NetFlow & BGP multi-path: quo vadis?

Similar documents
NetFlow & BGP multi-path: quo vadis?

! JANOG36!BoF!! JANOG36!mee:ng,!Kitakyushu!!Jul!2015!

pmacct: introducing BGP natively into a NetFlow/sFlow collector

Traffic analysis with NetFlow

pmacct: introducing BGP na2vely into a NetFlow/sFlow collector

UltraFlow -Cisco Netflow tools-

Cisco IOS Flexible NetFlow Technology

SonicOS 5.8: NetFlow Reporting

Scalable Extraction, Aggregation, and Response to Network Intelligence

Introduction to Netflow

Netflow Overview. PacNOG 6 Nadi, Fiji

Viete, čo robia Vaši užívatelia na sieti? Roman Tuchyňa, CSA

Appendix A Remote Network Monitoring

Net-flow. PacNOG 6 Nadi, Fiji

Symantec Event Collector for Cisco NetFlow version 3.7 Quick Reference

Network Monitoring and Management NetFlow Overview

NFQL: A Tool for Querying Network Flow Records [6]

EMIST Network Traffic Digesting (NTD) Tool Manual (Version I)

BGP FORGOTTEN BUT USEFUL FEATURES. Piotr Wojciechowski (CCIE #25543)

Collec+ng NetFlow with pmacct

Building A Cheaper Peering Router. (Actually it s more about buying a cheaper router and applying some routing tricks)

BGP Best Path Selection Algorithm

Monitoring BGP and Route Leaks using OpenBMP and Apache Kafka

Network traffic telemetry (NetFlow, IPFIX, sflow)

Monitoring and Troubleshooting BGP Neighbor Sessions

Enabling NetFlow on Virtual Switches ESX Server 3.5

Network Management & Monitoring

IPv6 over IPv4/MPLS Networks: The 6PE approach

IPv6 network management. 6DEPLOY. IPv6 Deployment and Support

IPv6 network management. Where and when?

Collec'ng NetFlow with pmacct

Wireshark Developer and User Conference

Methods of interconnecting MPLS Networks

APNIC elearning: BGP Attributes

Configuring NetFlow Data Export (NDE)

BGP Basics. BGP Uses TCP 179 ibgp - BGP Peers in the same AS ebgp - BGP Peers in different AS's Private BGP ASN. BGP Router Processes

BGP overview BGP operations BGP messages BGP decision algorithm BGP states


Advanced BGP Policy. Advanced Topics

Bell Aliant. Business Internet Border Gateway Protocol Policy and Features Guidelines

IPV6 流 量 分 析 探 讨 北 京 大 学 计 算 中 心 周 昌 令

Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP

TEIN2 Measurement and Monitoring Workshop Netflow.

Flow Analysis Versus Packet Analysis. What Should You Choose?

Exploiting BGP Scoping Services to Violate Internet Transit Policies

APNIC elearning: BGP Basics. Contact: erou03_v1.0

Securing and Monitoring BYOD Networks using NetFlow

Introduction to Cisco IOS Flexible NetFlow

The Value of Flow Data for Peering Decisions

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

Netflow Application Upgrade

IPv6 over MPLS VPN. Contents. Prerequisites. Document ID: Requirements

DDoS Mitigation Techniques

Collection and Analysis of data for Inter-domain Traffic Engineering

RFC 2547bis: BGP/MPLS VPN Fundamentals

Edge-1#show ip route Routing entry for /24. Known via "bgp 65001", distance 200, metric 0. Tag 65300, type internal

Anycast Rou,ng: Local Delivery. Tom Daly, CTO h<p://dyn.com Up,me is the Bo<om Line

Transitioning to BGP. ISP Workshops. Last updated 24 April 2013

plixer Scrutinizer Competitor Worksheet Visualization of Network Health Unauthorized application deployments Detect DNS communication tunnels

Basic Configuration Examples for BGP

BGP Attributes and Path Selection

BGP Router Startup Message Flow

How To Use Netflow On Cisco Ios V (V2.4) And V2 (V3.3) (V1.4).4.2.2) (Cisco V

TE in action. Some problems that TE tries to solve. Concept of Traffic Engineering (TE)

How NOC manages and controls inter-domain traffic? 5 th tf-noc meeting, Dubrovnik nino.ciurleo@garr.it

AT&T Managed IP Network Service (MIPNS) MPLS Private Network Transport Technical Configuration Guide Version 1.0

Plugging Network Security Holes using NetFlow. Loopholes in todays network security solutions and how NetFlow can help

LogLogic Cisco NetFlow Log Configuration Guide

Enhancing Network Monitoring with Route Analytics

AUTOMATED SYSTEM FOR LOAD-BALANCING EBGP PEERS

NetFlow/IPFIX Various Thoughts

Firewall-on-Demand. GRNET s approach to advanced network security services management via bgp flow-spec and NETCONF. Leonidas Poulopoulos

CLOS IP FABRICS WITH QFX5100 SWITCHES

DD2491 p Load balancing BGP. Johan Nicklasson KTHNOC/NADA

Passively Detecting Remote Connectivity Issues Using Flow Accounting. 2nd EMANICS Workshop on Netflow/IPFIX usage in network management

How To Understand Bg

CS 457 Lecture 19 Global Internet - BGP. Fall 2011

Cisco IOS NetFlow Version 9 Flow-Record Format

Border Gateway Protocol BGP4 (2)

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

NetFlow: What is it, why and how to use it? Miloš Zeković, ICmyNet Chief Customer Officer Soneco d.o.o.

