Predicate Routing: Enabling Controlled Networking

The Internet lacks a coherent model which unifies security (in terms of where packets are allowed to go) and routing (where packets should be sent), even in constrained environments. While automated configuration tools are appearing for parts of this problem, a general solution is still un-available. Routing and firewalling are generally treated as separate problems, in spite of their clear connection. In particular, security policies in data hosting centers, enterprise networks, and backbones are still by and large installed manually, and are prone to problems from errors and mis-configurations. This paper present Predicate Routing (PR) as a solution to this problem. It briefly describe the centralized implementation and then outline the extension of Internet routing protocols to support Predicate Routing.