nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Do Not Complicate Routing Security with Voodoo Economics

From: Nick Feamster <feamster () cc gatech edu>
Date: Mon, 5 Sep 2011 12:51:53 -0400
Three thoughts on the thread so far.

1. I think Randy raises an interesting point about the complexity of contracts.  We had a paper in SIGCOMM this year on 
the increasing use of more complicated interconnection contracts (and, in particular, tiered pricing).  See Section 2 
of our paper [1]:
http://www.gtnoise.net/papers/library/valancius-tiers.pdf
Some of us academics are trying to get more clued up on what providers actually do. :-)  [I may start a discussion on 
the pricing models in this paper in a separate thread later]

2. I question what fraction of routing decisions come down to a blind tiebreak---nearly all of them are likely to be 
driven by some other consideration (reliability, cost, etc.).  Our paper details a richer economic model by which ASes 
actually select paths, for example, but it's still unclear to me how coarse or fine-grained route selection really is 
in practice, and to what extent more complicated contracts have evolved.  I wonder how common "blind tiebreaking" is in 
BGP, in real networks; the approach in Sharon's paper definitely may overstate how common that is if route selection 
considerations commonly involve things that are not visible in the AS graph (e.g., traffic ratios, congestion, 
performance), but academics could really benefit from some more insight into how rich these decisions are in practice.  

3. I think the discussion on the list so far misses what I see as the central question about the economic assumptions 
in that paper.  The paper assumes that all destinations are equally valuable, which we know is not the case.  This 
implicitly (and perhaps mistakenly?) shifts the balance of power to tier-1 ISPs, whereas in practice, it may be with 
other ASes (e.g., Google).  In practice, ISPs may be willing to spend significant amounts of money to reach certain 
destinations or content (some destinations are more valuable than others... e.g., Google).  If the most "valuable" 
destinations deployed S-BGP and made everyone who wanted to connect to them deploy it, that would be more likely to 
succeed than the approach taken in the paper, I think.

Conclusion: All of these questions above make me wonder about two more general assumptions that it would be good to get 
some more insight into:
        * Who "holds the cards", in terms of dictating the terms of interconnection?  Content providers?  Access 
networks/eyeballs?  Tier-1s?  (many of the recent peering spats recently seem to indicate that various ASes are trying 
to shake the current balance(s) of power, it seems)
        * How complicated are interconnection contracts today, and how have they evolved? (i.e., how common is a random 
tiebreak, and how does that differ by network?)

-Nick

-------------------------

[1] Valancius, V. and Lumezanu, C. and Feamster, N. and Johari, R. and Vazirani, V.V.
How Many Tiers? Pricing in the Internet Transit Market
In ACM SIGCOMM, 2011


On Sep 5, 2011, at 11:36 AM, Joe Maimon wrote:




Owen DeLong wrote:


On Sep 5, 2011, at 7:24 AM, Jennifer Rexford wrote:





One could argue that rejecting routes which you previously had no way to
know you should reject will inherently alter the routing system and that this
is probably a good thing.


Good point.  Also, "tie breaking" in favor of signed-and-verified routes over not-signed-and-verified routes does 
not necessarily affect your traffic "positively or negatively" -- rather, if you are letting an arbitrary final tie 
break make the decision anyway, you are arguably *neutral* about the outcome...

-- Jen


This is true in terms of whether you care or not, but, if one just looks at whether it changes the content of the 
FIB or not, changing which arbitrary tie breaker you use likely changes the contents of the FIB in at least some 
cases.

The key point is that if you are to secure a previously unsecured database such as the routing table, you will 
inherently be changing the contents of said database, or, your security isn't actually accomplishing anything.

Owen




Except if you believe we have been lucky until now and security is all about the future where we may be less lucky.

What I would be interested in seeing is a discussion on whether any anti-competitive market distortion incentives 
exist for large providers in adopting secured BGP. We might be lucky there too.

Perhaps this will finally help solve the routing slot scalability problem. Might also jumpstart LISP. Which may put 
some more steam into v6. Welcome to the brave new internet.

Good for everyone, right?

Are you feeling lucky?


Joe
Previous By Date Next
Previous By Thread Next

Current thread: