Presentation is loading. Please wait.

Presentation is loading. Please wait.

Advanced Routing Nick Feamster Georgia Tech. Tutorial Outline Topology BGP IS-IS Business relationships BGP/MPLS VPNs.

Similar presentations

Presentation on theme: "Advanced Routing Nick Feamster Georgia Tech. Tutorial Outline Topology BGP IS-IS Business relationships BGP/MPLS VPNs."— Presentation transcript:

1 Advanced Routing Nick Feamster Georgia Tech

2 Tutorial Outline Topology BGP IS-IS Business relationships BGP/MPLS VPNs

3 Georgia Tech Internet Routing Overview Today: Intradomain (i.e., intra-AS) routing Monday: Interdomain routing Comcast Abilene AT&T Cogent Autonomous Systems (ASes)

4 Today: Routing Inside an AS Intra-AS topology –Nodes and edges –Example: Abilene Intradomain routing protocols –Distance Vector Split-horizon/Poison-reverse Example: RIP –Link State Example: OSPF, ISIS

5 Topology Design Where to place nodes? –Typically in dense population centers Close to other providers (easier interconnection) Close to other customers (cheaper backhaul) –Note: A node may in fact be a group of routers, located in a single city. Called a Point-of-Presence (PoP) Where to place edges? –Often constrained by location of fiber

6 Node Clusters: Point-of-Presence (PoP) A cluster of routers in a single physical location Inter-PoP links –Long distances –High bandwidth Intra-PoP links –Cables between racks or floors –Aggregated bandwidth PoP

7 Example: Abilene Network Topology

8 Another Example Backbone

9 Problem: Routing Routing: the process by which nodes discover where to forward traffic so that it reaches a certain node Within an AS: there are two styles –Distance vector: iterative, asynchronous, distributed –Link State: global information, centralized algorithm

10 Forwarding vs. Routing Forwarding: data plane –Directing a data packet to an outgoing link –Individual router using a forwarding table Routing: control plane –Computing paths the packets will follow –Routers talking amongst themselves –Individual router creating a forwarding table

11 Distance-Vector Routing Routers send routing table copies to neighbors Routers compute costs to destination based on shortest available path Based on Bellman-Ford Algorithm –d x (y) = min v { c(x,v) + d v (y) } –Solution to this equation is xs forwarding table xyz x015 y z xyz x y102 z xyz x y z520 y xz 1 2 5

12 Distance Vector Algorithm Iterative, asynchronous: each local iteration caused by: Local link cost change Distance vector update message from neighbor Distributed: Each node notifies neighbors only when its DV changes Neighbors then notify their neighbors if necessary wait for (change in local link cost or message from neighbor) recompute estimates if DV to any destination has changed, notify neighbors Each node:

13 Good News Travels Quickly When costs decrease, network converges quickly xyz x013 y102 z320 xyz x013 y102 z320 xyz x013 y102 z320 y xz 1 2 5

14 Problem: Bad News Travels Slowly y xz 1 2 50 60 xyz x0 50 y502 z320 xyz x06050 y502 z720 Note also that there is a forwarding loop between y and z.

15 This continues… Question: How long does this continue? Answer: Until zs path cost to x via y is greater than 50. y xz 1 2 50 60 xyz x0 50 y502 z320 xyz x06050 y502 z720

16 Solution: Poison Reverse If z routes through y to get to x, z advertises infinite cost for x to y Does poison reverse always work? xyz x013 y102 z320 xyz x01X y102 zX20 xyz x013 y102 z320 y xz 1 2 5

17 Does Poison Reverse Always Work? y x z 1 3 50 60 w 1 1

18 Routing Information Protocol (RIP) Distance vector protocol –Nodes send distance vectors every 30 seconds –… or, when an update causes a change in routing Link costs in RIP –All links have cost 1 –Valid distances of 1 through 15 –… with 16 representing infinity –Small infinity smaller counting to infinity problem

19 Link-State Routing Keep track of the state of incident links –Whether the link is up or down –The cost on the link Broadcast the link state –Every router has a complete view of the graph Compute Dijkstras algorithm Examples: –Open Shortest Path First (OSPF) –Intermediate System – Intermediate System (IS-IS)

20 Link-State Routing Idea: distribute a network map Each node performs shortest path (SPF) computation between itself and all other nodes Initialization step –Add costs of immediate neighbors, D(v), else infinite –Flood costs c(u,v) to neighbors, N For some D(w) that is not in N –D(v) = min( c(u,w) + D(w), D(v) )

21 Detecting Topology Changes Beaconing –Periodic hello messages in both directions –Detect a failure after a few missed hellos Performance trade-offs –Detection speed –Overhead on link bandwidth and CPU –Likelihood of false detection hello

