Title: Building%20a%20Strong%20Foundation%20for%20a%20Future%20Internet
1Building a Strong Foundation for a Future Internet
- Jennifer Rexford
- Princeton University
- http//www.cs.princeton.edu/jrex/talks/stoc08.ppt
2The Internet A Remarkable Story
- Tremendous success
- A research experiment that trulyescaped from the
lab - The brilliance of under-specifying
- Best-effort packet-delivery service
- Key functionality at programmable end hosts
- Enabled massive growth and innovation
- Ease of adding hosts and links, and new
technologies - Ease of adding new services (Web, P2P, VoIP, )
3Rethinking the Network Architecture
- But, the Internet is showing signs of age
- Security, mobility, availability, manageability,
- Challenges rooted in early design decisions
- Weak notions of identity, tying address to
location, - Not a simple matter of redesigning a single
protocol - Revisiting the definition and placement of
function - What are the types of nodes in the system?
- What are their powers and limitations?
- What information do they exchange?
The computational model of the (future)
Internet.
4Clean-Slate Network Architecture
- Clean-slate architecture
- Without constraints of todays artifacts
- To have a stronger intellectual foundation
- And move beyond the incremental fixes
- Still, some constraints inevitably remain
- Ignore todays artifacts, but not necessarily all
reality - Such as
- Resource limitations (CPU, memory, bandwidth)
- Time delays between nodes
- Independent economic entities
- Malicious parties
- The need to evolve over time
5A Big Research Challenge
Evolvable Protocols (under-specified,
programmable)
?
Global Properties (stability, scalability,
reliability, security, managability, )
Autonomy (autonomous parties, with different
economic objectives)
Can we have all three? Under what conditions?
6A Real Need for a Theory of Networks
- Formal definitions of network architecture
- Can the theory community do for network
architecture what it did for, e.g., cryptography
and machine learning? - Programmability
- What are good programming models that strike the
right balance been flexibility and restraint? - Incentives
- How much should we rely on economic incentives
to ensure key system properties? - System properties
- What are the fundamental trade-offs and bounds?
7Example Wide-Area Internet Routing
- Seemingly a simple matter
- Computing paths on graphs
- Many, many design goals
- Global connectivity
- Flexible local policies
- Fast recovery from changes
- Good end-to-end paths
- Low protocol overhead
- Security, scalability,
- ltyour wish list heregt
- Perhaps we cannot satisfy all of these goals
- No matter how hard we try
8Four Example Problems in Routing
- Policy-based interdomain routing
- Programmable routing policies in each network
- While ensuring global stability, efficiency,
- 1 Can economic incentives ensure global
stability? - 2 How should a distributed network realize its
policy? - End-to-end traffic management
- Adapting the flow of traffic over each path
- While ensuring good aggregate performance
- 3 What should hosts, routers, and operators do?
- 4 How to support diverse application
requirements?
Getting a distributed set of nodes to do the
right thing.
9Policy-Based Interdomain Routing
???
10What is an Internet?
- A network of networks
- Networks run by different institutions
- Autonomous System (AS)
- Collection of routers run by a single institution
- With a clearly defined routing policy
- ASes have different goals
- Different views of which paths are good
- Interdomain routing is what reconciles those
views - To compute end-to-end paths through the Internet
Wonderful problem setting for game theory and
mechanism design
11Autonomous Systems (ASes)
Path 6, 5, 4, 3, 2, 1
4
3
5
2
6
7
1
Web server
Client
Around 30,000 ASes today
12Border Gateway Protocol (BGP)
- ASes exchange reachability information
- Destination block of IP addresses
- AS path sequence of ASes along the path
- Policies programmed by network operators
- Path selection which path to use?
- Path export which neighbors to tell?
