Policy-Based Routing
description
Transcript of Policy-Based Routing
![Page 1: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/1.jpg)
© J. Liebeherr, All rights reserved1
Policy-Based Routing
The BGP part of the lecture is based on a BGP tutorial by T. Griffin from AT&T Research.
![Page 2: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/2.jpg)
2
Internet Infrastructure
local ISP(Tier 3)
campusnetwork
corporatenetwork
IXP
RegionalNetwork(Tier 2)
RegionalNetwork(Tier 2)
local ISP(Tier 3)
local ISP(Tier 3)
IXP
IXP
Backbone Network(Tier 1)
Backbone Network(Tier 1)
RegionalNetwork(Tier 2)
RegionalNetwork(Tier 2)
![Page 3: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/3.jpg)
3
Internet Infrastructure
• Location where a network (ISP, corporate network, or regional network) gets access to the Internet is called a Point-of-Presence (POP).
• Locations where Tier-1 or Tier-2 networks exchange traffic are called peering points.– Public peering: Traffic is swapped in a specific location,
called Internet exchange points (IXPs)– Private peering: Two networks establish a direct link to
each other.
![Page 4: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/4.jpg)
IXP – Internet exchange point
• Outside:
4
• Inside:
![Page 5: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/5.jpg)
Backbone Network of a Tier-1 Provider (USA)
5
![Page 6: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/6.jpg)
Global Map of Tier-1 Provider
6
![Page 7: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/7.jpg)
7
Autonomous Systems
• An autonomous system (AS) is a region of the Internet that is administered by a single entity and that has a unified routing policy
• Each autonomous system is assigned an Autonomous System Number (ASN).
• Examples of autonomous regions are:
• UofT’s campus network (AS239) • Rogers Cable Inc. (AS812)• Sprint (AS1239, AS1240, AS 6211, …)
• Routing is done differently – within an autonomous system (intradomain routing) and – between autonomous systems (interdomain routing).
![Page 8: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/8.jpg)
8
Interdomain and Intradomain Routing
• Routing protocols for intradomain routing are called interior gateway protocols (IGP)– Objective: shortest path
• Routing protocols for interdomain routing are called exterior gateway protocols (EGP)– Objective: satisfy policy of the AS
AS 6 AS 7
AS 4
AS 2 AS 5
AS 1
AS 3
![Page 9: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/9.jpg)
9
Interdomain and Intradomain Routing
Intradomain Routing• Routing within an AS• Ignores the Internet outside the
autonomous system• Protocols for Intradomain routing
are also called Interior Gateway Protocols or IGP’s.
• Popular protocols are – RIP (simple, old)– OSPF (better)
Interdomain Routing• Routing between AS’s• Assumes that the Internet
consists of a collection of interconnected AS’s
• Protocols for interdomain routing are also called Exterior Gateway Protocols or EGP’s.
• Routing protocol:– BGP
![Page 10: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/10.jpg)
10
IP Routing
TCP
Network Interfaces
IP InputQueue
IP Output: CalculateNext Hop Router
ICMP
routingdaemon
Process IPOptions
IP Layer
For me ?
UDProute
comman dnetstat
comman d
routingtable
YES
![Page 11: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/11.jpg)
11
EGP and IGP
• Interior Gateway Protocol– Routing is done based on metrics– Routing domain is one autonomous system
• Exterior Gateway Protocol– Routing is done based on policies– Routing domain is the entire Internet
EGP (e.g., BGP)
AS 1 AS 2
IGP (e.g., OSPF)IGP (e.g., RIP)
![Page 12: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/12.jpg)
12
EGP
• Interdomain routing is based on connectivity between autonomous systems
• Interdomain routing can ignore many details of router interconnection
AS 1 AS 2
AS 3
![Page 13: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/13.jpg)
13
AS Graphs
From: T. Griffin, BGP Tutorial
AT&T North America
![Page 14: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/14.jpg)
14
Multiple Routing Protocols
• Multiple routing protocols can run on the same router
• Each routing protocol updates the routing table
routingtable
IP Forwarding
routing tablelookup
incoming IP datagrams
outgoing IP datagrams
routing protocol
routing protocol
RIP Process
OSPFProcess
BGP Process
routing table updates
![Page 15: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/15.jpg)
15
Autonomous Systems Terminology
• local traffic = traffic with source or destination in AS
• transit traffic = traffic that passes through the AS• Stub AS = has connection to only one AS, only
carry local traffic• Multihomed Stub AS = has connection to >1 AS, but does
not carry transit traffic• Transit AS = has connection to >1 AS and
carries transit traffic
![Page 16: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/16.jpg)
16
Stub and Transit Networks
Settings:• AS 1 is a multi-homed stub network• AS 3 and AS 4 are transit networks• AS 2 and AS 5 are is a stub networks
AS 3
AS 1 AS 2
AS 4
AS 5
![Page 17: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/17.jpg)
17
Selective Transit
Example:• AS 3 carries traffic
between AS 1 and AS 4 and between AS 2 and AS 4
• But AS 3 does not carry traffic between AS 1 and AS 2
• The example shows a routing policy.
