Computer Networks Architecture and Protocols PolicyBased PathVector Routing

Computer Networks Architecture and Protocols Policy-Based Path-Vector Routing (BGP - Border Gateway Protocol) Departamento de Informática da FCT/UNL 1

Lecture Outline • Challenges of inter-domain routing – Scale and policy – Limitations of intra-domain (link state, …) routing • Path-vector routing – Faster loop detection than distance-vector routing – More flexibility than shortest-path routing • Border Gateway Protocol (BGP) – Incremental, prefix-based, path-vector protocol – Programmable import and export policies – Multi-step decision process for selecting “best” route • BGP convergence delay • Secure BGP 2

Challenges for Inter-Domain Routing • Scale – Prefixes: 600, 000, and growing – ASes: 50, 000+ visible ones, and growing – AS paths and routers: at least in the millions… • Policy – No Internet-wide notion of a link cost metric – Need control over where you send traffic – … and who can send traffic through you 3

Link-State Routing is Problematic • Topology information is flooded – High bandwidth and storage overhead – Forces nodes to divulge sensitive information • Entire path computed locally per node – High processing overhead in a large network • Minimizes some notion of total distance – Works only if policy is shared and uniform • Typically used only inside an AS – E. g. , OSPF and IS-IS 4

Shortest-Path Routing is Restrictive • All traffic must travel on shortest paths • All nodes need common notion of link costs • Incompatible with commercial relationships • Hard to scale outside a strict hierarchy 5

Is a Strict Hierarchy Adequate? The Internet in the old days 6

A Strict Hierarchy is too Restrictive 7

Requirements of Inter AS Routing • Huge scale • Policy routing – Any AS may choose the best path among those it can use due to its commercial relationships • Two-level routing – Intra AS routing should be separate from Inter AS routing 8

Path-Vector Routing Advertise the entire path AS Paths support routing loop avoidance 9

Support of Policy Routing AS 2 may go to AS 1 via AS 3 10

Policy ASs Relationships Client / Supplier and Peer-to-Peer 11

Support of Policy Routing ASc 1 may go to ASc 3 via ASp 3 or ASp 1 but not via ASc 3 12

Yet Another Example 13

Border Gateway Protocol • Inter-domain routing protocol for the Internet – Prefix-based path-vector protocol – Policy-based routing based on AS Paths – Evolved during the past 28 years • 1989 : BGP-1 [RFC 1105], replacement for EGP • 1990 : BGP-2 [RFC 1163] • 1991 : BGP-3 [RFC 1267] • 1995 : BGP-4 [RFC 1771], support for CIDR • 2006 : BGP-4 [RFC 4271], update 14

BGP Operations 15

BGP Messages • • OPEN: starts the BGP session and allows the authentication of peers UPDATE: carries path withdraws, a new path announcement or updates a previous one KEEPALIVE keeps the session alive in the absence of updates; it also functions as an ACK of the OPEN message NOTIFICATION: reports errors or closes the BGP session 16

BGP Operations 17

Incremental Protocol • A node learns multiple paths to destination – Stores all of the routes in a path table – Applies policy to select a single active route – … and may advertise the route to its neighbours – Only the selected routes can be advertised • Incremental updates – Announcement update • Upon selecting a new active route, add node id (AS id) to path • … and (optionally) advertise to each neighbour – Withdrawal update • If the active route is no longer available • … send a withdrawal message to the neighborus 18

BGP Path Selection 19

BGP Path Selection Options Support 20

BGP Path Selection Options • Whenever a router receives more then one path for the same destination • Rules: 1. Local preference value attribute: policy decision 2. Shortest AS-PATH 3. Closest NEXT-HOP router: hot potato routing 4. Other policy criteria 5. And finally, arbitrary tie break - smallest next-hop IP address 21

BGP Policy: Applying Policy to Routes • Import policy – Filter unwanted routes from neighbour • E. g. prefix that your customer doesn’t own – Manipulate attributes to influence path selection • E. g. , assign local preference to favoured routes • Export policy – Filter routes you don’t want to tell your neighbour • E. g. , don’t tell a peer a route learned from other peer – Manipulate attributes to control what they see • E. g. , make a path look artificially longer than it is 22

