Sei sulla pagina 1di 14

Border Gateway Protocol

Inter-domain Routing Basics

Autonomous system (AS):

set of routers have a single routing policy running under a single administration could be a collection of IGPs working together to provide interior routing

Outside world AS looks like a single entity – identified by a AS#

Routing information between ASs exchanged by the Border Gateway Protocol (BGP)

Inter-domain Routing Basics

Exterior routing protocols created to:

control the expansion of routing tables provide a structured view of the Internet by segregating routing domains into separate administrations called “Autonomous systems” (AS) each AS can have an independent routing policy

Inter-domain Routing Basics

called “Autonomous systems” (AS) each AS can have an independent routing policy Inter-domain Routing Basics 1

Inter-domain Routing Basics

Stub AS:

An AS is considered “stub” when it reaches networks outside it domain via a single exit point

Stub AS is single-homed with respect to its provider

Stub AS uses from the “private pool” 65412-

65535

Stub AS need not learn any AS-level routes – just use a default route to provider AS

Inter-domain Routing Basics

Other ASs can force traffic through a nontransit multihomed AS – AS must filter traffic to prevent this

multihomed AS – AS must filter traffic to prevent this Inter-domain Routing Basics Multihomed Nontransit AS

Inter-domain Routing Basics

Multihomed Nontransit AS

AS is multihomed if it has more than one exit point to outside

AS can be multihomed to a single or multiple providers

Nontransit AS does not allow transit traffic to go through it

Transit traffic has source and destination outside the AS

A nontransit AS would only advertise its own routes and not routes it learned from others

Inter-domain Routing Basics

Multihomed Transit AS

Allows transit traffic to pass through

BGP can be used as a “pipe” to exchange BGP updates within an AS – Internal BGP (IBGP)

BGP connections between ASs called External BGP (EBGP)

Routers running EBGP called border routers and IBGP called transit routers

Inter-domain Routing Basics

Inter-domain Routing Basics Inter-domain Routing Basics ► Initially, all candidate routes are exchanged ►

Inter-domain Routing Basics

Initially, all candidate routes are exchanged

Incremental updates (deltas) are sent as network information changes

BGP message header is given below

information changes ► BGP message header is given below Inter-domain Routing Basics ► BGP is a

Inter-domain Routing Basics

BGP is a path vector protocol used to carry routing information between ASs

Path refers to a sequence of AS#s – indicating the path traversed

Two BGP routers forming a transport level connection to exchange information is called peers

level connection to exchange information is called peers Inter-domain Routing Basics ► Marker field (16-bytes)

Inter-domain Routing Basics

Marker field (16-bytes) used to authenticate the incoming BGP message

BGP message length can be in [19-4096] bytes

BGP message types:

OPEN:

UPDATE NOTIFICATION KEEPALIVE

Inter-domain Routing Basics

OPEN message:

opens a connection between BGP peers – should be completed for successful BGP operation exchanges the following information – AS# (2 byte field), hold time (maximum amount of time in seconds that can elapse between successive KEEPALIVE or UPDATE message), BGP identifier, optional parameters, optional parameter length

Inter-domain Routing Basics

KEEPALIVE message:

these messages are exchanged between peers to determine reachability keepalive messages are sent at a rate that ensures that the hold time will not expire

Inter-domain Routing Basics

NOTIFICATION message:

when an error is detected after a BGP connection is established, a BGP peer sends a NOTIFICATION message before closing the peer connection administrators need to examine the NOTIFICATION message to determine the cause of the error

Inter-domain Routing Basics

UPDATE message:

update messages use the following:

• network layer reachability information (NLRI)

• path attributes

• unreachable routes

NLRI is given using IP prefixes to be compatible with CIDR

Inter-domain Routing Basics

Inter-domain Routing Basics NLRI – network layer reachability information Building Peer Sessions ► When neighbor

NLRI – network layer reachability information

Building Peer Sessions

When neighbor sessions are established during OPEN

peer routers use AS#s to determine whether they are in the same AS or not IBGP or EBGP is used based on this information

AS or not IBGP or EBGP is used based on this information Inter-domain Routing Basics ►

Inter-domain Routing Basics

BGP path attributes are used to keep track of route specific information:

degree of preference next hop value of a route aggregation information

Building Peer Sessions

Normally external BGP routers are restricted to be connected by the same network segment

Building Peer Sessions ► Normally external BGP routers are restricted to be connected by the same

