620 likes | 624 Views
Learn about routing and forwarding, Internet routing protocols, BGP basics, decision process, and routing policies in this comprehensive guide presented by Dimitri Papadimitriou of Alcatel-Lucent BEL.
E N D
DCR ProjectInternet Routing System (BGP) Policy BasicsDimitri PapadimitriouAlcatel-Lucent BELLMay 3, 2010Alcatel-Lucent BELLAntwerpen, Belgium
Outline • Routing and forwarding • Internet Routing Protocols • Intra-domain routing • Inter-domain routing • Path vector routing • Policy routing • BGP basics • BGP decision process • BGP routing policies
Internet Routing Internet domains comprises devices called routers comprising a routing and a forwarding engine (and a management agent) Routing engine • Process routing information (exchanged between routers using a routing protocols such as BGP) so as to compute routes (using a shortest path algorithms) • Routes entries (composed by a destination, a next-hop interface, and a metric) are stored in routing tables (RT) • Routing entries are subsequently used by the forwarding engine Forwarding engine • Transfer incoming IP datagram to an outgoing interface directed towards a router closer (next-hop) to the traffic destination by performing a longest match prefix lookup on forwarding entries stored in forwarding tables (FT) using the incoming IP datagram destination address
Routing and Forwarding: overview Routing engine Routing information Routing information Routing info processing Routing stores routing table entries RT Forwarding engine I/f 1 IP datagram FT IP datagram Fwd’ing IP datagram I/f 2 • Routing • Components: routing information exchange (messaging), routing algorithm (processing), routing table (RT) • RT entries <destination prefix, next-hop, cost> • Routing algorithm output used to build RT entries • Forwarding • Components: processing, lookup, forwarding table (FT) • Directing incoming datagram to an outgoing interface • FT entries <destination prefix, next-hop interface>
Routing and Forwarding: overview • Routing functions implemented by routing engine • Messaging: routing information exchange/distribution • Processing of routing information: routing algorithm used to compute entries stored in routing table (RT) • Data structure part of routing engine: routing table (RT) whose entries <dest.prefix, next-hop, cost> Router Router Router Routing Protocol Routing Protocol Routing engine Routing engine Routing engine Routing RT RT RT The "best" paths selected from RIB built by the routing protocols are installed in the FIB Forwarding engine Forwarding engine Forwarding engine I/f I/f FT FT FT Fwd’ing
Routing Table (RT) • Repository storing in which all IP Routing protocols place all of their routes (routing entries stored in per protocol routing information base or RIB) • Routing table is not specific to any routing protocol, rather, it is the repository where all the routing protocols place all of their routes • Routes are inserted into the RT whenever a routing protocol learns/computes a new route (stored in routing protocol specific RIB) • When a destination becomes unreachable, the route is first marked unusable and later removed from the RT as per the specifications of the routing protocol they were learned from • Note: routing table entries are NOT used for forwarding IP datagrams
Routing Table vs Forwarding Table • Routing Table: table that contains all destinations to which the router may forward IP datagrams • Routing table entries can be used to populate the forwarding table based on some selection criteria • Routing table entries can also be used as a source to re-advertise routing information • Commonly the routing table contains multiple entries to the same destination (possibly with the same or different degree of preference and possibly advertised from multiple sources) • Forwarding Table: table containing the information necessary to forward IP datagrams • Describes a database indexing network prefixes versus router interface identifiers • At minimum, contains the interface identifier and next hop information for each reachable destination address prefix • Note: contains unique paths only (i.e. does not contain secondary paths)
Control Forwarding Pol Pol Shap. Shap. IP router architecture Class. Class. Routing table Routing protocol The "best" paths selected from the routing table built by the routing protocols are installed in the forwarding table IP packets IP packets Forwarding Table IP packets Forwarding decision based onlongest prefix match Update of TTL and checksum fields in IP packets
