1
Interdomain Rou�ng Policy
COS 461: Computer Networks Spring 2011
Mike Freedman h�p://www.cs.princeton.edu/courses/archive/spring11/cos461/ 2 Goals of Today’s Lecture
• Business rela�onships between ASes – Customer‐provider: customer pays provider
– Peer‐peer: typically se�lement‐free
• Realizing rou�ng policies – Import and export filtering
– Assigning preferences to routes
• Mul�ple routers within an AS – Disseminated BGP informa�on within the AS – Combining with intradomain rou�ng informa�on 3 Interdomain Rou�ng • AS‐level topology – Des�na�ons are IP prefixes (e.g., 12.0.0.0/8) – Nodes are Autonomous Systems (ASes) – Edges are links and business rela�onships
4 3 5
2 7 6 1
Client Web server 4 Business Rela�onships
• Neighboring ASes have business contracts – How much traffic to carry – Which des�na�ons to reach – How much money to pay • Common business rela�onships – Customer‐provider: Customer pays provider for transit • E.g., Princeton is a customer of USLEC • E.g., MIT is a customer of Level3 – Peer‐peer: No money changes hands • E.g., UUNET is a peer of Sprint • E.g., Harvard is a peer of Harvard Business School 5 Customer‐Provider Rela�onship • Customer needs to be reachable from everyone – Provider tells all neighbors how to reach the customer • Customer does not want to provide transit service – Customer does not let its providers route through it
Traffic to the customer Traffic from the customer
d provider announcements
provider traffic customer d customer 6 Customer Connec�ng to a Provider
Provider Provider
1 access link 2 access links
Provider Provider
2 access routers 2 access PoPs (Points of Presence) 7 Mul�‐Homing: Two or More Providers • Mo�va�ons for mul�‐homing – Extra reliability, survive single ISP failure – Financial leverage through compe��on – Be�er performance by selec�ng be�er path – Gaming the 95th‐percen�le billing model
Provider 1 Provider 2 8 Princeton Example
• Internet: customer of USLEC and Patriot • Research universi�es/labs: customer of Internet2 • Local non‐profits: provider for several non‐profits
Patriot USLEC Internet2
Princeton 9 How many links are enough?
K upstream ISPs
Not much benefit beyond 4 ISPs
Akella et al., “Performance Benefits of Mul�homing”, SIGCOMM 2003 10 Peer‐Peer Rela�onship
• Peers exchange traffic between customers – AS exports only customer routes to a peer – AS exports a peer’s routes only to its customers – O�en the rela�onship is se�lement‐free (i.e., no $$$)
Traffic to/from the peer and its customers
announcements
peer peer traffic
d 11 AS Structure: Tier‐1 Providers • Tier‐1 provider – Has no upstream provider of its own – Typically has a na�onal or interna�onal backbone • Top of the Internet hierarchy of ~10 ASes – AOL, AT&T, Global Crossing, Level3, UUNET, NTT, Qwest, SAVVIS (formerly Cable & Wireless), and Sprint – Full peer‐peer connec�ons between �er‐1 providers 12 AS Structure: Other ASes
• Other providers – Provide transit service to downstream customers – … but, need at least one provider of their own – Typically have na�onal or regional scope – Includes several thousand ASes • Stub ASes – Do not provide transit service to others – Connect to one or more upstream providers – Includes the vast majority (e.g., 85‐90%) of the ASes 13 The Business Game and Depeering • Coopera�ve compe��on (brinksmanship) • Much more desirable to have your peer’s customers – Much nicer to get paid for transit • Peering “�ffs” are rela�vely common 31 Jul 2005: Level 3 No�fies Cogent of intent to disconnect. 16 Aug 2005: Cogent begins massive sales effort and men�ons a 15 Sept. expected depeering date. 31 Aug 2005: Level 3 No�fies Cogent again of intent to disconnect (according to Level 3) 5 Oct 2005 9:50 UTC: Level 3 disconnects Cogent. Mass hysteria ensues up to, and including policymakers in Washington, D.C. 7 Oct 2005: Level 3 reconnects Cogent During the “outage”, Level 3 and Cogent’s singly homed customers could not reach each other. (~ 4% of the Internet’s prefixes were isolated from each other) 14 Depeering Con�nued Resolu�on…
