149 research outputs found
On Compact Routing for the Internet
While there exist compact routing schemes designed for grids, trees, and
Internet-like topologies that offer routing tables of sizes that scale
logarithmically with the network size, we demonstrate in this paper that in
view of recent results in compact routing research, such logarithmic scaling on
Internet-like topologies is fundamentally impossible in the presence of
topology dynamics or topology-independent (flat) addressing. We use analytic
arguments to show that the number of routing control messages per topology
change cannot scale better than linearly on Internet-like topologies. We also
employ simulations to confirm that logarithmic routing table size scaling gets
broken by topology-independent addressing, a cornerstone of popular
locator-identifier split proposals aiming at improving routing scaling in the
presence of network topology dynamics or host mobility. These pessimistic
findings lead us to the conclusion that a fundamental re-examination of
assumptions behind routing models and abstractions is needed in order to find a
routing architecture that would be able to scale ``indefinitely.''Comment: This is a significantly revised, journal version of cs/050802
FAIR: Forwarding Accountability for Internet Reputability
This paper presents FAIR, a forwarding accountability mechanism that
incentivizes ISPs to apply stricter security policies to their customers. The
Autonomous System (AS) of the receiver specifies a traffic profile that the
sender AS must adhere to. Transit ASes on the path mark packets. In case of
traffic profile violations, the marked packets are used as a proof of
misbehavior.
FAIR introduces low bandwidth overhead and requires no per-packet and no
per-flow state for forwarding. We describe integration with IP and demonstrate
a software switch running on commodity hardware that can switch packets at a
line rate of 120 Gbps, and can forward 140M minimum-sized packets per second,
limited by the hardware I/O subsystem.
Moreover, this paper proposes a "suspicious bit" for packet headers - an
application that builds on top of FAIR's proofs of misbehavior and flags
packets to warn other entities in the network.Comment: 16 pages, 12 figure
Distributed Internet security and measurement
The Internet has developed into an important economic, military, academic, and social resource. It is a complex network, comprised of tens of thousands of independently operated networks, called Autonomous Systems (ASes). A significant strength of the Internet\u27s design, one which enabled its rapid growth in terms of users and bandwidth, is that its underlying protocols (such as IP, TCP, and BGP) are distributed. Users and networks alike can attach and detach from the Internet at will, without causing major disruptions to global Internet connectivity. This dissertation shows that the Internet\u27s distributed, and often redundant structure, can be exploited to increase the security of its protocols, particularly BGP (the Internet\u27s interdomain routing protocol). It introduces Pretty Good BGP, an anomaly detection protocol coupled with an automated response that can protect individual networks from BGP attacks. It also presents statistical measurements of the Internet\u27s structure and uses them to create a model of Internet growth. This work could be used, for instance, to test upcoming routing protocols on ensemble of large, Internet-like graphs. Finally, this dissertation shows that while the Internet is designed to be agnostic to political influence, it is actually quite centralized at the country level. With the recent rise in country-level Internet policies, such as nation-wide censorship and warrantless wiretaps, this centralized control could have significant impact on international reachability
Aspects of proactive traffic engineering in IP networks
To deliver a reliable communication service over the Internet
it is essential for
the network operator to manage the traffic situation in the network.
The traffic situation is controlled by
the routing function which determines what path traffic follows from source
to destination.
Current practices for setting routing parameters in IP networks are
designed to be simple to manage. This can lead to congestion in
parts of the network while other parts of the network are
far from fully utilized. In this thesis we explore issues related
to optimization of the routing function to balance load in the network
and efficiently deliver a reliable communication service to the users.
The optimization takes into account not only the traffic situation under
normal operational conditions, but also traffic situations that appear
under a wide variety of circumstances deviating from the nominal case.
In order to balance load in the network knowledge of the traffic
situations is needed. Consequently, in this thesis
we investigate methods for efficient derivation of the
traffic situation. The derivation is based on estimation of
traffic demands from link load measurements. The advantage
of using link load measurements is that they are easily obtained and consist
of a limited amount of data that need to be processed. We evaluate and demonstrate how estimation
based on link counts gives the operator a fast and accurate description
of the traffic demands. For the evaluation we have access to a unique data
set of complete traffic demands from an operational
IP backbone.
However, to honor service level agreements at all times the variability
of the traffic needs to be accounted for in the load balancing.
In addition, optimization techniques are often sensitive to errors and
variations in input data. Hence, when an optimized routing setting is
subjected to real traffic demands in the network, performance often
deviate from what can be anticipated from the optimization. Thus,
we identify and model different traffic uncertainties and describe
how the routing setting can be optimized, not only for a nominal case,
but for a wide range of different traffic situations that might appear
in the network.
