SDX Publications


2018
Preserving Privacy at IXPs
Xiaohe Hu, Arpit Gupta, Nick Feamster, Aurojit Panda, Scott Shenker
Under Submission
abstract Web
Autonomous systems (ASes) on the Internet increasingly rely on Internet Exchange Points (IXPs) for peering. IXPs provide the physical infrastructure including a fabric required to interconnect ASes. A single IXP may interconnect several 100s or 1000s of participants (ASes) all of which might peer with each other. This requires each participant to maintain a BGP session with every other participant in an IXP and poses a scaling challenge. IXPs have addressed this challenge through the use of route servers. When route servers are used IXP participants outsource parts of their policy to the route server and maintain a single BGP session with it. The route server is responsible for implementing parts of each participant policies -- often export and import policies. While route servers allow IXPs to scale, they require participants to trust the IXP and reveal their policies, a drastic change from the accepted norm where all policies are kept private. In this paper we look at techniques to build route servers which provide the same functionality as existing route servers (thus providing scalability) without requiring participants to reveal their policies thus preserving the status quo and enabling wider adoption of IXPs. Prior work has looked at secure multi-party computation (SMPC) as a means of implementing such route servers however this affects performance and reduces policy flexibility. In this paper we take a different tack and build on trusted execution environments (TEEs) such as Intel SGX to keep policies private. We present results from an initial route server implementation that runs under Intel SGX and show that our approach has 20 better performance than SMPC based approaches. Furthermore, we demonstrate that the additional privacy provided by our approach comes at minimal cost and our implementation is at worse 2.1 slower than a current route server implementation (and in some situations up to 2 faster).

2017
Apr
Concise Encoding of Flow Attributes in SDN Switches
Robert MacDavid, Rüdiger Birkner, Ori Rottenstreich, Arpit Gupta, Nick Feamster, Jennifer Rexford
ACM SOSR, Santa Clara, CA
Winner of Best Paper Award
abstract Paper Talk Code Web BibTeX
@inproceedings{macdavid2017concise,
title={Concise encoding of flow attributes in SDN switches},
author={MacDavid, Robert and Birkner, Rudiger and Rottenstreich, Ori and Gupta, Arpit and Feamster, Nick and Rexford, Jennifer},
booktitle={Proceedings of the Symposium on SDN Research},
pages={48--60},
year={2017},
organization={ACM} }
Network devices such as routers and switches forward traffic based on entries in their local forwarding tables. Although these forwarding tables conventionally make decisions based on a packet header field such as a destination address, tagging flows with sets or sequences of attributes and making forwarding decisions based on these attributes can enable richer network policies. For example, devices at the edge of a network could add a tag to each packet that encodes a set of egress locations, a set of host permissions, or a sequence of middleboxes to traverse; simpler devices in the core of the network could then forward packets based on this tag. Unfortunately, naive construction of these tags can create forwarding tables that grow quadratically with the number of elements in the set or sequence prohibitive for commodity network devices. In this paper, we present PathSets, a compression algorithm that makes such encodings practical. The algorithm encodes sets or sequences (e.g., middlebox service chains, lists of next-hop network devices) in a compact tag that fits in a small packet-header field. Our evaluation shows that PathSets can encode attribute sets and sequences for large networks using tag widths competitive with existing approaches and that the number of forwarding rules grows linearly with the number of attributes encoded.

2017
Apr
SDX-Based Flexibility or Internet Correctness? Pick Two!
Rüdiger Birkner, Arpit Gupta, Nick Feamster, Laurent Vanbever
ACM SOSR, Santa Clara, CA
abstract Paper Talk Code Web BibTex
@inproceedings{birkner2017sdx,
title={SDX-Based Flexibility or Internet Correctness?: Pick Two!},
author={Birkner, R{\"u}diger and Gupta, Arpit and Feamster, Nick and Vanbever, Laurent},
booktitle={Proceedings of the Symposium on SDN Research},
pages={1--7},
year={2017},
organization={ACM} }
Software-Defined Internet eXchange Points (SDXes) are recently gaining momentum, with several SDXes now running in production. The deployment of multiple SDXes on the Internet raises the question of whether the interactions between these SDXes will cause correctness problems, since SDX policies can deflect traffic away from the default BGP route for a prefix, effectively breaking the congruence between the control plane and data plane. Although one deflection on a path will never cause loops to occur, combining multiple deflections at different SDXes can lead to persistent forwarding loops that the control plane never sees. In this paper, we introduce SIDR, a coordination framework that enables SDXes to verify the end-to-end correctness (i.e., loop freedom) of an SDX policy. The challenge behind SIDR is to strike a balance between privacy, scalability, and flexibility. SIDR addresses these challenges by: (i) not requiring SDXes to disclose the flow space their SDX policies act on, only the next-hop they deflect to; and (ii) minimizing the number of SDXes that must exchange state to detect correctness problems. SIDR manages to preserve the flexibility of SDX policies by activating the vast majority of the safe policies, the policies that do not create a loop. We implemented SIDR on the SDX platform and showed its practical effectiveness: SIDR can activate 91% of all safe policies while preserving privacy and scalability and can perform correctness checks in about one second.

