Inter domain Routing Based partly on lecture notes by Rob Sherwood David Mazières Phil Levis John Jannotti Rodrigo Fonseca Administrivia Midterm moved up from 317 to 315 IP due on Friday ID: 783710
Download The PPT/PDF document "CSCI-1680 Network Layer:" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
CSCI-1680Network Layer:Inter-domain Routing
Based partly on lecture notes by Rob Sherwood, David Mazières, Phil Levis, John Jannotti
Rodrigo Fonseca
Slide2AdministriviaMidterm moved up from 3/17 to 3/15IP due on Friday
Slide3TodayLast time: Intra-Domain Routing (IGP)RIP distance vector
OSPF link stateInter-Domain Routing (EGP)Border Gateway ProtocolPath-vector routing protocol
Slide4Why Inter vs. IntraWhy not just use OSPF everywhere?E.g., hierarchies of OSPF areas? Hint: scaling is not the only limitation
BGP is a policy control and information hiding protocolintra == trusted, inter == untrustedDifferent policies by different ASsDifferent costs by different ASs
Slide5Types of ASsLocal Traffic – source or destination in local ASTransit Traffic – passes through an AS
Stub ASConnects to only a single other ASMultihomed ASConnects to multiple ASsCarries no transit trafficTransit AS
Connects to multiple
ASs
and carries transit traffic
Slide6AS RelationshipsHow to prevent X from forwarding transit between B and C?How to avoid transit between CBA ?
B: BAZ -> XB: BAZ -> C ? (=> Y: CBAZ and Y:CAZ)
B
A
C
X
Y
Z
Example from Kurose and Ross, 5
th
Ed
Slide7Choice of Routing AlgorithmConstraintsScaling
Autonomy (policy and privacy)Link-state?Requires sharing of complete informationInformation exchange does not scaleCan’t express policyDistance Vector?Scales and retains privacy
Can’t implement policy
Can’t avoid loops if shortest path not taken
Count-to-infinity
Slide8Path Vector ProtocolDistance vector algorithm with extra informationFor each route, store the complete path (
ASs)No extra computation, just extra storage (and traffic)AdvantagesCan make policy choices based on set of ASs in pathCan easily avoid loops
Slide9BGP - High LevelSingle EGP protocol in use todayAbstract each AS to a single node
Destinations are CIDR prefixesExchange prefix reachability with all neighborsE.g., “I can reach prefix 128.148.0.0/16 through
ASes
44444 3356 14325 11078
”
Select a single path by routing
policy
Critical: learn many paths, propagate one
Add your ASN to advertised path
Slide10Why study BGP?Critical protocol: makes the Internet runOnly widely deployed EGPActive area of problems!
EfficiencyCogent vs. Level3: Internet PartitionSpammers use prefix hijackingPakistan accidentally took down YouTubeEgypt disconnected for 5 days
Slide11BGP Example
Slide12BGP Example
Slide13BGP Example
Slide14BGP Example
Slide15BGP Example
Slide16BGP Protocol DetailsSeparate roles of speakers and
gatewaysSpeakers talk BGP with other ASsGateways are routes that border other AssCan have more gateways than speakersSpeakers know how to reach gatewaysSpeakers connect over TCP on port 179
Bidirectional exchange over long-lived connection
Slide17BGP ImplicationsExplicit AS Path == Loop freeExcept under churn, IGP
/EGP mismatchReachability not guaranteedDecentralized combination of policiesNot all ASs know all pathsAS abstraction -> loss of efficiencyScaling
37K
ASs
350K+ prefixes
ASs
with one prefix: 15664
Most prefixes by one AS: 3686 (AS6389, BellSouth)
Slide18BGP Table Growth
Source: bgp.potaroo.net
Slide19Integrating EGP and IGPStub ASs
Border router clear choice for default routeInject into IGP: “any unknown route to border router”Inject specific prefixes in IGPE.g., Provider injects routes to customer prefixBackbone networksToo many prefixes for IGPRun internal version of BGP,
iBGP
All routers learn mappings: Prefix -> Border Router
Use IGP to learn: Border Router -> Next Hop
Slide20iBGP
Slide21iBGP
Slide22BGP MessagesBase protocol has four message types
OPEN – Initialize connection. Identifies peers and must be first message in each direction UPDATE – Announce routing changes (most important message) NOTIFICATION – Announce error when closing connection
KEEPALIVE
– Make sure peer is alive
Extensions can define more message types
E.g., ROUTE-REFRESH [RFC 2918]
Slide23Anatomy of an UPDATEWithdrawn routes: list of withdrawn IP prefixesNetwork Layer
Reachability Information (NLRI)List of prefixes to which path attributes applyPath attributesORIGIN, AS_PATH, NEXT_HOP, MULTI-EXIT-DISC, LOCAL_PREF, ATOMIC_AGGREGATE, AGGREGATOR, …Each attribute has 1-byte type, 1-byte flags, length, contentCan introduce new types of path attribute – e.g., AS4_PATH for 32-bit AS numbers
Slide24ExampleNLRI: 128.148.0.0/16AS Path: ASN
44444 3356 14325 11078Next Hop IP: same as in RIPv2Knobs for traffic engineering:Metric, weight, LocalPath, MED, CommunitiesLots of voodoo
Slide25BGP StateBGP speaker conceptually maintains 3 sets of stateAdj
-RIB-In“Adjacent Routing Information Base, Incoming”Unprocessed routes learned from other BGP speakersLoc-RIBContains routes from Adj-RIB-In selected by policyFirst hop of route must be reachable by IGP or static route
Adj
-RIB-Out
Subset of Loc-RIB to be advertised to peer speakers
Slide26DemoRoute views project: http://www.routeviews.orgtelnet route-
views.linx.routeviews.orgshow ip bgp 128.148.0.0/16 longer-prefixesAll path are learned internally (iBGP)
Not a production device
Slide27Route SelectionMore specific prefixNext-hop reachable?
