INTERDOMAIN ROUTING POLICY
1!
Goals of Today’s Lecture • Business rela5onships between ASes – Customer-‐provider: customer pays provider – Peer-‐peer: typically seBlement-‐free • Realizing rou5ng policies – Import and export filtering – Assigning preferences to routes • Mul5ple routers within an AS – Disseminated BGP informa5on within the AS – Combining with intradomain rou5ng informa5on
• What’s happening in Egypt: – hBp://www.renesys.com/blog/ 2!
1
Interdomain Rou5ng • Internet is divided into Autonomous Systems – Dis5nct regions of administra5ve control – Routers/links managed by a single “ins5tu5on” – Service provider, company, university, …
• Hierarchy of Autonomous Systems – Large, 5er-‐1 provider with a na5onwide backbone – Medium-‐sized regional provider with smaller backbone – Small network run by a single company or university
• Interac5on between Autonomous Systems – Internal topology is not shared between ASes – … but, neighboring ASes interact to coordinate rou5ng 3!
Interdomain Rou5ng • AS-‐level topology – Des5na5ons are IP prefixes (e.g., 12.0.0.0/8) – Nodes are Autonomous Systems (ASes) – Edges are links and business rela5onships 4 3 5 2 1
Client
7
6
Web server 4!
2
Business Rela5onships
5!
Business Rela5onships • Neighboring ASes have business contracts – How much traffic to carry – Which des5na5ons to reach – How much money to pay
• Common business rela5onships – Customer-‐provider • E.g., University of Michigan is a customer of Merit • E.g., Princeton is a customer of USLEC • E.g., MIT is a customer of Level3
– Peer-‐peer • E.g., UUNET is a peer of Sprint • E.g., Harvard is a peer of Harvard Business School
6!
3
Customer-‐Provider Rela5onship • Customer needs to be reachable from everyone – Provider tells all neighbors how to reach the customer
• Customer does not want to provide transit service – Customer does not let its providers route through it Traffic to the customer
Traffic from the customer d
provider
announcements provider traffic
customer
d
customer 7!
Customer Connec5ng to a Provider Provider 1 access link
Provider 2 access routers
Provider 2 access links
Provider 2 access PoPs 8!
4
Mul5-‐Homing: Two or More Providers • Mo5va5ons for mul5-‐homing – Extra reliability, survive single ISP failure – Financial leverage through compe55on – BeBer performance by selec5ng beBer path – Gaming the 95th-‐percen5le billing model Provider 1
Provider 2
9!
University of Michigan Example • Internet: customer of Merit – Merit is a customer of AT&T, NTT, Internet2, NLR.
• Research universi5es/labs: customer of Internet2 • Merit: Local non-‐profits: provider for several non-‐ profits NTT
AT&T
Internet2
10!
5
How many links are enough?
K upstream ISPs!
Not much benefit beyond 4 ISPs"
Akella et al., “Performance Benefits of Multihoming”, SIGCOMM 2003!
11!
Peer-‐Peer Rela5onship • Peers exchange traffic between customers – AS exports only customer routes to a peer – AS exports a peer’s routes only to its customers – Oeen the rela5onship is seBlement-‐free (i.e., no $$$) Traffic to/from the peer and its customers
announcements peer
traffic
peer
d 12!
6
AS Structure: Tier-‐1 Providers • Tier-‐1 provider – Has no upstream provider of its own – Typically has a na5onal or interna5onal backbone
• Top of the Internet hierarchy of ~10 ASes – AOL, AT&T, Global Crossing, Level3, UUNET, NTT, Qwest, SAVVIS (formerly Cable & Wireless), and Sprint – Full peer-‐peer connec5ons between 5er-‐1 providers
13!
AS Structure: Other ASes • Other providers – Provide transit service to downstream customers – … but, need at least one provider of their own – Typically have na5onal or regional scope – Includes several thousand ASes
• Stub ASes – Do not provide transit service to others – Connect to one or more upstream providers – Includes the vast majority (e.g., 85-‐90%) of the ASes 14!
