An Adaptive Policy Management Approach to BGP Convergence

An Adaptive Policy Management Approach to

BGP ConvergencebySelma Yilmaz

PhD Examining Committee:

Prof. Ibrahim Matta, First Reader (Major Advisor)Prof. John Byers, Second ReaderProf. Assaf Kfoury, Third Reader

Prof. Azer Bestavros, Committee ChairProf. Richard West

Border Gateway Protocol (BGP)

• Is the de facto inter-domain routing protocol of today’s global Internet

• Is a policy-based routing protocol– allows ASes to share reachability information according to policies

Export policyAlways share routes with AS1

Import policy Accept routes from AS2 for destination A

Border Gateway Protocol (BGP)

• BGP does not necessarily solve shortest path routing problem– Best path is the path with the highest local preference value

• assigned by locally defined policies

AS1

AS3

AS2

AS5

AS4

May assign higher preference value to path

(AS3 AS2 AS1) than path (AS4 AS1)

BGP Routing Process

• Allows to select the routes based on any desired criteria • Makes it easier to realize commercial relationships between ASes Ex: Forward data only for paying customers Filter out the paths passing through AS x

Apply Export Policies

forward, not forward

Send BGP UPDATEs to peers

Update IP Forwarding Table (FIB)

BGP UPDATEs from peers

Apply Import Policies

accept, reject,set localpreferences

select best path

BGP Decision Process

Open-ended programming

Problems with Policy-based Routing • Collection of locally well-configured policies may cause

global conflicts:– It may not be possible to satisfy conflicting policies

simultaneously– Causes BGP to diverge

• ASes exchange routing messages indefinitely

• First shown by Varadhan et al. [USC Technical Report 1996]

• Statically checking for BGP convergence property is an NP-complete problem [Griffin et al. Sigcomm 1999]

• Many solutions proposed to detect and prevent policy conflicts

Why is this problem important?

BGP is widely deployed in today’s Internet • Persistent oscillations leads to

– repeated advertising and withdrawing of routes • higher processing load

– re-running BGP decision process to select the best path – updating routing and forwarding tables

• endangered scalability– routers may experience severe CPU load, and memory

problems

• makes traffic engineering through an AS very difficult

• Convergence of BGP must be guaranteed independent of locally selected policies

Thesis Contributions

• A generalized control theoretical framework for BGP convergence is developed

• The framework is instantiated for recently proposed algorithms

• Deficiencies of previous solutions are exposed• A new dynamic algorithm called “Adaptive Policy

Management Scheme (APMS)” is proposed• Correctness and convergence analysis of the algorithm

is presented• APMS implemented in the SSF network simulator, and

its performance is compared against other solutions

Abstract Model of BGP [Griffin Infocom 2000]

Stable Paths Problem (SPP) represents the static semantics of BGP

Simple Path Vector Protocol (SPVP) represents the dynamic semantics of BGP is a distributed algorithm solving SPP An SPP is called safe if SPVP always converges

Stable Paths Problem (SPP)

• Network is represented as a simple, undirected graph – Nodes represent BGP routers, edges represent BGP sessions – Node 0 represents destination

• For each node v, there is a set of permitted paths, Pv

• For each node v, there is a ranking function, λv

• Empty path, ε, is a permitted path at each node, and has the lowest rank

• Paths are simple, i.e. no repeated nodes

Example of an SPP instance:

4

31

2

0

21020

13010 30

420430

Most preferredLeast preferred

A Solution to a Stable Paths Problem (SPP)

A solution is an assignment of permitted paths to each node

such that– node u’s assigned path is either of the following

• ε• max (λu((u w)Pw)) among the advertised path Pw by w є peers(u)

An SPP instance may have• multiple solutions

– SPVP may diverge• no solution

– SPVP diverges • a unique solution

– does not mean that SPVP converges to that solution• solvability does not imply safety

What is the sufficient condition that will guaranteesafety of an SPP specification?

