A Hierarchical Model for BGP Routing Policies Laurent Vanbever , - - PowerPoint PPT Presentation

A Hierarchical Model for BGP Routing Policies

Laurent Vanbever, Bruno Quoitin and Olivier Bonaventure

http://inl.info.ucl.ac.be

PRESTO’09

Friday, 21 Aug 2009

UCL, Belgium

Human factors are responsible for 50 to 80 percent of network device outages

Juniper Networks, What’s Behind Network Downtime?, 2008

2

Introduction and Motivation Towards a hierarchical model of routing policies Implementation Conclusion

A Hierarchical Model for BGP Routing Policies

Introduction and Motivation Towards a hierarchical model of routing policies Implementation Conclusion

A Hierarchical Model for BGP Routing Policies

All acceptable routes

BGP Loc-Rib

BGP Decision Process

Input filters Attribute Manipulation Input filters Attribute Manipulation Input filters Attribute Manipulation

...

Neighor1 Neighor2 Neighorn

Output filters Output filters Attribute Manipulation Output filters Attribute Manipulation

...

Neighor1 Neighor2 Neighorn

Best route to each destination

BGP Adj-RIB-In BGP Adj-RIB-Out

Attribute Manipulation

BGP sessions BGP sessions

A BGP Router at a Glance

5

All acceptable routes

BGP Loc-Rib

BGP Decision Process

Input filters Attribute Manipulation Input filters Attribute Manipulation

...

Neighor1 Neighor2 Neighorn

Output filters Attribute Manipulation

...

Neighor1 Neighor2 Neighorn

Best route to each destination

BGP Adj-RIB-In

Output filters Attribute Manipulation

BGP Adj-RIB-Out

Output filters Attribute Manipulation Input filters Attribute Manipulation

BGP sessions BGP sessions

Talk is about BGP Policies

6

BGP Policies give operators control over routes selection

Policies are mainly used to filter incoming routes

ignore routes you don’t want to consider

modify routes’ attributes

influence path selection modify the way routes are perceived

filter outgoing routes

enforce business relationships

7

BGP Policies are defined at different abstraction levels A C D B E

8

Some BGP Policies are defined

• n all sessions

A C D B E

9

all

Some BGP Policies are defined

• n groups of sessions

A D C

provider peer peer customer

B E

10

all group

Some BGP Policies are defined

• n AS sessions

A D C

sessions w/ A sessions w/ D session w/ B session w/ E

B E

11

all group as

Some BGP Policies are defined

• n invidivual sessions

A D C B E

sessions w/ RA1 sessions w/ RA2 sessions w/ RD1 sessions w/ RD2

12

all group as session

Some BGP Policies are defined

• n prefixes

A C D

120.104.0.0/16 MED: 0 100.104.0.0/16 MED: 0 120.104.0.0/16 MED: 10 100.104.0.0/16 MED: 0

B E

13

all group as session prefix

However, policies are often defined at low level

14

group session all

neighbor
206.196.178.45
{ 



description
"Mid‐Atlantic
Crossroads
(MAX)"; 



import
[
SANITY‐IN
SET‐CONNECTOR‐PREF
MAX‐IN
CONNECTOR‐IN
]; 



peer‐as
10886; } neighbor
192.88.192.137
{ 



description
OSCnet; 



import
[
SANITY‐IN
SET‐CONNECTOR‐PREF
OARNET‐IN
CONNECTOR‐IN
]; 



peer‐as
3112; } neighbor
204.238.76.5
{ 



description
"Drexel
University"; 



import
[
SANITY‐IN
SET‐CONNECTOR‐PREF
DREXEL‐IN
CONNECTOR‐IN
]; 



peer‐as
36412; } neighbor
192.88.115.24
{ 



description
3ROX; 



import
[
SANITY‐IN
SET‐CONNECTOR‐PREF
PSC‐IN
CONNECTOR‐IN
]; 



peer‐as
5050; } ... neighbor
199.18.156.241
{ 



description
"OSCnet
mcast‐only
for
their
non‐I2
customers"; 



import
[
SANITY‐IN
SET‐CONNECTOR‐PREF
CONNECTOR‐IN
]; 



peer‐as
600; }

Introduction and Motivation Towards a hierarchical model of routing policies Implementation Conclusion

A Hierarchical Model for BGP Routing Policies

15

Towards a hierarchical model

• f routing policies

Our model aims to express a policy at the appropriate level represent network-wide policies ease policy addition and modification be vendor agnostic

16

Our model at a glance

17

s1 s2 sN s1 sN s2

. . . . . .

BGP Session’s abstraction Chains of routing filters BGP Session’s abstraction associated to templates

Policies are modeled by chains a node is a sequence of rules a rule is a couple (predicate,template) a predicate conditions the association of the template to the session’s filters a template is a sequence of routing filters statements

Our model is structured around chains of filters

18

IMPORT

All Group Session Group Group

EXPORT

Group

S E T

• P

R E F

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S T R A N S I T

true, (r.pfx ∈ BOGONS) ⇒ reject

predicate template rule

S A N I T Y I N

Our model is structured around chains of filters

19

session

r : s :

route

IMPORT

All Group Session Group Group

EXPORT

Group

S A N I T Y I N S E T

• P

R E F

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S T R A N S I T

session

r : s :

route

s.group = CUST, r.comm ⊎ {CUST} s.group = PEER, r.comm ⊎ {PEER} s.group = PROV, r.comm ⊎ {PROV }

Our model is structured around chains of filters

20

Introduction and Motivation Towards a hierarchical model of routing policies Implementation Conclusion

A Hierarchical Model for BGP Routing Policies

21

Each BGP session is specified with a textual representation

BXL:CUST:2611:<130.104.0.2>:backup

How is it implemented ?

