Đang tải... (xem toàn văn)
Chuyên đề mạng thế hệ mới mạng thế hệ mớimạng thế hệ mới ngnmang the he moigiáo trình mạng thế hệ mớitài liệu mạng thế hệ mới ngngiáo trình mạng thế hệ mới ngnmạng thế hệ mới ngn là gìtổng quan về mạng thế hệ mới ngncấu trúc mạng thế hệ mới ngncông nghệ mạng thế hệ mới ngn
Interdomain Routing BGP Prométhée Spathis promethee.spathis@lip6.fr Thème NPA, LIP6 Paris, FRANCE Goals of Today’s Lecture • Challenges of interdomain routing – Scale, privacy, and policy – Limitations of link-state and distance-vector routing • Path-vector routing – Faster loop detection than distance-vector routing – More flexibility than shortest-path routing • Border Gateway Protocol (BGP) – Incremental, prefix-based, path-vector protocol – Programmable import and export policies – Multi-step decision process for selecting “best” route • Multiple routers within an AS • BGP convergence delay • IP addressing – Address allocation blocks – Packet forwarding • Routing protocols – Autonomous Systems – Interdomain routing – Intradomain routing Background IP Address : 12.4.0.0 IP Mask: 255.254.0.0 00001100 00000100 00000000 00000000 Address Mask for hosts Network Prefix Use two 32-bit numbers to represent a network. Network number = IP address + Mask Usually written as 12.4.0.0/15 11111111 11111110 00000000 00000000 Classless Inter-Domain Routing (CIDR) 7 Scalability: Address Aggregation Provider is given 201.10.0.0/21 201.10.0.0/22 201.10.4.0/24 201.10.5.0/24 201.10.6.0/23 Provider Routers in the rest of the Internet just need to know how to reach 201.10.0.0/21. The provider can direct the IP packets to the appropriate customer. 8 Hierarchical Addressing: more specific routes 201.10.0.0/21 201.10.0.0/22 201.10.4.0/24 201.10.5.0/24 201.10.6.0/23 Provider 1 Provider 2 Multi-homed customer with 201.10.6.0/23 has two providers. Other parts of the Internet need to know how to reach these destinations through both providers. 9 Scalability Through Hierarchy • Hierarchical addressing – Critical for scalable system – Don’t require everyone to know everyone else – Reduces amount of updating when something changes • Non-uniform hierarchy – Useful for heterogeneous networks of different sizes – Classless InterDomain Routing (CIDR) helps • Destination-based forwarding – Packet has a destination address – Router identifies longest-matching prefix – Cute algorithmic problem: very fast lookups 16 R R R A B C D R1 R2 R3 R4 R5 E Net Nxt Hop R4 R3 R3 R4 Direct R4 Net Nxt Hop A B C D E default R2 R2 Direct R5 R5 R2 Net Nxt Hop A B C D E default R1 Direct R3 R1 R3 R1 Default to upstream router A B C D E default Forwarding: determine next hop Routing: establish end-to-end paths Forwarding always works Routing can be badly broken Routing vs. Forwarding 17 Statically Dynamically Routers exchange network reachability information using ROUTING PROTOCOLS. Routers use this to compute best routes Administrator manually configures forwarding table entries In practice : a mix of these. Static routing mostly at the “edge” + More control + Not restricted to destination-based forwarding - Doesn’t scale - Slow to adapt to network failures + Can rapidly adapt to changes in network topology + Can be made to scale well - Complex distributed algorithms - Consume CPU, Bandwidth, Memory - Debugging can be difficult - Current protocols are destination-based How Are Forwarding Tables Populated to implement Routing? Forwarding vs. Routing • Forwarding: data plane – Directing a data packet to an outgoing link – Individual router using a forwarding table • Routing: control plane – Computing the paths the packets will follow – Routers talking amongst themselves – Individual router creating a forwarding table What is Routing? • A famous quotation from RFC 791 “A name indicates what we seek. An address indicates where it is. A route indicates how we get there. ” Jon Postel Internet Routing Architecture • Divided into Autonomous Systems – Distinct regions of administrative control – Routers/links managed by a single “institution” – Service provider, company, university, … • Hierarchy of Autonomous Systems – Large, tier-1 provider with a nationwide backbone – Medium-sized regional provider with smaller backbone – Small network run by a single company or university • Interaction between Autonomous Systems – Internal topology is not shared between ASes – … but, neighboring ASes interact to coordinate routing 21 Autonomy: network of networks LIP6 network DT AS 1 AS 3 AS 2 • Internet = interconnection of Autonomous Systems (AS) – Distinct regions of administrative control – Routers/links managed by a single “institution” – Service provider, company, university, etc. Autonomous Systems (ASes) An autonomous system is an autonomous routing domain that has been assigned an Autonomous System Number (ASN). RFC 1930: Guidelines for creation, selection, and registration of an Autonomous System … the administration of an AS appears to other ASes to have a single coherent interior routing plan and presents a consistent picture of what networks are reachable through it. AS Numbers (ASNs) ASNs are 16 bit values. 