1 tutorial 5 safe “peering backup” routing with bgp based on: jrex/papers/sigmetrics00.ps
Post on 19-Dec-2015
220 views
TRANSCRIPT
1
Tutorial 5Safe “Peering Backup” Routing
With BGP
Based on:http://www.ieee-infocom.org/2001/paper/573.ps
http://www.research.att.com/~jrex/papers/sigmetrics00.ps
Internet Networking Spring 2003
2
•Inter-AS routing protocol.
•The routers have no global knowledge of the topology
•Each router knows its neighbors
•The router chooses a path according to local policies.
•The router advertises paths it chose to the neighbors
BGP - Background
3
Safe System
We call a collection of routing policies safe if they can never lead to routing divergence.
AS1
AS2
AS0 - dest
(AS1,AS2,AS0)
(AS1,AS0)
(AS2,AS1,AS0)
(AS2,AS0)
Example: Unsafe system
AS1’s policy: prefer routing through AS2.AS2’s policy: prefer routing through AS1.
Paths to AS0:
4
Global Coordination – Why Not?
•Many ASes may be unwilling to reveal their local policies to others•Statically checking for convergence properties is NP-complete problem•Even if convergence insured for certain topology, BGP might not converge after router/link failures or policy change
5
Why Not “Shortest Path Routing”?
•This may contradict local policy (i.e. the case where an AS wants to route through its provider even if the route is not attractive in terms of its length).
•For example, there is a possibility that a router will prefer provider path over customer path – against its financial incentive.
6
Relationships Between AS
•Customer – Provider (transit) relation – the customer pays to the provider for traffic on the link.
An AS will export to its providers paths it learned from its customers.
An AS will export to its customer paths it learned from providers,customers and peers
•Peer-to-peer (peering) relation – the link is intended for traffic between two neighbors and their customers.
An AS will export to its peers paths it learned from its customers only.
7
AS Graph - ExampleThe export policies should prohibit the useof some of the paths: • for example paths (6,0,3), (4,2,0) and (2,0,1)
6 5
3 4
201
Peer-to-peer
Provider-to-customer
Possible Paths from 0 to 2: (0,2), (0,3,2), (0,3,4,2), (0,3,5,4,2), (0,6,5,3,2), (0,6,5,4,2)
8
AS Graph Properties
•An AS graph is said to be an acyclic provider-customer digraph if the directed graph induced by provider–customer relations is acyclic.
•Example: if we added a provider-customer edge {0,5} in the previous graph, we would create a cycle.
•An AS graph is said to have no-valley if it traverses a provider-customer edge and then a customer-provider edge.
•Example: paths (3,2,4), (6,1,0,3) – have a valley path (3,5,4) – has no valley
Let us consider an AS graph and define the following properties:
9
AS Graph Properties (cont.)
An AS graph is said to have no step if:
(a) there is no peer-to-peer edge followed by peer-to-peer edge
-Example: path (2,0,1)
(b) there is no peer-to-peer edge followed by customer- provider edge
-Example: path (2,0,6)
(c) there is no provider-customer edge followed by peer-to-peer edge.
-Example: path (3,0,1)
10
Export Policy
customerpeerprovider
customerYYY
peerYNN
providerYNN
Fro
m
To
The following table indicates whether or not AS announces a route to its neighbor depending on its relationship to the AS that send the route:
These export rules ensure that no permitted path will have a step or a valley.
11
The Safety Theorem
• Guideline: If for AS1 next hop of path P1 belongs to AS1’s customers, and next hop of path P2 belongs to AS1’s providers or peers, then AS1 should prefer P1 over P2.– Why does this Guideline make sense?
• Theorem: Consider a BGP system where (a) there are only transit and peering relations, (b) all ASs follow the above Guideline (c) there is no provider-customer cycle (d) there is no valley (e) there is no step , then this BGP system is safe.