AS 2AS 1
AS 3
AS 4
![Page 18: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/18.jpg)
18
Customer/Provider and Peers
• A stub network typically obtains access to the Internet through a transit network.
• Transit network that is a provider may be a customer for another network
• Customer pays provider for service
AS 5
AS 2
Customer/Provider
AS 7
Customer/Provider
AS 8
Customer/Provider
AS 4
Customer/Provider
AS 6
Customer/Provider
![Page 19: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/19.jpg)
19
Customer/Provider and Peers
• Transit networks can have a peer relationship• Peers provide transit between their respective customers• Peers do not provide transit between peers• Peers normally do not pay each other for service
AS 3
AS 5
AS 2Peers
Customer/Provider
AS 7
Customer/Provider
AS 1Peers
AS 8
Customer/Provider
AS 4
Customer/Provider
AS 6
Customer/Provider
![Page 20: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/20.jpg)
20
Shortcuts through peering
• Note that peering reduces upstream traffic• Delays can be reduced through peering• But: Peering may not generate revenue
AS 3
AS 5
AS 2Peers
Customer/Provider
AS 7
Customer/Provider
AS 1Peers
AS 8
Customer/Provider
AS 4
Customer/Provider
AS 6
Customer/Provider
Peers
![Page 21: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/21.jpg)
21
Border Gate Protocol (BGP)
• Border Gateway Protocol is the interdomain routing protocol for the Internet for routing between autonomous systems
• Currently in version 4 (1995)– Network administrators can specify routing policies– BGP is a path vector protocol (Like distance vector, but
routing messages in BGP contain complete routes)• Uses TCP to transmit routing messages
![Page 22: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/22.jpg)
22
Border Gate Protocol (BGP)
• An autonomous system uses BGP to advertise its network address(es) to other AS’s
• BGP helps an AS to:
1. Learn about reachable networks from neighboring AS’s
2. Distribute the information about reachable networks to routers inside the AS
3. Select a route if there multiple routes to reach the same network
![Page 23: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/23.jpg)
23
BGP Message Types
• Open: Establishes a peering session
• Notification: Closes a peering session
• Keep Alive: Handshake at regular intervals to
maintain peering session
• Update: Announces new routes or withdraws
previously announced routes.
Each announced route is specified as a network prefix with
attribute values
![Page 24: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/24.jpg)
24
BGP interactions
AS 2
AS 1
AS 3
• The networks that are advertised are network IP addresses with a prefix, E.g., 128.100.0.0/16
Prefixes reachable from AS 1
Prefixes reachablefrom AS 3
![Page 25: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/25.jpg)
25
BGP interactions
• BGP is executed between two routers
– BGP session
– BGP peers or BGP speakers
• Procedure:
1. Establishes TCP connection (port 175) to BGP peer
2. Exchange all BGP route
3. As long as connection is alive: Periodically send incremental updates
• Note: Not all autonomous systems need to run BGP. On many stub networks, the route to the provider can be statically configured
AS 1
AS 2
BGP Session
![Page 26: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/26.jpg)
26
BGP interactions
• BGP peers advertise reachability of IP networks
• A advertises a path to a network (e.g., 10.0.0.0/8) to B only if it is willing to forward traffic going to that network
• Path-Vector:– A advertises the complete
path AS A, …., AS X
this avoids loops
A
B
Advertisepath to 10.0.0.0/24
10.0.0.0/24
BGP Peer
BGP Peer
![Page 27: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/27.jpg)
27
BGP Sessions
• External BGP session (eBGP):Peers are in different AS’es
• Internal BGP session (iBGP)Peers are in the same AS
• Note that iBGP sessions use routes constructed by an intradomain routing protocol to exchange messages !
