Network Router Configuration: From Data Mining to Policy Management

Slides:

Advertisements

Similar presentations

NOPEER Route Attribute Propose a well-known transitive advisory scope attribute Applied by originating AS to route prefixes Interpretable as advice to.

Advertisements

BGP Status Update Geoff Huston September What Happening (AS4637) Date.

Release 5.1, Revision 0 Copyright © 2001, Juniper Networks, Inc. Advanced Juniper Networks Routing Module 9: Static Routes & Routing Table Groups.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—5-1 MPLS VPN Implementation Configuring BGP as the Routing Protocol Between PE and CE Routers.

Technical Aspects of Peering Session 4. Overview Peering checklist/requirements Peering step by step Peering arrangements and options Exercises.

1 Copyright  1999, Cisco Systems, Inc. Module10.ppt10/7/1999 8:27 AM BGP — Border Gateway Protocol Routing Protocol used between AS’s Currently Version.

© J. Liebeherr, All rights reserved 1 Border Gateway Protocol This lecture is largely based on a BGP tutorial by T. Griffin from AT&T Research.

1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.

Best Practices for ISPs

An Operational Perspective on BGP Security Geoff Huston GROW WG IETF 63 August 2005.

APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.

Changed made by MF on 29/10/04 Delete Change Add –All slides Obtained Geoff Huston’s review – done on 26/10/2004 Obtained Doc Team’s proof read - done.

The Border Gateway Protocol (BGP) Sharad Jaiswal.

Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.

Network Monitoring for Internet Traffic Engineering Jennifer Rexford AT&T Labs – Research Florham Park, NJ 07932

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—4-1 Implement an IPv4-Based Redistribution Solution Assessing Network Routing Performance and.

© 2006 Cisco Systems, Inc. All rights reserved. MPLS v2.2—7-1 Integrating Internet Access with MPLS VPNs Implementing Internet Access as a Separate VPN.

Allocations vs Announcements A comparison of RIR IPv4 Allocation Records with Global Routing Announcements Geoff Huston May 2004 (Activity supported by.

BGP Policy Control.

BGP Attributes and Path Selections

BGP Best Current Practices

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network BGP Attributes and Path Selection Process.

Interconnectivity Density Compare number of AS’s to average AS path length A uniform density model would predict an increasing AS Path length (“Radius”)

Lecture 4: BGP Presentations Lab information H/W update.

Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.

APNIC Internet Routing Registry An introduction to the IRR TWNIC Meeting, 3 December 2003 Nurani Nimpuno, APNIC.

Operations in HEAnet Brian Nisbet NOC Manager. Operational Overview 30+ Technical Staff. – 75% of whom participate in NOC Duty. 60+ Clients. Expanding.

More on Internet Routing A large portion of this lecture material comes from BGP tutorial given by Philip Smith from Cisco (ftp://ftp- eng.cisco.com/pfs/seminars/APRICOT2004.

BGP Filtering (Policy Routing). BGP Filtering Can Apply our Routing Policy Controlling the sending and receiving updates Prefix Filtering AS_Path Filtering.

Information-Centric Networks04b-1 Week 4 / Paper 2 Understanding BGP Misconfiguration –Rahil Mahajan, David Wetherall, Tom Anderson –ACM SIGCOMM 2002 Main.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—6-1 Scaling Service Provider Networks Scaling IGP and BGP in Service Provider Networks.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Filtering with Prefix-Lists.

Route Selection Using Policy Controls

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Outbound Route Filtering.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Applying Route-Maps as BGP Filters.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Module Summary The multihomed customer network must exchange BGP information with both ISP.

© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network Lab 6-2 Debrief.

Bringing External Connectivity and Experimenters to GENI Nick Feamster Georgia Tech.

Route Selection Using Attributes

Border Gateway Protocol BGP-4 BGP environment How BGP works BGP information BGP administration.

© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to Multiple Service.

AS Numbers - Again Geoff Huston APNIC October 2009

BGP Deployment & Scalability

Bridging centralized programming and distributed control planes

Optimizing Routing 1. Using Multiple Routing Protocols

CS 3700 Networks and Distributed Systems

Connecting an Enterprise Network to an ISP Network

How to pass Cisco Exam in first attempt?

Scaling Service Provider Networks

CS 3700 Networks and Distributed Systems

Virtual Aggregation (VA)

Border Gateway Protocol

BGP Routing Policies.

Goals of soBGP Verify the origin of advertisements

BGP Best Current Practices

BGP supplement Abhigyan Sharma.