22 Broadcasting the Link State Flooding –Node sends link-state information out its links –The next node sends out all of its links except the one where the information arrived X A CBD (a) XA C BD (b) X A CB D (c) XA CBD (d)

23 Broadcasting the Link State Reliable flooding –Ensure all nodes receive the latestlink-state information Challenges –Packet loss –Out-of-order arrival Solutions –Acknowledgments and retransmissions –Sequence numbers –Time-to-live for each packet

24 When to Initiate Flooding Topology change –Link or node failure –Link or node recovery Configuration change –Link cost change Periodically –Refresh the link-state information –Typically (say) 30 minutes –Corrects for possible corruption of the data

25 Scaling Link-State Routing Message overhead –Suppose a link fails. How many LSAs will be flooded to each router in the network? Two routers send LSA to A adjacent routers Each of A routers sends to A adjacent routers … –Suppose a router fails. How many LSAs will be generated? Each of A adjacent routers originates an LSA …

26 Scaling Link-State Routing Two scaling problems –Message overhead: Flooding link-state packets –Computation: Running Dijkstras shortest-path algorithm Introducing hierarchy through areas Area 0 area border router

27 Link-State vs. Distance-Vector Convergence –DV has count-to-infinity –DV often converges slowly (minutes) –DV has timing dependences –Link-state: O(n 2 ) algorithm requires O(nE) messages Robustness –Route calculations a bit more robust under link-state –DV algorithms can advertise incorrect least-cost paths –In DV, errors can propagate (nodes use each others tables) Bandwidth Consumption for Messages –Messages flooded in link state

28 Open Shortest Paths First (OSPF) Key Feature: hierarchy Networks routers divided into areas Backbone area is area 0 Area 0 routers perform SPF computation –All inter-area traffic travles through Area 0 routers (border routers) Area 0

29 Another Example: IS-IS Originally: ISO Connectionless Network Protocol – CLNP: ISO equivalent to IP for datagram delivery services – ISO 10589 or RFC 1142 Later: Integrated or Dual IS-IS (RFC 1195) – IS-IS adapted for IP – Doesnt use IP to carry routing messages OSPF more widely used in enterprise, IS-IS in large service providers

30 Area 49.001 Area 49.0002 Level-1 Routing Level-2 Routing Level-1 Routing Backbone Hierarchical Routing in IS-IS Like OSPF, 2-level routing hierarchy –Within an area: level-1 –Between areas: level-2 –Level 1-2 Routers: Level-2 routers may also participate in L1 routing

31 ISIS on the Wire…

32 IS-IS Configuration on Abilene (atlang) lo0 { unit 0 { …. family iso { address 49.0000.0000.0000.0014.00; } …. } isis { level 2 wide-metrics-only; /* OC192 to WASHng */ interface so-0/0/0.0 { level 2 metric 846; level 1 disable; } Only Level 2 IS-IS in Abilene ISO Address Configured on Loopback Interface

33 Interdomain Routing Todays interdomain routing protocol: BGP –BGP route attributes Usage Problems –Business relationships See (Chapter 2.1-2.3) for good coverage of this topic.

34 Internet Routing Large-scale: Thousands of autonomous networks Self-interest: Independent economic and performance objectives But, must cooperate for global connectivity Comcast Abilene AT&T Cogent Georgia Tech The Internet

35 Internet Business Model (Simplified) Customer/Provider: One AS pays another for reachability to some set of destinations Settlement-free Peering: Bartering. Two ASes exchange routes with one another. Provider Peer Customer Preferences implemented with local preference manipulation Destination Pay to use Get paid to use Free to use

36 Relationship #1: Customer-Provider Filtering –Routes from customer: to everyone –Routes from provider: only to customers providers customer From the customer To other destinations advertisements traffic From other destinations To the customer customer providers

37 Relationship #2: Peering Filtering –Routes from peer: only to customers –No routes from other peers or providers advertisements traffic customer peer

38 The Business Game and Depeering Cooperative competition (brinksmanship) Much more desirable to have your peers customers –Much nicer to get paid for transit Peering tiffs are relatively common 31 Jul 2005: Level 3 Notifies Cogent of intent to disconnect. 16 Aug 2005: Cogent begins massive sales effort and mentions a 15 Sept. expected depeering date. 31 Aug 2005: Level 3 Notifies Cogent again of intent to disconnect (according to Level 3) 5 Oct 2005 9:50 UTC: Level 3 disconnects Cogent. Mass hysteria ensues up to, and including policymakers in Washington, D.C. 7 Oct 2005: Level 3 reconnects Cogent During the outage, Level 3 and Cogents singly homed customers could not reach each other. (~ 4% of the Internets prefixes were isolated from each other)