Overview. Why use netflow? What is a flow? Deploying Netflow Performance Impact

HP Networking BGP and MPLS technology training

BGP Link Bandwidth. Finding Feature Information. Prerequisites for BGP Link Bandwidth

Class of Service (CoS) in a global NGN

How Routers Forward Packets

CISCO IOS NETFLOW AND SECURITY

CISCO INFORMATION TECHNOLOGY AT WORK CASE STUDY: CISCO IOS NETFLOW TECHNOLOGY

Lab Characterizing Network Applications

LAB II: Securing The Data Path and Routing Infrastructure

Understanding Route Redistribution & Filtering

NetFlow Services and Applications

MPLS-based Layer 3 VPNs

Application Note. Failover through BGP route health injection

NetFlow FlowAnalyzer Overview

WAN Topologies MPLS. 2006, Cisco Systems, Inc. All rights reserved. Presentation_ID.scr Cisco Systems, Inc. All rights reserved.

BGP and Traffic Engineering with Akamai. Christian Kaufmann Akamai Technologies MENOG 14

Border Gateway Protocol (BGP)

IPv6 network management. Malta, April 2006

SonicOS 5.8: NetFlow Reporting

Transcription:

NetFlow & BGP multi-path: quo vadis? Paolo Lucente <paolo@pmacct.net> Elisa Jasinska <elisa@netflix.com> Netnod, Stockholm

Agenda About Netflix About pmacct Brief digression on BGP ADD-PATHS Putting all the pieces together 2

About Netflix 3

Netflix Elisa was supposed to explain some things about Netflix, but she is at the office in California this week 4

5

Netflix CDN: Open Connect In house CDN Designed for efficient video delivery Many POPs No backbone Hardware: ASR, MX and Arista 7500e Delivery via: Servers embedded in access network Peering Transit CACHES CACHES AS40027 AS40027 MX or ASR AS2906 router CACHES CACHES AS40027 AS40027 TRANSIT IX PEER https://www.netflix.com/openconnect 6

Network Design at Netflix AS2906 AS2906 AS2906 AS2906 AS2906 AS2906 AS2906 7

Egress BGP Hacks In many cases, too much traffic for 1,2 or even 4 egress partners to handle CACHES CACHES AS40027 AS40027 CACHES CACHES AS40027 AS40027 Use of multi-path via different ASN s TRANSIT #1 TRANSIT #2 1/8 2/8 MX or ASR AS2906 router 3/8 TRANSIT #3 2/8 IX PEER 192.168.1.0/24 TRANSIT #4 8

Flow Accounting at Netflix Primary goal: peering analysis How much traffic is being exchanged with which ASN? How do they perform? Software: pmacct NetFlow/IPFIX augmented by BGP using pmacct Problem: multi-path, not only one single best path 9

About pmacct 10

pmacct is open source, free, GPL ed software 11

pmacct a couple of non-technical facts 10+ years old project Can t spell the name after the second drink Free, open-source, independent Under active development Innovation being introduced Well deployed around, also large SPs Aims to be the traffic accounting tool closer to the SP community needs 12

pmacct a couple technical facts Pervasive data-reduction techniques, ie.: Data aggregation Tagging and filtering Sampling Ability to build multiple views out of the very same collected network traffic dataset, ie.: Unaggregated to flat-files for security and forensic purposes Aggregated as [ <ingress router>, <ingress interface>, <BGP next-hop>, <peer destination ASN> ] to build an internal traffic matrix for capacity planning purposes 13

pmacct and BGP BGP at the collector? Telemetry reports on forwarding-plane, and a bit more Extended visibility into control-plane information pmacct introduced a Quagga-based BGP daemon Implemented as a parallel thread within the collector Doesn t send UPDATEs; passive neighbor Maintains per-peer BGP RIBs Supports 32-bit ASNs; IPv4, IPv6 and VPN families Caveats: BGP mul/- path is not supported Outdated! 14

Brief digression on BGP ADD-PATHS 15

On BGP ADD-PATHS A BGP extension that allows the advertisement of multiple paths for the same address prefix without the new paths implicitly replacing any previous ones Draft at IETF: draft-ietf-idr-add-paths-09 16

On BGP ADD-PATHS New BGP capability, new NLRI encoding: +--------------------------------+ Path Identifier (4 octets) +--------------------------------+ Length (1 octet) +--------------------------------+ Prefix (variable) +--------------------------------+ Capability number: 69 17

