loose source routing as a mechanism for traffic policies katerina argyraki and david r. cheriton...
TRANSCRIPT
Loose Source Routing as a Mechanism for Traffic Policies
Katerina Argyraki and David R. Cheriton
Presented by Thuan Huynh, Robert Patro, and Shomir Wilson
Overview
Background and theory Implementation Applications Related works
Brief Review of LSRR
Loose Source Record Routing (LSRR) is an option in IP.
The sender specifies a list of IP addresses that the datagram must traverse.
The route is “loose”: the datagram can pass through other routers between any two addresses on the list.
LSRR Continued
S R1 R2 R3 Ddest=R1
{#R2, R3, D}dest=R2
{R1, #R3, D}dest=R3
{R1, R2, #D}dest=D
{R1, R2, R3#}
dest=D{#R1, R2, R3}
code len ptr IP addr #1 IP addr #2 IP addr #9. . .
1 1 1 4 bytes 4 bytes 4 bytes
39 bytes
General Format of the IP Source Route Option
Example of IP Source Routing
WRAP: Wide-Area Relay Addressing Protocol
WRAP runs on top of IP and uses loose-source routing, but implements it differently from IP’s LSRR.
WRAP and LSRR are… Similar: A WRAP packet includes a forward
path and a reverse path. Every time a relay on the forward path is traversed, it is moved to the reverse path.
Different: The WRAP header (including the forward and reverse paths) is included as the beginning of the IP payload. The source and destination in the IP header are the next and previous “hops” taken by the packet.
WRAP Advantages Over LSRR Relaying of WRAP packets is easier to
implement in hardware. Filtering of WRAP packets can be done
with conventional wire-speed filters (similar to TCP/UDP-level filters).
LSRR relaying or filtering requires processing the variable-length IP options field, typically requiring the CPU.
Transmit Policies
WRAP enables a node to specify a transmit policy for each packet.
An edge system can compute multiple paths to a destination, monitor them, and choose between them based on QoS needs.
An access router that connects an edge network to the Internet computes paths and choices, or…
The end user (PC application, person) can specify outgoing traffic paths.
Either way, the Internet core becomes purely a forwarding engine.
Receive Policies
WRAP enables a node to specify a receive policy for each packet (accept, block, rate-limit) according to its end-to-end path.
A victim of a DDoS attack can ask routers close to the attack sources to block “bad” traffic from them.
This is implemented with Active Internet Traffic Filtering (AITF), which verifies requests are real: node M cannot disrupt traffic between A and B unless M is on the path between them.
Alternatives to LSRR/WRAP
Transmit policies with labels: edge system tags each packet with a policy label that indicates how it should be routed.
Good: less burdensome on edge systems Bad: each ISP knows only its own internal
performanceReceive policies via hop-by-hop traceback:
requests to rate-limit traffic propagate hop-by-hop upstream.
Good: again, less burdensome Bad: core routers become a filtering
bottleneck
• protocol – The higher layer protocol (UDP, TCP etc.).• length – The number of 32-bit addresses the reverse and forward paths• foffset – The offset into the list of addresses where forward path field starts• reverse path – List of 32-bit addresses corresponding to the end-point and relays already traversed• forward path – List of 32-bit addresses corresponding to the relays and end-point still ahead• data – Contains the higher level (protocol format) packet
protocol length foffset reserved
0-7 8-15 16-23 24-31
reverse path
forward path
data
RELAYING
A B
S D
IP Src: SIP Dst: AFpath: [B,D]Rpath: [ ]
IP Src: AIP Dst: BFpath: [D]Rpath: [S]
IP Src: BIP Dst: DFpath: [ ]Rpath: [S,A]
WRAP: IMPLEMENTATION Name-To-Path Resolution
Wrap requires modification of current DNS Current – DNS maps names to IP addresses Modified – DNS maps names to domain-level paths
How? Each realm gets internal & external DNS server
Internal responds to requests originating inside the realm. Provides mappings from domain names to WRAP paths
External responds to requests originating outside the realm. Provides mappings from domain names to a tuple { global prefix, IP }
Forward Reference (Incremental Deployment) State for WRAPID gateways can be instantiated during
name resolution
WRAP: IMPLEMENTATION Name-To-Path Resolution
A B
S DS: DNS Name Lookup (D)
A: propagates request to B
B: { prefix = P, IP = D }
A: path = [A,B,D]
DESIRABLE PROPERTIES:Limited Path Spoofing
WRAP limits the effectiveness of spoofing by it’s design. Property A: Just as a destination addr. must
be correct for delivery in IP, the forward path must be correct for delivery in WRAP.
A malicious node may still spoof some other node by placing that node’s address in the reverse path.
However, because of property A, the malicious node’s gateway will necessarily appear in the reverse path.
DESIRABLE PROPERTIES:Limited Path Spoofing
A B
C
V
M D
IP Src: AIP Dst: BFpath: [C,D]Rpath: [V]
IP Src: BIP Dst: CFpath: [D]Rpath: [V,A]
IP Src: CIP Dst: DFpath: [ ]Rpath:[ V,A,B]
DESIRABLE PROPERTIES: Low Packet Overhead
WRAP chooses to explicitly include variable length lists of IP addresses in it’s headers.
Seems as though it might introduce much larger headers than a scheme like NIRA, but how bad is it in practice? Mangoni and Pansiot [14], find that AS path distance appears
to have a Gaussian distribution with a mean m, with 3 < m < 4
75% of AS pairs have a path length < 4, and 95% of AS pairs have a path length < 6.
WRAP authors make the conservative assumption that each AS may be a collection of networks behind a NAT. This shifts the distribution average by 2.
Still, 75% of WRAP headers would have a path length < 6 and 95% of WRAP headers would have a path length < 8
Also Mangoni and Pansiot found the “empirical law”: The average distance, diameter and radius of the inter-domain
graph of AS networks stays constant
This “law” holds despite the fact that the # of ASs grew by 40% during the duration of their study
Make IP addresses become routing tags and have NO end-to-end significance
A B
S
D D
[S, B, D][S, A, D]
DESIRABLE PROPERTIES:Address Space
DESIRABLE PROPERTIES:Address Space
Unlike NIRA and other schemes, globally unique addresses are not required: IP addresses must only be unique within
a realm. 4 billion addresses per realm.
Relay addresses specify not just a specific router, but a pair { router, outgoing realm }. This is an artifact of a router’s non-uniqueness in the global address space.
Similarity to IPNL
IPNL is an NAT-extended architecture An address has 10 bytes, consists of
Global IPv4 address Realm number Local IPv4 address
Packets must be routed to global address first, then to the realm, and local address.
WRAPID Gateways
Deploying WRAP is similar to placing every administrative domain behind NAT can be incremental must upgrade routers to WRAP capable hosts can be upgraded or not can support non-WRAP hosts by WRAPID
gateways (WRAP to IP Domain) WRAPID gateways can implement IP
WRAP and WRAP IP translating functionality.
WRAPID Gateways
A B
WRAPID gateway WRAPID gateway
IP Src: SIP Dst: X
S D
IP Src: YIP Dst: D
IP Src: AIP Dst: BFpath: [D]Rpath: [S]
Problems?
Applications
Virtual Private Network Different sites are connected by WRAP
relay nodes Policy-based routing Extended forwarding path check
The source can be verified up to the trusted relay node.
Multicast WRAPsec
Related works
TRIAD (Translating Relaying Internet Architecture integrating Active Directories)
RouteScience RON NIRA (Tuesday) IPNL and IPv4+4
“shim protocol” router upgrade routing information in header
Q & A