research-article

Prelude: Ensuring Inter-Domain Loop-Freedom in SDN-Enabled Networks

Authors:

Arnaud Dethise,

Marco CaniniAuthors Info & Claims

APNet '18: Proceedings of the 2nd Asia-Pacific Workshop on Networking

Pages 50 - 56

https://doi.org/10.1145/3232565.3232570

Published: 01 August 2018 Publication History

Abstract

Software-Defined eXchanges (SDXes) promise to improve the interdomain routing ecosystem through SDN deployment. Yet, the naïve deployment of SDN on the Internet raises concerns about the correctness of the interdomain data-plane. By allowing operators to deflect traffic from default BGP routes, SDN policies can create permanent forwarding loops that are not visible to the control-plane.

We propose Prelude, a system for detecting SDN-induced forwarding loops between SDXes with high accuracy without leaking private routing information of network operators. To achieve this, we leverage Secure Multi-Party Computation (SMPC) techniques to build a novel and general privacy-preserving primitive that detects whether any subset of SDN rules might affect the same portion of traffic without learning anything about those rules. We then leverage this primitive as the main building block of a distributed system tailored to detect forwarding loops among any set of SDXes. We leverage the particular nature of SDXes to further improve the efficiency of our SMPC solution.

The number of valid SDN rules rejected by our solution is 100x lower than previous privacy-preserving solutions, and provides better privacy guarantees. Furthermore, our solution naturally provides network operators with some insights on the cost of the deflected paths.

References

[1]

G. Asharov, D. Demmler, M. Schapira, T. Schneider, G. Segev, S. Shenker, and M. Zohner. Privacy-Preserving Interdomain Routing at Internet Scale. Proceedings on Privacy Enhancing Technologies (PoPETs), 3, 2017.

[2]

AtlanticWaveSDX: A Distributed Intercontintal Experimental Software Defined Exchange for Research & Education Networking, 2015. https://itnews.fiu.edu/wp-content/uploads/sites/8/2015/04/AtlanticWaveSDX-Press-Release__FinalDraft.pdf.

[3]

AS65000 BGP Routing Analysis. https://bgp.potaroo.net/as2.0/bgp-active.html.

[4]

R. Birkner, A. Gupta, N. Feamster, and L. Vanbever. SDX-Based Flexibility or Internet Correctness? Pick Two! In SOSR, 2017.

Digital Library

[5]

The CAIDA AS Relationships Dataset, 2015. http://www.caida.org/data/as-relationships/.

[6]

M. Chiesa, D. Demmler, M. Canini, M. Schapira, and T. Schneider. Internet Routing Privacy Survey, 2017. http://bit.ly/2rjT7Nj.

[7]

M. Chiesa, D. Demmler, M. Canini, M. Schapira, and T. Schneider. SIXPACK: Securing Internet eXchange Points Against Curious onlooKers. In CoNEXT, 2017.

Digital Library

[8]

M. Chiesa, C. Dietzel, G. Antichi, M. Bruyere, I. Castro, M. Gusat, T. King, A. W. Moore, T. D. Nguyen, P. Owezarski, S. Uhlig, and M. Canini. Inter-Domain Networking Innovation on Steroids: Empowering IXPs with SDN Capabilities. IEEE Communications Magazine, 54, Oct. 2016.

Digital Library

[9]

DE-CIX: Project Endeavour, 2015. https://www.de-cix.net/en/about-de-cix/research-and-development/endeavour.

[10]

D. Demmler, T. Schneider, and M. Zohner. ABY: A Framework for Efficient Mixed-Protocol Secure Two-Party Computation. In NDSS, 2015.

[11]

L. Gao and J. Rexford. Stable Internet Routing Without Global Coordination. In SIGMETRICS, 2000.

Digital Library

[12]

P. Gill, M. Schapira, and S. Goldberg. A Survey of Interdomain Routing Policies. ACM SIGCOMM Computer Communication Review, 44(1), Dec. 2013.

Digital Library

[13]

A. Gupta, R. MacDavid, R. Birkner, M. Canini, N. Feamster, J. Rexford, and L. Vanbever. An Industrial-Scale Software Defined Internet Exchange Point. In NSDI, 2016.

Digital Library

[14]

A. Khurshid, W. Zhou, M. Caesar, and P. B. Godfrey. Veriflow: Verifying Network-Wide Invariants in Real Time. In NSDI, 2013.

Digital Library

[15]

Open Networking Foundation. Software-Defined Networking: The New Norm for Networks. https://www.opennetworking.org/images/stories/downloads/sdn-resources/white-papers/wp-sdn-newnorm.pdf.

[16]

Prelude Technical Report. https://arxiv.org/abs/1806.09566.

[17]

J. Rexford, J. Wang, Z. Xiao, and Y. Zhang. BGP Routing Stability of Popular Destinations. In SIGCOMM Workshop on Internet Measurements, 2002.