7
The Business Game and Depeering • Coopera5ve compe55on (brinksmanship) • Much more desirable to have your peer’s customers – Much nicer to get paid for transit
• Peering “5ffs” are rela5vely common 31 Jul 2005: Level 3 No5fies Cogent of intent to disconnect. 16 Aug 2005: Cogent begins massive sales effort and men5ons a 15 Sept. expected depeering date. 31 Aug 2005: Level 3 No5fies Cogent again of intent to disconnect (according to Level 3) 5 Oct 2005 9:50 UTC: Level 3 disconnects Cogent. Mass hysteria ensues up to, and including policymakers in Washington, D.C. 7 Oct 2005: Level 3 reconnects Cogent
During the “outage”, Level 3 and Cogentʼs singly homed customers could not reach each other. (~ 4% of the Internetʼs prefixes were isolated from each other)!
15!
Depeering Con5nued Resolution…! Cogent will offer any Level 3 customer, who is single homed to the Level 3 network on the date of this notice, one of full Internet …but not before an attempt to stealyear customers!! transit free of charge at As of 5:30 am EDT, October 5th, Level(3) terminated the same bandwidth peering with Cogent without cause (as permitted under its peering agreement with Cogent) even currently being supplied though both Cogent and Level(3) remained in full by Level 3. Cogent will compliance with the previously existing provide this connectivity interconnection agreement. Cogent has left the peering circuits open in the hope that Level(3) will in over 1,000 locations change its mind and allow traffic to be exchanged throughout North between our networks. We are extending a special America and Europe." offering to single homed Level 3 customers.!
16!
8
Realizing BGP Rou5ng Policy
17!
BGP Policy: Applying Policy to Routes • Import policy – Filter unwanted routes from neighbor • E.g. prefix that your customer doesn’t own
– Manipulate aBributes to influence path selec5on • E.g., assign local preference to favored routes
• Export policy – Filter routes you don’t want to tell your neighbor • E.g., don’t tell a peer a route learned from other peer
– Manipulate aBributes to control what they see • E.g., make a path look ar5ficially longer than it is 18!
9
BGP Policy: Influencing Decisions Open ended programming. Constrained only by vendor configuration language
Receive Apply Policy = filter routes & BGP Updates tweak attributes Apply Import Policies
Based on Attribute Values
Best Routes
Best Route Selection
Best Route Table
Apply Policy = filter routes & tweak attributes
Transmit BGP Updates
Apply Export Policies
Install forwarding Entries for best Routes. IP Forwarding Table 19!
Import Policy: Local Preference • Favor one path over another – Override the influence of AS path length – Apply local policies to prefer a path
• Example: prefer customer over peer Local-pref = 90! Sprint!
AT&T! Local-pref = 100! Tier-2! Tier-3!
Yale! 20!
10
Import Policy: Filtering • Discard some route announcements – Detect configura5on mistakes and aBacks
• Examples on session to a customer – Discard route if prefix not owned by the customer – Discard route that contains other large ISP in AS path USLEC!
Patriot!
Princeton! 128.112.0.0/16!
21!
Export Policy: Filtering • Discard some route announcements – Limit propaga5on of rou5ng informa5on
• Examples – Don’t announce routes from one peer to another
UUNET!
AT&T!
Sprint!
22!
11
Export Policy: Filtering • Discard some route announcements – Limit propaga5on of rou5ng informa5on
• Examples – Don’t announce routes for network-‐management hosts or the underlying routers themselves USLEC!
network operator! Princeton! 23!
Export Policy: ABribute Manipula5on • Modify aBributes of the ac5ve route – To influence the way other ASes behave
• Example: AS prepending – Ar5ficially inflate the AS path length seen by others – To convince some ASes to send traffic another way Sprint! USLEC!
Patriot!
88 88!
Princeton! 128.112.0.0/16!
88! 24!
12
BGP Policy Configura5on • Rou5ng policy languages are vendor-‐specific – Not part of the BGP protocol specifica5on – Different languages for Cisco, Juniper, etc.
• S5ll, all languages have some key features
– Policy as a list of clauses – Each clause matches on route aBributes – … and either discards or modifies the matching routes
• Configura5on done by human operators
– Implemen5ng the policies of their AS – Business rela5onships, traffic engineering, security, … 25!
Why Is The Internet Generally Stable? • It’s mostly because of $$ • Policy configura5ons based on ISPs’ bilateral business rela5onships – Customer-‐Provider • Customers pay provider for access to the Internet
– Peer-‐Peer • Peers exchange traffic free of charge
• Most well-‐known result reflec5ng this prac5ce: “Gao-‐Rexford” stability condi5ons 26!
