interdomain routing policies in the internet: inference and analysis
DESCRIPTION
Interdomain Routing Policies in the Internet: Inference and Analysis. Massimo Rimondini Defense of the PhD in Computer Science and Engineering Mar 16th, 2007. Interdomain Routing. Autonomous Systems. ISP. BGP. LAN. WAN. Internet. 2. 2. 1. Routing Policies. CLASSIFIED. 1. 2. - PowerPoint PPT PresentationTRANSCRIPT
UNIVERSITÀ DEGLI STUDI ROMA TREDipartimento di Informatica e Automazione
Interdomain Routing Policiesin the Internet:
Inference and AnalysisMassimo Rimondini
Defense of the PhD inComputer Science and Engineering
Mar 16th, 2007
Interdomain Routing
LANWAN
ISPAutonomous
Systems
BGP
Internet
Routing Policies
2
1
22
1CLASSIFIED
CLASSIFIED
Why Routing Policies?
Routing dynamicsRouting consistencyOscillation preventionDebuggingTraffic engineeringInterconnection strategies
Interdomain topology discoveryInference of commercial relationshipsTraffic engineeringInterplay of routing policiesEmulation of computer networks
Directions
??
UNIVERSITÀ DEGLI STUDI ROMA TREDipartimento di Informatica e Automazione
Interdomain Topology Discovery
NW
ES
CAIDA SkitterB. Huffaker, D. Plummer, D. Moore, kc claffy. Topology Discovery by Active Probing. Proc. SAINT ’02kc claffy. Internet Measurement and Data Analysis: Topology, Workload, Performance and Routing Statistics. NAE Workshop, 1999
University of Washington RocketfuelN. Spring, R. Mahajan, D. Wetherall, T. Anderson. Measuring ISP Topologies with Rocketfuel. IEEE/ACM Trans. on Networking, 2004N. Spring, R. Mahajan, T. Anderson. Quantifying the Causes of Path Inflation. Proc. ACM SIGCOMM 2003R. Mahajan, N. Spring, D. Wetherall, T. Anderson. Inferring Link Weights using End-to-End Measurements. Proc. IMW ’02
University of Oregon Route ViewsRIPE Routing Information Service
W. Mühlbauer, A. Feldmann, O. Maennel, M. Roughan, S. Uhlig. Building an AS-topology Model that Captures Route Diversity. ACM SIGCOMM 2006B. Zhang, R. Liu, D. Massey, L. Zhang. Collecting the internet AS-level topology. ACM SIGCOMM Computer Communication Review, 2005X. Dimitropoulos, D. Krioukov, G. Riley. Revisiting Internet AS-level Topology Discovery. Proc. PAM ’05H. Chang, R. Govindan, S. Jamin, S. J. Shenker, W. Willinger. Towards Capturing Representative AS-level Internet Topologies. Computer Networks, 2004
Internet Routing RegistryP. Mahadevan, D. Krioukov, M. Fomenkov, X. Dimitropoulos, kc claffy, and A. Vahdat. The Internet AS-Level Topology: Three Data Sources and One Definitive Metric. ACM SIGCOMM Computer Communication Review, 2006G. Siganos, M. Faloutsos. Analyzing BGP Policies: Methodology and Tool. Proc. IEEE INFOCOM ’04
State of the Art
State of the Art
Router level
AS level
BGP Probing
25
4
7
9
8
6
3
1
0 020
520
C
C
C
00
9520
BGP Probing
25
4
7
9
8
6
3
1
0
C
C
C
0{12}0{12}0{12}
30{12}
530{12}
9530{12}
BGP Probing: Contributions
Probing primitivesAS-set stuffingWithdrawal observation
Exploration algorithmExperimentation on the IPv4/IPv6 InternetRoute flap dampening analysis
PublicationsTechnical reportISCC 2006Journal (pending acceptance)
BGP Probing: Results
Method IPv6 IPv4ASes Links ASes Links
Stable state 32 31 24 23Withdrawal 94
(2.9)211 (6.8)
28 (1.2)
49 (2.1)
