Logical peering for interdomain networking on testbeds

Research testbed fabrics have potential to support long-lived, evolving, interdomain experiments, including opt-in application traffic across multiple campuses and edge sites. We propose abstractions and security infrastructure to facilitate multi-domain networking, and a reusable controller toolkit (ExoPlex) for network service providers (NSPs) running in testbed-hosted virtual network slices. We demonstrate the idea on the ExoGENI testbed, which allows slices to interconnect and exchange traffic over peering links by mutual consent. Each ExoPlex NSP runs a peering controller that manages its interactions with its linked peers and controls the NSP's dataplane network via SDN. Our approach expresses policies for secure peering and routing in a declarative language---logical peering. The prototype uses logic rules to verify IP prefix ownership, filter and validate route advertisements, and implement user-specified policies for connectivity and path control in networks with multiple transit NSPs.