A Systematic Approach to BGP Configuration Checking



Similar documents
Transitioning to BGP. ISP Workshops. Last updated 24 April 2013

How To Understand Bg

BGP Attributes and Path Selection

Using the Border Gateway Protocol for Interdomain Routing

Outline. EE 122: Interdomain Routing Protocol (BGP) BGP Routing. Internet is more complicated... Ion Stoica TAs: Junda Liu, DK Moon, David Zats

Exterior Gateway Protocols (BGP)

APNIC elearning: BGP Attributes

Bell Aliant. Business Internet Border Gateway Protocol Policy and Features Guidelines

Understanding Route Aggregation in BGP

BGP Best Path Selection Algorithm

Module 12 Multihoming to the Same ISP

BGP1 Multihoming and Traffic Engineering

Simple Multihoming. ISP/IXP Workshops

Multihoming and Multi-path Routing. CS 7260 Nick Feamster January

CS551 External v.s. Internal BGP

Border Gateway Protocol (BGP)

MPLS WAN Explorer. Enterprise Network Management Visibility through the MPLS VPN Cloud

BGP Link Bandwidth. Finding Feature Information. Prerequisites for BGP Link Bandwidth

Inter-domain Routing Basics. Border Gateway Protocol. Inter-domain Routing Basics. Inter-domain Routing Basics. Exterior routing protocols created to:

Multihomed BGP Configurations

MPLS Inter-AS VPNs. Configuration on Cisco Devices

BGP4 Case Studies/Tutorial

Internet inter-as routing: BGP

Configuring BGP. Cisco s BGP Implementation

Tutorial: Options for Blackhole and Discard Routing. Joseph M. Soricelli Wayne Gustavus NANOG 32, Reston, Virginia

Notice the router names, as these are often used in MPLS terminology. The Customer Edge router a router that directly connects to a customer network.

MPLS VPN Route Target Rewrite

- Border Gateway Protocol -

DD2491 p Load balancing BGP. Johan Nicklasson KTHNOC/NADA

Module 7. Routing and Congestion Control. Version 2 CSE IIT, Kharagpur

How To Set Up Bgg On A Network With A Network On A Pb Or Pb On A Pc Or Ipa On A Bg On Pc Or Pv On A Ipa (Netb) On A Router On A 2

APNIC elearning: BGP Basics. Contact: erou03_v1.0

BGP-4 Case Studies. Nenad Krajnovic.

Understanding Virtual Router and Virtual Systems

Examination. IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491

> Border Gateway Protocol (BGP-4) Technical Configuration Guide. Ethernet Routing Switch. Engineering

Routing Protocol - BGP

Load balancing and traffic control in BGP

Introduction Inter-AS L3VPN

no aggregate-address address mask [as-set] [summary-only] [suppress-map map-name] [advertise-map map-name] [attribute-map map-name]

Internet inter-as routing: BGP

BGP Basics. BGP Uses TCP 179 ibgp - BGP Peers in the same AS ebgp - BGP Peers in different AS's Private BGP ASN. BGP Router Processes

Advanced BGP Policy. Advanced Topics

BGP Link Bandwidth. Finding Feature Information. Contents

HP Networking BGP and MPLS technology training

Interdomain Routing. Outline

Gateway of last resort is to network

Doing Don ts: Modifying BGP Attributes within an Autonomous System

BGP as an IGP for Carrier/Enterprise Networks

Simple Multihoming. ISP Workshops. Last updated 30 th March 2015

BGP Support for Next-Hop Address Tracking

Load balancing and traffic control in BGP

BGP overview BGP operations BGP messages BGP decision algorithm BGP states

Description: Objective: Upon completing this course, the learner will be able to meet these overall objectives:

JUNOS Secure BGP Template

Week 4 / Paper 1. Open issues in Interdomain Routing: a survey

Why Is MPLS VPN Security Important?