I can reach d via AS 1
I can reach d
1
2
3
data traffic
data traffic
d
13Stable Paths Problem (SPP) Model
- Model of routing policy
- Each AS has a ranking of the permissible paths
- Model of path selection
- Pick the highest-ranked path consistent with
neighbors - Flexibility is not free
- Global system may not converge to a stable
assignment - Depending on the way the ASes rank their paths
http//portal.acm.org/citation.cfm?id508332
14Ways to Achieve Global Stability
- Detect conflicting rankings of paths?
- Computationally intractable (NP-hard)
- Requires global coordination
- Restrict the policy programming languages?
- In what way? How to require this globally?
- What if the world should change, and the protocol
cant? - Rely on economic incentives?
- Policies typically driven by business
relationships - E.g., customer-provider and peer-peer
relationships - Sufficient conditions to guarantee unique, stable
solution
15Bilateral Business Relationships
- Provider-Customer
- Customer pays provider for access to the Internet
- Peer-Peer
- Peers carry traffic between their respective
customers
1
Valid paths 1 2 d and 7 d Invalid path 5 8
d
Valid paths 6 4 3 d and 8 5 d Invalid paths
6 5 d and 1 4 3 d
3
4
2
d
5
6
Provider-Customer
7
8
Peer-Peer
16Act Locally, Prove Globally
- Global topology
- Provider-customer relationship graph is acyclic
- Peer-peer relationships between any pairs of ASes
- Route export
- Do not export routes learned from a peer or
provider - to another peer or provider
- Route selection
- Prefer routes through customers
- over routes through peers and providers
- Guaranteed to converge to unique, stable solution
http//www.cs.princeton.edu/jrex/papers/sigmetric
s00.long.pdf
17Rough Sketch of the Proof
- Two phases
- Walking up the customer-provider hierarchy
- Walking down the provider-customer hierarchy
1
3
4
2
d
5
6
Provider-Customer
7
8
Peer-Peer
18Trade-offs Between Assumptions
- Three kinds of assumptions
- Route export, route selection, and global
topology - Relax one assumption, need to tighten the other
two - Are these assumptions reasonable?
- Could business practices change over time?
- What if nodes are dishonest about their choices?
- See Levin-Schapira-Zohar paper in the next
session! - What if the protocol changes?
- What if the protocol allows multiple paths?
19An Incomplete Understanding
- Desirable global properties
- Convergence to a unique route assignment
- Fast convergence after topology changes
- Honesty in route announcements and packet
forwarding - And how they relate to
- Topology, policies, path verification, revenue
models, - And most known results are sufficient
conditions - Lacking complete characterization of the
trade-off space - With basic questions about economic incentives
- When are they enough? What else do we need?
- Where do the economic issues really belong?
20Ensuring an AS Realizes its Policy
- How should the nodes inside an AS behave?
- To correctly realize the ASs routing policy
- To satisfy the expectations of neighboring ASes
- To minimize protocol overhead within the AS
- Different problem than interdomain routing
- Not about reconciling (possibly conflicting)
policies - But instead about correctly realizing a single
policy
21The Route Assignment Problem
r1
r2
r3
rn
R
rn
n
1
Route Assignment (based on policy)
2
data traffic
3
e3rn
en
e1
e2
from R
from R
22Propagating Information Within the AS
n
r1
r2
r3
rn
R
1
A
2
Route Assignment (based on policy)
B
3
e3rn
en
e1
e2
from R
from R
What information do A and B need to propagate?
23An Incomplete Understanding
- How to define and model an AS
- To design and analyze interdomain routing
- without regard to the intra-AS details
- How to propagate routing information within an AS
- So the routers can realize the policy correctly
- without introducing excessive overhead
- What are the overhead-flexibility trade-offs?
- How much information must the routers exchange
- and how does it depend on the programming model
- How should an AS express (program) its policy?
24End-to-End Traffic Management
25Traffic Management Today
- How much traffic should traverse each path?