Level-by-level 97 (3) 222 (7.2)
29 (1.2)
55 (2.4)Protoc
olInduced by W on global
(I)
Withdrawal graph
(W)I only W only
IPv6 312 158 (51%) 175 21 (13%)IPv6 334 168 (50%) 189 23 (14%)IPv6 302 154 (51%) 174 26 (17%)IPv4 241 61 (25%) 181 1 (2%)
IRR Data Extraction
Internet Routing Registryassignment of Internet resources (IP addresses, AS numbers)routing policies
Volunteered updatesinconsistent registrationsout of date information
IRR Data Extraction
aut-num: AS137import: from AS20965 action pref=100; from AS1299 action pref=100; accept ANY[...]export: to AS1299 announce AS-GARR[...]changed: [email protected] 20000830source: RIPE
import: from AS20965 action pref=100; from AS1299 action pref=100; accept ANY
export: to AS1299 announce AS-GARR
Routing Policy Specification Language
IRR Data Extraction
aut-num: ASX5import: { from ASX2:AS-Z2 accept 100.0.0.0/8; } refine { from ASX1 ASX2 accept 100.1.0.0/16; } except { from ASX3 accept 100.1.1.0/24;}export: to ASX1:PRNG-Y1 to ASX1:AS-Z1 except ASX9 announce 100.1.1.0/24mp-export: to ASX11 at 2001::1 announce 2001::/48default: to ASX12 action pref=10default: to ASX13 100.1.1.1 at 100.1.1.2
Routing Policy Specification Language
ASX1 ASX2
ASX1:AS-Z1 except ASX9
} refine {
} except {
ASX2:AS-Z2
ASX1:PRNG-Y1
mp-export: to ASX11 at 2001::1 announce 2001::/48
IRR Data Extractionaut-num: AS24336as-name: DIGITALBANK-JPdescr: d-b net Backboneimport: from AS17685 accept ANYexport: to AS17685 announce AS24336admin-c: DM210-JPtech-c: DM211-JPnotify: [email protected]: MAINT-AS24336changed: [email protected] 20050220source: RADB
aut-num: AS24336as-name: DIGITALBANK-JPdescr: DIGITALBANK, Inc., Regional ISP in Japancountry: JPimport: from AS17685 action pref=100; accept ANYimport: from AS7682 action pref=100; accept ANYexport: to AS17685 announce AS24336export: to AS7682 announce AS24336admin-c: DM210-APtech-c: DM211-APnotify: [email protected]: MAINT-JP-DIGITALBANKmnt-by: MAINT-JP-DIGITALBANKchanged: [email protected] 20050210source: APNIC
export: to AS17685 announce AS24336export: to AS7682 announce AS24336
export: to AS17685 announce AS24336
import: from AS17685 accept ANY
import: from AS17685 action pref=100; accept ANYimport: from AS7682 action pref=100; accept ANY
AS24336 AS24336
RADB
APNIC
20050220
20050210
IRR Data Extraction: Contribs
A methodology to extract BGPlinks from the IRRA classification of the linksinto confidence levelsAn on-line service
Extracted linksStatistics about the health of the IRR
Collaboration with the RIPE NCC
PublicationsTechnical reportACM SIGCOMM MineNet 2006
IRR Data Extraction: ResultsAPNI
CARIN
RADB
RIPE VERIO
APNIC
2688 1 423 19 113
ARIN 1 463 37 7 14RADB 423 37 203
750 45
RIPE 19 7 50 11238
23
VERIO
113 14 45 23 310
This work 236663
RIPE RRCC 108521
[mahadevan06] (RIPE only) 56949[zhang05] (RIPE) 70222[siganos04] 12749
8
UNIVERSITÀ DEGLI STUDI ROMA TREDipartimento di Informatica e Automazione
Inference ofCommercial Relationships
N
WE
Commercial Relationships
25
4
7
9
8
6
3
1
0
C
C
C
Commercial Relationships
8
7
2 3
0
C
C C
Provider
Customer
Core
PeerPeer
9
6
1
4 5
