Abstract :
Compromised and misconfigured routers are a well-known problem in ISP and enterprise networks. Data-plane fault localization (FL) aims to identify faulty links of compromised and misconfigured routers during packet forwarding, and is recognized as an effective means of achieving high network availability. Existing secure FL protocols are path-based, which assume that the source node knows the entire outgoing path that delivers the source node´s packets and that the path is static and long-lived. However, these assumptions are incompatible with the dynamic traffic patterns and agile load balancing commonly seen in modern networks. To cope with real-world routing dynamics, we propose the first secure neighborhood-based FL protocol, DynaFL, with no requirements on path durability or the source node knowing the outgoing paths. Through a core technique we named delayed key disclosure, DynaFL incurs little communication overhead and a small, constant router state independent of the network size or the number of flows traversing a router. In addition, each DynaFL router maintains only a single secret key, which based on our measurement results represents 2 - 4 orders of magnitude reduction over previous path-based FL protocols.
Keywords :
Internet; computer network reliability; computer network security; cryptographic protocols; fault location; resource allocation; routing protocols; telecommunication traffic; DynaFL; ISP; agile load balancing; dynamic traffic pattern; enterprise network; fault link; flow traversing; neighborhood-based FL protocol; network availability; packet forwarding; path-based FL protocol; routing dynamics; scalable fault localization; security; Load management; Routing; Routing protocols; Scalability; Security; Vectors;