TY - GEN
T1 - SDX-based flexibility or internet correctness? Pick two!
AU - Birkner, Rüdiger
AU - Gupta, Arpit
AU - Feamster, Nick
AU - Vanbever, Laurent
N1 - Publisher Copyright:
© 2017 ACM.
PY - 2017/4/3
Y1 - 2017/4/3
N2 - Software-Defined Internet eXchange Points (SDXes) are recently gaining momentum, with several SDXes now running in production. The deployment of multiple SDXes on the Internet raises the question of whether the interactions between these SDXes will cause correctness problems, since SDX policies can deflect traffic away from the default BGP route for a prefix, effectively breaking the congruence between the control plane and data plane. Although one deflection on a path will never cause loops to occur, combining multiple deflections at different SDXes can lead to persistent forwarding loops that the control plane never sees. In this paper, we introduce SIDR, a coordination framework that enables SDXes to verify the end-to-end correctness (i.e., loop freedom) of an SDX policy. The challenge behind SIDR is to strike a balance between privacy, scalability, and flexibility. SIDR addresses these challenges by: (i) not requiring SDXes to disclose the flow space their SDX policies act on, only the next-hop they deflect to; and (ii) minimizing the number of SDXes that must exchange state to detect correctness problems. SIDR manages to preserve the flexibility of SDX policies by activating the vast majority of the safe policies, the policies that do not create a loop. We implemented SIDR on the SDX platform and showed its practical effectiveness: SIDR can activate 91% of all safe policies while preserving privacy and scalability and can perform correctness checks in about one second.
AB - Software-Defined Internet eXchange Points (SDXes) are recently gaining momentum, with several SDXes now running in production. The deployment of multiple SDXes on the Internet raises the question of whether the interactions between these SDXes will cause correctness problems, since SDX policies can deflect traffic away from the default BGP route for a prefix, effectively breaking the congruence between the control plane and data plane. Although one deflection on a path will never cause loops to occur, combining multiple deflections at different SDXes can lead to persistent forwarding loops that the control plane never sees. In this paper, we introduce SIDR, a coordination framework that enables SDXes to verify the end-to-end correctness (i.e., loop freedom) of an SDX policy. The challenge behind SIDR is to strike a balance between privacy, scalability, and flexibility. SIDR addresses these challenges by: (i) not requiring SDXes to disclose the flow space their SDX policies act on, only the next-hop they deflect to; and (ii) minimizing the number of SDXes that must exchange state to detect correctness problems. SIDR manages to preserve the flexibility of SDX policies by activating the vast majority of the safe policies, the policies that do not create a loop. We implemented SIDR on the SDX platform and showed its practical effectiveness: SIDR can activate 91% of all safe policies while preserving privacy and scalability and can perform correctness checks in about one second.
KW - Internet exchange point (IXP)
KW - Routing
KW - Software defined networking (SDN)
UR - http://www.scopus.com/inward/record.url?scp=85018949405&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85018949405&partnerID=8YFLogxK
U2 - 10.1145/3050220.3050221
DO - 10.1145/3050220.3050221
M3 - Conference contribution
AN - SCOPUS:85018949405
T3 - SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research
SP - 1
EP - 7
BT - SOSR 2017 - Proceedings of the 2017 Symposium on SDN Research
PB - Association for Computing Machinery, Inc
T2 - 2017 Symposium on SDN Research, SOSR 2017
Y2 - 3 April 2017 through 4 April 2017
ER -