Abstract
Internet end users and ISPs alike have little control over how packets are routed outside of their own AS, restricting their ability to achieve levels of performance, reliability, and utility that might otherwise be attained. While researchers have proposed a number of source-routing techniques to combat this limitation, there has thus far been no way for independent ASes to ensure that such traffic does not circumvent local traffic policies, nor to accurately determine the correct party to charge for forwarding the traffic.We present Platypus, an authenticated source routing system built around the concept of network capabilities. Network capabilities allow for accountable, fine-grained path selection by cryptographically attesting to policy compliance at each hop along a source route. Capabilities can be composed to construct routes through multiple ASes and can be delegated to third parties. Platypus caters to the needs of both end users and ISPs: users gain the ability to pool their resources and select routes other than the default, while ISPs maintain control over where, when, and whose packets traverse their networks. We describe how Platypus can be used to address several well-known issues in wide-area routing at both the edge and the core, and evaluate its performance, security, and interactions with existing protocols. Our results show that incremental deployment of Platypus can achieve immediate gains.
- S. Agarwal, C.-N. Chuah, and R. H. Katz. OPCA: Robust interdomain policy routing and traffic control. In Proc. IEEE OPENARCH, June 2002.]]Google Scholar
- M. K. Aguilera, M. Ji, M. Lillibridge, J. MacCormick, E. Oertli, D. G. Andersen, M. Burrows, T. Mann, and C. A. Thekkath. Block-level security for network-attached disks. In Proc. USENIX FAST, Apr. 2003.]] Google ScholarDigital Library
- D. G. Andersen. Mayday: Distributed filtering for internet services. In Proc. USITS, Mar. 2003.]] Google ScholarDigital Library
- D. G. Andersen, H. Balakrishnan, M. F. Kaashoek, and R. T. Morris. Resilient overlay networks. In Proc. ACM SOSP, Oct. 2001.]] Google ScholarDigital Library
- T. Anderson, T. Roscoe, and D. Wetherall. Preventing Internet denial-of-service with capabilities. In Proc. HotNets, Nov. 2003.]]Google Scholar
- R. Atkinson. Security architecture for the Internet protocol. RFC 1825, IETF, Aug. 1995.]] Google ScholarDigital Library
- J. Black, S. Halevi, H. Krawczyk, T. Krovetz, and P. Rogaway. UMAC: Fast and secure message authentication. Advances in Cryptology -- CRYPTO '99. LNCS, 1666, 1999.]] Google ScholarDigital Library
- J. Black and P. Rogaway. A block-cipher mode of operation for parallelizable message authentication. Advances in Cryptology -- EUROCRYPT '02. LNCS, 2332, 2002.]] Google ScholarDigital Library
- CAIDA Skitter Project. http://www.caida.org/tools/measurement/skitter/.]]Google Scholar
- I. Castiñeyra, N. Chiappa, and M. Steenstrup. The Nimrod routing architecture. RFC 1992, IETF, Aug. 1996.]]Google ScholarDigital Library
- D. D. Clark. Policy routing in Internet protocols. RFC 1102, IETF, May 1989.]] Google ScholarDigital Library
- D. D. Clark, J. Wroclawski, K. R. Sollins, and R. Braden. Tussle in cyberspace: Defining tomorrow's Internet. In Proc. ACM SIGCOMM, Aug. 2002.]] Google ScholarDigital Library
- N. G. Duffield and M. Grossglauser. Trajectory sampling for direct traffic observation. In Proc. ACM SIGCOMM, Aug. 2000.]] Google ScholarDigital Library
- D. Estrin, T. Li, Y. Rekhter, K. Varadhan, and D. Zappala. Source demand routing: Packet format and forwarding specification. RFC 1940, IETF, May 1996.]] Google ScholarDigital Library
- D. Estrin, J. C. Mogul, and G. Tsudik. Visa protocols for controlling interorganizational datagram flow. IEEE J. SAC, 7(4), May 1989.]]Google Scholar
- D. Estrin and G. Tsudik. Security issues in policy routing. In Proc. IEEE Symposium on Security and Privacy, May 1989.]]Google ScholarCross Ref
- G. Huston. Commentary on inter-domain routing in the Internet. RFC 3221, IETF, Dec. 2001.]] Google ScholarDigital Library
- H. Krawczyk, M. Bellare, and R. Canetti. HMAC: Keyed-hashing for message authentication. RFC 2104, IETF, Feb. 1997.]] Google ScholarDigital Library
- A. Kumar, J. Xu, L. Li, J. Wang, and O. Spatschek. Space-code Bloom filter for efficient per-flow traffic measurement. In Proc. IEEE Infocom, Mar. 2004.]]Google ScholarCross Ref
- C. Labovitz, A. Ahuja, A. Bose, and F. Jahanian. Delayed Internet routing convergence. IEEE/ACM ToN, 9(3), June 2001.]] Google ScholarDigital Library
- Leichtman Research Group. A record 2.3 million add broadband in first quarter of 2004, May 2004.]]Google Scholar
- J. B. MacQueen. On convergence of k-means and partitions with minimum average variance. Ann. Math. Stat., 36, 1965.]]Google Scholar
- R. Mahajan, N. Spring, D. Wetherall, and T. Anderson. User-level Internet path diagnosis. In Proc. ACM SOSP, Oct. 2003.]] Google ScholarDigital Library
- R. Mahajan, D. Wetherall, and T. Anderson. Understanding BGP misconfiguration. In Proc. ACM SIGCOMM, Aug. 2002.]] Google ScholarDigital Library
- D. L. Mills. A brief history of NTP time: Memoirs of an Internet timekeeper. SIGCOMM CCR, 33(2), 2003.]] Google ScholarDigital Library
- A. Nakao, L. L. Peterson, and A. Bavier. A routing underlay for overlay networks. In Proc. ACM SIGCOMM, Aug. 2003.]] Google ScholarDigital Library
- W. B. Norton. Internet service providers and peering. In Proc. NANOG, June 2000.]]Google Scholar
- L. Qiu, Y. R. Yang, Y. Zhang, and S. Shenker. On selfish routing in Internet-like environments. In Proc. ACM SIGCOMM, Aug. 2003.]] Google ScholarDigital Library
- E. C. Rosen, A. Viswanathan, and R. Callon. Multiprotocol label switching architecture. RFC 3031, IETF, Jan. 2001.]] Google ScholarDigital Library
- B. Sanzone, D. Katz, D. Asher, D. Carlson, G. Bouchard, M. Bertone, M. Hussain, R. Kessler, and T. Hummel. NITROX II: A family of in-line security processors. In Proc. IEEE Hot Chips, Aug. 2003.]]Google Scholar
- S. Savage, A. Collins, E. Hoffman, J. Snell, and T. Anderson. The end-to-end effects of Internet path selection. In Proc. ACM SIGCOMM, Sept. 1999.]] Google ScholarDigital Library
- A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, B. Schwartz, S. T. Kent, and W. T. Strayer. Single-packet IP traceback. IEEE/ACM ToN, 10(6), Dec. 2002.]] Google ScholarDigital Library
- A. C. Snoeren and B. Raghavan. Decoupling policy from mechanism in Internet routing. In Proc. HotNets, Nov. 2003.]]Google Scholar
- N. Spring, R. Mahajan, and T. Anderson. Quantifying the causes of path inflation. In Proc. ACM SIGCOMM, Aug. 2003.]] Google ScholarDigital Library
- N. Spring, R. Mahajan, and D. Wetherall. Measuring ISP topologies with Rocketfuel. In Proc. ACM SIGCOMM, Aug. 2002.]] Google ScholarDigital Library
- I. Stoica, D. Adkins, S. Zhuang, S. Shenker, and S. Surana. Internet indirection infrastructure. In Proc. ACM SIGCOMM, Aug. 2002.]] Google ScholarDigital Library
- I. Stoica and H. Zhang. LIRA: An approach for service differentiation in the Internet. In Proc. NOSSDAV, June 1998.]]Google Scholar
- H. Tahilramani Kaur, S. Kalyanaraman, A. Weiss, S. Kanwar, and A. Gandhi. BANANAS: An evolutionary framework for explicit and multipath routing in the Internet. In Proc. ACM SIGCOMM FDNA, Aug. 2003.]] Google ScholarDigital Library
- R. Wattenhofer and P. Widmayer. An inherent bottleneck in distributed counting. In Proc. ACM PODC, Aug. 1997.]] Google ScholarDigital Library
- X. Yang. NIRA: A new Internet routing architecture. In Proc. ACM SIGCOMM FDNA, Aug. 2003.]] Google ScholarDigital Library
- D. Zhu, M. Gritter, and D. R. Cheriton. Feedback based routing. In Proc. HotNets, Oct. 2002.]]Google Scholar
Index Terms
- A system for authenticated policy-compliant routing
Recommendations
Pathlet routing
SIGCOMM '09We present a new routing protocol, pathlet routing, in which networks advertise fragments of paths, called pathlets, that sources concatenate into end-to-end source routes. Intuitively, the pathlet is a highly flexible building block, capturing policy ...
A system for authenticated policy-compliant routing
SIGCOMM '04: Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communicationsInternet end users and ISPs alike have little control over how packets are routed outside of their own AS, restricting their ability to achieve levels of performance, reliability, and utility that might otherwise be attained. While researchers have ...
Secure and policy-compliant source routing
In today's Internet, inter-domain route control remains elusive; nevertheless, such control could improve the performance, reliability, and utility of the network for end users and ISPs alike. While researchers have proposed a number of source routing ...
Comments