Border Gateway Protocol Exterior routing protocols created to: control the expansion of routing tables provide a structured view of the Internet by segregating routing domains into separate administrations called Autonomous systems (AS) each AS can have an independent routing policy Autonomous system (AS): set of routers have a single routing policy running under a single administration could be a collection of IGPs working together to provide interior routing Outside world AS looks like a single entity identified by a AS# Routing information between ASs exchanged by the Border Gateway Protocol (BGP) 1
Stub AS: An AS is considered stub when it reaches networks outside it domain via a single exit point Stub AS is single-homed with respect to its provider Stub AS uses from the private pool 65412-65535 Stub AS need not learn any AS-level routes just use a default route to provider AS Multihomed Nontransit AS AS is multihomed if it has more than one exit point to outside AS can be multihomed to a single or multiple providers Nontransit AS does not allow transit traffic to go through it Transit traffic has source and destination outside the AS A nontransit AS would only advertise its own routes and not routes it learned from others Other ASs can force traffic through a nontransit multihomed AS AS must filter traffic to prevent this Multihomed Transit AS Allows transit traffic to pass through BGP can be used as a pipe to exchange BGP updates within an AS Internal BGP (IBGP) BGP connections between ASs called External BGP (EBGP) Routers running EBGP called border routers and IBGP called transit routers 2
BGP is a path vector protocol used to carry routing information between ASs Path refers to a sequence of AS#s indicating the path traversed Two BGP routers forming a transport level connection to exchange information is called peers Initially, all candidate routes are exchanged Incremental updates (deltas) are sent as network information changes BGP message header is given below Marker field (16-bytes) used to authenticate the incoming BGP message BGP message length can be in [19-4096] bytes BGP message types: OPEN: UPDATE NOTIFICATION KEEPALIVE 3
OPEN message: opens a connection between BGP peers should be completed for successful BGP operation exchanges the following information AS# (2 byte field), hold time (maximum amount of time in seconds that can elapse between successive KEEPALIVE or UPDATE message), BGP identifier, optional parameters, optional parameter length NOTIFICATION message: when an error is detected after a BGP connection is established, a BGP peer sends a NOTIFICATION message before closing the peer connection administrators need to examine the NOTIFICATION message to determine the cause of the error KEEPALIVE message: these messages are exchanged between peers to determine reachability keepalive messages are sent at a rate that ensures that the hold time will not expire UPDATE message: update messages use the following: network layer reachability information (NLRI) path attributes unreachable routes NLRI is given using IP prefixes to be compatible with CIDR 4
BGP path attributes are used to keep track of route specific information: degree of preference next hop value of a route aggregation information NLRI network layer reachability information Building Peer Sessions When neighbor sessions are established during OPEN peer routers use AS#s to determine whether they are in the same AS or not IBGP or EBGP is used based on this information Building Peer Sessions Normally external BGP routers are restricted to be connected by the same network segment 5
Building Peer Sessions Synchronization within an AS BGP must be synchronized with IGP such that it waits until the IGP has propagated routing information across AS before advertising transit routes to other ASs if advertised before, the AS may receive traffic that cannot be routed! when a router receives updates from an IBGP peer it should verify the reachability using IGP before advertising to other EBGP peers Building Peer Sessions Injecting BGP routes into AS is costly: distributing routes from BGP into IGP results in major overhead on internal routers carrying all external routes into an AS is unnecessary internal non-bgp routers can use default exit BGP (border or transit) routers to leave AS this may be suboptimal Sources of Routing Updates Injecting information statically into BGP: proves to be most effective in ensuring route stability IGP routes (or aggregates) that need to be advertised are manually defined as static routes static routes have the disadvantage that the routes may not accurately reflect the current state not much of a problem for single point updates for multiple point updates, black holes can be created destination actually reachable but routes are incorrect Sources of Routing Updates Injecting information dynamically into BGP: can be divided into purely dynamic where all IGP routes are redistributed into BGP semidynamic where only certain IGP routes are injected into BGP semidynamic allows the administrators to choose which routes should be advertised distributing the whole of IGP routes into BGP can cause information leakage 6
Sources of Routing Updates Dynamic approach can lead to unstable routes route dampening is used to reduce the fluctuations Routing process involves the following: pool of routes that the router receives from its peer input policy engine that filter routes or manipulate their attributes decision process that decides which routes the router itself will use output policy engine the can filter routes or manipulate their attributes pool of routes that are advertised to other peers Input policy engine: filtering is done on different parameters such as IP prefixes, AS_path information, and attribute information input policy engine also manipulates the path attributes to influence its own decision filter certain network numbers, give certain route a better local preference, etc 7