64512 through 65535 are “private” • Level 3: 1 • MIT: 3 • Harvard: 11 • Yale: 29 • Princeton: 88 • AT&T: 7018, 6341, 5074, … • UUNET: 701, 702, 284, 12199, … • Sprint: 1239, 1240, 6211, 6242, … • … ASNs represent units of routing policy Currently around 20,000 in use. AS ≠ Institution • Not equivalent to an AS – Many institutions span multiple autonomous systems – Some institutions do not have their own AS number – Ownership of an AS may be hard to pinpoint (whois) • Not equivalent to a block of IP addresses (prefix) – Many institutions have multiple (non-contiguous) prefixes – Some institutions are a small part of a larger address block – Ownership of a prefix may be hard to pinpoint (whois) • Not equivalent to a domain name (att.com) – Some sites may be hosted by other institutions – Some institutions have multiple domain names (att.net) The AS graph may look like this. Reality may be closer to this… BGP was designed to throw away information! AS Graph != Internet Topology • Tier-1: small number of tier-1 ASes – A near-clique of ~15 ASes with no providers – AT&T, Sprint, UUNET, … • Transit core: peer with tier-1s and each other – Around 100-200 large ASes – UUNET Europe, KDDI, and Singapore Telecom • Regional ISPs: non-stubs near the edge – Around 2000 medium-sized ASes – Minnesota Regional Network, US West • Stub ASes: no peer or customer neighbors – Princeton, Rutgers, MIT, AT&T Research, … Characterizations of AS Topology 27 Hierarchical routing LIP6 network DT AS 1 AS 3 AS 2 Intra-AS routing (Interior Gateway Protocol) Most common: OSPF,IS-IS determines path from ingress to egress Inter-AS routing (Border Gateway Protocol) determines AS path and egress point • Goal: distributed management of resources – Internetworking of multiple networks – Networks under separate administrative control • Solution: two-tiered routing architecture – Intradomain: inside a region of control Okay for routers to share topology information Routers configured to achieve a common goal – Interdomain: between regions of control Not okay to share complete information Networks may have different/conflicting goals • Led to the use of different protocols… Two-Tiered Internet Routing Architecture Interconnected ASes • Forwarding table is configured by both intra- and inter-AS routing algorithm – Intra-AS sets entries for internal dests – Inter-AS & Intra-As sets entries for external dests 3a 3c 3b 1c 1b 1a 1d 2a 2c 2b AS 1 AS 2 AS 3 Intra-AS Routing algorithm Inter-AS Routing algorithm Forwarding table • Interdomain routing: between ASes – Routing policies based on business relationships – No common metrics, and limited cooperation – BGP: policy-based, path-vector routing protocol • Intradomain routing: within an AS – Shortest-path routing based on link metrics – Routers all managed by a single institution – OSPF and IS-IS: link-state routing protocol – RIP and EIGRP: distance-vector routing protocol Two-Tiered Internet Routing System AS 1 AS 2 BGP EGP = Exterior Gateway Protocol IGP = Interior Gateway Protocol Metric based: OSPF, IS-IS, RIP, EIGRP (cisco) Policy based: BGP The Routing Domain of BGP is the entire Internet OSPF EIGRP Architecture of Dynamic Routing • Topology information is flooded within the routing domain • Best end-to-end paths are computed locally at each router. • Best end-to-end paths determine next-hops. • Based on minimizing some notion of distance • Works only if policy is shared and uniform • Examples: OSPF, IS-IS • Each router knows little about network topology • Only best next-hops are chosen by each router for each destination network. • Best end-to-end paths result from composition of all next- hop choices • Does not require any notion of distance • Does not require uniform policies at all routers • Examples: RIP, BGP Link State Vectoring Technology of Distributed Routing Routers Talking to Routers Routing info Routing