Visible to the public Authorizing Network Control at Software Defined Internet Exchange Points

TitleAuthorizing Network Control at Software Defined Internet Exchange Points
Publication TypeConference Paper
Year of Publication2016
AuthorsGupta, Arpit, Feamster, Nick, Vanbever, Laurent
Conference NameProceedings of the Symposium on SDN Research
PublisherACM
Conference LocationNew York, NY, USA
ISBN Number978-1-4503-4211-7
KeywordsBGP, composability, Internet exchange point (IXP), pubcrawl, Resiliency, Scalability, software defined networking (SDN), Trust Routing
Abstract

Software Defined Internet Exchange Points (SDXes) increase the flexibility of interdomain traffic delivery on the Internet. Yet, an SDX inherently requires multiple participants to have access to a single, shared physical switch, which creates the need for an authorization mechanism to mediate this access. In this paper, we introduce a logic and mechanism called FLANC (A Formal Logic for Authorizing Network Control), which authorizes each participant to control forwarding actions on a shared switch and also allows participants to delegate forwarding actions to other participants at the switch (e.g., a trusted third party). FLANC extends "says" and "speaks for" logic that have been previously designed for operating system objects to handle expressions involving network traffic flows. We describe FLANC, explain how participants can use it to express authorization policies for realistic interdomain routing settings, and demonstrate that it is efficient enough to operate in operational settings.

URLhttp://doi.acm.org/10.1145/2890955.2890956
DOI10.1145/2890955.2890956
Citation Keygupta_authorizing_2016