AS B
iBGP session
eBGP session
AS A
![Page 28: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/28.jpg)
28
iBGP sessions
• All iBGP peers in the same autonomous system are fully meshed
• Peer announces routes received via eBGP to iBGP peers
• But: iBGP peers do not announce routes received via iBGP to other iBGP peers
Update from eBGP session
AS A
![Page 29: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/29.jpg)
29
Route Reflectors
• Full mesh of iBGP routers is difficult to maintain
• Router Reflectors (RR) present an alternative
• All iBGP routers peer with the RR– RR acts as a server– Other iBGP routers become
clients
Update from eBGP session
AS A
RR
![Page 30: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/30.jpg)
30
Content of Advertisements
• A BGP routers route advertisement is sent in a BGP UPDATE message
• A route is announced as a Network Prefix and Attributes
• Attributes specify details about a route:– Mandatory attributes:
ORIGIN
AS_PATH
NEXT_HOP
– many other attributes
![Page 31: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/31.jpg)
31
ORIGIN attribute
• Originating domain sends a route with ORIGIN attribute
AS 1
AS 2 AS 4
AS 5
AS 3
10.0.1.0/8, ORIGIN {1}
10.0.1.0/8, ORIGIN {1}
10.0.1.0/8, ORIGIN {1}
10.0.1.0/8, ORIGIN {1}
10.0.1.0/8, ORIGIN {1}
![Page 32: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/32.jpg)
32
AS-PATH attributes
• Each AS that propagates a route prepends its own AS number– AS-PATH collects a path to reach the network prefix
• Path information prevents routing loops from occuring• Path information also provides information on the length of a path (By
default, a shorter route is preferred)• Note: BGP aggregates routes according to CIDR rules
AS 1
AS 2 AS 4
AS 5
AS 3
10.0.1.0/8, AS-PATH {2,1}
10.0.1.0/8, AS-PATH {3,1}
10.0.1.0/8, AS-PATH {4,2,1}
10.0.1.0/8, AS-PATH {1}
10.0.1.0/8, AS-PATH {1}
![Page 33: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/33.jpg)
33
NEXT-HOP attributes
• Each router that sends a route advertisement it includes its own IP address in a NEXT-HOP attribute
• The attribute provides information for the routing table of the receiving router.
AS 5 AS 1
AS 3
128.100.11.1 128.143.71.21
10.0.1.0/8, NEXT-HOP {128.100.11.1}
10.0.1.0/8, NEXT-HOP {128.143.71.21}
![Page 34: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/34.jpg)
34
Connecting NEXT-HOP with IGP information
AS 1
AS 3
128.100.11.1/24 192.0.1.2
eBGP
iBGP
R1IGP router
10.1.1.0/8, NEXT-HOP {128.100.11.1}
10.1.1.0/8, NEXT-HOP {128.100.11.1}
Dest. Next hop128.100.11.0/24 192.0.1.2
At R1:
Dest. Next hop10.1.1.0/8 128.100.11.1
Routing table
BGP info
Dest. Next hop128.100.11.0/24 192.0.1.2
10.1.1.0/8 192.0.1.2
Routing table
![Page 35: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/35.jpg)
35
Route Selection
• An AS may get more than one route to an address
• Needs to select a route
Route Selection Criteria (in order of preference)• Highest Local Preference• Shortest AS-Path• Lowest MED (multi-exit discriminator) ( called “metric” in BGP)• Prefer iBGP over eBGP routes• Lowest IGP cost to leave AS (“hot potato”)• Lowest router ID ( used as tie breaker)
AS 1
Advertise path to 10.0.0.0/24AS 1
Advertise path to 10.0.0.0/24
AS 3
AS 2
AS 4
Advertise path to 10.0.0.0/24
Advertise path to 10.0.0.0/24
![Page 36: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/36.jpg)
36
Local Preference
• If there are multiple exit points from the AS, the local preference attribute is used to select the exit point for a specific route
• Local Preference is used only for iBGP sessions• Value is set locally
AS 1
Advertise path to 10.0.0.0/24AS 1
Advertise path to 10.0.0.0/24
AS 3
AS 2
AS 4
Advertise path to 10.0.0.0/24
Advertise path to 10.0.0.0/24
Local pref = 10
Local pref = 50
Local pref = 100
Local pref = 80
![Page 37: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/37.jpg)
37
Hot Potato Routing
• Router R3 in autonomous system A receives two advertisements to AS A– Which route should it pick?