info • Routing computation is distributed among routers within a routing domain • Computation of best next hop based on routing information is the most CPU/memory intensive task on a router • Routing messages are usually not routed, but exchanged via layer 2 between physically adjacent routers (internal BGP and multi-hop external BGP are exceptions) • Link-state routing with static link weights – Static weights: avoid stability problems – Link state: faster reaction to topology changes • Most common protocols in backbones – OSPF: Open Shortest Path First – IS-IS: Intermediate System–Intermediate System • Some use of distance vector in enterprises – RIP: Routing Information Protocol – EIGRP: Enhanced Interior Gateway Routing Protocol • Growing use of Multi-Protocol Label Switching Intradomain Routing Today Link-State Routing is Problematic • Topology information is flooded – High bandwidth and storage overhead – Forces nodes to divulge sensitive information • Entire path computed locally per node – High processing overhead in a large network • Minimizes some notion of total distance – Works only if policy is shared and uniform • Typically used only inside an AS – E.g., OSPF and IS-IS Challenges for Interdomain Routing • Scale – Prefixes: 150,000-200,000, and growing – ASes: 20,000 visible ones, and growing – AS paths and routers: at least in the millions… • Privacy – ASes don’t want to divulge internal topologies – … or their business relationships with neighbors • Policy – No Internet-wide notion of a link cost metric – Need control over where you send traffic – … and who can send traffic through you Shortest-Path Routing is Restrictive • All traffic must travel on shortest paths • All nodes need common notion of link costs • Incompatible with commercial relationships Regional ISP1 Regional ISP2 Regional ISP3 Cust1 Cust3 Cust2 National ISP1 National ISP2 YES NO • Advantages – Hides details of the network topology – Nodes determine only “next hop” toward the dest • Disadvantages – Minimizes some notion of total distance, which is difficult in an interdomain setting – Slow convergence due to the counting-to-infinity problem (“bad news travels slowly”) • Idea: extend the notion of a distance vector Distance Vector is on the Right Track Path-Vector Routing • Extension of distance-vector routing – Support flexible routing policies – Avoid count-to-infinity problem • Key idea: advertise the entire path – Distance vector: send distance metric per dest d – Path vector: send the entire path for each dest d 3 2 1 d “d: path (2,1)” “d: path (1)” data traffic data traffic Faster Loop Detection • Node can easily detect a loop – Look for its own node identifier in the path – E.g., node 1 sees itself in the path “3, 2, 1” • Node can simply discard paths with loops – E.g., node 1 simply discards the advertisement 3 2 1 “d: path (2,1)” “d: path (1)” “d: path (3,2,1)” Link State Distance Vector Path Vector Dissem- ination Flood link state advertisements to all routers Update distances from neighbors’ distances Algorithm Dijsktra’s shortest path Bellman-Ford shortest path Converge Fast due to flooding Slow, due to count-to- infinity Protocols OSPF, IS-IS RIP, EIGRP Routing Protocols Link State Distance Vector Path Vector Dissem- ination Flood link state advertisements to all routers Update distances from neighbors’ distances Update paths based on neighbors’ paths Algorithm Dijsktra’s shortest path Bellman-Ford shortest path Local policy to rank paths Converge Fast due to flooding Slow, due to count-to- infinity Slow, due to path exploration Protocols OSPF, IS-IS RIP, EIGRP BGP Routing Protocols The Gang of Four Link State Vectoring EGP IGP BGP RIP IS-IS OSPF Interdomain Routing (Between ASes) 1 2 3 4 5 6 7 Client Web server Path: 6, 5, 4, 3, 2, 1 Interdomain Routing: Border Gateway Protocol 3 2 1 12.34.158.5 “12.34.158.0/24: path (2,1)” “12.34.158.0/24: path (1)” data traffic data traffic • ASes exchange info about who they can reach – IP prefix: block of destination IP addresses – AS path: sequence of ASes along the path • Policies configured by the AS’s operator – Path selection: which of the paths to use? – Path export: which neighbors to tell? Flexible Policies • Each node can apply local policies – Path selection: Which path to use? – Path export: Which paths to advertise? • Examples – Node 2 may prefer the path “2, 3, 1” over “2, 1” – Node 1 may not let node 3 hear the path “1, 2” 2 3 1 Zooming in to AS 3 12.34.158.0/24 Border router: • Border router – Learns BGP route from neighbor AS – Creates forwarding-table entry for prefix • But, how do the other routers get there? How do Other Routers Learn the BGP Route? iBGP session 12.34.158.0/24 “12.34.158.0/24 through red router” • Internal BGP – iBGP sessions between the routers – Allows other routers to get the big picture • Simplest case: “full mesh” of iBGP sessions [...]