1,832 research outputs found
The Scope of the IBGP Routing Anomaly Problem
Correctness problems in the iBGP routing, the de-facto standard to spread global routing information in Autonomous Systems, are a well-known issue. Configurations may route cost-suboptimal, inconsistent, or even behave non-convergent and -deterministic. However, even if a lot of studies have shown many exemplary problematic configurations, the exact scope of the problem is largely unknown: Up to now, it is not clear which problems may appear under which iBGP architectures. The exact scope of the iBGP correctness problem is of high theoretical and practical interest. Knowledge on the resistance of specific architecture schemes against certain anomaly classes and the reasons may help to improve other iBGP schemes. Knowledge on the specific problems of the different schemes helps to identify the right scheme for an AS and develop workarounds
The Strategic Justification for BGP
The Internet consists of many administrative domains, or \emph{Autonomous Systems} (ASes), each owned by an economic entity (Microsoft, AT\&T, The Hebrew University, etc.). The task of ensuring interconnectivity between ASes, known as \emph{interdomain routing}, is currently handled by the \emph{Border Gateway Protocol} (BGP). ASes are self-interested and might be willing to manipulate BGP for their benefit. In this paper we present the strategic justification for using BGP for interdomain routing in today's Internet: We show that, in the realistic Gao-Rexford setting, BGP is immune to almost all forms of rational manipulation by ASes, and can easily be made immune to all such manipulations. The Gao-Rexford setting is said to accurately depict the current commercial relations between ASes in the Internet. Formally, we prove that a slight modification of BGP is incentive-compatible in \emph{ex-post Nash equilibrium}. Moreover, we show that, if a certain reasonable condition holds, then this slightly modified BGP is also \emph{collusion-proof} in ex-post Nash -- i.e., immune to rational manipulations even by \emph{coalitions} of \emph{any} size. Unlike previous works on achieving incentive-compatibility in interdomain routing, our results \emph{do not require any monetary transfer between ASes} (as is the case in practice). We also strengthen the Gao-Rexford constraints by proving that one of the three constraints can actually be enforced by the rationality of ASes if the two other constraints hold.Networks; Ex post Nash; Routing; rational manipulation; Border Gateway Protocol; Dispute Wheel
Automated Formal Analysis of Internet Routing Configurations
Today\u27s Internet interdomain routing protocol, the Border Gateway
Protocol (BGP), is increasingly complicated and fragile due to policy
misconfigurations by individual autonomous systems (ASes). To create
provably correct networks, the past twenty years have witnessed, among
many other efforts, advances in formal network modeling, system
verification and testing, and point solutions for network management
by formal reasoning. On the conceptual side, the formal models
usually abstract away low-level details, specifying what are the
correct functionalities but not how to achieve them. On the practical
side, system verification of existing networked systems is generally
hard, and system testing or simulation provide limited formal
guarantees. This is known as a long standing challenge in network
practice --- formal reasoning is decoupled from actual implementation.
This thesis seeks to bridge formal reasoning and actual network
implementation in the setting of the Border Gateway Protocol (BGP), by
developing the Formally Verifiable Routing (FVR) toolkit that
combines formal methods and programming language techniques. Starting
from the formal model, FVR automates verification of routing
models and the synthesis of faithful implementations that
carries the correctness property. Conversely, starting from large
real-world BGP systems with arbitrary policy configurations,
automates the analysis of Internet routing configurations,
and also includes a novel network reduction technique that
scales up existing techniques for automated analysis. By
developing the above formal theories and tools, this thesis aims to
help network operators to create and manage BGP systems with
correctness guarantee
Recommended from our members
An algebraic perspective on the convergence of vector-based routing protocols
This thesis studies the properties of vector-based routing protocols whose underlying algebras are strictly increasing. Strict increasingness has previously been shown to be both a sufficient and a necessary condition for the convergence of path-vector protocols.
One of the key contributions of this thesis is to link vector-based routing to a much larger family of asynchronous iterative algorithms. This unlocks a significant body of existing theory, and allows asynchronous protocols to be proved correct by purely synchronous reasoning. As well as applying it to routing protocols, this thesis advances the asynchronous theory in two ways. Firstly it shows that the existing conditions required for convergence may be relaxed. Secondly it proposes the first model for ``dynamic'' asynchronous processes in which both the problem being solved and the set of participants change over time.
