![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
gdtLimitations of BGP
- routing only by dst prefix (no customisation by application, sender, etc)
- influence only over immediate neighbours, not the end-to-end path
- only indirect expression of policy (med, prepend, etc)
Evolve the inter-domain routing at a IX
- lots of people connect, to lots of benefit
- IXs looking for differentiation
- new applications (eg, streaming) create need for richer peering
Opportunities for SDN at IXs:
- freedom from routing constraints: matching different packet header fields, control messages from remote networks, direct control over data plane
- challenges: no existing SDN control framework, scaling issues as thousands of customers at IXs
What IXs can't do today:
- application-specific peering (eg, for video)
- redirect subsets of traffic to middleboxes
- traffic offloading (say two ISPs connecting to same transit at IX, automatically peer those ISPs rather than trombone traffic)
- prevent free-riding (dropping ingress traffic from non-peers)
- wide area load balancing (currently done through DNS, an indirect mechanism)
SDX initial design
- controller runs switches
- it takes routes and other attributes
- route selection function per AS
- load FIB entries into switch
- rules to rewrite packet headers
1. Controller recieves routes
2. Each participant submits a function to controller to select routes, rewrite headers, etc.
3. Controller pushed those rules to IX switches
Architecture
- Pyretic
- SDX runtime
- App for each IX member, with the apps seeing only the topology for that IX member
- runtime uses composition to resolve conflicts
Virtual software IX abstraction
- ISPs with no IX relationship don't see each other
- enforced by symbolic execution (ie, tagging packets in ingress, then uses state machine to validate or determine egress port) So packets can't take non-compliant paths
- SDX runtime composes policies in order of AS traversal (egress AS, then ingress AS)
Summary
- interdomain routing plagued by security, manageability
- SDN-based exchange is a promising approach
- research, not production
- routing only by dst prefix (no customisation by application, sender, etc)
- influence only over immediate neighbours, not the end-to-end path
- only indirect expression of policy (med, prepend, etc)
Evolve the inter-domain routing at a IX
- lots of people connect, to lots of benefit
- IXs looking for differentiation
- new applications (eg, streaming) create need for richer peering
Opportunities for SDN at IXs:
- freedom from routing constraints: matching different packet header fields, control messages from remote networks, direct control over data plane
- challenges: no existing SDN control framework, scaling issues as thousands of customers at IXs
What IXs can't do today:
- application-specific peering (eg, for video)
- redirect subsets of traffic to middleboxes
- traffic offloading (say two ISPs connecting to same transit at IX, automatically peer those ISPs rather than trombone traffic)
- prevent free-riding (dropping ingress traffic from non-peers)
- wide area load balancing (currently done through DNS, an indirect mechanism)
SDX initial design
- controller runs switches
- it takes routes and other attributes
- route selection function per AS
- load FIB entries into switch
- rules to rewrite packet headers
1. Controller recieves routes
2. Each participant submits a function to controller to select routes, rewrite headers, etc.
3. Controller pushed those rules to IX switches
Architecture
- Pyretic
- SDX runtime
- App for each IX member, with the apps seeing only the topology for that IX member
- runtime uses composition to resolve conflicts
Virtual software IX abstraction
- ISPs with no IX relationship don't see each other
- enforced by symbolic execution (ie, tagging packets in ingress, then uses state machine to validate or determine egress port) So packets can't take non-compliant paths
- SDX runtime composes policies in order of AS traversal (egress AS, then ingress AS)
Summary
- interdomain routing plagued by security, manageability
- SDN-based exchange is a promising approach
- research, not production