IP Network Configuration for Traffic Engineering Anja Feldmann

IP Network Configuration for Traffic Engineering Anja Feldmann Jennifer Rexford AT&T Labs - Research Presented by Zihui Ge 11/21/2000

Outline Introduction n Network model n Router configuration n Netdb examples n Conclusion n

Nightmare! -Configure IP Router n Configuring IP routers is extremely complicated n n n Diversity of network equipment Large number of configuration options Interaction of configuration parameters across multiple routers Rapid changes to network Limited configuration tools Severe consequences of error by manual configuration of individual routers

HELP! -An Abstract model n Need an ACCURATE network-wide CONSISTENT ABSTRACT view of network configuration. Guide router configuration. n Help in error detection. n

What need to be modeled? n Physical components • Routers, interfaces n Physical and logical connectivity • Links, BGP sessions n Routing protocols • Static routes, OSPF, BGP n Access control • Packet filters, route filters

A peek on author’s model. Object Router Attributes router name, {loopback IP address}, location, {interface}, {global setting} Interface router, interface name, {(IP address, IP prefix)}, capacity, OSPF weight, queuing strategy, status (up/down), {access list}, {static route} IP prefix, link type (backbone/edge), OSPF area, Link {interface} Access list IP prefix, permit/deny, {(interface, packet/route, in/out)} Static route IP prefix, tag (administrative weight), {interface} BGP router, remote peer (IP address), remote AS, i. BGP/e. BGP, {filter policy}, {interface}, {session attribute}

Think about router. Router n n Typically consists of a route processor, a switching fabric, a collection of interfaces. Route processor construct forwarding table based on information of intradomain and interdomain routing protocol Route processor is identified by loopback IP addresses Router name, {loopback IP address}, location, {interface}, {global setting}

Think about interface. n n Position in the router(indicated by interface name). Each interface has a primary IP address and may have one or more secondary IP addresses; each IP address is associated with a particular prefix. n n n 12. 34. 56. 77 in prefix 12. 34. 56. 76/30 Could associate with static routes , filters. Router, interface name, {(IP address, IP prefix)}, capacity, queuing strategy, status (up/down), {access list}, {static route}, OSPF weight

Think about link. n n Link is a physical media. Addressing: IP prefix. n n Ethernet or FDDI may have smaller mask length Backbone link VS. edge link n n n 12. 34. 56. 76/30 Two ends 12. 34. 56. 77 & 12. 34. 56. 78 All interfaces in the same AS? Participate in intradomain or interdomain routing? IP prefix, link type (backbone/edge), {interface}, OSPF area

Think about OSPF. n n Link state protocol. OSPF routers exchange weight information and compute shortest path n n n Extension for scalability: n n Use flooding to propagate link-state update. Length of path is defined as sum of weight Routing hierarchy(OSPF areas) Each link belongs to SAME OSPF area Attribute “OSPF weight” in interface object Attribute “OSPF area” in link object

Think about static route. n Provides a simple way to associate destination prefixes with edge interfaces. n n n Advertise static route via OSPF or i. BGP. n n The router knows to direct packets destined to some prefix to the appropriate next-hop interface. Doesn’t ensure that the rest of the network knows how to reach this destination prefix. administrative weight IP prefix, tag (administrative weight), {interface}

Think about BGP n n n Distance Vector. Filter policy contains import and export policies. BGP object corresponds to one end point of a BGP session(Addressing the session peer). How to reach the remote end? (Interface) Confederation, route reflectors? router, remote peer (IP address), remote AS, i. BGP/e. BGP, {filter policy}, {interface}, {session attribute}

Think about filter. n Packet filters n firewall n detect spoofed source IP address. Route filter n Custom-Provider n avoids problem caused by misconfigured BGP policies in downstream routers. n Access list n n IP prefix, permit/deny, {(interface, packet/route, in/out)}

Cool! We did it! Object Router Attributes router name, {loopback IP address}, location, {interface}, {global setting} Interface router, interface name, {(IP address, IP prefix)}, capacity, OSPF weight, queuing strategy, status (up/down), {access list}, {static route} IP prefix, link type (backbone/edge), OSPF area, Link {interface} Access list IP prefix, permit/deny, {(interface, packet/route, in/out)} Static route IP prefix, tag (administrative weight), {interface} BGP router, remote peer (IP address), remote AS, i. BGP/e. BGP, {filter policy}, {interface}, {session attribute}

