Presentation is loading. Please wait.

Presentation is loading. Please wait.

BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged NANOG 31 May 23-25, 2004 Timothy G. Griffin Intel Research, Cambridge UK

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged NANOG 31 May 23-25, 2004 Timothy G. Griffin Intel Research, Cambridge UK"— Presentation transcript:

1

2 BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged NANOG 31 May 23-25, 2004 Timothy G. Griffin Intel Research, Cambridge UK tim.griffin@intel.com http://www.cambridge.intel-research.net/~tgriffin/

3 BGP Wedgie BBP policies make sense locally Interaction of local policies allows multiple global solutions Some solutions are consistent with intended policies, and some are not Manual intervention is required to kick the system back to an intended solution When unintended solutions are installed, no single AS has enough global knowledge to effectively debug the problem

4 3 Shedding Inbound Traffic with ASPATH Prepending Prepending will (usually) force inbound traffic from AS 1 to take primary link AS 1 192.0.2.0/24 ASPATH = 2 2 2 customer AS 2 provider 192.0.2.0/24 backupprimary 192.0.2.0/24 ASPATH = 2 Yes, this is a Glorious Hack …

5 4 … But Padding Does Not Always Work AS 1 192.0.2.0/24 ASPATH = 2 2 2 2 2 2 2 2 2 2 2 2 2 2 customer AS 2 provider 192.0.2.0/24 ASPATH = 2 AS 3 provider AS 3 will send traffic on “backup” link because it prefers customer routes and local preference is considered before ASPATH length! Padding in this way is often used as a form of load balancing backupprimary

6 5 COMMUNITIES to the Rescue! AS 1 customer AS 2 provider 192.0.2.0/24 ASPATH = 2 AS 3 provider backupprimary 192.0.2.0/24 ASPATH = 2 COMMUNITY = 3:70 Customer import policy at AS 3: If 3:90 in COMMUNITY then set local preference to 90 If 3:80 in COMMUNITY then set local preference to 80 If 3:70 in COMMUNITY then set local preference to 70 AS 3: normal customer local pref is 100, peer local pref is 90

7 Don’t Celebrate Just Yet…. customer peering provider/customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) Now, customer wants a backup link to C…. provider/customer

8 Customer installs a “backup link” … customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) customer sends community that lowers local preference below a provider’s primary backup

9 Disaster Strikes! customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) primary backup customer is happy that backup was installed …

10 The primary link is repaired, yet routing does repair! customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) primary backup One “solution” --- reset BGP session on backup link! This is a stable BGP routing! Better --- C should translate its depref communities to those of Provider A when exporting routes to A.

11 Ouch LoadBalancer BELL NET NetNet (Tier 2) HappyPackets (Tier 2) backup primary CIRCUIT NET P1P2 backup primary

12 What the heck is going on? There is no guarantee that a BGP configuration has a unique routing solution. –When multiple solutions exist, the (unpredictable) order of updates will determine which one is wins. There is no guarantee that a BGP configuration has any solution! –And checking configurations NP-Complete Complex policies (weights, communities setting preferences, and so on) increase chances of routing anomalies. –… yet this is the current trend!

13 More fun with communities …. customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) backup I Provider D (Tier 2) backup II backup II: customer sends community that lowers preference below peer’s but above provider’s primary

14 Primary goes down! customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) backup I Provider D (Tier 2) backup II primary

15 Primary repaired customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) backup I Provider D (Tier 2) backup II primary

16 Reset Backup I session? First, take it down…. customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) backup I Provider D (Tier 2) backup II primary

17 Now Bring it up … customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) backup I Provider D (Tier 2) backup II primary “solution” --- reset BGP session on BOTH backup links simultaneously!

18 BGP Wedgie BBP policies make sense locally Interaction of local policies allows multiple global solutions Some solutions are consistent with intended policies, and some are not Manual intervention is required to kick the system back to an intended solution When unintended solutions are installed, no single AS has enough global knowledge to effectively debug the problem

19 Recommendations

20 Interdomain communities that can tweak a route’s preference should be defined with care and consistenty implemented.

Download ppt "BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged NANOG 31 May 23-25, 2004 Timothy G. Griffin Intel Research, Cambridge UK"

Similar presentations

Multihoming and Multi-path Routing

Multihoming and Multi-path Routing
Multihoming and Multi-path Routing

Multihoming and Multi-path Routing
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.

1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)

1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)
Does BGP Solve the Shortest Paths Problem? Timothy G. Griffin Joint work with Bruce Shepherd and Gordon Wilfong Bell Laboratories, Lucent Technologies.

Does BGP Solve the Shortest Paths Problem? Timothy G. Griffin Joint work with Bruce Shepherd and Gordon Wilfong Bell Laboratories, Lucent Technologies.
Part IV BGP Modeling. 2 BGP Is Not Guaranteed to Converge!  BGP is not guaranteed to converge to a stable routing. Policy inconsistencies can lead to.

Part IV BGP Modeling. 2 BGP Is Not Guaranteed to Converge!  BGP is not guaranteed to converge to a stable routing. Policy inconsistencies can lead to.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK

Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK
Interdomain Routing and The Border Gateway Protocol (BGP) CL Oct 27, 2004 Timothy G. Griffin Intel Research, Cambridge UK

Interdomain Routing and The Border Gateway Protocol (BGP) CL Oct 27, 2004 Timothy G. Griffin Intel Research, Cambridge UK
COMS W4995-1 COMS W4995-1 Lecture 6. Dynamic routing protocols II 1.Dynamic Routing Protocols: Link State Routing 2.Intra-Domain Routing Protocols: OSPF.

COMS W COMS W Lecture 6. Dynamic routing protocols II 1.Dynamic Routing Protocols: Link State Routing 2.Intra-Domain Routing Protocols: OSPF.
Interdomain Routing and The Border Gateway Protocol (BGP)

Interdomain Routing and The Border Gateway Protocol (BGP)
Swinog-3, 19 September 2001 Fabien Berger, BGP Oscillation …the Internet routing protocol is diverging! Fabien Berger CCIE#6143 IP-Plus.

Swinog-3, 19 September 2001 Fabien Berger, BGP Oscillation …the Internet routing protocol is diverging! Fabien Berger CCIE#6143 IP-Plus.
Part II: Inter-domain Routing Policies. March 8, 20042 What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!

Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!
STABLE PATH PROBLEM Presented by: Sangeetha A. J. Based on The Stable Path Problem and Interdomain Routing Timothy G. Griffin, Bruce Shepherd, Gordon Wilfong.

STABLE PATH PROBLEM Presented by: Sangeetha A. J. Based on The Stable Path Problem and Interdomain Routing Timothy G. Griffin, Bruce Shepherd, Gordon Wilfong.
An open problem in Internet Routing --- Policy Language Design for BGP Nov 3, 2003 Timothy G. Griffin Intel Research, Cambridge UK

An open problem in Internet Routing --- Policy Language Design for BGP Nov 3, 2003 Timothy G. Griffin Intel Research, Cambridge UK
1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:

1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
Tutorial 5 Safe Routing With BGP Based on: Internet.

Tutorial 5 Safe Routing With BGP Based on: Internet.
Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK

Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK
Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.

Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.

Similar presentations

Ads by Google