Outline • Routing and forwarding • Internet Routing Protocols • Intra-domain routing • Inter-domain routing • Path vector routing • BGP basics • BGP decision process • BGP routing policies
Internet Routing Protocols • Exterior Gateway Protocol (EGP) • Routing of IP packets between domains • Each domain is considered as a blackbox • Interior Gateway Protocol (IGP) • Routing of IP datagrams inside each domain • Only knows topology of its own domain (all routers within given AS managed by a single admin unit) Domain4 Domain2 Domain1 Domain3
Inter vs Intra-domain Routing Protocols IGP: Intra-domain routing (within AS) • Allow routers to transmit IP packets towards their destination along the best path = shortest-path (metrics: #hops, link cost) • IGP routing protocols: distance vector (RIPv2) or link state (OSPF) • All routers exchange routing information: each domain router can obtain routing information for the whole domain EGP: Inter-domain routing (between AS) • Routing policies based on business relationships • No common metrics, and limited cooperation • Policy-based, path-vector routing protocol: external/internal Border Gateway Protocol (eBGP/iBGP) BGP BGP BGP BGP AS 15 AS 76 IGP BGP BGP IGP
Inter vs Intra-domain Routing Protocols IGP: Intra-domain routing (within AS) • Allow routers to transmit IP packets towards their destination along the best path = shortest-path (metrics: #hops, link cost) • IGP routing protocols: distance vector (RIPv2) or link state (OSPF) • All routers exchange routing information: each domain router can obtain routing information for the whole domain EGP: Inter-domain routing (between AS) • Routing policies based on business relationships • No common metrics, and limited cooperation • Policy-based, path-vector routing protocol: external Border Gateway Protocol (eBGP) / internal Border Gateway Protocol (iBGP) eBGP eBGP iBGP IGP eBGP eBGP eBGP eBGP
Interdomain routing • Goals • Allow to transmit IP packets along the best path towards their destination through several transit domains while taking into account the routing policies of each domain without knowing the detailed topology of those domains • From an interdomain viewpoint,best path often means cheapest path • Each domain is free to specify inside its routing policy the domains for which it agrees to provide a transit service and the method it uses to select the best path to reach each destination
Interdomain Routing Protocols • Border Gateway Protocol (BGP) version 4 (RFC 4271) is an inter-domain routing protocol • Exchanges routing information between AS while guaranteeing loop-free path selection • BGP protocol is similar to Distance Vector, but called “Path Vector” instead • BGP router advertises in its vector only reachability information and associated path attributes to each destination (so, avoids loops), no costs or hop counts • Unlike IGPs, such as RIPv2, and OSPFv2, BGP does not use metrics like hop count, link cost, or delay. Instead, BGP performs its routing decisions (best path selection) based on network policies and route selection rules applied in sequence to various path attributes • Supports classless inter-domain routing (CIDR) and route aggregation • THE inter-domain routing protocol of the Internet
Outline • Routing and forwarding • Internet Routing Protocols • Intra-domain routing • Inter-domain routing • Routing policies/policy routing • Path vector routing • BGP basics • BGP decision process • BGP routing policies
Domains versus Autonomous Systems • The BGP interdomain routing protocol deals with Autonomous Systems (AS) • An AS is defined as a set of routers under a single technical administration ... that presents a consistent picture of what destinations are reachable through it • Each AS is identified by its AS number (ASN) • In practice • A domain is often equivalent to an AS • A domain may be composed of several ASes • Ex: Worldcom uses AS701, AS702, ... • Many domains do not have an AS number • Ex: small networks connected to one provider without using BGP
Types of domains • The Internet consists of routing domains: Autonomous Systems (AS) interconnected with each other: • Transit domain: provider, hooking many AS together • Stub domain: smaller corporation/domain • At least one and usually two connections to other domain • No transit service to other domains • Two-level routing • Intra-domain: administrator responsible for choice of routing protocol within network (usually link-state routing protocol) • Inter-domain: standard for interdomain routing: BGP