Where to get information? Potential Data Sources n SNMP MIBs • Basic traffic statistics n Topology discovery tools • traceroute, pathchar • Active measure: topology, link capacity, … n Route monitoring • Passive monitor: BGP, OSPF link state update n Router configuration files • Physical and logical connectivity, link capacity, routing protocols, access lists, …

Router Configuration Files n Cisco’s Internet Operating System(ISO) serves as a de facto standard for router configuration. n Access configuration files Complete n Consistent (snapshot) n

A sample file

Dependencies Within a File n Domain(Section)-Independent n Referencing undefined items • Undefined access-list, route-map, … • Similar to compile error: undefined variable n Unused items • Similar to compile warning: unused variable

Dependencies Within a File n Domain-Dependent n Inconsistent definitions • “Speed” in channel-group • “Bandwidth” in interface entry • Missing “IP classless” will cause the router to discard packets destined to an IP prefix that is not aligned with octet boundaries. n Dependence on default parameters • Missing OSPF area in the router section (router won’t participate in OSPF) • Missing OSPF weight in interface section (default weight is set inversely proportional to capacity)

Dependencies Across Files n Inconsistent definitions n Router level Significance (will not cause inconsistency) • Similar to local variable • For example: access-list n Network wide Significance (problematic) • Similar to External variable or function • A backbone link with interfaces on two routers: two routers should agree on the selection of an OSPF area.

Dependencies Across Files n Inconsistent references to remote nodes(even worse) e. BGP session: peer router resides outside backbone, on different organization n Two routers: n • Neighbor 10. 1. 2. 3 remote-as 1 • Neighbor 10. 1. 2. 3 remote-as 2

Netdb is a Perl script that parses configuration files in Cisco IOS formation n Populates the network model and detects possible configuration errors for AT&T Common IP Backbone. n n Running time < 2 minutes

Netdb step 1 read configuration files of all routers read keywords for global settings and section names forall routers { identify section boundaries parse global variables check global variables }

Netdb step 2 foreach section in (controllers, access lists, interfaces, other filter sections, static routes, OSPF, BGP) { read section keywords read customization input files forall routers parse section and check keywords, network model violations forall routers perform error checks }

STEP 2 - implementation n Multiple passes. • Parse and load all file into memory n Strict sequence: Controllers <. . < BGP • Earlier sections do not depend on later sections • Processing later section requests previous section complete.

STEP 2 -What do we miss? There is no LINK section in configuration file! n Link Object is created for the first occurrence of a prefix in interface section, and associated with the IP address of the particular interface. n It is extended to include the IP address of other interfaces if the prefix reappears. n

Netdb step 3 forall routers { forall objects report unassigned attributes forall statements report unused statements }

Examples of netdb error messages router 1: unknown interface keyword: hold-queue value: . . . router 2: ROUTE-MAP ERROR: community 1000 undefined ROUTEMAP 1: community 1000 1010 router 3: OSPF ERROR: ospf network 10. 127. 6. 132/30 should either be in area 14 or 3 router 4: OSPF ERROR: network: 10. 126. 212. 0 0. 0. 0. 3 area 2 with only one IP address 10. 126. 212. 2 router 5: OSPF ERROR: network: 10. 126. 12. 172 0. 0. 0. 3 area 3 with no IP address router 6: BGP ERROR: cannot resolve IP: 10. 11. 12. 56 from. . . BGP statement. . .

Examples-2 Error messages for policy violations. n n n n router 1: GLOBAL ERROR: missing parameter BGPCOMMUNITY router 2: GLOBAL ERROR: incorrect parameter CEF value: ip cef router 3: ACL WARNING: default acl 6 missing router 3: ACL WARNING: default acl 7 differs from specification: deny 172. 0. 0. 0/8 router 4: ACL ERROR: VPN customer needs in and out ACL; (customer ABCDE) router 5: CONTROLLER ERROR: missing clock sync for interface Serial 2/1/0: 2 router 6: BGP ERROR: wrong rr definition for rr client 10. 126. 236. 3 with peer-group abc

Conclusion A network model for traffic engineering n A method to ensure network consistency n A tool, netdb, to identify configuration errors n

Thanks! Happy thanks giving!