Interdomain Traffic Engineering with BGP

Lixin Gao ECE Dept. UMASS, Amherst

Some Thoughts on Integrity in Routing

Geoff Huston APNIC August 2009

COS 561: Advanced Computer Networks

Geoff Huston September 2002

COS 561: Advanced Computer Networks

Allocating IP Addressing by Using Dynamic Host Configuration Protocol

Peering Security DKNOG, March 14-15, 2019 Susan Forney and Walt Wollny

BGP Instability Jennifer Rexford

EVPN Interworking with IPVPN

Presentation transcript:

Network Router Configuration: From Data Mining to Policy Management Context Proposition Comparison with other approaches State of the effort Next steps

Context IPeFR ARACS? Tools Configs DBMS Config Updates Routers

What We Learned Configuration errors are common Error correction record is mixed Vendor dependence causes problems Automation is good

What Is the Problem Much of configuration is still manual (how much cut & paste is involved?) Those managing configurations have limited time Vendor expertise seems to be required for too much of provisioning management Many configuration errors are benign

Why Should We Care Some configuration errors are NOT benign The network is becoming more complex The business is highly competitive Having the ability to manage routing policy in isolation may make us more responsive to our customers

Proposition Data model that stores pure policy (or as pure as we can make it) Compose complex policies as a composition of policy atoms Isolate vendor dependencies as much as possible

Proposition Manage BGP Attributes with tables giving them names and descriptions Names could be chosen by marketing Autogenerate policy documentation Manage Private AS allocation Use current address space management to generate customer specific prefix lists

Example CUST-FACE route map Deletes updates containing: Default routes, Loopback addresses, Martians Reserved Community Values Peers, private AS’s, Confederations in AS Path Applies a mixture of: Local Preference Policy Route Scope Policy

Filter route-map CUST-FACE deny 10 match community 105 ! 0:611 (0|7018):1000-65535 route-map CUST-FACE deny 20 match ip address prefix-list CF-martians ! Default route, loopback, martians route-map CUST-FACE deny 30 match as-path 99 ! Delete routes with as-paths containing peers, ! private AS’s, and Confederations

Communities only route-map CUST-FACE permit 100 match community 109 ! 7018:90 7018:20 set local-preference 90 set community 0:2000 7018:2000 additive ! route-map CUST-FACE permit 102 match community 108 ! 7018:80 7018:20 set local-preference 80 route-map CUST-FACE permit 104 match community 107 ! 7018:70 7018:20 set local-preference 70

Add Address Matching route-map CUST-FACE permit 130 match ip address prefix-list CF-CIDR ! AT&T Addresses match community 139 ! 7018:90 set local-preference 90 set community 0:2010 7018:2010 additive ! route-map CUST-FACE permit 132 match community 138 ! 7018:80 set local-preference 80

route-map CUST-FACE permit 140 match community 149 ! 7018:90 set local-preference 90 set community 0:2000 7018:2000 additive ! Default is to advertise ! route-map CUST-FACE permit 142 match community 148 ! 7018:80 set local-preference 80 set community 0:2000 7018:2000 additive route-map CUST-FACE permit 144 match community 147 ! 7018:70 set local-preference 70 route-map CUST-FACE permit 146

Community Table ------------------------------------------------------------------------------ name value scope description ATTAGG 7018:1000 I Aggregated AT&T-owned addresses ATTAGG0 0:1000 I Aggregated AT&T-owned addresses ADVERTISE 7018:2000 I Non ATTAG routes with external visibility ADVERTISE0 0:2000 I Non ATTAG routes with external visibility NOEXPORT 7018:2010 I AT&T no-export community NOEXPORT0 0:2010 I AT&T no-export community NOPEER 7018:2500 I Routes not to be announced to peers NOPEER0 0:2500 I Routes not to be announced to peers NOCINFRA 7018:3000 I NOC infrastructure NOCINFRA0 0:3000 I NOC infrastructure NOCVIS 7018:4000 I Networks that must be visible to the NOC NOCVIS0 0:4000 I Networks that must be visible to the NOC PEER 7018:5000 I Routes learned from peers PEER0 0:5000 I Routes learned from peers EADV 0:20 E Client advertise request

Other Tables Resource Tables BadPrefixSpace RsrvdCommunitySpace MartianSpace LocalSpace LocalAS PeerAS Community ExtendedCommunity Composition Tables CommunityCommunityIn CommunityCommunityOut CommunityPref PrefixCommunity AtomicTransformations CompositeTransformations

Benefits of This Approach We can reason about and manage policy directly Change policy and let the tools generate vendor dependent configurations Vendor Independence more easily accomplished

Policy BGP policy expert Vendor A Vendor B

State of the Effort Vaporware alert We have some preliminary tables We will be starting on a tool to generate Cisco configurations very soon

What’s Next Tools for configlet generation? Tools for some other vendors router? Yet another routing policy language?

Acknowledgements Joel Gottlieb Albert Greenberg Tim Griffin Harmen Van Der Linde