vis-a-vis those already provided by origin authentication. Because routing policies have a profound impact on routing security, we use a survey of 100 network operators to find the policies that are likely to be most popular during partial S*BGP deployment. We find that S*BGP provides only meagre benefits over origin authentication when these popular policies are used. We also study the security benefits of other routing policies, provide prescriptive guidelines for partially-deployed S*BGP, and show how interactions between S*BGP and BGP can introduce new vulnerabilities into the routing system

Combined Intra- and Inter-domain Traffic Engineering using Hot-Potato Aware Link Weights Optimization

A well-known approach to intradomain traffic engineering consists in finding the set of link weights that minimizes a network-wide objective function for a given intradomain traffic matrix. This approach is inadequate because it ignores a potential impact on interdomain routing. Indeed, the resulting set of link weights may trigger BGP to change the BGP next hop for some destination prefixes, to enforce hot-potato routing policies. In turn, this results in changes in the intradomain traffic matrix that have not been anticipated by the link weights optimizer, possibly leading to degraded network performance. We propose a BGP-aware link weights optimization method that takes these effects into account, and even turns them into an advantage. This method uses the interdomain traffic matrix and other available BGP data, to extend the intradomain topology with external virtual nodes and links, on which all the well-tuned heuristics of a classical link weights optimizer can be applied. A key innovative asset of our method is its ability to also optimize the traffic on the interdomain peering links. We show, using an operational network as a case study, that our approach does so efficiently at almost no extra computational cost.Comment: 12 pages, Short version to be published in ACM SIGMETRICS 2008, International Conference on Measurement and Modeling of Computer Systems, June 2-6, 2008, Annapolis, Maryland, US

The Internet AS-Level Topology: Three Data Sources and One Definitive Metric

We calculate an extensive set of characteristics for Internet AS topologies extracted from the three data sources most frequently used by the research community: traceroutes, BGP, and WHOIS. We discover that traceroute and BGP topologies are similar to one another but differ substantially from the WHOIS topology. Among the widely considered metrics, we find that the joint degree distribution appears to fundamentally characterize Internet AS topologies as well as narrowly define values for other important metrics. We discuss the interplay between the specifics of the three data collection mechanisms and the resulting topology views. In particular, we show how the data collection peculiarities explain differences in the resulting joint degree distributions of the respective topologies. Finally, we release to the community the input topology datasets, along with the scripts and output of our calculations. This supplement should enable researchers to validate their models against real data and to make more informed selection of topology data sources for their specific needs.Comment: This paper is a revised journal version of cs.NI/050803

A randomized solution to BGP divergence

The Border Gateway Protocol (BGP) is an interdomain routing protocol that allows each Autonomous System (AS) to define its own routing policies independently and use them to select the best routes. By means of policies, ASes are able to prevent some traffic from accessing their resources, or direct their traffic to a preferred route. However, this flexibility comes at the expense of a possibility of divergence behavior because of mutually conflicting policies. Since BGP is not guaranteed to converge even in the absence of network topology changes, it is not safe. In this paper, we propose a randomized approach to providing safety in BGP. The proposed algorithm dynamically detects policy conflicts, and tries to eliminate the conflict by changing the local preference of the paths involved. Both the detection and elimination of policy conflicts are performed locally, i.e. by using only local information. Randomization is introduced to prevent synchronous updates of the local preferences of the paths involved in the same conflict.National Science Foundation (ANI-0095988, EIA-0202067, ITR ANI-0205294); Sprint Labs; Motorola Lab

On Compact Routing for the Internet

While there exist compact routing schemes designed for grids, trees, and Internet-like topologies that offer routing tables of sizes that scale logarithmically with the network size, we demonstrate in this paper that in view of recent results in compact routing research, such logarithmic scaling on Internet-like topologies is fundamentally impossible in the presence of topology dynamics or topology-independent (flat) addressing. We use analytic arguments to show that the number of routing control messages per topology change cannot scale better than linearly on Internet-like topologies. We also employ simulations to confirm that logarithmic routing table size scaling gets broken by topology-independent addressing, a cornerstone of popular locator-identifier split proposals aiming at improving routing scaling in the presence of network topology dynamics or host mobility. These pessimistic findings lead us to the conclusion that a fundamental re-examination of assumptions behind routing models and abstractions is needed in order to find a routing architecture that would be able to scale ``indefinitely.''Comment: This is a significantly revised, journal version of cs/050802