policy-compliant path diversity and bisection bandwidth · communication systems group (csg)...
TRANSCRIPT
Communication Systems Group (CSG)
Policy-Compliant Path Diversity andBisection Bandwidth
Rowan Klöti1, Vasileios Kotronis1,
Bernhard Ager1, Xenofontas Dimitropoulos2,1
1IEEE INFOCOM, April 2015, Hong Kong
1 ETH Zurich, Switzerland2 University of Crete / FORTH, Greece
Tuesday, 28 April 2015
Communication Systems Group (CSG)
Assume that you are a network domain admin
èHow resilient is my AS-level connection to a remote AS?
èWhat limits the path diversity
between me and the remote AS?
The other guy
between me and the remote AS?§ My multi-homing degree?
§ The Internet topology at large?
§ Poor connectivity on the local/remote
upstream ISPs’ side?
2IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
*Picture from: http://www.caida.org/research/topology/as_core_network/historical.xml /
Me
Communication Systems Group (CSG)
Consider an example network topology
3IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
We can perform a min-cut between S and D
4IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
We can calculate the maximum S-D flow
5IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
We can calculate the edge-disjoint S-D paths
6IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Basic mechanism: min-cuts
§ Generalized problem: max-flow / min-cut§ Basic theorem was proven back in 1956 J
§ Menger’s theorem
è path diversity = min-cut, for unitary edge capacities
§ Well-known algorithms available
èWell, then everything is already solved, right?
7IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Networks are governed by policies
§ Motivation§ Security considerations
§ Routing optimization techniques
§ Financial agreements, SLAs, …
p2p
Peak
§ Example 1: the “valley-free” AS-level Internet§ Peers, providers, customers: p2p, p2c, c2p links
§ Example 2: (negative) waypoint routing§ Force traffic into waypoints
§ Avoid certain nodes/links along the way
8IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Challenge: policies restrict path selection
è Assume trivial regex policy: ( )* ( )+ ( )*
9IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Challenge: policies restrict path selection
è Only two edge-disjoint paths are now valid (min-cut=2)
10IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Our contribution: estimating policy-compliant min-cuts
§ General methodology§ Assumption: network policies as regular expressions
§ Graph transformation algorithm§ Transformed graph contains only policy-compliant paths§ Transformed graph contains only policy-compliant paths
§ Min-cut values should not be distorted by the transform
§ Min-cut calculations§ Complex on original graph (no straightforward method)
§ Simple on transformed graph
§ No modification required on classic graph algorithms
11IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
How we represent graphs and policies
§ Network graph:
§ Network policy:§ Network policy:
§ Valley-free example:
è Graph = AS-level Internet
è Policy = c2p*p2p?p2c*
12IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Core of transformation: tensor product
èIntuition: move between G nodes and NFA states concurrentlyèShould yield valid, policy-compliant paths
13IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Does this process preserve the min-cut?
è Intuition: the min-cut paths between any 2 node sets in G’
should traverse at most the same number of || edges as in G
14IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Idea: properly add aggregation states
15IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Are all cases fully aggregatable?Aggregatable NFA cases
§ One-to-One
§ One-to-Many
Non-aggregatable NFA cases
Not a
complete
bipartite graph!
§ Many-to-One
§ Many-to-Many
16IEEE INFOCOM, April 2015, Hong Kong
à Min-cut is inflated by a factor of 2
à “Maximal biclique finding” problemTuesday, 28 April 2015
Communication Systems Group (CSG)
Remember our initial motivation
èHow resilient is my AS-level connection to a remote AS?
èWhat limits the path diversity
between me and the remote AS?
The other guy
between me and the remote AS?§ My multi-homing degree?
§ The Internet topology at large?
§ Poor connectivity on the local/remote
upstream ISPs’ side?
17IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
*Picture from: http://www.caida.org/research/topology/as_core_network/historical.xml /
Me
+ POLICIES!
Communication Systems Group (CSG)
Example I: Policies and AS-level path diversityp2p
p2p p2p
Peak
§ Classic Valley-Free (VF) vs Multi-Peering Links (MPL)
§ Graph based on CAIDA’s AS relationship dataset
(+/- open p2p links from PeeringDB)18IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
p2p p2p
Plateau
Communication Systems Group (CSG)
Example II: Effect of depeering events
§ Simulated depeering between two tier-ones
§ Examined the effect on their exclusive customer cones
§ Valley-free à significant loss of path diversity
§ Multi-p2p links à negligible loss
§ Policy relaxation seems to be beneficial§ Policy relaxation seems to be beneficial
19IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Inter-domain policy scenario
Loss in mean path diversity after depeering(%)
Valley-free 7.03
+ Open Links 7.02
Multiple Peering Links 0.02
+ Open Links 0.04
Communication Systems Group (CSG)
Summary and Contributions
§ Estimating policy-compliant min-cuts on network graphs§ Network policies as regular expressions
§ Graph transformation algorithm
§ Exact values or approximations depending on NFA form
§ Min-cut calculations§ Complex on original graph
§ Simple on transformed graph
§ No modification required on classic graph algorithms
§ Large variety of use cases out there§ AS-level path diversity under diverse policy models
§ MPTCP, multipath routing, flow routing applications
20IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Questions?
POLICY-COMPLIANTMIN-CUTS
21IEEE INFOCOM, April 2015, Hong Kong
AS-levelInternet
Tuesday, 28 April 2015
Communication Systems Group (CSG)
BACKUPBACKUP
22IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Assume that you are a datacenter operator
§ How resilient is my switched topology to link failures?
§ What is the bisection bandwidth of my datacenter?
23IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Picture from: http://www.slashgear.com/google-data-center-hd-photos-hit-where-the-internet-lives-gallery-17252451/
Communication Systems Group (CSG)
Min-cuts are the answer to many more questions
§ What is the max feasible bandwidth for a MPTCP transfer between two of my server clusters?
§ What is the bisection bandwidth of my datacenter?
§ How resilient is my switched topology to link failures?
§ How much edge capacity should be depleted for a successful DDoS link-flooding attack against my network?
§ What limits the AS-level path diversity between my domain and another remote domain?§ My multi-homing degree?
§ The Internet topology at large?
§ Poor connectivity on the local/remote upstream providers’ side?
24IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Complexity of the graph transform process
§ In space:
è |V’| = O (|V|(|Q| + |Δ|)
è |E’| = O (|Δ|(|V| + |E|)è |E’| = O (|Δ|(|V| + |E|)
§ In time:
è t = O (|V||Q| + |Δ|(|V| + |E| + |Q|)) + tdec
§ In practice, the total running time is dominated by the min-cut calculation on the transformed graph
25IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Related Work
§ Tensor products à Soule et al. use tensor products in a
different context (bandwidth allocation policies)
§ Network resilience à Research on resilient networks§ Network are not simply geographical maps
§ Policy-compliance framework is very important§ Policy-compliance framework is very important
§ Min-cuts with policies à Connectivity discovered by RV protocols by Sobrinho et al., valley-free s-t paths/cuts
è Our main contribution: graph transformation without
changing classic algorithms (can also be extended for
finding the shortest valid paths), generic method
26IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
Inter-domain Routing Policy NFAs
27IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015
Communication Systems Group (CSG)
NFA vs DFA (With Steps MPL scenario)
28IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015