icnp 2006 interdomain policy violations in overlay routes srinivasan seetharaman, mostafa ammar...
DESCRIPTION
ICNP 2006 Typically in Service Overlays… Objective of native layer: Enforce inter-domain policies and offer best-effort service Unhappy 1. Money 2. Load Client 1 Client 1 A Client 2 B Client 3 C Provider 1 Provider 2 Peer Legitimate native route Overlay route Valley-free violationTRANSCRIPT
ICNP 2006
InterdomainPolicyViolationsinOverlayRoutes
Srinivasan Seetharaman, Mostafa AmmarNetworking and Telecommunications Group
College of ComputingGeorgia Institute of Technology
ICNP 2006
Typically in Service Overlays…Objective of overlay layer: Offer better latency routes to end-systems
But, what is assumed here? The overlay traffic is just a small fraction Node at Harvard is capable of relaying overlay packets
Colorado State Univ
Harvard Univ
Univ of NC
30 ms
24 ms
61 ms
ICNP 2006
Typically in Service Overlays…Objective of native layer: Enforce inter-domain policies and offer best-effort service
Unhappy1. Money2. Load
Client1
A Client2B
Client3C
Provider1
Provider2
Peer
Peer
Legitimate native route
Overlay route
Valley-free violation
ICNP 2006
Outline
We answer the following questions:What type of violations?How extensive are these violations?What benefit did overlays derive?What if ASes enforce policies?Framework for regaining routing advantage?
ICNP 2006
FocusWhat Inter-domain policies? Valley-free property
(Thou shalt not transit for anyone but customers) Since unrelated AS is incurring expense
Which overlay paths? Desirable multi-hop paths are our main concern Single hop paths are non-violating
ICNP 2006
Topology:58 geographically distributed Planetlab nodes (Univ + Commercial). This yields 3306 overlay paths
Measurement steps:1. Determine AS path of each overlay link
(Rockettrace / traceroute for hop list + IPAS mapping)2. Determine overlay path based on shortest path algo
(For Cost = latency, 56.6% overlay paths prefer relaying)3. AS relationships inferred using Gao’s algorithm
See: http://www.cc.gatech.edu/~srini/code
Planetlab Overlay Measurements
ICNP 2006
I. Extent of Valley-free Violations
A: Provider-AS-Provider (63.1%)
B: Provider-AS-Peer (2.43%)
Client 1
Provider 1
Client 2
Provider 2
Client 3
Peer
Client 1
Provider 1
Client 2
Provider 2
Client 3
Peer
Peer
ICNP 2006
I. Extent of Valley-free Violations
No violation if intermediate node is at a provider. In our dataset, 30.19% of paths had no violation
C: Peer-AS-Provider (2.00%)
D: Peer-AS-Peer (2.39%)
Client 1
Provider 1
Client 2
Provider 2
Client 3
Peer
Client 1
Provider 1
Client 2
Provider 2
Client 3
Peer
PeerPeer
Peer
ICNP 2006
II. Benefit DerivedGain = Overlay link latency – Overlay path latency
Overlay link latency
ICNP 2006
III. Enforcing Native PoliciesASes may become aware of the negative impact of overlays and commence filtering
Two modes for filtering objectionable traffic:
1. Blindfiltering: Filter all overlay traffic at host AS
2. Policy-AwareFiltering: Filter only violating traffic (Ex: 30.19% of the relayed traffic is NOT blocked)
ICNP 2006
Penalty = Post-filtering Overlay path latency Best possible path latency
III. Overlay Performance Diminishes
Blind filtering
Policy-aware filtering
ICNP 2006
Overlay service provider (OSP) shares some of the cost incurred by the native layer
We adopt two strategies:
1. Obtain transit permit: Lifetime fee of Pi
2. Add new node: Lifetime fee of Ni
Cost-sharing approach
IV. A Framework for Legitimizing Paths
ICNP 2006
With no filtering,
4 violating multi-hop overlap paths
IV. Cost Sharing Approach
34 24
22
21
31 32
35
12
11 13
23 33
Betweenness = 2
Cust-Prov relationPeering relation
Overlay hosting AS
ICNP 2006
With filtering, we have no multi-hop paths
Overlay routing is obviated and performance suffers
IV. Cost Sharing Approach (contd.)
34 24
22
21
31 32
35
12
11 13
23 33Cust-Prov
relationPeering relation
Overlay hosting AS
ICNP 2006
After obtaining permit from AS 32
2 multi-hop overlap paths are permitted
IV. Cost Sharing Approach (contd.)
34 24
22
21
31 32
35
12
11 13
23 33
Transit Permit
Cust-Prov relationPeering relation
Overlay hosting AS
ICNP 2006
After adding new node to AS 23
2 reasonably good non-violating multi-hop overlap paths are permitted
IV. Cost Sharing Approach (contd.)
34 24
22
21
31 32
35
12
11 13
23 33
Add new node
Cust-Prov relationPeering relation
Overlay hosting AS
ICNP 2006
IV. Cost Sharing ProblemFor a certain budget, determine optimal set {N, P} that maximizes overall path gain
where:N = Set of ASes where new nodes are placedP = Set of ASes being paid for permits
Deriving optimal solution set is a hard problem.
Hence…
ICNP 2006
IV. Greedy HeuristicsPay ASes along unrestricted best-gain path
Obtain permits first from stub ASes that have high betweenness (# of overlay paths through the node)
Next, add overlay nodes to upstream providers, starting with the overlay paths which achieve the highest gain
ICNP 2006
IV. Cost Sharing ResultsLet:
Permit fee for each AS = PNew node fee for each AS = N
Add new node
Permit
ICNP 2006
ConclusionsOverlay routing gains advantage by violating native layer policy.
As overlay applications and overlay traffic surge, the native layer policy violations have a bigger impact
User experience suffers drastically as more ASes deploy filtering mechanisms
Our cost-sharing approach is a mutually agreeable solution to improve gain without causing violations.