policy-compliant path diversity and bisection bandwidth · communication systems group (csg)...

Communication Systems Group (CSG)

Policy-Compliant Path Diversity andBisection Bandwidth

Rowan Klöti1, Vasileios Kotronis1,

Bernhard Ager1, Xenofontas Dimitropoulos2,1

1IEEE INFOCOM, April 2015, Hong Kong

1 ETH Zurich, Switzerland2 University of Crete / FORTH, Greece

Tuesday, 28 April 2015


Assume that you are a network domain admin

èHow resilient is my AS-level connection to a remote AS?

èWhat limits the path diversity

between me and the remote AS?

The other guy

between me and the remote AS?§ My multi-homing degree?

§ The Internet topology at large?

§ Poor connectivity on the local/remote

upstream ISPs’ side?

2IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015

*Picture from: http://www.caida.org/research/topology/as_core_network/historical.xml /

Me


Consider an example network topology



We can perform a min-cut between S and D



We can calculate the maximum S-D flow



We can calculate the edge-disjoint S-D paths



Basic mechanism: min-cuts

§ Generalized problem: max-flow / min-cut§ Basic theorem was proven back in 1956 J

§ Menger’s theorem

è path diversity = min-cut, for unitary edge capacities

§ Well-known algorithms available

èWell, then everything is already solved, right?



Networks are governed by policies

§ Motivation§ Security considerations

§ Routing optimization techniques

§ Financial agreements, SLAs, …

p2p

Peak

§ Example 1: the “valley-free” AS-level Internet§ Peers, providers, customers: p2p, p2c, c2p links

§ Example 2: (negative) waypoint routing§ Force traffic into waypoints

§ Avoid certain nodes/links along the way



Challenge: policies restrict path selection

è Assume trivial regex policy: ( )* ( )+ ( )*



Challenge: policies restrict path selection

è Only two edge-disjoint paths are now valid (min-cut=2)



Our contribution: estimating policy-compliant min-cuts

§ General methodology§ Assumption: network policies as regular expressions

§ Graph transformation algorithm§ Transformed graph contains only policy-compliant paths§ Transformed graph contains only policy-compliant paths

§ Min-cut values should not be distorted by the transform

§ Min-cut calculations§ Complex on original graph (no straightforward method)

§ Simple on transformed graph

§ No modification required on classic graph algorithms



How we represent graphs and policies

§ Network graph:

§ Network policy:§ Network policy:

§ Valley-free example:

è Graph = AS-level Internet

è Policy = c2p*p2p?p2c*



Core of transformation: tensor product

èIntuition: move between G nodes and NFA states concurrentlyèShould yield valid, policy-compliant paths



Does this process preserve the min-cut?

è Intuition: the min-cut paths between any 2 node sets in G’

should traverse at most the same number of || edges as in G



Idea: properly add aggregation states



Are all cases fully aggregatable?Aggregatable NFA cases

§ One-to-One

§ One-to-Many

Non-aggregatable NFA cases

Not a

complete

bipartite graph!

§ Many-to-One

§ Many-to-Many


à Min-cut is inflated by a factor of 2

à “Maximal biclique finding” problemTuesday, 28 April 2015


Remember our initial motivation

èHow resilient is my AS-level connection to a remote AS?

èWhat limits the path diversity

between me and the remote AS?

The other guy

between me and the remote AS?§ My multi-homing degree?


§ Poor connectivity on the local/remote

upstream ISPs’ side?


*Picture from: http://www.caida.org/research/topology/as_core_network/historical.xml /

Me

+ POLICIES!


Example I: Policies and AS-level path diversityp2p

p2p p2p

Peak

§ Classic Valley-Free (VF) vs Multi-Peering Links (MPL)

§ Graph based on CAIDA’s AS relationship dataset

(+/- open p2p links from PeeringDB)18IEEE INFOCOM, April 2015, Hong KongTuesday, 28 April 2015

p2p p2p

Plateau


Example II: Effect of depeering events

§ Simulated depeering between two tier-ones

§ Examined the effect on their exclusive customer cones

§ Valley-free à significant loss of path diversity

§ Multi-p2p links à negligible loss

§ Policy relaxation seems to be beneficial§ Policy relaxation seems to be beneficial


Inter-domain policy scenario

Loss in mean path diversity after depeering(%)

Valley-free 7.03

+ Open Links 7.02

Multiple Peering Links 0.02

+ Open Links 0.04


Summary and Contributions

§ Estimating policy-compliant min-cuts on network graphs§ Network policies as regular expressions

§ Graph transformation algorithm

§ Exact values or approximations depending on NFA form

§ Min-cut calculations§ Complex on original graph

§ Simple on transformed graph

§ No modification required on classic graph algorithms

§ Large variety of use cases out there§ AS-level path diversity under diverse policy models

§ MPTCP, multipath routing, flow routing applications



Questions?

POLICY-COMPLIANTMIN-CUTS


AS-levelInternet

Tuesday, 28 April 2015


BACKUPBACKUP



Assume that you are a datacenter operator

§ How resilient is my switched topology to link failures?

§ What is the bisection bandwidth of my datacenter?


Picture from: http://www.slashgear.com/google-data-center-hd-photos-hit-where-the-internet-lives-gallery-17252451/


Min-cuts are the answer to many more questions

§ What is the max feasible bandwidth for a MPTCP transfer between two of my server clusters?

§ What is the bisection bandwidth of my datacenter?

§ How resilient is my switched topology to link failures?

§ How much edge capacity should be depleted for a successful DDoS link-flooding attack against my network?

§ What limits the AS-level path diversity between my domain and another remote domain?§ My multi-homing degree?


§ Poor connectivity on the local/remote upstream providers’ side?



Complexity of the graph transform process

§ In space:

è |V’| = O (|V|(|Q| + |Δ|)

è |E’| = O (|Δ|(|V| + |E|)è |E’| = O (|Δ|(|V| + |E|)

§ In time:

è t = O (|V||Q| + |Δ|(|V| + |E| + |Q|)) + tdec

§ In practice, the total running time is dominated by the min-cut calculation on the transformed graph



Related Work

§ Tensor products à Soule et al. use tensor products in a

different context (bandwidth allocation policies)

§ Network resilience à Research on resilient networks§ Network are not simply geographical maps

§ Policy-compliance framework is very important§ Policy-compliance framework is very important

§ Min-cuts with policies à Connectivity discovered by RV protocols by Sobrinho et al., valley-free s-t paths/cuts

è Our main contribution: graph transformation without

changing classic algorithms (can also be extended for

finding the shortest valid paths), generic method



Inter-domain Routing Policy NFAs



NFA vs DFA (With Steps MPL scenario)


policy-compliant path diversity and bisection bandwidth · communication systems group (csg)...

Documents