Types of domains S1 S4 S2 S3 T1 T2 T3 • Transit domain: allows external domains to use its own infrastructure to send packets to other domains • Stub domains • A stub domain does not allow external domains to use its infrastructure to send packets to other domains • A stub is connected to at least one transit domain • Single-homed stub : connected to one transit domain • Dual-homed stub : connected to two transit domains
Multihomed domains S3 T1 T2 T3 • Definition: use of redundant network links - connections to the same or different domain for the purposes of external connectivity • Objective • Robustness in case of failure (link, upstream domain) • Performance (load balancing) • Cost • Multi-homed stub AS: connectivity to multiple immediate upstream transit domains • Multi-homed transit AS
Types of interconnection AS 3 AS 1 AS 2 • Private interconnection • Private link: usually a leased line between two routers belonging to the two connected domains • Private Points of Presence (PoP): where ISP customers and other ISPs connect to it • Public interconnection: ISPs connect at public Points of Presence (PoP) called Network Access Point (NAP) • Usually Gigabit or higher Ethernet switch that interconnects routers belonging to different domains AS 1 R1 R2 AS 2 R2 Physical link Interdomain link R1 NAP R3
Routing policies • In theory, BGP allows each domain to define its own routing policy... • In practice there are three common policies • Customer-provider relationship • Customer domain/AS C buys Internet connectivity from provider domain/AS P • Customer C does not provide transit between two of his providers whereas a provider transits traffic for its customers • Shared-cost peering relationship • Domains/AS X and Y agree to exchange packets by usinga direct link or through an interconnection point • Peering AS exchange free of charge (an approximately even amount of) traffic between their respective customers • Mutual transit • Two Domains/AS in a mutual-transit relationship provide connectivity to the Internet for each other • AS may have multiple customers, providers, and peers
Customer Provider $ $ $ $ $ Customer-provider relationship AS7 AS3 AS4 AS1 AS2 • Principle • Customer sends to its provider its internal routes and the routes learned from its own customers • Provider will advertise those routes to the entire Internet to allow anyone to reach the Customer • Provider sends to its customers all known routes • Customer will be able to reach anyone on the Internet
Customer Provider $ $ $ $ $ Shared-cost peering relationship AS7 AS3 AS4 AS1 AS2 • Principle • Peer X sends to Peer Y its internal routes and the routes learned from its own customers • Peer Y will use shared link to reach Peer X and Peer X's customers • Peer X's providers are not reachable via the shared link • Peer Y sends to Peer X its internal routes and the routes learned from its own customers • Peer X will use shared link to reach Peer Y and Peer Y's customers • Peer Y's providers are not reachable via the shared link Shared-cost
$ $ Customer Provider $ $ $ $ $ $ Composition of Internet paths AS9 AS7 AS8 AS4 AS3 AS1 AS2 Shared-cost • Most Internet paths contain a sequence of • 0 or more Customer->Provider relationships • 0 or 1 Peer-to-Peer relationships • 0 or more Provider->Customer relationships
Outline • Routing and forwarding • Internet Routing Protocols • Intra-domain routing • Inter-domain routing • Path vector routing • BGP basics • BGP decision process • BGP routing policies
1.0.0.0/8 The Border Gateway Protocol prefix:1.0.0.0/8 AS Path: AS4:AS1 prefix:1.0.0.0/8 AS Path: AS1 prefix:1.0.0.0/8 AS Path: AS1 prefix:1.0.0.0/8 AS Path: AS2:AS4AS1 AS 4 AS 5 AS 2 AS 1 • Principle • Path vector protocol • BGP router advertises its best route to each destination • ... with incremental updates (exchanges of path vectors) • Advertisements are only sent when their content changes
''Origin'' of the routes announced by BGP • Where do the routes announced by a BGP router come from ? • Learned from other BGP routers • BGP router only propagates the received routes • Static configuration • BGP router is configured to advertise some prefixes • Drawback : requires manual configuration • Advantage : Stable set of advertised prefixes • Learned from an Interior Gateway Protocol • The prefixes received from the IGP are advertised by the BGP router usually as an aggregate • Advantage • BGP advertisements follow network state, prefix is automatically withdrawn by BGP it is not reachable via IGP • Drawback • BGP announcements will be unstable if IGP is unstable...
