440 likes | 567 Views
Routing and RPSLng. Carlos Fria ças , FCCN cfriacas@fccn.pt Luc De Ghein , CISCO ldeghein@cisco.com. IPv6 workshop Krakow May 2012. Contents. Systems Routing Context VRRP (Virtual Router Redundancy Protocol) Internal Routing RIPng (Routing Information Protocol)
E N D
Routing and RPSLng Carlos Friaças, FCCN cfriacas@fccn.pt Luc De Ghein, CISCO ldeghein@cisco.com IPv6 workshop Krakow May 2012
Contents • Systems • Routing Context • VRRP (Virtual Router Redundancy Protocol) • Internal Routing • RIPng (Routing Information Protocol) • IS-IS (Intermediate System-Intermediate System) • OSPFv3 (Open Shortest Path First) • External Routing • Multiprotocol BGP (Border Gateway Protocol) • RPSLng • Routing Policies • RPSL and RPSLng • Examples and Tools
VRRP • Virtual Router Redundancy Protocol • Providing a redundant gateway to end-systems • IETF: Version 3 • RFC5798, March 2010 • Based on VRRPv2 for IPv4 • Election protocol • Usage of «virtual» addresses • Which are used by/configured on hosts • One of the existent VRRP routers is elected as «MASTER»
VRRP • IPv6 Multicast Address • Assigned by IANA = FF02::12 • Advantage of using VRRP on IPv4: • Higher-availability default path without requiring configuration of dynamic routing or router discovery protocols on every end-host. • Advantage of using VRRP on IPv6: • Quicker switchover to Backup routers than can be obtained with standard IPv6 Neighbor Discovery mechanisms.
Internal vs. External Routing • Autonomous System Number (ASN or AS) • Identifies a network independently managed • Unique identifier on the Internet • Initially 2-byte, now expanded to 4-byte • Allows for an independent routing policy (choosing peers and transit providers) • Internal Routing Protocols • Used between routers from the same ASN • External Routing Protocols • Used between routers from different ASNs • Goal of any type of routing protocols is to share information about routes
RIPng • Same as IPv4 • Based on RIPv2 • Distance vector, max. 15 hop, split-horizon, … • It’s an IPv6 only protocol • In a dual-stack environment, running RIP, you’ll need RIP (IPv4) and RIPng (IPv6) • IPv6 related functionality • Uses IPv6 for transport • IPv6 prefix, next-hop IPv6 address • For RIP updates, uses multicast address FF02::9
ISISv6 • OSI Protocol • Based on two levels • L2 = Backbone • L1 = Stub • L2L1= interconnect L2 and L1 • Runs on top of CNLS • Each IS device still sends out LSP (Link State Packets) • Send information via TLV’s (Tag/Length/values) • Neighborship process is unchanged • Major operation remains unchanged
ISISv6 (2) • Updated features: • Two new Tag/Length/Values (TLV) for IPv6 • IPv6 Reachability • IPv6 Interface Address • New network Layer Identifier • IPv6 NLPID
OSPFv3 • OSPFv3 = OSPF for IPv6 • Based on OSPFv2 • Topology of an area is invisible from outside the area • LSA flooding is bounded by area • SPF calculation is performed separately for each area • All areas must have a connection to the backbone (area 0)
OSPFv3 (2) • OSPFv3 is an IPv6-only protocol • In a dual-stack environment, running OSPF, you’ll need OSPFv2 (IPv4) and OSPFv3 (IPv6) • Work-in-progress about extensible mechanisms to enable OSPFv3 with different address families support • Details • Runs directly over IPv6 • Distributes IPv6 prefixes • New LSA types • Uses Multicast addresses • ALLSPFRouters (FF02::5) • ALLDRouters (FF02::6)
OSPFv3 Basic Configs & Commands • Configs: ipv6 router ospf <pid/asn> no passive interface default redistribute connected interface <interface> ipv6 enable ipv6 ospf <pid/asn> area <area_id> • Commands show ipv6 ospf neighbor clear ipv6 ospf process
Multiprotocol BGP • «The» Exterior Gateway Protocol • Session based, 1 to 1 • Connects separate routing domains that contain independent routing policies (and AS numbers) • Same «peering» and «transit» concepts
Multiprotocol BGP (2) • Carries sequences of AS numbers, indicating path (for each route) • Supports the same features and functionality as IPv4 BGP Multipleaddressesfamilies: IPv4, IPv6, unicast, multicast
Multiprotocol BGP (3) • BGP4 carries only 3 types of information wich is truly IPv4 specific: • NLRI in the UPDATE message contains an IPv4 prefix • NEXT_HOP attribute in the UPDATE message contains an IPv4 address • BGP ID in AGGREGATOR attribute
Multiprotocol BGP (4) • RFC 4760 (Jan 2007) defines multi-protocols extensions for BGP4 • this makes BGP4 available for other network layer protocols (IPv6, MPLS…) • New BGP4 attributes: • MP_REACH_NLRI • MP_UNREACH_NLRI • Protocol Independent NEXT_HOP attribute • Protocol Independent NLRI attribute
MBGP Basic Configs & Commands • Configs: router bgp <asn> address-family ipv6 unicast neighbor 2001:db8::2 activate neighbor 2001:db8::2 version 4 neighbor 2001:db8::2 remote-as <nei_asn> network 2001:db8:ffff::/48 • Commands show bgp ipv6 unicast summary show bgp neighbors 2001:db8::2 routes clear bgp ipv6 unicast <ipv6_address/asn>
Global Routing Stats (IPv6 vs. IPv4) source: www.cidr-report.org