The thesis' attention then turns to models of routing problems, and presents a new algebraic structure that is simpler and more expressive than the state of the art. In particular this structure is capable of modelling routing problems that underlie both distance-vector and path-vector protocols. Consequently these two families of vector-based protocols may be unified for the first time. The new structure is also capable of modelling protocols that use path-dependent conditional policy.
Next the work above is used to construct a model of an abstract vector-based protocol. This is then used in the first proof of correctness for strictly increasing distance-vector protocols and a new proof of correctness for strictly increasing path-vector protocols. The latter is an improvement over previous results as it i) proves that convergence is deterministic ii) does not assume reliable communication between nodes and iii) applies to path-vector protocols with path-dependent conditional policy. The long standing question of the worst-case rate of convergence for a strictly increasing path-vector protocol is then answered by lowering the previous upper bound of to a new tight bound of~.
Finally all of the work has been formalised in the proof assistant Agda. Not only does this significantly increase users' confidence in the validity of the results, the resulting Agda library may also be used to verify the correctness of protocol implementations. To illustrate this, a formal proof of correctness is described for a path-vector protocol which contains many of the features of the Border Gateway Protocol including: local preferences, communities, an expressive conditional policy language and path inflation.EPSRC Doctoral Training gran
Multipath policy routing in packet switched networks
Dissertação apresentada para obtenção do Grau de Mestre em Engenharia Electrotécnica e de Computadores, pela Universidade Nova de Lisboa, Faculdade de Ciências e TecnologiaNowadays, the continuous operations of large networks, under multiple ownerships, are of
tremendous importance and as a result, routing protocols have gained numerous extensions and accumulated complexity. Policy-based routing can be of signi cance for common networks when the cost of transporting a bit is no longer the biggest pressure point.
The best path problem is a generalization of the shortest path problem that suits policy
based routing. This means that preferences for the paths depend on semantically rich characteristics, in which two di erent paths may have the same preference. However, current policy-based routing models cannot take full advantage of the multiplicity of connections to a given destination and are single path in nature. Therefore multipath can bring several advantages in policy based routing.
Designing multipath routing protocols based on policies seem to be a problem of interest.
To model routing problems, algebraic structures and graph theory are used. Through
variants of classical methods of linear algebra routing problems can be solved.
The objective of this dissertation is to devise a multipath policy-based routing protocol using a simple destination-based hop-by-hop protocol with independent forwarding decisions.
Networks featuring these characteristics can be more resilient to failures, provide
better tra c distribution and maintain a simple forwarding paradigm. The dissertation
concludes with the trade-o 's between the
exibility of the proposed solution, the amount of multiple paths that can be used simultaneously and the network restrictions that must be applied
Certainty Closure: Reliable Constraint Reasoning with Incomplete or Erroneous Data
Constraint Programming (CP) has proved an effective paradigm to model and
solve difficult combinatorial satisfaction and optimisation problems from
disparate domains. Many such problems arising from the commercial world are
permeated by data uncertainty. Existing CP approaches that accommodate
uncertainty are less suited to uncertainty arising due to incomplete and
erroneous data, because they do not build reliable models and solutions
guaranteed to address the user's genuine problem as she perceives it. Other
fields such as reliable computation offer combinations of models and associated
methods to handle these types of uncertain data, but lack an expressive
framework characterising the resolution methodology independently of the model.
We present a unifying framework that extends the CP formalism in both model
and solutions, to tackle ill-defined combinatorial problems with incomplete or
erroneous data. The certainty closure framework brings together modelling and
solving methodologies from different fields into the CP paradigm to provide
reliable and efficient approches for uncertain constraint problems. We
demonstrate the applicability of the framework on a case study in network
diagnosis. We define resolution forms that give generic templates, and their
associated operational semantics, to derive practical solution methods for
reliable solutions.Comment: Revised versio
The Strategic Justification for BGP
The Internet consists of many administrative domains, or
\emph{Autonomous Systems} (ASes), each owned by an economic entity
(Microsoft, AT\&T, The Hebrew University, etc.). The task of
ensuring interconnectivity between ASes, known as \emph{interdomain
routing}, is currently handled by the \emph{Border Gateway Protocol}
(BGP).
