Roma Tre University Advisor: Prof. G. Di Battista PhD Candidate: Luca Cittadini
BGP glues the Internet Internet is a huge interconnection a network of networks BGP is the protocol that makes interconnections possible disseminates routing information among heterogeneously administered networks (ASes) makes networks aware of each other BGP is extremely hard to upgrade/replace need to deploy a new protocol worldwide huge legacy installation base (30k ASes)
BGP instabilities BGP is designed to fulfill the classic goals of routing protocols build optimal routing tables, avoid loops, etc. support detailed routing policies administrators must have fine-grained knobs to control how traffic enters/exits their network policy conflicts can create instabilities aka oscillations transient (permanent) situations where routers are unable to reach a fixed set of routing choices
motivation BGP instabilities are harmful can generate a very large (infinite) amount of messages can delay convergence instabilities are hard to fix the cure, i.e., rate limiting routing updates, is worse than the disease motivates efforts to prevent oscillations
a model for BGP we choose SPVP [GriffinShepherdWilfong99] an undirected graph represents BGP peerings a single destination prefix is originated by node 0 each node is assigned a set of permitted paths to reach 0 (filtering component) paths at v are sorted according to preference (ranking component) 130 10 1 2 210 20 0 0 30 3 4 420 430
SPVP dynamic model original version node 0 advertises its presence to its neighbors each node collects paths from neighbors applies filters to received paths selects the highest ranked available path updates its neighbors many simplified variants proposed in literature nodes cannot talk simultaneously nodes send/receive paths at each clock tick paths are not stored locally result: simplified variants are unable to capture all BGP oscillations
BGP research - coordinates network management feasibility of finding solutions stability vs autonomy and expressiveness
agenda sufficient AND necessary condition for stability impact of BGP attribute manipulation static analysis of BGP configurations
safety under filtering a network is safe under filtering (SUF) if it is guaranteed to converge to a stable routing even if arbitrary route filters are applied a network is robust if it is guaranteed to converge to a stable routing even under arbitrary combinations of link failures results robustness does not imply SUF route filters can be more harmful than cable cuts characterization for SUF does not depend on dynamics (hence, can be checked statically)
wheels A Dispute Wheel is a cyclic structure of preferences the structure is made of pivot nodes each pivot has a direct route each pivot has a route via its successor each pivot prefers the route via its successor to the direct route Spoke Path Preference U R U Q v Q U R u Rim Path No Dispute Wheel => SUF [GriffinShepherdWilfong99,02] W Q u 0 Q v V Pivot Node
rings A Dispute Ring is a DW such that each node appears only once in the wheel SUF => No Dispute Ring [FeamsterJohariBalakrishnan05] Intuition meet in the middle to characterize SUF too complex right! too simple
wheel + ring = reel A Dispute Reel (DR) is a particular kind of DW and a generalization of a Dispute Ring. A DR is a DW such that 1. Pivot vertices appear in exactly three paths 2. Spoke and rim paths do not intersect 3. Spoke paths form a tree only intersections among rim paths are allowed A DW that does not satisfy these conditions does not pose stability problems
the big picture NO DW NO DISPUTE REEL SUF SAFE HAS A STABLE STATE Filthy Gadget ROBUST NO Dispute Ring
characterization of SUF network management feasibility of finding solutions stability vs autonomy and expressiveness
agenda sufficient AND necessary condition for stability impact of BGP attribute manipulation static analysis of BGP configurations
ibgp attribute manipulation internal BGP distributes routes within an AS vendors do not recommend applying policies to routes learned via ibgp yet, there are traffic balancing reasons to do so e.g., when you want multiple routes to survive the BGP decision process up to local tie breakings consequences are poorly understood
ibgp - results measurement methodology exploits the simultaneous availability of uncomparable paths at the same AS ibgp attribute manipulation happens in the Internet theoretical analysis arbitrary manipulation can create oscillations which are not possible otherwise configuration guidelines match reasonable traffic engineering requirements while ensuring that convergence is preserved the ibgp-equivalent of Gao-Rexford guidelines
impact of ibgp attr. manip. network management feasibility of finding solutions stability vs autonomy and expressiveness
agenda sufficient AND necessary condition for stability impact of BGP attribute manipulation static analysis of BGP configurations
the greedy+ algorithm intuition: Some paths, e.g. 0, are guaranteed Paths that are worse ranked than guaranteed paths will not be selected algorithm: iteratively grow a set of Stable nodes pin guaranteed routes purge less preferred and unfeasible paths
an automatic BGP convergence checker Collectand parse configs Easy, e.g. SNMP, JunXML, Translate to SPVP May take exponential time Run Greedy+ Polynomial time
translation to SPVP idea: prune unnecessary paths simulate announcement propagation to generate paths exploit Greedy+ pruning steps to make the path generation process smarter some nodes will be stabilized during the generation We generate only one path for early stabilized nodes some paths will be less preferred than stable paths We do not generate them
results theoretically A deterministic P-time greedy heuristic to check whether a configuration potentially admits an oscillation No false-negatives: never misreports a network as stable practically An efficient way to map configurations (even for Internet-scale networks) to the abstract SPVP model An efficient way to check the SPVP network for potential oscillations in the worst case, 0.3 sec to check the stability of a large ibgp network for a given destination network
BGP Analyzer - Architecture BGP2SPVP translator SPVP instance
static analysis of BGP policies network management feasibility of finding solutions stability vs autonomy and expressiveness
other research topics clean-slate routing architectures joint work with Anja Feldmann s group @ TU Berlin IPv4-IPv6 transition and coexistence joint work with Olaf Maennel (Univ. of Loughborough), Randy Bush (IIJ), et al. IPv4 address space usage joint work with Wolfgang Muhlbauer (ETH Zurich) and Steve Uhlig (TU Berlin)
main achievements unrestricted local policies are intrinsically incompatible with guaranteed convergence we must sacrifice expressiveness to preserve filtering autonomy and prevent oscillations even in ibgp, increased expressiveness implies increased risk of oscillations stability can be analyzed statically polynomial-time algorithm on SPVP instances no false positives efficient translation from Internet-like topologies to SPVP instances
any questions? thank you!