2016
Mar
Authorizing Network Control at Software Defined Internet Exchange Points
Arpit Gupta, Nick Feamster, Laurent Vanbever
ACM SOSR, Santa Clara, CA
abstract Paper Talk Code Web BibTex
@inproceedings{gupta2016authorizing,
title={Authorizing network control at software defined internet exchange points},
author={Gupta, Arpit and Feamster, Nick and Vanbever, Laurent},
booktitle={Proceedings of the Symposium on SDN Research},
pages={16},
year={2016},
organization={ACM} }
Software Defined Internet Exchange Points (SDXes) increase the flexibility of interdomain traffic delivery on the Internet. Yet, an SDX inherently requires multiple participants to have access to a single, shared physical switch, which creates the need for an authorization mechanism to mediate this access. In this paper, we introduce a logic and mechanism called FLANC (A Formal Logic for Authorizing Network Control), which authorizes each participant to control forwarding actions on a shared switch and also allows participants to delegate forwarding actions to other participants at the switch (e.g., a trusted third party). FLANC extends “says” and “speaks for” logic that have been previously designed for operating system objects to handle expressions involving network traffic flows. We describe FLANC, explain how participants can use it to express authorization policies for realistic interdomain routing settings, and demonstrate that it is efficient enough to operate in operational settings.

2016
Mar
iSDX: An Industrial-Scale Software Defined Internet Exchange Point
Arpit Gupta, Robert MacDavid, Rüdiger Birkner, Marco Canini, Nick Feamster, Jennifer Rexford, Laurent Vanbever
USENIX NSDI, Santa Clara, CA
Winner of Community Award
Selected in the Best of the Rest session at USENIX ATC, 2016
Media Articles: CircleID, ONF Blog, NewIP

abstract Paper Talk Code Web BibTeX
@inproceedings{gupta2016isdx,
title={An Industrial-Scale Software Defined Internet Exchange Point.},
author={Gupta, Arpit and MacDavid, Robert and Birkner, R{\"u}diger and Canini, Marco and Feamster, Nick and Rexford, Jennifer and Vanbever, Laurent},
booktitle={NSDI},
pages={1--14},
year={2016} }
Software-Defined Internet Exchange Points (SDXes) promise to significantly increase the flexibility and function of interdomain traffic delivery on the Internet. Unfortunately, current SDX designs cannot yet achieve the scale required for large Internet exchange points (IXPs), which can host hundreds of participants exchanging traffic for hundreds of thousands of prefixes. Existing platforms are indeed too slow and inefficient to operate at this scale, typically requiring minutes to compile policies and millions of forwarding rules in the data plane. We motivate, design, and implement iSDX, the first SDX architecture that can operate at the scale of the largest IXPs. We show that iSDX reduces both policy compilation time and forwarding table size by two orders of magnitude compared to current state-of-the-art SDX controllers. Our evaluation against a trace from one of the largest IXPs in the world found that iSDX can compile a realistic set of policies for 500 IXP participants in less than three seconds. Our public release of iSDX, complete with tutorials and documentation, is already spurring early adoption in operational networks.

2014
Aug
SDX: A Software Defined Internet Exchange
Arpit Gupta, L. Vanbever, M. Shahbaz, S. Donovan, B. Schlinker, N. Feamster, J. Rexford, S. Shenker, R. Clark, E. Katz-Bassett
ACM SIGCOMM, Chicago, IL
210+ citations, one of the highest for SIGCOMM 2014
abstract Paper Talk Code Web BibTeX
@inproceedings{gupta2014sdx,
title={SDX: A Software Defined Internet Exchange},
author={Gupta, Arpit and Vanbever, Laurent and Shahbaz, Muhammad and Donovan, Sean P. and Schlinker, Brandon and Feamster, Nick and Rexford, Jennifer and Shenker, Scott and Clark, Russ and Katz-Bassett, Ethan},
booktitle={SIGCOMM},
year={2014},
organization={ACM} }
BGP severely constrains how networks can deliver traffic over the Internet. Today's networks can only forward traffic based on the destination IP prefix, by selecting among routes offered by their immediate neighbors. We believe Software Defined Networking (SDN) could revolutionize wide-area traffic delivery, by offering direct control over packet-processing rules that match on multiple header fields and perform a variety of actions. Internet exchange points (IXPs) are a compelling place to start, given their central role in interconnecting many networks and their growing importance in bringing popular content closer to end users. To realize a Software Defined IXP (an SDX), we must create compelling applications, such as application-specific peering, where two networks peer only for (say) streaming video traffic. We also need new programming abstractions that allow participating networks to create and run these applications and a runtime that both behaves correctly when interacting with BGP and ensures that applications do not interfere with each other. Finally, we must ensure that the system scales, both in rule-table size and computational overhead. In this paper, we tackle these challenges and demonstrate the flexibility and scalability of our solutions through controlled and in-the-wild experiments. Our experiments demonstrate that our SDX implementation can implement representative policies for hundreds of participants who advertise full routing tables while achieving sub-second convergence in response to configuration changes and routing updates.