State of the ArtX. Dimitropoulos, D. Krioukov, B. Huffaker, kcclaffy, G. Riley. Inferring AS Relationships: DeadEnd or Lively Beginning? LNCS, 2005G. Di Battista, M. Patrignani, M. Pizzonia. Computingthe Types of the Relationships between AutonomousSystems. Proc. IEEE INFOCOM ’03T. Erlebach, A. Hall, T. Schank. ClassifyingCustomer-Provider Relationships in the Internet. Proc.CCN ’02L. Subramanian, S. Agarwal, J. Rexford, R. H. Katz. Characterizing the Internet Hierarchy from Multiple Vantage Points. Proc. IEEE INFOCOM ’02L. Gao. On Inferring Autonomous System Relationships in the Internet. IEEE/ACM Transactions on Networking, 2001Z. Ge, D. R. Figueiredo, S. Jaiswal, L. Gao. On the Hierarchical Structure of the Logical Internet Graph. Proc. SPIE ITCom ’01L. Gao. On Inferring Autonomous System Relationships in the Internet. Proc. IEEE Global Internet Symposium ’00
• policies• degree based
• hierarchy
• combinatorialformulation
• vantage points
• SAT based• apx algorithms
• combinedapproach
• SAT based• heuristics
Validation
Validation
Inferencealgorithms
Data set(AS paths)Comparative
validationAlgorithmindependencereport
Stabilityreport
Validation: Contributions
MethodologySet of measuresSoftware suiteValidation of [sark02]against [dpp03]
PublicationsIPS 2004
Commercial Relationships:Results
Algorithm independence(% consistent assignments on same data set)
>90%Stability(% consistent assignments over consecutive data sets)
[dpp03]: between 95% and 99%[sark02]: between 96% and 99%
# changes
# ed
ges
10
100
UNIVERSITÀ DEGLI STUDI ROMA TREDipartimento di Informatica e Automazione
Traffic EngineeringN
W
S
Traffic Engineering
0000
3
000
12
State of the ArtR. K. C. Chang, M. Lo. Inbound Traffic Engineeringfor Multihomed ASes Using AS Path Prepending. Proc.NOMS ’04B. Quoitin, C. Pelsser, L. Swinnen, O. Bonaventure,S. Uhlig. Interdomain Traffic Engineering with BGP. IEEE Communications Magazine, 2003N. Feamster, J. Borkenhagen, J. Rexford. Guidelines for Interdomain Traffic Engineering. ACM SIGCOMM Computer Communication Review, 2003B. Quoitin, S. Uhlig, C. Pelsser, O. Bonaventure. Internet Traffic Engineering Techniques. TR, 2002L. Swinnen, S. Tandel, S. Uhlig, B. Quoitin, O. Bonaventure. An Evaluation of BGP-based Traffic Engineering Techniques. TR, 2002D. Awduche, A. Chiu, A. Elwalid, I. Widjaja, and X. Xiao. Overview and Principles of Internet Traffic Engineering. RFC 3272, 2002.L. Gao, F. Wang. The Extent of AS Path Inflation by Routing Policies. Proc. IEEE Global Internet Symposium ’02H. Tangmunarunkit, R. Govindan, S. Shenker, D. Estrin. The Impact of Routing Policy on Internet Paths. Proc. IEEE INFOCOM ’01
guidelines
observation
X3
0
1 2
Seeking for Optimal Prepending
ILP formulationDifferent objective functionsMultiple prefixesTie break
Computational geometryui
X
prepending on ui
Traffic Engineering: Contribs
Two formal modelsAvoid trial-and-error“Pluggable” requirementsAlgorithmic optimization
PublicationsIPS MoMe 2005
UNIVERSITÀ DEGLI STUDI ROMA TREDipartimento di Informatica e Automazione
Interplay of Routing PoliciesW
E
S
Policy Probing
N. T. Spring. Efficient Discoveryof Network Topology andRouting Policy in the Internet.PhD Thesis U. Washington. 2004F. Wang, L. Gao. Inferring and Characterizing Internet Routing Policies. ACM SIGCOMM IM ’03See commercial relationships
Policy Probing
10
0
CC
C
87
21
4 5
7 4 1 0
10 8 4 1 0
9 6 3 07 4 2 0...