Operator Traffic Engineering
Routers Routing Protocols
End hosts Congestion Control
26Models and Algorithms for Each Part
- End hosts congestion control
- Maximizing aggregate utility over all users
- Additive increase, multiplicative decrease
- Routers routing protocols
- Minimizing path cost as sum of link weights
- Bellman-Ford and Dijkstras algorithms
- Operators traffic engineering
- Minimizing load on the network links
- Local-search algorithms for tuning link weights
But, is the whole more than the sum of its parts?
27Shortcoming of Todays Architecture
- Ignores protocol interactions
- Congestion control assumes routing is fixed
- Traffic engineering assumes traffic is inelastic
- Inefficiency of traffic engineering
- Tuning link weights in shortest-path routing
- Cannot achieve optimal flow, and is NP-hard
- and is typically performed on long timescale
- Only limited use of multiple paths
- Missed opportunity for better performance
What would a clean-slate redesign look like?
28Distributed Traffic Management Problem
- Should have a clearly-stated problem
- Variables source rates and path-splitting ratios
- Constraints link load staying below capacity
- Objectives performance and robustness
max. ?iUi(xi) - ?lf(ul)
aggregate utility (as a function of the source
rate xi, over all users i)
aggregate congestion cost (as a function of
utilization, ul, over all links l)
http//www.cs.princeton.edu/jrex/papers/conext07.
pdf
29Distributed Traffic Management Problem
- Solutions with well-understood properties
- Optimality, convergence, low overhead,
- Distributed load-balancing algorithms
- Feedback about network conditions
- Adaptation of the sending rate on each path
s
s
s
Routers Set up multiple paths Measure link
load Update link prices s
Edge nodes Update path rates z Rate limit
incoming traffic
30An Incomplete Understanding
- Promising initial results
- Using optimization theory, game theory, control
theory - Simple tuning of the system
- Algorithms that are robust across a range of
settings? - Self-tuning load-balancing algorithms?
- Trade-offs in the number of paths
- How many paths are really necessary?
- How should these paths be computed?
- Implicit vs. explicit feedback from the links
- Can edge nodes adapt based on path-level metrics?
- Robustness to adversaries trying to bias
measurements?
31Supporting Multiple Classes of Traffic
file
vs.
32Different Strokes for Different Folks
- Applications have different requirements
- High throughput bulk file transfers
- Low delay/jitter VoIP and gaming
- Could design protocols for each traffic class
- Using application-specific objective functions
- But, how should these applications co-exist?
- Multiple customized traffic-management protocols
- On a shared underlying network
- To maximize the aggregate utility of the users
33Virtualization to the Rescue
- Multiple customized architectures in parallel
- Multiple virtual nodes on a single physical node
- Isolation of resources, like CPU and bandwidth
- Programmability for customizing each virtual
network
34An Incomplete Understanding
- How important are customized architectures?
- Quantifying the inefficiencies of one size fits
all - Understanding gains and overheads of
customization - How to balance isolation and efficiency?
- Allowing multiple architectures to run in
parallel - Without requiring static resource partitioning
- How to support other application requirements?
- Security/privacy, scalability trade-offs,
- With appropriate support in the underlying
substrate - What kind of programming model on the nodes?
- To enable creation of new networked services
- Without compromising efficiency, security,
35Virtualization for Economic Refactoring
Todays Internet
Virtualized Internet
Competing ISPs with different goals must
coordinate
Single service provider controls end-to-end path
- Infrastructure providers Own routers, links,
data centers - Service providers Offer end-to-end services to
users
Economics play out vertically on a coarser
timescale.
http//www.cs.princeton.edu/jrex/papers/cabo-shor
t.pdf
36Conclusions
- These are just a few examples
- In the context of wide-area Internet routing
- Meant to illustrate a larger question
- Programmability, incentives, and global
properties - And importance of theoretical disciplines
- In putting network architecture on a sound
foundation - Great opportunities for interdisciplinary
research - Grappling with problem formulations and solutions
- And for significant practical impact
- Adding clarity to our understanding of todays
Internet - And leading to a future Internet worthy of
societys trust
37Acknowledgments
- My research group and collaborators
- Including the problems mentioned in this talk
- See pointers to references at end of slides
- Colleagues in the theoretical CS community
- Especially at ATT Research and Princeton
- Forcing greater precision in problem formulation
- Particularly Joan Feigenbaum
- For great discussions on network architecture
- and advice and feedback about this talk
http//www.cs.princeton.edu/jrex/talks/stoc08.ppt
38Thank you!