Policies and BGP • Two mechanisms to support policies in BGP • Each domain defines itself which is the best route to reach each destination based on the routes learned from its peers • The chosen best route is not necessarily the ''shortest'' route (shortest AS path) as with IGPs • Only the best route towards each destination can be announced to external peers • Each domain determines, on its own, which routes can be advertised to each peer • An AS does not necessarily advertise to all its neighbors all the routes that it knows
BGP: Principles of operation (1) • Principles: BGP relies on the incremental exchange of path vectors BGP session established overTCP connection between peers AS 3 R1 Each peer sends all its active routes BGP session R2 AS 4 As long as BGP session remains up Incrementally update BGP routing tables BGP Msgs
BGP: Principles of operation (2) • Simplified model of BGP • 2 types of BGP path vectors • UPDATE • Used to announce a route towards one prefix • Content of UPDATE • Destination address/prefix • Interdomain path used to reach destination (AS-Path) • Nexthop (address of the router advertising the route) • WITHDRAW • Used to indicate that a previously announced route is not reachable anymore • Content of WITHDRAW • Unreachable destination address/prefix
BGP Routing Policies • A domain specifies its routing policy by defining on each BGP router two sets of filters for each peer • Import filter • Specifies which routes can be accepted by the router among all the received routes from a given peer • Export filter • Specifies which routes can be advertised by the router to a given peer • Filters can be defined in Routing Policy Specification Language (RPSL)
BGP Routing Information Base (RIB) • BGP RIB consists of three distinct parts: • Adj-RIBs-In • Stores routing information learned from inbound UPDATE messages received from other BGP speakers • These routes are available as input to the Decision Process after applying Import Policy rules (import filter) • Loc-RIB • Contains the local routing information the BGP speaker selects by applying its local policies to the routing information contained in its Adj-RIBs-In • These are the routes that will be used by the local BGP speaker • Adj-RIBs-Out • Stores routing information the local BGP speaker selected for advertisement to its peers • This routing information will be carried in the local BGP speaker's UPDATE messages and advertised to its peers by means of the local speaker's UPDATE messages after applying Export Policy rules (export filter)
Conceptual model of a BGP router (1) BGP Adj-RIB-In All acceptableroutes Peer[N] BGP Adj-RIB-Out BGP Msgs from Peer[N] BGP Msgs to Peer[N] Peer[N] Peer[1] Import filter Attribute manipulation BGP Msgs from Peer[1] Peer[1] BGP Decision Process Export filter Attribute manipulation BGP Msgs to Peer[1] Import filter(Peer[i]) Determines which BGP Msgsare acceptable from Peer[i] One best route selection to each destination Export filter(Peer[i]) Determines which routes can be sent to Peer[i] BGP Loc-RIB BGP decision process selects the best route towards each destination BGP Loc-RIB:contains the routes that have been selected by the local BGP speaker's Decision Process
Conceptual model of a BGP router (2) Apply Export Policies Apply Import Policies Constrained by operator’s policies and configuration language Apply Policy = Input filtering of routes and treat attributes Apply Policy = Output filtering of routes and treat attributes Based on Attribute values Receive BGP Updates Send BGP Updates Route Selection (Rules) Loc-RIB Best routes Adj-RIB-Out Adj-RIB-In Install forwarding entries for best routes Adj-RIB-In: contains unprocessed routing information that has been advertised to the local BGP speaker by its peers Loc-RIB: contains the routes that have been selected by the local BGP speaker's Decision Process Adj-RIB-Out: contains the routes for advertisement to specific peers by means of the local speaker's UPDATE messages IP Forwarding Table
When an UPDATE message is received and validated and If the UPDATE message contains a feasible route, the Adj-RIB-In is updated with this route as follows: • If the NLRI of the new route is identical to the one the route currently has stored in the Adj-RIB-In • Then the new route SHALL replace the older route in the Adj-RIB-In, thus implicitly withdrawing the older route from service • Otherwise, if the Adj-RIB-In has no route with NLRI identical to the new route, the new route SHALL be placed in the Adj-RIB-In • Once the BGP speaker updates the Adj-RIB-In, the speaker SHALL run its Decision Process
BGP Decision Process • The Decision Process selects routes for subsequent advertisement by applying selection rules to the routes stored in its Adj-RIBs-In • The output of the Decision Process is the set of routes that will be advertised to peers; the selected routes will be stored in the local speaker's Adj-RIBs-Out (according to export policy) • The Decision Process operates on routes contained in the Adj-RIBs-In, and is responsible for • Selection of routes to be used locally by the speaker • Selection of routes to be advertised to other BGP peers • Route aggregation and route information reduction
BGP Decision Process: Phases • The Decision Process takes place in three distinct phases, each triggered by a different event: • Phase 1 is responsible for calculating the degree of preference for each route received from a peer • Phase 2 is invoked on completion of phase 1. It is responsible for choosing the best route per destination out of all those available, and for installing each chosen route into the Loc-RIB • Phase 3 is invoked after the Loc-RIB has been modified. It is responsible for disseminating routes in the Loc-RIB to each peer • Note: Route aggregation and information reduction can optionally be performed within this phase.
