patrick verkaik, andre broido, young hyun, kc claffy
TRANSCRIPT
![Page 1: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/1.jpg)
Beyond CIDR Aggregation
Patrick Verkaik, Andre Broido, Young Hyun, kc claffy
CAIDA / NLnet Labs / RIPE NCC
http://www.caida.org/projects/routing/atoms/
![Page 2: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/2.jpg)
Outline of talk
• Introduction
• Atoms architecture
• Incremental deployment
• Prototype
• Analysis and simulation
• Future work
![Page 3: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/3.jpg)
Motivation
• Observation: many prefixes share AS path in allRouteViews / RIPE peers
• BGP policy atom: set of prefixes that share AS path
• Equivalent in terms of routing
![Page 4: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/4.jpg)
Number and stability
1 Nov 2003 RouteViews data:
• around 35K atoms
• covering around 127K prefixes
• (16K ASes)
Stability over 8 hours:
• 4.9% of atoms undergo prefix membership change(8 May 2003 RouteViews data)
• 2-3% of prefixes change atom membership(Tel Aviv University, 2002)
![Page 5: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/5.jpg)
Apply to routing?
• Summarise prefixes of atom into one routed object
• Incorporate into BGP
Reduce number of routed objects in Default-Free Zone (DFZ):
• Shrink routing tables and forwarding tables
• Perform routing updates per atom, not per prefix
![Page 6: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/6.jpg)
Current BGP techniques and their limitations
• CIDR aggregation. But [BGP-GROWTH]:– Multihoming and inbound traffic → deaggregation– Fragmented address space cannot be aggregated– Failure to aggregate
• Rate limiting and dampening
• Pack multiple prefixes in single BGP update message. But :– No effect on number of routes– Per-prefix update processing remains– Only for prefixes with identical attributes (e.g. different
origin AS → separate update message)
![Page 7: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/7.jpg)
Currently coping, but what about future?
• IPv6– raises upper bound on number of routes– multihoming practices operationally disabled [RFC2772]
• 32-bit AS numbers: increased multihoming by small sites?
![Page 8: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/8.jpg)
Outline of talk
• Introduction
• Atoms architecture
• Incremental deployment
• Prototype
• Analysis and simulation
• Future work
![Page 9: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/9.jpg)
What is an atom?
• Group of atomised prefixes to be routed together
• To be declared by origin ASes
• These ASes partition prefixes into atoms and announce
• Atomised prefixes can be IPv4 or IPv6
• Only globally routed prefixes are atomised– Default-free zone (DFZ)– Not CIDR-aggregated into other prefixes
![Page 10: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/10.jpg)
What is an atom?
AS
AS
AS
Origin AS
P1
P2
P1
P4
P5P4P3
P5
P5P4P3
P4 P5
P1
P3
P2
P2
P3
![Page 11: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/11.jpg)
Applying the atom concept
• BGP updates govern entire atoms
• Atoms replace prefixes in core routers:– Reduce table size in these routers– Reduce update load on these routers
• Maintain grouping of atoms outside of BGP
• Perhaps: improved convergence behaviour?
![Page 12: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/12.jpg)
Architecture — Overview
default−free zone
membership tablelocal routes
atom routeslocal routes
Transit router:
ET
Edge router:atom routes
E
E
TT
local atom routesdefault routelocal routes
![Page 13: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/13.jpg)
Architecture — Components
• Tunneling / MPLS for forwarding
• BGP on atoms
• Membership protocol binds atomised prefixes to atoms
![Page 14: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/14.jpg)
Atom representation
• Atom is represented by an atom ID
• Atom ID syntactically a prefix(unrelated to prefixes in atom)– Reason: BGP can route atom IDs
• Atom IDs are a flat namespace– No further aggregation
![Page 15: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/15.jpg)
Forwarding
AS
E.F.G.H
destination AS
ASsender dest=E.F.G.H
default−freezone
packet
![Page 16: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/16.jpg)
Forwarding
A.B.C.0/24
prefixes
destination AS
E.F.G.H
AS
ASsender
E.F.G.0/24
atom id
M.N.O.0/24
I.J.K.0/24
dest=E.F.G.H
default−freezone
packet
![Page 17: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/17.jpg)
Forwarding
dest=E.F.G.H
A.B.C.0/24 atom id
destination AS
E.F.G.H
prefixes
AS
ASsender
E.F.G.0/24
M.N.O.0/24
I.J.K.0/24Encapsulation
dest=E.F.G.H
dest=A.B.C.D
default−freezone
encapsulated packet
packet
![Page 18: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/18.jpg)
Forwarding
dest=E.F.G.H