Prefer highest weightComputed using some AS-specific local policyPrefer highest local-prefPrefer locally originated routesPrefer routes with shortest AS path lengthPrefer eBGP
over
iBGP
Prefer routes with lowest cost to egress point
Hot-potato routing
Tie-breaking rules
E.g., oldest route, lowest router-id
Slide28Customer/Provider AS relationshipsCustomer pays for connectivityE.g. Brown contracts with OSHEANCustomer is stub, provider is a transit
Many customers are multi-homedE.g., OSHEAN connects to Level3, CogentTypical policy: prefer routes from customers
Slide29Peer RelationshipsASs agree to exchange traffic for freePenalties/Renegotiate if imbalance
Tier 1 ISPs have no default route: all peer with each otherYou are Tier i + 1 if you have a default route to a Tier i
Slide30Peering DramaCogent vs. Level3 were peersIn 2003, Level3 decided to start charging Cogent
Cogent said no Internet partition: Cogent’s customers couldn’t get to Level3’s customers and vice-versaOther ISPs were affected as wellTook 3 weeks to reach an undisclosed agreement
Slide31“Shutting off” the InternetStarting from Jan 27
th, 2011, Egypt was disconnected from the Internet2769/2903 networks withdrawn from BGP (95%!
Source:
RIPEStat
- http://
stat.ripe.net/egypt
/
Slide32Egypt Incident
Source: BGPMon (http://bgpmon.net/blog/?p=480)
Slide33Some BGP ChallengesConvergenceScaling (route reflectors)Traffic engineeringHow to assure certain routes are selected
Security
Slide34ConvergenceGiven a change, how long until the network re-stabilizes?Depends on change: sometimes never
Open research problem: “tweak and pray”Distributed setting is challengingEasier: is there a stable configuration?Distributed: open research problemCentralized: NP-Complete problem!Multiple stable solutions given policies (e.g.
“
Wedgies
”
, RFC 4264)
Slide35Scaling iBGP: route reflectors
Slide36Scaling iBGP: route reflectors
Slide37Route EngineeringRoute filteringSetting weightsMore specific routes: longest prefixAS
prepending: “477 477 477 477”More of an art than science
Slide38BGP SecurityAnyone can source a prefix announcement!To say BGP is insecure is an understatement
Pakistan Youtube incidentYoutube’s has prefix 208.65.152.0/22
Pakistan’s government order
Youtube
blocked
Pakistan Telecom (AS 17557) announces
208.65.153.0/
24 in the wrong direction (outwards!)
Longest prefix match caused worldwide outage
http://www.youtube.com/watch?v=
IzLPKuAOe50
Slide39Many other incidentsSpammers steal unused IP space to hideAnnounce very short prefixes
For a short amount of timeChina incident, April 8th 2010China Telecom’s AS23724 generally announces 40 prefixesOn April 8th, announced ~37,000 prefixes
About 10% leaked outside of China
Suddenly, going to
www.dell.com
might have you routing through AS23724!
Secure BGP is in the works
Slide40BGP RecapKey protocol that holds Internet routing togetherPath Vector Protocol among Autonomous SystemsPolicy, feasibility first; non-optimal routes
Important security problems
Slide41Next LectureNetwork layer wrap-upIPv6Multicast
MPLSNext Chapter: Transport Layer (UDP, TCP,…)