1 / 52

Pitch Patarasuk

Pitch Patarasuk. Policy Disputes in Path-Vector Protocol A Safe Path Vector Protocol The Stable Paths Problem and Interdomain routing. Safety in BGP. BGP is the only interdomain routing protocol in the internet A routing protocol is safe when it is guaranteed to converge

bennett
Télécharger la présentation

Pitch Patarasuk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Pitch Patarasuk • Policy Disputes in Path-Vector Protocol • A Safe Path Vector Protocol • The Stable Paths Problem and Interdomain routing

  2. Safety in BGP • BGP is the only interdomain routing protocol in the internet • A routing protocol is safe when it is guaranteed to converge • RIP and OSPF protocols are safe • Use shortest-path algorithm • BGP is not safe

  3. Safety in BGP (Cont.) • BGP does not use pure shortest-path algorithm • BGP allow policy concerns to override distance metric • Each AS decides its own policy with little knowledge of of other ASs’ policies

  4. How to make BGP safe? • Policy • Static • ASs do not share their policies • The problem is NP-complete • Heuristic • Dynamic • Paths that are potentially create problem will be deleted

  5. Outline • SPP (stable path problem) • SPVP (simple path vector protocol) • SPVP1 • SPVP2 • SPVP3 • Dispute Digraph • Dispute Wheel

  6. Stable Path Problem (SPP) • Simplify BGP solvability problem to a problem of “whether every node has a stable route to one destination node” • Destination node == node 0 • (x) = path assignment from node x to node 0 •  = path assignment of every node to node 0 •  = ((1), (2), (3), ……………….) • When  does not change • Stable state • Converge •  is the solution to this problem •  is a stable path assignment of this problem

  7. Stable Path Problem (Cont.) • When  keep changing • Diverge ** NOTE ** • Even if there is a solution, the problem can still be diverge (cannot find a solution) • Even if a problem converge, some nodes may not have a route to node 0 •  = (10, , 310, 40)

  8. SPP – permitted path permitted path(1) = ( 1 0, 1 3 0) permitted path(2) = ( 2 0, 2 1 0) permitted path(3) = (3 0) permitted path(4) = (4 3 0, 4 2 0)

  9. SPP – path rank

  10. SPP – path assignment  = ( 1 3 0, 2 0, 3 0, 4 3 0) 1 = 1 3 0 2 = 2 0 3 = 3 0 4 = 4 3 0

  11. How to check whether a path assignment is stable?  = (10, 20, 30, 430)  = (130, 20, 30, 430)  = (10, 210, 30, 430)  = (130, 210, 30, 430)  = (10, 20, 30, 420)  = (130, 20, 30, 420)  = (10, 210, 30, 420)  = (130, 210, 30, 420)

  12. How to check whether a path assignment is stable? (Cont.) •  = (10, 20, 30, 430) •  = (130, 20, 30, 430) •  = (10, 210, 30, 430) • = (130, 210, 30, 430) •  = (10, 20, 30, 420) •  = (130, 20, 30, 420) •  = (10, 210, 30, 420) •  = (130, 210, 30, 420) • Node i is stable if rank (i,j)P(j) < rank P(i) whenever (i,j)P(j) is a permitted path at i • ** note that (2 1)(1 0) == (2 1 0) **

  13. How to check whether a path assignment is stable? (Cont.) • Choice( , u) is a union of • (u 0) if u is connected to 0 and (u 0) is a permitted path at u • (u v) (v) when u is connected to v and (u v) (v) is a permitted path at u let  = (1 0, 2 0, 3 0, 4 3 0) Choices( ,1) = (1 0, 1 3 0) Choices( , 2) = (2 0, 2 10) Choices( , 3) = (3 0) Choices( , 4) = (4 3 0, 4 2 0)

  14. How to check whether a path assignment is stable? (Cont.) • Let W is a subset of permitted path at u, Best(W, u) = P  W with a maximum ranking • The path assignment at node u, (u), is stable if (u) = best(choices(, u), u) • The path assignment  is stable if (u) is stable at every node u.