4

31

2

0

21020

13010 30

420430

Safe

Dispute Wheel [GW ICNP 99] A wheel of size k

For each 1 ≤ i ≤ k: Ri is a path from ui to ui+1

(u1=uk+1)

Qi is a permitted path ui

RiQi+1 is a permitted path at ui (Q1=Qk+1)

Qi is less (or equally) preferred than RiQi+1 at node ui

Properties of dispute wheels assuming S is an

SPP instance: If S has no DW, then S is safe and

robust Lack of DW implies a solution

Presence of DW does not imply divergence Divergence due to lack of solution implies DW Divergence due to multiple solutions implies DW

Ri

d

u1

R1

u2

ui

uk

Rk

ui+1

Q1

Q2

Qi

Qi+1

Qk

spokes

Route preferences of these nodes cause dispute wheel

Examples of Stable Paths Problem

0

1

32

21

21020

12010

0

Solutions: (10)(210) and (20)(210)

0

1

2

Safe, Not Robust

No Solution Multiple Solutions

2

3

13010

21020

342030

1

0

4420430 4

2

3

13010

21020

342030

1

0

4 40420430

Stabilizes on (130)(30)(20)(40)

If the link (40) fails, new SPP has “no solution”

Unique Solution, May Not Converge

4 1

2

0

1

2

0

312

312312

4

56

431045312043120

531056312053120

631064312063120

3

5 6

0

12010

21020

2

4 1

3103120

Generalized Control Theoretical Framework

Feedback Monitor: Update AdjRibIn Check path for AS loops (path vector property) Apply import policies to decide permitted

paths

Control Mechanism: Apply import policies to assign Local Preferences Choose best path

Check for an indication of divergence If YES, change best path Update locRIB, and export to peers

Control MechanismBest Path

Network

Update MessagesFeedback Monitor

Router u

Details of Control Theoretical Framework

Check the path P for loops: If P contains “u”

Update AdjRibIn(w)

Apply import policies to see if the path P is permitted at node u

Contr

ol M

ech

anis

m

Node u

UPDATE message from peer w with path P

Compute best path, best(u)

Apply import policies to assign Local Preferences

Check for an Indication of Divergence

Update localRIB and export best(u)

yesno

Feedback

M

onit

or

Control Best Path Selection

Change Ranking Function

Restrict Usage of Some Paths

Re-Compute best path

Related Work and Instantiations in the Control

Theoretical Framework

Gao&Rexford Algorithm [Infocom01]

Provides guidelines that guarantees safety of BGP

– Use hierarchical structure of the Internet and commercial relationships between ASes to specify local policies

• Provider-to-customer graph should be acyclic– Paths are classified as provider/customer/peer

according to next-hop AS• Each AS must prefer customer paths more than

provider/peer paths– Route Registry database keeps relationships and

verify that guidelines are followed

Disadvantages– Static solution– Requires Route Registry– Disallows many paths

Gao&Rexford Algorithm [Infocom01]

0

23

113010

32030

21020

Ex:

0

23

1Cycle involving 1,2,3 will be detected by Route Registry and ASes will be advised to use their shortest AS paths: (10),(20),(30)

Assume following provider-to-customer graph:

Griffin&Wilfong Algorithm [Infocom00]

• Proposes carrying dynamically computed history of path change events with Update messages, history

• Path change event is computed as follows: If node u changes its current path from Pold to Pnew

– Pnew is more preferred than Pold, e=(+, Pnew)

– Pold is more preferred than Pnew, e=(-, Pold)

• History explains the exact sequence of events leading to the adoption of the current path

• Cycles in the history corresponds exactly to dispute wheels

• The path whose adoption creates a cycle is suppressed• Disadvantages

– History may get very long, may reveal preferences– Cycle in the history is necessary but not sufficient condition– Cannot distinguish temporary and persistent oscillations

Griffin&Wilfong with Control Theoretical Framework

Check the path P for loops: If the AS path contains “u”

Update AdjRibIn(w)

Apply import policies to see if the path is permitted at node u

Contr

ol M

ech

anis

m

Node u

UPDATE message from peer w with path P and history h

Compute best path, bestB(u), excluding the paths in bad path set


Re-compute best path, bestB(u), excluding the paths in bad path setUpdate history

Update localRIB and export bestB(u)

yes

no

Feedback

M

onit

or

Check for an Indication of Divergence Compute path change event, p p=(+, bestB(u)) if λu(bestB(u))> λu(current best path) p=(-, current best path) if λu(bestB(u))< λu(current best path) Check updated history for loops

Control Best Path Selection add bestB(u) to bad paths set, B(u)

Griffin&Wilfong Periodic Reset

Purge bad paths set, B(u)

