CSci5221: BGP Policies1 Inter-Domain Routing: BGP, Routing Policies, etc. BGP Path Selection and Policy Routing Stable Path Problem and Policy Conflicts Stable BGP routing: Gao and Jennifer’s path selection guidelines Readings: Do the required readings

CSci5221: BGP Policies2 BGP Is Not Guaranteed to Converge! BGP is not guaranteed to converge to a stable routing. Policy inconsistencies can lead to “livelock” protocol oscillations. Goal: –Design a simple, tractable and complete model of BGP modeling –Example application: sufficient condition to guarantee convergence.

CSci5221: BGP Policies3 BGP is Solving What Problem? X can aid in the design of policy analysis algorithms and heuristics, aid in the analysis and design of BGP and extensions, help explain some BGP routing anomalies, provide a fun way of thinking about the protocol Underlying problem Shortest Paths Distributed means of computing a solution. X? RIP, OSPF, IS-IS BGP

CSci5221: BGP Policies4 Abstract Model of BGP A graph of nodes and edges, –Each node represents an AS –Each edge “connectivity” between two ASes Focus on only one prefix originated from node 0 –Node 0 is thus referred as the origin For each non-zero node v, a set of permitted paths to the origin, P v –it always contains “null path”. Ranking function  of permitted paths at node v – Null path is always least preferred

CSci5221: BGP Policies5 Separate Dynamic v Static Semantics Static semantics: –BGP policies  Stable Paths Problem Dynamic semantics: –BGP  SPVP SPVP: Simple Path Vector Protocol A distributed algorithm for solving Stable Paths Problem

CSci5221: BGP Policies6 Ranking BGP Paths Highest local Preference Shortest AS path Length Origin: IGP < EGP < INCOMPLETE -- i.e., prefer the lower ranked origin Lowest MED value EBGP is preferred over IBGP Lowest IGP cost Tie breaking (e.g. using router id)

CSci5221: BGP Policies7 Stable Paths Problem Ideal “Static” Version of BGP Path Selection Given set of permissible paths and ranking of paths at each node, Is there a “global” assignment of paths (P v at each node v) such that –P v is permissible –P v is highest ranked path among paths that are consistent with those advertised/selected by neighbors If such a path assignment exists, we say SPP has a solution most preferred … least preferred (not null)

CSci5221: BGP Policies8 A Solution to SPP Restated A solution is an assignment of permitted paths to each node such that –node u’s assigned path is either the null path or is a path uwP, where wP is assigned to node w and {u,w} is an edge in the graph, –each node is assigned the highest ranked path among those consistent with the paths assigned to its neighbors

CSci5221: BGP Policies9 A Solution to SPP A solution need not represent a shortest path tree or a spanning tree

CSci5221: BGP Policies10 Multiple Solutions May Exist First solution Second solution DISAGREE

CSci5221: BGP Policies11 Multiple Solutions Can Occur Due to Recovery: Remove primary linkRestore primary link primary link backup link

CSci5221: BGP Policies12 Bad Gadget: No Solution Stage 1: 1: [10] 2: [210] 3: [30] Stage 2: 1:[130] 2:[20] 3:[320] Back to stage 1

CSci5221: BGP Policies13 Bad Gadget: No Solution Stage 1: 1: [10] 2: [20] 3: [320] Stage 2: 1:[130] 2:[210] 3:[30] Back to stage 1

CSci5221: BGP Policies14 Has A Solution, But Can Get Trapped: As with DISAGREE, this part has two distinct solutions This part has a solution only when node 1 is assigned the direct path (1 0).

CSci5221: BGP Policies15 Has A Solution, But Can Get Trapped: As with DISAGREE, this part has two distinct solutions This part has a solution only when node 1 is assigned the direct path (1 0).

CSci5221: BGP Policies16 How To Solve An SPP? Exponential complexity Just enumerate all path assignments, And check stability of each…. NP-complete –3-SAT can be reduced to SPP

CSci5221: BGP Policies17 SPVP Protocol SPVP: Simple Path Vector Protocol Distributed Algorithms to Solve SPP –“dynamic” version of path selection Pick the best path available at any time process spvp[u] { receive P from w  { rib-in(u  w) := u P if rib(u) != best(u) { rib(u) := best(u) foreach v in peers(u) { send rib(u) to v }

CSci5221: BGP Policies18 SPVP and SPP SPVP wanders around assignment space SPP SolvableSPVP Can Diverge must converge must diverge