“Cogent will offer any Level 3 customer, who is …but not before a�empt to steal customers! single homed to the As of 5:30 am EDT, October 5th, Level(3) Level 3 …, one year of terminated peering with Cogent without causes full Internet transit free …. Cogent has le� the peering circuits open in of charge at the same the hope that Level(3) will change its mind and allow traffic to be exchanged between our bandwidth…. Cogent will networks. We are extending a special offering provide this connec�vity to single homed Level 3 customers. in over 1,000 loca�ons.” 15
Realizing BGP Rou�ng Policy 16 BGP Policy: Applying Policy to Routes
• Import policy – Filter unwanted routes from neighbor • E.g. prefix that your customer doesn’t own – Manipulate a�ributes to influence path selec�on • E.g., assign local preference to favored routes • Export policy – Filter routes you don’t want to tell your neighbor • E.g., don’t tell a peer a route learned from other peer – Manipulate a�ributes to control what they see • E.g., make a path look ar�ficially longer than it is 17 BGP Policy: Influencing Decisions
Open ended programming. Constrained only by vendor configura�on language Receive Apply Policy = Based on Best Apply Policy = Transmit BGP filter routes & A�ribute Routes filter routes & BGP Updates tweak a�ributes Values tweak a�ributes Updates
Apply Import Best Route Best Route Apply Export Policies Selec�on Table Policies
Install forwarding Entries for best Routes.
IP Forwarding Table 18 Import Policy: Local Preference • Favor one path over another – Override the influence of AS path length – Apply local policies to prefer a path • Example: prefer customer over peer
Local‐pref = 90 AT&T Sprint
Local‐pref = 100 Tier‐2
Tier‐3 Yale 19 Import Policy: Filtering • Discard some route announcements – Detect configura�on mistakes and a�acks • Examples on session to a customer – Discard route if prefix not owned by the customer – Discard route that contains other large ISP in AS path
Patriot USLEC
Princeton
128.112.0.0/16 20 Export Policy: Filtering • Discard some route announcements – Limit propaga�on of rou�ng informa�on • Examples – Don’t announce routes from one peer to another
UUNET AT&T Sprint 21 Export Policy: Filtering • Discard some route announcements – Limit propaga�on of rou�ng informa�on • Examples – Don’t announce routes for network‐management hosts or the underlying routers themselves
USLEC
network operator Princeton 22 Export Policy: A�ribute Manipula�on • Modify a�ributes of the ac�ve route – To influence the way other ASes behave • Example: AS prepending – Ar�ficially inflate the AS path length seen by others – To convince some ASes to send traffic another way
Sprint USLEC Patriot
88 88 88 Princeton 128.112.0.0/16 23 BGP Policy Configura�on
• Rou�ng policy languages are vendor‐specific – Not part of the BGP protocol specifica�on – Different languages for Cisco, Juniper, etc.
• S�ll, all languages have some key features – Policy as a list of clauses – Each clause matches on route a�ributes – … and either discards or modifies the matching routes
• Configura�on done by human operators – Implemen�ng the policies of their AS – Business rela�onships, traffic engineering, security, … 24 Why Is The Internet Generally Stable?