MPLS RSVP-TE Auto-Bandwidth: Practical Lessons Learned

MPLS RSVP-TE Auto-Bandwidth: Practical Lessons Learned. Richard A Steenbergen <ras@gt-t.net>

basic BGP in Huawei CLI

BGP Multihoming. Why Multihome? Why Multihome? Why Multihome? Why Multihome? Why Multihome? Redundancy. Reliability

Exam Name: BGP + MPLS Exam Exam Type Cisco Case Studies: 3 Exam Code: Total Questions: 401

Lab 10: Confi guring Basic Border Gateway Protocol

MPLS VPN Implementation

ISP Case Study. UUNET UK (1997) ISP/IXP Workshops. ISP/IXP Workshops. 1999, Cisco Systems, Inc.

Understanding Large Internet Service Provider Backbone Networks

Border Gateway Protocol Best Practices

BGP Terminology, Concepts, and Operation. Chapter , Cisco Systems, Inc. All rights reserved. Cisco Public

Example: Advertised Distance (AD) Example: Feasible Distance (FD) Example: Successor and Feasible Successor Example: Successor and Feasible Successor

Understanding Route Redistribution & Filtering

The RouteNormalizer and Network Routing Anomalification

Cisco To Juniper. Thomas Mangin Exa Networks LINX 51

Cisco Exam CCIE Service Provider Written Exam Version: 7.0 [ Total Questions: 107 ]

IPv6 over MPLS VPN. Contents. Prerequisites. Document ID: Requirements

BGP Multihoming Techniques

BGP: Border Gateway Protocol

Fireware How To Dynamic Routing

Presentation_ID. 2001, Cisco Systems, Inc. All rights reserved.

Analyzing Capabilities of Commercial and Open-Source Routers to Implement Atomic BGP

BGP Multihoming Techniques. Philip Smith APRICOT 2013 Singapore 19 th February 1 st March 2013

Can Forwarding Loops Appear when Activating ibgp Multipath Load Sharing?

BGP Routing. Course Description. Students Will Learn. Target Audience. Hands-On

This feature was introduced. This feature was integrated in Cisco IOS Release 12.2(11)T.

MPLS VPN over mgre. Finding Feature Information. Prerequisites for MPLS VPN over mgre

netkit lab bgp: prefix-filtering Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group

BGP Route Analysis and Management Systems

Chapter 6: Implementing a Border Gateway Protocol Solution for ISP Connectivity

BGP Multihoming Techniques

MPLS-based Layer 3 VPNs

BGP: Frequently Asked Questions

Based on Computer Networking, 4 th Edition by Kurose and Ross

How to Configure BGP Tech Note

BSCI Module 6 BGP. Configuring Basic BGP. BSCI Module 6

Regaining MPLS VPN WAN Visibility with Route Analytics. Seeing through the MPLS VPN Cloud

Administra0via. STP lab due Wednesday (in BE 301a!), 5/15 BGP quiz Thursday (remember required reading), 5/16

MPLS Layer 2 VPNs Functional and Performance Testing Sample Test Plans

Transcription:

A Systematic Approach to BGP Configuration Checking Nick Feamster and Hari Balakrishnan M.I.T. Computer Science and Artificial Intelligence Laboratory {feamster,hari}@lcs.mit.edu http://nms.lcs.mit.edu/bgp/

BGP Configuration Determines Its Behavior Route injection, redistribution, aggregation Import and export route maps Access control lists, filtering AS Path prepending Communities Next-hop settings Route flap damping Timer settings BGP is a distributed program. We need practical verification techniques.

Today: Stimulus-response Reasoning "What happens if I tweak this import policy?" "Let s just readjust this IGP weight..." "New customer attachment point? Some cut-and-paste will fix that!" Some time later, some "strange behavior" appears. (OOPS! Revert.) Operators have a terrible "programming environment". Configuration is ad hoc and painful. Wastes operator time. Suboptimal performance, angry customers. Online error checking is insufficient. Won t catch misconfigured filters, redundant route reflectors, etc.

Verifying Configuration "Correctness" Why? Unlike most protocols, BGP s correctness depends heavily on how it is configured. How? Systematically, according to properties: enumerate aspects of configuration that affect it test that those aspects conform to certain rules Limitations? Some aspects involve cooperation across ASes; not really possible today. That s OK, plenty goes wrong inside of one AS, too.

Higher Level Reasoning About Configuration Verify the behavior of a particular configuration. Check "correctness properties". Check that the configuration conforms to intended behavior. More than a band-aid fix. Useful for any router configuration language. Specify configuration based on intended behavior. Configuring low-level mechanisms is error-prone. Specifying high-level intended behavior makes sense.