Update each path stored in AdjRibIn by resetting history

Contr

ol M

ech

anis

m

Node u

Periodic Reset


Feedback

M

onit

or



Compute Path Change Event, p p=(+, bestB(u)) if λu(bestB(u))> λu(current best path) p=(-, current best path) if λu(bestB(u))< λu(current best path)

Set history of bestB(u) to p

Griffin&Wilfong [Infocom00]

0

23

113010

32030

21020

Stabilizes to unreachable destination for all nodes

step node best path path assignment 0 1 (10) (+10) 2 (20) (+20) 3 (30) (+30) 1 1 (130) (+130)(+30) 2 (210) (+210)(+10) 3 (320) (+320)(+20) 2 1 (10) (-130)(+320)(+20) 2 (20) (-210)(+130)(+30) 3 (30) (-320)(+210)(+10) 3 1 (130) (+130)(-320)(+210)(+10) 2 (210) (+210)(-130)(+320)(+20) 3 (320) (+320)(-210)(+130)(+30) 4 1 (10) (-130)(+320)(-210)(+130)(+30) 2 (20) (-210)(+130)(-320)(+210)(+10) 3 (30) (-320) (+210)(-130)(+320)(+20) 5 1 epsilon 2 epsilon 3 epsilon

May Griffin&Wilfong lead to simultaneous path eliminations?

1

0

3

2

Cobb&Musunuri [Globecomm04]

• Assigns integer costs to the nodes• Monotonically increases the cost whenever the new

path of a node has lower rank then its previous path• If there is divergence, costs grow • Costs are included in Update messages• Whenever a node has option to improve its current path

by choosing a better alternative path P

– Checks first if the cost of the next-hop node along P is lower than a threshold – Otherwise, keeps the current path

• Disadvantages– Aggregates paths through the same node– May lead to simultaneous path rejections– Lowering costs are hard – Lowering costs are suggested to be done periodically without taking any

precaution to prevent re-introducing the resolved conflicts

Cobb&Musunuri with Control Theoretical Framework

Check the path P for loops: If the AS path contains “u”

Update AdjRibIn(w)


Contr

ol M

ech

anis

m

Node u

UPDATE message from peer w with path P and cost c



Update localRIB and export best(u) along with cost of u

yesno

Feedback

M

onit

or

Check for an Indication of Divergence (λu(best(u)) > λu(current path)) and (cost(next(best(u))) ≥ threshold and current path is not epsilon)

Update Cost of Node u if ((λu(current path)> λu(best(u)) if nextHop(current path)!=nextHop(best(u)) cost(u)=cost(u)+1 if nextHop(current path)==nextHop(best(u)) cost(u)=cost(nextHop(current path(u)) else cost(u)=cost(nextHop(current path(u))

Restrict Usage of Some Paths if (current path is not epsilon) and (cost(next(best(u))) ≥ threshold) do not adopt best(u)

Cobb&Musunuri Periodic Reset

cost(u)=0

Contr

ol M

ech

anis

m

Node u

A command received to reset the cost of node u to 0



Update localRIB and export best(u) along with cost of u

Feedback

M

onit

or

Update Cost of Node u if ((λu(current path)> λu(best(u)) if nextHop(current path)!=nextHop(best(u)) cost(u)=cost(u)+1 if nextHop(current path)==nextHop(best(u)) cost(u)=cost(nextHop(current path(u)) else cost(u)=cost(nextHop(current path(u))

Cobb&Musunuri [Globecomm04]

0

23

113010

32030

21020

All nodes stabilize to their lowest preferred paths

step node count best path 0 1 0 (10) 2 0 (20) 3 0 (30) 1 1 0 (130) 2 0 (210) 3 0 (320) 2 1 1 (10) 2 1 (20) 3 1 (30) 3 1 1 (130) 2 1 (210) 3 1 (320) 4 1 2 (10) 2 2 (20) 3 2 (30) 5 1 won’t use (130) since count(3) ≥ 2 2 won’t use (210) since count(2) ≥ 2 3 won’t use (130) since count(3) ≥ 2

1

0

3

2

May lead to unnecessary path eliminations?