(the gory details)
classes of SPVP instances
greedy+ an example (1) 320 30 3 Only 1 guaranteed route available 0 Less preferred than STABLE a guaranteed route Guaranteed route 230 210 20 2 1 10 120
greedy+ an example (2) 320 30 3 Inconsistent: extends an unavailable route 0 230 210 20 2 1 10 120
greedy+ an example (3) 320 30 3 0 230 210 20 2 1 10 120
policy checker - performance 4M paths (out of memory) Number of generated paths(median median) degree >1000 7 ASes, 21 links ( degree >100 degree >1 85 ASes, 26K 1030 ASes, links60k links ( ( Naive Greedy Greedy+ (min-max) Topologies(degree threshold)
performance (ibgp)
journal publication L. Cittadini, W. Muhlbauer, S. Uhling. Evolution of Internet Address Space Deaggregation: Myths and Reality. IEEE Journal on Selected Areas in Communications (JSAC) Special Issue on Internet Routing Scalability, 2010
conference publications L. Cittadini, V. Mezzapesa, M. L. Papagni, M. Pizzonia, L. Vergantini, S. Vissicchio. Beyond the Best: Real-Time Non- Invasive Collection of BGP Messages. In proc. Internet Network Management (INM) 2010. To appear L. Cittadini, G. Di Battista, S. Vissicchio. Doing Don'ts: Modifying BGP Attributes within an Autonomous System. In Proc. IEEE/IFIP Network Operations and Management Symposium (NOMS) 2010. To appear A. Feldmann, L. Cittadini, W. Muhlbauer, R. Bush, O. Maennel. HAIR: Hierarchical Architecture for Internet Routing. In Proc. Workshop on Re-architecting the Internet (ReArch) 2009 P. Angelini, L. Cittadini, G. Di Battista, W. Didimo, F. Frati, M. Kaufmann, A. Symvonis. On the Perspectives Opened by Right Angle Crossing Drawings. In 17th International Symposium on Graph Drawing (GD) 2009
conference publications L. Cittadini, G. Di Battista, M. Rimondini, S. Vissicchio. Wheel + Ring = Reel: the Impact of Route Filtering on the Stability of Policy Routing. In Proc. International Conference on Network Protocols (ICNP) 2009 L. Cittadini, M. Rimondini, M. Corea, G. Di Battista. On the Feasibility of Static Analysis for BGP Convergence. In Proc. International Symposium on Integrated Network Management (IM) 2009 A. Di Menna, T. Refice, L. Cittadini, G. Di Battista. Measuring Route Diversity in the Internet from Remote Vantage Points. In Proc. International Conference on Networks (ICN) 2009 L. Cittadini, G. Di Battista, M. Rimondini. (Un)-Stable Routing in the Internet: A Survey from the Algorithmic Perspective. In Proc. International Workshop on Graph-Theoretic Concepts in Computer Science (WG) 2008
conference publications L. Cittadini, T. Refice, A. Campisano, G. Di Battista, C. Sasso. Policy-aware Visualization of Internet Dynamics. In 16th International Symposium on Graph Drawing (GD) 2008 A. Campisano, L. Cittadini, G. Di Battista, T. Refice, C. Sasso. Tracking Back the Root Cause of a Path Change in Interdomain Routing. In Proc. IEEE/IFIP Network Operations and Management Symposium (NOMS) 2008 L. Cittadini, T. Refice, Alessio Campisano, Giuseppe Di Battista, Claudio Sasso. Measuring and Visualizing Interdomain Routing Dynamics with BGPath. In Proc. IEEE Symposium on Computers and Communications (ISCC) 2008
internet draft G. Bajko, S. M. Bellovin, R. Bush, L. Cittadini, A. Durand, O. Mannel, T. Savolainen, J. Zorz. The A+P Approach to the IPv4 Address Shortage. Internet draft draft-ymbk-aplusp-05.txt, Internet Engineering Task Force 2010