Network management and control mechanisms to prevent maliciously induced network instability

Large networks relying on real-time processing can be driven into unstable modes of operation (e.g., routing system failures, routing flaps, congestion and deadlock scenarios, system crash chain reactions, etc.). In the past, unintentional system faults have led to frame relay networks, SS7 signaling networks, and PSTNs going into unstable modes that have led to major service disruptions. A serious concern is that a malicious party could induce similar instabilities. The vulnerability of a network to instabilities may be due to unrecognized design flaws or hidden software bugs. Since these details are not known in advance, effective control mechanisms tailored to the specifics of the vulnerability are virtually impossible to achieve. However, it is our contention that there are a limited number of "generic propagation mechanisms" that enable these network instabilities to occur. By enumerating these propagation mechanisms and designing network management and control mechanisms to mitigate them, it would be possible to stabilize networks against malicious attack even when the details of the network vulnerability being exploited are unknown. We focus on a single example of a generic propagation mechanism that can occur in IP and ATM networks using link state routing protocols. The propagation mechanism is overload propagation in the control plane caused by excessive route updates. Network management and control mechanisms for mitigating this propagation mechanism are developed and validated through simulation of both the control and data planes.