1 / 25

BGP trends of an AS

BGP trends of an AS. Looking under the hood and diagnosing the noise. Stephan Millet Network Engineer Telstra. Intro. Informational Presentation 16 month data collection of the BGP activity of AS1221 Sept 2004 to Jan 2006 Analysis of the BGP behavior within the AS. Background on AS1221.

matthewrowland
Download Presentation

BGP trends of an AS

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. BGP trends of an AS Looking under the hood and diagnosing the noise. Stephan Millet Network Engineer Telstra

  2. Intro • Informational Presentation • 16 month data collection of the BGP activity of AS1221 • Sept 2004 to Jan 2006 • Analysis of the BGP behavior within the AS Background on AS1221 • Only run IP (no other protocol mixes) • Topology hasn’t changes in 3 years • Geographically confined to Australia • Only one transit provider • All Cisco (consistency in the BGP algorithm(?)) • Core acts as RR for all access routers • All eBGP is conducted on access • No dampening on transit paths

  3. n-1 BGP topology Sydney Canberra Brisbane Melbourne Perth Where all routers have an iBGP relationship with all other routers Adelaide

  4. Add a collector to the n-1 BGP topology Sydney Canberra Brisbane Melbourne Perth + Adelaide

  5. Turn on logging and wait 18 months Current configuration: ! hostname bgp-logger ! log file /data/bgp-mesh/mesh-log log trap informational log record-priority ! debug bgp updates ! router bgp 1221 <snip> + BGP: 192.168.1.1 rcvd UPDATE w/ attr: nexthop 203.62.252.59, origin ?, localpref 100, community 1221:500, originator 10.10.1.1, clusterlist 0.0.0.150 BGP: 192.168.1.1 rcvd 203.36.198.80/29 BGP: 192.168.1.1 rcvd 165.228.83.145/32 BGP: 172.16.1.5 rcvd UPDATE w/ attr: nexthop 0.0.0.0, origin i, localpref 0 BGP: 172.16.1.5 rcvd UPDATE about 58.163.130.105/32 -- withdrawn BGP: 172.16.1.5 rcvd UPDATE about 144.135.252.150/32 --withdrawn BGP: 172.16.1.5 rcvd UPDATE about 149.135.62.217/32 -- withdrawn Every 24hrs process the data and add an extra data point

  6. What the initial data shows

  7. Analysis of initial data set.or what happened in 16 months • 30% increase in AS1221’s BGP table • 176k to 228k prefixes • A doubling or greater in all other attributes • Prefix updates from 600k to 1.2M per day • BGP updates from 200k to 550k per day • A small amount of prefixes are creating a high portion noise • See ‘noisy 100’ later in presentation • ~10% - 15% of the prefixes in the BGP table will generate an update on a daily basis. • eBGP prefixes are noisier that iBGP prefixes • Though not for much longer • In 2004 eBGP to iBGP ratio was 4:1 • Now eBGP to iBGP ratio is passing 2:1 • The really big spikes. • Operational work on one or more cores e.g. IOS upgrade • The rebooting of the mesh-logger

  8. Looking at the trends.Raw daily data views Prefix updates are the new black pink

  9. Updates and Prefixes

  10. More going than coming ?

  11. ‘table size’ to ‘prefix updates ratio’

  12. ‘table size’ to ‘prefix updates’ ratio continued.. • By Jan 2006 the table to prefix noise ratio increased from 3:1 to 5:1 • Today for every prefix in the BGP table expect 5 prefix updates • Heading towards 10:1 by 2008 • With continued BGP table growth, expect 3.0M prefix updates per day. • How much of this is an artifact of the statistical technique (least squares best fit) and how much is a basic BGP artifact ?

  13. Forecast: number of prefix updates

  14. Forecast prefix updates continued... • Does it really matter ? • Hasn’t been a problem to date. • Traffic is low.. ~1.5kbps • What about the CPU and Memory on the RP ?

  15. What’s the CPU doing ? GRP-A/256Mb GRP-B/512Mb PRP-2/1Gb CRS-1/4Gb ?? Nov 2003 April 2004 Nov 2004 Mar 2006 Mar 2008

  16. What the memory is doing ? GRP-B to PRP2 upgrade

  17. Are we OK ? • Growth, growth and more growth • 2009 onwards may be the end of a PRP2. • Will probably run at 100% (1Min average) • What happens when the CPU receives updates faster than it can process them ? • AS’s flapping due to CPU issues will exacerbate the issue.

  18. Who are the culprits? Who’s been naughty and who’s been nice.

  19. Noisiest 100 Origin AS’s** ** Includes AS1221 as origin

  20. One AS to rule them all

  21. Info on AS9121 • Turk Telekom • Originate ~160 prefixes • Snapshot on Jan 30 2006 • Varying number of prefixes have an ‘origin’ tag of EGP • Using really old software or munging routing policy ? • These prefixes seem to oscillate at will #show ip route 85.100.117.0 Routing entry for 85.100.117.0/24 Known via "bgp 1221", distance 200, metric 0 Tag 4637, type internal * 203.50.13.38, from 203.62.252.26, 00:00:56 ago show ip bgp 85.100.117.0 BGP routing table entry for 85.100.117.0/24, version 114434062 Paths: (0 available, no best path)

  22. Noisiest 100 Prefixes** ** Includes AS1221 as origin

  23. One prefix to rule them all

  24. What can we do ? • Not run DFZ’s • Bigger processors, good for those that can afford it. • However come 2009, those that can’t need alternate steps or issue gets worse for everyone. • Limit updates ? • Turn on Flap Dampening ?

  25. Questions ?

More Related