How NOC manages and controls inter-domain traffic? 5 th tf-noc - - PowerPoint PPT Presentation

how noc manages and controls inter domain traffic
SMART_READER_LITE
LIVE PREVIEW

How NOC manages and controls inter-domain traffic? 5 th tf-noc - - PowerPoint PPT Presentation

Apr 19, 2023 114 likes •480 views

How NOC manages and controls inter-domain traffic? 5 th tf-noc meeting, Dubrovnik nino.ciurleo@garr.it Agenda Inter-domain traffic: o how does NOC monitor and control it? Common case as example: new BGP peer activation -> new

slide-1
SLIDE 1

How NOC manages and controls inter-domain traffic?

5th tf-noc meeting, Dubrovnik nino.ciurleo@garr.it

slide-2
SLIDE 2

Agenda

  • Inter-domain traffic:
  • how does NOC monitor and control it?
  • Common case as example: new BGP peer activation ->

new uncontrolled traffic balance

  • Tools:
  • Control plane
  • bgpviz (Ripe RIS) -> partial or limited information
  • Traffic
  • port counters -> indistinct traffic
  • Class usage counters -> AS peer stats only
  • Netflow data -> AS origin per port stats
  • How to collect AS origin data
  • Implementation Example: GARR AsTracker
slide-3
SLIDE 3

Inter-domain traffic

  • border traffic
  • BGP protocol
slide-4
SLIDE 4

Inter-domain traffic

peers differ in:

  • policy
  • cost
  • type of traffic
slide-5
SLIDE 5

Inter-domain traffic: asymmetries

slide-6
SLIDE 6

Inter-domain traffic: balancing

slide-7
SLIDE 7

Common case: new peering

slide-8
SLIDE 8

Due to unpredictable reason (often commercial policy) some traffic moves from some peer to new

  • ne

New traffic balance

slide-9
SLIDE 9

Interface counters show how much traffic swapped on new peer, but what traffic is moved from old peers to new one?

New traffic balance

slide-10
SLIDE 10

Available helpful tools:

  • Control plane
  • bgpviz (Ripe RIS)
  • Traffic
  • port counters
  • firewall filter counters
  • Netflow data

deployment effort ascending

  • rder
slide-11
SLIDE 11
  • Worldwide distributed route servers collect bgp routes
  • Historical world bgp data.
  • bgp update graphical visualization

Ripe RIS / BGPViz

slide-12
SLIDE 12

It help to understand inter-domain traffic reroutes

Limits:

  • few collection points (RIS route servers) = some ASes only
  • no traffic amount information

Ripe RIS / BGPViz

slide-13
SLIDE 13

Ripe RIS / BGPViz

  • Make a request about a worldwide

announced network

  • timeslot selection
slide-14
SLIDE 14

Ripe RIS / BGPViz

slide-15
SLIDE 15

update LOG example: changing path from 12350 174 137 to 12350 174 137 137 137 changing path from 6067 174 137 to 6067 3356 137 137 137 changing path from 30844 174 137 to 30844 174 137 137 137 changing path from 39202 174 137 to 39202 174 137 137 137 changing path from 8607 174 137 to 8607 3356 137 137 137 changing path from 22691 2914 3549 137 137 137 to 22691 174 137 137 137 changing path from 19151 3549 137 137 137 to 19151 174 137 137 137 changing path from 22691 174 137 137 137 to 22691 19624 174 137 137 137 changing path from 28917 174 137 to 28917 174 137 137 137 changing path from 39821 28917 174 137 to 39821 9002 3549 137 137 137 changing path from 8359 3356 137 137 137 to 8359 174 137 137 137 changing path from 31323 20764 174 137 to 31323 20764 3549 137 137 137 changing path from 8331 29076 29076 29076 174 137 to 8331 9002 9002 9002 3549 137 137 137

Ripe RIS / BGPViz

slide-16
SLIDE 16
  • got by snmp protocol
  • interface aggregated traffic
  • no details about moved traffic

Interface counters

slide-17
SLIDE 17

Source and Destination Class Usage

  • as-path based counters
  • useful for IXP peering
  • peer aggregate traffic
  • number of class usage limited

Class usage counters

slide-18
SLIDE 18

IP flow data:

  • got by Netflow protocol
  • IP flow (unidirectional) data:
  • protocol
  • IP addresses,
  • TCP/UDP ports,
  • AS numbers,
  • input/output interfaces,
  • TCP flags,
  • counters(bytes, pkts, flows)
  • two choices: AS peer or AS origin