... Scale eBGP update AS1 • External Neighbor (eBGP) in a different Autonomous Systems • Internal Neighbor (iBGP) in the same Autonomous System • sessions • eBGP Each router must have N-1 iBGP sessions configured • The addition a single iBGP speaker requires configuration changes to all iBGP updates iBGP is routed (using IGP!) N border routers means N(N-1)/2 peering other iBGP speakers • Size of iBGP routing... Policy-based routing based on AS Paths – Evolved during the past 15 years • 1989 : BGP- 1 [RFC 1105] • 1990 : BGP- 2 [RFC 1163] • 1991 : BGP- 3 [RFC 1267] • 1995 : BGP- 4 [RFC 1771] – Replacement for EGP (1984, RFC 904) – Support for Classless Interdomain Routing (CIDR) Components of BGP BGP Operations • BGP protocol – Definition of how two BGP neighbors communicate – Message formats, state machine, route attributes,... NEXT_HOP Attribute Joining BGP and IGP Information • For EBGP session, NEXT HOP = IP address of neighbor that announced the route • For IBGP sessions, if route originated inside AS, NEXT HOP = IP address of neighbor that announced the route • For routes originated outside AS, NEXT HOP of EBGP node that learned of route, is carried unaltered into IBGP • Border Gateway Protocol (BGP) – Announces reachability... routes (remember alternate routes!) • iBGP AS2 Each router has to listen to update noise from Currently four solutions: each neighbor (0) Buy bigger routers! (1) Break AS into smaller ASes (2) BGP Route reflectors (3) BGP confederations Route Reflectors Four Types of BGP Messages • Open : Establish a peering session • Keep Alive : Handshake at regular intervals • iBGP updates to clients RR RR Route reflectors... similar • BGP decision process – Complex sequence of rules for selecting the best route – De facto standard applied by router vendors – Being codified in a new RFC for BGP coming soon Establish session on TCP port 179 AS1 BGP session Exchange all active routes AS2 While connection is ALIVE exchange route UPDATE messages Exchange incremental updates Two Types of BGP Neighbor Relationships iBGP Mesh Does... that the route is no longer available • Numerous BGP attributes – AS path – Next-hop IP address – Local preference – Multiple-Exit Discriminator – … Advertising a prefix BGP Route • When a router advertises a prefix to one of its BGP neighbors: – information is valid until first router explicitly advertises that the information is no longer valid – BGP does not require routing information to be refreshed... Crossing From IANA: http://www.iana.org/assignments /bgp- parameters Most important attributes Not all attributes need to be present in every announcement BGP Policy: Influencing Decisions BGP Decision Process: Path Selection on a Router Open ended programming Constrained only by vendor configuration language Receive Apply Policy = filter routes & BGP Updates tweak attributes Apply Import Policies Based... this route in the forwarding table Send this route to neighbors IP Forwarding Table Route Selection Summary Highest Local Preference BGP Decision Process: Multiple Steps Enforce relationships Shortest ASPATH Lowest MED i -BGP < e -BGP traffic engineering Lowest IGP cost to BGP egress Lowest router ID Throw up hands and break ties • Highest local preference – Set by import policies upon receiving advertisement... AS Path = 88 AS 1129 AT&T AS 88 Princeton 128.112.0.0/16 AS Path = 7018 88 AS 3549 Given multiple routes to the same prefix, a BGP speaker must pick at most one best route Global Crossing (Note: it could reject them all!) 128.112.0.0/16 Prefix Originated BGP Path Selection BGP Attributes AS 1129 • Simplest case Global Access – Shortest AS path – Arbitrary tie break 128.112.0.0/16 AS Path = 1129 1755... External BGP: learn the external route – Internal BGP: propagate inside the AS – IGP: learn outgoing link on path to other router • Router joins the data – Prefix 12.34.158.0/24 reached through red router – Red router reached via link Serial0/0.1 – Forwarding entry: 12.34.158.0/24 Serial0/0.1 • Router forwards packets – Lookup destination 12.34.158.5 in table – Forward packet out link Serial0/0.1 • Interdomain