Phase 1 Apply Export Policies Apply Import Policies Receive BGP Updates Send BGP Updates Loc-RIB Best routes Route Selection (Rules) Adj-RIB-Out Adj-RIB-In Install forwarding entries for best routes • Phase 1: Computation of Degree of Preference • Invoked whenever the local BGP speaker receives, from a peer, an UPDATE message that advertises a new route, a replacement route, or withdrawn routes. • Locks an Adj-RIB-In prior to operating on any route contained within it, and unlocks it after operating on all new or unfeasible routes contained within it. • For each newly received or replacement feasible route, the local BGP speaker determines a degree of preference by computing the degree of preference based on preconfigured policy information IP Forwarding Table
Phase 2 Apply Export Policies Apply Import Policies Receive BGP Updates Send BGP Updates Loc-RIB Best routes Route Selection (Rules) Adj-RIB-Out Adj-RIB-In Install forwarding entries for best routes • Phase 2: Route Selection • For each set of destinations for which a feasible route exists in the Adj-RIBs-In, the local BGP speaker identifies the route that has: • a) the highest preference degree of any route to the same set of destinations, or • b) is the only route to that destination, or • c) is selected as a result of Phase 2 tie breaking rules • In its Adj-RIBs-In, a BGP speaker may have several routes to the same destination that have the same degree of preference • Local speaker select only one of these routes (with same degrees of preference) for inclusion in Loc-RIB IP Forwarding Table
BGP Route Selection Rules When a BGP speaker receives more than one route for the same IPv4 address prefix, the BGP route selection rules for route preference are used to choose which IPv4 route is installed by BGP • The tie-breaking algorithm begins by considering all equally preferable routes to the same destination, and then selects routes to be removed from consideration. • The algorithm terminates as soon as only one route remains in consideration. • The criteria MUST be applied in the order specified Note: not selected/unprocessed routing information is usually maintained in case currently selected information is being withdrawn or superseded Enforce relationships Highest Local Preference (local_pref) Shortest AS-PATH length For each AS NEXT-HOP, Lowest MED value Traffic Engineering iBGP < eBGP Lowest IGP cost to BGP egress Lowest router ID Tie breaker
Phase 2' Apply Export Policies Apply Import Policies Receive BGP Updates Send BGP Updates Loc-RIB Best routes Route Selection (Rules) Adj-RIB-Out Adj-RIB-In Install forwarding entries for best routes • Phase 2': Route installation • The local speaker then installs that route in the Loc-RIB, replacing any route to the same destination that is currently being held in the Loc-RIB. • When the new BGP route is installed in the Routing Table, care must be taken to ensure that existing routes to the same destination that are now considered invalid are removed from the Routing Table. IP Forwarding Table
Phase 3 Apply Export Policies Apply Import Policies Receive BGP Updates Loc-RIB Best routes Send BGP Updates Route Selection (Rules) Adj-RIB-Out Adj-RIB-In Install forwarding entries for best routes • Phase 3: Route dissemination • The Phase 3 decision function is invoked on completion of Phase 2 (blocked from running while the Phase 2 decision function is in process), or when any of the following events occur: • a) when routes in the Loc-RIB to local destinations have changed • b) when locally generated routes learned by means outside of BGP have changed • c) when a new BGP speaker connection has been established IP Forwarding Table • All routes in the Loc-RIB are processed into Adj-RIBs-Out according to configured policy. This policy MAY exclude a route in the Loc-RIB from being installed in a particular Adj-RIB-Out. • A route SHALL NOT be installed in the Adj-Rib-Out unless the destination, and NEXT_HOP described by this route, may be forwarded appropriately by the Routing Table. .