0{1,3,5,6,7,9}
10 9 5 3 0 ?
6
9
3
0{1,6,7}
!10 9 5 2 010 8 4 2 010 8 4 2 0
Policy Probing: Contributions
Path feasibility determinationPath preference comparisonExperiments on the IPv4/IPv6Internet
StabilityJ. L. Sobrinho. Network Routing with PathVector Protocols: Theory and Applications.Proc. ACM SIGCOMM ’03T. G. Griffin, F. Bruce Shepherd, G. Wilfong.The Stable Paths Problem and Interdomain Routing.IEEE/ACM Transactions on Networking, 2002L. Gao, T. G. Griffin, J. Rexford. Inherently Safe Backup Routing with BGP. Proc. IEEE INFOCOM ’01T. Griffin, G. T. Wilfong. A Safe Path Vector Protocol. Proc. IEEE INFOCOM ’00K. Varadhan, R. Govindan, D. Estrin. Persistent Route Oscillations in Inter-domain Routing. Elsevier Computer Networks, 2000L. Gao, J. Rexford. Stable Internet Routing without Global Coordination. Proc. ACM SIGMETRICS ’00T. G. Griffin, F. B. Shepherd, G. Wilfong. Policy Disputes in Path-Vector Protocols. Proc. ICNP ’99)
Stability
21020
32030
0
13010 1
2 3
Stability: Contributions
Event timingsTwo kinds of stability
strict stabilityforwarding stability
PropertiesTransitions & reachability
UNIVERSITÀ DEGLI STUDI ROMA TREDipartimento di Informatica e Automazione
Emulation of Computer Networks
NW
ES
State of the Art
Royal Institute of Technology, Sweden
University of ZagrebIMUNES - An Integrated Multiprotocol Network Emulator / Simulator
Technical University of Madrid
UMLMON - Virtualization with User Mode Linux Gerd Stolpmann
Netkit The poor man's system to experiment computer networking
Easy to install and useLightweightEasy setup of complex experiencesCompact all-in-one virtual labsCorpus of ready-to-use labs & teaching material
blah blah blah...
2.4 - Very improved ltools: - Some new options have been introduced, allowing to change the behaviour of the underlying vtools. The most interesting improvement is the possibility to start multiple virtual machines simultaneously. Depending on user needs, this can also be done while keeping an eye on dependencies (e.g., "pc3 can only start after pc1 and pc2"). In a few words: lab.dep is now supported! - lstart now warns if there are duplicate interface definitions inside lab.conf. Also, any option of vstart can be used inside lab.conf. - lclean now also removes log files. - lrestart has disappeared, and is now simply a link to lstart. The same holds for ltest, which is a link to lstart. Depending on the name with which it is invoked, lstart's behaviour changes as needed. - lstart now produces much terser output. - By default, lcrash removes virtual machines filesystems, so that a lab can be restarted without having to use lclean first. - No more need to use the "." to tell the ltools that the lab is in the current directory. - The command line help is now much clearer. - A new lcommand has been introduced: linfo. It provides general information about a lab without starting it. Optionally, it may also generate a PostScript file with a sketch of the link-level topology of the lab. - (More or less slightly) improved man pages. - Enriched the documentation with several warnings about installing Netkit on FAT32 filesystems and using scripts and/or lab configurations which use the CR+NL line break convention. - Removed a vcrash warning stating the impossibility to delete a socket file for a virtual hub. - Fixed a bug which prevented vlist and halt/crash related commands from working properly with accounts using long user names (maximum tolerated user name length is now 35 characters - I know it's weird to set a limit on it, but it's really necessary ;-). - Improved check_configuration.sh (now it has a modular structure and also warns about VDSO support in the host kernel). - The --version option now reports information about the version number of all the installed Netkit components as well as that of the host kernel. - Improved vcrash mechanism. Hangups of the mconsole helper tool are now detected and properly handled (any of you who has ever seen those everlasting "Crashing..." lines knows what I am talking about). Moreover, if crash via mconsole fails, then vcrash automatically attempts to kill virtual machines without user intervention. Last but not least, the process killing routine has been revised; before this fix, there were chances of leaving some processes running even after a "hard kill". Now there are very fewer chances for virtual machines to survive ;-) - Depending on PIDs usage, the uptime information returned by vlist could be incorrect. Uptime has now been completely removed from the output of vlist, as it can be obtained by using the `uptime' command inside virtual machines. - Improved support for Konsole tabs. Better management of stale locks and of simultaneously started virtual machines. - The fuser command is not required any more: it has been replaced by an invocation of lsof. - Missing parameters in netkit.conf are now assigned default values.