CSci5221: BGP Policies19 A sufficient condition for sanity If an instance of SPP has an acyclic dispute digraph, then Static (SPP) solvable Dynamic (SPVP) unique solution safe (can’t diverge) predictable restoration all sub-problems uniquely solvable robust with respect to link/node failures

CSci5221: BGP Policies20 Dispute Digraph Example BAD GADGET II CYCLE

CSci5221: BGP Policies21 Dispute Wheels u_0 u_1 u_2 u_i u_(i+1) u_k Q_0 Q_1 Q_2 Q_k Q_(I+1) Q_i R_0 R_1 R_i R_k At u_i, rank of Q_i is less than or equal to rank of R_iQ_(i+1) There exists a dispute wheel iff there exists cycle in the dispute digraph

CSci5221: BGP Policies22 Dispute Wheel Example

CSci5221: BGP Policies23 Avoiding Divergence: A Dynamic Solution? Extend SPVP with a history attribute, A route’s history contains a path in the dispute digraph that “explains” how the route was obtained, A route history will contain a dispute cycle if and only if a policy dispute is dynamically realized. If a route’s history contains a cycle, then suppress it ….

CSci5221: BGP Policies24 How to Ensure No Policy Conflicts Strawman Proposal: Perform Global Policy Check Require each AS to publish its policies Detect and resolve conflicts Problems: ASes typically unwilling to reveal policies Checking for convergence is NP-complete Failures may still cause oscillations

CSci5221: BGP Policies25 Think Globally, Act Locally Key features of a good solution –Safety: guaranteed convergence –Expressiveness: allow diverse policies for each AS –Autonomy: do not require revelation/coordination –Backwards-compatibility: no changes to BGP Local restrictions on configuration semantics –Ranking –Filtering

CSci5221: BGP Policies26 Gao and Rexford Scheme Permit only two business arrangements –Customer-provider –Peering Constrain both filtering and ranking based on these arrangements to guarantee safety Surprising result: these arrangements correspond to today’s (common) behavior Gao & Rexford, “Stable Internet Routing without Global Coordination”, IEEE/ACM ToN, 2001

CSci5221: BGP Policies27 Relationship #1: Customer-Provider Filtering –Routes from customer: to everyone –Routes from provider: only to customers From the customer To other destinations From other destinations To the customer providers customer advertisements traffic customer providers

CSci5221: BGP Policies28 Relationship #2: Peering Filtering –Routes from peer: only to customers –No routes from other peers or providers advertisements traffic customer peer

CSci5221: BGP Policies29 Rankings Prefer routes from customers over routes from peers Prefer routes from peers over routes from providers provider peer customer

CSci5221: BGP Policies30 Additional Assumption: Consistent AS Hierarchy Disallowed!

CSci5221: BGP Policies31 Safety: Proof Sketch System state: the current route at each AS Activation sequence: revisit some router’s selection based on those of neighboring ASes

CSci5221: BGP Policies32 Activation Sequence: Intuition Activation: emulates a message ordering –Activated router has received and processed all messages corresponding to the system state “Fair” activation: all routers receive and process outstanding messages

CSci5221: BGP Policies33 Safety: Proof Sketch State: the current route at each AS Activation sequence: revisit some router’s selection based on those of neighboring ASes Goal: find an activation sequence that leads to a stable state Safety: satisfied if that activation sequence is contained within any “fair” activation sequence

CSci5221: BGP Policies34 Proof, Step 1: Customer Routes Activate ASes from customer to provider –AS picks a customer route if one exists –Decision of one AS cannot cause an earlier AS to change its mind An AS picks a customer route when one exists

CSci5221: BGP Policies35 Proof, Step 2: Peer & Provider Routes Activate remaining ASes from provider to customer –Decision of one Step-2 AS cannot cause an earlier Step-2 AS to change its mind –Decision of Step-2 AS cannot affect a Step-1 AS AS picks a peer or provider route when no customer route is available

CSci5221: BGP Policies36 Ranking and Filtering Interactions Allowing more flexibility in ranking –Allow same preference for peer and customer routes –Never choose a peer route over a shorter customer route … at the expense of stricter AS graph assumptions –Hierarchical provider-customer relationship (as before) –No private peering with (direct or indirect) providers Peering

CSci5221: BGP Policies37 Some problems Requires acyclic hierarchy (global condition) Cannot express many business relationships Abovenet Verio PSINet Sprint Customer Question: Can we relax the constraints on filtering? What happens to rankings?