CSCI-1680 Network Layer: Inter- domain Routing

  • View
    36

  • Download
    2

Embed Size (px)

DESCRIPTION

CSCI-1680 Network Layer: Inter- domain Routing. Rodrigo Fonseca. Based partly on lecture notes by Rob Sherwood, David Mazires , Phil Levis, John Jannotti. Administrivia. Midterm moved up from 3/17 to 3/15 IP due on Friday. Today. Last time: Intra-Domain Routing (IGP) - PowerPoint PPT Presentation

Transcript

CSCI-1680 :: Computer Networks

CSCI-1680Network Layer:Inter-domain Routing

Based partly on lecture notes by Rob Sherwood, David Mazires, Phil Levis, John JannottiRodrigo FonsecaAdministriviaMidterm moved up from 3/17 to 3/15IP due on Friday

TodayLast time: Intra-Domain Routing (IGP)RIP distance vectorOSPF link stateInter-Domain Routing (EGP)Border Gateway ProtocolPath-vector routing protocolWhy Inter vs. IntraWhy not just use OSPF everywhere?E.g., hierarchies of OSPF areas?Hint: scaling is not the only limitationBGP is a policy control and information hiding protocolintra == trusted, inter == untrustedDifferent policies by different ASsDifferent costs by different ASsTypes of ASsLocal Traffic source or destination in local ASTransit Traffic passes through an ASStub ASConnects to only a single other ASMultihomed ASConnects to multiple ASsCarries no transit trafficTransit ASConnects to multiple ASs and carries transit trafficAS RelationshipsHow to prevent X from forwarding transit between B and C?How to avoid transit between CBA ?B: BAZ -> XB: BAZ -> C ? (=> Y: CBAZ and Y:CAZ)BACXYZExample from Kurose and Ross, 5th EdChoice of Routing AlgorithmConstraintsScalingAutonomy (policy and privacy)Link-state?Requires sharing of complete informationInformation exchange does not scaleCant express policyDistance Vector?Scales and retains privacyCant implement policyCant avoid loops if shortest path not takenCount-to-infinityPath Vector ProtocolDistance vector algorithm with extra informationFor each route, store the complete path (ASs)No extra computation, just extra storage (and traffic)AdvantagesCan make policy choices based on set of ASs in pathCan easily avoid loops

BGP - High LevelSingle EGP protocol in use todayAbstract each AS to a single nodeDestinations are CIDR prefixesExchange prefix reachability with all neighborsE.g., I can reach prefix 128.148.0.0/16 through ASes 44444 3356 14325 11078Select a single path by routing policyCritical: learn many paths, propagate oneAdd your ASN to advertised pathWhy study BGP?Critical protocol: makes the Internet runOnly widely deployed EGPActive area of problems!EfficiencyCogent vs. Level3: Internet PartitionSpammers use prefix hijackingPakistan accidentally took down YouTubeEgypt disconnected for 5 days

BGP ExampleBGP ExampleBGP ExampleBGP ExampleBGP ExampleBGP Protocol DetailsSeparate roles of speakers and gatewaysSpeakers talk BGP with other ASsGateways are routes that border other AssCan have more gateways than speakersSpeakers know how to reach gatewaysSpeakers connect over TCP on port 179Bidirectional exchange over long-lived connection

BGP ImplicationsExplicit AS Path == Loop freeExcept under churn, IGP/EGP mismatchReachability not guaranteedDecentralized combination of policiesNot all ASs know all pathsAS abstraction -> loss of efficiencyScaling37K ASs350K+ prefixesASs with one prefix: 15664Most prefixes by one AS: 3686 (AS6389, BellSouth)BGP Table Growth

Source: bgp.potaroo.netIntegrating EGP and IGPStub ASsBorder router clear choice for default routeInject into IGP: any unknown route to border routerInject specific prefixes in IGPE.g., Provider injects routes to customer prefixBackbone networksToo many prefixes for IGPRun internal version of BGP, iBGPAll routers learn mappings: Prefix -> Border RouterUse IGP to learn: Border Router -> Next HopiBGPiBGPBGP MessagesBase protocol has four message types OPEN Initialize connection. Identifies peers and must be first message in each direction UPDATE Announce routing changes (most important message) NOTIFICATION Announce error when closing connection KEEPALIVE Make sure peer is aliveExtensions can define more message typesE.g., ROUTE-REFRESH [RFC 2918]Anatomy of an UPDATEWithdrawn routes: list of withdrawn IP prefixesNetwork Layer Reachability Information (NLRI)List of prefixes to which path attributes applyPath attributesORIGIN, AS_PATH, NEXT_HOP, MULTI-EXIT-DISC, LOCAL_PREF, ATOMIC_AGGREGATE, AGGREGATOR, Each attribute has 1-byte type, 1-byte flags, length, contentCan introduce new types of path attribute e.g., AS4_PATH for 32-bit AS numbers

