Communication Systems Group (CSG) Policy-Compliant Path Diversity and Bisection Bandwidth Rowan...

Communication Systems Group (CSG)

Policy-Compliant Path Diversity andBisection Bandwidth

Rowan Klöti1, Vasileios Kotronis1,

Bernhard Ager1, Xenofontas Dimitropoulos2,1

1IEEE INFOCOM, April 2015, Hong Kong

1 ETH Zurich, Switzerland 2 University of Crete / FORTH, Greece

Tuesday, 28 April 2015



Assume that you are a network domain admin

How resilient is my AS-level connection to a remote AS?

What limits the path diversity

between me and the remote AS? My multi-homing degree? The Internet topology at large? Poor connectivity on the local/remote upstream ISPs’ side?


*Picture from: http://www.caida.org/research/topology/as_core_network/historical.xml /

Me

The other guy



Consider an example network topology




We can perform a min-cut between S and D




We can calculate the maximum S-D flow




We can calculate the edge-disjoint S-D paths




Basic mechanism: min-cuts

Generalized problem: max-flow / min-cut Basic theorem was proven back in 1956 Menger’s theorem path diversity = min-cut, for unitary edge capacities

Well-known algorithms available

Well, then everything is already solved, right?




Networks are governed by policies

Motivation Security considerations Routing optimization techniques Financial agreements, SLAs, …

Example 1: the “valley-free” AS-level Internet Peers, providers, customers: p2p, p2c, c2p links

Example 2: (negative) waypoint routing Force traffic into waypoints Avoid certain nodes/links along the way


c2p

p2c

p2p

c2pp2cPeak



Challenge: policies restrict path selection

Assume trivial regex policy: ( )* ( )+ ( )*




Challenge: policies restrict path selection

Only two edge-disjoint paths are now valid (min-cut=2)




Our contribution: estimating policy-compliant min-cuts

General methodology Assumption: network policies as regular expressions

Graph transformation algorithm Transformed graph contains only policy-compliant paths Min-cut values should not be distorted by the transform

Min-cut calculations Complex on original graph (no straightforward method) Simple on transformed graph No modification required on classic graph algorithms




How we represent graphs and policies

Network graph:

Network policy:

Valley-free example:

Graph = AS-level Internet

Policy = c2p*p2p?p2c*




Core of transformation: tensor product


Intuition: move between G nodes and NFA states concurrentlyShould yield valid, policy-compliant paths


IEEE INFOCOM, April 2015, Hong Kong

Does this process preserve the min-cut?

14

Intuition: the min-cut paths between any 2 node sets in G’ should traverse at most the same number of || edges as in G




Idea: properly add aggregation states




Are all cases fully aggregatable?Aggregatable NFA cases

One-to-One

One-to-Many

Many-to-One

Many-to-Many

Non-aggregatable NFA cases

Min-cut is inflated by a factor of 2

“Maximal biclique finding” problemTuesday, 28 April 2015

Not a

complete

bipartite graph!



Remember our initial motivation

How resilient is my AS-level connection to a remote AS?

What limits the path diversity

between me and the remote AS? My multi-homing degree? The Internet topology at large? Poor connectivity on the local/remote upstream ISPs’ side?


*Picture from: http://www.caida.org/research/topology/as_core_network/historical.xml /

Me

The other guy

+ POLICIES!



Example I: Policies and AS-level path diversity

Classic Valley-Free (VF) vs Multi-Peering Links (MPL) Graph based on CAIDA’s AS relationship dataset

(+/- open p2p links from PeeringDB)


c2p

p2c

p2p

c2pp2c

c2p p2c

p2p

c2p p2c

p2p

Plateau

Peak



Example II: Effect of depeering events Simulated depeering between two tier-ones Examined the effect on their exclusive customer cones Valley-free significant loss of path diversity Multi-p2p links negligible loss Policy relaxation seems to be beneficial


Inter-domain policy scenario

Loss in mean path diversity after depeering(%)

Valley-free 7.03

+ Open Links 7.02

Multiple Peering Links 0.02

+ Open Links 0.04



Summary and Contributions

Estimating policy-compliant min-cuts on network graphs Network policies as regular expressions Graph transformation algorithm Exact values or approximations depending on NFA form

Min-cut calculations Complex on original graph Simple on transformed graph No modification required on classic graph algorithms

Large variety of use cases out there AS-level path diversity under diverse policy models MPTCP, multipath routing, flow routing applications




Questions?

AS-levelInternet

POLICY-COMPLIANTMIN-CUTS




BACKUP




Assume that you are a datacenter operator

How resilient is my switched topology to link failures? What is the bisection bandwidth of my datacenter?


Picture from: http://www.slashgear.com/google-data-center-hd-photos-hit-where-the-internet-lives-gallery-17252451/



Min-cuts are the answer to many more questions

What is the max feasible bandwidth for a MPTCP transfer between two of my server clusters?

What is the bisection bandwidth of my datacenter? How resilient is my switched topology to link failures? How much edge capacity should be depleted for a

successful DDoS link-flooding attack against my network? What limits the AS-level path diversity between my domain

and another remote domain? My multi-homing degree? The Internet topology at large? Poor connectivity on the local/remote upstream providers’ side?




Complexity of the graph transform process

In space:

|V’| = O (|V|(|Q| + |Δ|)

|E’| = O (|Δ|(|V| + |E|)

In time:

t = O (|V||Q| + |Δ|(|V| + |E| + |Q|)) + tdec

In practice, the total running time is dominated by the min-cut calculation on the transformed graph




Related Work

Tensor products Soule et al. use tensor products in a

different context (bandwidth allocation policies) Network resilience Research on resilient networks

Network are not simply geographical maps Policy-compliance framework is very important

Min-cuts with policies Connectivity discovered by RV protocols by Sobrinho et al., valley-free s-t paths/cuts

Our main contribution: graph transformation without

changing classic algorithms (can also be extended for

finding the shortest valid paths), generic method




Inter-domain Routing Policy NFAs




NFA vs DFA (With Steps MPL scenario)


Date post:	27-Dec-2015
Category:	Documents
Upload:	shannon-evans
View:	213 times
Download:	0 times

Communication Systems Group (CSG) Policy-Compliant Path Diversity and Bisection Bandwidth Rowan...

Documents