Presentation is loading. Please wait.

Presentation is loading. Please wait.

BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged JaNOG / Kyushu 2005.07.28

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged JaNOG / Kyushu 2005.07.28"— Presentation transcript:

1

2 BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged timothy.griffin@cl.cam.ac.uk JaNOG / Kyushu 2005.07.28 http://www.cl.cam.ac.uk/~tgg22 randy bush

3 What is a BGP Wedgie? BGP policies make sense locally Interaction of local policies allows multiple stable routings Some routings are consistent with intended policies, and some are not –If an unintended routing is installed (BGP is “wedged”), then manual intervention is needed to change to an intended routing When an unintended routing is installed, no single group of network operators has enough knowledge to debug the problem ¾ wedgie full wedgie

4 ¾ Wedgie Example AS 1 implements backup link by sending AS 2 a “depref me” community. AS 2 implements this community so that the resulting local pref is below that of routes from it’s upstream provider (AS 3 routes) AS 1 AS 2 AS 3AS 4 customer provider peer provider customer provider backup link primary link

5 And the Routings are… AS 1 AS 2 AS 3AS 4 Intended Routing AS 1 AS 2 AS 3AS 4 Unintended Routing Note: This is easy to reach from the intended routing just by “bouncing” the BGP session on the primary link. Note: this would be the ONLY routing if AS2 translated its “depref me” community to a “depref me” community of AS 3

6 Recovery AS 1 AS 2 AS 3AS 4 AS 1 AS 2 AS 3AS 4 AS 1 AS 2 AS 3AS 4 Bring down AS 1-2 sessionBring it back up! Requires manual intervention Can be done in AS 1 or AS 2

7 What the heck is going on? There is no guarantee that a BGP configuration has a unique routing solution. –When multiple solutions exist, the (unpredictable) order of updates will determine which one is wins. There is no guarantee that a BGP configuration has any solution! –And checking configurations NP-Complete –Lab demonstrations of BGP configs never converging Complex policies (weights, communities setting preferences, and so on) increase chances of routing anomalies. –… yet this is the current trend!

8 Load Balancing Example primary link for prefix P1 backup link for prefix P2 AS 1 AS 2 AS 3AS 4 provider peer provider customer AS 5 customer primary link for prefix P2 backup link for prefix P1 Simple session reset my not work!!

9 Can’t un-wedge with session resets! 1 2 34 5 1 2 34 5 1 2 34 5 1 2 34 5 1 2 34 5 1—2 down1—5 down 1—2 up1—5 up P2 wedged P1 wedged INTENDED Reset 1—2 Reset 1—5 1 2 34 5 BOTH P1 & P2 wedged 1—2 & 1—5 down 1 2 34 5 1 2 34 5 1—2 & 1—5 down all up Note that when bringing all up we could actually land the system in any one of the 4 stable states --- depends on message order….

10 Recovery 1 2 34 5 1 2 34 5 1 2 34 5 1 2 34 5 1 2 34 5 1—2 down1—5 down 1—2 up1—5 up P2 wedged P1 wedged INTENDED Temporarily filter P2 from 1—5 session Temporarily filter P1 from 1—2 session Who among us could figure this one out? When 1—2 is in New York and 1—5 is in Tokyo?

11 AS 1 AS 2 AS 3AS 4 customer provider peer provider customer provider primary link Full Wedgie Example AS 5 backup links AS 1 implements backup links by sending AS 2 and AS 3 a “depref me” communities. AS 2 implements its community so that the resulting local pref is below that of its upstream providers and it’s peers (AS 3 and AS 5 routes) AS 5 implements its community so that the resulting local pref is below its peers (AS 2) but above that of its providers (AS 3) customer peer

12 And the Routings are… AS 1 AS 2 AS 3AS 4 AS 5 AS 1 AS 2 AS 3AS 4 AS 5 Intended Routing Unintended Routing

13 Resetting 1—2 does not help!! AS 1 AS 2 AS 3AS 4 AS 5 AS 1 AS 2 AS 3AS 4 AS 5 Bring down AS 1-2 session Bring up AS 1-2 session

