Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Strategic Justification for BGP Hagay Levin, Michael Schapira, Aviv Zohar.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "The Strategic Justification for BGP Hagay Levin, Michael Schapira, Aviv Zohar."— Presentation transcript:

1 The Strategic Justification for BGP Hagay Levin, Michael Schapira, Aviv Zohar

2 On the agenda Introduction –BGP –Gao-Rexford –Dispute Wheels A game theory perspective on routing Results: –No perfect routing algorithms. –In reasonable economic settings, BGP is incentive compatible in ex-post Nash. –BGP and colluding agents.

3 The Internet The Internet is composed of Autonomous Systems (ASes). Each AS is a network owned by an economic entity. ASes are interconnected. There are many protocols that may be chosen to handle routing inside ASes. Only one protocol is used for inter-domain routing: The Border Gateway Protocol (BGP) We will think of each AS as a single node in the network graph.

4 Next-Hop Routing in the Internet Done independently for each destination. Every packet carries with it the target address. Given a destination, a router along the way only selects the next-hop in the route. –This is all maintained in a large routing table –Can be implemented in Hardware The routing protocol needs to select this next hop.

5 BGP Nodes in the network have preferences over routes. – (We assume they have some valuation) Can only choose between routes they are offered by neighbors. Preferences are complex: –Microsoft don’t want to route through the competition. –Google wants a minimal number of hops –The CIA never wants to route through Russia.

6 BGP BGP is a very simple algorithm: –A node considers the route offered by each of its neighbors. –It selects the most attractive one as its next hop. –Then announces the new route to all its neighbors. –The algorithm is initiated when the destination announces its presence to its neighbors and ripples through the network. Routes are selected based on knowledge of the entire path.

7 BGP BGP converges when: –All nodes know the current path of their neighbors – No one wants to change their next hop. BGP is asynchronous. –Messages can be delayed along some links. –Some nodes may be slower than others.

8 The Appeal of BGP Myopic decisions. Local actions. Very little to maintain for each destination (huge number of destinations in the net). Recovers from node and link failures. No knowledge assumptions about the net. Allows the nodes to make decisions based on the full path. –The exact policy is up to the node itself!

9 Problem BGP does not always converge. Sometimes there is more than one stable routing tree, sometimes there are none! May depend on the asynchronous timing. Example (Naughty Gadget): 12 d 12d > 1d21d > 2d

10 Gao-Rexford Route oscillations are due to preference structure and network topology. These are not arbitrary: –The Internet is shaped by economic forces. –ASes sign routing contracts to decide who provides connectivity to whom. Gao & Rexford Modeled the economic relationships between ASes. –Customers, Providers, and Peers.

11 The Gao-Rexford Constraints Model only two types of connections: Customer to Provider Peer to Peer 21 4 5 3

12 The Gao-Rexford Constraints 1.No customer-provider cycles. –You cannot be your own customer indirectly 2.Prefer to route through customers over peers over providers. 3.Provide transit services only to customers. –Do not reveal to a provider/peer routes through other providers/peers. Topology Preferences Strategy 21 4 5 3

13 The Gao-Rexford Constraints If all three Gao-Rexford constraints hold, BGP is guaranteed to converge, for any timing. Deleting edges and nodes maintains the constraints. Gao & Rexford were mostly interested in convergence. –How do we force nodes to play by the rules? (Constraint 3)

14 Dispute Wheels [Griffin, Shepherd & Wilfong] A condition on Topology + Preferences. A set of nodes u i and paths R,Q. u i prefers R i Q i+1 Over Q i

15 Dispute Wheels A generalization of convergence conditions for BGP. No Dispute Wheels implies: –BGP converges for all timings. –A unique stable state. Griffin-Gao-Rexford later show that: The GR constraints imply no dispute wheel. Graphs with metric-like preferences also have no dispute wheels.

16 So far… Gao-Rexford 1+2+3 No Dispute WheelConvergence Metric Preferences

17 A Game-Theory Perspective Why should nodes follow the protocol? Routing is after all a game. Nodes can play strategically. The Game is: –Temporal (and maybe infinite) –Asynchronous (who plays when? Which messages are delayed?) –With partial information Nodes only see their own neighbors. Learn things during the run.

