630 likes | 796 Views
Internet Routing: Border Gateway Protocol (BGP). Jennifer Rexford Princeton University http://www.cs.princeton.edu/~jrex/bgp-tutorial. Goals of This Section. Path-vector routing Limitations of shortest-path routing and flooding Path-vector routing as alternative to distance-vector
E N D
Internet Routing:Border Gateway Protocol (BGP) Jennifer Rexford Princeton University http://www.cs.princeton.edu/~jrex/bgp-tutorial
Goals of This Section • Path-vector routing • Limitations of shortest-path routing and flooding • Path-vector routing as alternative to distance-vector • Border Gateway Protocol • BGP session running over reliable transport protocol • Announcement and withdrawal messages • Path exploration during convergence • BGP routing policy • Import policy, decision process, and export policies • BGP inside of an AS • Applications of BGP • Anycast, mobility, monitoring, blackholing, …
NO Shortest-Path Routing is Restrictive • All traffic must travel on shortest paths • All nodes need common notion of link costs • Incompatible with commercial relationships National ISP1 National ISP2 YES Regional ISP1 Regional ISP3 Regional ISP2 Cust1 Cust3 Cust2
Link-State Routing is Problematic • Topology information is flooded • High bandwidth and storage overhead • Forces nodes to divulge sensitive information • Entire path computed locally per node • High processing overhead in a large network • Minimizes some notion of total distance • Works only if policy is shared and uniform • Typically used only inside an AS • E.g., OSPF and IS-IS
Distance Vector is on the Right Track • Advantages • Hides details of the network topology • Nodes determine only “next hop” toward the dest • Disadvantages • Minimizes some notion of total distance, which is difficult in an interdomain setting • Slow convergence due to the counting-to-infinity problem (“bad news travels slowly”) • Idea: extend the notion of a distance vector • To make it easier to detect loops
2 Path-Vector Routing • Extension of distance-vector routing • Avoid count-to-infinity problem • Support flexible routing policies • Key idea: advertise the entire path • Distance vector: send distance metric per dest d • Path vector: send the entire path for each dest d “d: path (2,1)” “d: path (1)” 3 1 data traffic data traffic d
2 Faster Loop Detection • Node can easily detect a loop • Look for its own node identifier in the path • E.g., node 1 sees itself in the path “3, 2, 1” • Node can simply discard paths with loops • E.g., node 1 simply discards the advertisement “d: path (2,1)” “d: path (1)” 3 1 “d: path (3,2,1)”
2 3 1 2 3 1 Flexible Policies • Each node can apply local policies • Path selection: Which path to use? • Path export: Which paths to advertise? • Examples • Node 2 may prefer the path “2, 3, 1” over “2, 1” • Node 1 may not let node 3 hear the path “1, 2”
Border Gateway Protocol • Interdomain routing protocol for the Internet • Prefix-based path-vector protocol • Policy-based routing based on AS Paths • Evolved during the past 20 years • 1989 : BGP-1 [RFC 1105], replacement for EGP • 1990 : BGP-2 [RFC 1163] • 1991 : BGP-3 [RFC 1267] • 1995 : BGP-4 [RFC 1771], support for CIDR • 2006 : BGP-4 [RFC 4271], update
BGP Operations Establish session on TCP port 179 AS1 BGP session Exchange all active routes AS2 While connection is ALIVE exchange route UPDATE messages Exchange incremental updates
Incremental Protocol • A node learns multiple paths to destination • Stores all of the routes in a routing table • Applies policy to select a single active route • … and may advertise the route to its neighbors • Incremental updates • Announcement • Upon selecting a new active route, add node id to path • … and (optionally) advertise to each neighbor • Withdrawal • If the active route is no longer available • … send a withdrawal message to the neighbors
BGP Route • Destination prefix (e.g., 128.112.0.0/16) • Route attributes, including • AS path (e.g., “7018 88”) • Next-hop IP address (e.g., 12.127.0.121) 12.127.0.121 192.0.2.1 AS 7018 AT&T AS 88 AS 11 Yale Princeton 128.112.0.0/16 AS path = 88 Next Hop = 192.0.2.1 128.112.0.0/16 AS path = 7018 88 Next Hop = 12.127.0.121
AS 1239 Sprint ASPATH Attribute AS 1129 128.112.0.0/16 AS Path = 1755 1239 7018 88 Global Access AS 1755 128.112.0.0/16 AS Path = 1129 1755 1239 7018 88 128.112.0.0/16 AS Path = 1239 7018 88 Ebone AS 12654 RIPE NCC RIS project 128.112.0.0/16 AS Path = 7018 88 AS7018 128.112.0.0/16 AS Path = 3549 7018 88 128.112.0.0/16 AS Path = 88 AT&T AS 3549 AS 88 128.112.0.0/16 AS Path = 7018 88 Princeton Global Crossing 128.112.0.0/16 Prefix Originated
