Atlas: A First Step Toward Multipath Validation

As an indispensable feature for future secure Internet, path validation verifies whether packets follow specified paths. Existing solutions, however, cannot apply to multipath routing with practical efficiency. Multipath routing may proliferate an exponential scale path choice and the source may not know which path will be followed by a packet as a priori knowledge. In this paper, we design and implement Atlas as the first protocol for efficient multipath validation. It makes a leap in efficiency by two newly proposed techniques—hierarchical validation and tagged pruning. Hierarchical validation divides multipath into non-overlapping segments. We need to compute the path credential for each segment only once no matter how many paths it may co-locate. Furthermore, tagged pruning labels each segment with a unique tag. A router can directly identify the credential field to validate and delete credentials of unused paths. This further accelerates validation and saves bandwidth. Furthermore, we explore two efficiency enhancements—low-level credential elimination and used credential elimination—to improve Atlas scalability. We validate the practicality and applicability of Atlas over a recent topology measurement of Internet2’s IP Network. To validate the performance of Atlas and the enhancements, we implement Atlas using the Click modular router. Experiment results show that compact Atlas headers enable large-scale multipath validation without breaching the MTU limit. Atlas thus invigorates multipath validation practicality.