BGP protocol characteristics (2)

Transkrypt

Traffic engineering
with BGP
Inbound and outbound
traffic control
Piotr Pacyna
Katarzyna Kosek-Szott
1
Sieci Komputerowe 2
Sieci IP
Unauthorised copying or use is prohibited
BGP protocol
- review questions
2
Sieci Komputerowe 2
Sieci IP
Review questions
 Do czego służy proces decyzyjny BGP ?
 Co jest rezultatem procesu decyzyjnego BGP ?
 Co się dzieje z rezultatami procesu decyzyjnego BGP ? Jak są wykorzystywane ?
 Jaką rolę pełnią tzw. atrybuty BGP ? Jakie są typy (rodzaje) atrybutów ?
 Jakie są kolejne kryteria decyzyjne procesu decyzyjnego BGP ?
 Jakie warunki konieczne musi spełniać prefiks BGP, aby mógł być wzięty pod uwagę
przez proces decyzyjny BGP ?
 Do czego służą atrybuty LOCAL_PREFERENCE oraz MULTI_EXIT_DISCRIMINATOR ?
3
Sieci Komputerowe 2
Sieci IP
BGP protocol
4
Sieci Komputerowe 2
Sieci IP
 Goal: select the best path towards destination across several transit domains
 The best path has a different meaning for diferent ISPs but it often means the
cheapest path (cheapest for the service provider)
 When selecting ‘the best path’, BGP takes into account various information
available about the path. The information is carried in BGP attributes.
5
Sieci Komputerowe 2
Sieci IP
 BGP advertises network prefixes, along with path attributes. Attributes include AS path
attribute that determines the path to reach the network(s) named in the prefix.
 AS path is a list of autonomous systems that need to be traversed to reach the network.
 BGP path attributes convey additional information, which can be considered by a BGP decision
process when selecting the best path.
 BGP path attributes can include attributes, such as LOC_PREF and MED.
 BGP decision process selects one path for each prefix. The best path is installed in the routing
table.
 BGP decision process is effective when there are two or more paths to choose from, for a given
prefix.
 Reachability of the BGP Next Hop is the precondition to consider a path by the BGP decision
process.
 The best path can be advertised to other domains, depending on export policy. Every AS is
autonomous: it has the right to advertise (or not to advertise) a path for some prefix.
 If the prefix is advertised, the AS must be prepared to accept and forward traffic to the named
network.
6
Sieci Komputerowe 2
Sieci IP
BGP Decision Process
1.
2.
3.
4.
Prefer the highest value of LOCAL_PREF
Prefer paths locally computed on the router
Prefer paths with shortest AS_PATH length
Prefer paths of lowest origin code
( IGP < EGP < incomplete )
5. Prefer the lowest value of MULTI_EXIT_DISC
6. Prefer the lowest value of metric to the
NEX_HOP rtr
7
Sieci Komputerowe 2
Sieci IP
LAB overview
8
Sieci Komputerowe 2
Sieci IP
Objective of this exercise
The objective of this laboratory exercise is to show the propagation of prefixes
between ISPs in multi-homing scenario. We will see that an ISP can manipulate
the prefix during propagation and processing to satisfy its own goals regarding
path selection. By doing this an ISP can implement its own policies for inbound and
outbound flows.
Specifically, we will see that:
 an ISP can influence path selection process carried out by its own BGP routers
and thus can influence the path for outbound traffic.
 an ISP can attempt to influence path selection process made by routers that
belong to neighbor ISPs and thus to try influence the path for inbound traffic.
9
Sieci Komputerowe 2
Sieci IP
