Do Not Complicate Routing Security with Voodoo Economics
feamster at cc.gatech.edu
Mon Sep 5 16:51:53 UTC 2011
Three thoughts on the thread so far.
1. I think Randy raises an interesting point about the complexity of contracts. We had a paper in SIGCOMM this year on the increasing use of more complicated interconnection contracts (and, in particular, tiered pricing). See Section 2 of our paper :
Some of us academics are trying to get more clued up on what providers actually do. :-) [I may start a discussion on the pricing models in this paper in a separate thread later]
2. I question what fraction of routing decisions come down to a blind tiebreak---nearly all of them are likely to be driven by some other consideration (reliability, cost, etc.). Our paper details a richer economic model by which ASes actually select paths, for example, but it's still unclear to me how coarse or fine-grained route selection really is in practice, and to what extent more complicated contracts have evolved. I wonder how common "blind tiebreaking" is in BGP, in real networks; the approach in Sharon's paper definitely may overstate how common that is if route selection considerations commonly involve things that are not visible in the AS graph (e.g., traffic ratios, congestion, performance), but academics could really benefit from some more insight into how rich these decisions are in practice.
3. I think the discussion on the list so far misses what I see as the central question about the economic assumptions in that paper. The paper assumes that all destinations are equally valuable, which we know is not the case. This implicitly (and perhaps mistakenly?) shifts the balance of power to tier-1 ISPs, whereas in practice, it may be with other ASes (e.g., Google). In practice, ISPs may be willing to spend significant amounts of money to reach certain destinations or content (some destinations are more valuable than others... e.g., Google). If the most "valuable" destinations deployed S-BGP and made everyone who wanted to connect to them deploy it, that would be more likely to succeed than the approach taken in the paper, I think.
Conclusion: All of these questions above make me wonder about two more general assumptions that it would be good to get some more insight into:
* Who "holds the cards", in terms of dictating the terms of interconnection? Content providers? Access networks/eyeballs? Tier-1s? (many of the recent peering spats recently seem to indicate that various ASes are trying to shake the current balance(s) of power, it seems)
* How complicated are interconnection contracts today, and how have they evolved? (i.e., how common is a random tiebreak, and how does that differ by network?)
 Valancius, V. and Lumezanu, C. and Feamster, N. and Johari, R. and Vazirani, V.V.
How Many Tiers? Pricing in the Internet Transit Market
In ACM SIGCOMM, 2011
On Sep 5, 2011, at 11:36 AM, Joe Maimon wrote:
> Owen DeLong wrote:
>> On Sep 5, 2011, at 7:24 AM, Jennifer Rexford wrote:
>>>> One could argue that rejecting routes which you previously had no way to
>>>> know you should reject will inherently alter the routing system and that this
>>>> is probably a good thing.
>>> Good point. Also, "tie breaking" in favor of signed-and-verified routes over not-signed-and-verified routes does not necessarily affect your traffic "positively or negatively" -- rather, if you are letting an arbitrary final tie break make the decision anyway, you are arguably *neutral* about the outcome...
>>> -- Jen
>> This is true in terms of whether you care or not, but, if one just looks at whether it changes the content of the FIB or not, changing which arbitrary tie breaker you use likely changes the contents of the FIB in at least some cases.
>> The key point is that if you are to secure a previously unsecured database such as the routing table, you will inherently be changing the contents of said database, or, your security isn't actually accomplishing anything.
> Except if you believe we have been lucky until now and security is all about the future where we may be less lucky.
> What I would be interested in seeing is a discussion on whether any anti-competitive market distortion incentives exist for large providers in adopting secured BGP. We might be lucky there too.
> Perhaps this will finally help solve the routing slot scalability problem. Might also jumpstart LISP. Which may put some more steam into v6. Welcome to the brave new internet.
> Good for everyone, right?
> Are you feeling lucky?
More information about the NANOG