BGP Path Selection • Simplest case • Shortest AS path • Arbitrary tie break • Example • Three-hop AS path preferred over a five-hop AS path • AS 12654 prefers path through Global Crossing • But, BGP is not limited to shortest-path routing • Policy-based routing AS 1129 Global Access 128.112.0.0/16 AS Path = 1129 1755 1239 7018 88 AS 12654 RIPE NCC RIS project 128.112.0.0/16 AS Path = 3549 7018 88 AS 3549 Global Crossing
AS Path Length != Router Hops • AS path may be longer than shortest AS path • Router path may be longer than shortest path 2 AS hops, 8 router hops d s 3 AS hops, 7 router hops
BGP Policy: Applying Policy to Routes • Import policy • Filter unwanted routes from neighbor • E.g. prefix that your customer doesn’t own • Manipulate attributes to influence path selection • E.g., assign local preference to favored routes • Export policy • Filter routes you don’t want to tell your neighbor • E.g., don’t tell a peer a route learned from other peer • Manipulate attributes to control what they see • E.g., make a path look artificially longer than it is
BGP Policy: Influencing Decisions Open ended programming. Constrained only by vendor configuration language Apply Policy = filter routes & tweak attributes Apply Policy = filter routes & tweak attributes Receive BGP Updates Based on Attribute Values Best Routes Transmit BGP Updates Apply Import Policies Best Route Selection Best Route Table Apply Export Policies Install forwarding Entries for best Routes. IP Forwarding Table
Local-pref = 90 Sprint AT&T Local-pref = 100 Tier-2 Tier-3 Yale Import Policy: Local Preference • Favor one path over another • Override the influence of AS path length • Apply local policies to prefer a path • Example: prefer customer over peer
Import Policy: Filtering • Discard some route announcements • Detect configuration mistakes and attacks • Examples on session to a customer • Discard route if customer doesn’t own the prefix • Discard route containing other large ISPs USLEC Patriot Princeton 128.112.0.0/16
Export Policy: Filtering • Discard some route announcements • Limit propagation of routing information • Examples • Don’t announce routes from one peer to another Sprint UUNET AT&T
USLEC network operator Princeton Export Policy: Filtering • Discard some route announcements • Limit propagation of routing information • Examples • Don’t announce routes for network-management hosts or the underlying routers themselves
Sprint USLEC Patriot 88 88 88 Princeton 128.112.0.0/16 Export Policy: Attribute Manipulation • Modify attributes of the active route • To influence the way other ASes behave • Example: AS prepending • Artificially inflate AS path length seen by others • Convince some ASes to send traffic another way
BGP Policy Configuration • Policy languages are vendor-specific • Not part of the BGP protocol specification • Different languages for Cisco, Juniper, etc. • Still, all languages have some key features • Policy as a list of clauses • Each clause matches on route attributes • … and discards or modifies the matching routes • Configuration done by human operators • Implementing the policies of their AS • Biz relationships, traffic engineering, security, …
An AS is Not a Single Node • Multiple routers in an AS • Need to distribute BGP information within the AS • Internal BGP (iBGP) sessions between routers AS1 eBGP iBGP AS2
Internal BGP and Local Preference • Example • Both routers prefer the path through AS 100 on the left • … even though the right router learns an external path AS 200 AS 100 AS 300 Local Pref = 90 Local Pref = 100 I-BGP AS 256
Joining BGP and IGP Information • Border Gateway Protocol (BGP) • Announces reachability to external destinations • Maps a destination prefix to an egress point • 128.112.0.0/16 reached via 192.0.2.1 • Interior Gateway Protocol (IGP) • Used to compute paths within the AS • Maps an egress point to an outgoing link • 192.0.2.1 reached via 10.1.1.1 10.1.1.1 192.0.2.1
Forwarding Table destination next hop BGP 128.112.0.0/16 10.10.10.10 destination 192.0.2.0/30 10.10.10.10 128.112.0.0/16 192.0.2.1 Joining BGP with IGP Information 128.112.0.0/16 Next Hop = 192.0.2.1 128.112.0.0/16 10.10.10.10 AS 88 AS 7018 192.0.2.1 IGP destination next hop 192.0.2.0/30 10.10.10.10 + next hop
An AS May Learn Many Routes • Multiple connections to neighboring ASes • Multiple border routers may learn good routes • … with the same local-pref and AS path length Multiple links 4 3 5 2 6 7 1
