BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged NANOG 31 May 23-25, 2004 Timothy G. Griffin Intel Research, Cambridge UK

Slides:



Advertisements
Similar presentations
Multihoming and Multi-path Routing
Advertisements

Multihoming and Multi-path Routing
1 Robert Lychev Sharon GoldbergMichael Schapira Georgia Tech Boston University Hebrew University.
1 Interdomain Traffic Engineering with BGP By Behzad Akbari Spring 2011 These slides are based on the slides of Tim. G. Griffin (AT&T) and Shivkumar (RPI)
Does BGP Solve the Shortest Paths Problem? Timothy G. Griffin Joint work with Bruce Shepherd and Gordon Wilfong Bell Laboratories, Lucent Technologies.
Part IV BGP Modeling. 2 BGP Is Not Guaranteed to Converge!  BGP is not guaranteed to converge to a stable routing. Policy inconsistencies can lead to.
1 Interdomain Routing Protocols. 2 Autonomous Systems An autonomous system (AS) is a region of the Internet that is administered by a single entity and.
Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK
Interdomain Routing and The Border Gateway Protocol (BGP) CL Oct 27, 2004 Timothy G. Griffin Intel Research, Cambridge UK
COMS W COMS W Lecture 6. Dynamic routing protocols II 1.Dynamic Routing Protocols: Link State Routing 2.Intra-Domain Routing Protocols: OSPF.
Interdomain Routing and The Border Gateway Protocol (BGP)
Swinog-3, 19 September 2001 Fabien Berger, BGP Oscillation …the Internet routing protocol is diverging! Fabien Berger CCIE#6143 IP-Plus.
Part II: Inter-domain Routing Policies. March 8, What is routing policy? ISP1 ISP4ISP3 Cust1Cust2 ISP2 traffic Connectivity DOES NOT imply reachability!
STABLE PATH PROBLEM Presented by: Sangeetha A. J. Based on The Stable Path Problem and Interdomain Routing Timothy G. Griffin, Bruce Shepherd, Gordon Wilfong.
An open problem in Internet Routing --- Policy Language Design for BGP Nov 3, 2003 Timothy G. Griffin Intel Research, Cambridge UK
1 Tutorial 5 Safe “Peering Backup” Routing With BGP Based on:
Practical and Configuration issues of BGP and Policy routing Cameron Harvey Simon Fraser University.
Tutorial 5 Safe Routing With BGP Based on: Internet.
Interdomain Routing and The Border Gateway Protocol (BGP) Courtesy of Timothy G. Griffin Intel Research, Cambridge UK
Internet Networking Spring 2004 Tutorial 5 Safe “Peering Backup” Routing With BGP.
W4140 Network Laboratory Lecture 9 Nov 12 - Fall 2006 Shlomo Hershkop Columbia University.
On the Death of BGP MSN July 8, 2004 Timothy G. Griffin Intel Research, Cambridge UK
BGP: Inter-Domain Routing Protocol Noah Treuhaft U.C. Berkeley.
Stable Internet Routing Without Global Coordination Jennifer Rexford Princeton University Joint work with Lixin Gao (UMass-Amherst)
Slide -1- February, 2006 Interdomain Routing Gordon Wilfong Distinguished Member of Technical Staff Algorithms Research Department Mathematical and Algorithmic.
Interdomain Routing Establish routes between autonomous systems (ASes). Currently done with the Border Gateway Protocol (BGP). AT&T Qwest Comcast Verizon.
Inherently Safe Backup Routing with BGP Lixin Gao (U. Mass Amherst) Timothy Griffin (AT&T Research) Jennifer Rexford (AT&T Research)
Announcement Paper summary due at 11:59PM before the class Sometimes there are two papers which are closely related. In your summary –Share the problem.
Internet Routing (COS 598A) Today: Multi-Homing Jennifer Rexford Tuesdays/Thursdays 11:00am-12:20pm.
Economic Incentives in Internet Routing Jennifer Rexford Princeton University
BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged JaNOG / Kyushu
Stable Internet Routing Without Global Coordination Jennifer Rexford AT&T Labs--Research
Stable Internet Routing Without Global Coordination Jennifer Rexford AT&T Labs--Research Joint work with Lixin Gao.
Jennifer Rexford Fall 2010 (TTh 1:30-2:50 in COS 302) COS 561: Advanced Computer Networks Stub.
NOC Lessons Learned TEIN2 and CERNET Xing Li
© 2009 Cisco Systems, Inc. All rights reserved. ROUTE v1.0—6-1 Connecting an Enterprise Network to an ISP Network BGP Attributes and Path Selection Process.
Redundancy, Symmetry and Load Balancing Presented by Sagi Shporer.
Egress Route Selection for Interdomain Traffic Engineering Design considerations beyond BGP.
How Secure are Secure Inter- Domain Routing Protocols? SIGCOMM 2010 Presenter: kcir.
Commercial Peering Service Community Attribute Use in Internet2 CPS Caren Litvanyi lead network engineer peering team Internet2 NOC GigaPoP Geeks BOF January.
Lecture 4: BGP Presentations Lab information H/W update.
Jennifer Rexford Fall 2014 (TTh 3:00-4:20 in CS 105) COS 561: Advanced Computer Networks BGP.
Border Gateway Protocol (BGP) W.lilakiatsakun. BGP Basics (1) BGP is the protocol which is used to make core routing decisions on the Internet It involves.
R1R1 GD ERER ISP 1 R2R2 R3R3 R4R4 ISP 2 Normal Data Traffic AS100 AS600AS700 AS65535 AS200 Normal Operation: R1 peer to IPS1 with EBGP, and R2 peer to.
Can the Border Gateway Protocol (BGP) be fixed? UCL Oct 15, 2003 Timothy G. Griffin Intel Research, Cambridge UK
Interdomain Routing and BGP Routing NJIT May 3, 2003 Timothy G. Griffin AT&T Research
Mike Freedman Fall 2012 COS 561: Advanced Computer Networks Traffic Engineering.
The New Policy for Enterprise Networking Robert Bays Chief Scientist June 2002.
Route Selection Using Policy Controls
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to a Single Service.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Understanding Customer-to-Provider Connectivity.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—3-1 Route Selection Using Policy Controls Using Multihomed BGP Networks.
Internet Routing Verification John “JI” Ioannidis AT&T Labs – Research Copyright © 2002 by John Ioannidis. All Rights Reserved.
Route Selection Using Attributes
Text BGP Basics. Document Name CONFIDENTIAL Border Gateway Protocol (BGP) Introduction to BGP BGP Neighbor Establishment Process BGP Message Types BGP.
Network Engineering (NOC) Workshop in APAN Challenges in Layer 3 – Operation Experiences Xing Li :00-17:30.
CSci5221: BGP Policies1 Inter-Domain Routing: BGP, Routing Policies, etc. BGP Path Selection and Policy Routing Stable Path Problem and Policy Conflicts.
© 2005 Cisco Systems, Inc. All rights reserved. BGP v3.2—5-1 Customer-to-Provider Connectivity with BGP Connecting a Multihomed Customer to Multiple Service.
Connecting an Enterprise Network to an ISP Network
COS 561: Advanced Computer Networks
BGP supplement Abhigyan Sharma.
Interdomain Traffic Engineering with BGP
Guide: Dr. Vishal Sharma Group 8: Pujara Chirag ( )
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
COS 561: Advanced Computer Networks
Nadi, Fiji 2 September :00-17:30
BGP Policies Jennifer Rexford
BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged
COS 561: Advanced Computer Networks
Presentation transcript:

BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged NANOG 31 May 23-25, 2004 Timothy G. Griffin Intel Research, Cambridge UK

BGP Wedgie BBP policies make sense locally Interaction of local policies allows multiple global solutions Some solutions are consistent with intended policies, and some are not Manual intervention is required to kick the system back to an intended solution When unintended solutions are installed, no single AS has enough global knowledge to effectively debug the problem

3 Shedding Inbound Traffic with ASPATH Prepending Prepending will (usually) force inbound traffic from AS 1 to take primary link AS /24 ASPATH = customer AS 2 provider /24 backupprimary /24 ASPATH = 2 Yes, this is a Glorious Hack …

4 … But Padding Does Not Always Work AS /24 ASPATH = customer AS 2 provider /24 ASPATH = 2 AS 3 provider AS 3 will send traffic on “backup” link because it prefers customer routes and local preference is considered before ASPATH length! Padding in this way is often used as a form of load balancing backupprimary

5 COMMUNITIES to the Rescue! AS 1 customer AS 2 provider /24 ASPATH = 2 AS 3 provider backupprimary /24 ASPATH = 2 COMMUNITY = 3:70 Customer import policy at AS 3: If 3:90 in COMMUNITY then set local preference to 90 If 3:80 in COMMUNITY then set local preference to 80 If 3:70 in COMMUNITY then set local preference to 70 AS 3: normal customer local pref is 100, peer local pref is 90

Don’t Celebrate Just Yet…. customer peering provider/customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) Now, customer wants a backup link to C…. provider/customer

Customer installs a “backup link” … customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) customer sends community that lowers local preference below a provider’s primary backup

Disaster Strikes! customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) primary backup customer is happy that backup was installed …

The primary link is repaired, yet routing does repair! customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) primary backup One “solution” --- reset BGP session on backup link! This is a stable BGP routing! Better --- C should translate its depref communities to those of Provider A when exporting routes to A.

Ouch LoadBalancer BELL NET NetNet (Tier 2) HappyPackets (Tier 2) backup primary CIRCUIT NET P1P2 backup primary

What the heck is going on? There is no guarantee that a BGP configuration has a unique routing solution. –When multiple solutions exist, the (unpredictable) order of updates will determine which one is wins. There is no guarantee that a BGP configuration has any solution! –And checking configurations NP-Complete Complex policies (weights, communities setting preferences, and so on) increase chances of routing anomalies. –… yet this is the current trend!

More fun with communities …. customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) backup I Provider D (Tier 2) backup II backup II: customer sends community that lowers preference below peer’s but above provider’s primary

Primary goes down! customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) backup I Provider D (Tier 2) backup II primary

Primary repaired customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) backup I Provider D (Tier 2) backup II primary

Reset Backup I session? First, take it down…. customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) backup I Provider D (Tier 2) backup II primary

Now Bring it up … customer Provider B (Tier 1) Provider A (Tier 1) Provider C (Tier 2) backup I Provider D (Tier 2) backup II primary “solution” --- reset BGP session on BOTH backup links simultaneously!

BGP Wedgie BBP policies make sense locally Interaction of local policies allows multiple global solutions Some solutions are consistent with intended policies, and some are not Manual intervention is required to kick the system back to an intended solution When unintended solutions are installed, no single AS has enough global knowledge to effectively debug the problem

Recommendations

Interdomain communities that can tweak a route’s preference should be defined with care and consistenty implemented.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.