traffic engineering with bgp - kt.agh.edu.pl · traffic engineering with bgp inbound and outbound...

1

Unauthorised copying or use is prohibited Sieci Komputerowe 2 Sieci IP

Traffic engineering

with BGP

Inbound and outbound traffic control

Piotr Pacyna Katarzyna Kosek-Szott

2


BGP protocol - review questions

3


Review questions

Do czego służy proces decyzyjny BGP ? Co jest rezultatem procesu decyzyjnego BGP ?

Co się dzieje z rezultatami procesu decyzyjnego BGP ? Jak są wykorzystywane ?

Jaką rolę pełnią tzw. atrybuty BGP ? Jakie są typy (rodzaje) atrybutów ?

Jakie są kolejne kryteria decyzyjne procesu decyzyjnego BGP ?

Jakie warunki konieczne musi spełniać prefiks BGP, aby mógł być wzięty pod uwagę przez proces decyzyjny BGP ?

Do czego służą atrybuty LOCAL_PREFERENCE oraz MULTI_EXIT_DISCRIMINATOR ?

4


BGP protocol

5


BGP protocol characteristics (1)

Goal: select the best path towards destination across several transit domains

The best path has a different meaning for diferent ISPs but it often means the cheapest path (cheapest for the service provider)

When selecting ‘the best path’, BGP takes into account various information

available about the path. The information is carried in BGP attributes.

6


BGP protocol characteristics (2)

BGP advertises network prefixes, along with path attributes. Attributes include AS path attribute that determines the path to reach the network(s) named in the prefix.

AS path is a list of autonomous systems that need to be traversed to reach the network. BGP path attributes convey additional information, which can be considered by a BGP decision

process when selecting the best path.

BGP path attributes can include attributes, such as LOC_PREF and MED.

BGP decision process selects one path for each prefix. The best path is installed in the routing table.

BGP decision process is effective when there are two or more paths to choose from, for a given prefix.

Reachability of the BGP Next Hop is the precondition to consider a path by the BGP decision

process.

The best path can be advertised to other domains, depending on export policy. Every AS is autonomous: it has the right to advertise (or not to advertise) a path for some prefix.

If the prefix is advertised, the AS must be prepared to accept and forward traffic to the named network.

7


BGP Decision Process

1. Prefer the highest value of LOCAL_PREF

2. Prefer paths locally computed on the router

3. Prefer paths with shortest AS_PATH length

4. Prefer paths of lowest origin code

( IGP < EGP < incomplete )

5. Prefer the lowest value of MULTI_EXIT_DISC

6. Prefer the lowest value of metric to the

NEX_HOP rtr

8


LAB overview

9


Objective of this exercise

The objective of this laboratory exercise is to show the propagation of prefixes between ISPs in multi-homing scenario. We will see that an ISP can manipulate the prefix during propagation and processing to satisfy its own goals regarding path selection. By doing this an ISP can implement its own policies for inbound and outbound flows. Specifically, we will see that: an ISP can influence path selection process carried out by its own BGP routers

and thus can influence the path for outbound traffic. an ISP can attempt to influence path selection process made by routers that

belong to neighbor ISPs and thus to try influence the path for inbound traffic.

10


Exercise outline

The general idea is to insert additional information into BGP Update messages. This extra information will be propagated with the prefix and evaluated by BGP routers during BGP decision process. The BGP decision process is known. As a result of the BGP decision process appropriate routes will be installed in routing tables of BGP routers. Inter-domain traffic will be routed following the routes. In the exercise first we will change the routes for outbound traffic. Next, we will try to influence the path along which traffic arrives into our local domain (inbound traffic). The exercise is organised into two parts.

11


Part I Outbound traffic control

with LocPref

12


Part I Outline

In Part I we will influence path selection for outbound traffic, i.e. for traffic originated in our local AS, destined to a network in another AS. Idea: Path selection for outbound traffic is carried out in our local AS by BGP routers,

which determine the egress router for the traffic. Method: Normally, the selection of the best path, including selection of the egress router,

is determined by the BGP decision process. The decision is based on path attributes.

The choice of the preferred egress router can be influenced by modifying path attributes for a prefix, while knowing how the decision is made, i.e. while knowing how BGP best path selection works.

Technically speaking, a prefix is manipulated and admitted (propagated) into local AS to let routers decide. Local AS routers select the path, which is “preferred”, over any other path(s), in accordance with the BGP decision process.

