Policy-Based Path-Vector Routing: Reading: Sections 4.3.3
Policy-Based Path-Vector Routing: Reading: Sections 4.3.3
Policy-Based Path-Vector Routing: Reading: Sections 4.3.3
1
Goals of Today’s Lecture
• Challenges of interdomain routing
– Scale, privacy, and policy
– Limitations of link-state and distance-vector routing
• Path-vector routing
– Faster loop detection than distance-vector routing
– More flexibility than shortest-path routing
• Border Gateway Protocol (BGP)
– Incremental, prefix-based, path-vector protocol
– Programmable import and export policies
– Multi-step decision process for selecting “best” route
• Multiple routers within an AS
• BGP convergence delay 2
Interdomain Routing
• AS-level topology
–Destinations are IP prefixes (e.g., 12.0.0.0/8)
–Nodes are Autonomous Systems (ASes)
–Links are connections & business relationships
4
3
5
2
7 6
1
Client Web server 3
Challenges for Interdomain Routing
• Scale
–Prefixes: 150,000-200,000, and growing
–ASes: 20,000 visible ones, and growing
–AS paths and routers: at least in the millions…
• Privacy
–ASes don’t want to divulge internal topologies
–… or their business relationships with neighbors
• Policy
–No Internet-wide notion of a link cost metric
–Need control over where you send traffic
–… and who can send traffic through you 4
Shortest-Path Routing is Restrictive
• All traffic must travel on shortest paths
• All nodes need common notion of link costs
• Incompatible with commercial relationships
National National YES
ISP1 ISP2
NO
Regional Regional Regional
ISP3 ISP2 ISP1
Cust1 5
Cust3 Cust2
Link-State Routing is Problematic
• Topology information is flooded
–High bandwidth and storage overhead
–Forces nodes to divulge sensitive information
• Disadvantages
–Minimizes some notion of total distance, which is
difficult in an interdomain setting
–Slow convergence due to the counting-to-infinity
problem (“bad news travels slowly”)
• Examples
–Node 2 may prefer the path “2, 3, 1” over “2, 1”
–Node 1 may not let node 3 hear the path “1, 2”
2 3
1
10
Border Gateway Protocol
• Interdomain routing protocol for the Internet
–Prefix-based path-vector protocol
–Policy-based routing based on AS Paths
–Evolved during the past 15 years
BGP session
Exchange all
active routes
AS2
While connection
Exchange incremental is ALIVE exchange
route UPDATE messages
updates
12
Incremental Protocol
• A node learns multiple paths to destination
–Stores all of the routes in a routing table
–Applies policy to select a single active route
–… and may advertise the route to its neighbors
• Incremental updates
–Announcement
Upon selecting a new active route, add node id to path
… and (optionally) advertise to each neighbor
–Withdrawal
If the active route is no longer available
… send a withdrawal message to the neighbors
13
BGP Route
• Destination prefix (e.g,. 128.112.0.0/16)
• Route attributes, including
– AS path (e.g., “7018 88”)
– Next-hop IP address (e.g., 12.127.0.121)
192.0.2.1 12.127.0.121
AS 7018
AT&T
AS 88 AS 12654
Princeton RIPE NCC
RIS project
128.112.0.0/16 128.112.0.0/16
AS path = 88 AS path = 7018 88 14
Next Hop = 192.0.2.1 Next Hop = 12.127.0.121
ASPATH Attribute AS 1129
128.112.0.0/16
AS Path = 1755 1239 7018 88 Global Access
128.112.0.0/16
AS 1755 128.112.0.0/16
AS Path = 1129 1755 1239 7018 88
AS Path = 1239 7018 88 Ebone
AS 1239 AS 12654
128.112.0.0/16 RIPE NCC
AS Path = 7018 88 RIS project
Sprint
128.112.0.0/16
AS7018 AS Path = 3549 7018 88
128.112.0.0/16
AS Path = 88
AT&T
AS 88 128.112.0.0/16
AS 3549
Princeton AS Path = 7018 88 Global Crossing
128.112.0.0/16
Prefix Originated 15
BGP Path Selection
• Simplest case AS 1129
–Shortest AS path Global Access
shortest-path routing
AS 3549
–Policy-based routing Global Crossing
16
BGP Policy: Applying Policy to Routes
• Import policy
–Filter unwanted routes from neighbor
E.g. prefix that your customer doesn’t own
–Manipulate attributes to influence path selection
E.g., assign local preference to favored routes
• Export policy
–Filter routes you don’t want to tell your neighbor
E.g., don’t tell a peer a route learned from other peer
–Manipulate attributes to control what they see
E.g., make a path look artificially longer than it is
17
BGP Policy: Influencing Decisions
Open ended programming.