  15. Example: Good Gadget • There is only one solution (stable path assignment) for this problem •  = ( 1 3 0, 2 0, 3 0, 4 3 0)

  16. Example: Good Gadget (Cont.)  = ( 1 3 0, 2 0, 3 0, 4 3 0) • Choices(, 1) = (1 0, 1 3 0) Best (Choices(, 1), 1) = 1 3 0 = (1) => stable • Choices(, 2) = (2 0) Best (Choices(, 2), 2) = 2 0 = (2) => stable • Choices(, 3) = (3 0) Best (Choices(, 3), 3) = 3 0 = (3) => stable • Choices(, 4) = (4 3 0, 4 2 0) Best (Choices(, 4), 4) = 4 3 0 = (4) => stable **  = ( 1 3 0, 2 0, 3 0, 4 3 0) is stable **

  17. Unstable path assignment example #1 Stable:  = ( 1 3 0, 2 0, 3 0, 4 3 0) • Choices(, 1) = (1 0, 1 3 0) Best (Choices(, 1), 1) = 1 3 0 != (1) => unstable • Choices(, 2) = (2 0, 2 1 0) Best (Choices(, 2), 2) = 2 1 0 != (2) => unstable • (3), (4) are stable •  = ( 1 0, 2 1 0, 3 0, 4 3 0) are not stable Unstable:  = ( 1 0, 2 1 0, 3 0, 4 3 0)

  18. Simple path vector protocol (SPVP) • SPVP1 • Basic • Not safe • SPVP2 • Contains path history • Can detect protocol oscillation due to policy conflict • Still not safe • SPVP3 • Extends SPVP2 to make it safe by suppressing paths that can make the protocol diverge

  19. SPVP1 • Let rib(u) =  (u) for each node u • Each node u send rib(u) to its neighbor • When each node receives rib(w) from its neighbor w, called rib-in(u<=w), it computes best(u) • If best(u) != rib(u), it replace rib(u) with best(u), and sends new rib(u) to all its neighbor • When no node sends new rib(u) to its neighbor, the protocol is in a stable state, the problem is converge • If there will never be a stable state, the problem is diverge

  20. Algorithm for SPVP1 • Rib(u) = path from u to node 0 • Rib-in(u <= w) = rib(w) received from the neighbor w • Best(u) = computed new path from u to 0 from all Rib-ins(u <=w)

  21. Example: Good Gadget •  = (130, 210, 30, 430) •  = (130, 20, 30, 430) •  = (130, 20, 30, 420) •  is stable => problem is converge

  22. Example2: Bad Gadget (no solution) ** Step 0 and 9 are the same ** one round of oscillation

  23. Example3: Naughty Gadget • Has a solution • (130,20,30,420) • Diverge • Cannot go to (130,20,30,420) state with SPVP protocol

  24. Protocol Oscillation • Assume node u abandons path p1 and adopts path p2, we say that • Node u went down from p1 if p2 has lower rank than p1 • Node u went up to p2 if p2 has higher rank than p1 • Look at node 2 from step 6 backward: node 2 adopts (2 0) because it went down from (2 1 0) because node 1 went up to (1 3 0) because node 3 went down from (3 4 2 0) because node 4 went down from (4 2 0) because node 2 went up to (2 1 0) • ** there is a cycle between went up and down to/from path 210 **

  25. SPVP2 • Each node has path history • Each node send path history to its neighbor • Policy based oscillation can be detected • But do nothing => still not safe • The sentence “node 2 adopts (2 0) because it went down from (2 1 0) because node 1 went up to (1 3 0) because node 3 went down from (3 4 2 0) because node 4 went down from (4 2 0) because node 2 went up to (2 1 0)”can be translated to (- 2 1 0) (+ 1 3 0) (- 3 4 20) (- 4 2 0) (+ 2 1 0)

  26. SPVP2 Example: bad gadget

  27. SPVP2 Example: bad gadget (Cont.)

  28. SPVP2: algorithm

  29. SPVP3: A safe path vector protocol • B(u) = bad paths at node u • Choices(u) now exclude every path in B(u) • In step 6, node 2 has a cycle in its history of path (2 0), it add path (2 0) to B(2) and adopts empty path • The solution of this problem is ( 1 3 0, , 3 0, 4 3 0) • The protocol converge, there is no oscillation, but node 2 cannot get to node 0

  30. Dispute Digraph • There are 2 types of arc in dispute digraph • Transmission arc • Dispute arcs

  31. Transmission arc • P = = => (u v)P when • u and v are peers • P is permitted at v • (u v)P is permitted at u • (1 0) = = => (2 1 0) • (2 0) = = => (4 2 0) • (3 0) = = => (1 3 0) • (3 0) = = => (4 3 0) • (4 2 0) = = => (3 4 2 0) ** node 1 adopts path (10) which allow node 2 to permit path (2 1 0) **