12
The concept of “Peering Backup”
• “Peering Backup” is a new relation (agreement) between neighboring ASs AS-1 and AS-2 (recall that we have considered in the past only “peering” and “transit”)
• The idea is that if the connectivity of AS-1 through its provider is lost, then AS-1 is allowed to send packets through AS-2 even if they are not destined for AS-2 siblings, and vice versa.
• More formally, we permit a path that includes a step. Since such a paths should be used only in the case of failure, it will always have lower preference than a primary path.
AS-1 AS-2
AS-0
13
Paths categories
w
vu
v
w u
w vu
P
P
P
Provider-customer, peer-peer
Peer-peer, customer-provider
Peer-peer, peer-peer
w v
u
“backup provider” (as discussed in the lecture) – there is no need to indicate such a path as “backup” when it is exported because all the paths exported by the backup provider are used only if there is no alternative through the main provider.
P
14
Export Policies for supporting the “peering backup” concept:
customerpeerprovider
customerYYY
peerYY(backup)Y(backup)
providerYY(backup)N
Fro
m
To
•For example, AS-1 exports to AS-2 routes it receives from AS-0. However, it must mark these routes as “backup”.
•“backup” means that AS-2 can use them only if it has no other option.•This is in contrast to the routes published by the “backup transit”.
•That routes do not have to be marked as “backup”•The new policy can form valley paths. E.g. 2-0-1-3 •To avoid this, paths received from a provider should be marked not only as a backup, but using an additional flag, and AS that gets such a marked path should never export it to its provider.
2
0 1
3
15
Backup Path - Example
6 5
3 4
201
backup peering
Provider-to-customer
In this graph, paths (5,3,4,2) or (1,0,2,4) are legal backup paths, but (3,0,6) is not legal in any case.
backup peering
backup
peering
16
Backup Path (cont.)
• Example of the propagation of an announcement of a backup path:• AS0 sends path (0,1) to AS6, but the path is not accepted (and
therefore is not propagated further) while link (6,1) is up. • When link (6,1) is broken, AS6 accepts the backup path (6,0,1) and
announces it to AS5.
6 5
3 4
201
backup peering
Provider-to-
customer
backup peering
backup
peering
17
A problem with Backup Path selection
If a node doesn’t rank the various backup paths it has, loops can be created.
For example:
•Suppose that AS3’s policy is: prefer routing through AS2.
•Suppose that AS2’s policy is: prefer routing through AS3.
•Consequently, we get routing divergence
2 3
0 1
(2,3,1,0) (3,2,1,0)
(1,0)
18
Solution 1:Ranking Among Backup Paths
•Simplest policy: ranks backup paths based on the path “length” (number of ASs). This policy ensures that the system is safe, but it is very restrictive since it can prefer a provider path with two steps over customer path with one step.
u
v
•Note: giving a priority to customer-based routes, as we may do when regular (non-backup) paths are used, might result in an unsafe system.
19
Solution2:Ranking Among Backup Paths
•Paths with smaller number of steps should be preferred.
•Among paths with the same number of steps customer paths should be preferred.
•Among customer paths with the same number of steps the shorter one should be preferred
This policy is consistent with the commercial relationships between nodes and also ensures that the system is inherently safe.(i.e. safe under any failures)
u
v
20
Implementation of Solution2:Avoidance Level
•In order to implement the policy we associated a new attribute, called avoidance level, to each path.
•For each step edge the avoidance level of the path should be increased.
•Each router may increase the avoidance level by different value – it just should be positive.
•Avoidance level may be increased when adding any edge, not only a step.
•The path with lower avoidance level should be preferred.
21
Increasing Avoidance Level
•The following table indicates when the avoidance level attribute should be increased.
•R indicates that it is required to increase it.
•O indicates that it is optional:
customerpeerprovider
customerOOO
peerORR
providerOR
Fro
m
To
•Optional entries allow for very flexible backup routing and load balancing.
22
Implementing the Policy With BGP
One of the attributes included in route announcement is c_set – set of community values. We assume that each AS w has defined the following set of community values:
•(w:bu:l) - tag for backup route of avoidance level l.
•(w:up) – tag for upstream routes (used between peers)