On BGP ADD-PATHS BGP ADD-PATHS covers several use cases: Mostly revolving around actual routing Extra path flooding questioned in such context (*) Our use-case for BGP ADD-PATHS is around monitoring applications: Not much talk yet in such context Proposal to mark best-paths to benefit monitoring applications: draft-bgp-path-marking (Cardona et al.) (*) http://www.nanog.org/meetings/nanog48/presentations/tuesday/raszuk_to_addpaths_n48.pdf 18

Putting all the pieces together: NetFlow and BGP ADD-PATHS with pmacct at Netflix 19

Wait, so what s the problem? BGP multi-path, traffic not only sent to a single best path pmacct is only aware of the best from its BGP feed BGP Multi-path 192.168.1.0/24 [BGP/170] 3w0d 01:19:58, MED 100, localpref 200 AS path: 789 I, validation-state: unverified > to 10.0.0.1 via ae12.0 [BGP/170] 3w0d 01:15:44, MED 100, localpref 100 AS path: 123 456 789 I, validation-state: unverified > to 10.0.0.2 via ae8.0 [BGP/170] 3w0d 01:13:48, MED 100, localpref 100 AS path: 321 654 789 I, validation-state: unverified > to 10.0.0.3 via ae10.0 [BGP/170] 3w0d 01:18:24, MED 100, localpref 100 AS path: 213 546 789 I, validation-state: unverified > to 10.0.0.4 via ae1.0 Traditional BGP to pmacct * 192.168.1.0/24 10.0.0.1 100 200 789 I 20

BGP ADD-PATHS FTW! ADD-PATHS provides visibility into the N best-paths BGP Multi-path 192.168.1.0/24 [BGP/170] 3w0d 01:19:58, MED 100, localpref 200 AS path: 789 I, validation-state: unverified > to 10.0.0.1 via ae12.0 [BGP/170] 3w0d 01:15:44, MED 100, localpref 100 AS path: 123 456 789 I, validation-state: unverified > to 10.0.0.2 via ae8.0 [BGP/170] 3w0d 01:13:48, MED 100, localpref 100 AS path: 321 654 789 I, validation-state: unverified > to 10.0.0.3 via ae10.0 [BGP/170] 3w0d 01:18:24, MED 100, localpref 100 AS path: 213 546 789 I, validation-state: unverified > to 10.0.0.4 via ae1.0 BGP ADD-PATH to pmacct * 192.168.1.0/24 10.0.0.1 100 200 789 I 10.0.0.2 100 100 123 456 789 I 10.0.0.3 100 100 321 654 789 I 10.0.0.4 100 100 213 546 789 I 21

pmacct and BGP ADD-PATHS In early Jan 2014 pmacct BGP integration got support for BGP ADD-PATHS GA as part of 1.5.0rc3 version (Apr 2014) Why BGP ADD-PATHS? Selected over BMP since it allows to not enter the exercise of parsing BGP policies True, post-policies BMP exists but it s much less implemented around and hence not felt the way to go 22

NetFlow/IPFIX and BGP ADD-PATHS OK, so we have visibility in the N best-paths.... but how to map NetFlow traffic onto them? We don t want to get in the exercise of hashing traffic onto paths ourselves as much as possible NetFlow will tell! BGP next-hop in NetFlow is used as selector to tie the right BGP information to traffic data Initially concerned if the BGP NextHop in NetFlow would be of any use to determine the actual path We verified it accurate and consistent across vendors 23

NetFlow/IPFIX and BGP ADD-PATHS NetFlow SrcAddr: 10.0.1.71 DstAddr: 192.168.1.148 NextHop: 10.0.0.3 InputInt: 662 OutputInt: 953 Packets: 2 Octets: 2908 Duration: 5.112000000 sec SrcPort: 80 DstPort: 33738 TCP Flags: 0x10 Protocol: 6 IP ToS: 0x00 SrcAS: 2906 DstAS: 789 SrcMask: 26 (prefix: 10.0.1.64/26) DstMask: 24 (prefix: 192.168.1.0/24) BGP ADD-PATH to pmacct * 192.168.1.0/24 10.0.0.1 100 200 789 I 10.0.0.2 100 100 123 456 789 I 10.0.0.3 100 100 321 654 789 I 10.0.0.4 100 100 213 546 789 I 24

Netflix + NetFlow/IPFIX + pmacct + ADD-PATHS Multiple pmacct servers in various locations NetFlow is being exported to the pmacct servers: Mix of NetFlow v5, v9 and IPFIX BGP ADD-PATHS is being set up between routers and the pmacct servers Sessions configured as ibgp, RR-client Juniper ADD-7 (maximum) Cisco ADD-ALL 25

Thanks!! Questions? Paolo Lucente <paolo@pmacct.net> Elisa Jasinska <elisa@netflix.com> 26

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information