introduction to routing - kth to routing olof hagsand kth/csc ... mpls-te path exploration mpls...
TRANSCRIPT
Introduction to routing
Olof Hagsand KTH/CSC
DD2490 p4 2010
Network example: KTH Intranet
Levels of abstraction
The Internet is huge– Necessary to divide the routing problem into sub-problems.
– There are several layers of abstractions
The Internet is partitioned into Autonomous systems (AS)– An independent administrative domain
– Routing between AS:s is called inter-domain routing / External routing
– Based on commercial agreements – Policies, Service-level-agreements
Routing within an AS– Routing inside an AS: Intra-domain routing / Internal routing
– Best path based on hop/bw metrics
Autonomous systems - RFC1930
An Autonomous system is generally administered by a single entity.
Operators, ISPs (Internet Service Providers)
An AS contains an arbitrary complex sub-structure.
Each autonomous system selects the routing protocol to be used within the AS.
Policies or updates within an AS are not propagated to other AS:s.
An AS-number is (currently) a 16-bit unique identifier
Interconnection between AS:s
– Service Level Agreements (SLA:s)
– Internet Exchange Points (IX:s)/ Network Access Points (NAPs)
– Direct connections
US university AS:s
AS-paths to US universities from NORDUnetDaniel Åman, KTHNOC 2006
Internet structure● Ideally, there is a well-defined hierarchy in the Internet –
a tree.
1 A few large “Tier 1” backbone providers – the core of the Internet (Sprint, Level3, Telstra, ...)
● Provides transit for everyone else
2 Tier 2 regional ISPs, or NSPs (Network Service Providers)
3 Smaller ISPs
4 Customers
● A well-defined hierarchy is nice for address aggregation –> smaller IP tables
● However, the hierarchy has broken down due to market forces:– Peering at IXs, direct connections.
● The Internet structure is now more in the form of a graph --> larger routing tables
AS graph and peering relations
AS2
AS4
AS1
AS3
AS8AS7AS6 AS9
AS5
Transit
Peer
Customer
Tier 1: FullInternetconnectivity
NSPsISPs
Stubs/Customers
IGP/EGP
EGP
– Exterior Gateway Protocol.
– Runs between networks/domains (inter-domain)
– Examples: BGP, static routing
IGP
– Interior Gateway Protocol.
– Runs within a network/domain (intra-domain)
– Examples: RIP, OSPF, IS-IS.
Customer
IGP
ISP
IGP
EGP
Static vs dynamic routing
● Static routing– Manually configure routing table
– Typically for small networks
– Single-homed, default route
– Hosts are (almost) always statically routing
● Dynamic routing– As soon as the network is non-trivial, it is too difficult to
manually configure a network (see lab1)
– Need dynamic routing protocol
– Only routers participate in dynamic routing
The routing table● Currently, backbone IP tables are more than 300000
entries.
– The RIB may be much larger● Virtual private networks (many customer routing
tables) the tables are even larger● Also, a “routing table” is actually many data-
structures:
– Many different protocols
– Forwarding information base (FIBs)
– Routing information base (RIBs)
Announced networks
From Geoff Huston , 2010http://www.cidr-report.org
Load balancing
● The routing protocol gives several routes to a network
● Either select the best● Or load-balance between several links
– Unequal-cost multi-path
– Equal-cost multi-path (ECMP)● The forwarding decides how to balance actual traffic:
– random (but this break TCP flows)
– load balance per flow
– load balance per address pairs
Example: load-balancing
● IS-IS/OSPF load balancing with two 3ms paths, one slow 20 ms path.
● Hosts from the same LAN (or different flows from same host) may take different routes.
3 ms
3 ms
20 ms
Aggregation
● Also called summarization● The netid part of IPv4 addresses can be aggregated
(summarized) into shorter prefixes.● Summarization is often done manually● Leads to smaller routing tables (fewer prefixes)● Threats: multi-homing and load-balancing
199.1.2.0/24
199.1.1.0/24
199.1.0.0/24199.1.3.0/24
199.1.4.0/24
Asymmetric Routing
● A rule rather than an exception:– To- traffic and from- traffic take different paths
● Hot-potato routing– Send traffic out of your AS as soon as possible
● Cold-potato– Try to keep your traffic as long as possible.
Fault detection● An important feature in a routing protocol is how to
detect link or node/router failures.● In many cases, a node can directly detect a link failure:
– Directly connected copper Ethernet (loss of signal)
– FIber (loss of light)
● But more often indirect methods must be used– Switched network (failure >1 switch away),
– Node failure
– Partially broken link
● Routing protocols have timers / hello protocol– seconds-10s of seconds
● For faster detection use BFD– Bidirectional Forwarding Detection
– Send many 'pings' and detect losses
– Down (and below) 100ms.