Constrained only by vendor configuration language
Install forwarding
Entries for best
Routes.
IP Forwarding Table
18
Import Policy: Local Preference
• Favor one path over another
– Override the influence of AS path length
– Apply local policies to prefer a path
Local-pref = 90
AT&T Sprint
Local-pref = 100
Tier-2
Tier-3 Yale
19
Import Policy: Filtering
• Discard some route announcements
– Detect configuration mistakes and attacks
AT&T USLEC
Princeton
128.112.0.0/16 20
Export Policy: Filtering
• Discard some route announcements
– Limit propagation of routing information
• Examples
– Don’t announce routes from one peer to another
– Don’t announce routes for network-management hosts
network
Princeton operator
21
128.112.0.0/16
Export Policy: Attribute Manipulation
• Modify attributes of the active route
– To influence the way other ASes behave
• Example: AS prepending
– Artificially inflate the AS path length seen by others
– To convince some ASes to send traffic another way
88 88 Princeton 88
128.112.0.0/16 22
BGP Policy Configuration
• Routing policy languages are vendor-specific
– Not part of the BGP protocol specification
– Different languages for Cisco, Juniper, etc.
AS 4
AS 3
AS 2
24
AS 1
An AS is Not a Single Node
• Multiple routers in an AS
–Need to distribute BGP information within the AS
–Internal BGP (iBGP) sessions between routers
AS1
eBGP
iBGP
AS2
25
Internal BGP and Local Preference
• Example
– Both routers prefer the path through AS 100 on the left
– … even though the right router learns an external path
AS 200
AS 100 AS 300
I-BGP
AS 256
26
An AS is Not a Single Node
• Multiple connections to neighboring ASes
–Multiple border routers may learn good routes
–… with the same local-pref and AS path length
Multiple links
4
3
2
7 6
1
27
Hot-Potato (Early-Exit) Routing
• Hot-potato routing
– Each router selects the closest egress point
– … based on the path cost in intradomain protocol
10.1.1.1
192.0.2.129
Joining BGP with IGP Information
128.112.0.0/16
Next Hop = 192.0.2.1
128.112.0.0/16
10.10.10.10
AS 7018 192.0.2.1 AS 88
Forwarding Table
destination next hop
192.0.2.0/30 10.10.10.10
Forwarding Table
+ destination next hop
BGP 135.207.0.0/16
destination next hop 10.10.10.10
192.0.2.0/30 10.10.10.10
135.207.0.0/16 192.0.2.1
30
Some Routers Don’t Need BGP
• Customer that connects to a single upstream ISP
– The ISP can introduce the prefixes into BGP
– … and the customer can simply default-route to the ISP
Qwest
Nail up routes 130.132.0.0/16
pointing to Yale
AT&T USLEC
BGP
AS 88
Princeton University
128.112.0.0/16 32
Causes of BGP Routing Changes
• Topology changes
– Equipment going up or down
– Deployment of new routers or sessions
0 0
(1,0) (2,0) (2,0)
(1,2,0)
1 2 1 2
(3,1,0) (3,2,0)
3 3
35
Routing Change: Path Exploration
• AS 1
– Delete the route (1,0) 0
– Switch to next route (1,2,0)
– Send route (1,2,0) to AS 3 (2,0)
• AS 3
(1,2,0)
– Sees (1,2,0) replace (1,0)
– Compares to route (2,0)
1 2
– Switches to using AS 2
(3,2,0)
3
36
Routing Change: Path Exploration
(1,0) (2,0)
• Initial situation (2,1,0)
– Destination 0 is alive (1,2,0)
(1,3,0) (2,3,0)
– All ASes use direct path
(2,1,3,0)
• When destination dies
– All ASes lose direct path 1 2
– All switch to longer paths
– Eventually withdrawn 0
• E.g., AS 2
– (2,0) (2,1,0)
– (2,1,0) (2,3,0)
3 (3,0)
– (2,3,0) (2,1,3,0) (3,1,0)
– (2,1,3,0) null (3,2,0)
37
BGP Converges Slowly, if at All
• Path vector avoids count-to-infinity
– But, ASes still must explore many alternate paths
– … to find the highest-ranked path that is still available
• Fortunately, in practice
– Most popular destinations have very stable BGP routes
– And most instability lies in a few unpopular destinations
38
Conclusions
• BGP is solving a hard problem
– Routing protocol operating at a global scale
– With tens of thousands of independent networks
– That each have their own policy goals
– And all want fast convergence
39