• Hot Potato Rule: Select the iBGP peer that has the shortest IGP route
• Analogy: Get the packet out of one’s own AS as quickly as possible, i.e., on the shortest path
Route to X
AS A
R1
Route to X
R2
Route to X Route
to X
R3
![Page 38: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/38.jpg)
38
Hot Potato Routing
Finding the cheapest IGP route:• Compare the cost of the two
paths– R3 R1 – R3 R2
according to the IGP protocol
• Here: R1 has the shortest path
• Add a routing table entry for destination X
Route to X
AS A
R1
Route to X
R2
Cost=6
R3
Cost=23
![Page 39: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/39.jpg)
39
Hot Potato Routing can backfire!
• AS1 would serve its customer (source) better by not picking the shortest route to AS 2
• In fact, customer may have paid for a high-bandwidth service!
AS 2
AS 1
Low bandwidth network
Cost=20
Destination
Source
Cost=5
High bandwidth network
![Page 40: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/40.jpg)
40
Processing in BGP
Apply Import Rules
Select Best Route
Update IP routing table
Apply Export Rules
IP routing table
BGP updates arrive
Filter routes and change attributes
Based on attributes
Best entry is entered in IP routing table
Filter routes and change attributes
BGP updates arrive
![Page 41: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/41.jpg)
41
Importing and Exporting Routes
• An AS may not accept all routes that are advertised
• An AS may not advertise certain routes
• Route policies determines which routes are filtered
• If an AS wants to have less inbound traffic it should adapt its export rules
• If an AS wants to control its outbound traffic, it adapts its import rules
Control Inbound
traffic
AS A
Change export rules
Change import rules
Control Outbound
traffic
![Page 42: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/42.jpg)
42
Routing Policies
• Since AS 5 is a stub network it should not advertise routes to networks other than networks in AS 5
• When AS 3 learns about the path {AS1, AS4}, it should not advertise the route {AS3, AS1, AS4} to AS 2.
AS 1
AS 3
AS 5
AS 2
Peers
Customer/Provider
Peers
Customer/Provider
AS 4
AS 6
Peers
Customer/Provider
![Page 43: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/43.jpg)
43
Traffic Often Follows ASPATH
• In many cases, packets are routed according to the AS-PATH
• However, in some cases this is not true
(Here: AS 2 filters routes with a long prefix)
AS 2 AS 5AS 3AS 1128.100.0.0/16
128.100.0.0/16, AS-PATH {3,2,1}
AS 2 AS 5AS 3AS 1128.100.0.0/16
128.100.0.0/16, AS-PATH {3,2,1}
AS 4
128.100.22.0/24, AS-PATH {4}
128.100.22.0/24
128.100.0.0/16, AS-PATH {1}
128.100.0.0/16, AS-PATH {2, 1}
Does not advertise /24 networks
![Page 44: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/44.jpg)
44
Short AS-PATH does not mean that route is short
• From AS 6’s perspective – Path {AS2, AS1} is short– Path {AS5, AS4, AS3, AS1} is
long
• But the number of traversed routers is larger when using the shorter AS-PATH
AS 1
AS 3
AS 4
AS 5
AS 2
AS 6
![Page 45: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/45.jpg)
45
BGP Table Growth
Source: Geoff Huston. http://www.telstra.net/ops/bgptable.html on August 8, 2001
![Page 46: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/46.jpg)
46
Growth of BGP IPv4 Routing Tables
Source: bgp.potaroo.net, 2013
![Page 47: Policy-Based Routing](https://reader036.fdocuments.net/reader036/viewer/2022062520/56815a08550346895dc754e8/html5/thumbnails/47.jpg)
47
BGP Issues
• BGP is a simple protocol but it is very difficult to configure
• BGP has severe stability issue due to policies BGP is known to not converge
• As of July 2005, 39,000 AS numbers (of available 64,510) are consumed