ASes are self-interested and might be willing to manipulate BGP for
their benefit. In this paper we present the strategic justification
for using BGP for interdomain routing in today's Internet: We show
that, in the realistic Gao-Rexford setting, BGP is immune to almost
all forms of rational manipulation by ASes, and can easily be made
immune to all such manipulations. The Gao-Rexford setting is said to
accurately depict the current commercial relations between ASes in
the Internet. Formally, we prove that a slight modification of BGP
is incentive-compatible in \emph{ex-post Nash equilibrium}.
Moreover, we show that, if a certain reasonable condition holds,
then this slightly modified BGP is also \emph{collusion-proof} in
ex-post Nash -- i.e., immune to rational manipulations even by
\emph{coalitions} of \emph{any} size.
Unlike previous works on achieving incentive-compatibility in
interdomain routing, our results \emph{do not require any monetary
transfer between ASes} (as is the case in practice). We also
strengthen the Gao-Rexford constraints by proving that one of the
three constraints can actually be enforced by the rationality of
ASes if the two other constraints hold
The Strategic Justification for BGP
The Internet consists of many administrative domains, or
\emph{Autonomous Systems} (ASes), each owned by an economic entity
(Microsoft, AT\&T, The Hebrew University, etc.). The task of
ensuring interconnectivity between ASes, known as \emph{interdomain
routing}, is currently handled by the \emph{Border Gateway Protocol}
(BGP).
ASes are self-interested and might be willing to manipulate BGP for
their benefit. In this paper we present the strategic justification
for using BGP for interdomain routing in today's Internet: We show
that, in the realistic Gao-Rexford setting, BGP is immune to almost
all forms of rational manipulation by ASes, and can easily be made
immune to all such manipulations. The Gao-Rexford setting is said to
accurately depict the current commercial relations between ASes in
the Internet. Formally, we prove that a slight modification of BGP
is incentive-compatible in \emph{ex-post Nash equilibrium}.
Moreover, we show that, if a certain reasonable condition holds,
then this slightly modified BGP is also \emph{collusion-proof} in
ex-post Nash -- i.e., immune to rational manipulations even by
\emph{coalitions} of \emph{any} size.
Unlike previous works on achieving incentive-compatibility in
interdomain routing, our results \emph{do not require any monetary
transfer between ASes} (as is the case in practice). We also
strengthen the Gao-Rexford constraints by proving that one of the
three constraints can actually be enforced by the rationality of
ASes if the two other constraints hold
An Overlay Architecture for Personalized Object Access and Sharing in a Peer-to-Peer Environment
Due to its exponential growth and decentralized nature, the Internet has evolved into a chaotic repository, making it difficult for users to discover and access resources of interest to them. As a result, users have to deal with the problem of information overload. The Semantic Web's emergence provides Internet users with the ability to associate explicit, self-described semantics with resources. This ability will facilitate in turn the development of ontology-based resource discovery tools to help users retrieve information in an efficient manner. However, it is widely believed that the Semantic Web of the future will be a complex web of smaller ontologies, mostly created by various groups of web users who share a similar interest, referred to as a Community of Interest. This thesis proposes a solution to the information overload problem using a user driven framework, referred to as a Personalized Web, that allows individual users to organize themselves into Communities of Interests based on ontologies agreed upon by all community members. Within this framework, users can define and augment their personalized views of the Internet by associating specific properties and attributes to resources and defining constraint-functions and rules that govern the interpretation of the semantics associated with the resources. Such views can then be used to capture the user's interests and integrate these views into a user-defined Personalized Web. As a proof of concept, a Personalized Web architecture that employs ontology-based semantics and a structured Peer-to-Peer overlay network to provide a foundation of semantically-based resource indexing and advertising is developed. In order to investigate mechanisms that support the resource advertising and retrieval of the Personalized Web architecture, three agent-driven advertising and retrieval schemes, the Aggressive scheme, the Crawler-based scheme, and the Minimum-Cover-Rule scheme, were implemented and evaluated in both stable and churn environments. In addition to the development of a Personalized Web architecture that deals with typical web resources, this thesis used a case study to explore the potential of the Personalized Web architecture to support future web service workflow applications. The results of this investigation demonstrated that the architecture can support the automation of service discovery, negotiation, and invocation, allowing service consumers to actualize a personalized web service workflow. Further investigation will be required to improve the performance of the automation and allow it to be performed in a secure and robust manner. In order to support the next generation Internet, further exploration will be needed for the development of a Personalized Web that includes ubiquitous and pervasive resources
- …