• Mostly because of $$
• Policy configura�ons based on ISPs’ bilateral business rela�onships – Customer‐Provider • Customers pay provider for access to the Internet – Peer‐Peer • Peers exchange traffic free of charge
• Most well‐known result reflec�ng this prac�ce: “Gao‐Rexford” stability condi�ons 25 The “Gao‐Rexford” Stability Condi�ons • Preference condi�on – Prefer customer routes over peer or provider routes
Node 3 prefers “3 d” over “3 1 2 d” 26 The “Gao‐Rexford” Stability Condi�ons • Export condi�on – Export only customer routes to peers or providers
Valid paths: “1 2 d” and “6 4 3 d” Invalid path: “5 8 d” and “6 5 d” 27 The “Gao‐Rexford” Stability Condi�ons • Topology condi�on (acyclic) – No cycle of customer‐provider rela�onships 28
BGP and Mul�ple Routers in an AS 29 An AS is Not a Single Node • AS path length can be misleading – An AS may have many router‐level hops
BGP says that path 4 1 is better than path 3 2 1
AS 4
AS 3
AS 2
AS 1 30 An AS is Not a Single Node • Mul�ple routers in an AS – Need to distribute BGP informa�on within the AS – Internal BGP (iBGP) sessions between routers
AS1 eBGP
iBGP AS2 31 Internal BGP and Local Preference • Example – Both routers prefer path through AS 100 on the le� – … even though right router learns an external path
AS 200
AS 100 AS 300
Local Pref = 100 Local Pref = 90
I‐BGP AS 256 32 An AS is Not a Single Node
• Mul�ple connec�ons to neighboring ASes – Mul�ple border routers may learn good routes – … with the same local‐pref and AS path length
Multiple links 4 3 5
2 7 6
1 33 Early‐Exit or Hot‐Potato Rou�ng
Customer B • Diverse peering loca�ons • Comparable capacity at Provider B all peering points – Can handle even load • Consistent routes multiple peering – Same des�na�ons Early-exit points routing adver�sed at all points – Same AS path length for a Provider A des�na�on at all points • Why not push wide‐area rou�ng to peer? Customer A 34 Realizing Hot‐Potato Rou�ng
• Hot‐potato rou�ng – Each router selects the closest egress point – … based on the path cost in intra‐domain protocol
• BGP decision process – Highest local preference – Shortest AS path dst B – Closest egress point A 9 B 3 D 4 3 8 – Arbitrary �e break 4 10 G F 5 8 E C 35 Joining BGP and IGP Informa�on • Border Gateway Protocol (BGP) – Announces reachability to external des�na�ons – Maps a des�na�on prefix to an egress point • 128.112.0.0/16 reached via 192.0.2.1 • Interior Gateway Protocol (IGP) – Used to compute paths within the AS – Maps an egress point to an outgoing link • 192.0.2.1 reached via 10.1.1.1
10.1.1.1
192.0.2.1 36 Joining BGP with IGP Informa�on
128.112.0.0/16 Next Hop = 192.0.2.1 128.112.0.0/16
10.10.10.10 192.0.2.1 AS 7018 AS 88 IGP destination next hop 192.0.2.0/30 10.10.10.10 Forwarding Table + destination next hop BGP 128.112.0.0/16 destination next hop 10.10.10.10 192.0.2.0/30 10.10.10.10 128.112.0.0/16 192.0.2.1 37 Some Routers Don’t Need BGP
• Customer that connects to a single upstream ISP – The ISP can introduce the prefixes into BGP – … and customer can simply default‐route to the ISP Qwest Nail up routes 130.132.0.0/16 pointing to Yale
Nail up default routes 0.0.0.0/0 pointing to Qwest Yale University 130.132.0.0/16 38 Some Routers Don’t Need BGP
• Routers inside a “stub” network – Border router may speak BGP to upstream ISPs – But, internal routers can simply “default route”
Patriot USLEC BGP
AS 88 Princeton University 128.112.0.0/16 39 Conclusions
• BGP is solving a hard problem – Rou�ng protocol opera�ng at a global scale – Tens of thousands of independent networks – Each have own policy goals; all want convergence
• Key features of BGP – Prefix‐based path‐vector protocol – Incremental updates (announcements and withdrawals) – Policies applied at import and export of routes – Internal BGP to distribute informa�on within an AS – Interac�on with the IGP to compute forwarding tables