18 A Negative Result Fix a graph G Fix a routing alg. A (the “best” alg. you have for G). If for all preference expressed by nodes over paths in G the algorithm A – assigns a the same routing tree deterministically in any asynchronous timing, – is incentive compatible, – has at least 3 possible outcomes Then A is dictatorial. Meaning some node in G always gets its most preferred route.

19 54 362 17 d Negative Result. For example: if node 1 is the Dictator in this graph It may choose any path it wants to d, Thereby forcing many others along the way.

20 Remarks Alg. A may also be centralized. The manipulation implied is easy – only lie about your preferences. Graph G and Deterministic alg. A together are actually a social choice function. –From here, proof is by reduction from Gibbard Satterthwaite. Conclusion: if we want non-manipulability, we can’t expect reasonable algorithms that always converge.

21 Another Negative result BGP ‘as is’ is not incentive compatible even in Gao-Rexford settings. Honest GraphManipulated Graph

22 The Manipulator The lie is possible because the manipulator invents an edge in the Graph. The manipulator has a very large bag of tricks. –can drop messages, –send inconsistent ones, –lie about routes, –etc.

23 Path Verification We can fix our counter example by adding path verification. A node will know if the routes it is promised are available to its neighbor. –Can be done with cryptographic signatures. Note: An available route might not be used in practice! –The manipulator can report one available path but send packets along another.

24 + Path Verification + Path Verification Our Main Result Gao-Rexford 1+2+3 No Dispute Wheel Convergence Incentive Compatibility

25 The Right Solution Concept Dominant strategy would be best but is very rare. The regular Nash Eq. is an unreasonable eq. –You do not know the exact strategy of others, only their general protocol (BGP) –Don’t know preferences of others. –Don’t know the network structure Ex-Post Nash much better: –Given the fact that everyone is using BGP, BGP is the best response (for all preferences, net structures, timings etc.)

26 Proof Sketch. We take a graph that has no dispute wheel. It converges to some routing tree T. We will assume that BGP with route verification is not incentive compatible. Show a sequence of nodes that forms a dispute wheel, and thereby reach a contradiction. This is only a sketch! (I’m ignoring lots of messy details and subcases)

27 Assume: Manipulator m Manages to benefit from manipulation M m > m T m The path M m could not be an available option in T. –Otherwise m would choose it. d m TmTm MmMm

28 There must exist a node ‘1’ along M m that has M 1 ≠T 1 We choose ‘1’ to be the lowest node on M m with this property. All nodes below it route the same in both trees. Meaning M 1 is an available option in T. This implies: T 1 > 1 M 1 T 1 cannot be an available option in M (or it would be chosen) d m 1 TmTm MmMm M1M1 T1T1

29 There must exist a node ‘2’ along T 1 that has M 2 ≠T 2 We choose ‘2’ to be the lowest node on T 1 with this property. All nodes below it route the same in both trees. Meaning T 2 is an available option in M. This implies: M 2 > 2 T 2 M 2 cannot be an available option in T (or it would be chosen) d m 1 2 TmTm MmMm M1M1 T1T1 T2T2 M2M2

30 So there must exist nodes 4,5,6… that are chosen in the same manner. Eventually some node appears twice. (Let’s assume it’s the manipulator) We have a dispute Wheel! d m 1 2 3 4 k TmTm MmMm M1M1 T1T1 T2T2 M2M2 M3M3 T3T3 T4T4 MkMk TkTk

31 So where did we need route verification? Maybe the wheel has an odd number of nodes. The last node is above the manipulator on an M path. It may believe in a false path. Still, M m > m T m > m L m d m 1 2 3 4 k TmTm MmMm M1M1 T1T1 T2T2 M2M2 M3M3 T3T3 T4T4 TkTk MkMk LmLm

32 A stronger result With a slightly stronger route verification assumption (That is not possible to implement with digital signatures) and in graphs with no dispute wheel, BGP is collusion proof in ex- post Nash. Against any size of a defecting coalition. Clusters of manipulator nodes are the reason we need the stronger assumption here.

33 Final Result The 3rd Gao Rexford constraint speaks about the strategy of each node (Do not advertise a peer/provider to some other peer/provider) Modify the strategy to ignore routes to BGP` + gao rexford 1,2 is also converging, and incentive compatible. We replace the 3 rd constraint with the rationality assumption and equilibrium.

