Sandra Murphy sandra.murphy@sparta.com Migratory ASs (my own interpretation of draft-ga-idr-as-migration & draft-george-sidr-as-migration) Sandra Murphy.

Slides:

Advertisements

Similar presentations

BGP Overview Processing BGP Routes.

Advertisements

© 2009 Cisco Systems, Inc. All rights reserved. Cisco Public Presentation_ID 1 BGP Diverse Paths draft-ietf-grow-diverse-bgp-paths-dist-02 Keyur Patel.

Route Leaks Sandra Murphy. Is This a Route Leak? To be able to detect a route leak: Given Update with AS_PATH AS1…ASn Is this a route leak?

1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

Entire Routes Reflecting capability draft-zhang-idr-bgp-entire-routes-reflect-00.txt Zhang Renhai :

Border Gateway Protocol Ankit Agarwal Dashang Trivedi Kirti Tiwari.

CS540/TE630 Computer Network Architecture Spring 2009 Tu/Th 10:30am-Noon Sue Moon.

Path Vector Routing NETE0514 Presented by Dr.Apichan Kanjanavapastit.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

1 Network Architecture and Design Routing: Exterior Gateway Protocols and Autonomous Systems Border Gateway Protocol (BGP) Reference D. E. Comer, Internetworking.

Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.

CS Summer 2003 Lecture 3. CS Summer 2003 What is a BGP Path Attribute? BGP uses a set of parameters known as path attributes to characterize.

© 2009 Cisco Systems, Inc. All rights reserved.ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Configuring and Verifying Basic BGP Operations.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 6: Border Gateway Protocol.

APNIC eLearning: Intro to RPKI 10 December :30 PM AEST Brisbane (UTC+10)

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network BGP Attributes and Path Selection Process.

CS 3700 Networks and Distributed Systems Inter Domain Routing (It’s all about the Money) Revised 8/20/15.

Scaling iBGP. BGP iBGP –Internal BGP –BGP peering between routers in same AS –Goal: get routes from a border router to another border router without losing.

The Hebe-jebes (or He-B-GPs): Understanding the Roles of EBGP, IBGP and an IGP Using Lab 7-4, IBGP, Next Hop and Synchronization Rick Graziani Cabrillo.

© 2001, Cisco Systems, Inc. A_BGP_Confed BGP Confederations.

BGP4 - Border Gateway Protocol. Autonomous Systems Routers under a single administrative control are grouped into autonomous systems Identified by a 16.

Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.

More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.

R1R1 GD ERER ISP 1 R2R2 R3R3 R4R4 ISP 2 Normal Data Traffic AS100 AS600AS700 AS65535 AS200 Normal Operation: R1 peer to IPS1 with EBGP, and R2 peer to.

Draft-ietf-sidr-bgpsec-protocol Matt Lepinski

Secure Origin BGP: What is (and isn't) in a name? Dan Wendlandt Princeton Routing Security Reading Group.

BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.

BGPSEC : A BGP Extension to Support AS-Path Validation Matt Lepinski BBN Technologies.

Draft-ietf-sidr-bgpsec-reqs-01 diffs from -00 (Jul) sidr / IETF Taipei Randy Bush sidr bgpsec reqs 1.

The New Policy for Enterprise Networking Robert Bays Chief Scientist June 2002.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 8: BGP Confederations.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—1-1 BGP Overview Understanding BGP Path Attributes.

1 Border Gateway Protocol (BGP) and BGP Security Jeff Gribschaw Sai Thwin ECE 4112 Final Project April 28, 2005.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Module Summary The multihomed customer network must exchange BGP information with both ISP.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Lab 6-2 Debrief.

Route Selection Using Attributes

BGP L3VPN origin validation (draft-ymbk-l3vpn-origination-02) November 2012.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to Multiple Service.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Introducing Confederations.

AS Numbers - Again Geoff Huston APNIC October 2009

Fri 2 Aug 2013SIDR IETF 87 Berlin, German1 BGPSEC Protcol Error Handling IETF 87 Berlin, Germany Wednesday, 31 Jul 2013 Friday, 2 Aug 2013.

BGPSEC Protocol (From -01 to -02 and on to -03) Matt Lepinski.

Migratory ASs Sandra Murphy

ISP Workshop Agenda Phithakkit Phasuk.

Connecting an Enterprise Network to an ISP Network

Boarder Gateway Protocol (BGP)

Scaling Service Provider Networks

Connecting an Enterprise Network to an ISP Network

BGP 1. BGP Overview 2. Multihoming 3. Configuring BGP.

Border Gateway Protocol

BGP (cont) 1. BGP Peering 2. BGP Attributes

BGP supplement Abhigyan Sharma.