  32. Dispute arc Q ===> (u v)P when • (u v)P is a permitted path at u • Q and P are permitted path at v • Path (u v)Q is not permitted at u, or path Q has lower rank than P at node u • Path Q has higher rank than P at node v • Node v could increase the rank of its best path by abandon path P and adopt path Q, however, this will force node u to abandon path (u v)P

  33. Dispute arc • (1 3 0) ===> (2 1 0) • (2 1 0) ===> (4 2 0) • (3 4 2 0) ===> (1 3 0) • (3 4 2 0) ===> (4 3 0) • (4 3 0) ===> (3 4 2 0)

  34. Dispute digraph: good gadget • Acyclic (no loop) • Converge, unique solution, safe, robust

  35. Dispute digraph: naughty gadget • 2 loops • (430=>3420=>430) • (3420=>130=>210=>420=>3420)

  36. Dispute digraph: bad gadget • 1 loop • (3420=>130=>210=>420=>3420)

  37. Loops in dispute digraph • Acyclic (no loop) • good • Contains loops (dispute cycles) • Potentially bad

  38. Dispute Wheel • An alternative representation structure of a dispute cycle • A specification S has a dispute wheel if and only if the dispute digraph DD(S) contains a cycle • Dispute cycles are built from local relationships between peers • Dispute wheels are based on long-distance relationships

  39. Dispute Wheel (Cont.) • A dispute wheel of size k is • A sequence of nodes U = U0…Uk-1 • A sequence of paths Q = Q0….Qk-1 • A sequence of paths R = R0….Rk-1 • Such that for each 0 <= i <= k-1 • Ri is a path from ui to ui+1 • Qi is a permitted path at Ui • RiQi+1 is a permitted path at Ui • Rank Qi < RiQi+1 at Ui

  40. U0 U2 R2=21 Q0=10 Q2=20 R0=13 Q1=30 R1=342 U1 Dispute wheel of size 3: bad gadget At U0: rank (Q0 == 10) < (R0Q1 ==1330 == 130) At U1: rank (Q1 == 30) < (R1Q2 ==34220 == 3420) At U2: rank (Q2 == 20) < (R2Q3 ==2110 == 210)

  41. Properties of dispute wheel • No dispute wheel implies solvability • No dispute wheel implies a unique solution • No dispute wheel implies safety • No dispute wheel implies robustness ** No dispute wheel == no dispute cycle in DD(S) **

  42. Two trees imply a dispute wheel 120 10 210 20 • Disagree • Has 2 solutions (2 trees) • Contains a dispute wheel Disagree solutions

  43. Disagree problem ** May or may not converge **

  44. An algorithm to find a stable path assignment • Start from a problem of size 0, then 1, 2 ,….,k-1, where k is a number of nodes • Grow an assignment in a greedy manner • i is a stable path assignment of size i • Vi  V where every node in (u) is in Vi, 0  Vi •  = (130, 210, 30, 430), (0)=0 • V1 = {0,3} • u  V-V1 = {1,2,4}

  45. Direct path to V1 • Node 1: 130 • Node 2: 20 • Node 4: 430 • 2 = (130,20,30,430) • V2 = {0,3,1} • V3 = {0,3,1,2} • V4 = {0,3,1,2,4} •  = (130,20,30,430) • If this algorithm cannot find a solution, there must exists a dispute wheel

  46. Stable path problem VS Shortest path problem • Routing protocol based on shortest path is always safe • Routing protocol can be safe even if it does not use the shortest path • BGP: Good gadget

  47. Routing protocol based on cost function • Not all path are permitted • May not be safe • Safe if there is no negative cost cycle Naughty gadget (unsafe) • A cycle 1342 has a negative cost of -16

  48. Routing protocol based on cost function (Cont.) • The protocol can also be safe even if there exists a negative cost cycle ** A+B+C < 0 ** ** no dispute cycle  safe **

  49. Assumptions in these works • Ignore all issues relating to internal BGP • There is at most one link between any two ASs • Ignore address aggregation

  50. Conclusions • Shortest path is safe, BGP is not • There are 3 ways to make routing protocol safe • Policy • Static • Dynamic • Static • Dispute digraph • Dispute cycle • Dispute wheel • No dispute wheel == no dispute cycle • No dispute wheel == safe, robust

More Related