NEXT_HOP Attribute: For EBGP next hop is the IP address of the neighbor announcing the route For IBGP sessions, for routes originated inside the AS, the next hop is the IP address of the neighbor that announced the route Routes injected in AS via EBGP, next hop is carried unaltered AS_path attribute is a mandatory attribute sequence of AS#s a route has traversed to reach a destination AS originating the route adds its own AS number when sending the route to its external BGP peers Each AS that transmits the sequence prepends its own AS# to the sequence originating AS will be at the end of the sequence BGP uses AS_path as part of the routing updates 8
If route is advertised to the AS that originated it (loop), the AS_path attribute will contain the AS#, the AS will reject the route Private ASs: to conserve AS numbers, InterNIC, generally does not assign a legal AS# to customers whose policies are extensions of providers Route aggregation involves summarizing ranges of routes into one or more CIDR blocks drawback is the loss of granularity that existed in the specific routes that form the aggregate if AS_path information that existed in multiple routes are lost, routing loops can be created 9
AS_path can be manipulated to affect interdomain routing behavior BGP prefers shorter path over larger ones include dummy AS#s to increase path lengths and influence the traffic Path Vectors Route aggregation: BGP-4 supports supernetting to fully exploit CIDR Instead of representing addresses as 32-bit numbers 9.0.0.0, 128.96.0.0, or 192.4.18.0 a prefix notation is used: 9/8 (8-bit prefix), 128.96/16 (16-bit prefix), or 192.4.18/24 (24- bit prefix) to reduce the size of the routing tables -- route aggregation is performed 10
Path Vectors AS T manages two class C networks 197.8.0/24 and 197.8.1/24 -- this can be represented by a 23-bit prefix 197.8.0/23 if there are two more ASs X and Y that use T as transit AS and they are allocated 197.8.3/24 and 197.8.4/24 respectively Without route aggregation, AS T announces 3 routes to its neighbor Z Path 1: through T, reaches 197.8.0/23 Path 2: through T, X, reaches 197.8.2/24 Path 3: through T, Y, reaches 197.8.3/24 Path Vectors With route aggregation Path 1: reaches 197.8.0/22 What is the path? we cannot just list T, loop detection need the complete path listing a complete path like T, X, Y is misleading -- implies a three hop path AS path attribute into two components: ordered list -- AS sequence unordered set -- AS set Path: (Sequence (T), Set (X, Y)) Path Vectors If Z wants to forward this path to one of its neighbors, it will place its own AS # in the front Path: (Sequence (Z, T), Set (X, Y)) Sequence and set components are used for loop detection Rule for path aggregation: sequence components should be the intersection of all sequences set of components contain all the ASs mentioned in any of the paths to aggregate yet are not present in the aggregated sequence Path Vectors Path vectors is an important concept of the BGP It provides for loop-free routing in complex topologies 11
Path Vectors Can we use link state ideas? by distributing to all external routers a complete map of the Internet (aggregated of course) let the routers compute the shortest paths Inter Domain Policy Routing (IDPR) is based on this idea a problem with this approach is updating the distributed maps OSPF recommends 200 routers for an OSPF area and there are definitely more than 200 ASs Path Vectors In distance vector protocol, all information about the route to a destination is concentrated in the metric value -- insufficient for fast loop resolution BGP approach: routing update carries a full list of ASs traversed between source and dest -- a loop occurs if an AS is listed twice in this list loop prevention: external router checks whether it is already listed on a path -- if so refuses to use it listing the complete path (list of AS numbers) causes the size of routing messages and memory needed for running the protocol to increase Internal and External Peers An external (border) router that learned about a path towards a network should update the local AS routing table Internal and External Peers The AS path announced by D to C should include X and Z The information available to D through IGP is that routes are available to X s networks this may not be enough to propagate useful BGP update message to C BGP establishes an internal BGP connection will all the external routers in a AS -- connecting the external routers in a fully connected graph independent of the IGP 12
Internal and External Peers Maintaining a fully connected graph is a very heavy requirement if the number of external (border) routers is large Route reflectors are used to alleviate this problem share the routes within the domain need not have a full mesh. Border Gateway Protocol BGP runs over the TCP -- delegating error control to TCP makes BGP design simpler Drawbacks of using TCP: susceptible to congestion related problems this in turn could make the congestion even worse when BGP is carrying routing information needed to cure congestion could use high priority for such datagrams to reduce this types of problems Border Gateway Protocol Because BGP uses TCP -- reliable protocol, it can exchange data incrementally BGP header: BGP protocol includes a delimitation function that separates the byte stream into a set of independent messages Border Gateway Protocol The 16-byte marker is designed for security purposes could be a cryptographic sum of the message and can only be checked after complete reception Routers supporting BGP wait for BGP connections on port 179 a routing wanting to establish a connection first creates a TCP connection once connection established, OPEN message is sent 13
Border Gateway Protocol OPEN message is used to negotiate association s parameters AS is set to the AS of the sending router BGP identifier is one of the IP interface addresses of the BGP router Border Gateway Protocol Hold time -- amount of time (in seconds) used by the keep alive procedure Initialization could fail: if the version is not supported by the peer if the authentication fails connection collision occurs when both BGP peers attempt to set up a connection simultaneously Hold time defines the time that may elapse between two consecutive KEEPALIVE or UPDATE messages Border Gateway Protocol BGP Updates: Once connection is established, BGP stations start exchanging updates Updates can advertise unfeasible routes -- routes that are withdrawn since the last update 14