13


AS2 view (customer view)

Import: from AS1 R1 at RX set localpref=200;

from AS1 R2 at RX set localpref=100;

accept ANY

Export: to AS1 R1 at RX announce AS2

to AS1 R2 at RX announce AS2

AS1 view (provider view)

Import: from AS2 RX at R1 set localpref=300;

from AS2 RX at R2 set localpref=100;

accept AS2

Export: to AS2 RX at R1 announce ANY

to AS2 RX at R2 announce ANY

A S 1

A S 2

R 1

1 5 5 2

R X

R 2

Example: the use of Local Preference attribute for controlling outbound traffic

14


Example for Local Preference

In the figure LocPref is set in AS2 on the received prefix 10.10.1.0 / 24 (the prefix is received from AS1 directly and from AS1 via AS3). The LocPref values indicate that BGP routers in AS2 ”should prefer” path via AS3 to network 10.10.1.0 / 24.

AS1

AS3

AS2LocPref 70

LocPref 200

Net 10.10.1.0 ¨ 24

15


Lab exercise - network topology AS2 (provider) perspective

zebra is ‘up and running’ interfaces are up networks are configured note the networks:

10.10.1.0/24 in AS1 10.10.3.0/24 in AS3

Q1: Which paths will be selected by R23 for networks 10.10.1.0/24 and 10.10.3.0/24 before LocPref is installed ?

need to configure R21 and R22 with LocPref … but first check configuration of R31

AS 2

PC

LocPref =200

LocPref=70

AS 3

AS 1

R31

R12

R11

R22

R21

net. A.192.168.1.0/30

10.10.3.0/24

10.10.1.0/24

net. C.192.168.3.0/30

net. Z.10.10.5.0/24

e1=.1

e1=.1

e0=.1

e0=.1e0=.2

e0=.3e1=.3

e0=.1

e2=.3

e1=.2e0=.2

e0=.2

net. D

10.10.4.0/24n

et. G

10.1

0.2

.0/2

4

ne

t. B

19

2.1

68.2

.0/3

0

R23

16


Check configuration of R31 (1)

Step 1. Check Zebra routing daemon (general config.) view file: /etc/zebra/zebra.conf

hostname zebra

pasword zebra

interface eth0

bandwidth 100000

log file /var/log/zebra/zebra.log

17



Step 2. Check if routing daemon is properly configured in Zebra on R31 view file: /etc/zebra/daemons

zebra=yes

bgpd=yes

ospfd=no

ospf6d=no

ripd=no

ripngd=no

18



Step 3. Verify if the BGP daemon is properly configured.

view file: /etc/zebra/bgpd.conf

hostname bgpd

password zebra

enable password zebra

[...]

debug bgp

debug bgp events

debug bgp filters

debug bgp fsm

debug bgp keepalives

debug bgp updates

19


Run traceroute 10.10.3.1 on R23. Q1: Which path is selected ? Q2: Why this path has been chosen and not the other? Q3: Is there any method to make the router R23 choose the

other path ? What are the options to do so ?

Reachability over BGP

20


Router configuration:

In order to configure R21 and R22 do one of the following: 1. Edit the bgpd.conf file and restart zebra

or

2. Telnet to bgpd, configure it and then issue the clear ip bgp * command

21


Route map – command syntax

22


Route map – a template

Use the following example to configure R21 and R22:

router bgp xxx

network nn.nn.nn.nn/mm

neighbor aa.bb.cc.dd remote-as nnnn

neighbor aa.bb.cc.dd route-map myRouteMap in

!

route-map myRouteMap permit 10

set local-preference xx

!

23


Configuration of R21

Expected configuration on router R21 hostname bgpd

password zebra


!

route-map as1-in permit 10

set local-preference 200

router bgp 2

!

neighbor 192.168.3.1 remote-as 1

neighbor 192.168.3.1 description Router12

neighbor 192.168.3.1 route-map as1-in in


neighbor 10.10.4.3 next-hop-self

!

log file /var/log/zebra/bgpd.log

24


Configuration of R22 Expected configuration on router R22

hostname bgpd

password zebra


!

route-map as3-in permit 10

set local-preference 70

router bgp 2

network 192.168.2.0/30



neighbor 192.168.2.1 route-map as3-in in



!

log file /var/log/zebra/bgpd.log

see http://www.getnetworking.net/

bgp/bgp-next-hop-self to understand this

http://www.getnetworking.net/bgp/bgp-next-hop-self








25


Testing routes from R23 to AS3

Execute traceroute again from R23 to 10.10.3.1/24 Execute ping –R from R23 to 10.10.3.1/24 ............

............

............

Q1: Which is the route for data traffic to AS3 now ?