Predicates are modeled by regular expressions

s.type=backup
modeled
*.backup$

Templates are represented by using StringTemplate

policy‐statement
BACKUP‐PREF
{ 

term
down‐pref
{
 



then
{
 





local‐preference
subtract
$value$;
 





accept;
 ...

22

IMPORT

All Group Session Group Group

EXPORT

Group

S A N I T Y I N S E T

• P

R E F

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S T R A N S I T

How does it work ?

BXL:CUST:2611:<130.104.0.2>:backup

23

IMPORT

All Group Session Group Group

EXPORT

Group

S A N I T Y I N S E T

• P

R E F

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S T R A N S I T

BXL:CUST:2611:<130.104.0.2>:backup

(r.pfx ∈ BOGONS) ⇒ reject

24

How does it work ?

IMPORT

All Group Session Group Group

EXPORT

Group

S A N I T Y I N S E T

• P

R E F

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S T R A N S I T

BXL:CUST:2611:<130.104.0.2>:backup

(r.pfx ∈ BOGONS) ⇒ reject r.lp = 5000

25

How does it work ?

IMPORT

All Group Session Group Group

EXPORT

Group

S A N I T Y I N S E T

• P

R E F

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S T R A N S I T

BXL:CUST:2611:<130.104.0.2>:backup

(r.pfx ∈ BOGONS) ⇒ reject r.lp = 5000 r.lp = r.lp − 500

26

How does it work ?

IMPORT

All Group Session Group Group

EXPORT

Group

S A N I T Y I N S E T

• P

R E F

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S T R A N S I T

BXL:CUST:2611:<130.104.0.2>:backup

r.comm ⊎ {CUST}

(r.pfx ∈ BOGONS) ⇒ reject r.lp = 5000 r.lp = r.lp − 500

27

How does it work ?

IMPORT

All Group Session Group Group

EXPORT

Group

S A N I T Y I N S E T

• P

R E F

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S T R A N S I T

BXL:CUST:2611:<130.104.0.2>:backup

(r.pfx ∈ RIR PFX(s.asn)) ⇒ reject

r.comm ⊎ {CUST}

(r.pfx ∈ BOGONS) ⇒ reject r.lp = 5000 r.lp = r.lp − 500

28

How does it work ?

IMPORT

All Group Session Group Group

EXPORT

Group

S A N I T Y I N S E T

• P

R E F

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S T R A N S I T

BXL:CUST:2611:<130.104.0.2>:backup announce default route

(r.pfx ∈ RIR PFX(s.asn)) ⇒ reject

r.comm ⊎ {CUST}

(r.pfx ∈ BOGONS) ⇒ reject r.lp = 5000 r.lp = r.lp − 500

29

How does it work ?

IMPORT

All Group Session Group Group

EXPORT

Group

S E T

• P

R E F

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S T R A N S I T

BXL:PROVIDER:2611:<130.104.0.2>

S A N I T Y I N

30

How does it work ?

IMPORT

All Group Session Group Group

EXPORT

Group

S E T

• P

R E F

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S T R A N S I T

BXL:PROVIDER:2611:<130.104.0.2>

S A N I T Y I N

(r.pfx ∈ BOGONS) ⇒ reject

31

How does it work ?

IMPORT

All Group Session Group Group

EXPORT

Group

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S T R A N S I T

BXL:PROVIDER:2611:<130.104.0.2>

(r.pfx ∈ BOGONS) ⇒ reject

r.lp = 3000

S A N I T Y I N S E T

• P

R E F

32

How does it work ?

IMPORT

All Group Session Group Group

EXPORT

Group

S E T

• P

R E F

B A C K U P

• P

R E F

A L L O W

• R

I R

• P

F X S T R A N S I T

BXL:PROVIDER:2611:<130.104.0.2>

S A N I T Y I N

r.comm ⊎ {PROV }

(r.pfx ∈ BOGONS) ⇒ reject

r.lp = 3000

T A G I N C O M I N G

33

How does it work ?

IMPORT

All Group Session Group Group

EXPORT

Group

S E T

• P

R E F

B A C K U P

• P

R E F

T A G I N C O M I N G A L L O W

• R

I R

• P

F X S

BXL:PROVIDER:2611:<130.104.0.2>

S A N I T Y I N

r.comm ⊎ {PROV }

(r.pfx ∈ BOGONS) ⇒ reject

r.lp = 3000

((r.comm ∋ CUST) ∨ (r.pfx ∈ INTERNAL))

⇒ accept

T R A N S I T

34

How does it work ?

Introduction and Motivation Towards a hierarchical model of routing policies Implementation and Evaluation Conclusion

A Hierarchical Model for BGP Routing Policies

35

To Conclude

Our model offers a network-wide and vendor-agnostic way

• f configuring routing policies

detailed documentation quick and safe modifications/additions

36

A Hierarchical Model for BGP Routing Policies

Laurent Vanbever, Bruno Quoitin and Olivier Bonaventure

http://inl.info.ucl.ac.be

PRESTO’09

Friday, 21 Aug 2009

UCL, Belgium

Questions ?