TY - GEN
T1 - Prelude: Ensuring Inter-Domain Loop-Freedom in SDN-Enabled Networks
AU - Dethise, Arnaud
AU - Chiesa, Marco
AU - Canini, Marco
N1 - KAUST Repository Item: Exported on 2020-10-01
PY - 2018/7/16
Y1 - 2018/7/16
N2 - Software-Defined eXchanges (SDXes) promise to improve
the inter-domain routing ecosystem through SDN deployment.
Yet, the naïve deployment of SDN on the Internet
raises concerns about the correctness of the inter-domain
data-plane. By allowing operators to deflect traffic from
default BGP routes, SDN policies can create permanent
forwarding loops that are not visible to the control-plane.
We propose Prelude, a system for detecting SDNinduced
forwarding loops between SDXes with high accuracy
without leaking private routing information of
network operators. To achieve this, we leverage Secure
Multi-Party Computation (SMPC) techniques to build
a novel and general privacy-preserving primitive that
detects whether any subset of SDN rules might affect the
same portion of traffic without learning anything about
those rules. We then leverage this primitive as the main
building block of a distributed system tailored to detect
forwarding loops among any set of SDXes. We leverage
the particular nature of SDXes to further improve the
efficiency of our SMPC solution.
The number of valid SDN rules rejected by our solution
is 100x lower than previous privacy-preserving solutions,
and provides better privacy guarantees. Furthermore,
our solution naturally provides network operators with
some insights on the cost of the deflected paths.
AB - Software-Defined eXchanges (SDXes) promise to improve
the inter-domain routing ecosystem through SDN deployment.
Yet, the naïve deployment of SDN on the Internet
raises concerns about the correctness of the inter-domain
data-plane. By allowing operators to deflect traffic from
default BGP routes, SDN policies can create permanent
forwarding loops that are not visible to the control-plane.
We propose Prelude, a system for detecting SDNinduced
forwarding loops between SDXes with high accuracy
without leaking private routing information of
network operators. To achieve this, we leverage Secure
Multi-Party Computation (SMPC) techniques to build
a novel and general privacy-preserving primitive that
detects whether any subset of SDN rules might affect the
same portion of traffic without learning anything about
those rules. We then leverage this primitive as the main
building block of a distributed system tailored to detect
forwarding loops among any set of SDXes. We leverage
the particular nature of SDXes to further improve the
efficiency of our SMPC solution.
The number of valid SDN rules rejected by our solution
is 100x lower than previous privacy-preserving solutions,
and provides better privacy guarantees. Furthermore,
our solution naturally provides network operators with
some insights on the cost of the deflected paths.
UR - http://hdl.handle.net/10754/630818
UR - http://dl.acm.org/citation.cfm?doid=3232565.3232570
UR - http://www.scopus.com/inward/record.url?scp=85063091124&partnerID=8YFLogxK
U2 - 10.1145/3232565.3232570
DO - 10.1145/3232565.3232570
M3 - Conference contribution
SN - 9781450363952
SP - 50
EP - 56
BT - Proceedings of the 2nd Asia-Pacific Workshop on Networking - APNet '18
PB - Association for Computing Machinery (ACM)
ER -