interdomain roung policy€¦ · – different languages for cisco, juniper, etc. • sll, all...
TRANSCRIPT
InterdomainRou.ngPolicy
COS461:ComputerNetworksSpring2011
MikeFreedmanh>p://www.cs.princeton.edu/courses/archive/spring11/cos461/
1
GoalsofToday’sLecture
• BusinessrelaKonshipsbetweenASes– Customer‐provider:customerpaysprovider
– Peer‐peer:typicallyse>lement‐free
• RealizingrouKngpolicies– Importandexportfiltering– Assigningpreferencestoroutes
• MulKplerouterswithinanAS– DisseminatedBGPinformaKonwithintheAS– CombiningwithintradomainrouKnginformaKon
2
InterdomainRouKng• AS‐leveltopology
– DesKnaKonsareIPprefixes(e.g.,12.0.0.0/8)– NodesareAutonomousSystems(ASes)
– EdgesarelinksandbusinessrelaKonships
3
Client Web server
1
2
3 4
5
6 7
BusinessRelaKonships
• NeighboringASeshavebusinesscontracts– Howmuchtraffictocarry– WhichdesKnaKonstoreach– Howmuchmoneytopay
• CommonbusinessrelaKonships– Customer‐provider:Customerpaysproviderfortransit
• E.g.,PrincetonisacustomerofUSLEC• E.g.,MITisacustomerofLevel3
– Peer‐peer:Nomoneychangeshands• E.g.,UUNETisapeerofSprint• E.g.,HarvardisapeerofHarvardBusinessSchool
4
Customer‐ProviderRelaKonship• Customerneedstobereachablefromeveryone
– Providertellsallneighborshowtoreachthecustomer
• Customerdoesnotwanttoprovidetransitservice– Customerdoesnotletitsprovidersroutethroughit
5
d
d
provider
customer
customer
provider
Traffictothecustomer Trafficfromthecustomer
announcements
traffic
CustomerConnecKngtoaProvider6
Provider Provider
1accesslink 2accesslinks
Provider
2accessrouters
Provider
2accessPoPs(PointsofPresence)
MulK‐Homing:TwoorMoreProviders
• MoKvaKonsformulK‐homing– Extrareliability,survivesingleISPfailure– FinancialleveragethroughcompeKKon– Be>erperformancebyselecKngbe>erpath– Gamingthe95th‐percenKlebillingmodel
7
Provider1 Provider2
PrincetonExample
• Internet:customerofUSLECandPatriot• ResearchuniversiKes/labs:customerofInternet2
• Localnon‐profits:providerforseveralnon‐profits
8
Patriot USLEC Internet2
Princeton
9
Howmanylinksareenough?
Kupstream
ISPs
Notmuchbenefitbeyond4ISPs
Akellaetal.,“PerformanceBenefitsofMul.homing”,SIGCOMM2003
Peer‐PeerRelaKonship
• Peersexchangetrafficbetweencustomers– ASexportsonlycustomerroutestoapeer– ASexportsapeer’sroutesonlytoitscustomers
– OcentherelaKonshipisse>lement‐free(i.e.,no$$$)
10
peerpeer
Trafficto/fromthepeeranditscustomers
d
announcements
traffic
ASStructure:Tier‐1Providers• Tier‐1provider
– Hasnoupstreamproviderofitsown– TypicallyhasanaKonalorinternaKonalbackbone
• TopoftheInternethierarchyof~10ASes– AOL,AT&T,GlobalCrossing,Level3,UUNET,NTT,Qwest,SAVVIS(formerlyCable&Wireless),andSprint
– Fullpeer‐peerconnecKonsbetweenKer‐1providers
11
ASStructure:OtherASes
• Otherproviders– Providetransitservicetodownstreamcustomers
– …but,needatleastoneprovideroftheirown– TypicallyhavenaKonalorregionalscope– IncludesseveralthousandASes
• StubASes– Donotprovidetransitservicetoothers– Connecttooneormoreupstreamproviders– Includesthevastmajority(e.g.,85‐90%)oftheASes
12
13
TheBusinessGameandDepeering• CooperaKvecompeKKon(brinksmanship)• Muchmoredesirabletohaveyourpeer’scustomers
– Muchnicertogetpaidfortransit
• Peering“Kffs”arerelaKvelycommon31Jul2005:Level3NoKfiesCogentofintenttodisconnect.16Aug2005:CogentbeginsmassivesaleseffortandmenKonsa15Sept.
expecteddepeeringdate.31Aug2005:Level3NoKfiesCogentagainofintenttodisconnect
(accordingtoLevel3)5Oct20059:50UTC:Level3disconnectsCogent.Masshysteriaensuesup
to,andincludingpolicymakersinWashington,D.C.7Oct2005:Level3reconnectsCogent
Duringthe“outage”,Level3andCogent’ssinglyhomedcustomerscouldnotreacheachother.(~4%oftheInternet’sprefixeswereisolatedfromeachother)
14
DepeeringConKnuedResolu.on…
…butnotbeforeaCempttostealcustomers!