34 Conclusion A very small modification of BGP makes it incentive compatible in ex-post Nash to all kinds of manipulations. In fact, even without the modification, it is very hard to manipulate –You have to fool TCP/IP, traceroute, have lots of knowledge on the graph and prefernces. Manipulation by a coalition also requires Herculean efforts, and amazing coordination.

35 Open Questions Convergence -> Incentive compatibility? Better Conditions for BGP convergence? Network Formation Theory to explain structure?

36 Thank You!

Download ppt "The Strategic Justification for BGP Hagay Levin, Michael Schapira, Aviv Zohar."

Similar presentations

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.

COS 461 Fall 1997 Routing COS 461 Fall 1997 Typical Structure.
1 Incentive-Compatible Inter-Domain Routing Joan Feigenbaum Yale University Colloquium at Cornell University; October.

1 Incentive-Compatible Inter-Domain Routing Joan Feigenbaum Yale University Colloquium at Cornell University; October.
Noam Nisan, Michael Schapira, Gregory Valiant, and Aviv Zohar.

Noam Nisan, Michael Schapira, Gregory Valiant, and Aviv Zohar.
Does BGP Solve the Shortest Paths Problem? Timothy G. Griffin Joint work with Bruce Shepherd and Gordon Wilfong Bell Laboratories, Lucent Technologies.

Does BGP Solve the Shortest Paths Problem? Timothy G. Griffin Joint work with Bruce Shepherd and Gordon Wilfong Bell Laboratories, Lucent Technologies.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 Interdomain Routing and Games Hagay Levin, Michael Schapira and Aviv Zohar The Hebrew University.

1 Interdomain Routing and Games Hagay Levin, Michael Schapira and Aviv Zohar The Hebrew University.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
The Structure of Networks with emphasis on information and social networks T-214-SINE Summer 2011 Chapter 8 Ýmir Vigfússon.

The Structure of Networks with emphasis on information and social networks T-214-SINE Summer 2011 Chapter 8 Ýmir Vigfússon.
SCHOOL OF INFORMATION UNIVERSITY OF MICHIGAN si.umich.edu Searching for Stability in Interdomain Routing Rahul Sami (University of Michigan) Michael Schapira.

SCHOOL OF INFORMATION UNIVERSITY OF MICHIGAN si.umich.edu Searching for Stability in Interdomain Routing Rahul Sami (University of Michigan) Michael Schapira.
Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.

Towards a Logic for Wide-Area Internet Routing Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory Kunal.
Announcement  Slides and reference materials available at  Slides and reference materials available.

Announcement  Slides and reference materials available at  Slides and reference materials available.
Can Economic Incentives Make the ‘Net Work? Jennifer Rexford Princeton University

Can Economic Incentives Make the ‘Net Work? Jennifer Rexford Princeton University
STABLE PATH PROBLEM Presented by: Sangeetha A. J. Based on The Stable Path Problem and Interdomain Routing Timothy G. Griffin, Bruce Shepherd, Gordon Wilfong.

STABLE PATH PROBLEM Presented by: Sangeetha A. J. Based on The Stable Path Problem and Interdomain Routing Timothy G. Griffin, Bruce Shepherd, Gordon Wilfong.
Game Theoretic and Economic Perspectives on Interdomain Routing Michael Schapira Yale University and UC Berkeley.

Game Theoretic and Economic Perspectives on Interdomain Routing Michael Schapira Yale University and UC Berkeley.
1 Best-Reply Mechanisms Noam Nisan, Michael Schapira and Aviv Zohar.

1 Best-Reply Mechanisms Noam Nisan, Michael Schapira and Aviv Zohar.
BGP Safety with Spurious Updates Martin Suchara in collaboration with: Alex Fabrikant and Jennifer Rexford IEEE INFOCOM April 14, 2011.

BGP Safety with Spurious Updates Martin Suchara in collaboration with: Alex Fabrikant and Jennifer Rexford IEEE INFOCOM April 14, 2011.
1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:

1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:
Tutorial 5 Safe Routing With BGP Based on: Internet.

Tutorial 5 Safe Routing With BGP Based on: Internet.
Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.

Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.
CSEE W4140 Networking Laboratory Lecture 4: IP Routing (RIP) Jong Yul Kim 02.15.2010.

CSEE W4140 Networking Laboratory Lecture 4: IP Routing (RIP) Jong Yul Kim

Similar presentations

Ads by Google