E6998-02: Internet Routing

Lecture 14 Border Gateway Protocol, Part III

John Ioannidis AT&T Labs Research
[email protected]

Copyright 2002 by John Ioannidis. All Rights Reserved.

Announcements
Lectures 1-14 are available. Still looking for a TA. Acknowledgement: some of the slides for this lecture have been inspired by Tim Griffins BGP Tutorial.

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

Learning External Prefixes

So far, BGP has been presented as a pure EGP. A protocol that runs between ASs. AS 1 A D B C X AS 2 Y

How do A, C and D learn about AS2s routes? Ditto for Y, Z, T about AS1s routes? I.E., how are prefixes learned by an ASBR distributed inside the AS?
October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing 3

Learning External Prefixes, contd

Inject into the IGP (using AS-External LSAs). Small networks can do this. Default route + a few external routes. Does not work for large ISPs. They carry a full routing table (100K-400K routes!). Would lose policy information. No way to carry attributes. IGPs dont scale well. Computational complexity. Memory requirements. Additional traffic. Fragmented LSAs. Clearly need a different way!
October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing 4

E-BGP and I-BGP

The solution is called Internal-BGP (I-BGP). As opposed to External-BGP (E-BGP). E-BGP is used between ASs. I-BGP is used within an AS. Is used to distribute routes learned with E-BGP. E-BGP and I-BGP are the same protocol. Same messages, attributes, state machine, etc. But: different rules about route redistribution: Redistribute to I-BGP E-BGP Learned I-BGP no yes from E-BGP yes (yes)
October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing 5

I-BGP Route Redistribution

How does D learn routes acquired by B? Since A cant redistribute routes learned over I-BGP? If D also had an external connection, how would it redistribute routes learned from other ASs? AS 2 B C

AS 9

AS 1 A D

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

I-BGP Route Redistribution, contd

Remember: BGP is a routed protocol. Routes between routers already exist. Carried by the IGP. I-BGP sessions can be formed between non-adjacent routers. I-BGP sessions must form a full mesh: AS 1

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

IGP / I-BGP Interaction

Full mesh. Independent of actual links between (internal) routers. TCP src/dst of I-BGP session must be a loopback address. Routing to the router must be independent of interfaces going up/down. (Loopback) address of IBGP routers advertised as a /32 within the IGP. Full mesh is necessary to prevent loops. AS_PATH is used to detect loops in E-BGP. ASN appended to AS_PATH only when route is advertised to E-BGP peer. I-BGP is NOT an IGP. Nor can be used as one.
October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing 8

NEXT_HOP and I-BGP

1 B 64.127.35.65 10.254.255.75 (lb) 10.254.255.77 (lb) AS 2 135.207.0.0/16 1 K 10.254.255.75 M 135.207.0.0/16 1 10.254.255.75 L 10.254.2.3 12.3.5.8

135.207.0.0/16 1 0.0/16 64.127.35.65 Ls Forwarding Table

10.254.255.75/32 135.207.0.0/16 10.254.2.9 10.254.255.75

10.254.2.9 Ls Forwarding Table

10.254.255.75/32 135.207.0.0/16 10.254.2.3 10.254.255.75

135.207.0.0/16 1 2 NEXT_HOP is rewritten to the loopback address. 12.3.5.8

October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing 9

BGP Route Selection is about Policy

AS 1 AS 2 AS 3

C1

C2

C3

AS1 exports C1s prefix to AS2. AS1 accepts C2s prefix from AS2. AS2 accepts C1s prefix from AS1 AS2 does not export any prefixes learned from AS3 to AS1.
Lecture 14 of E6998-02: Internet Routing 10

October 22nd, 2002

How Are Routes Chosen?

AS3 has peers, customers, and a provider. What routes does it accept? What routes does it advertise? AS 1 AS 3 AS 2

AS 5

AS 4

C1
October 22nd, 2002

C2
Lecture 14 of E6998-02: Internet Routing

C3

C4
11

Customer-Provider & Peer-Peer Rltnshps

Enforce transit relationships: Filter outbound routes. Enforce order of route preference: Customer Peer Provider. More rules on route preference later.

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

12

Imported Routes
Routes arrive from various sources: provider ( customer ( $ ), and own IGP ( ). From provider AS 3 From peer $ $ From customer $ $ $
13

), peer (

),

From provider

$ From peer

From customer $
October 22nd, 2002

$
Lecture 14 of E6998-02: Internet Routing

Exported Routes
Filters ( ) block peer and provider routes! $ $ $ $

To provider $ $ AS 3 To peer $ To customer $

October 22nd, 2002

To provider $

To peer $

$ To customer $
Lecture 14 of E6998-02: Internet Routing

$
14

Picking Routes for Redistribution

How does AS3 know which routes are customer/peer/ provider/IGP? If AS3 were a single router, it could peek into Adj-RIB-In-x. But routes are redistributed with I-BGP. Router that talks to provider is not router that talks to customer. Routers could be (and were) configured with all of an ASs customer/peer/etc ASes to do output filtering. Better answer: COMMUNITY attribute.

