Interdomain Policy Violations in Overlay Routes

1
Interdomain Policy Violations in Overlay Routes

• Srinivasan Seetharaman, Mostafa Ammar
• Networking and Telecommunications Group
• College of Computing
• Georgia Institute of Technology

2
Typically in Service Overlays

• Objective of overlay layer Offer better latency
  routes to end-systems
• But, what is assumed here?
• The overlay traffic is just a small fraction
• Node at Harvard is capable of relaying overlay
  packets

Harvard Univ
30 ms
Colorado State Univ
24 ms
Univ of NC
61 ms
3
Typically in Service Overlays

• Objective of native layer Enforce inter-domain
  policies and offer best-effort service

Provider 2
Provider 1
Peer
Client 1
Legitimate native route
Client3
Client 2
A
Overlay route
Peer
B
C
Unhappy1. Money2. Load
Valley-free violation
4
Outline

• We answer the following questions
• What type of violations?
• How extensive are these violations?
• What benefit did overlays derive?
• What if ASes enforce policies?
• Framework for regaining routing advantage?

5
Focus

• What Inter-domain policies?
• Valley-free property (Thou shalt not transit for
  anyone but customers)
• Since unrelated AS is incurring expense
• Which overlay paths?
• Desirable multi-hop paths are our main concern
• Single hop paths are non-violating

6
Planetlab Overlay Measurements

• Topology
• 58 geographically distributed Planetlab nodes
  (Univ Commercial). This yields 3306 overlay
  paths
• Measurement steps
• Determine AS path of each overlay link
  (Rockettrace / traceroute for hop list IP?AS
  mapping)
• Determine overlay path based on shortest path
  algo (For Cost latency, 56.6 overlay paths
  prefer relaying)
• AS relationships inferred using Gaos algorithm
• See http//www.cc.gatech.edu/srini/code

7
I. Extent of Valley-free Violations
Provider 1
Provider 2
Peer
Client 1
Client 2
Client 3
A Provider-AS-Provider (63.1)
Provider 1
Provider 2
Peer
Client 1
Client 2
Client 3
Peer
B Provider-AS-Peer (2.43)
8
I. Extent of Valley-free Violations
Provider 1
Provider 2
Peer
Client 1
Client 2
Client 3

• No violation if intermediate node is at a
  provider. In our dataset, 30.19 of paths had
  no violation

Peer
C Peer-AS-Provider (2.00)
Provider 1
Provider 2
Peer
Client 1
Client 2
Client 3
Peer
Peer
D Peer-AS-Peer (2.39)
9
II. Benefit Derived

• Gain Overlay link latency Overlay path
  latency
• Overlay link latency

10
III. Enforcing Native Policies

• ASes may become aware of the negative impact of
  overlays and commence filtering
• Two modes for filtering objectionable traffic
• Blind filtering Filter all overlay traffic at
  host AS
• Policy-Aware Filtering Filter only violating
  traffic (Ex 30.19 of the relayed traffic is NOT
  blocked)

11
III. Overlay Performance Diminishes

• Penalty Post-filtering Overlay path latency
• Best possible path latency

Policy-aware filtering
Blind filtering
12
IV. A Framework for Legitimizing Paths

• Overlay service provider (OSP) shares some of the
  cost incurred by the native layer
• ?
• We adopt two strategies
• Obtain transit permit Lifetime fee of Pi
• Add new node Lifetime fee of Ni

Cost-sharing approach
13
IV. Cost Sharing Approach

• With no filtering,
• 4 violating multi-hop overlap paths

Betweenness 2
31
32
21
13
11
Overlay hosting AS
Cust-Prov relation
22
33
Peering relation
12
23
24
34
35
14
IV. Cost Sharing Approach (contd.)

• With filtering, we have no multi-hop paths
• Overlay routing is obviated and performance
  suffers

31
32
21
13
11
Overlay hosting AS
Cust-Prov relation
22
33
Peering relation
12
23
24
34
35
15
IV. Cost Sharing Approach (contd.)

• After obtaining permit from AS 32
• 2 multi-hop overlap paths are permitted

Transit Permit
31
32
21
13
11
Overlay hosting AS
Cust-Prov relation
22
33
Peering relation
12
23
24
34
35
16
IV. Cost Sharing Approach (contd.)

• After adding new node to AS 23
• 2 reasonably good non-violating multi-hop overlap
  paths are permitted

31
32
21
13
11
Overlay hosting AS
Cust-Prov relation
22
33
Peering relation
12
23
Add new node
24
34
35
17
IV. Cost Sharing Problem

• For a certain budget, determine optimal set N,
  P that maximizes overall path gain
• where
• N Set of ASes where new nodes are placed
• P Set of ASes being paid for permits
• Deriving optimal solution set is a hard problem.
• Hence

18
IV. Greedy Heuristics

• Pay ASes along unrestricted best-gain path
• Obtain permits first from stub ASes that have
  high betweenness ( of overlay paths through the
  node)
• Next, add overlay nodes to upstream providers,
  starting with the overlay paths which achieve the
  highest gain

19
IV. Cost Sharing Results

• Let Permit fee for each AS P
• New node fee for each AS N

Add new node
Permit
20
Conclusions

• Overlay routing gains advantage by violating
  native layer policy.
• As overlay applications and overlay traffic
  surge, the native layer policy violations have a
  bigger impact
• User experience suffers drastically as more ASes
  deploy filtering mechanisms
• Our cost-sharing approach is a mutually agreeable
  solution to improve gain without causing
  violations.