Abstract
SDN approaches to inter-domain routing promise better traffic engineering, enhanced security, and higher automation. Yet, naïve deployment of SDN on the Internet is dangerous as the control-plane expressiveness of BGP is significantly more limited than the data-plane expressiveness of SDN, which allows fine-grained rules to deflect traffic from BGP's default routes. This mismatch may lead to incorrect forwarding behaviors such as forwarding loops and blackholes, ultimately hindering SDN deployment at the inter-domain level. In this work, we make a first step towards verifying the correctness of inter-domain forwarding state with a focus on loop freedom while keeping private the SDN rules, as they comprise confidential routing information. To this end, we design a simple yet powerful primitive that allows two networks to verify whether their SDN rules overlap, i.e., the set of packets matched by these rules is non-empty, without leaking any information about the SDN rules. We propose an efficient implementation of this primitive by using recent advancements in Secure Multi-Party Computation and we then leverage it as the main building block for designing a system that detects Internet-wide forwarding loops among any set of SDN-enabled Internet eXchange Points.
Original language | English (US) |
---|---|
Title of host publication | SIGCOMM Posters and Demos 2017 - Proceedings of the 2017 SIGCOMM Posters and Demos, Part of SIGCOMM 2017 |
Publisher | Association for Computing Machinery, Inc |
Pages | 6-8 |
Number of pages | 3 |
ISBN (Electronic) | 9781450350570 |
DOIs | |
State | Published - Aug 22 2017 |
Event | ACM SIGCOMM 2017 Conference - Los Angeles, United States Duration: Aug 22 2017 → Aug 24 2017 |
Publication series
Name | SIGCOMM Posters and Demos 2017 - Proceedings of the 2017 SIGCOMM Posters and Demos, Part of SIGCOMM 2017 |
---|
Conference
Conference | ACM SIGCOMM 2017 Conference |
---|---|
Country/Territory | United States |
City | Los Angeles |
Period | 08/22/17 → 08/24/17 |
Bibliographical note
Publisher Copyright:© 2017 ACM.
Keywords
- Inter-domain routing
- Network Verification
- Privacy
- SMPC
ASJC Scopus subject areas
- Software
- Computer Networks and Communications
- Hardware and Architecture