Exercise outline
The general idea is to insert additional information into BGP Update messages.
This extra information will be propagated with the prefix and evaluated by BGP
routers during BGP decision process.
The BGP decision process is known. As a result of the BGP decision process
appropriate routes will be installed in routing tables of BGP routers. Inter-domain
traffic will be routed following the routes.
In the exercise first we will change the routes for outbound traffic. Next, we will try
to influence the path along which traffic arrives into our local domain (inbound
traffic).
The exercise is organised into two parts.
10
Sieci Komputerowe 2
Sieci IP
Part I
Outbound traffic control
with LocPref
11
Sieci Komputerowe 2
Sieci IP
Part I Outline
In Part I we will influence path selection for outbound traffic, i.e. for traffic
originated in our local AS, destined to a network in another AS.
Idea:
 Path selection for outbound traffic is carried out in our local AS by BGP routers,
which determine the egress router for the traffic.
Method:
 Normally, the selection of the best path, including selection of the egress router,
is determined by the BGP decision process. The decision is based on path
attributes.
 The choice of the preferred egress router can be influenced by modifying path
attributes for a prefix, while knowing how the decision is made, i.e. while
knowing how BGP best path selection works.
 Technically speaking, a prefix is manipulated and admitted (propagated) into
local AS to let routers decide. Local AS routers select the path, which is
“preferred”, over any other path(s), in accordance with the BGP decision process.
12
Sieci Komputerowe 2
Sieci IP
Example: the use of Local Preference attribute for
controlling outbound traffic
AS1 view (provider view)
Import: from AS2 RX at R1 set localpref=300;
from AS2 RX at R2 set localpref=100;
accept AS2
AS 1
Export: to AS2 RX at R1 announce ANY
to AS2 RX at R2 announce ANY
R2
R1
155
2
AS2 view (customer view)
Import: from AS1 R1 at RX set localpref=200;
from AS1 R2 at RX set localpref=100;
accept ANY
RX
AS 2
Export: to AS1 R1 at RX announce AS2
to AS1 R2 at RX announce AS2
13
Sieci Komputerowe 2
Sieci IP
Example for Local Preference
In the figure LocPref is set in AS2 on the received prefix
10.10.1.0 / 24 (the prefix is received from AS1 directly
and from AS1 via AS3).
The LocPref values indicate that BGP routers in AS2
”should prefer” path via AS3 to network 10.10.1.0 / 24.
AS1
AS3
Net 10.10.1.0 ¨ 24
LocPref 200
LocPref 70
AS2
14
Sieci Komputerowe 2
Sieci IP
Lab exercise - network topology
AS2 (provider) perspective
PC
 zebra is ‘up and running’
 interfaces are up
 networks are configured
 note the networks:
10.10.1.0/24 in AS1
 10.10.3.0/24 in AS3
e0=.1
net. Z.
10.10.5.0/24
e2=.3
R23
e1=.3
e0=.3
=70
e1=.2
 need to configure R21 and R22 with LocPref
… but first check configuration of R31
AS 3
e1=.1
LocPref
=200
R21
net. C.
192.168.3.0/30
e0=.2
R22
ne t. B
19 2.16 8.2.0 /3
0
Q1: Which paths will be selected by R23 for
networks 10.10.1.0/24 and 10.10.3.0/24 before
LocPref is installed ?
net. G
10. 10.2.0/24
AS 2LocPref
10 n
. 1 e t.
0. D
4.
0/
24
e0=.2
e0=.1
R12
R11
e1=.1
10.10.1.0/24
AS 1
e0=.2
e0=.1
net. A.
R31 192.168.1.0/30
10.10.3.0/24
15
Sieci Komputerowe 2
Sieci IP
Check configuration of R31
(1)
Step 1. Check Zebra routing daemon (general config.)
view file: /etc/zebra/zebra.conf
hostname zebra
pasword zebra
interface eth0
bandwidth 100000