39 Depeering Continued Resolution… …but not before an attempt to steal customers! As of 5:30 am EDT, October 5th, Level(3) terminated peering with Cogent without cause (as permitted under its peering agreement with Cogent) even though both Cogent and Level(3) remained in full compliance with the previously existing interconnection agreement. Cogent has left the peering circuits open in the hope that Level(3) will change its mind and allow traffic to be exchanged between our networks. We are extending a special offering to single homed Level 3 customers. Cogent will offer any Level 3 customer, who is single homed to the Level 3 network on the date of this notice, one year of full Internet transit free of charge at the same bandwidth currently being supplied by Level 3. Cogent will provide this connectivity in over 1,000 locations throughout North America and Europe.

40 Internet Routing Protocol: BGP Route Advertisement Autonomous Systems (ASes) Session Traffic DestinationNext-hopAS Path 10578..2637 174… 2637

41 Two Flavors of BGP External BGP (eBGP): exchanging routes between ASes Internal BGP (iBGP): disseminating routes to external destinations among the routers within an AS eBGP iBGP Question: Whats the difference between IGP and iBGP?

42 Example BGP Routing Table > show ip bgp Network Next Hop Metric LocPrf Weight Path *>i3.0.0.0 0 110 0 3356 701 703 80 i *>i4.0.0.0 0 110 0 3356 i *>i4.21.254.0/23 49 110 0 1239 1299 10355 10355 i * i4.23.84.0/22 112 110 0 1239 6461 20171 i The full routing table > show ip bgp BGP routing table entry for Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer 10578 11537 10490 2637 from ( Origin IGP, metric 0, localpref 150, valid, internal, best Community: 10578:700 11537:950 Last update: Sat Jan 14 04:45:09 2006 Specific entry. Can do longest prefix lookup: Prefix AS path Next-hop

43 Routing Attributes and Route Selection Local preference: numerical value assigned by routing policy. Higher values are more preferred. AS path length: number of AS-level hops in the path Multiple exit discriminator (MED): allows one AS to specify that one exit point is more preferred than another. Lower values are more preferred. eBGP over iBGP Shortest IGP path cost to next hop: implements hot potato routing Router ID tiebreak: arbitrary tiebreak, since only a single best route can be selected BGP routes have the following attributes, on which the route selection process is based:

44 Other BGP Attributes Next-hop: IP address to send packets en route to destination. (Question: How to ensure that the next-hop IP address is reachable?) Community value: Semantically meaningless. Used for passing around signals and labelling routes. More in a bit. Next-hop: iBGP Next-hop:

45 Local Preference Control over outbound traffic Not transitive across ASes Coarse hammer to implement route preference Useful for preferring routes from one AS over another (e.g., primary-backup semantics) Primary Backup Higher local pref Lower local pref Destination

46 Communities and Local Preference Customer expresses provider that a link is a backup Affords some control over inbound traffic More on multihoming, traffic engineering in Lecture 7 Primary Backup Backup Community Destination

47 AS Path Length Among routes with highest local preference, select route with shortest AS path length Shortest AS path != shortest path, for any interpretation of shortest path Destination Traffic

48 AS Path Length Hack: Prepending Attempt to control inbound traffic Make AS path length look artificially longer How well does this work in practice vs. e.g., hacks on longest-prefix match? D AS 1 AS 2 AS 3 AS 4 AS Path: 1 AS Path: 1 1 AS Path: 3 1 1 AS Path: 2 1 Traffic

49 Multiple Exit Discriminator (MED) Mechanism for AS to control how traffic enters, given multiple possible entry points. I San Francisco New York Los Angeles Dest. Traffic MED: 10 MED: 20

50 Hot-Potato Routing Prefer route with shorter IGP path cost to next-hop Idea: traffic leaves AS as quickly as possible I New YorkAtlanta Washington, DC 5 10 Dest. Common practice: Set IGP weights in accordance with propagation delay (e.g., miles, etc.) Traffic

51 Problems with Hot-Potato Routing Small changes in IGP weights can cause large traffic shifts I San Fran New York LA 5 10 Dest. Question: Cost of sub- optimal exit vs. cost of large traffic shifts Traffic 11

52 MPLS Overview Main idea: Virtual circuit –Packets forwarded based only on circuit identifier Destination Source 1 Source 2 Router can forward traffic to the same destination on different interfaces/paths.