39References Policy-Based Routing
- T. Griffin, B. Shepherd, and G. Wilfong, The
stable paths problem and interdomain routing - http//portal.acm.org/citation.cfm?id508332
- L. Gao and J. Rexford, Stable Internet routing
without global coordination - http//www.cs.princeton.edu/jrex/papers/sigmetric
s00.long.pdf - T. Griffin and J. Sobrinho, Metarouting
- http//www.sigcomm.org/sigcomm2005/paper-GriSob.pd
f - H. Levin, M. Schapira, and A. Zohar, Interdomain
routing and games - In the next session here at STOC08!
40References Dynamic Traffic Management
- A. Elwalid, C. Jin, S. Low, and I. Widjaja,
MATE MPLS Adaptive Traffic Engineering - http//ieeexplore.ieee.org/iel5/7321/19795/0091662
5.pdf - S. Kandula, D. Katabi, B. Davie, and A. Charny,
Walking the tightrope Responsive yet stable
traffic engineering - http//nms.lcs.mit.edu/papers/index.php?detail128
- S. Fischer, N. Kammenhuber, and A. Feldmann,
Dynamic traffic engineering based on Wardrop
routing policies - http//adetti.iscte.pt/events/CONEXT06/Conext06_Pr
oceedings/papers/f58.pdf - J. He, M. Suchara, M. Bresler, J. Rexford, and M.
Chiang, Rethinking Internet traffic management
From optimization theory to a practical protocol - http//www.cs.princeton.edu/jrex/papers/conext07.
pdf
41References Network Virtualization
- J. Turner and D. Taylor, Diversifying the
Internet - http//www.arl.wustl.edu/jst/pubs/globecom05divNe
t.pdf - T. Anderson, L. Peterson, S. Shenker, and J.
Turner, Overcoming the Internet impasse through
virtualization - http//geni.net/GDD/GDD-05-01.pdf
- N. Feamster, L. Gao, and J. Rexford, How to
lease the Internet in your spare time - http//www.cs.princeton.edu/jrex/papers/cabo-shor
t.pdf
42Backup Slides on Monitoring in an Adversarial
Setting
43Importance of Monitoring in Routing
- Path-quality monitoring
- Identify performance problems along a path
- E.g., to drive load-balancing decisions
- E.g., to decide what service provider to hire
- E.g., to identify violations of service-level
agreements - Presence of adversaries
- Drop, delay, add, or tamper with any packets
- Bias measurements by preferentially treating
probes - Out of malice or greed
?
Bob
Alice
44Many Variations on the Problem
- Threat model
- Drop/delay packets only?
- Also tamper or add?
- Goal of the measurement
- Loss/delay estimates vs. alarm on a threshold?
- One-way path measurements vs. round-trip?
- Verification that packets follow advertised path?
- Identification of the links/nodes responsible for
problem? - Practical constraints
- (Not) allowing modification of packets
- (A)symmetric forward and reverse paths
- (No) clock synchronization between Alice and Bob
- Large number of Alice-Bob pairs
45An Incomplete Understanding
- Promising initial results
- Fundamental bounds
- Secure sampling
- Secure sketches
- Challenges remain
- Complete characterization of the design space
- Larger architectural questions
- Role of security in routing
- Why should we care if packets follow the (BGP)
advertised path? - Is routings only job is to provide (multiple)
end-to-end paths? - Role of monitoring in routing
- Can path-quality monitoring drive load-balancing
decisions?