E.F.G.0/24
M.N.O.0/24
destination AS
E.F.G.H
I.J.K.0/24
A.B.C.0/24 atom id
prefixes
AS
ASsender dest=E.F.G.H
dest=A.B.C.D
default−freezone
packet
encapsulated packet
![Page 19: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/19.jpg)
Forwarding
dest=E.F.G.H
M.N.O.0/24
destination AS
E.F.G.H
I.J.K.0/24
A.B.C.0/24 atom id
prefixes
AS
AS
E.F.G.0/24
sender
Decapsulation
dest=E.F.G.H
dest=A.B.C.D
default−freezone
encapsulated packet
packet
![Page 20: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/20.jpg)
Forwarding
• Encapsulation to traverse DFZ
• Ingress edge router encapsulates
• Destination AS decapsulates
![Page 21: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/21.jpg)
Encapsulation vs MPLS
Similar techniques:
• Both do tunneling
• Atom ID ↔ Forwarding Equivalence Class
• Encapsulation ↔ Labeling
• IP forwarding ↔ Label swapping
Disadvantages of encapsulation:
• Encapsulation reduces MTU
• Encapsulation complicates path MTU discovery and ICMP
But: MPLS not used interdomain
![Page 22: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/22.jpg)
BGP routes atom IDs
default−free zone
Edge router
Atom originatorAtom originator
BGP
E
E
Transit router
TT
ET
![Page 23: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/23.jpg)
Atom membership
• Atom originator partitions prefixes over atoms
• Sends { atom ID ↔ atomised prefixes } to edge router(s)
• Edge routers propagate to neighbouring edge routers
![Page 24: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/24.jpg)
Atom membership
default−free zone
ET
Atom originator
Edge router
E
E
Transit router
TT
![Page 25: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/25.jpg)
Atom membership
Structured propagation limits unnecessary messages:
• Propagation based on current practices of businessrelationships:– Customers ↔ all neighbours– Providers and peers 9 providers and peers
• Additional rules avoid sending multiple times in most cases
![Page 26: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/26.jpg)
Membership vs BGP
• Some differences between membership protocol and BGP.Membership protocol:– Maps atom ID ↔ atomised prefixes– Has no route selection– Semantics of update independent of which neighbour
sent it– Identical state in all edge routers after convergence
• Membership protocol is multihop:– Spoken only by edge routers and atom originators– Dynamics affect only subset of routers– Multihop but: session resets relatively harmless
![Page 27: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/27.jpg)
Outline of talk
• Introduction
• Atoms architecture
• Incremental deployment
• Prototype
• Analysis and simulation
• Future work
![Page 28: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/28.jpg)
Incremental deployment — Routing
atomised prefixes atomised prefixesBGP: dropBGP: generate
default−freezone island
atomised
atomoriginator
atomised prefixesBGP: announce
BGP: announceatom id
Routes for:atom idsatomised prefixesnon−atomised prefixes
Routes for:atom idsnon−atomised prefixes
membership protocol
membership: send update
![Page 29: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/29.jpg)
Incremental deployment — Routing
• Non-atomised prefixes– All routers capable of routing non-atomised prefixes
• DFZ ASes that are not atomised– Multiple atomised islands– Islands connected through membership protocol (mul-
tihop)– Islands generate atomised prefix routes into non-atomised
DFZ– ...and drop these routes when received from DFZ
• ASes outside DFZ that are not atomised– Atom originator speaks membership with edge router
(multihop)– Announces route for atom ID in BGP– Announces routes for atomised prefixes in BGP (dropped
by islands)
![Page 30: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/30.jpg)
Incremental deployment — Forwarding
• Encapsulate once: on first entry into an island
• Decapsulate once: at origin AS
• Routes for atom IDs exist on the entire forwarding path
![Page 31: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/31.jpg)
Incremental deployment — Forwarding
default−freezone island
atomised
atomoriginator
encapsulation
decapsulation
no decapsulation
already encapsulated
no decapsulation
![Page 32: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/32.jpg)
Outline of talk
• Introduction
• Atoms architecture
• Incremental deployment
• Prototype
• Analysis and simulation
• Future work
![Page 33: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/33.jpg)
Prototype
• Implemented for IPv4 in Zebra (GNU license)
• Atoms declared manually in router configurationlanguageip prefix-list A1 permit E.F.G.0/24ip prefix-list A1 permit I.J.K.0/24ip prefix-list A1 permit M.N.O.0/24atom declare A.B.C.0/24 A1
• Zec’s virtual network stack for testing [VIMAGE]
• It pings!