Assume threshold=2

Motivation for APMS

• Detect persistent oscillations dynamically

• For better scalability – Detect paths involved in a policy conflict using only local info– Resolve conflicts locally

• Each node involved in a conflict observes route flaps– Constantly adopting a path and later abandoning it– Not every advertisement received is changing

• Safe path• There must be more preferred path(s) than the safe path

– Make the safe path highest ranked path to stop oscillation

– Each node needs to keep local history to detect the flapping paths

• Count is associated with the paths in the local history– increased with every flap of the path

– Distributed algorithm• There may be synchronous detection and path rank change

– Perform rank change probabilistically

Adaptive Policy Management Scheme

• max_threshold – Due to probabilistic adjustment of path preferences, the

conflict may remain unresolved• If count> max_threshold, suppress the path.

• min_threshold• To distinguish between temporary and persistent oscillations

• Each node independently classifies the state of the network by comparing count values against max_threshold and min_threshold

time

count

max_threshold

min_threshold

Policy conflictfree phase

Policy conflictavoidance phase

Policy conflictcontrol phase

Adaptive Policy Management Scheme

State of the system:– Path ordering at each node– (Path, Count) pairs in localHistory

• Count value denotes how many times a path is adopted and later abandoned

– Bad path set keeps suppressed paths– peerStability value associated with each peer

• How many times the path advertised by a peer has changed– The peers with peerStability=1 are stable peers– The paths advertised by stable peers are safe

– keepAliveCount associated with each peer• Used as an indication of stability• If keepAliveCount ≥ ka_threshold for each peer

– Node concludes that the system is stabilized– Probabilistically restore local preference values

APMS Feedback Monitor (When an Update is Received)

peerStability(w)++keepAliveCount=0

Check the path for loops: If the AS path contains “u”

Update AdjRibIn(w)


CONTROL MECHANISM

Node u

UPDATE message from peer w

APMS Control Mechanism (When an Update is Received)


If bestB(u) is different from the current best path, count(bestB(u))++

count(bestB(u))>max_threshold

count(bestB(u))>min_threshold

Control Best Path Selection: Policy Conflict Avoidance PhaseChange ranking with probability ½ rank(Psafe)=1 where Psafe is the most preferred safe path bestB(u)=Psafe

reset some states: count(P) for each P in localHistory peerStability(w) for each peer w

noyes

Control Best Path Selection: Policy Conflict Control PhaseRestrict usage of the path badPaths(u)= badPaths(u) U bestB(u) re-compute best path, bestB(u) reset some states: count(P) for each P in localHistory peerStability(w) for each peer w


noyes

Nod

e u


APMS Path Rank Restoration

• When the system stabilizes, there may be some path rank changes that are not contributing to the current state of stability– Policies are placed for a purpose such as traffic engineering,

cost, security• Must keep them untouched unless they are conflicting

• Must adapt to every state of the network– conflict free as well as potentially conflicting

• When the system stabilizes, peers exchange only keepAlive messages– Nodes may use this as an indication of convergence

• Probe the state for improvement, i.e. restoration, in their current policies

• Probabilistically restore local preference values– May introduce instability back to system– Use smaller probability, 1/4

APMS Path Rank Restoration (When a KeepAlive is Received)

keepAliveCount(w)++

Contr

ol M

ech

anis

mN

ode u

KeepAlive message from peer w

Feedback

M

onit

or

Stability CheckkeepAliveCount(v) ≥ ka_threshold for each peer v of u

for each peer v of node u for path P in AdjRibIn(v) with probability 1/4 if P was suppressed, remove it from bad paths set if P’s preference has been changed, reset its original local preference reset some states: count(P) for path P in localHistory peerStability(v) keepAliveCount(v)



yes

Handling Transient Oscillations due to Topology Changes

If there is a topology change such as link/node failure/recovery• Resulting flaps may interfere with diagnosing conflicts

– May lead to false positives

• The system before and after the change have different policy dynamics– New state may be conflict free, local states must be reset

• Suggest that the node next to the topology change includes extra-information in the resulting Update message – topologyChange helps to

• reset local state• temporarily turn policy conflict detection process off

– originator is a list of nodes who adapted to the new topology• helps to turn policy conflict detection process on

Convergence Analysis of APMS

• Different path orderings at the nodes specify different states of the network and define different policies

• Goal: Show that starting with an arbitrary state of the

system, the APMS converges to a stable state within a finite number of steps.