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

15

COMMUNITY
Specified in RFC 1997. Encodes arbitrary properties. E.g., all of customers routes get a specific COMMUNITY. Much of the policy is specified using communities. Optional, Non-transitive. Type=8 List of community values (length is multiple of 4). Each prefix can belong to multiple communities. Each community value is 4 bytes: (e.g., 7018:100) 2 bytes ASN (by convention). 2 bytes administratively defined (no predefined meaning).

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

16

COMMUNITY, contd
0x00000000 through 0x0000FFFF are reserved. 0xFFFF0000 through 0xFFFFFFFF are reserved. 0xFFFFFF01: NO_EXPORT 0xFFFFFF02: NO_ADVERTISE 0xFFFFFF03: NO_EXPORT_SUBCONFED

Community values have local (intra-AS) meaning. Community values can also have meaning between two neighboring ASes (following bilateral agreement). Terminology: Route Coloring.

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

17

COMMUNITY Example
When AS3 imports routes, it colors them with the appropriate community string. From customers ( $ ): 3:100. From peers ( ): 3:200. From providers ( ): 3:300. When AS3 exports routes, it picks them according to their community string. To customers: 3:100, 3:200, 3:300 To peers: 3:100 To providers: 3:100

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

18

Martians (or bogons)

Some prefixes should not be advertised. Some should not even appear! Default (0.0.0.0/0) routes are never advertised. Site-local (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16). Link-local (169.254.0.0/16). Loopback (127.0.0.0/8). IANA-reserved (128.0.0.0/16, 192.0.0.0/24, etc.). Test networks (192.0.2.0/24, etc.). Class D and E (224.0.0.0/3). Unallocated space. Careful with that! Routes to martians are filtered on input. Not that they should ever have been advertised!
October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing 19

Black Holes Are Out of Sight

If another AS advertises one of our prefixes, bad things happen: AS 1

AS 2 AS 5 AS 3 128.59.0.0/16 C1
October 22nd, 2002

AS 6

AS 4

128.59.0.0/16 not legitimate! C4

20

legitimate

Lecture 14 of E6998-02: Internet Routing

Black Holes Are Out of Sight

Our prefix becomes unreachable from the part of the net believing C4s announcement. AS 1

AS 2 AS 5 AS 3 128.59.0.0/16 C1
October 22nd, 2002

AS 6

AS 4

128.59.0.0/16 not legitimate! C4

21

legitimate

Lecture 14 of E6998-02: Internet Routing

Preventing Bad Routing

Preventing black holes: Only accept customer routes advertising customers prefixes. AS6 should only accept C4s real prefixes, not anything C4 advertises. Filter out Martians: Private address space is sometimes used for intra-AS management. Should not accept routes for it! Be a good citizen, do not leak martians!

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

22

Imported Routes, revisited

When importing, filter martians ( ) and potentially bad customer routes ( ). Also, drop looping AS_PATH. From provider mmmmmm mmmmmm From peer AS 3 From provider mmmmmm $ mmmmmm From peer

$ mcmcmcmc

mcmcmcmc From customer $ $ $

23

From customer $
October 22nd, 2002

$
Lecture 14 of E6998-02: Internet Routing

In/Out Route Processing

AS 1
Adj-RIB-In-1 Adj-RIB-In-1 Adj-RIB-Out-1 Adj-RIB-Out-1

AS 2

Adj-RIB-In-2 Adj-RIB-In-2

Input Policy

Loc-RIB Output Loc-RIB Policy

Adj-RIB-Out-2 Adj-RIB-Out-2

AS n

Adj-RIB-In-n Adj-RIB-In-n

FIB FIB

Adj-RIB-Out-n Adj-RIB-Out-n

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

24

Input Policy
Apply input filtering. Routes that are dropped here are not used internally. Nor are they advertised. They are dead! Tweak attributes: Set LOCAL_PREF, add COMMUNITY Select best route. Based on Path Attributes. Create Route table. Populate Forwarding table.

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

25

Best Route Selection

If NEXT_HOP inaccessible, route is dropped. [cisco only] prefer path with highest weight. Select route with highest LOCAL_PREF. Prefer shortest AS_PATH. Prefer lowest origin (IGP < EGP < INCOMPLETE). If routes received from same AS (or bgp always-compare-med enabled), and MED enabled, prefer lowest MED. Prefer E-BGP paths over I-BGP paths. Prefer shortest IGP path to NEXT_HOP. Use lowest router ID as tie-breaker. Some implementations use first installed route instead.