2.3 - Improved checks for the presence of terminal emulator applications (both in check_configuration.sh and in the Netkit scripts). - Fixed a bug inside vcrash and vclean (wrong signal spec when killing processes broke both vcrash and vclean). - Placed a workaround to avoid early hangs of the port-helper process when booting virtual machines. - Removed some minor warnings issued by vstart and vclean. - Fixed a small bug in the output of vlist.
2.2 Beta - Updated check_configuration.sh (there was no check for the correctness of the PATH environment variable). - Updated INSTALL file.
2.1 Beta - Fixed a bug that prevented correct recognition of running processes (caused vlist and related commands - vcrash, etc. - not to work). - Suppressed a warning popping out when killing a virtual machine having two (or more) network interfaces attached to the same virtual hub. - Fixed minor bug that caused reporting wrong console information when using vlist to get detailed info about a running virtual machine.
2.0 Beta - Netkit now consists of three separate pieces: a "core", a filesystem, and a kernel. Changelogs are maintained separately as well. - Netkit is now documented! The distribution includes a plethora of man pages which guide you throughout Netkit usage and setup. - Introducing a more robust `check_configuration.sh' script, replacing the old `config'. - Environment variable pointing to the Netkit directory has been renamed to NETKIT_HOME (VLAB_HOME is still supported). - Default configuration parameters for newly started virtual machines and, in general, for the Netkit environment, can now be easily altered by editing the netkit.conf file. - All Netkit commands can now limit their scope of action to virtual machines owned (=started) by the desired user. - All Netkit commands are now more robust and provide a clearer output. - Virtual machines can now be configured with network interfaces connected to a real network. This can be done automatically by using an option of the vstart command, which will take care of asking you for the root password when needed. - Network interfaces can now be attached to a running virtual machine ``on the fly'' by using the vconfig command. - The vstart command no longer requires the use of the (very very boring) --new option when starting new virtual machines. - Virtual hubs are automatically stopped when the last machine that uses them quits (no matter whether by graceful halt or by crash). - The vstart command allows the use of alternative UML kernels and filesystems for the virtual machines. - Better management of consoles has been introduced (virtual machine consoles can now be attached to different terminal emulators in a more flexible way). Also, each machine supports two consoles. - Vstart now allows to pass parameters directly to the virtual machine kernel command line. - The vlist command can now be used to ask for detailed information about a running virtual machine. - Vcrash supports different shutdown strategies (by management console or by process signaling). It also allows to remove a virtual machine filesystem upon its crash. - Vhalt now allows to remove a virtual machine filesystem after shutdown. - A new command (vclean) has been introduced to clean the host system from hanging processes and unused virtual hubs. It also allows to remove any configuration settings that have been altered to setup interfaces connected to a real network. - All the ltools now allow to perform operations on a subset of the virtual machines of a lab. This is useful, for example, when only few machines are to be restarted. - Lstart now allows to configure a different amount of emulated memory for each virtual machine. - Lstart now supports an option inside `lab.conf' which can be used to restrict the set of enabled virtual machines for a lab. - A new testing system for the labs has been introduced. It can be used to automatically perform arbitrary checks on a Netkit lab. This is especially useful to ease the distribution of a lab, because it provides with a one-shot solution to test that the lab works properly on a different machine or Netkit distribution. - Something else we may not have mentioned......
