[144210] in North American Network Operators' Group
Re: Do Not Complicate Routing Security with Voodoo Economics
daemon@ATHENA.MIT.EDU (Nick Feamster)
Mon Sep 5 12:52:30 2011
From: Nick Feamster <feamster@cc.gatech.edu>
In-Reply-To: <4E64EC71.9080704@ttec.com>
Date: Mon, 5 Sep 2011 12:51:53 -0400
To: Joe Maimon <jmaimon@ttec.com>
Cc: North American Network Operators' Group <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Three thoughts on the thread so far.
1. I think Randy raises an interesting point about the complexity of =
contracts. We had a paper in SIGCOMM this year on the increasing use of =
more complicated interconnection contracts (and, in particular, tiered =
pricing). See Section 2 of our paper [1]:
http://www.gtnoise.net/papers/library/valancius-tiers.pdf
Some of us academics are trying to get more clued up on what providers =
actually do. :-) [I may start a discussion on the pricing models in =
this paper in a separate thread later]
2. I question what fraction of routing decisions come down to a blind =
tiebreak---nearly all of them are likely to be driven by some other =
consideration (reliability, cost, etc.). Our paper details a richer =
economic model by which ASes actually select paths, for example, but =
it's still unclear to me how coarse or fine-grained route selection =
really is in practice, and to what extent more complicated contracts =
have evolved. I wonder how common "blind tiebreaking" is in BGP, in =
real networks; the approach in Sharon's paper definitely may overstate =
how common that is if route selection considerations commonly involve =
things that are not visible in the AS graph (e.g., traffic ratios, =
congestion, performance), but academics could really benefit from some =
more insight into how rich these decisions are in practice. =20
3. I think the discussion on the list so far misses what I see as the =
central question about the economic assumptions in that paper. The =
paper assumes that all destinations are equally valuable, which we know =
is not the case. This implicitly (and perhaps mistakenly?) shifts the =
balance of power to tier-1 ISPs, whereas in practice, it may be with =
other ASes (e.g., Google). In practice, ISPs may be willing to spend =
significant amounts of money to reach certain destinations or content =
(some destinations are more valuable than others... e.g., Google). If =
the most "valuable" destinations deployed S-BGP and made everyone who =
wanted to connect to them deploy it, that would be more likely to =
succeed than the approach taken in the paper, I think.
Conclusion: All of these questions above make me wonder about two more =
general assumptions that it would be good to get some more insight into:
* Who "holds the cards", in terms of dictating the terms of =
interconnection? Content providers? Access networks/eyeballs? =
Tier-1s? (many of the recent peering spats recently seem to indicate =
that various ASes are trying to shake the current balance(s) of power, =
it seems)
* How complicated are interconnection contracts today, and how =
have they evolved? (i.e., how common is a random tiebreak, and how does =
that differ by network?)
-Nick
-------------------------
[1] Valancius, V. and Lumezanu, C. and Feamster, N. and Johari, R. and =
Vazirani, V.V.
How Many Tiers? Pricing in the Internet Transit Market
In ACM SIGCOMM, 2011
On Sep 5, 2011, at 11:36 AM, Joe Maimon wrote:
>=20
>=20
> Owen DeLong wrote:
>>=20
>> On Sep 5, 2011, at 7:24 AM, Jennifer Rexford wrote:
>>=20
>>>=20
>>>>=20
>>>> One could argue that rejecting routes which you previously had no =
way to
>>>> know you should reject will inherently alter the routing system and =
that this
>>>> is probably a good thing.
>>>=20
>>> Good point. Also, "tie breaking" in favor of signed-and-verified =
routes over not-signed-and-verified routes does not necessarily affect =
your traffic "positively or negatively" -- rather, if you are letting an =
arbitrary final tie break make the decision anyway, you are arguably =
*neutral* about the outcome...
>>>=20
>>> -- Jen
>>=20
>> This is true in terms of whether you care or not, but, if one just =
looks at whether it changes the content of the FIB or not, changing =
which arbitrary tie breaker you use likely changes the contents of the =
FIB in at least some cases.
>>=20
>> The key point is that if you are to secure a previously unsecured =
database such as the routing table, you will inherently be changing the =
contents of said database, or, your security isn't actually =
accomplishing anything.
>>=20
>> Owen
>>=20
>=20
>=20
> Except if you believe we have been lucky until now and security is all =
about the future where we may be less lucky.
>=20
> What I would be interested in seeing is a discussion on whether any =
anti-competitive market distortion incentives exist for large providers =
in adopting secured BGP. We might be lucky there too.
>=20
> Perhaps this will finally help solve the routing slot scalability =
problem. Might also jumpstart LISP. Which may put some more steam into =
v6. Welcome to the brave new internet.
>=20
> Good for everyone, right?
>=20
> Are you feeling lucky?
>=20
>=20
> Joe
>=20