Asof5:30amEDT,October5th,Level(3)terminatedpeeringwithCogentwithoutcauses….CogenthaslecthepeeringcircuitsopeninthehopethatLevel(3)willchangeitsmindandallowtraffictobeexchangedbetweenournetworks.WeareextendingaspecialofferingtosinglehomedLevel3customers.
“CogentwillofferanyLevel3customer,whoissinglehomedtotheLevel3…,oneyearoffullInternettransitfreeofchargeatthesame
bandwidth….CogentwillprovidethisconnecKvityinover1,000locaKons.”
RealizingBGPRouKngPolicy
15
BGPPolicy:ApplyingPolicytoRoutes
• Importpolicy– Filterunwantedroutesfromneighbor
• E.g.prefixthatyourcustomerdoesn’town
– Manipulatea>ributestoinfluencepathselecKon• E.g.,assignlocalpreferencetofavoredroutes
• Exportpolicy– Filterroutesyoudon’twanttotellyourneighbor
• E.g.,don’ttellapeeraroutelearnedfromotherpeer
– Manipulatea>ributestocontrolwhattheysee• E.g.,makeapathlookarKficiallylongerthanitis
16
BGPPolicy:InfluencingDecisions17
BestRouteSelecKon
ApplyImportPolicies
BestRouteTable
ApplyExportPolicies
InstallforwardingEntriesforbestRoutes.
ReceiveBGPUpdates
BestRoutes
TransmitBGPUpdates
ApplyPolicy=filterroutes&tweaka>ributes
BasedonA>ributeValues
IPForwardingTable
ApplyPolicy=filterroutes&tweaka>ributes
Openendedprogramming.Constrainedonlybyvendorconfigura.onlanguage
ImportPolicy:LocalPreference• Favoronepathoveranother
– OverridetheinfluenceofASpathlength– Applylocalpoliciestopreferapath
• Example:prefercustomeroverpeer
18
AT&T Sprint
Yale
Tier‐2
Tier‐3
Local‐pref=100
Local‐pref=90
ImportPolicy:Filtering• Discardsomerouteannouncements
– DetectconfiguraKonmistakesanda>acks
• Examplesonsessiontoacustomer– Discardrouteifprefixnotownedbythecustomer– DiscardroutethatcontainsotherlargeISPinASpath
19
Patriot
Princeton
USLEC
128.112.0.0/16
ExportPolicy:Filtering• Discardsomerouteannouncements
– LimitpropagaKonofrouKnginformaKon
• Examples– Don’tannounceroutesfromonepeertoanother
20
AT&T SprintUUNET
ExportPolicy:Filtering• Discardsomerouteannouncements
– LimitpropagaKonofrouKnginformaKon
• Examples– Don’tannounceroutesfornetwork‐managementhostsortheunderlyingroutersthemselves
21
USLEC
network operator
Princeton
ExportPolicy:A>ributeManipulaKon
• Modifya>ributesoftheacKveroute– ToinfluencethewayotherASesbehave
• Example:ASprepending– ArKficiallyinflatetheASpathlengthseenbyothers– ToconvincesomeASestosendtrafficanotherway
22
128.112.0.0/16
8888 88
Patriot
Princeton
USLECSprint
BGPPolicyConfiguraKon
• RouKngpolicylanguagesarevendor‐specific– NotpartoftheBGPprotocolspecificaKon– DifferentlanguagesforCisco,Juniper,etc.
• SKll,alllanguageshavesomekeyfeatures– Policyasalistofclauses– Eachclausematchesonroutea>ributes– …andeitherdiscardsormodifiesthematchingroutes
• ConfiguraKondonebyhumanoperators– ImplemenKngthepoliciesoftheirAS– BusinessrelaKonships,trafficengineering,security,…
23
WhyIsTheInternetGenerallyStable?