26


Part II Inbound traffic control

with MED

27


Part II Inbound traffic

In Part II we will try to influence the paths for inbound traffic, i.e. traffic

arriving into our ISP domain. method: it can be done by modifying attributes of AS Path messages advertised by our BGP routers to neighbouring ASs. By modifying attributes prior to message advertisement we will try to influence decisions made by neighbouring BGP routers when selecting best routes to networks located in our AS.

28


Lab. Part II: Insertion of Multiple Exit Discriminator (MED)

M ED = 5 0M ED = 1 0 0

A S 2

A S 3

n e t.

MED value is set

on prefixes advertised by AS3 in order

to ”tell” AS2 routers that AS3 ’would

like’ to receive traffic over the high

bandwidth link.

29


Lab. Part II: Insertion of Multiple Exit Discriminator (MED)

M ED = 5 0

M ED = 5 0

M ED = 5 0

M ED = 1 0 0

A S 2

A S 3

A S 1

n e t.

MED value is set

on prefix ‘net.’

advertised by AS3

in order to ”tell everybody”

that AS3 ’would like’ to

receive traffic for

network ‘net.’

over high bandwidth links

Note that MED value related to the same

prefix but received in AS2 from different

Autonomous Systems will not be compared !

30


Network topology with address plan for Part II MED. AS3 (customer) perspective

Pre-configured

network topology:

zebra is ‘up and running’ interfaces are up networks are configured

Need to configure: R31 and R32

31


Testing routes from R23 to R31 before setting MED

Execute traceroute from R23 to 10.10.3.1/24 Execute ping –R from R23 to 10.10.3.1/24

Q1: which path is used to route traffic to network 10.10.3.1/24 ?

32


Changing the router configuration

In order to configure R31 and R32 do one of the following: 1. Edit the bgpd.conf file, add what is needed and restart zebra

or

2. Telnet to bgpd, configure what is needed and (on R22 and R24) issue the clear ip bgp * command

33


Route map – template

Use the following example to configure R31 and R32:

router bgp xxx

network nn.nn.nn.nn/mm

neighbor aa.bb.cc.dd remote-as nnnn

neighbor aa.bb.cc.dd route-map myRouteMap out

!

route-map myRouteMap permit 10

set metric xx

!

34




password zebra


!

route-map metricOut permit 10

set metric 100

!

router bgp 3

!

network 10.10.3.0/24

!



neighbor 192.168.2.2 route-map metricOut out

!



35




password zebra


!

route-map metricOut permit 10

set metric 70

!

router bgp 3

!

network 10.10.3.0/24

!



neighbor 192.168.4.1 route-map metricOut out




36


Testing routes from R23 to R31 after setting MED

Execute traceroute from R23 to 10.10.3.1/24 Execute ping –R from R23 to 10.10.3.1/24

Note that traffic is routed over link R24-R32 (because of lower value of MED on that link)

37


BGP Decision Process with LOC_PREF and MED used

simultaneously in multi-provider scenario

M ED = 5 0

M ED = 5 0

M ED = 5 0

M ED = 1 0 0

A S 2

A S 3

A S 1

A S 2

Lo c Pre f

= 2 0 0

Lo c Pre f= 7 0

Pre f ix

A S 3

A S 1

Review questions:

Q1: Which path will be selected by routers in AS2 to reach AS1 in scenario

a) without any LOC_PREF and MED attributes ?,

b) with LOC_PREF only ?,

c) with MED_ only ?,

d) with both LOC_PREF and MED ?.

38

Unauthorised copying or use is prohibited Sieci Komputerowe 2 Sieci IP 38

The level of control over flows is different for inbound and outbound flows.

Specifically, the level of control over outbound traffic is strong, as it requires configuration of ISPs own routers. An ISP can precisely influence local selection of routes leading to remote destinations,i.e. for the outbound traffic.

The control over inbound traffic is , however, weak. An ISP has limited ability to control choices that other ISPs make to direct traffic to local networks (inbound traffic).

One can conclude, that the level of control is asymmetric.

Conclusions

39

Unauthorised copying or use is prohibited Sieci Komputerowe 2 Sieci IP 39

Internet resources

Using BGP’s local preference to influence outbound routing: http://evilrouters.net/2009/03/07/using-bgps-

local-preference-to-influence-outbound-routing/

Using AS path prepending to influence inbound routing: http://evilrouters.net/2009/03/07/using-as-path-

prepending-to-influence-inbound-routing/

http://evilrouters.net/2009/03/07/using-bgps-local-preference-to-influence-outbound-routing/

















http://evilrouters.net/2009/03/07/using-as-path-prepending-to-influence-inbound-routing/


















traffic engineering with bgp - kt.agh.edu.pl · traffic engineering with bgp inbound and outbound...

Documents