The Internet was designed to always find a route if there is a policycompliant path. However, in many cases, connectivity is disrupted despite the existence of an underlying valid path. The research community has focused on short-term outages that occur during route convergence. There has been less progress on addressing avoidable long-lasting outages. Our measurements show that longlasting events contribute significantly to overall unavailability. To address these problems, we develop LIFEGUARD, a system for automatic failure localization and remediation. LIFEGUARD uses active measurements and a historical path atlas to locate faults, even in the presence of asymmetric paths and failures. Given the ability to locate faults, we argue that the Internet protocols should allow edge ISPs to steer traffic to them around failures, without requiring the involvement of the network causing the failure. Although the Internet does not explicitly support this functionality today, we show how BGP poisoning can approximate it. LIFEGUARD employs a set of techniques to poison with low impact on working routes. Deploying LIFEGUARD on the Internet, we find that it can effectively route traffic around particular ASes without causing widespread disruption.


Check out several examples of LIFEGUARD in action here.



Google, Cisco, and NSF partially funded this work. We are very appreciative of the support.