ExampleNLRI: 128.148.0.0/16AS Path: ASN 44444 3356 14325 11078Next Hop IP: same as in RIPv2Knobs for traffic engineering:Metric, weight, LocalPath, MED, CommunitiesLots of voodooBGP StateBGP speaker conceptually maintains 3 sets of stateAdj-RIB-InAdjacent Routing Information Base, IncomingUnprocessed routes learned from other BGP speakersLoc-RIBContains routes from Adj-RIB-In selected by policyFirst hop of route must be reachable by IGP or static routeAdj-RIB-OutSubset of Loc-RIB to be advertised to peer speakersDemoRoute views project: http://www.routeviews.orgtelnet route-views.linx.routeviews.orgshow ip bgp 128.148.0.0/16 longer-prefixesAll path are learned internally (iBGP)Not a production deviceRoute SelectionMore specific prefixNext-hop reachable?Prefer highest weightComputed using some AS-specific local policyPrefer highest local-prefPrefer locally originated routesPrefer routes with shortest AS path lengthPrefer eBGP over iBGPPrefer routes with lowest cost to egress pointHot-potato routingTie-breaking rulesE.g., oldest route, lowest router-idCustomer/Provider AS relationshipsCustomer pays for connectivityE.g. Brown contracts with OSHEANCustomer is stub, provider is a transitMany customers are multi-homedE.g., OSHEAN connects to Level3, CogentTypical policy: prefer routes from customersPeer RelationshipsASs agree to exchange traffic for freePenalties/Renegotiate if imbalanceTier 1 ISPs have no default route: all peer with each otherYou are Tier i + 1 if you have a default route to a Tier iPeering DramaCogent vs. Level3 were peersIn 2003, Level3 decided to start charging CogentCogent said no Internet partition: Cogents customers couldnt get to Level3s customers and vice-versaOther ISPs were affected as wellTook 3 weeks to reach an undisclosed agreementShutting off the InternetStarting from Jan 27th, 2011, Egypt was disconnected from the Internet2769/2903 networks withdrawn from BGP (95%!

Source: RIPEStat - http://stat.ripe.net/egypt/Egypt Incident

Source: BGPMon (http://bgpmon.net/blog/?p=480)Some BGP ChallengesConvergenceScaling (route reflectors)Traffic engineeringHow to assure certain routes are selectedSecurityConvergenceGiven a change, how long until the network re-stabilizes?Depends on change: sometimes neverOpen research problem: tweak and prayDistributed setting is challengingEasier: is there a stable configuration?Distributed: open research problemCentralized: NP-Complete problem!Multiple stable solutions given policies (e.g. Wedgies, RFC 4264)

Scaling iBGP: route reflectorsScaling iBGP: route reflectorsRoute EngineeringRoute filteringSetting weightsMore specific routes: longest prefixAS prepending: 477 477 477 477More of an art than scienceBGP SecurityAnyone can source a prefix announcement!To say BGP is insecure is an understatement Pakistan Youtube incidentYoutubes has prefix 208.65.152.0/22Pakistans government order Youtube blockedPakistan Telecom (AS 17557) announces 208.65.153.0/24 in the wrong direction (outwards!)Longest prefix match caused worldwide outagehttp://www.youtube.com/watch?v=IzLPKuAOe50 Many other incidentsSpammers steal unused IP space to hideAnnounce very short prefixesFor a short amount of timeChina incident, April 8th 2010China Telecoms AS23724 generally announces 40 prefixesOn April 8th, announced ~37,000 prefixesAbout 10% leaked outside of ChinaSuddenly, going to www.dell.com might have you routing through AS23724!Secure BGP is in the worksBGP RecapKey protocol that holds Internet routing togetherPath Vector Protocol among Autonomous SystemsPolicy, feasibility first; non-optimal routesImportant security problemsNext LectureNetwork layer wrap-upIPv6MulticastMPLSNext Chapter: Transport Layer (UDP, TCP,)

AS 1

AS 2

AS 4

AS 5

1.2.0.0/16

AS 3

Only 1 RouterPer AS (for now)

AS 1

AS 2

AS 4

AS 5

1.2.0.0/16

1.2.0.0/16: AS 1

AS 3

1.2.0.0/16: AS 1

Only 1 RouterPer AS (for now)

AS 1

AS 2

AS 4

AS 5

1.2.0.0/16

1.2.0.0/16: AS 2 1

AS 3

1.2.0.0/16: AS 5 1Only 1 RouterPer AS (for now)

AS 1

AS 2

AS 4

AS 5

1.2.0.0/16 AS: 3 2 1

AS 3

AS: 4 5 1

Only 1 RouterPer AS (for now)

AS 1

AS 2

AS 4

AS 5

1.2.0.0/16

AS 3

Only 1 RouterPer AS (for now)

AS 1

AS 2

AS 4

AS 5

1.2.0.0/16

AS 3

Only 1 RouterPer AS (for now)

AS 1

AS 2

AS 4

AS 5

1.2.0.0/16

AS 3

iBGP keeps AS consistent

Multiple Peering Points!

iBGP Mesh == O(n^2) mess

AS 1

Solution: Route ReflectorsO(n*k)

AS 1