![Page 34: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/34.jpg)
Outline of talk
• Introduction
• Atoms architecture
• Incremental deployment
• Prototype
• Analysis and simulation
• Future work
![Page 35: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/35.jpg)
Analysis of origin link sets
Define: origin link == First two ASes in AS path
• Observe origin links sets of prefixes in RouteViews
• Estimate number of atoms as number of origin link sets
• RouteViews Nov 1 snapshot:– 24K unique origin link sets– covering 127K prefixes– 16K ASes
{ 3−1 }
AS 2 AS 3
AS 1
{ 2−1, 3−1 }
{ 2−1 }
1.2.3.0/249.10.11.0/24
13.14.15.0/2417.18.19.0/245.6.7.0/24
![Page 36: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/36.jpg)
Simulation (in progress)
GeorgiaTech’s BGP extension to ns-2 [BGP++]
• Simulate various kinds of updates:– BGP updates– Membership updates
• Determine cost of these updates:– Number of messages– Convergence time
• Compare with non-atoms routing
• Analyse ratio of membership updates to BGP updates– #membership > #BGP but same order of magnitude
![Page 37: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/37.jpg)
Simulation topology
• Subset of RouteViews AS topology
• Business relationships from [VantagePoints]
• Method:– Start with an origin AS– Include any ASes potentially reached by updates from
that AS∗ Update from customer AS reaches all neighbour ASes∗ Update from any neighbour AS reaches all customer
ASes∗ Update providers or peers do not reach other providers
or peers– To limit size, don’t traverse core
• Add fixed number of routers to each AS
• Form DFZ from core and multihomed ASes
![Page 38: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/38.jpg)
Selecting subset of AS topology
peering
provider−customer Origin AS ASes reachedof update by update
Core ASes
![Page 39: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/39.jpg)
Future work
• Configurability– Complexity– Multiple atom originators per AS
• Security: SBGP or soBGP
• Provider-originated atoms:– Immediate providers of stub ASes collectively originate
atoms from multiple customers– May require only limited cooperation from providers– Reduces lower bound on number of atoms from 24K to
12K
• IPv6
• Interdomain MPLS
• Measure overhead of encapsulation/decapsulation
![Page 40: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/40.jpg)
Questions?
Acknowledgements
Andrew Lange Jeffrey HaasAndrew Partan Maarten van SteenBill Woodcock Nevil Brownlee
Bradley Huffaker Mike LloydCAIDA folks Omer Ben-Shalom
Cengiz Alaettinoglu Pedro Roque MarquesDaniel Karrenberg Ronald van der Pol
Dave Meyer Ruomei GaoEvi Nemeth Sean Finn
Fontas Dimitropoulos Senthilkumar AyyasamyFrances Brazier Ted Lindgreen
Frank Kastenholz Teus HagenGeoff Huston Vijay Gill
Henk Uijterwaal Wytze van der Raay
http://www.caida.org/projects/routing/atoms/
![Page 41: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/41.jpg)
References
[BGP-GROWTH] T. Bu, L. Gao and D. Towsley, ”Oncharacterizing BGP routing table growth,”Proc. IEEE Global Telecommunications Conf.(GLOBECOMM), pp. 2197-2201, Nov. 2002
[BGP++] Christos Xenofontas Dimitropoulos, ”BGPimplementation for ns-2,”http://www.ece.gatech.edu/research/labs/MANIACS/BGP++/
[RFC2772] R. Rockell and R. Fink, ”6Bone BackboneRouting Guidelines, RFC 2772,” Feb. 2000
![Page 42: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/42.jpg)
References
[VantagePoints] Lakshminarayanan Subramanian, SharadAgarwal, Jennifer Rexford, and Randy H. Katz,”Characterizing the Internet Hierarchy fromMultiple Vantage Points,” in Proc. of IEEEINFOCOM 2002, New York, NY, Jun 2002
[VIMAGE] Marko Zec, ”Network stack cloning /virtualization extensions to the FreeBSDkernel,” http://www.tel.fer.hr/zec/vimage/
![Page 43: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/43.jpg)
Message layout
timestampBGP: withdraw atom
...........
BGP: announce atom
A.B.C.0/24
A.B.C.0/24
Withdraw
Announce
Attributes
Withdraw
Announce
Attributes
prefixes
atom id
Membershipattribute
Announce A.B.C.0/24
I.J.K.0/24E.F.G.0/24
M.N.O.0/24
Atom membership update
atom id
atom id
atomised
Withdraw
7382576
![Page 44: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/44.jpg)
Analysis of origin link sets
Infer updates to atoms by origin ASes, time-out to allow forBGP noise
• Routing change: all prefixes of S1 move to new S2
• Split: some prefixes in S1 move to new S2
• Join: all prefixes in S1 move to existing S2
• Shift: some prefixes in S1 move to existing S2
• Announcement: newly routed prefixes form a new S1
• Announce membership: newly routed prefixes joinexisting S1
• Withdrawal: all prefixes in S1 become unreachable
• Withdraw membership: some prefixes in S1 becomeunreachable
![Page 45: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/45.jpg)
Analysis of origin link sets
Each such update:
• Zero or more BGP updates
• Zero or more membership updates
![Page 46: Patrick Verkaik, Andre Broido, Young Hyun, kc claffy](https://reader031.vdocuments.net/reader031/viewer/2022020706/61fca0329d50e757a521ce29/html5/thumbnails/46.jpg)
Analysis of origin link sets