14.1. Introduction

A common paradigm for a network service architecture is to provide a number of different services or applications in which all of them share resources; the routing framework provides the best path to all services. A simple twist to this basic notion is if we were to architect in a way to virtualize the network so that different services are clustered into different virtual, adaptive partitions to provide different levels of services. In considering this notion, it is important to note that a service offering can span the entire spectrum from complete sharing to physically dedicated partitioning. Furthermore, even without a shared environment, prioritization is also possible, for example, in packet scheduling for different service classes at a router. Typically, to provide a certain quality of service, which might be agreed upon through a service-level agreement, a shared environment requires less network bandwidth due to statistical gain as opposed to a completely dedicated, partitioned environment to each different service—this is from the angle of a network service provider. However, in many instances, a middle-of-the-road approach can be a viable alternative in which through virtualization, services can be offered as guaranteed prioritized services, and more importantly, such virtualization can be adaptively configured, without requiring complete physical partitioning.

Our middle-of-the-road approach is motivated by a different service paradigm. Consider the simple scenario of two service classes—survivable critical (SC) services and normal services—in which the objective is to provide a certain level of service quality or protection to SC services even under an attack or a network stress situation. This attack or stress can be either of the following forms: (1) injection of excessive dummy traffic to overload the network or network elements or (2) overtaking of a part of the network (e.g., some routers) so that some network elements become untrusted for use by SC services. An important driver then is that the network has the framework to consider trustworthiness and the routing protocol has the appropriate functionality that can support trustworthiness as well as resilience.

In this work, we present a routing perspective for a resilient network architecture in which different services with different priority can coexist in a virtualized environment. For resiliency, it is necessary to provide robustness in the routing architecture to protect against attacks as well as network overload. More importantly, we present a general framework for secure and resilient routing that can be conducive to providing secure traffic engineering as well. We, however, take a sort of backward-direction approach; specifically, instead of starting with what we require or assume in the network architecture, we start with the need for the service requirement for resiliency in a prioritized environment and work backward to identify what are the different components desirable in the network architecture to support this service paradigm. Implicit in our presentation is then the basic understanding that we do not necessarily consider the components identified to be efficient nor do we claim that all components or solutions have been identified; at times, we leave some problems identified as open, research problems.

We conclude this introduction with a general note about terminology. We use the term router as a generic routing node; in other words, it is not to be confused with an IP router and its capabilities as is understood in the context of the current Internet. This also means that the router is not necessarily limited to doing a shortest-path-based computation for route selection. Similarly, we use the term link-state routing protocol to indicate that information would need to be exchanged for the purpose of route computation that uses a link-state framework. Thus, within this framework we also mean that node-state information may need to be communicated as well. Hence, we will use link-state update (LSU) and extended node/link update (ENLU) interchangeably. For comparison purpose, however, we consider Open Shortest Path First (OSPF) to identify and contrast what it provides and what we envision a link-state routing framework needs, or how OSPF can be extended for the benefit of the resilient network architecture.

Network resiliency has been addressed over the years by many researchers. We note here two works: (1) Resilient overlay networks [1] present an approach for robustness over the current Internet for path diversity; our work addresses the infrastructure itself for the future Internet both from the perspective of robustness and security of routing information. (2) BGP/MPLS [2] architecture provides the ability to separate between routing update, path determination, and resource reservation; our architecture can potentially be deployed in a similar environment while we also address security of routing information exchange as well as how the nodes might be differentiated in the presence of an attack.

The rest of the chapter is organized as follows. In Section 14.2, we present the overall traffic engineering perspective as a motivating discussion toward resilient architecture, while in Section 14.3 we briefly identify the components of a resilient architecture. In Section 14.4, we discuss threats and countermeasures for link-state routing. We then present the resilient architecture in Section 14.5 in which we discuss routing protocol extension, virtualization of routing domain, and preliminary analysis. We then conclude with our summary.