• Use substability property of chosen paths

Definitions

• Conflict free node is a node whose policies are not conflicting with any other node

• Nonflapping (stable) path P=(v,..,destination) is the best path of a conflict free node, which does not change over time

• Safe path (u,v)P is a permitted path at node u, where v is a peer of u, and v is a conflict free node and advertising nonflapping path P

• Conflicting safe alternative node is involved in a policy conflict and has a safe path

• Conflicting node is involved in a policy conflict, and does not have a safe path

Example:

Conflicting safe-alternative nodes can stabilize by holding onto their safe paths

– realize through rank change


Node 1 is a conflicting safe-alternative node with safe path (150)Node 2 is a conflicting safe-alternative node with safe path (250)Node 3 is a conflicting safe-alternative node with safe path (350)Node 4 is a conflicting nodeNode 5 is a conflict free node with stable path (50)

If node 2 changes its path preference to prefer (250) more than (2150):node 2 becomes conflict free node

path (250) becomes stable path path (4250) becomes safe path at node 4 …..

4342504350

34250350

5

1 21350150

2150250

0

50

Observable Safe Path Path P=(u,v,..,0) is an observable safe path at a conflicting safe alternative node u if none of the nodes along this path observes route flaps due to other conflicts.

Innermost Conflict


uk uk-1u2 u1 0ui ui-1ui+1

conflict free nodes

involved in conflict Ci

Path P=

may be involved in conflict Ci+1

may be involved in conflict Ck-1

Ci is the innermost conflict along P

3 conflicts with intervening safe paths


0

98

3

7

4

21

5

6

120140

560520

452040

237020

64060

78070

3140370

97090

89080

1

23

0

4

7

7

89

0

4

56

0 2

Conflict I

Conflict II Conflict III

(60) is observable safe path at node 6(370) is not an observable safe pathInnermost conflict along (370) is Conflict II

Theorem: During the execution of the APMS, the size of the set of nodes that are conflict free increases monotonically.

Proof:S=set of conflict free nodes S forms a routing tree rooted at the destination, and grows as the nodes in S advertise their chosen paths.

By induction show that S grows monotonically:Basis: At the beginning, S={}. Destination is added.Hypothesis: At step k of the execution, assume the size of S is n, and up to this point S grew monotonically. Induction Step: Show that at step (k+1), the size of S will be greater than n.



At step (k+1):

Case I: (u v)Pv is not permitted, then the size of S will stay the same.

vpv

S with n nodes already stabilized to their paths

0u

v advertises Pv to u

1 2

0

3

4

13010

32030

21020

4210Ex:

1

03 24S

Node 2 advertises (20) to node 4

1

32

0


At step (k+1):

vpv


0u


1 2

0

3

4

13010

32030

21020

420Ex:

1

03 24S


1

32

0

Case II: u stabilizes on path (u v)Pv and then added to Sa) u is a conflict free node

its path to destination may have node(s) involved in conflict(s)


At step (k+1):

vpv


0u


2 3

0

1

421020

13010

342030

420430

Ex:

3

01

24S


1

32

0

Case II: u stabilizes on path (u v)Pv, and then added to S b) u is a conflicting node, and path (u v)Pv is node u’s

most preferred path

4


At step (k+1):

Ex:

1

03 24S


1

32

0

Case III: (u v)Pv is permitted at u, but u does not stabilize on this path - (u v)Pv is a safe path at node u

- u must be conflicting safe alternative node - u performs rank change and stabilizes on (u v)Pv

- for each conflict there are at least 2 safe alternative nodes, this is the step where they are breaking the conflict

1 2

0

3

4

13010

32030

21020

4504206

556050

642060

5

64

0 2

vpv


0u


• For cases II and III, size of S increases monotonically. What about case I?– If for each node u outside of S, the paths (u v)Pv

advertised by peers v in S are not permitted, then node u converges to epsilon.

– Then all the nodes outside of S will converge to epsilon at this point.

– APMS returns with a stable routing tree.

• After finite number of steps, all nodes will be in

S and APMS converges.