Building Peer Sessions

Synchronization within an AS

BGP must be synchronized with IGP such that it waits until the IGP has propagated routing information across AS before advertising transit routes to other ASs if advertised before, the AS may receive traffic that cannot be routed! when a router receives updates from an IBGP peer it should verify the reachability using IGP before advertising to other EBGP peers

Sources of Routing Updates

Injecting information statically into BGP:

proves to be most effective in ensuring route stability IGP routes (or aggregates) that need to be advertised are manually defined as static routes static routes have the disadvantage that the routes may not accurately reflect the current state not much of a problem for “single point” updates for “multiple point” updates, black holes can be created – destination actually reachable but routes are incorrect

Building Peer Sessions

Injecting BGP routes into AS is costly:

distributing routes from BGP into IGP results in major overhead on internal routers carrying all external routes into an AS is unnecessary internal non-BGP routers can use default exit BGP (border or transit) routers to leave AS – this may be suboptimal

Sources of Routing Updates

Injecting information dynamically into BGP:

can be divided into purely dynamic – where all IGP routes are redistributed into BGP semidynamic – where only certain IGP routes are injected into BGP semidynamic allows the administrators to choose which routes should be advertised distributing the whole of IGP routes into BGP can cause information leakage

Sources of Routing Updates

Dynamic approach can lead to unstable routes

route dampening is used to reduce the fluctuations

BGP Routing Process

is used to reduce the fluctuations BGP Routing Process BGP Routing Process ► Routing process involves

BGP Routing Process

Routing process involves the following:

pool of routes that the router receives from its peer input policy engine that filter routes or manipulate their attributes decision process that decides which routes the router itself will use output policy engine the can filter routes or manipulate their attributes pool of routes that are advertised to other peers

BGP Routing Process

Input policy engine:

filtering is done on different parameters such as IP prefixes, AS_path information, and attribute information input policy engine also manipulates the path attributes to influence its own decision – filter certain network numbers, give certain route a better local preference, etc

BGP Routing Process BGP Routing Process NEXT_HOP Attribute: ► For EBGP next hop is the

BGP Routing Process

BGP Routing Process BGP Routing Process NEXT_HOP Attribute: ► For EBGP next hop is the IP

BGP Routing Process

NEXT_HOP Attribute:

For EBGP next hop is the IP address of the neighbor announcing the route

For IBGP sessions, for routes originated inside the AS, the next hop is the IP address of the neighbor that announced the route

Routes injected in AS via EBGP, next hop is carried unaltered

BGP Routing Process

AS_path attribute is a mandatory attribute

sequence of AS#s a route has traversed to reach a destination AS originating the route adds its own AS number when sending the route to its external BGP peers Each AS that transmits the sequence prepends its own AS# to the sequence – originating AS will be at the “end” of the sequence

BGP uses AS_path as part of the routing updates

BGP Routing Process

If route is advertised to the AS that originated it (loop), the AS_path attribute will contain the AS#, the AS will reject the route

will contain the AS#, the AS will reject the route BGP Routing Process ► Route aggregation

BGP Routing Process

Route aggregation involves summarizing ranges of routes into one or more CIDR blocks

drawback is the loss of granularity that existed in the specific routes that form the aggregate if AS_path information that existed in multiple routes are lost, routing loops can be created

BGP Routing Process

Private ASs:

to conserve AS numbers, InterNIC, generally does not assign a legal AS# to customers whose policies are extensions of providers

generally does not assign a legal AS# to customers whose policies are extensions of providers BGP

BGP Routing Process

generally does not assign a legal AS# to customers whose policies are extensions of providers BGP

BGP Routing Process

AS_path can be manipulated to affect interdomain routing behavior – BGP prefers shorter path over larger ones

include dummy AS#s to increase path lengths and influence the traffic

BGP Routing Process

path lengths and influence the traffic BGP Routing Process BGP Routing Process Path Vectors ► Route

BGP Routing Process

the traffic BGP Routing Process BGP Routing Process Path Vectors ► Route aggregation: BGP-4 supports

Path Vectors

Route aggregation:

BGP-4 supports “supernetting” to fully exploit CIDR Instead of representing addresses as 32-bit numbers 9.0.0.0, 128.96.0.0, or 192.4.18.0 a prefix notation is used: 9/8 (8-bit prefix), 128.96/16 (16-bit prefix), or 192.4.18/24 (24- bit prefix) to reduce the size of the routing tables -- route aggregation is performed