Protection switching
● After is failure is detected, the riuter should re-route around the failures
● Next-hop is changed, so all routes depending on the next-hop need to be re-computed– The control-plane recomputes the routes and
pushes them out to the forwarding plane
● Even though the number of next-hops is small, the number of routes with a specific next-hop can be very large, for example in BGP.
● Protection switching time is therefore failure detetcion + time for computing and pushing out new forwarding entries
● Small forwarding tables are therefore faster, or routing that does not need large tables.
● (In bridging, failure detection and protection switching is done with the spanning tree protocol)
Black-holing
● Black-holing: announce prefix, but traffic to the prefix is dropped (not delivered)
● Loops: circular announcements causing packet loops– TTL is decremented until packet drops -> same
symptom as black-holing
● Reasons: – Transient errors due to long convergence (see count-
to-infinity in RIP)
– Misconfigurations
– Attacks (DOS, man-in-the-middle)
– Response to attacks: create a black-hole for attacked prefixes which removes DOS traffic
Metrics
● A fundamental functionality in a dynamic routing protocol:– Find the ”best path” to a destination
● But what is best path?– Interior routing: typically number of hops, or
bandwidth– Exterior routing: business relations – peering
● Metrics
– Number of “hops” (most common)
– Bandwidth, Delay, Cost, Load, ”Policies”
Routing algorithms
● How does a router find a best path?● Most solutions based on SPF (Shortest Path First)
algorithms that are well known in graph theory.– Bellman-Ford
– Dijkstra
● Apart from that, there are also other algorithms in– Multicast routing
– Ad-hoc routing
● Sensor networks– Delay-tolerant networks
Routing protocol classes
● Almost all unicast routing protocols can be classified into one of two groups:– Link-State protocols (OSPF, IS-IS)
– Distance-Vector protocols (RIP, IGRP, BGP)
● They are also classified into – Exterior (Inter-domain) routing protocols
● Between autonomous systems– Interior (Intra-domain) routing protocols
● Within an autonomous system
Popular Unicast Routing Protocols
Routing Protocols
Interior Exterior
BGPRIP OSPF IS-ISIGRP(cisco)
EGP
Routes may come from many “protocols”
● Direct– Networks on directly connected interfaces
● Local– Example: 127.0.0.1
● Static– Configured static routes
● Aggregate– Manually aggregated routes
● RIP, OSPF, ISIS, BGP, RSVP,...
Route preference / Administrative distance
● Several protocols may include the same prefix. How do you decide which route to install in your routing table?
● Default preference (on Juniper) is:– Direct > Local > Static > OSPF > ISIS > RIP >
Aggregate > BGP
● Can be changed or overridden with policies
Redistribution of routing information
● If several protocols are running on the same router– E.g., an OSPF as interior and BGP as exterior– E.g. static routes into dynamic routing protocol
● The router can distribute routes from one protocol to another– Interior routes need to be advertized to the Internet
● Typically these routes are aggregated– Exterior routes may need to be injected into the interior
network● But only a subset – the backbone tables are very large● Necessary for domain carrying transit traffic● Not necessary for a domain using only a default route
● Typically, redistributed routes are filtered in different ways due to routing policies
The routing process
FIB
Routing Information Base
Forwarding Information Base
RoutingProcess
RIB RIB RIB
Routing protocol 1 Routing protocol 2
Linecards
CPU
Routing protocol 3
FIB FIB
Routing instances and tables
inet.0
RIB
Routing Instance: main RIBs
Routing protocol 3
Routing Instance: other RIBs
inet6.0
inet.1
inet.2
inet.3
mpls.0
IPv4 unicast routes
IPv6 unicast routes
IPv4 multicast forwarding cache
IPv4 multicast RPF table
IPv4 routes learnt from MPLS-TE path exploration
MPLS label-switch table
inet.0
Example: main.inet.0 __juniper_private1__.inet.0
Logical routers, VPNs, virtual routers, etc, use routing instances.
inet.4 MSDP routes
Routing policiesNeighbours
Protocols
Neighbours
Protocols
RIB
FIB
ExportImport
Note: Export policies may be applied only to active routes!
