NetReview: detecting when interdomain routing goes wrong

  • Authors:
  • Andreas Haeberlen;Ioannis Avramopoulos;Jennifer Rexford;Peter Druschel

  • Affiliations:
  • Max Planck Institute for Software Systems and Rice University;Deutsche Telekom Laboratories;Princeton University;Max Planck Institute for Software Systems

  • Venue:
  • NSDI'09 Proceedings of the 6th USENIX symposium on Networked systems design and implementation
  • Year:
  • 2009

Quantified Score

Hi-index 0.00

Visualization

Abstract

Despite many attempts to fix it, the Internet's interdomain routing system remains vulnerable to configuration errors, buggy software, flaky equipment, protocol oscillation, and intentional attacks. Unlike most existing solutions that prevent specific routing problems, our approach is to detect problems automatically and to identify the offending party. Fault detection is effective for a larger class of faults than fault prevention and is easier to deploy incrementally. To show that fault detection is useful and practical, we present NetReview, a fault detection system for the Border Gateway Protocol (BGP). NetReview records BGP routing messages in a tamper-evident log, and it enables ISPs to check each other's logs against a high-level description of the expected behavior, such as a peering agreement or a set of best practices. At the same time, NetReview respects the ISPs' privacy and allows them to protect sensitive information. We have implemented and evaluated a prototype of NetReview; our results show that NetReview catches common Internet routing problems, and that its resource requirements are modest.