• Mostlybecauseof$$
• PolicyconfiguraKonsbasedonISPs’bilateralbusinessrelaKonships– Customer‐Provider
• CustomerspayproviderforaccesstotheInternet
– Peer‐Peer• Peersexchangetrafficfreeofcharge
• Mostwell‐knownresultreflecKngthispracKce:“Gao‐Rexford”stabilitycondiKons
24
The“Gao‐Rexford”StabilityCondiKons
• PreferencecondiKon– Prefercustomerroutesoverpeerorproviderroutes
Node3prefers“3d”over“312d”
25
The“Gao‐Rexford”StabilityCondiKons
• ExportcondiKon– Exportonlycustomerroutestopeersorproviders
Validpaths: “12d”and“643d”Invalidpath:“58d”and“65d”
26
The“Gao‐Rexford”StabilityCondiKons
• TopologycondiKon(acyclic)– Nocycleofcustomer‐providerrelaKonships
27
BGPandMulKpleRoutersinanAS
28
AnASisNotaSingleNode• ASpathlengthcanbemisleading
– AnASmayhavemanyrouter‐levelhops
29
AS 4
AS 3
AS 2
AS 1
BGP says that path 4 1 is better than path 3 2 1
AnASisNotaSingleNode
• MulKpleroutersinanAS– NeedtodistributeBGPinformaKonwithintheAS– InternalBGP(iBGP)sessionsbetweenrouters
30
AS1
AS2
eBGP
iBGP
InternalBGPandLocalPreference• Example
– BothrouterspreferpaththroughAS100onthelec– …eventhoughrightrouterlearnsanexternalpath
31
I‐BGP AS256
AS300
LocalPref=100 LocalPref=90
AS100
AS200
AnASisNotaSingleNode
• MulKpleconnecKonstoneighboringASes– MulKpleborderroutersmaylearngoodroutes
– …withthesamelocal‐prefandASpathlength
32
1
2
34
5
67
Multiple links
Early‐ExitorHot‐PotatoRouKng• DiversepeeringlocaKons
• Comparablecapacityatallpeeringpoints– Canhandleevenload
• Consistentroutes– SamedesKnaKonsadverKsedatallpoints
– SameASpathlengthforadesKnaKonatallpoints
• Whynotpushwide‐arearouKngtopeer?
33
CustomerA
CustomerB
multiple peering points
ProviderA
ProviderB
Early-exit routing
• Hot‐potatorouKng– Eachrouterselectstheclosestegresspoint– …basedonthepathcostinintra‐domainprotocol
• BGPdecisionprocess– Highestlocalpreference– ShortestASpath– Closestegresspoint– ArbitraryKebreak
RealizingHot‐PotatoRouKng34
A B
4 5
3 9
3 4
10 8
8
dst
C
D G
E F
A B
JoiningBGPandIGPInformaKon• BorderGatewayProtocol(BGP)
– AnnouncesreachabilitytoexternaldesKnaKons– MapsadesKnaKonprefixtoanegresspoint
• 128.112.0.0/16reachedvia192.0.2.1
• InteriorGatewayProtocol(IGP)– UsedtocomputepathswithintheAS– Mapsanegresspointtoanoutgoinglink
• 192.0.2.1reachedvia10.1.1.1
35
192.0.2.1
10.1.1.1
JoiningBGPwithIGPInformaKon36
IGP
AS 7018 AS 88 192.0.2.1
128.112.0.0/16
10.10.10.10
BGP
192.0.2.1 128.112.0.0/16
destination next hop
10.10.10.10 192.0.2.0/30
destination next hop
128.112.0.0/16 Next Hop = 192.0.2.1
+ Forwarding Table
128.112.0.0/16
destination next hop
10.10.10.10 192.0.2.0/30 10.10.10.10
SomeRoutersDon’tNeedBGP
• CustomerthatconnectstoasingleupstreamISP– TheISPcanintroducetheprefixesintoBGP– …andcustomercansimplydefault‐routetotheISP
37
Qwest
Yale University
Nail up default routes 0.0.0.0/0 pointing to Qwest
Nail up routes 130.132.0.0/16 pointing to Yale
130.132.0.0/16
SomeRoutersDon’tNeedBGP
• Routersinsidea“stub”network– BorderroutermayspeakBGPtoupstreamISPs
– But,internalrouterscansimply“defaultroute”
38
Patriot
Princeton University 128.112.0.0/16
AS 88
BGP USLEC
Conclusions
• BGPissolvingahardproblem– RouKngprotocoloperaKngataglobalscale– Tensofthousandsofindependentnetworks– Eachhaveownpolicygoals;allwantconvergence
• KeyfeaturesofBGP– Prefix‐basedpath‐vectorprotocol– Incrementalupdates(announcementsandwithdrawals)– Policiesappliedatimportandexportofroutes– InternalBGPtodistributeinformaKonwithinanAS– InteracKonwiththeIGPtocomputeforwardingtables
39