Phase 3' Apply Export Policies Apply Import Policies Receive BGP Updates Loc-RIB Best routes Send BGP Updates Route Selection (Rules) Adj-RIB-Out Adj-RIB-In Install forwarding entries for best routes • Phase 3': Update-Send process • When the updating of the Adj-RIBs-Out and the Routing Table is complete, the local BGP speaker runs the Update-Send process • The Update-Send process is responsible for advertising UPDATE messages to all peers. • For example, it distributes the routes chosen by the Decision Process to other BGP speakers, which may be located in either the same autonomous system or a neighboring autonomous system. IP Forwarding Table
+$ +$ -$ -$ Customer Provider $ local-pref and economical relationships Peer3 Peer2 Peer4 Cust2 Cust1 Peer1 Prov1 Prov2 AS1 Shared-cost • local-pref often used to enforce economical relationships Local-pref values setting by AS1 > 1000 for the routes received from a Customer 500 – 999 for the routes learned from a Peer < 500 for the routes learned from a Provider
Gao-Rexford Conditions • Assumptions • No Internet-wide global coordination instead search for constraints on local policies that would ensure global stability • Policies are typically constrained by the business relationships between neighboring ASes that affect how ASes select and export routes, and how new relationships form • Gao-Rexford (Safety) Conditions • Set of guidelines for ASs to apply in configuring their BGP routing policies (cf. local_pref settings) without requiring coordination with other ASs • Conforming to conventional traffic-engineering practices of ISPs • Providing each AS with significant flexibility in selecting its local policies • Ensuring route convergence even under changes in the topology and routing policies (following these guidelines guarantees route convergence) • Methodology • Exploiting Internet’s hierarchical structure and commercial relationships between ASs to impose a partial order on the set of routes to each destination • Applicable to verify the hierarchical AS relationship • Preserving ability of each AS to apply complex local policies without divulging its BGP configurations to others
Gao-Rexford Conditions 1. Prefer customer routes over peer or provider routes (Preference condition): • when selecting a route for a destination, an AS prefers a (revenue-generating) route through a customer over routes through a peer, and route through a peer over routes through provider AS1 --- +$ 0 AS2 AS4 -$ --- Note: With some restrictions on the graph composed of peer-to-peer relationships, it is also possible to allow an AS to give the same preference to a route via a customer or via a peer AS3
Gao-Rexford Conditions 2. Export only customer routes to peers or providers (Export condition): • Exporting to a provider: in exchanging routing information with a provider, an AS can export its routes and the routes of its customers, but can not export routes learned from other providers or peers => an AS does not provide transit services for its provider • Exporting to a customer: in exchanging routing information with a customer, an AS can export its routes, as well as routes learned from its providers and peers => an AS does provide transit services for its customers • Exporting to a peer: in exchanging routing information with a peer, an AS can export its routes and the routes of its customers, but can not export the routes learned from other providers or peers => an AS does not provide transit services for its peers AS1 AS2 AS3 AS1 AS2 AS3 AS6 AS5 AS4 AS6 AS5 AS4
Gao-Rexford Conditions 3. No cycle of customer-provider relationships (Topology condition): • no AS is its own direct or indirect provider: no customer-provider cycles (cannot be your own customer) • In the provider-to-customer directed graph, where the edges are directed from provider to customer, the resulting subgraph formed by only provider-customer relationships should be a directed acyclic graph (does not contain any cycle of provider-customer edges) $ AS2 AS4 $ $ AS3
Gao-Rexford Conditions • "Gao-Rexford conditions" ensure inter-domain routing system convergence to a stable state without global coordination • The “Gao-Rexford” conditions reflect common business practices in today’s Internet, which may explain why the inter-domain routing system is generally stable in practice • However, these conditions may be too restrictive for ISPs to offer customized route selection • In particular, ISPs may want to violate the preference condition to (1) have different preferences for different neighbors and (2) perhaps even prefer peer or provider routes for some (high-paying) customers Question: “Is customized route selection is possible without sacrificing global routing stability, and without imposing onerous restrictions on how ASes exploit the extra flexibility" • L. Gao and J. Rexford. Stable Internet routing without global coordination. IEEE/ACM Trans. Networking, December 2001.