14 Recovery AS 1 AS 2 AS 3AS 4 AS 5 AS 1 AS 2 AS 3AS 4 AS 5 Bring down AS 1-2 session AND AS 1-5 session AS 1 AS 2 AS 3AS 4 AS 5 A lot of “non-local” knowledge is required to arrive at this recovery strategy! Try to convince AS 5 and AS 1 that their session has be reset (or filtered) even though it is not associated with an active route! Bring up AS 1-2 session AND AS 1-5 session

15 That Can’t happen in MY network!! AU++ AP EMEA LA NA An “normal” global global backbone (ISP or Corporate Intranet) implemented with 5 regional ASes

16 The Full Wedgie Example, in a new Guise AU EMEA NAAP LA Intended Routing for some prefixes in AU, implemented with communities. DOES THIS LOOK FAMILIAR?? Message: Same problems can arise with “traffic engineering” across regional networks.

17 Recommendations Be aware of BGP Wedgies Preference-impacting Interdomain communities should be defined with care and consistently implemented (this may require translating and transiting communities).

18 References Internet Draft (grow working group): draft-ietf-grow-bgp-wedgies-03.txt Long-term solution? –Metarouting! –http://www.acm.org/sigs/sigcomm/sigcom m2005/techprog.html#session1

Download ppt "BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged JaNOG / Kyushu 2005.07.28"

Similar presentations

Introduction to IP Routing Geoff Huston. Routing How do packets get from A to B in the Internet? A B Internet.

Introduction to IP Routing Geoff Huston. Routing How do packets get from A to B in the Internet? A B Internet.
Data Mining Challenges for Network Management Nick Feamster, Georgia Tech Dave Andersen, CMU (joint with Jay Lepreau and Emulab)

Data Mining Challenges for Network Management Nick Feamster, Georgia Tech Dave Andersen, CMU (joint with Jay Lepreau and Emulab)
Multihoming and Multi-path Routing

Multihoming and Multi-path Routing
Multihoming and Multi-path Routing

Multihoming and Multi-path Routing
CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.
© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.
Does BGP Solve the Shortest Paths Problem? Timothy G. Griffin Joint work with Bruce Shepherd and Gordon Wilfong Bell Laboratories, Lucent Technologies.

Does BGP Solve the Shortest Paths Problem? Timothy G. Griffin Joint work with Bruce Shepherd and Gordon Wilfong Bell Laboratories, Lucent Technologies.
Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.

Fundamentals of Computer Networks ECE 478/578 Lecture #18: Policy-Based Routing Instructor: Loukas Lazos Dept of Electrical and Computer Engineering University.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
The need for BGP AfNOG Workshops Philip Smith. “Keeping Local Traffic Local”

The need for BGP AfNOG Workshops Philip Smith. “Keeping Local Traffic Local”
Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK

Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK
Interdomain Routing and The Border Gateway Protocol (BGP) CL Oct 27, 2004 Timothy G. Griffin Intel Research, Cambridge UK

Interdomain Routing and The Border Gateway Protocol (BGP) CL Oct 27, 2004 Timothy G. Griffin Intel Research, Cambridge UK
Best Practices for ISPs

Best Practices for ISPs
1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:

1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:
Tutorial 5 Safe Routing With BGP Based on: Internet.

Tutorial 5 Safe Routing With BGP Based on: Internet.
Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.

Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.
W4140 Network Laboratory Lecture 9 Nov 12 - Fall 2006 Shlomo Hershkop Columbia University.

W4140 Network Laboratory Lecture 9 Nov 12 - Fall 2006 Shlomo Hershkop Columbia University.
On the Death of BGP MSN July 8, 2004 Timothy G. Griffin Intel Research, Cambridge UK

On the Death of BGP MSN July 8, 2004 Timothy G. Griffin Intel Research, Cambridge UK
Stable Internet Routing Without Global Coordination Jennifer Rexford Princeton University Joint work with Lixin Gao (UMass-Amherst)

Stable Internet Routing Without Global Coordination Jennifer Rexford Princeton University Joint work with Lixin Gao (UMass-Amherst)
Dynamics of Hot-Potato Routing in IP Networks Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),

Dynamics of Hot-Potato Routing in IP Networks Renata Teixeira (UC San Diego) with Aman Shaikh (AT&T), Tim Griffin(Intel),

Similar presentations

Ads by Google