Some BGP Tools LookingGlasses & Route Servers http://www.traceroute.org RIPE RoutingInformation Service (RIS) http://www.ripe.net/ris
Conclusions • All operating systems have a routing context • All major routing protocols have stable IPv6 • Support, and no major differences with IPv4 • In a dual-stack environment, some protocols are run with independent processes, one for IPv4 and a different one for IPv6 • About 13% of ASNs are already seen on the global IPv6 routing table
Routing Policy • What is a «routing policy» ? • Public description of the relationship between BGP (Border Gateway Protocol) peers • Routing policies enable route classification for importing and exporting routes • The goal of routing policies is to control traffic flows • The v4 policy may be different from the v6 policy (however, this may not be a best practice)
Routing Policy (2) • Why define a (public) routing policy ? • Documentation • Recreate your policy in case of loss of hardware/administrators • Allows automatic generation of router configurations • Provides routing security • Which routes to accept from each peer? • Helps in a BGP troubleshooting process
Routing Policy (3) • Reflects the AS’ goals • Which routes to accept from other AS’s • How to manipulate the accepted route • How to propagate routes through network • How to manipulate routes before they leave the AS • Which routes to send to third-party AS’s • AS = Autonomous System
Routing Policy (4) • Each Autonomous System has its own • routing policy towards other Networks • Each policy affects the way the global • network (i.e. Internet) behaves • Which means: • It’s very useful to know third party policies • A place to publish them is needed! • You can automatically configure border routers from that info, if you can rely on the quality of information
RPSL • RPSL stands for Routing Policy Specification • Language • Replacement for the language previously known as RIPE-181 • A tool to describe Inter-Domain Policies, it • affects: • People doing Local Internet Registry work • People dealing with border routers (i.e. BGP) • It is used for Internet network management. • It is NOT about Internal Routing!
RPSL • Object oriented language • It has classes used to defined the various objects • Uses RIR database style (whois) objects. • Each Object is a list of "attribute-value" pairs displayed in plain text. • person, maintainer, role • route • as-set, route-set • ...
Person Object - Example • person: Miguel Baptista • address: Example street Lisbon, Portugal • phone: +351 123 456 789 • e-mail: miguel.bap@example.org • nic-hdl: MB10-TEST • mnt-by: EXAMPLE-MNT • remarks: ********************************* • remarks: This object is only an example! • remarks: ********************************* • changed: carlos.friacas@example.org 20060228 • source: TEST
RPSLng is... • RPSL next generation • Yet another easy thing to have in place • one more item in the IPv6 check-list ;) • Yet another tool to help IPv6 development • in an «orderly» fashion; • Yet another way of showing people IPv6 is • not that much complex than IPv4.
RFC4012 (Mar 2005) • Backward Compatibility • Changes: • New dictionary attribute – AFI • New predifined dictionary type • New protocol dictionary specification • New policy attributes • New route6 class • New attribute in route-set class • New attribute in filter-set class • New attribute in peering-set class • New attribute in inet-rtr class • New attribute in rtr-set class
Evolution… • RIPE/NCC, APNIC and AFRINIC have a RPSLng compliant Whois service. • ARIN and LACNIC implement different languages • LIR admins when their networks deploy IPv6 need to rewrite their routing policies, to include: • IPv4 Unicast; • IPv4 Multicast; • IPv6 Unicast; • IPv6 Multicast (very, very few)
Objects - Examples #1 • Route6 route6: 2001:0760::/32 descr: GARR-IPv6 origin: AS137 mnt-by: GARR-LIR … • Peering-set peering-set: prng-ebgp-peers descr: TopneT IPv6 ebgp peers ... mp-peering: AS12533 2001:15A8:A:1::2 at 2001:15A8:A:1::3 mp-peering: AS5609 3FFE:1001:1:F036::1 at 3FFE:1001:1:F036::2 mp-peering: AS5602 2001:15A8:A:1::5 at 2001:15A8:A:1::4 ... mp-peering: AS6939 2001:470:1F01:FFFF::224 at 2001:470:1F01:FFFF::225 route & route6 objectsonlyexist in whois servers which are alsoroutingregistries (RR)
Objects - Examples #2 • Aut-Num aut-num: AS1853 as-name: ACOnet descr: ACOnet Backbone descr: AT remarks: =================================== remarks: #upstream: Sprint.net import: from AS1239 action pref=100; accept ANY export: to AS1239 announce AS-ACONET AND AS-SANET mp-import: afi ipv6.unicast from AS6175 accept ANY mp-export: afi ipv6.unicast to AS6175 announce AS-ACONET-V6 remarks: #upstream: GEANT.net import: from AS20965 action pref=100; accept ANY export: to AS20965 announce AS-ACONET AND AS-UNREN AND AS-ACOSERV mp-import: afi ipv6.unicast from AS20965 accept ANY mp-export: afi ipv6.unicast to AS20965 announce AS-ACONET-V6 remarks: =================================== ...