Advantages of APMS over Related Work

1) Gao&Rexford Algorithm [Infocom01]2) Griffin&Wilfong Algorithm [Infocom00]3) Cobb&Musunuri Algorithm [Globecomm04]

Gao&Rexford

• Static solution• Requires a global database to

keep relationships between ASes– Global authority checks

periodically for conformance with guidelines

• Eliminates lots of paths from the beginning – too restrictive

• Path elimination is the only means of resolving conflicts

• Stability of the system is the only goal

APMS

• Dynamic solution• Distributed computation• Allows ASes to adopt to the current

state: conflict free or potentially conflicting

• Path elimination is not the primary means of removing conflicts

• Paths are eliminated only during the policy conflict control phase – Helps to limit the number of paths

eliminated• For the stabilized system, there

will be as many paths as possible

– better connectivity– more flexibility in path

selection

• Both stability and limiting the number of path eliminations are concerns of algorithm

Griffin&Wilfong• Dynamic solution• “History” carried with each Update

message– Potentially very long messages – High communication overhead

• History may reveal preferences of other ASes

• Cycle in the history is necessary but not sufficient condition for divergence

– There may be false positives

• Stability is the only goal • Path elimination is the only means of

resolving conflicts• Eliminated paths cannot be used

later under any condition

• Cannot differentiate between persistent and transient oscillations

– Suggests observing the same loop for a number of times in history

• bigger values increase communication overhead even more

• smaller values lead to false positives

• Simultaneous path eliminations are possible even when single path elimination is sufficient

APMS• Dynamic solution• No communication overhead unless

there is a topology change• No privacy concerns• There may be false positives due to

local solution– Paths are not eliminated immediately– Eliminated paths may be reused after the

system stabilizes

• Goal is both stability and limiting the number of path eliminations

• Changing policies is the primary means of resolving conflicts

• Eliminated paths can be used later – Adapts to every state of the network – Topology change

• Differentiate between persistent and transient oscillations due to topology change

– More effective mechanism for this purpose• Helps to minimize false positives

• If transient oscillation is not because of topology change cannot distinguish

– Uses min_treshold for this purpose• bigger values lead to longer convergence• smaller values lead to more rank change

• Simultaneous rank changes are minimized via probabilistic approach

•

Cobb&Musunuri

• Dynamic solution• Costs are associated with nodes,

not paths– Aggregates paths through the same node– One flapping path may cause all the alternatives to be rejected

• Costs of the nodes involved in the same conflict grows in tandem

– Simultaneous path eliminations

• Solves conflicts through path elimination

• Hard to adapt to the dynamics of the system after conflicts disappear

– Suggests resetting costs via diffusing computations periodically

• Has to keep min-hop spanning tree for each destination

• Cannot be done very often, expensive• Blindly resetting the costs introduces the

resolved conflicts back to the system– Weekly or monthly resets are suggested

hoping that conflicts resolved by themselves in the meantime!

• Local state at each node– node count per destination– (id of the parent on the min-hop spanning

tree, hop count to the destination) per dest

APMS

• Dynamic solution• Costs are associated with paths

– Can exactly pinpoint the paths causing problems

• Leads to less preference change and/or path suppression

• Costs of the nodes involved in the same conflict grows in tandem– Due to probabilistic approach, nodes

do not react simultaneously

• Leads to less preference change and/or path suppression

• Path elimination is the not the primary means of solving conflicts

• Easily adapt to the dynamics of the system: conflict free or potentially conflicting

• Potentially larger local state at each node

Simulation Results

Performance Metrics

• Average percentage of paths that are eliminated per node among the permitted paths to provide stability– Smaller values indicate better performance

• Eliminating permitted paths may – strain reachability– force router to use less preferred path

• Average percentage of the paths whose rank has been changed per node– Smaller values indicate better performance

• higher number of rank changes mess with the policies placed for specific purposes

• Average of the percentage of the preference loss per node– Preference loss of a path is the difference between its original local preference

value and its current local preference value• If a path is in bad path set, its preference loss is its original preference value

– Helps quantify the total effect of both path elimination and rank change– Smaller values indicate better performance

Performance Metrics

• Number of Update messages exchanged between routers

– Indication of stability– Smaller values show the efficiency of the protocols dealing with conflicts

• Number of octets carried with Update messages– Measures overhead

• Average extra storage used (in bytes)– For SPVP

• history carried and stored at the routing tables along the Updates• bad path set

– For APMS• local history, bad path set are main contributors• per peerStability, per peer keepaliveCount

• Throughput Number of packets received in the last 100sec is averaged over 100sec.