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

26

Why prefer E-BGP over I-BGP?

A AS 1 B K AS 2

B learns route to AS2 over E-BGP from K. B learns route to AS2 over I-BGP from C (who learned it from L). Same local pref, as_path length, origin, etc. Obviously should use K!
October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing 27

What is the Best Route?

Which of the four possible routes will 9.5.1.2 take to get to AS4?

AS 1

AS 9 AS 3

AS 2

AS 4 9.5.0.0/16
October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing 28

What is the Best Route?

LOCAL_PREF to the rescue!

AS 1
LOCAL_PREF=80 LOCAL_PREF=90

AS 9

AS 2

LOCAL_PREF=100

AS 3 AS 4 9.5.0.0/16
October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing 29

Alternatively
Now shortest AS_PATH takes effect!

AS 1
LOCAL_PREF=100 LOCAL_PREF=90

AS 9

AS 2

LOCAL_PREF=80

AS 3 AS 4 9.5.0.0/16
October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing 30

Backup Links (outbound traffic)

Set higher local pref on primary link on all routes from AS1. Forces all traffic to take primary unless it is down. AS 1

LOCAL_PREF=100

LOCAL_PREF=50

AS 2

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

31

Multihomed Backups (outbound traffic)

Same idea. AS 9

AS 1

LOCAL_PREF=100

LOCAL_PREF=50

AS 2

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

32

Back to AS_PATH
Traffic often follows reverse of AS_PATH:

12.2.61.0/24 1 AS 1

12.2.61.0/24 1 2 AS 2 AS 3

12.2.61.0/24 1 2 3 AS 4

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

33

 But it might not! AS2 filters prefixes longer than /24. Packet to 12.2.61.19 actually makes it to AS5. 12.2.0.0/16 1 2 AS 2 12.2.61.0/25 5 AS 5 AS 3 12.2.0.0/16 1 2 3 AS 4

12.2.0.0/16 1 AS 1

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

34

Shortest AS_PATH?
A AS 1 B AS 2 AS 5

D AS 3

E 1 2 3 4 or 1 5 4?

AS 4

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

35

Backup Links (inbound traffic)

Hack: AS_PATH padding. AS 1

a 2

AS 2
October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing 36

a 222222

Backup Links (inbound traffic)

AS_PATH padding does not shut off all traffic. AS 9 has higher LOCAL_PREF for customer routes. Some traffic from AS9 still flows through the backup link.
LOCAL_PREF=90

AS 1

AS 9
LOCAL_PREF=100

a 2

AS 2
October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing 37

a 222222

Backup links (inbound traffic)

COMMUNITY to the rescue! AS9 has LOCAL_PREF = 100 for customer and 90 for peer. AS9 has the following import policy: If 9:90 in community, set local_pref to 90. If 9:80 in community, set local_pref to 80. If 9:70 in community, set local_pref to 70. AS2 advertises its routes (over the backup link to AS9) with community 9:70. Now peer has higher local pref and traffic flows as intended!

October 22nd, 2002

Lecture 14 of E6998-02: Internet Routing

38

Policy Interaction
Example: backup route with community hack. AS4 advertises prefix a over its (only) link.
LOCAL_PREF=90

AS 2

AS 3
LOCAL_PREF=100

a 1

AS 1
October 22nd, 2002 Lecture 14 of E6998-02: Internet Routing

AS 4

39

Policy Interaction contd

Backup link gets installed, AS1 advertises community 4:70. AS4 still prefers route via AS3 (highest local_pref).
LOCAL_PREF=90 LOCAL_PREF=100

AS 2 a 12

AS 3 a 123
LOCAL_PREF=80 LOCAL_PREF=100

a 1

AS 4 a 1 4:70
Lecture 14 of E6998-02: Internet Routing 40

AS 1
October 22nd, 2002

Backhoe Severs Primary Link

AS2 withdraws route to a. Backup link takes over.
LOCAL_PREF=90 LOCAL_PREF=100

AS 2 a 143

AS 3 a 14
LOCAL_PREF=80 LOCAL_PREF=100

AS 4 AS 1
October 22nd, 2002

a 1 4:70
Lecture 14 of E6998-02: Internet Routing 41

Primary link restored

AS4 is still advertising route to AS1. Route from AS2 has lower local pref, gets ignored! Route pinning.
LOCAL_PREF=90 LOCAL_PREF=100

AS 2 a 12

AS 3 a 14
LOCAL_PREF=80 LOCAL_PREF=100

a 1

AS 4 a 1 4:70
Lecture 14 of E6998-02: Internet Routing 42

AS 1
October 22nd, 2002