CS519: Computer Networks Lecture 4, Part 5: Mar 1, 2004 Internet - - PowerPoint PPT Presentation

cs519 computer networks
SMART_READER_LITE
LIVE PREVIEW

CS519: Computer Networks Lecture 4, Part 5: Mar 1, 2004 Internet - - PowerPoint PPT Presentation

Apr 04, 2024 132 likes •510 views

CS519: Computer Networks Lecture 4, Part 5: Mar 1, 2004 Internet Routing: ASs, igp, and BGP CS519 As we said earlier, the Internet is composed of Autonomous Systems (ASs) Where each AS is a set of routers, links, and hosts And

slide-1
SLIDE 1

CS519: Computer Networks

Lecture 4, Part 5: Mar 1, 2004 Internet Routing:

slide-2
SLIDE 2

CS519

AS’s, igp, and BGP

As we said earlier, the Internet is

composed of Autonomous Systems (ASs)

Where each AS is a set of routers,

links, and hosts

And is controlled by a single

administration (autonomous)

An ISP, a large enterprise (Cornell),

etc.

slide-3
SLIDE 3

CS519

AS’s, igp, and BGP

Internally, each AS can run any routing

protocol it wants

“interior gateway protocol”, or igp Examples: RIP, OSPF, IS-IS ASs run BGP between them Border Gateway Protocol Though many stub ASs don’t run BGP, but

simply default to their ISP

The ISP runs BGP “on their behalf”

slide-4
SLIDE 4

CS519

AS’s, igp, and BGP

slide-5
SLIDE 5

CS519

Border routers run both BGP and the igp

slide-6
SLIDE 6

CS519

Two routing protocols, one FIB?

slide-7
SLIDE 7

CS519

Importing and exporting routes

Routing algorithms have to “originate”

routes

Which means that the routing algorithm has

to “import” the route in some way other than getting it from a neighbor router

Two ways: From configuration (iface1 has prefix P . . .) From another routing algorithm! Likewise, routing algorithms can “export”

routes

slide-8
SLIDE 8

CS519

Importing and exporting routes

slide-9
SLIDE 9

CS519

Limits to importing and exporting

slide-10
SLIDE 10

CS519

Why this limitation?

Semantic mismatch between BGP

and igp

BGP is path-vector, and requires the

AS-path to the destination prefix

igp’s don’t require this AS-path, and

can’t be expected or forced to carry it

Want to maintain independence

between igp and BGP

Also, igp convergence may be slow…

slide-11
SLIDE 11

CS519

iBGP and eBGP (interior and exterior)

BGP avoids dependence on igp by

running both between ASs (exterior, eBGP) and within ASs (interior, iBGP)

iBGP runs over TCP

slide-12
SLIDE 12

CS519

iBGP and eBGP (interior and exterior)

slide-13
SLIDE 13

CS519

iBGP and eBGP (interior and exterior)

slide-14
SLIDE 14

CS519

Next hops are weird in iBGP

What does it mean for e to have c as its next hop to P1, when there are multiple routers between e and c???

slide-15
SLIDE 15

CS519

One option: tunnel across AS

iBGP speakers form IP tunnels across the

AS

IP over IP

  • (perhaps with GRE between them, but lets not get

into this now)

This creates a “link” between the two iBGP

speakers

Remember, IP doesn’t care what subnet

technology it runs over, even if that subnet is IP!!!

slide-16
SLIDE 16

CS519

iBGP next hop using IP-in-IP tunneling

slide-17
SLIDE 17

CS519

Another option, use both BGP and igp RIBs

iBGP “resolves” the iBGP next hop to

its igp next hop

iBGP computes its next hop iBGP looks into igp RIB to determine

igp next hop to iBGP next hop

This becomes the actual next hop iBGP must advertise external prefixes

into the igp

slide-18
SLIDE 18

CS519

iBGP using igp RIB to resolve next hop

slide-19
SLIDE 19

CS519

BGP security model

Authentication is hop-by-hop, like

OSPF

But threat is much worse, because no

single organization controls all of BGP

So, BGP uses policy to help prevent

bogus routes

BGP routers have an expectation of

what they should hear from where

slide-20
SLIDE 20

CS519

BGP policies

Who to peer with (which ASs) What routes to originate What routes to import (prevent bogus

advertisements)

What routes to export (and how to

aggregate them)

What paths to prefer Shorter AS paths Some ASs preferred over others

  • The big ASs (UUnet, AT&T, etc.)
  • Primary versus backup transit AS
slide-21
SLIDE 21