Interdomain Traffic Engineering with BGP

BGPSEC Potential Optimizations for AS-PATH Prepending and Transparent Route Servers. sidr wg / Québec City Doug Montgomery

Lixin Gao ECE Dept. UMASS, Amherst

COS 561: Advanced Computer Networks

draft-mohanty-bess-ebgp-dmz-00 IETF 101, London

Connecting an Enterprise Network to an ISP Network

Geoff Huston APNIC August 2009

COS 561: Advanced Computer Networks

Scaling Service Provider Networks

COS 561: Advanced Computer Networks

COS 561: Advanced Computer Networks

BGP Security Jennifer Rexford Fall 2018 (TTh 1:30-2:50 in Friend 006)

A tiny little microchip

BGP Route Reflectors and Confederation

PW Control Word Stitching

Presentation transcript:

Sandra Murphy sandra.murphy@sparta.com Migratory ASs (my own interpretation of draft-ga-idr-as-migration & draft-george-sidr-as-migration) Sandra Murphy sandra.murphy@sparta.com 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL Before Merger ISP B ISP A CE-1 ---> PE-1 ------------------------> PE-2 -------------------> CE-2 100 Old_ASN: 300 Old_ASN: 200 400 AS_PATHs in UPDATES 100 300,100 200,300,100 29 Sep 2012 SIDR interim Amsterdam, NL