Objects - Examples #3 • Inet-rtr inet-rtr: BR1.mucI.baycix.net local-as: AS12657 ifaddr: 212.72.95.1 masklen 32 interface: 2001:1578:0:FFFF::1 masklen 128 interface: 2001:1578:0:FF::1 masklen 112 peer: BGP4 212.72.95.3 asno(AS12657) peer: BGP4 212.72.72.197 asno(AS29317) mp-peer: MPBGP 2001:1578:0:FFFF::2 asno(AS12657) ... • Route-set route-set: AS29670:RS-IN-BERLIN descr: Individual Network Berlin e.V. org: ORG-INBE1-RIPE mp-members: 192.109.21.0/24 mp-members: 217.197.80.0/20 mp-members: 2001:bf0:c000::/35 ...
Objects - Examples #4 • Filter-set filter-set: AS12817:fltr-BOGONS descr: Generic IPv4/IPv6 Prefix & AS filter mp-filter: { 10.0.0.0/8^+, 127.0.0.0/8^+, 169.254.0.0/16^+, 192.168.0.0/16^+, 0.0.0.0/0^25-32 } AND { 2001:db8::/32^+, 0000::/8^+, fe00::/9^+, ff00::/8^+, 0::/0^49-128 } AND <[AS64512-AS65534]> ...
Example – AS A Policy aut-num: AS 64600 as-name: AS A descr: This is AS A mp-import: afi ipv4.unicast,ipv6.unicast from AS64700 action pref=106; accept ANY; mp-export: afi ipv4.unicast,ipv6.unicast to AS64700 announce AS-A;
Example – AS B Policy aut-num: AS64700 as-name: AS B descr: AS B, This is AS B import: from AS64800 action pref=106; accept AS-C; import: from AS64900 action pref=106; accept AS-D; import: from AS64800 action pref=106; accept AS-A; mp-import: afi ipv4.multicast,ipv6.unicast from AS64800 action pref=106; accept AS-C; mp-import: afi ipv4.multicast,ipv6.unicast from AS64900 action pref=106; accept AS-D; mp-import: afi ipv6.unicast from AS64600 action pref=106; accept AS-A; export: to AS64800 announce ANY; export: to AS64900 announce ANY; export: to AS64600 announce ANY; mp-export: afi ipv4.multicast,ipv6.unicast to AS64800 announce ANY; mp-export: afi ipv4.multicast,ipv6.unicast to AS64900 announce ANY; mp-export: afi ipv6.unicast to AS64600 announce ANY
Example – AS C Policy aut-num: AS64800 as-name: AS C descr: AS C, This is AS C import: from AS64700 action pref=106; accept ANY mp-import: afi ipv4.multicast,ipv6.unicast from AS64700 action pref=106; accept ANY; mp-import: afi ipv6.multicast from AS D action pref=110; accept AS D export: to AS64700 announce AS C mp-export: afi ipv4.multicast,ipv6.unicast to AS64700 announce AS C; mp-export: afi ipv6.multicast to AS64900 announce AS C
Example – AS D Policy aut-num: AS64900 as-name: AS D descr: This is AS D mp-import: afi ipv4.unicast,ipv4.multicast,ipv6.unicast from AS64700 action pref=106; accept ANY; mp-import: afi ipv6.multicast from AS64800 action pref=110; accept AS-C mp-export: afi ipv4.unicast,ipv4.multicast,ipv6.unicast to AS64700 announce AS-D; mp-export: afi ipv6.multicast to AS64800 announce AS-D
RPSLng Tools • RIPE’s RPSLng Registry • IPv4 address -> inetnum, route, inet-rtr • IPv6 address -> inet6num, route6, inet-rtr • Inverse queries for aut-num -> route + route6 • Production Routing Policies • IRRToolSet • Suite of policy analysis tools • Possible usage: Updating BGP routing configurations • Produce Cisco & Juniper configuration • Managed by ISC: • http://www.isc.org/software/irrtoolset • ftp://ftp.isc.org/isc/IRRToolSet
RPSLng Tools • WHOISd • Free • ftp://ftp.ripe.net/ripe/dbase/software • Managed by RIPE • IRRd • Free • http://www.irrd.net • Managed by MERIT
RPSL is needed to coordinate global IPv4 routing policies. RPSLng is needed for the same purpose, but for IPv6. It’s rather simple, and someone already dealing with RPSL will easily start to use RPSLng when starting to route IPv6 packets. Several tools are freely available Conclusions