log file /var/log/zebra/zebra.log
16
Sieci Komputerowe 2
Sieci IP
(2)
Step 2. Check if routing daemon is properly configured
in Zebra on R31
view file: /etc/zebra/daemons
zebra=yes
bgpd=yes
ospfd=no
ospf6d=no
ripd=no
ripngd=no
17
Sieci Komputerowe 2
Sieci IP
(3)
Step 3. Verify if the BGP daemon is properly configured.
view file: /etc/zebra/bgpd.conf
hostname bgpd
password zebra
enable password zebra
[...]
debug bgp
debug bgp events
debug bgp filters
debug bgp fsm
debug bgp keepalives
debug bgp updates
18
Sieci Komputerowe 2
Sieci IP
Reachability over BGP
Run traceroute 10.10.3.1 on R23.
Q1: Which path is selected ?
Q2: Why this path has been chosen and not the other?
Q3: Is there any method to make the router R23 choose the
other path ? What are the options to do so ?
19
Sieci Komputerowe 2
Sieci IP
Router configuration:
In order to configure R21 and R22 do one of the following:
1. Edit the bgpd.conf file and restart zebra
or
2. Telnet to bgpd, configure it and then issue the
clear ip bgp * command
20
Sieci Komputerowe 2
Sieci IP
Route map – command syntax
21
Sieci Komputerowe 2
Sieci IP
Route map – a template
Use the following example to configure R21 and R22:
router bgp xxx
network nn.nn.nn.nn/mm
neighbor aa.bb.cc.dd remote-as nnnn
neighbor aa.bb.cc.dd route-map myRouteMap in
!
route-map myRouteMap permit 10
set local-preference xx
!
22
Sieci Komputerowe 2
Sieci IP
Configuration of R21
Expected configuration on router R21
hostname bgpd
password zebra
!
route-map as1-in permit 10
set local-preference 200
router bgp 2
!
neighbor 192.168.3.1 remote-as 1
neighbor 192.168.3.1 description Router12
neighbor 192.168.3.1 route-map as1-in in
neighbor 10.10.4.3 next-hop-self
!
log file /var/log/zebra/bgpd.log
23
Sieci Komputerowe 2
Sieci IP
hostname bgpd
password zebra
!
route-map as3-in permit 10
set local-preference 70
router bgp 2
network 192.168.2.0/30
neighbor 192.168.2.1 route-map as3-in in
see
http://www.getnetworking.net/
bgp/bgp-next-hop-self
to understand this
!
log file /var/log/zebra/bgpd.log
24
Sieci Komputerowe 2
Sieci IP
Testing routes from R23 to AS3
Execute traceroute again from R23 to 10.10.3.1/24
Execute ping –R from R23 to 10.10.3.1/24
............
............
............
Q1: Which is the route for data traffic to AS3 now ?
25
Sieci Komputerowe 2
Sieci IP
Part II
Inbound traffic control
with MED
26
Sieci Komputerowe 2
Sieci IP
Part II Inbound traffic
In Part II we will try to influence the paths for inbound traffic, i.e. traffic
arriving into our ISP domain.
method: it can be done by modifying attributes of AS Path messages
advertised by our BGP routers to neighbouring ASs.
By modifying attributes prior to message advertisement we will try to
influence decisions made by neighbouring BGP routers when selecting best
routes to networks located in our AS.
27
Sieci Komputerowe 2
Sieci IP
Lab. Part II: Insertion of Multiple Exit
Discriminator (MED)
AS 2
M ED = 1 0 0
M ED = 5 0
MED value is set
on prefixes advertised by AS3 in order
to ”tell” AS2 routers that AS3 ’would
like’ to receive traffic over the high
bandwidth link.
AS 3
n e t.
28
Sieci Komputerowe 2
Sieci IP
Lab. Part II: Insertion of Multiple Exit
Discriminator (MED)
AS 2
M ED = 1 0 0
MED value is set
on prefix ‘net.’
advertised by AS3
in order to ”tell everybody”
M ED = 5 0
that AS3 ’would like’ to
receive traffic for
AS 1
network ‘net.’
over high bandwidth links
M ED = 5 0
M ED = 5 0
AS 3
n e t.
Note that MED value related to the same
