partial specification
play

Partial specification of routing configurations WRiPE, 17 October - PowerPoint PPT Presentation

Partial specification of routing configurations WRiPE, 17 October 2011, Vancouver Alexander Gurney Limin Jia Anduo Wang Boon Thau Loo full partial (Image: NASA Goddard Space Flight Center) Charlevoix map, 1744 (Image: U. South Carolina)


  1. Partial specification of routing configurations WRiPE, 17 October 2011, Vancouver Alexander Gurney Limin Jia Anduo Wang Boon Thau Loo

  2. full partial (Image: NASA Goddard Space Flight Center) Charlevoix map, 1744 (Image: U. South Carolina)

  3. Partial specification in routing • We very often lack complete information about the network configuration. – What are our neighbors doing? – What are we doing? – How can I reason about parts of the network that are not configured yet? • Our theoretical tools must take account of this situation.

  4. Convergence analysis workflow Design a network configuration no, try again Does it pass yes the safety test? Great!

  5. Test incomplete configurations If the general idea is OK, then carry on to specify more details, refining the design, checking at each stage, until the configuration is finished.

  6. Our paper • A modest extension to “stable paths problem” analysis. • Some path preferences are known, some are unknown (undecided). • The topology and protocol are fixed.

  7. Stable paths CAd ≺ CABd ≺ CBd problem instance C Some paths don’t appear in the list: they are not permitted (like CBAd here) ABd ≺ ACBd ≺ Ad Bd ≺ BCAd ≺ BAd A B Path preferences for A: ABd is best, Ad is worst d The destination we are trying to reach

  8. Partial CAd ≺ CABd ≺ CBd stable paths C problem instance Some paths don’t appear in the list: they are not permitted (like CBAd here) ABd ≺ ACBd ≺ Ad Bd ≺ BAd; {BCAd} A B Paths may be permitted Path preferences for A: but unranked, like BCAd ABd is best, Ad is worst here. We have not yet decided how good it is. d The destination we are trying to reach

  9. Completing a PSPP • If we have Bd ≺ BAd, with BCAd unranked, there are three options. 1. BCAd ≺ Bd ≺ BAd 2. Bd ≺ BCAd ≺ BAd 3. Bd ≺ BAd ≺ BCAd • Each of these determines a full SPP.

  10. Dispute wheels • A “bad” sub -configuration • Oscillation implies the presence of a wheel • If there are no wheels, then BGP converges • Cycle of nodes, each with a path to d . • Everybody would rather go round the cycle than go straight in. • These preferences are irreconcilable: d the nodes will never “agree” which one has to suffer and take the direct path.

  11. Correctness property • We know what safety means for complete SPP instances ( ≈ BGP configurations) • For partial SPPs (PSPPs), safety means that there is at least one way of resolving the remaining preferences, so that the resulting complete SPP is safe . • How easy is this to check?

  12. Where do dispute wheels lurk? known part unknown part

  13. Where do dispute wheels lurk? known part unknown part There could already be a wheel – and this will not go away.

  14. Where do dispute wheels lurk? known part unknown part In the unknown part, anything could happen.

  15. Where do dispute wheels lurk? known part unknown part Could there be a partial configuration that has no wheel yet , but where every completion contains a wheel?

  16. Unfortunately, yes • However, the good news is that we can detect this situation, without having to look at every possible completion. • We can follow a similar procedure as for ordinary dispute wheel checking.

  17. A E ABd ≺ Ad C BCEd ≺ Bd {CAd, CEd} unranked EFd ≺ Ed B F FCAd ≺ Fd d If CAd ≺ CEd then A, B and C are in a dispute wheel. If CEd ≺ CAd then C, E and F are in a dispute wheel.

  18. A E ABd ≺ Ad C BCEd ≺ Bd CAd ≺ CEd EFd ≺ Ed B F FCAd ≺ Fd d If CAd ≺ CEd then A, B and C are in a dispute wheel. If CEd ≺ CAd then C, E and F are in a dispute wheel.

  19. A E ABd ≺ Ad C BCEd ≺ Bd CEd ≺ CAd EFd ≺ Ed B F FCAd ≺ Fd d If CAd ≺ CEd then A, B and C are in a dispute wheel. If CEd ≺ CAd then C, E and F are in a dispute wheel.