dst 9 B B A A 4 D 3 8 10 3 4 G 8 E 5 F C Hot-Potato (Early-Exit) Routing • Hot-potato routing • Each router selects the closest egress point • … based on the path cost in intradomain protocol • BGP decision process • Highest local preference • Shortest AS path • Closest egress point • Arbitrary tie break hot potato
Conventional Use of BGP • An AS owns a prefixes • Originates that prefix into BGP • Neighboring ASes propagate the route • Add themselves to the AS path • Apply local policy for selecting and exporting Sprint USLEC Patriot 88 88 Princeton 128.112.0.0/16
Conventions Not Always True • IP prefix corresponds to a single location? • Multiple locations for a replicated service (e.g., DNS) • The location stays the same over time? • Wide-area mobility (e.g., WiFi on an airplane) • The BGP session connects immediate neighbors? • BGP monitoring (e.g., RouteViews, blackholing service) • The originating AS owns the prefix? • Malicious or misconfigured AS (e.g., prefix hijacking)
Many Services are Replicated • Servers in many locations • Reliability: copies that fail independently • Performance: clients directed to nearby replicas
Anycast • Anycast • One-to-many association of name to endpoints • Each destination represents a set of receivers • Only one receives information from the sender • Questions • How to name the (replicated) service? • URL, host name, IP address, … • How to decide which instance receives traffic? • Network proximity, load balancing policies, … • How “sticky” should the binding be? • Each packet independent? Connection-oriented?
IP Anycast • Announce IP prefix in interdomain routing • At each replica location • Rely on global routing to direct traffic • To the “nearest” replica 63.251.179.13 63.251.179.13 63.251.179.13
IP Anycast: Pros and Cons • Advantages • Completely transparent to clients and routers • Scales well for a large group of replicas • End-to-end paths automatically efficient • Disadvantages • Pollutes the global routing system • Separate /24 for each replicated service • Does not consider server load • Different packets may reach different replicas • Slow BGP convergence after a withdrawal
Application-Level Anycast • URL rewriting • Server dynamically rewrites HTML page • E.g., image at foo23.bar.com vs. foo46.bar.com • Application-level redirection • Explicit redirection of a request to new location • E.g., HTTP 302 “Moved Temporarily” • DNS redirection • Change mapping of domain name to address • E.g., www.cnn.com to 8.15.7.117
Application-Layer Anycast: Pros and Cons • Advantages • Fine-grain control of load across group members • Can easily incorporate variety of criteria • Successive packets delivered to same replica • Disadvantages • Need to identify location of the requesting client • Especially difficult for DNS-based redirection • Extra round-trip times for redirection • Small TTLs to prevent long DNS caching • Boot-strapping to find redirecting/lookup server
Open Questions • Hybrids of IP and application-level anycast • IP anycast proxies • Route servers that “pin” the route from a sender • New routing architectures • Designed with replicated services in mind • Support from the end-host protocols? • Content-oriented networking • Naming and addressing content • Rather than end-host computers
Maintaining Ongoing Transfers • Seamless transmission to a mobile host B A
Could Let Routing Protocol Handle It • Mobile node has a single, persistent address • Address injected into routing protocol A B 12.34.45.0/24 12.34.45.7/32 Mobile host with IP address 12.34.45.7
Example: Boeing Connexion Service • Boeing Connexion service • Mobile Internet access provider • WiFi “hot spot” at 35,000 feet moving 600 mph • Went out of business in December 2006… • Communication technology • Plane antenna to leased satellite transponders • Ground stations serve as Internet gateways • Using BGP for mobility • Address block (a /24) per international airplane • Ground station advertises the prefix into BGP
Example: Boeing Connexion Service 12.78.3.0/24 Internet
Boeing Approach • Advantages • No changes to the end host • Traffic follows an efficient path to new location • Disadvantages • Does not scale to large number of mobile hosts • Large number of routing-protocol messages • Larger routing tables to store smaller address blocks • Open questions • Is this fair to the rest of the Internet??? • How should we support wide-area mobility?