It is possible to get worldwide AS stats

  • ~ 60000 AS stats
  • historical data (RRD files)
  • per interface AS stats, good for analysis on:
  • balancing
  • asymmetries
  • re-routing

Netflow data

slide-19
SLIDE 19

implementation example = GARR AsTracker

simple AS stats multi AS (stacked) stats single flow deep analysis per user-AS couple analysis

How to collect AS data

AS ranks

slide-20
SLIDE 20
  • Real-time views
  • Historical views

data grouped by type:

  • research
  • commodity peer
  • national IXPs
  • direct peering

Aggregates:

  • by group
  • stacked

GARR AsTracker

slide-21
SLIDE 21
  • backend:
  • make RRD
  • fill a database with AS stats
  • for ranking pourpose
  • written in C language
  • frontend
  • GUI:
  • AS live ranking
  • graph generation
  • aggregations
  • deep flow inspection
  • written in php (nfsen plugin)

GARR AsTracker

slide-22
SLIDE 22

GARR AsTracker

homepage (live) all group aggregate "stacked" (some ASes) peer view

slide-23
SLIDE 23

GARR AsTracker

AS Traffic ranks:

  • by peer
  • by group
  • general
  • ne week
  • ne month

three months

slide-24
SLIDE 24

GARR AsTracker

  • deep flow inspection:
  • by site
  • lookup function
  • by flow
slide-25
SLIDE 25

AsTracker is used for:

  • load balancing and billing policies control
  • inter-domain routing troubleshooting
  • Network planning

GARR AsTracker

slide-26
SLIDE 26

Example of use: new BGP peer = new traffic balance New peering: Cogent Telia + GlobalCrossing + Level3

slide-27
SLIDE 27

Telia (dismissed in september) Level3 GlobalCrossing Cogent (activated in november)

Tiscali AS example

slide-28
SLIDE 28

All TISCALI incoming traffic flows through GlobalCrossing

Tiscali AS example

All upcoming traffic is balanced flows through all commodity peers (GlobalCrossing, Level3 and Cogent)

slide-29
SLIDE 29

Tiscali AS example

slide-30
SLIDE 30

Traffic "close" to Rome goes through Cogent:

RT.RM2-RE0>show route 82.84.217.24 inet.0: 394935 destinations, 899965 routes (394687 active, 5 holddown, 614 hidden) + = Active Route, - = Last Active, * = Both 82.84.0.0/15 *[BGP/170] 2w6d 14:15:08, MED 11010, localpref 100 AS path: 174 3257 8612 I > to 149.6.22.73 via ge-4/1/0.44 [BGP/170] 2w3d 13:36:53, MED 0, localpref 100, from 193.206.129.4 AS path: 3356 3257 8612 I > via so-4/0/0.0 [BGP/170] 1w1d 05:16:08, MED 2503, localpref 100, from 193.206.129.3 AS path: 3549 3257 8612 I > via so-4/0/0.0

Tiscali AS example

HOT POTATO!

slide-31
SLIDE 31

Traffic "close" to Milan goes through Level3:

RT.MI2-RE0> show route 82.84.217.24 inet.0: 394797 destinations, 845650 routes (394609 active, 10 holddown, 249 hidden) + = Active Route, - = Last Active, * = Both 82.84.0.0/15 *[BGP/170] 2w3d 13:43:03, MED 0, localpref 100, from 4.68.3.212 AS path: 3356 3257 8612 I > to 213.242.65.81 via so-0/0/0.0 to 213.242.65.85 via so-5/2/0.0 [BGP/170] 1w1d 05:22:18, MED 2503, localpref 100, from 193.206.129.3 AS path: 3549 3257 8612 I > via so-3/0/0.0 [BGP/170] 2w6d 14:21:18, MED 11010, localpref 100, from 193.206.131.249 AS path: 174 3257 8612 I > via so-4/0/0.0

Tiscali AS example

HOT POTATO!

slide-32
SLIDE 32

Thanks for listening Questions?

slide-33
SLIDE 33
slide-34
SLIDE 34

In case of IXP peerings , it is possible to understand what peer send our AS traffic with mac layer accounting data. This feature is supported by Netflow version 9 and IPFIX protocols only.

Netflow data

slide-35
SLIDE 35