  20. Use the “paths digraph” • Encodes the preference and topology information is a slightly different form. • As new preferences are added, we include new arcs in the paths digraph. • Dispute wheels correspond to cycles in the paths digraph.

  21. A E ABd ≺ Ad BCEd ≺ Bd C {CAd, CEd} unranked EFd ≺ Ed B F FCAd ≺ Fd d

  22. A E ABd ≺ Ad BCEd ≺ Bd C {CAd, CEd} unranked EFd ≺ Ed B F FCAd ≺ Fd d Fd FCAd CAd Ad EFd ABd d Ed CEd BCEd Bd

  23. A E ABd ≺ Ad BCEd ≺ Bd C {CAd, CEd} unranked EFd ≺ Ed B F FCAd ≺ Fd d Fd FCAd CAd Ad EFd ABd d Ed CEd BCEd Bd

  24. Observations • No need to define “dispute wheel” on PSPPs • Just look for cycles in the paths digraph • If there is already a cycle , adding new arcs will not make it go away. • If there is no cycle , we can topologically sort the digraph, and insert any new arcs in the direction of the sort. So in this case we can always avoid making a dispute wheel.

  25. The configuration space • A partial configuration is implicitly associated with the set of its completions. • We now know how to see if at least one of these completions is safe. • What is the structure of the safe space? • Is there any way to choose an “optimal” completion, if there is more than one safe choice?

  26. Our idea • In this paper, we look at safe completion for MED/IGP interaction. • We know everything except the IGP arc weights (and therefore the path preferences they induce). • Using PSPP theory, we can derive numeric safety constraints for these weights.

  27. w R S w x y z safe x y z 1 5 4 12 no A B C 20 5 4 12 yes MED: 1 MED: 0 X Y 1 2 1 4 no d

  28. Methodology • Construct a PSPP instance for the known preferences. • For unknown preferences, we know where the preference arc will be, but not which direction it will point. • Consider all ways of orienting those arcs that do not create a cycle in the paths digraph.

  29. w R S x y z A B C MED: 1 MED: 0 X Y d

  30. w R S x y z A B C MED: 1 MED: 0 X Y d

  31. w R S x y z A B C MED: 1 MED: 0 X Y d

  32. w R S x y z A B C MED: 1 MED: 0 X Y d (RSCYd ≺ RAXd ) or (RAXd ≺ RSCYd and RAXd ≺ RBYd) (w + z < x) or ( x < w + z and x < y )

  33. Result • We obtain a logical formula over possible path preferences, something like: ( p ≺ q ) ∨ ( q ≺ p ∧ r ≺ s ) ∨ ( s ≺ r ∧ u ≺ t ) • Each preference corresponds to an integer inequality over the arc weights , like: p ≺ q if and only if a + b + c < d + e

  34. Bounding the safe space • What we end up with is a collection of linear integer inequalities . • However, we have disjunctions. So the safe space is, in general, not convex. – Each clause in the DNF does determine a convex subspace • The actual safe space may be larger than we detect here.

  35. Each inequality y > x + 2 defines a half-space.

  36. The safe space can be y > 4 non-convex , due to the presence of disjunctions. x > 7

  37. A common ¬ P ∧ Q pattern: P is enough but if we can’t have it, then P we need Q .

  38. Idea: Use with LWO • Link weight optimization: Given traffic demand matrix, determine IGP weights that are in some way “good”. • These weights are also used in BGP, where they can cause instability. • Use our “safe space” predicate to bound the optimization process – find weight matrices that are optimal subject to the constraint.

  39. Idea: Look at robustness • Is a given weight matrix close to the boundary of the safe space, or somewhere in the interior? • Are there good ways to transition from one safe matrix to another?

  40. Idea: Identify solution regimes • Each disjunction is giving a different way to achieve safety – “Make w really big” – or “Make w + x + y smaller than f + h ” • Can we use PSPP exploration to identify families of solutions?

  41. Some future work • Extend to “algebraic” model of routing • Consider more examples of partial specification – what else could be unknown? • Consider probabilistic models of partial information • Consider “policy privacy” issues

  42. Joan Blaeu, 1664 Thank you!

Recommend


More recommend