53 Circuit Abstraction: Label Swapping Label-switched paths (LSPs): Paths are named by the label at the paths entry point At each hop, label determines: –Outgoing interface –New label to attach Label distribution protocol: responsible for disseminating signalling information A 1 2 3 A 2D Tag Out New D

54 Layer 3 Virtual Private Networks Private communications over a public network A set of sites that are allowed to communicate with each other Defined by a set of administrative policies –determine both connectivity and QoS among sites –established by VPN customers –One way to implement: BGP/MPLS VPN mechanisms (RFC 2547)

55 Building Private Networks Separate physical network –Good security properties –Expensive! Secure VPNs –Encryption of entire network stack between endpoints Layer 2 Tunneling Protocol (L2TP) –PPP over IP –No encryption Layer 3 VPNs Privacy and interconnectivity (not confidentiality, integrity, etc.)

56 Layer 2 vs. Layer 3 VPNs Layer 2 VPNs can carry traffic for many different protocols, whereas Layer 3 is IP only More complicated to provision a Layer 2 VPN Layer 3 VPNs: potentially more flexibility, fewer configuration headaches

57 Layer 3 BGP/MPLS VPNs Isolation: Multiple logical networks over a single, shared physical infrastructure Tunneling: Keeping routes out of the core VPN A/Site 1 VPN A/Site 2 VPN A/Site 3 VPN B/Site 2 VPN B/Site 1 VPN B/Site 3 CE A1 CE B3 CE A3 CE B2 CE A2 CE 1 B1 CE 2 B1 PE 1 PE 2 PE 3 P1P1 P2P2 P3P3 10.1/16 10.2/16 10.3/16 10.1/16 10.2/16 10.4/16 BGP to exchange routes MPLS to forward traffic

58 High-Level Overview of Operation IP packets arrive at PE Destination IP address is looked up in forwarding table Datagram sent to customers network using tunneling (i.e., an MPLS label-switched path)

59 BGP/MPLS VPN key components Forwarding in the core: MPLS Distributing routes between PEs: BGP Isolation: Keeping different VPNs from routing traffic over one another –Constrained distribution of routing information –Multiple virtual forwarding tables Unique addresses: VPN-IP4 Address extension

60 Layer 3 VPNs IBGP CORE EBGP Vanilla Layer 3 VPNs: All customer routes in the core MPLS CORE BGP/MPLS VPNs: BGP between PEs; MPLS in the core LDP PE PP Site 1 Site 2 Site 1 Site 2

61 Problems Introduced by Layer 3 VPNs Overlapping address space in forwarding table –Solution: Virtual routing and forwarding table (VRF) Overlapping address space in BGP routes –Solution: Route distinguisher--- 8-byte VPN-specific identifier prepended to each IP address –Typically, one route distinguisher per VPN –New VPN-IP address family –Routes carried with multi-protocol BGP Filtering routes from routes not at that site –Route target: basically a special BGP community value

62 Virtual Routing and Forwarding Separate tables per customer at each router RD: Green RD: Blue Customer 1 Customer 2 Customer 1 Customer 2

63 Routing: Constraining Distribution Performed by Service Provider using route filtering based on BGP Extended Community attribute – BGP Community is attached by ingress PE route filtering based on BGP Community is performed by egress PE Site 1Site 2Site 3 Static route, RIP, etc. RD: Route target: Green Next-hop: A A BGP

64 BGP/MPLS VPN Routing in Cisco IOS ip vrf Customer_A rd 100:110 route-target export 100:1000 route-target import 100:1000 ! ip vrf Customer_B rd 100:120 route-target export 100:2000 route-target import 100:2000 Customer ACustomer B

65 Forwarding PE and P routers have BGP next-hop reachability through the backbone IGP Labels are distributed through LDP (hop-by-hop) corresponding to BGP Next-Hops Two-Label Stack is used for packet forwarding Top label indicates Next-Hop (interior label) Second level label indicates outgoing interface or VRF (exterior label) IP Datagram Label 2 Label 1 Layer 2 Header Corresponds to LSP of BGP next-hop (PE) Corresponds to VRF/interface at exit

66 Forwarding in BGP/MPLS VPNs Step 1: Packet arrives at incoming interface –Site VRF determines BGP next-hop and Label #2 IP Datagram Label 2 Step 2: BGP next-hop lookup, add corresponding LSP (also at site VRF) IP Datagram Label 2 Label 1

67 Scalability Problems Lots of customers leads to explosion of routing tables How to ensure that no single router needs to carry state for all customers?

68 Other Uses for MPLS/Tunneling Reducing state in network core –Internal routers no longer need paths for every destination Traffic engineering –Can shift traffic based on virtual circuits, not just destination prefixes

69 Open Research Questions Static configuration analysis for enforcing isolation and other security policies –Easier, in some sense, since security (reachability) policies are likely easier to encode

Download ppt "Advanced Routing Nick Feamster Georgia Tech. Tutorial Outline Topology BGP IS-IS Business relationships BGP/MPLS VPNs."

Similar presentations

Ads by Google