1

Routing Design in Operational Networks:A Look from the Inside

David A. Maltz, Geoffrey Xie, Jibin Zhan, Hui ZhangCarnegie Mellon University

Gisli Hjalmtysson, Albert GreenbergATT Labs Research

2

The Problem of Routing Design

HostA

HostB

Ho

stC

Ho

stD

eBGPiBGP

OSPFRIP

EIGRP

ACLspolicy

3

Many Routing Designs Possible

A

B

C

A

B

C

A B C

A

B

C

A

B

C

Drop A<->B

Drop A<->B

Drop A<->B

AS1

AS2

AS3

Multiple OSPF instances

Packet filters

Multiple AS’s & BGP

4

Routing Design

• Selecting routing protocols• Configuring their boundaries• Setting the policies that control their interaction• Adding packet filters, other mechanisms

Routing design fundamentally establishes the network’s properties

• Remains constant as network expands• Details of protocol, path computation are

second-order effects• Topology doesn’t say much about reachability

5

Reachability Example

• Enterprise with two remote offices• Only A&B should be able to talk to server C

Internet

A

B

C

Permit B

->C

Permit A->C

6

Reachability Example

• Network designers add two links for robustness• Configure routing protocols to use new links in

failure

Internet

A

B

C

Permit B

->C

Permit A->C

7

Reachability Example

• Designers apply packet filters to new links

Internet

A

B

C

Permit B

->C

Permit A->C

Permit A->C

Perm

it A->

C

Per

mit

B->

C

8

Reachability Example

Internet

A

B

CPermit A->C

Permit A->C

Perm

it A->

C

Per

mit

B->

C

9

Reachability Example

• Packet from B->C dropped!• Testing under normal conditions won’t find this

error!

Internet

A

B

CPermit A->C

Permit A->C

Perm

it A->

C

Per

mit

B->

C

10

How Are Routing Designs Expressed Today?

interface Ethernet0

ip address 6.2.5.14 255.255.255.128

interface Serial1/0.5 point-to-point

ip address 6.2.2.85 255.255.255.252

ip access-group 143 in

frame-relay interface-dlci 28

router ospf 64

redistribute connected subnets

redistribute bgp 64780 metric 1 subnets

network 66.251.75.128 0.0.0.127 area 0router bgp 64780 redistribute ospf 64 match route-map 8aTzlvBrbaW neighbor 66.253.160.68 remote-as 12762 neighbor 66.253.160.68 distribute-list 4 in

access-list 143 deny 1.1.0.0/16access-list 143 permit anyroute-map 8aTzlvBrbaW deny 10 match ip address 4route-map 8aTzlvBrbaW permit 20 match ip address 7ip route 10.2.2.1/16 10.2.1.7

11

Lots of Configuration Files

Router ID8810

Lines in

config file

2000

1000

0

12

Problems with State of the Art

No good way to visualize or describe routing design

Impossible to establish linkage between configurations and routing design

Only a few “textbook” routing designs are widely known

13

Approaches?Option 1: High-level design compiled down to

configuration commands• Feasible?• What are the constructs?• How to capture design intents?

Our starting point: Bottom-up white-box approach• Start with router configuration files• Reverse-engineer the routing design

14

Contributions

Abstractions for modeling routing design• Routing Process Graph• Routing Instance Graph

Reverse-engineering methodology• Anonymization of configuration files• Tools to convert configurations into model

Study of 31 production networks using model• Verified some bits of common wisdom• Found counter examples for other bits

15

Router Model

OSPF BGP OSPF

Route Selection

Route Table

Router 1

16

Route Redistribution

OSPF BGP OSPF

Route Selection

Route Table

Router 1

Routing policy 1 Routing policy 2

17

Routing Protocol Adjacencies

OSPF BGP OSPF

Route Selection

Route Table

OSPF

RS

Route Table

Router 1Router 2

Routing policy 1 Routing policy 2

18

Reverse-Engineering Overview

Configuration files

Find links

Find adjacent routing processes

Construct Routing Process Graph

Condense adjacent routing processes

Construct Routing Instance Graph

Construct Layer 3 Topology

OSPF #1 OSPF #2BGP AS1

AS2

19

Reconstruct the Layer 3 Topology

interface Serial1/0.5

ip address 1.1.1.1 255.255.255.252

….

Router 1 Config

interface Serial2/1.5

ip address 1.1.1.2 255.255.255.252

….

Router 2 Config

Internet

20

Construct the Routing Process Graph

OSPF BGP OSPF

Route TableRT

OSPF

RT

OSPF

RT

OSPF

RT

OSPF

EB

GPPolicy1 Policy2

Internet

21

Abstract to a Routing Instance Graph

• Pick an unassigned Routing Process• Flood fill along process adjacencies, labeling processes• Repeat until all processes assigned to an Instance

OSPF #1 OSPF #2BGP AS1

EBGPAS2

Policy1 Policy2

OSPF BGP OSPF

Route TableRT

OSPF

RT

OSPF

RT

OSPF

RT

OSPF

22

Abstract to a Routing Instance Graph

Router1 Router2

OSPF BGP OSPF

Route TableRT

OSPF

RT

OSPF

RT

OSPF

RT

OSPF

Router2Router1

OSPF #1 OSPF #2BGP AS1

EBGPAS2

Policy1 Policy2

23

A Study of Operational Production Networks

Obtained anonymized configuration files for 31 active networks (>8,000 configuration files)

Networks include:• 6 Tier-1 and Tier-2 Internet backbone networks• 25 enterprise networks

Sizes between 10 and 1,200 routers• 4 enterprise networks significantly larger than the

backbone networks

Networks created by diverse set of designers and companies

24

Textbook Routing Design for Enterprise Networks

• Border routers speak eBGP to external peers• BGP selects a few key external routes to redistribute

into OSPF• 7 of 25 enterprise networks follow this pattern

OSPFBGP

AS #1

EBGPEBGP

AS2

AS3

25

Reality: A Diversity of Unusual Routing Designs

• Network broken up into compartments, each with only 1 to 4 routers

• Each compartment has its own AS number• Hub and spoke logical topology• Why? Lots of control over how spokes communicate

BGPAS #1

BGPAS #4

BGPAS #2

BGPAS #3

BGPAS #5

EBGPEBGP

EBGP

EBGP

Rest of the

World

Rest of the

World

26

Routing Design for 900 Router Network

27

Reality: A Diversity of Unusual Routing Designs

• Network broken up into many compartments, each running EIGRP, some with 400+ routers

• BGP used to filter routes passed between compartments• Compartments themselves pass information between BGP speakers• Why? Little need for IBGP; few routers speak BGP; Lots of control

over how packets move between compartments

BGPAS #1

EBGP

EBGPRest of

the World

Rest of the

World

EIGRP

BGPAS #2

EIGRPEIGRP

BGPAS #3

BGPAS #4

Rest of the

World

Rest of the

World

EBGP

EBGP

28

Myth: Policy Enforced at Edge of Network

Conventional wisdom:• Place packet filters on the edge to defend

infrastructure• Routing policy applied where networks touch

29

Reality: Policy Exists Throughout Networks

Packet filters commonly used on internal links• Protect routers from attack• Implement reachability matrix

– Prevent some hosts from communicating with others– Localize traffic, particularly multicast

30

Summary

Developed abstractions to model routing design• Routing Instance – abstracts away details• Reverse-engineer routing design from configs We presented our extracted design to designers• They agreed we captured their design intentFocusing on individual protocols is not enough• Understanding composition is equally important

First step towards turning routing design from an art into a science

31

Applications of Routing Design Analysis

Enables static analysis of network properties

Reachability/security analysis– Route leaks? Reachability violations?

Robustness analysis– How sensitive is the network to external

events such as route announcements?

Resource usage analysis– Will a particular configuration cause the

routing table of a router to overflow?

32

The Value of Investigating Routing Design:Next Steps

Found many different designs in use• Do we need so many designs?• Framework to ask and answer questions of

scalability, completeness, optimality

Do we have the right abstractions?• Is this the right way to program routers?• Suggest improvements to protocols and

configuration languages• Can the network be run using abstractions?

33

Questions?

34

Textbook Routing Design for Backbone Network

• Border routers speak eBGP to external peers• All routers speak iBGP with each other• All routers participate in both BGP and OSPF (learning

infrastructure routes from OSPF, external routes from BGP)

OSPFBGP

AS #1

EBGPEBGP

EBGP

EBGP

EBGP

EBGPIGBP MESH

AS2

AS3

ASn

…

35

Real Routing Designs for Backbone Networks

• All 6 backbone networks used basic OSPF/BGP pattern

OSPFBGP

AS #1

AS2

AS3

ASn

36

Real Routing Designs for Backbone Networks

• All 6 backbone networks used basic OSPF/BGP pattern• 3 of 6 include many additional routing instances• Used to exchange routes with customers

OSPFBGP

AS #1

AS2

AS3

ASn

RIP

EIGRP

Customer

EIGRP

37

BGP Used an IGP

38

What do Designers do Today?

Network designers balance many goals• Scalability• Resiliency to failure• Make it easy to expand network

Many “rules of thumb” in use• Instability results from overloaded routers• Too much routing state is bad• Use routing boundaries to control spread of change

Routing Design is currently an art – can we add more science?

39

Approaches?Need deeper understanding than network topology

Need broader study than backbone networks

Interviewing network designers isn’t enough• No language/visualization exists for communicating

about routing design• Documentation is out-of-date or non-existent

Our approach: Bottom-up white-box• Start with router configuration files• Reverse-engineer the routing design

40

Potential ApproachesTop-down design problem• How should networks be designed?

First must understand what happens in real networks

Bottom-up black-box approach• Send probe traffic to explore network properties• Very successful at recovering topology [RocketFuel]

[Skitter] [Mercator]

Measured topology a result of a routing design --- it does not expose the routing design itself

Our approach: Bottom-up white-box• Start with router configuration files• Reverse-engineer the routing design

41

Router Configuration Files

42

Lots of Configuration Files