COS 561: Advanced Computer Networks BGP Policies Jennifer Rexford Fall 2016 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks http://www.cs.princeton.edu/courses/archive/fall16/cos561/
Outline BGP route selection Ensuring BGP stability (Multi-homed traffic engineering) Propane paper (Ryan Beckett)
BGP Route Selection
Border Gateway Protocol ASes exchange info about who they can reach IP prefix: block of destination IP addresses AS path: sequence of ASes along the path Policies configured by the AS’s operator Path selection: which of the paths to use? Path export: which neighbors to tell? 3 “12.34.158.0/24: path (2,1)” “12.34.158.0/24: path (1)” 2 1 data traffic data traffic 12.34.158.5
Applying Policy to Routes Import policy Filter unwanted routes from neighbor E.g. prefix that your customer doesn’t own Manipulate attributes to influence path selection E.g., assign local preference to favored routes Export policy Filter routes you don’t want to tell your neighbor E.g., don’t tell a peer a route learned from other peer Manipulate attributes to control what they see E.g., make a path look artificially longer than it is
BGP Policy: Influencing Decisions Open ended programming. Constrained only by vendor configuration language Apply Policy = filter routes & tweak attributes Apply Policy = filter routes & tweak attributes Receive BGP Updates Based on Attribute Values Transmit BGP Updates Best Routes Apply Import Policies Best Route Selection Best Route Table Apply Export Policies Install forwarding Entries for best Routes. IP Forwarding Table
BGP Decision Process on a Router Routing Information Base Store all BGP routes for each destination prefix Withdrawal message: remove the route entry Advertisement message: update the route entry Selecting the best route Consider all BGP routes for the prefix Apply rules for comparing the routes Select the one best route Use this route in the forwarding table Send this route to neighbors
BGP Decision Process Highest local preference Shortest AS path Set by import policies upon receiving advertisement Shortest AS path Included in the route advertisement Lowest origin type Included in advertisement or reset by import policy Smallest multiple exit discriminator Included in the advertisement or reset by import policy Smallest internal path cost to the next hop Based on intradomain routing protocol (e.g., OSPF) Smallest next-hop router id Final tie-break
Hot-Potato Routing dest multiple egress points New York San Francisco 9 10 ISP network this and the next slide explain the problem. explain egress point link weights determine both intradomain path and selection of egress points Dallas Hot-potato routing = route to closest egress point when there is more than one best BGP route to destination
Routing Policies Economics Traffic engineering Enforce business relationships Pick routes based on revenue and cost Get traffic out of the network as early as possible Traffic engineering Balance traffic over edge links Select routes with good end-to-end performance Security and scalability Filter routes that seem erroneous Prevent the delivery of unwanted traffic Limit the dissemination of small address blocks
BGP Stability Without Global Coordination http://www.cs.princeton.edu/courses/archive/fall16/cos561/papers/BGPstability01.pdf
Customer-Provider Relationship Customer pays provider for Internet access Provider exports customer’s routes to everybody Customer exports only to downstream customers Traffic to the customer Traffic from the customer advertisements d provider traffic provider customer d customer
Peer-Peer Relationship Peers exchange traffic between customers AS exports only customer routes to a peer AS exports a peer’s routes only to its customers Traffic to/from the peer and its customers advertisements peer peer traffic d
Three Restrictions on Policies Route export Do not export a route learned from one peers or provider, to another Route selection Prefer a route learned from a customer over a route learned from a peer or provider AS graph No cycle of provider-customer relationships Together: guarantee convergence to unique, stable route assignment
Valid and Invalid Paths Valid paths: “6 4 3 d” and “8 5 d” Invalid paths: “6 5 d” and “1 4 3 d” Valid paths: “1 2 d” and “7 d” Invalid path: “5 8 d” 1 2 3 4 d 5 6 Provider-Customer Peer-Peer 7 8
Solving the Convergence Problem Result Safety: guaranteed convergence to unique stable solution Inherent safety: holds under failures and policy changes Definitions System state: current best route at each AS Activating AS: re-do decision based on neighbor choices Sketch of (constructive) proof Find an activation sequence that leads to a stable state Any “fair” sequence (eventually) includes this sequence
Rough Sketch of the Proof Two phases Walking up the customer-provider hierarchy Walking down the provider-customer hierarchy 1 2 3 4 d 5 6 Provider-Customer Peer-Peer 7 8
System is stable because ASes act like this Two Interpretations System is stable because ASes act like this High-level argument Export and topology assumptions are reasonable Path selection rule matches with financial incentives Empirical results BGP routes for popular prefixes stable for ~10 days Most instability from a few flapping destinations ASes should follow rules for system stability Encourage operators to obey these guidelines … and provide ways to verify the configuration Need to consider more complex relationships
Multi-Homing
Why Connect to Multiple Providers? Reliability Reduced fate sharing Survive ISP failure Performance Multiple paths Select the best Financial Leverage through competition Game 95th-percentile billing model Provider 1 Provider 2
Outbound Traffic: Pick a BGP Route Easier to control than inbound traffic IP routing is destination based Sender determines where the packets go Control only by selecting the next hop Border router can pick the next-hop AS Cannot control selection of the entire path Provider 1 Provider 2 “(1, 3, 4)” “(2, 7, 8, 4)”
Outbound Traffic: Shortest AS Path No import policy on border router Pick route with shortest AS path Arbitrary tie break (e.g., router-id) Performance? Shortest path is not necessarily best Propagation delay or congestion Load balancing? Could lead to uneven split in traffic E.g., one provider with shorter paths E.g., too many ties with a skewed tie-break d s
Outbound Traffic: Primary and Backup Single policy for all prefixes High local-pref for session to primary provider Low load-pref for session to backup provider Outcome of BGP decision process Choose the primary provider whenever possible Use the backup provider when necessary But… What if you want to balance traffic load? What if you want to select better paths?
Outbound Traffic: Load Balancing Selectively use each provider Assign local-pref across destination prefixes Change the local-pref assignments over time Useful inputs to load balancing End-to-end path performance data E.g., active measurements along each path Outbound traffic statistics per destination prefix E.g., packet monitors or router-level support Link capacity to each provider Billing model of each provider
Outbound Traffic: What Kind of Probing? Lots of options HTTP transfer UDP traffic TCP traffic Traceroute Ping Pros and cons for each Accuracy Overhead Dropped by routers Sets off intrusion detection systems How to monitor the “paths not taken”?
Outbound Traffic: How Often to Change? Stub ASes have no BGP customers So, routing changes do not trigger BGP updates TCP flows that switch paths Out-of-order packets during transition Change in round-trip-time (RTT) Impact on the providers Uncertainty in the offered load Interaction with their own traffic engineering? Impact on other end users Good: move traffic off of congested paths Bad: potential oscillation as other stub ASes adapt?
Propane Paper Ryan Beckett