TY - GEN
T1 - Virtually eliminating router bugs
AU - Keller, Eric
AU - Yu, Minlan
AU - Caesar, Matthew
AU - Rexford, Jennifer L.
PY - 2009
Y1 - 2009
N2 - Software bugs in routers lead to network outages, security vulnerabilities, and other unexpected behavior. Rather than simply crashing the router, bugs can violate protocol semantics, rendering traditional failure detection and recovery techniques ineffective. Handling router bugs is an increasingly important problem as new applications demand higher availability, and networks become better at dealing with traditional failures. In this paper, we tailor software and data diversity (SDD) to the unique properties of routing protocols, so as to avoid buggy behavior at run time. Our bug-tolerant router executes multiple diverse instances of routing software, and uses voting to determine the output to publish to the forwarding table, or to advertise to neighbors. We design and implement a router hypervisor that makes this parallelism transparent to other routers, handles fault detection and booting of new router instances, and performs voting in the presence of routing-protocol dynamics, without needing to modify software of the diverse instances. Experiments with BGP message traces and open-source software running on our Linux-based router hypervisor demonstrate that our solution scales to large networks and efficiently masks buggy behavior.
AB - Software bugs in routers lead to network outages, security vulnerabilities, and other unexpected behavior. Rather than simply crashing the router, bugs can violate protocol semantics, rendering traditional failure detection and recovery techniques ineffective. Handling router bugs is an increasingly important problem as new applications demand higher availability, and networks become better at dealing with traditional failures. In this paper, we tailor software and data diversity (SDD) to the unique properties of routing protocols, so as to avoid buggy behavior at run time. Our bug-tolerant router executes multiple diverse instances of routing software, and uses voting to determine the output to publish to the forwarding table, or to advertise to neighbors. We design and implement a router hypervisor that makes this parallelism transparent to other routers, handles fault detection and booting of new router instances, and performs voting in the presence of routing-protocol dynamics, without needing to modify software of the diverse instances. Experiments with BGP message traces and open-source software running on our Linux-based router hypervisor demonstrate that our solution scales to large networks and efficiently masks buggy behavior.
KW - BGP
KW - Bugs
KW - Reliability
KW - Routers
UR - http://www.scopus.com/inward/record.url?scp=76749100308&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=76749100308&partnerID=8YFLogxK
U2 - 10.1145/1658939.1658942
DO - 10.1145/1658939.1658942
M3 - Conference contribution
AN - SCOPUS:76749100308
SN - 9781605586366
T3 - CoNEXT'09 - Proceedings of the 2009 ACM Conference on Emerging Networking Experiments and Technologies
SP - 13
EP - 24
BT - CoNEXT'09 - Proceedings of the 2009 ACM Conference on Emerging Networking Experiments and Technologies
T2 - 2009 ACM Conference on Emerging Networking Experiments and Technologies, CoNEXT'09
Y2 - 1 December 2009 through 4 December 2009
ER -