Our results can be applied in MPLS enabled networks as well as in
networks using link state routing protocols such as the widely used
OSPF and IS-IS protocols. Only minor changes may be needed in current
networks to implement our algorithms.
The contributions of this thesis is that we: demonstrate that it is
possible to estimate the traffic matrix with acceptable precision, and
we develop methods and models for common traffic uncertainties to
account for these uncertainties in the optimization of the routing
configuration. In addition, we identify important properties in the
structure of the traffic to successfully balance uncertain and
varying traffic demands
Interdomain Route Leak Mitigation: A Pragmatic Approach
The Internet has grown to support many vital functions, but it is not administered by any central authority. Rather, the many smaller networks that make up the Internet - called Autonomous Systems (ASes) - independently manage their own distinct host address space and routing policy. Routers at the borders between ASes exchange information about how to reach remote IP prefixes with neighboring networks over the control plane with the Border Gateway Protocol (BGP). This inter-AS communication connects hosts across AS boundaries to build the illusion of one large, unified global network - the Internet. Unfortunately, BGP is a dated protocol that allows ASes to inject virtually any routing information into the control plane. The Internet’s decentralized administrative structure means that ASes lack visibility of the relationships and policies of other networks, and have little means of vetting the information they receive. Routes are global, connecting hosts around the world, but AS operators can only see routes exchanged between their own network and directly connected neighbor networks. This mismatch between global route scope and local network operator visibility gives rise to adverse routing events like route leaks, which occur when an AS advertises a route that should have been kept within its own network by mistake. In this work, we explore our thesis: that malicious and unintentional route leaks threaten Internet availability, but pragmatic solutions can mitigate their impact. Leaks effectively reroute traffic meant for the leak destination along the leak path. This diversion of flows onto unexpected paths can cause broad disruption for hosts attempting to reach the leak destination, as well as obstruct the normal traffic on the leak path. These events are usually due to misconfiguration and not malicious activity, but we show in our initial work that vrouting-capable adversaries can weaponize route leaks and fraudulent path advertisements to enhance data plane attacks on Internet infrastructure and services. Existing solutions like Internet Routing Registry (IRR) filtering have not succeeded in solving the route leak problem, as globally disruptive route leaks still periodically interrupt the normal functioning of the Internet. We examine one relatively new solution - Peerlocking or defensive AS PATH filtering - where ASes exchange toplogical information to secure their networks. Our measurements reveal that Peerlock is already deployed in defense of the largest ASes, but has found little purchase elsewhere. We conclude by introducing a novel leak defense system, Corelock, designed to provide Peerlock-like protection without the scalability concerns that have limited Peerlock’s scope. Corelock builds meaningful route leak filters from globally distributed route collectors and can be deployed without cooperation from other network
Towards Robust Traffic Engineering in IP Networks
To deliver a reliable communication service it is essential for
the network operator to manage how traffic flows in the network.
The paths taken by the traffic is controlled by the routing function.
Traditional ways of tuning routing in IP networks are designed
to be simple to manage and are not designed to adapt to the
traffic situation in the network. This can lead to congestion in
parts of the network while other parts of the network is
far from fully utilized. In this thesis we explore issues related
to optimization of the routing function to balance load in the network.
We investigate methods for efficient derivation of the
traffic situation using link count measurements. The advantage
of using link counts is that they are easily obtained and yield
a very limited amount of data. We evaluate and show that estimation
based on link counts give the operator a fast and accurate description
of the traffic demands. For the evaluation we have access to a unique data
set of complete traffic demands from an operational
IP backbone.
Furthermore, we evaluate performance of search heuristics to
set weights in link-state routing protocols. For the evaluation
we have access to complete traffic data from a Tier-1 IP network.
Our findings confirm previous studies who use partial traffic data or
synthetic traffic data. We find that optimization using estimated
traffic demands has little significance to the performance of
the load balancing.
Finally, we device an algorithm that finds a routing setting that is
robust to shifts in traffic patterns due to changes in the
interdomain routing. A set of worst case scenarios caused by the interdomain routing changes
is identified and used to solve a robust routing problem. The evaluation
indicates that performance of the robust routing is close to optimal for
a wide variety of traffic scenarios.
The main contribution of this thesis is that we demonstrate that it is
possible to estimate the traffic matrix with good accuracy and to develop
methods that optimize the routing settings to give strong and robust network
performance. Only minor changes might be necessary in order to implement our
algorithms in existing networks
- …