prefix but received in AS2 from different
Autonomous Systems will not be compared !
29
Sieci Komputerowe 2
Sieci IP
Network topology with address plan
for Part II MED. AS3 (customer) perspective
Pre-configured
network topology:
 zebra is ‘up and running’
 interfaces are up
 networks are configured
Need to configure:
R31 and R32
30
Sieci Komputerowe 2
Sieci IP
Testing routes from R23 to R31
before setting MED
Execute traceroute from R23 to 10.10.3.1/24
Q1: which path is used to route traffic to network 10.10.3.1/24 ?
31
Sieci Komputerowe 2
Sieci IP
Changing the router configuration
In order to configure R31 and R32 do one of the following:
1. Edit the bgpd.conf file, add what is needed and restart zebra
or
2. Telnet to bgpd, configure what is needed and (on R22 and R24)
issue the clear ip bgp * command
32
Sieci Komputerowe 2
Sieci IP
Route map – template
Use the following example to configure R31 and R32:
router bgp xxx
network nn.nn.nn.nn/mm
neighbor aa.bb.cc.dd remote-as nnnn
neighbor aa.bb.cc.dd route-map myRouteMap out
!
route-map myRouteMap permit 10
set metric xx
!
33
Sieci Komputerowe 2
Sieci IP
hostname bgpd
password zebra
!
route-map metricOut permit 10
set metric 100
!
router bgp 3
!
network 10.10.3.0/24
!
neighbor 192.168.2.2 route-map metricOut out
!
34
Sieci Komputerowe 2
Sieci IP
hostname bgpd
password zebra
!
route-map metricOut permit 10
set metric 70
!
router bgp 3
!
network 10.10.3.0/24
!
neighbor 192.168.4.1 route-map metricOut out
35
Sieci Komputerowe 2
Sieci IP
Testing routes from R23 to R31
after setting MED
Execute traceroute from R23 to 10.10.3.1/24
Note that traffic is routed over link R24-R32
(because of lower value of MED on that link)
36
Sieci Komputerowe 2
Sieci IP
BGP Decision Process
with LOC_PREF and MED used
simultaneously in multi-provider scenario
AS 2
AS 2
Lo c Pre f= 7 0
Lo c P re f
= 200
M ED = 5 0
AS 1
AS 1
M ED = 1 0 0
Pre f ix
M ED = 5 0
AS 3
M ED = 5 0
AS 3
Review questions:
Q1: Which path will be selected by routers in AS2 to reach AS1 in scenario
a) without any LOC_PREF and MED attributes ?,
b) with LOC_PREF only ?,
c) with MED_ only ?,
d) with both LOC_PREF and MED ?.
37
Sieci Komputerowe 2
Sieci IP
Conclusions
 The level of control over flows is different for inbound and outbound flows.
 Specifically, the level of control over outbound traffic is strong, as it requires
configuration of ISPs own routers. An ISP can precisely influence local
selection of routes
leading to remote destinations,i.e. for the outbound traffic.
 The control over inbound traffic is , however, weak. An ISP has limited ability
to control choices that other ISPs make to direct traffic to local networks
(inbound traffic).
 One can conclude, that the level of control is asymmetric.
Sieci Komputerowe 2
Sieci IP
38
38
Internet resources
Using BGP’s local preference to influence outbound routing:
http://evilrouters.net/2009/03/07/using-bgpslocal-preference-to-influence-outbound-routing/
Using AS path prepending to influence inbound routing:
http://evilrouters.net/2009/03/07/using-as-pathprepending-to-influence-inbound-routing/
Sieci Komputerowe 2
Sieci IP
39
39

BGP protocol characteristics (2)

Transkrypt

Podobne dokumenty

Basics orthopadie und traumatologie pdf

Nowoczesne Sieci IP Next Generation IP Networks

Szczegółowy program wykładu Sieci Komputerowe II

Edwin Bendyk (1965), a journalist and writer. In late 80 he was

WTOREK, 12 MAJA 2015 1015 1100 MULTIPOSTING E

Program wykladu