• Average delay for the packets received Delay of the packets received in the last 100sec is averaged over 100sec

Simulation Set I15 independent dispute wheels with increasing sizeEach node has 3 permitted paths:

1. Through its clockwise neighbor; localPref(100)2. Direct path; localPref (80)3. Path through its counterclockwise neighbor; localPref(40)

Constant data flowUnbounded buffersPeriodic link failures: ASes lose connection to 0 Failures happen at 1000sec, 3000sec Failures last 1000secAPMS variations:(min_threshold=2, ka_threshold=6) 1. max_threshold=3, topology change diagnostic 2. max_threshold=3, no topology change diagnostic 3. max_threshold=10, topology change diagnostic 4. max_threshold=10, no topology change diagnostic

Griffin&Wilfong: Uses path elimination after seeing the same loop twice

• APMS with max_threshold=3, no topology change diagnostic

– False positives

• APMS with max_threshold=3, with topology change diagnostic

– Big improvement, 0.48%

• APMS with max_threshold=10– Resolves conflicts by path rank change – Minimal path elimination

• SPVP eliminates the flapping paths to deal with conflicts, 14.4%

Average percentage of the paths whose rank has been changed per node

Using topology change diagnostic improves performance

• For max_threshold=10, metric value drops from 18% to 7%

• There is not a single path elimination for this case

•For max_threshold=3, metric value drops from 15% to 5.4%

ResultsAverage percentage of paths that are eliminated

ResultsAverage of the percentage of the preference loss per node

•SPVP causes loss of 18%, only because of eliminated paths• Performance with APMS is always better than SPVP• Larger values of max_threshold along with topology change diagnosis significantly improves performance to less than 1% loss of path preferences.

Number of Update messages exchanged between routers

• Link failure and restoration causes burst of Updates

• Failures: Paths to the destination are withdrawn• Recovery: BGP Session is re-established, whole routing tables are exchanged

• Metric value for BGP4 for non-fail periods is not 0: system does not stabilize

Results

Number of octets carried with Update messages

• SPVP has the highest number of octets carried• APMS shows best performance

• APMS’s way of differentiating temporary oscillations due to topology change is more efficient than SPVP’s

• BGP4 has nonzero value for the metric for non-fail periods due to instability

Average extra storage used (in bytes)

• Due to history, SPVP requires much larger storage than APMS

• APMS requires 10KB extra storage, SPVP requires 200KB-360KB

• For non-fail periods, the metric value is higher due to better reachability

Simulation Set II

7 dispute wheels, some intervening: {AS1, AS2, AS3},

{AS4, AS5, AS6}, {AS7, AS8, AS9}, {AS10, AS11, AS12}, {AS13, AS14, AS15}, {AS16, AS17, AS18}, {AS19, AS20, AS21}

No topology change Limited buffer size, routing packets are given priority over data packets Constant data flow:

– From servers located at AS0 to the clients located at the other ASes– From servers located at other ASes to the clients located at AS0

Topology and Path Ranks

ResultsThroughput• APMS is better than SPVP

– Size of Update messages are short – Does not eliminate as many paths

• APMS is better than BGP4– Reaches stability quickly

• leads to smaller number of exchanged Updates

• BGP4 performs better than SPVP– Does not eliminate paths permanently– Some packets may not reach destination due

to temporary stability– Update messages are shorter than SPVP

Delay

• SPVP causes the highest packet delay due to the longest Update messages• BGP4 performs better than SPVP due to shorter Update messages• BGP4 performs better than APMS since APMS forces some nodes to stabilize on their longer paths

Conclusion

• Proposed new dynamic algorithm, APMS, adapting to the system dynamics while resolving policy conflicts and overcoming the shortcomings of available solutions

• Correctness analysis• Simulation results

Future Work

• Transient performance analysis• More detailed evaluation model

– include IBGP

• Prototype implementation

Other Work• Class based Isolation of UDP, short lived TCP and long

lived TCP flows– separate service queues at the routers– better fairness – improved predictability for all kinds of flows– better control over QoS of a particular traffic type

• Evaluated scalability vs performance tradeoffs in MPLS and IP Routing– per-packet routing: stateless– Widest Shortest Path: per-flow state – MIRA: per-flow state, uses ingress-egress pair matrix – PBR: per-flow state, per-class state, uses both ingress-egress pairs and

traffic matrix• WSP is the most scalable among per-flow algorithms, shows good

performance• PBR is the least scalable, most complex (time and space), performance

suffers due to unsplitability of flows

Documents

An Adaptive Policy Management Approach to BGP Convergence