How NOC manages and controls inter-domain traffic? 5 th tf-noc meeting, Dubrovnik nino.ciurleo@garr.it

Transcription

1 How NOC manages and controls inter-domain traffic? 5 th tf-noc meeting, Dubrovnik nino.ciurleo@garr.it

2 Agenda Inter-domain traffic: o how does NOC monitor and control it? Common case as example: new BGP peer activation -> new uncontrolled traffic balance Tools: o Control plane bgpviz (Ripe RIS) -> partial or limited information o Traffic port counters -> indistinct traffic Class usage counters -> AS peer stats only Netflow data -> AS origin per port stats How to collect AS origin data o Implementation Example: GARR AsTracker

3 Inter-domain traffic border traffic BGP protocol

4 Inter-domain traffic peers differ in: policy cost type of traffic

5 Inter-domain traffic: asymmetries

6 Inter-domain traffic: balancing

7 Common case: new peering

8 New traffic balance Due to unpredictable reason (often commercial policy) some traffic moves from some peer to new one

9 New traffic balance Interface counters show how much traffic swapped on new peer, but what traffic is moved from old peers to new one?

10 Available helpful tools: Control plane obgpviz (Ripe RIS) Traffic oport counters ofirewall filter counters onetflow data deployment effort ascending order

11 Ripe RIS / BGPViz Worldwide distributed route servers collect bgp routes Historical world bgp data. bgp update graphical visualization

12 Ripe RIS / BGPViz It help to understand inter-domain traffic reroutes Limits: few collection points (RIS route servers) = some ASes only no traffic amount information

13 Ripe RIS / BGPViz Make a request about a worldwide announced network timeslot selection

14 Ripe RIS / BGPViz

15 Ripe RIS / BGPViz update LOG example: changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to changing path from to

16 Interface counters got by snmp protocol interface aggregated traffic o no details about moved traffic

17 Class usage counters Source and Destination Class Usage as-path based counters useful for IXP peering o peer aggregate traffic number of class usage limited

18 Netflow data IP flow data: got by Netflow protocol IP flow (unidirectional) data: o protocol o IP addresses, o TCP/UDP ports, o AS numbers, o input/output interfaces, o TCP flags, o counters(bytes, pkts, flows) two choices: AS peer or AS origin It is possible to get worldwide AS stats ~ AS stats historical data (RRD files) per interface AS stats, good for analysis on: o balancing o asymmetries o re-routing

19 How to collect AS data implementation example = GARR AsTracker AS ranks single flow deep analysis simple AS stats multi AS (stacked) stats per user-as couple analysis

20 GARR AsTracker Real-time views Historical views data grouped by type: research commodity peer national IXPs direct peering Aggregates: by group stacked

21 GARR AsTracker backend: o make RRD o fill a database with AS stats for ranking pourpose o written in C language frontend o GUI: AS live ranking graph generation aggregations deep flow inspection o written in php (nfsen plugin)

22 GARR AsTracker homepage (live) all group aggregate "stacked" (some ASes) peer view

23 GARR AsTracker AS Traffic ranks: by peer by group general one week one month three months

24 GARR AsTracker deep flow inspection: o by site lookup function o by flow

25 GARR AsTracker AsTracker is used for: load balancing and billing policies control inter-domain routing troubleshooting Network planning

26 Example of use: new BGP peer = new traffic balance Telia + GlobalCrossing + Level3 New peering: Cogent

27 Tiscali AS example Telia (dismissed in september) Level3 GlobalCrossing Cogent (activated in november)

28 Tiscali AS example All TISCALI incoming traffic flows through GlobalCrossing All upcoming traffic is balanced flows through all commodity peers (GlobalCrossing, Level3 and Cogent)

29 Tiscali AS example

30 Tiscali AS example Traffic "close" to Rome goes through Cogent: RT.RM2-RE0>show route inet.0: destinations, routes ( active, 5 holddown, 614 hidden) + = Active Route, - = Last Active, * = Both /15 *[BGP/170] 2w6d 14:15:08, MED 11010, localpref 100 AS path: I > to via ge-4/1/0.44 [BGP/170] 2w3d 13:36:53, MED 0, localpref 100, from AS path: I > via so-4/0/0.0 [BGP/170] 1w1d 05:16:08, MED 2503, localpref 100, from AS path: I > via so-4/0/0.0 HOT POTATO!

31 Tiscali AS example Traffic "close" to Milan goes through Level3: RT.MI2-RE0> show route inet.0: destinations, routes ( active, 10 holddown, 249 hidden) + = Active Route, - = Last Active, * = Both /15 *[BGP/170] 2w3d 13:43:03, MED 0, localpref 100, from AS path: I > to via so-0/0/0.0 to via so-5/2/0.0 [BGP/170] 1w1d 05:22:18, MED 2503, localpref 100, from AS path: I > via so-3/0/0.0 [BGP/170] 2w6d 14:21:18, MED 11010, localpref 100, from AS path: I > via so-4/0/0.0 HOT POTATO!

32 Thanks for listening Questions?

33

34 Netflow data In case of IXP peerings, it is possible to understand what peer send our AS traffic with mac layer accounting data. This feature is supported by Netflow version 9 and IPFIX protocols only.

35