Example: Information-flow Control Simple rule: don t advertise routes from one peer to other peers.

Today: Specifying Policy with Mechanism Bad: Import/export route maps, ACLs, communities, etc. neighbor 10.0.0.1 route-map IMPORT-A in neighbor 10.0.0.1 route-map EXPORT-A out neighbor 192.168.0.1 route-map IMPORT-C in neighbor... 192.168.0.1 route-map EXPORT-C out ip... community-list 1 permit 0:1000 route-map IMPORT-C permit 10 set community 0:1000!... route-map EXPORT-A permit 10 match community 1!

Other Information-flow Control Examples Goal: Verify that route advertisements conform to intended information-flow policy. Partial peering Controlling prefix propagation Bogons "No Export" prefixes Conditional advertisements Signalling (e.g., with communities)

Higher Level Reasoning about "Correctness" Validity: Does it advertise invalid routes? Bogus route injection, persistent forwarding loops, etc. Visibility: Does every valid path have a route? Session resets, missing sessions, damped routes, etc. Safety: Will it converge to a unique, stable answer? Policy-induced oscillation Determinism: Answer depend on orderings, etc.? Irrelevant route alternatives can affect outcomes. Information-flow control: Expose information? Accidental route leaks to neighbors, etc.

We are developing a tool that checks correctness constraints for configuration. RoLex (Routing Lexer)

RoLex: Configuration Verification Suite Two distinct parts that parse IOS configs. Pattern-based constraint checker Control flow analyzer Rules Cisco IOS Pattern Based Constraint Checker Control Flow Analyzer Property Violations High level Network Summary (Web based interface) Send requests for more tools, features, etc! http://nms.lcs.mit.edu/bgp/rolex/

Pattern-Based Rule Checker: Usage Easy: simple as running a script cd rolex/perl/src/pattern-rules/tests/./nh-reachability-test.pl (or whatever) Chomps on all configs at once. Running time depends on network size, test, etc. Network-wide checking is built-in.

Pattern-Based Rule Checker: Sample Output Validity Test found ebgp on atlga-gw1 (AS 65000) ebgp: no next-hop-self atlga-gw1 (10.215.0.113) ERROR: 10.215.0.113 not in ibgp/igp (ebgp session)... Visibility Test ERROR: no _r2 with loopback 10.0.1.65 (from bosma-gw) ERROR: no _r2 with loopback 10.123.197.110 (from bosma-rr1) ERROR: no _r2 with loopback 10.123.197.110 (from bosma-rr2)... ERROR: laxca-gw has NO "router bgp" statement... Determinism Test atlga-rr2: deterministic-med OK ERROR: atlga-gw2 has no deterministic-med ERROR: attga-gw3 has no deterministic-med... wswdc-rr1: compare-routerid OK ERROR: wswdc-gw2 has no compare-routerid statement

Under the Hood: A Pattern-Based RoLex Rule Start r1: router bgp a1 {neighbor n2 remote-as a2} a1==a2 or a2 a sub-as? No Yes ebgp session to n2 (AS a2) continue with inter-as test cases _END_ Looking for n2 in IGP r1: router bgp a1 {neighbor n2 next-hop-self} _END_ r2: interface { ip address n2 } ERROR: next-hop not in AS n2 in AS at r2 router ospf { network [prefix containing n2] } _END_ Next-hop reachability OK ERROR: next-hop in AS, but not in IGP

Under the Hood: A Pattern-Based RoLex Rule Start r1: router bgp a1 {neighbor n2 remote-as a2} a1==a2 or a2 a sub-as? No Yes ebgp session to n2 (AS a2) continue with inter-as test cases _END_ Looking for n2 in IGP r1: router bgp a1 {neighbor n2 next-hop-self} _END_ r2: interface { ip address n2 } ERROR: next-hop not in AS n2 in AS at r2 router ospf { network [prefix containing n2] } _END_ Next-hop reachability OK ERROR: next-hop in AS, but not in IGP

Writing a Pattern-Based RoLex Rule RoLex provides finite-state machinery Rules are simple: 41 lines of code for next-hop test Rules specify "nodes" and "transitions". $no_nh_self_ebgp = sub { print STDERR $fsm->substitute_def_bindings("ebgp: no next-hop-self _r1 (_n2)\n"); $fsm->transition( _r1: router bgp _a1 [[ network _n3 mask _m3 <contains(_n3/_m3, _n2)>]],1)->($ok); &$ERROR( _n2 not in ibgp/igp (ebgp session) ); }; Figuring out "boundary" between users, developers, etc.