Protocol Default import action Default export action
direct and static accept all N/A
RIP accept all RIP routes reject all
BGP accept all BGP routes export all active BGP routes
IS-IS accept all IS-IS routes reject all (IS-IS uses LSAs)
OSPF accept all OSPF routes reject all (OSPF uses LSAs)
MPLS accept all MPLS routes export all active MPLS routes
Example routing policy: Redistribution
● In JunOS, policies are made up match/action pairs– Example, announce an aggregated prefix routes in
BGP
– Note: First declare policy, then export
policy-statement MYNETWORK { term 1 { from { # match protocol aggregate; route-filter 192.168.2.0/24 exact; } then accept; #action } }
protocols bgp { export MYNETWORK; # Apply policy }
Routing policy: syntax and flow
● Changing the default routing policy
● Syntax:
policy-options { policy-statement name { term term-name { from { match; } then { action; } } }}
term1 term2
defaultpolicy
term3
term1 term2 term3
Policy 1
Policy 2
term
accept
reject
nextroute
Applying policies
● Export policy evaluation order: p4->p2->p0
● If verdict (accept, reject) policy chain is terminated
● Side-effects may still apply
protocol bgp { export p0; Global properties import p1; group external-peers { type external; Group properties export p2;
import p3;neighbor 192.168.200.14{
export p4; Peer propertiesimport p5;
} }}
More match statements
You can specify more matches (logical and):– metric– route-filter (next slide)– Protocol– family– as-path– community– local-preference– neighbor– next-hop– origin– preference– prefix-list– ...
Route-filters
● Route-filter match types– route-filter 192.168.0.0/16 exact;
– route-filter 192.168.0.0/16 orlonger;
– route-filter 192.168.0.0/16 longer;
– route-filter 192.168.0.0/16 upto /24;
– route-filter 192.168.0.0/16 through 192.168.16.0/20;
– route-filter 192.168.0.0/16 prefix-length-range /20-/24;
192.168.0.0/16
/32
/24
/20
More actions
● accept● reject● next policy● next term● trace
Combined with accept:– as-path-expand– as-path-prepend– community– color– external– load-balance per-packet– local-preference– metric– next-hop– origin– preference
The CLI
● Two major modes:– Operational mode: Monitor and troubleshoot, network
connectivity, hardware
– Configure mode: Configuration of interfaces, routing protocols, authentication, logging, etc.
● Completion and query– As you would expect, <TAB> and <?>
● Line editing – Emacs operations: <ctrl-b>, <ctrl-f>, <ctrl-a>, <ctrl-
e>, <ctrl-p>, <ctrl-n>,...
● On-line help:– help reference
– help topic
Operations commands
● show
– show system storage
– show system users
– show chassis hardware detail
– show interfaces
– show route
– show route protocol direct
– show route table inet.0
– show route receive-protocol
– show route advertising-protocol
– show log
● configure
● file
– file list
– file compare
– help● help topic● help reference
– request● request system reboot
– restart● restart routing
gracefully– set
● set cli – monitor– clear– test– ping– traceroute– start shell
Extending commands
Pipe commandsLevel of detail:terse
brief
detail
extensive
Example: Example:> show route ospf extensive
| compare
| count
| display
| except
| find
| match
| resolve
| save
| trim
> show route | display xml
> show route | match 10.0
> show route | save output
# show | compare rollback 0
Configure mode: Tree-based editingprotocols { bgp { export default; group external { family inet { unicast; } } } ospf { area 0.0.0.0 { interface lo0.0; interface fe-0/0/0.0; } }}
protocols
bgp ospf
top
exportdefault
groupexternal
familyinet
unicast
area0.0.0.0
interface lo0.0
interface fe-0/0/0
# set protocols bgp group external family inet unicast[edit]# edit protocols bgp group external[edit protocols bgp group external]# set family inet unicast[edit protocols bgp group external]# showfamily inet { unicast;}# top[edit]#
uptop
More configuration● Alternative output (set):
● Loading from file– load override
– load merge
– load relative
– load override terminal
– load set
# show | display setset protocols bgp export default_routeset protocols bgp group external family inet unicastset protocols ospf area 0.0.0.0 interface lo0.0set protocols ospf area 0.0.0.0 interface fe-0/0/0.0set policy-options policy-statement default then accept
Commiting configurations● Changing the state of the router – candidate configuration.
● Commit semantics – you need to explicitly commit for changes to take effect. Variants:
– commit confirmed and-quit
– commit check comment <string>
– commit sync
● You can make rollbacks to previous commits
– rollback 0 – the state before editing
– rollback 1 – previous commit
● Comparing changes
– show | compare
– show | compare rollback 2
● Displaying configurations in different formats
– show | display set
– show | display xml