Methods for safe, flexible and secure policy based routing

Despoina Perouli, Purdue University

Abstract

Internet Service Providers (ISPs) need to balance multiple opposing objectives. On one hand, they strive to offer innovative services to obtain competitive advantages; on the other, they have to interconnect with potentially competing ISPs to achieve reachability, and coordinate with them for certain services. The complexity of balancing these objectives is reflected in the diversity of policies of the Border Gateway Protocol (BGP), the standard inter-domain routing protocol. Unforeseen interactions among the BGP policies of different ISPs can cause routing anomalies. In this dissertation, we propose a methodology to allow ISPs to check their BGP policy configurations for guaranteed convergence to a single stable state. This requires that a set of ISPs share their configurations with each other or with a trusted third party. Compared to previous approaches to BGP safety, we (1) allow ISPs to use a richer set of policies, (2) do not modify the BGP protocol itself, and (3) detect not only instability, but also multiple stable states. Our methodology is based on the extension of current theoretical frameworks to relax their constraints and use incomplete data. We also design and implement a safety checking tool that builds the mathematical models from router configuration files. Apart from safety, significant research has been devoted over the past decade to securing the Internet routing system as well. We develop abstractions and tools to evaluate the scalability and security properties of the Resource Public Key Infrastructure (RPKI) that the Internet Engineering Task Force (IETF) is standardizing. We report on initial experiments performed and lessons learned.

Degree

Ph.D.

Advisors

Maennel, Purdue University.

Subject Area

Mathematics|Computer Engineering|Computer science

Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server
.

Share

COinS