Control Flow Analyzer Some constraints (e.g., import/export policies) best expressed in terms of higher-level semantics. Abstracts mechanisms, gives operators a higher-level view of network configuration. Rules Cisco IOS Pattern Based Constraint Checker Control Flow Analyzer Property Violations High level Network Summary (Web based interface)

Control Flow Analyzer: Features Graph the network at router-level, labelling route maps on edges. Database-backed Web interface. View the number of BGP sessions to each AS. View sessions, import and export route maps: by router associated with a particular remote AS Easily compare policies across routers. Policies are "normalized" according to what they do, not what they are called.

Control Flow Analyzer: Network Graph./cflow.pl --graph=dot,ebgp Visualization of import and export policies. Routers are nodes, edges are BGP sessions, labels are policies. Useful for small networks, sections of larger networks.

Control Flow Analyzer: View by Router View all BGP sessions on a particular router. Route maps normalized by mechanism.

Control Flow Analyzer: Sessions per AS Network-wide view of ebgp and ibgp sessions. Can then "drill down" on sessions to a particular AS.

Control Flow Analyzer: Sessions per AS Network-wide view of ebgp and ibgp sessions. Can then "drill down" on sessions to a particular AS.

Control Flow Analyzer: View By Neighbor AS Network-wide view of import/export policies to an AS. Easy to see when differences exist.

Control Flow Analyzer: View By Neighbor AS Network-wide view of import/export policies to an AS. Easy to see when differences exist.

Control Flow Analyzer: Route Map Diffs

RoLex: Configuration Verification Suite Two distinct tools that parse IOS configs. Pattern-based constraint checker Control flow analyzer Rules Cisco IOS Pattern Based Constraint Checker Control Flow Analyzer Property Violations High level Network Summary (Web based interface)

RoLex: Configuration Verification Suite Future work: Check high-level properties. Operator inputs high-level specification High-level network properties checked against constraints Rules Cisco IOS Pattern Based Constraint Checker Control Flow Analyzer Property Violations High level Network Summary (Web based interface) High level Property Specification Control Flow Constraint Checker Property Violations

Today: Implementing Policy with Mechanism Bad: Import/export route maps, ACLs, communities, etc. neighbor 10.0.0.1 route-map IMPORT-A in neighbor 10.0.0.1 route-map EXPORT-A out neighbor 192.168.0.1 route-map IMPORT-C in neighbor... 192.168.0.1 route-map EXPORT-C out ip... community-list 1 permit 0:1000 route-map IMPORT-C permit 10 set community 0:1000!... route-map EXPORT-A permit 10 match community 1!

Ideas for Specifying Information-flow Policy Better: Lattice model. Key Challenge: Specification (future work)

Control Flow Analyzer: Summary Bird s eye view of network: browsing policies. Good for spotting anomalies, etc. Easy to navigate. Other features: View all routers Restricted views only ebgp (or ibgp) sessions only import (or export) policies Group by common import/export policies Coming soon: Specific queries about routes. Verify against high-level policy specs (e.g., "lattice").

Towards Intent-based Configuration Verification requires a specification of intent, which can inspire configuration language design. How to specify the information flow lattice? Must be intuitive. Must express varying levels of detail (i.e., AS-level, session-level, prefix-level, etc.) Must express positive requirements, too. Expressing intended behavior will improve routing. Verification: check existing configurations against intent. Synthesis: generate configurations according to intent.

Many Thanks Jennifer Rexford Randy Bush

Shameless Plea This tool will only be useful with operator input. You need better configuration management tools. I need to graduate. http://nms.lcs.mit.edu/bgp/rolex Download the tool, and test it on your configuration. Or...I ll happily test it on your configurations (will write new tests, too). Send feedback, feature requests, etc.