FAIR: Forwarding Accountability for Internet Reputability

TL;DR

FAIR is a forwarding accountability mechanism that encourages ISPs to enforce security policies by marking packets and providing proofs of misbehavior, with low overhead and high-speed implementation on commodity hardware.

Contribution

It introduces a novel traffic profiling and marking system with integrated proofs of misbehavior, enabling scalable and efficient accountability in Internet forwarding.

Findings

Supports line-rate packet forwarding at 120 Gbps

Handles 140 million packets per second on commodity hardware

Provides a practical implementation of traffic accountability mechanisms

Abstract

This paper presents FAIR, a forwarding accountability mechanism that incentivizes ISPs to apply stricter security policies to their customers. The Autonomous System (AS) of the receiver specifies a traffic profile that the sender AS must adhere to. Transit ASes on the path mark packets. In case of traffic profile violations, the marked packets are used as a proof of misbehavior. FAIR introduces low bandwidth overhead and requires no per-packet and no per-flow state for forwarding. We describe integration with IP and demonstrate a software switch running on commodity hardware that can switch packets at a line rate of 120 Gbps, and can forward 140M minimum-sized packets per second, limited by the hardware I/O subsystem. Moreover, this paper proposes a "suspicious bit" for packet headers - an application that builds on top of FAIR's proofs of misbehavior and flags packets to warn other entities in the network.