Digital Library

[18]

S. Vissicchio, O. Tilmans, L. Vanbever, and J. Rexford. Central Control Over Distributed Routing. In SIGCOMM, 2015.

Digital Library

Cited By

Cong PZhang YWang LWang WGong XYang TLi DXu K(2023)DIT and Beyond: Interdomain Routing With Intradomain Awareness for IIoTIEEE Internet of Things Journal10.1109/JIOT.2023.329350010:23(20602-20616)Online publication date: 1-Dec-2023
https://doi.org/10.1109/JIOT.2023.3293500
Cong PZhang YWang LNi HWang WGong XYang TLi DXu K(2022)Break the Blackbox! Desensitize Intra-domain Information for Inter-domain Routing2022 IEEE/ACM 30th International Symposium on Quality of Service (IWQoS)10.1109/IWQoS54832.2022.9812918(1-10)Online publication date: 10-Jun-2022
https://doi.org/10.1109/IWQoS54832.2022.9812918
Zhou ZHe MKellerer WBlenk AFoerster KCarle GOtt J(2021)P4UpdateProceedings of the 17th International Conference on emerging Networking EXperiments and Technologies10.1145/3485983.3494845(175-190)Online publication date: 2-Dec-2021
https://dl.acm.org/doi/10.1145/3485983.3494845
Show More Cited By

Index Terms

Prelude: Ensuring Inter-Domain Loop-Freedom in SDN-Enabled Networks
1. Networks
  1. Network properties
    1. Network privacy and anonymity
  2. Network protocols
    1. Network layer protocols
      1. Routing protocols
2. Security and privacy

Recommendations

Robust and efficient routing for disruption tolerant networks
Dynamics of hot-potato routing in IP networks

Despite the architectural separation between intradomain and interdomain routing in the Internet, intradomain protocols do influence the path-selection process in the Border Gateway Protocol (BGP). When choosing between multiple equally-good BGP routes, ...
Dynamics of hot-potato routing in IP networks
SIGMETRICS '04/Performance '04: Proceedings of the joint international conference on Measurement and modeling of computer systems

Despite the architectural separation between intradomain and interdomain routing in the Internet, intradomain protocols do influence the path-selection process in the Border Gateway Protocol (BGP). When choosing between multiple equally-good BGP routes, ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Other conferences

APNet '18: Proceedings of the 2nd Asia-Pacific Workshop on Networking

August 2018

78 pages

ISBN:9781450363952

DOI:10.1145/3232565

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

SIGCOMM: ACM Special Interest Group on Data Communication
SIGMOBILE: ACM Special Interest Group on Mobility of Systems, Users, Data and Computing
Tsinghua University: TsingHua University Philips Research

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 August 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Funding Sources

Horizon 2020

Conference

APNet '18

APNet '18: 2nd Asia-Pacific Workshop on Networking

August 1 - 3, 2018

Beijing, China

Acceptance Rates

Overall Acceptance Rate 50 of 118 submissions, 42%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

6
Total Citations
View Citations
114
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 14 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Cong PZhang YWang LWang WGong XYang TLi DXu K(2023)DIT and Beyond: Interdomain Routing With Intradomain Awareness for IIoTIEEE Internet of Things Journal10.1109/JIOT.2023.329350010:23(20602-20616)Online publication date: 1-Dec-2023
https://doi.org/10.1109/JIOT.2023.3293500
Cong PZhang YWang LNi HWang WGong XYang TLi DXu K(2022)Break the Blackbox! Desensitize Intra-domain Information for Inter-domain Routing2022 IEEE/ACM 30th International Symposium on Quality of Service (IWQoS)10.1109/IWQoS54832.2022.9812918(1-10)Online publication date: 10-Jun-2022
https://doi.org/10.1109/IWQoS54832.2022.9812918
Zhou ZHe MKellerer WBlenk AFoerster KCarle GOtt J(2021)P4UpdateProceedings of the 17th International Conference on emerging Networking EXperiments and Technologies10.1145/3485983.3494845(175-190)Online publication date: 2-Dec-2021
https://dl.acm.org/doi/10.1145/3485983.3494845
Mostafaei HKumar DLospoto GChiesa MBattista G(2021)DeSI: A Decentralized Software-Defined Network Architecture for Internet Exchange PointsIEEE Transactions on Network Science and Engineering10.1109/TNSE.2021.30825758:3(2198-2212)Online publication date: 1-Jul-2021
https://doi.org/10.1109/TNSE.2021.3082575
Zarezadeh MMala HKhajeh H(2020)Preserving Privacy of Software-Defined Networking Policies by Secure Multi-Party ComputationJournal of Computer Science and Technology10.1007/s11390-020-9247-535:4(863-874)Online publication date: 27-Jul-2020
https://doi.org/10.1007/s11390-020-9247-5
TONG VTRAN HSOUIHI SMELLOUK A(2018)Network troubleshooting: Survey, Taxonomy and Challenges2018 International Conference on Smart Communications in Network Technologies (SaCoNeT)10.1109/SaCoNeT.2018.8585610(165-170)Online publication date: Oct-2018
https://doi.org/10.1109/SaCoNeT.2018.8585610

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents