SDX Publications
2018 |
Preserving Privacy at IXPs Xiaohe Hu, Arpit Gupta, Nick Feamster, Aurojit Panda, Scott Shenker Under Submission abstract Web
Autonomous systems (ASes) on the Internet increasingly rely on Internet
Exchange Points (IXPs) for peering. IXPs provide the physical infrastructure
including a fabric required to interconnect ASes. A single IXP may
interconnect several 100s or 1000s of participants (ASes) all of which might
peer with each other. This requires each participant to maintain a BGP
session with every other participant in an IXP and poses a scaling challenge.
IXPs have addressed this challenge through the use of route servers. When
route servers are used IXP participants outsource parts of their policy to
the route server and maintain a single BGP session with it. The route server
is responsible for implementing parts of each participant policies -- often
export and import policies. While route servers allow IXPs to scale, they
require participants to trust the IXP and reveal their policies, a drastic
change from the accepted norm where all policies are kept private. In this
paper we look at techniques to build route servers which provide the same
functionality as existing route servers (thus providing scalability) without
requiring participants to reveal their policies thus preserving the status
quo and enabling wider adoption of IXPs. Prior work has looked at secure
multi-party computation (SMPC) as a means of implementing such route servers
however this affects performance and reduces policy flexibility. In this
paper we take a different tack and build on trusted execution environments
(TEEs) such as Intel SGX to keep policies private. We present results from
an initial route server implementation that runs under Intel SGX and show
that our approach has 20× better performance than SMPC based
approaches. Furthermore, we demonstrate that the additional privacy provided
by our approach comes at minimal cost and our implementation is at worse
2.1× slower than a current route server implementation (and in some
situations up to 2× faster).
|
2017 Apr |
Concise Encoding of Flow Attributes in SDN Switches Robert MacDavid, Rüdiger Birkner, Ori Rottenstreich, Arpit Gupta, Nick Feamster, Jennifer Rexford ACM SOSR, Santa Clara, CA Winner of Best Paper Award abstract Paper Talk Code Web BibTeX
@inproceedings{macdavid2017concise,
title={Concise encoding of flow attributes in SDN switches}, author={MacDavid, Robert and Birkner, Rudiger and Rottenstreich, Ori and Gupta, Arpit and Feamster, Nick and Rexford, Jennifer}, booktitle={Proceedings of the Symposium on SDN Research}, pages={48--60}, year={2017}, organization={ACM} }
Network devices such as routers and switches forward traffic
based on entries in their local forwarding tables. Although
these forwarding tables conventionally make decisions based
on a packet header field such as a destination address, tagging
flows with sets or sequences of attributes and making
forwarding decisions based on these attributes can enable
richer network policies. For example, devices at the edge of
a network could add a tag to each packet that encodes a set
of egress locations, a set of host permissions, or a sequence
of middleboxes to traverse; simpler devices in the core of the
network could then forward packets based on this tag.
Unfortunately, naive construction of these tags can create
forwarding tables that grow quadratically with the number
of elements in the set or sequence prohibitive for commodity
network devices. In this paper, we present PathSets, a
compression algorithm that makes such encodings practical.
The algorithm encodes sets or sequences (e.g., middlebox service
chains, lists of next-hop network devices) in a compact
tag that fits in a small packet-header field. Our evaluation
shows that PathSets can encode attribute sets and sequences
for large networks using tag widths competitive with existing
approaches and that the number of forwarding rules grows
linearly with the number of attributes encoded.
|
2017 Apr |
SDX-Based Flexibility or Internet Correctness? Pick Two! Rüdiger Birkner, Arpit Gupta, Nick Feamster, Laurent Vanbever ACM SOSR, Santa Clara, CA abstract Paper Talk Code Web BibTex
@inproceedings{birkner2017sdx,
title={SDX-Based Flexibility or Internet Correctness?: Pick Two!}, author={Birkner, R{\"u}diger and Gupta, Arpit and Feamster, Nick and Vanbever, Laurent}, booktitle={Proceedings of the Symposium on SDN Research}, pages={1--7}, year={2017}, organization={ACM} }
Software-Defined Internet eXchange Points (SDXes) are recently
gaining momentum, with several SDXes now running
in production. The deployment of multiple SDXes on the Internet
raises the question of whether the interactions between
these SDXes will cause correctness problems, since SDX
policies can deflect traffic away from the default BGP route
for a prefix, effectively breaking the congruence between the
control plane and data plane. Although one deflection on a
path will never cause loops to occur, combining multiple deflections
at different SDXes can lead to persistent forwarding
loops that the control plane never sees.
In this paper, we introduce SIDR, a coordination framework
that enables SDXes to verify the end-to-end correctness (i.e.,
loop freedom) of an SDX policy. The challenge behind SIDR
is to strike a balance between privacy, scalability, and flexibility.
SIDR addresses these challenges by: (i) not requiring
SDXes to disclose the flow space their SDX policies act on,
only the next-hop they deflect to; and (ii) minimizing the number
of SDXes that must exchange state to detect correctness
problems. SIDR manages to preserve the flexibility of SDX
policies by activating the vast majority of the safe policies,
the policies that do not create a loop. We implemented SIDR
on the SDX platform and showed its practical effectiveness:
SIDR can activate 91% of all safe policies while preserving
privacy and scalability and can perform correctness checks in
about one second.
|
2016 Mar |
Authorizing Network Control at Software Defined Internet Exchange Points Arpit Gupta, Nick Feamster, Laurent Vanbever ACM SOSR, Santa Clara, CA abstract Paper Talk Code Web BibTex
@inproceedings{gupta2016authorizing,
title={Authorizing network control at software defined internet exchange points}, author={Gupta, Arpit and Feamster, Nick and Vanbever, Laurent}, booktitle={Proceedings of the Symposium on SDN Research}, pages={16}, year={2016}, organization={ACM} }
Software Defined Internet Exchange Points (SDXes) increase the
flexibility of interdomain traffic delivery on the Internet. Yet, an
SDX inherently requires multiple participants to have access to
a single, shared physical switch, which creates the need for an
authorization mechanism to mediate this access. In this paper, we
introduce a logic and mechanism called FLANC (A Formal Logic
for Authorizing Network Control), which authorizes each participant
to control forwarding actions on a shared switch and also
allows participants to delegate forwarding actions to other participants
at the switch (e.g., a trusted third party). FLANC extends
“says” and “speaks for” logic that have been previously designed for
operating system objects to handle expressions involving network
traffic flows. We describe FLANC, explain how participants can use
it to express authorization policies for realistic interdomain routing
settings, and demonstrate that it is efficient enough to operate in
operational settings.
|
2016 Mar |
iSDX: An Industrial-Scale Software Defined Internet Exchange Point Arpit Gupta, Robert MacDavid, Rüdiger Birkner, Marco Canini, Nick Feamster, Jennifer Rexford, Laurent Vanbever USENIX NSDI, Santa Clara, CA Winner of Community Award Selected in the Best of the Rest session at USENIX ATC, 2016 Media Articles: CircleID, ONF Blog, NewIP abstract Paper Talk Code Web BibTeX
@inproceedings{gupta2016isdx,
title={An Industrial-Scale Software Defined Internet Exchange Point.}, author={Gupta, Arpit and MacDavid, Robert and Birkner, R{\"u}diger and Canini, Marco and Feamster, Nick and Rexford, Jennifer and Vanbever, Laurent}, booktitle={NSDI}, pages={1--14}, year={2016} }
Software-Defined Internet Exchange Points (SDXes)
promise to significantly increase the flexibility and function
of interdomain traffic delivery on the Internet. Unfortunately,
current SDX designs cannot yet achieve the scale
required for large Internet exchange points (IXPs), which
can host hundreds of participants exchanging traffic for
hundreds of thousands of prefixes. Existing platforms are
indeed too slow and inefficient to operate at this scale, typically
requiring minutes to compile policies and millions
of forwarding rules in the data plane.
We motivate, design, and implement iSDX, the first
SDX architecture that can operate at the scale of the
largest IXPs. We show that iSDX reduces both policy
compilation time and forwarding table size by two orders
of magnitude compared to current state-of-the-art SDX
controllers. Our evaluation against a trace from one of the
largest IXPs in the world found that iSDX can compile
a realistic set of policies for 500 IXP participants in less
than three seconds. Our public release of iSDX, complete
with tutorials and documentation, is already spurring early
adoption in operational networks.
|
2014 Aug |
SDX: A Software Defined Internet Exchange
Arpit Gupta, L. Vanbever, M. Shahbaz, S. Donovan, B. Schlinker, N. Feamster, J. Rexford, S. Shenker, R. Clark, E. Katz-Bassett ACM SIGCOMM, Chicago, IL 210+ citations, one of the highest for SIGCOMM 2014 abstract Paper Talk Code Web BibTeX
@inproceedings{gupta2014sdx,
title={SDX: A Software Defined Internet Exchange}, author={Gupta, Arpit and Vanbever, Laurent and Shahbaz, Muhammad and Donovan, Sean P. and Schlinker, Brandon and Feamster, Nick and Rexford, Jennifer and Shenker, Scott and Clark, Russ and Katz-Bassett, Ethan}, booktitle={SIGCOMM}, year={2014}, organization={ACM} }
BGP severely constrains how networks can deliver traffic over the
Internet. Today's networks can only forward traffic based on the
destination IP prefix, by selecting among routes offered by their
immediate neighbors. We believe Software Defined Networking
(SDN) could revolutionize wide-area traffic delivery, by offering
direct control over packet-processing rules that match on multiple
header fields and perform a variety of actions. Internet exchange
points (IXPs) are a compelling place to start, given their central role
in interconnecting many networks and their growing importance in
bringing popular content closer to end users.
To realize a Software Defined IXP (an SDXť), we must create
compelling applications, such as application-specific peering,
where two networks peer only for (say) streaming video traffic. We
also need new programming abstractions that allow participating
networks to create and run these applications and a runtime that
both behaves correctly when interacting with BGP and ensures that
applications do not interfere with each other. Finally, we must ensure
that the system scales, both in rule-table size and computational
overhead. In this paper, we tackle these challenges and demonstrate
the flexibility and scalability of our solutions through controlled and
in-the-wild experiments. Our experiments demonstrate that our SDX
implementation can implement representative policies for hundreds
of participants who advertise full routing tables while achieving
sub-second convergence in response to configuration changes and
routing updates.
|