CS519

BGP policy limitation (hop by hop policy decisions)

AS1 AS3 AS2 AS4 20.1.0/20 AS5

AS1 chooses AS2 as the path to 20.1.0/20. AS5 is forced to accept the choice of AS1 (If AS5 really doesn’t like it, it should find a new peer)

slide-22
SLIDE 22

CS519

BGP policy conflict

AS1 AS3 AS2 AS4 20.1.0/20 AS5

AS5 policy is to prefer route to AS4 via AS2 AS1 policy is to prefer route to AS4 via AS3 Both policies cannot be satisfied

slide-23
SLIDE 23

CS519

Hot potato routing

AS2 AS4 20.1.0/20

AS2 and AS4 policies are to route to nearest AS exit. Asymmetric routes result (not necessarily a problem)

30.1.0/20

slide-24
SLIDE 24

CS519

Misconfigured policies may lead to oscillation

AS2 AS4 20.1.0/20 AS1 B2 B1 AS3

B2 configured to prefer AS4 B1 configured to prefer AS1

AS5

slide-25
SLIDE 25

CS519

Misconfigured policies may lead to oscillation

AS2 AS4 20.1.0/20 AS1 B2 B1 AS3

B2 (periodically) updates AS3 with path AS2,AS4

AS5 AS2,AS4 AS3,AS2,AS4

slide-26
SLIDE 26

CS519

Misconfigured policies may lead to oscillation

AS2 AS4 20.1.0/20 AS1 B2 B1 AS3

B1 (periodically) updates AS3 with path AS2,AS1 With each period AS3 advertises a different route

AS5 AS2,AS1 AS3,AS2,AS1

slide-27
SLIDE 27

CS519

Other route flapping

A link continuously goes up and down The update for this is propagated throughout

the internet

Mid-90’s these kinds of problems were

severe

1996: 45,000 prefixes, 1,500 unique AS

paths, 1,300 ASs, 3-6 million BGP update messages/day

  • 6 updates per prefix per hour!
  • (Labovitz et. al.)
slide-28
SLIDE 28

CS519

Today much improved

Better policy tools Better software Lots of damping But still, advances in BGP lead to new

policy bugs

Route reflectors published in 2000

(RFC2796)

Inconsistent route reflectors problem

published in 2002 (RFC3345)

slide-29
SLIDE 29

CS519

Policy Tools

Routing Policy Specification Language (RPSL) (RFC

2280)

Earlier policy languages exist

Language to define BGP policies

Peers, import, export, route preference,

aggregation

Posted at Routing Registries (RIPE, RADB, etc.) Tools created to look for policy inconsistencies (within

AS and across ASs)

Tools created to match measured reality (BGP tables,

traceroute) with policy expectations

RAToolSet, USC/ISI

slide-30
SLIDE 30

CS519

Lots of Damping

Stop advertising certain prefixes if they go

up and down a lot

Improve stability Lower overhead RIPE guidelines: Don’t dampen until after 4th flap in a row (in

50 minutes)

/24: dampen 60 minutes /22,/23, dampen 30-45 minutes </22, dampen 10-30 minutes

slide-31
SLIDE 31

CS519

Lots of Damping

Helps the internet, but means that you can

go away for a long time

Because of some problem in the middle! Most damping is done on routes that you

don’t care about

Poorly managed small ISPs Routes through major ISPs tend to be very

stable

Your favorite web sites

slide-32
SLIDE 32

CS519

Effect of BGP policies on path quality

Ramesh Govindan study (USC) Methodology: Learn real physical topology with

traceroutes, deduce actual AS connectivity

  • Imperfect, but not bad

Examine used “policy topology” from BGP

tables, RADB (routing registry) database

Compare the two

slide-33
SLIDE 33

CS519

Effect of BGP policies on path quality

Results: About ½ of the paths a longer than shortest

path

20% of policy paths are 50% or more longer 20% of policy paths are 5 hops or more

longer

Policy tends to push paths through major

backbones rather than possibly shorter routes

  • (But shorter routes may not be better routes!)
slide-34
SLIDE 34

CS519

The Internet

The Internet Today

slide-35
SLIDE 35

CS519

The Internet

The Internet Today

As mapped by Skitter (www.caida.org) 21 monitors probing ~1M destinations

slide-36
SLIDE 36

CS519

BGP Routing Table Growth

1: Pre-CIDR exponential growth 2: CIDR linear growth 3: Multihoming exponential growth

  • 4. Better prefix

filtering

Source: The CIDR Report, www.cidr-report.org

140,000!!

  • 5. Uh-oh!!