Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Router Configuration: From Data Mining to Policy Management

Published byRalf Blake Modified over 6 years ago

Similar presentations

Presentation on theme: "Network Router Configuration: From Data Mining to Policy Management"— Presentation transcript:

1 Network Router Configuration: From Data Mining to Policy Management
Context Proposition Comparison with other approaches State of the effort Next steps

2 Context IPeFR ARACS? Tools Configs DBMS Config Updates Routers

3 What We Learned Configuration errors are common
Error correction record is mixed Vendor dependence causes problems Automation is good

4 What Is the Problem Much of configuration is still manual (how much cut & paste is involved?) Those managing configurations have limited time Vendor expertise seems to be required for too much of provisioning management Many configuration errors are benign

5 Why Should We Care Some configuration errors are NOT benign
The network is becoming more complex The business is highly competitive Having the ability to manage routing policy in isolation may make us more responsive to our customers

6 Proposition Data model that stores pure policy (or as pure as we can make it) Compose complex policies as a composition of policy atoms Isolate vendor dependencies as much as possible

7 Proposition Manage BGP Attributes with tables giving them names and descriptions Names could be chosen by marketing Autogenerate policy documentation Manage Private AS allocation Use current address space management to generate customer specific prefix lists

8 Example CUST-FACE route map Deletes updates containing:
Default routes, Loopback addresses, Martians Reserved Community Values Peers, private AS’s, Confederations in AS Path Applies a mixture of: Local Preference Policy Route Scope Policy

9 Filter route-map CUST-FACE deny 10 match community 105
! 0:611 (0|7018): route-map CUST-FACE deny 20 match ip address prefix-list CF-martians ! Default route, loopback, martians route-map CUST-FACE deny 30 match as-path 99 ! Delete routes with as-paths containing peers, ! private AS’s, and Confederations

10 Communities only route-map CUST-FACE permit 100
match community 109 ! 7018: :20 set local-preference 90 set community 0: :2000 additive ! route-map CUST-FACE permit 102 match community 108 ! 7018: :20 set local-preference 80 route-map CUST-FACE permit 104 match community 107 ! 7018: :20 set local-preference 70

11 Add Address Matching route-map CUST-FACE permit 130
match ip address prefix-list CF-CIDR ! AT&T Addresses match community 139 ! 7018:90 set local-preference 90 set community 0: :2010 additive ! route-map CUST-FACE permit 132 match community 138 ! 7018:80 set local-preference 80

12 route-map CUST-FACE permit 140
match community 149 ! 7018:90 set local-preference 90 set community 0: :2000 additive ! Default is to advertise ! route-map CUST-FACE permit 142 match community 148 ! 7018:80 set local-preference 80 set community 0: :2000 additive route-map CUST-FACE permit 144 match community 147 ! 7018:70 set local-preference 70 route-map CUST-FACE permit 146

13 Community Table name value scope description ATTAGG : I Aggregated AT&T-owned addresses ATTAGG : I Aggregated AT&T-owned addresses ADVERTISE : I Non ATTAG routes with external visibility ADVERTISE : I Non ATTAG routes with external visibility NOEXPORT : I AT&T no-export community NOEXPORT : I AT&T no-export community NOPEER : I Routes not to be announced to peers NOPEER : I Routes not to be announced to peers NOCINFRA : I NOC infrastructure NOCINFRA : I NOC infrastructure NOCVIS : I Networks that must be visible to the NOC NOCVIS : I Networks that must be visible to the NOC PEER : I Routes learned from peers PEER : I Routes learned from peers EADV : E Client advertise request

14 Other Tables Resource Tables BadPrefixSpace RsrvdCommunitySpace
MartianSpace LocalSpace LocalAS PeerAS Community ExtendedCommunity Composition Tables CommunityCommunityIn CommunityCommunityOut CommunityPref PrefixCommunity AtomicTransformations CompositeTransformations

15 Benefits of This Approach
We can reason about and manage policy directly Change policy and let the tools generate vendor dependent configurations Vendor Independence more easily accomplished

16 Policy BGP policy expert Vendor A Vendor B

17 State of the Effort Vaporware alert We have some preliminary tables
We will be starting on a tool to generate Cisco configurations very soon

18 What’s Next Tools for configlet generation?
Tools for some other vendors router? Yet another routing policy language?

19 Acknowledgements Joel Gottlieb Albert Greenberg Tim Griffin
Harmen Van Der Linde

Download ppt "Network Router Configuration: From Data Mining to Policy Management"

Similar presentations

NOPEER Route Attribute Propose a well-known transitive advisory scope attribute Applied by originating AS to route prefixes Interpretable as advice to.

NOPEER Route Attribute Propose a well-known transitive advisory scope attribute Applied by originating AS to route prefixes Interpretable as advice to.
BGP Status Update Geoff Huston September 2002. 2 What Happening (AS4637) Date.

BGP Status Update Geoff Huston September What Happening (AS4637) Date.
Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.
Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.
1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.
BGP.

BGP.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Best Practices for ISPs

Best Practices for ISPs
An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.
APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.

APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.
Changed made by MF on 29/10/04 Delete Change Add –All slides Obtained Geoff Huston’s review – done on 26/10/2004 Obtained Doc Team’s proof read - done.

Changed made by MF on 29/10/04 Delete Change Add –All slides Obtained Geoff Huston’s review – done on 26/10/2004 Obtained Doc Team’s proof read - done.
The Border Gateway Protocol (BGP) Sharad Jaiswal.

The Border Gateway Protocol (BGP) Sharad Jaiswal.
Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.

Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.
Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.
© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-1 Integrating Internet Access with MPLS VPNs Implementing Internet Access as a Separate VPN.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-1 Integrating Internet Access with MPLS VPNs Implementing Internet Access as a Separate VPN.
Allocations vs Announcements A comparison of RIR IPv4 Allocation Records with Global Routing Announcements Geoff Huston May 2004 (Activity supported by.

Allocations vs Announcements A comparison of RIR IPv4 Allocation Records with Global Routing Announcements Geoff Huston May 2004 (Activity supported by.
BGP Policy Control.

BGP Policy Control.

Similar presentations

Ads by Google