Reconfig Before Migration ISP A’ ISP A’ CE-1 ---> PE-1 ------------------------> PE-2 -------------------> CE-2 100 New_ASN: 200 New_ASN: 200 400 AS_PATHs in UPDATES 100 100 200,100 But this requires reconfiguration of CE-1 with the new ASN for PE-1 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL Migration ISP B ISP A CE-1 ---> PE-1 ------------------------> PE-2 -------------------> CE-2 100 Old_ASN: 300 Old_ASN: 200 400 New_ASN:200 New_ASN:200 AS_PATHs in UPDATES 100 300,100 200,300,100 Use Local_AS configuration option CE-1 does not need to be upgraded But 300 gets inserted into AS_PATH 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL Migration ISP B ISP A CE-1 ---> PE-1 ------------------------> PE-2 -------------------> CE-2 100 Old_ASN: 300 Old_ASN: 200 400 New_ASN:200 New_ASN:200 AS_PATHs in UPDATES 100 100 200,100 Use Local_AS and no-prepend configuration options CE-1 does not need to be upgraded 300 does not get inserted into AS_PATH 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL Migration ISP B ISP A CE-1 <--------- PE-1 <------------------------ PE-2 <------------------- CE-2 100 Old_ASN: 300 Old_ASN: 200 400 New_ASN:200 New_ASN:200 AS_PATHs in UPDATES 300,200,400 400 400 Use Local_AS and no-prepend configuration options CE-1 does not need to be upgraded 300 gets inserted into AS_PATH toward CE-1 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL Migration ISP B ISP A CE-1 <--------- PE-1 <------------------------ PE-2 <------------------- CE-2 100 Old_ASN: 300 Old_ASN: 200 400 New_ASN:200 New_ASN:200 AS_PATHs in UPDATES 200,400 400 400 Use Local_AS and no-prepend and replace-AS configuration options CE-1 does not need to be upgraded 300 does not get inserted into AS_PATH toward CE-1 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL How to Do That in BGPSEC 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL Notation In the following, the notation means: for the origin BGPSEC signature attribute: sig(originprefix, <target>, AS of signer, pcount) key for intermediate BGPSEC signature attributes: sig(<target>, AS of signer, pcount) key 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL BEFORE MERGER 333 | ISP A' ISP A’ CE-1 <--- PE-1 <------------------- PE-2 <--- CE-2 100 Old_ASN: 300 Old_ASN: 200 400 CE-2 to PE-2: sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig1] AS_PATH=(400) length=sum(pcount)=1 PE-2 to 333: sig(<333>,200,sig1,pcount=1)K_200-PE2 [sig2] sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig1] AS_PATH=(200,400) length=sum(pcount)=2 PE-2 to PE-1: sig(<300>,(200),sig1,pcount=1)K_200-PE2 [sig3] sig(origin(N),<200>,(400),pcount=1)K_400-CE2[sig1] PE-1 to CE-1: sig(<100>,300,sig3,pcount=1)K_300-PE1 [sig4] sig(<300>,200,sig1,pcount=1)K_200-PE2 [sig3] sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig1] AS_PATH = 300,200,400 length=sum(pcount)=3 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL MIGRATING 333 | ISP A' ISP A’ CE-1 <--- PE-1 <------------------- PE-2 <--- CE-2 100 Old_ASN: 300 Old_ASN: 200 400 New_ASN: 200 New_ASN: 200 CE-2 to PE-2: sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig11] AS_PATH=(400) length=sum(pcount)=1 PE-2 to 333: sig(<333>,200,sig11,pcount=1,sig11)K_200-PE2 [sig12] sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig11] AS_PATH=(200,400) length=sum(pcount)=2 PE-2 to PE-1: sig11 PE-1 to CE-1: sig(<100>,300,pcount=1,sig12)K_300-PE1 [sig13] sig(<300>,200,pcount=0,sig11)K_200-PE2 [sig12] sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig11] AS_PATH=(300,400) length=sum(pcount)=2 (length is NOT 3) 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL MIGRATING 333 | ISP A' ISP A’ CE-1 ---> PE-1 -------------------> PE-2 ---> CE-2 100 Old_ASN: 300 Old_ASN: 200 400 New_ASN: 200 New_ASN: 200 PE-1 to CE-1: sig(<100>,300,pcount=1,sig12)K_300-PE1 [sig13] sig(<300>,200,pcount=0,sig11)K_200-PE2 [sig12] sig(origin(N),<200>,400,pcount=1)K_400-CE2 [sig11] AS_PATH=(300,400) length=sum(pcount)=2 (length is NOT 3) Note that PE-1 is adding two signatures to the list. It is as if PE-1 had an AS hop internally. NOTE: “AS IF” PE-1 adds sig12 and sig13. sig12 is added as if PE-1 is AS200 and adds the pcount=0. sig13 is added as if PE-1 is AS300. So “AS300” authorizes “AS200” to add the pcount=0. Note that the neighbor of the AS that adds pcount=0 is the one authorizing – further ASs can not check the authorization. (For original route server motivation, neighbor is authority.) 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL MIGRATING in Other Direction – Alternative 1 333 | ISP A' ISP A’ CE-1 ---> PE-1 -------------------> PE-2 ---> CE-2 100 Old_ASN: 300 Old_ASN: 200 400 New_ASN: 200 New_ASN: 200 CE-1 to PE-1: sig(origin(N2),<300>,100,pcount=1)K_100-CE1 [sig21] AS_PATH=(100) length=sum(pcount)=1 PE-1 to PE-2: sig(<200>,300,pcount=0,sig21)K_300-PE1 [sig22] sig(origin(N2),<300>,100,pcount=1)K_100-CE1 [sig21] AS_PATH=(300,100) length=sum(pcount)=1 PE-2 to CE-2: sig(<400>,200,pcount=1,sig22)K_200-PE2 [sig23] sig(<200>,300,pcount=0,sig21)K_300-PE1 [sig22] sig(origin(N2),<300>,100,pcount=1)K_100-CE1 [sig21] AS_PATH=(200,300,100) length=sum(pcount)=2 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL MIGRATING in Other Direction – Alternative 1 333 | ISP A' ISP A’ CE-1 ---> PE-1 -------------------> PE-2 ---> CE-2 100 Old_ASN: 300 Old_ASN: 200 400 New_ASN: 200 New_ASN: 200 PE-1 to PE-2: sig(<200>,300,pcount=0,sig21)K_300-PE1 [sig22] sig(origin(N2),<300>,100,pcount=1)K_100-CE1 [sig21] AS_PATH=(300,100) length=sum(pcount)=1 PE-1 is the one doing the migration, so it makes sense that it is the one that has to take special action. but this is an ibgp session and not normal to be adding bgpsec attrb on ibgp session. Again, this is working as if there was a ebgp hop internal to PE1, at least as far as the bgpsec attributes 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL MIGRATING in Other Direction – Alternative 2 333 | ISP A' ISP A’ CE-1 ---> PE-1 -------------------> PE-2 ---> CE-2 100 Old_ASN: 300 Old_ASN: 200 400 New_ASN: 200 New_ASN: 200 CE-1 to PE-1: sig(origin(N2),<300>,100,pcount=1)K_100-CE1 [sig21] AS_PATH=(100) length=sum(pcount)=1 PE-1 to PE-2: sig21 PE-2 to CE-2: sig(<400>,200,pcount=1,sig22)K_200-PE2 [sig23] sig(<200>,300,pcount=0,sig21)K_300-PE1 [sig22] sig(origin(N2),<300>,100,pcount=1)K_100-CE1 [sig21] AS_PATH=(200,300,100) length=sum(pcount)=2 29 Sep 2012 SIDR interim Amsterdam, NL

SIDR interim Amsterdam, NL MIGRATING in Other Direction – Alternative 2 333 | ISP A' ISP A’ CE-1 ---> PE-1 -------------------> PE-2 ---> CE-2 100 Old_ASN: 300 Old_ASN: 200 400 New_ASN: 200 New_ASN: 200 CE-1 to PE-1: sig(origin(N2),<300>,100,pcount=1)K_100-CE1 [sig21] AS_PATH=(100) length=sum(pcount)=1 PE-1 to PE-2: sig21 PE-2 to CE-2: sig(<400>,200,pcount=1,sig22)K_200-PE2 [sig23] sig(<200>,300,pcount=0,sig21)K_300-PE1 [sig22] sig(origin(N2),<300>,100,pcount=1)K_100-CE1 [sig21] AS_PATH=(200,300,100) length=sum(pcount)=2 Defined behavior is that bgpsec attribute is added on ebgp sessions only. But this means that PE-2 has to know what other PE’s are migrating. (Non-starter) 29 Sep 2012 SIDR interim Amsterdam, NL