Import Policy: Local Preference • Favour one path over another – Override the influence of AS path length – Apply local policies to prefer a path • Example: prefer customer over peer • Discard some route announcements – Detect configuration mistakes and attacks • Examples on session to a customer – Discard route if prefix not owned by the customer – Discard route that contains other large ISP in AS path 23

Export Policy: Filtering • Discard some route announcements – Limit propagation of routing information – Limit wiliness to accept their traffic • Examples – Don’t announce routes from one peer to another – Don’t announce routes for network-management hosts • Modify attributes of the active route – To influence the way other ASs behave • Example: AS prepending – Artificially inflate the AS path length seen by others – To convince some ASs to send traffic another way 24

Export Policy: AS prepending 25

AS is Not a Single Node 26

Hot-Potato (Early-Exit) Routing • BGP decision process – Highest local preference, shortest AS path, closest egress point, …. • Hot-potato routing – Each router selects the closest egress point 27

Causes of BGP Routing Changes • Topology changes – Equipment going up or down – Deployment of new routers or sessions • BGP session failures – Due to equipment failures, maintenance, etc. – Or, due to congestion on the physical path • Changes in routing policy – Reconfiguration of preferences – Reconfiguration of route filters • Persistent protocol oscillation – Conflicts between policies in different ASes 28

BGP Session Failure • BGP runs over TCP – BGP only sends updates when changes occur – TCP may not detect lost connectivity on its own AS 1 • Detecting a failure – Keep-alive: 60 seconds – Hold timer: 180 seconds • Reacting to a failure (hard work for the router !) – Discard all routes learned from the neighbor – Send new updates for any routes that change AS 2 29

BGP Updates in a Recent Week 7 Day BGP Profile: 8 -February-2017 00: 00 - 14 -February-2017 23: 59 (UTC+1000) Number of BGP Update Messages: Number of Prefix Updates: Number of Prefix Withdrawals: Average Prefixes per BGP Update: Average BGP Update Messages per second: Average Prefix Updates per second: 1952059 4607549 262619 2. 49 2. 82 7. 05 Peak BGP Update Message Rate per second: 2030. . (07: 51: 56 Mon, 13 -Feb-2017) Prefix Count: Updated Prefix Count: Stable Prefix Count: Origin AS Count: Updated Origin AS Count: Stable Origin AS Count: Unique Path Count: Updated Path Count: Stable Path Count: 671654 244064 427590 56554 26035 30519 291667 170597 121070 30

BGP Converges Slowly, if at All • Path vector avoids count-to-infinity – But, ASs still must explore many alternate paths – … to find the highest-ranked path that is still available • Fortunately, in practice – Most popular destinations have very stable BGP routes – And most instability lies in a few unpopular destinations • Still, lower BGP convergence delay is a goal – Can be tens of seconds to tens of minutes – High for important interactive applications – … or even conventional application, like Web browsing 31

BGP Security 32

Is BGP a “Perfect” Protocol ? • BGP mainly addresses the scale and policy issues – Allows a router to keep several routes and is very flexible in what concerns the process of selecting the best one, e. g. policy decisions – Avoids the “Count to Infinity Problem” – Is prepared for huge scales, like the Internet where it operates • However – It has a very rudimentary cost function (instead of hop count, it uses an AS count criterion) – This mainly impacts Tier-2 and 3 providers as well as multi-homed customers – Reacting to a change may be an heavy process and, due to the scale of the Internet, it reacts in tens of seconds to tens of minutes – This negatively impacts interactive applications 33

Conclusions • BGP is solving a hard problem – Routing protocol operating at a global scale – With tens of thousands of independent networks – That each have their own policy goals – And all want fast convergence • Key features of BGP – Prefix-based path-vector protocol – Incremental updates (announcements and withdrawals) – Policies applied at import and export of routes – Internal BGP to distribute information within an AS – Interaction with the IGP to compute forwarding tables 34