Path Vectors

AS T manages two class C networks

197.8.0/24 and 197.8.1/24 -- this can be represented by a 23-bit prefix 197.8.0/23 if there are two more ASs X and Y that use T as transit AS and they are allocated 197.8.3/24 and 197.8.4/24 respectively

Without route aggregation, AS T announces 3 routes to its neighbor Z

Path 1: through T, reaches 197.8.0/23 Path 2: through T, X, reaches 197.8.2/24 Path 3: through T, Y, reaches 197.8.3/24

Path Vectors

If Z wants to forward this path to one of its neighbors, it will place its own AS # in the front

Path: (Sequence (Z, T), Set (X, Y))

Sequence and set components are used for loop detection

Rule for path aggregation:

sequence components should be the intersection of all sequences set of components contain all the ASs mentioned in any of the paths to aggregate yet are not present in the aggregated sequence

Path Vectors

With route aggregation

Path 1: reaches 197.8.0/22

What is the path?

we cannot just list T, loop detection need the complete path listing a complete path like T, X, Y is misleading -- implies a three hop path

AS path attribute into two components:

ordered list -- AS sequence unordered set -- AS set Path: (Sequence (T), Set (X, Y))

Path Vectors

“Path vectors” is an important concept of the BGP

It provides for loop-free routing in complex topologies

Path Vectors

Can we use link state ideas?

by distributing to all external routers a complete map of the Internet (aggregated of course) let the routers compute the shortest paths Inter Domain Policy Routing (IDPR) is based on this idea a problem with this approach is updating the distributed maps OSPF recommends 200 routers for an OSPF area and there are definitely more than 200 ASs

Internal and External Peers

An external (border) router that learned about a path towards a network should update the local AS routing table

towards a network should update the local AS routing table Path Vectors ► In distance vector

Path Vectors

In distance vector protocol, all information about the route to a destination is concentrated in the “metric” value -- insufficient for fast loop resolution

BGP approach:

routing update carries a full list of ASs traversed between source and dest -- a loop occurs if an AS is listed twice in this list loop prevention: external router checks whether it is already listed on a path -- if so refuses to use it listing the complete path (list of AS numbers) causes the size of routing messages and memory needed for running the protocol to increase

Internal and External Peers

The AS path announced by D to C should include X and Z

The information available to D through IGP is that routes are available to X’s networks

this may not be enough to propagate useful BGP update message to C

BGP establishes an “internal” BGP connection will all the external routers in a AS -- connecting the external routers in a fully connected graph independent of the IGP

Internal and External Peers

Maintaining a fully connected graph is a very heavy requirement if the number of external (border) routers is large

Route reflectors are used to alleviate this problem – share the routes within the domain – need not have a full mesh.

Border Gateway Protocol

Because BGP uses TCP -- reliable protocol, it can exchange data incrementally BGP header:

BGP protocol includes a “delimitation” function that separates the byte stream into a set of independent messages

the byte stream into a set of i ndependent messages Border Gateway Protocol ► BGP runs

Border Gateway Protocol

BGP runs over the TCP -- delegating error control to TCP makes BGP design simpler Drawbacks of using TCP:

susceptible to congestion related problems this in turn could make the congestion even worse when BGP is carrying routing information needed to cure congestion could use “high” priority for such datagrams to reduce this types of problems

Border Gateway Protocol

The 16-byte marker is designed for security purposes

could be a cryptographic sum of the message and can only be checked after complete reception

Routers supporting BGP wait for BGP connections on port 179

a routing wanting to establish a connection first creates a TCP connection once connection established, OPEN message is sent

Border Gateway Protocol

OPEN message is used to negotiate association’s parameters

message is used to negotiate association’s parameters ► AS is set to the AS of the

AS is set to the AS of the sending router

BGP identifier is one of the IP interface addresses of the BGP router

Border Gateway Protocol

BGP Updates:

Once connection is established, BGP stations start exchanging “updates”

Updates can

advertise “unfeasible” routes -- routes that are withdrawn since the last update

Border Gateway Protocol

Hold time -- amount of time (in seconds) used by the “keep alive” procedure

Initialization could fail:

if the version is not supported by the peer if the authentication fails connection collision occurs when both BGP peers attempt to set up a connection simultaneously

Hold time defines the time that may elapse between two consecutive KEEPALIVE or UPDATE messages