13
The “Gao-‐Rexford” Stability Condi5ons • Preference condi5on – Prefer customer routes over peer or provider routes Node 3 prefers “3 d” over “3 1 2 d”
27!
The “Gao-‐Rexford” Stability Condi5ons • Export condi5on – Export only customer routes to peers or providers
Valid paths: “1 2 d” and “6 4 3 d” Invalid path: “5 8 d” and “6 5 d”
28!
14
The “Gao-‐Rexford” Stability Condi5ons • Topology condi5on – No cycle of customer-‐provider rela5onships
29!
Mul5ple Routers in an AS
30!
15
AS is Not a Single Node • AS path length can be misleading – An AS may have many router-‐level hops BGP says that path 4 1 is better than path 3 2 1 AS 4 AS 3
AS 2
AS 1
31!
An AS is Not a Single Node • Mul5ple routers in an AS – Need to distribute BGP informa5on within the AS – Internal BGP (iBGP) sessions between routers AS1 eBGP iBGP AS2 32!
16
Internal BGP and Local Preference • Example – Both routers prefer path through AS 100 on the lee – … even though right router learns an external path
AS 200 AS 100
AS 300
Local Pref = 90
Local Pref = 100
I-BGP AS 256
33!
An AS is Not a Single Node • Mul5ple connec5ons to neighboring ASes – Mul5ple border routers may learn good routes – … with the same local-‐pref and AS path length Multiple links 4 3 5 2
7
6
1 34!
17
Early-‐Exit or Hot-‐Potato Rou5ng • Diverse peering loca5ons
Customer B
– Both costs, and middle
• Comparable capacity at all peering points
Provider B
– Can handle even load multiple peering points
• Consistent routes Early-exit routing
Provider A
– Same des5na5ons adver5sed at all points – Same AS path length for a des5na5on at all points
Customer A
35!
Realizing Hot-‐Potato Rou5ng • Hot-‐potato rou5ng – Each router selects the closest egress point – … based on the path cost in intradomain protocol
• BGP decision process – Highest local preference – Shortest AS path A – Closest egress point 4 – Arbitrary 5e break F
dst 3 5
B
9
D
3 8
8 10 E
4 G
C
36!
18
Joining BGP and IGP Informa5on • Border Gateway Protocol (BGP) – Announces reachability to external des5na5ons – Maps a des5na5on prefix to an egress point • 128.112.0.0/16 reached via 192.0.2.1
• Interior Gateway Protocol (IGP) – Used to compute paths within the AS – Maps an egress point to an outgoing link • 192.0.2.1 reached via 10.1.1.1 10.1.1.1! 192.0.2.1! 37!
Joining BGP with IGP Informa5on 128.112.0.0/16 Next Hop = 192.0.2.1
128.112.0.0/16 10.10.10.10
AS 7018
192.0.2.1
AS 88
IGP
destination
next hop
192.0.2.0/30
10.10.10.10 Forwarding Table destination next hop
+
BGP
destination
next hop
128.112.0.0/16
192.0.2.1
128.112.0.0/16 192.0.2.0/30
10.10.10.10 10.10.10.10 38!
19
Some Routers Don’t Need BGP • Customer that connects to a single upstream ISP – The ISP can introduce the prefixes into BGP – … and customer can simply default-‐route to the ISP
Qwest
Nail up routes 130.132.0.0/16 pointing to Yale
Nail up default routes 0.0.0.0/0 pointing to Qwest
Yale University 130.132.0.0/16
39!
Some Routers Don’t Need BGP • Routers inside a “stub” network – Border router may speak BGP to upstream ISPs – But, internal routers can simply “default route”
Patriot
AS 88!
BGP!
USLEC
Princeton University 128.112.0.0/16 40!
20
Conclusions • BGP is solving a hard problem
– Rou5ng protocol opera5ng at a global scale – With tens of thousands of independent networks – That each have their own policy goals – And all want fast convergence
• Key features of BGP
– Prefix-‐based path-‐vector protocol – Incremental updates (announcements and withdrawals) – Policies applied at import and export of routes – Internal BGP to distribute informa5on within an AS – Interac5on with the IGP to compute forwarding tables 41!
21