---------------------------------------------------------------------------------
F2.2 - Cleaned up /etc/hosts (it contained some wrong entries associating 127.0.0.1 with "pc1"). - Lab .startup files are taken into account even if they are not executable. This impacts the Netkit filesystem because it requires a change in the virtual hosts init scripts. - Boot time scripts processed the lab.conf file improperly. This caused warning messages when using the [mem] parameter or when defining interfaces for virtual hosts having particular names (e.g., containing a dash). - The "expect" package has been installed.
F2.1 - Moved the /lib/tls/ directory away (UML does not support Thread Local Storage yet). Its presence caused some tools not to work (e.g., nslookup). - Foreign (i.e., user provided) Netkit kernel modules were properly recognized only if the kernel version matched 2.6.11.7. Fixed.
F2.0 Beta - Virtual machines boot messages have been deeply cleaned up. - Maximum number of days between mounts and maximum number of mounts before filesystem check have both been reset to 0. You won't go through those annoying file system checks any more! - Support for two console terminals is provided. - All console terminals now use automatic login as root. You will no longer have to enter the password hundreds of times when starting your labs... - Filesystem now provides support for kernel modules. That is, it provides a set of modutils to manage modules and some scripts automatically mount a host directory containing kernel modules, if this is found to exist. - Netkit startup scripts have been cleaned up and improved. - Fixed wrong minor number for device /dev/ubd/disc0/part1. Also, the following devices have been created: /dev/ubda /dev/ubda1 /dev/ubda2 /dev/ubdb /dev/ubdb1 /dev/ubdb2 - Support for automatically performed lab testing has been introduced. - Static mappings in /etc/hosts and the resolver configuration in /etc/resolv.conf have both been cleaned up. - Default passwords for zebra, bgpd, and ripd have all been set to 'zebra'. - Several tools have been installed and a list of installed packages is now being distributed.
---------------------------------------------------------------------------------
K2.2 - Simplified (and fixed) deploying of Netkit kernel modules. The simplification consists in the fact that explicitly dealing with symbolic links is not needed any more: just run `make modules_install' with a seasonable INSTALL_MOD_PATH and that's it. Try `man netkit-kernel' for more information. The fix consists in the fact that, before this release, it was not possible to use modules for a kernel whose version did not match the one expected by the Netkit filesystem.
K2.1 Beta - Fixed a bug which limited the maximum number of arguments on the UML kernel command line (as a consequence, virtual machines could not be configured with more than about 6 interfaces, depending on the other options passed to vstart). - The port-helper patch supplied with the Netkit kernel was erroneously reversed. Fixed.
K2.0 Beta - A new 2.6.11.7 kernel has been recompiled from scratch. The kernel configuration has been completely revised. Minimal patches have been applied to provide for better stability. - Support for module loading has been introduced, so that the kernel configuration now includes basic commonly used functionalities as built-in pieces, while most of the other features are available as modules. - The kernel should now work flawlessly also with SKAS-patched host kernels.
Contributions
Improved user interfaceStabilityFunctionalitiesUsability
Improved labsSelf testsLecture slides
PublicationsTechnical reportNearly submitted paper
Overall contributions
Interdomain topologydiscoveryCommercial relationshipsTraffic engineeringPolicy discoveryStabilityEmulation
To Do
complexity & effectivenessof algorithmsnetwork measurementsvalidate other algorithmsdescribe the space of solutionshierarchybounds on complexitycase studygame theoryefficiencyaccuracyupgrade of networking toolsnew featuresnew & improved labsintegration with other products
locate stable statessystem characterization
Thankyou!