RFC 4264 : BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged



Similar documents
Internet Routing Protocols Lecture 04 BGP Continued

Introduction to Routing

Inter-domain Routing. Outline. Border Gateway Protocol

Module 12 Multihoming to the Same ISP

BGP1 Multihoming and Traffic Engineering

Bell Aliant. Business Internet Border Gateway Protocol Policy and Features Guidelines

ASA/PIX: Load balancing between two ISP - options

Network Level Multihoming and BGP Challenges

Internet inter-as routing: BGP

ETHEL THE AARDVARK GOES BGP ROUTING

Transitioning to BGP. ISP Workshops. Last updated 24 April 2013


Effective BGP Load Balancing Using "The Metric System" A real-world guide to BGP traffic engineering

Multihoming and Multi-path Routing. CS 7260 Nick Feamster January

BGP Route Analysis and Management Systems

Towards a Next- Generation Inter-domain Routing Protocol. L. Subramanian, M. Caesar, C.T. Ee, M. Handley, Z. Mao, S. Shenker, and I.

Simple Multihoming. ISP/IXP Workshops

Effective BGP Load Balancing Using "The Metric System" A real-world guide to BGP traffic engineering

BGP Attributes and Path Selection

ISP Case Study. UUNET UK (1997) ISP/IXP Workshops. ISP/IXP Workshops. 1999, Cisco Systems, Inc.

Exterior Gateway Protocols (BGP)

HP Networking BGP and MPLS technology training

APNIC elearning: BGP Attributes

Troubleshooting and Maintaining Cisco IP Networks Volume 1

NETWORK TO NETWORK INTERFACE PLAN

Network provider filter lab

BGP. 1. Internet Routing

Advanced BGP Policy. Advanced Topics

BGP Techniques for Internet Service Providers

Implementing and Administering Security in a Microsoft Windows Server 2003 Network

IPv6 Opportunity and challenge

netkit lab bgp: multi-homed Università degli Studi Roma Tre Dipartimento di Informatica e Automazione Computer Networks Research Group

Intelligent Routing Platform White Paper

natredirect: Monitoring availability of a LAN device and switching NAT rule to avail of a backup LAN device

Understanding Large Internet Service Provider Backbone Networks

LAB II: Securing The Data Path and Routing Infrastructure

Address Scheme Planning for an ISP backbone Network

Understanding BGP Misconfiguration

Disaster Recovery Design Ehab Ashary University of Colorado at Colorado Springs

BGP and Traffic Engineering with Akamai. Caglar Dabanoglu Akamai Technologies AfPIF 2015, Maputo, August 25th

Measurement Study on the Internet reachability. 3.1 Introduction. 3. Internet Backbone

Claudio Jeker. RIPE 41 Meeting Amsterdam, 15. January Using BGP topology information for DNS RR sorting

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

A Systematic Approach to BGP Configuration Checking

Understanding Route Redistribution & Filtering

Lecture 18: Border Gateway Protocol"

Inter-domain Routing

How to Configure BGP Tech Note

DESTINATION BASED RTBH FILTERING AT ATTACK ORIGINATING INTERNET SERVICE PROVIDER

How To Load Balance On A Bgg On A Network With A Network (Networking) On A Pc Or Ipa On A Computer Or Ipad On A 2G Network On A Microsoft Ipa (Netnet) On An Ip

Internet inter-as routing: BGP

APNIC elearning: BGP Basics. Contact: erou03_v1.0

Customized BGP Route Selection Using BGP/MPLS VPNs

Why Is MPLS VPN Security Important?

Interconnection, Peering and Financial Settlements in the Internet

IPv6 Addressing. ISP Training Workshops

Surviving DDoS. SANOG X 5 September ed.lewis@neustar.biz. 5 Sep '07, SANOG X ed.lewis@neustar.biz 1

The ISP Column. An Introduction to BGP the Protocol

How More Specifics increase your transit bill (and ways to avoid it)

A Case Study Design of Border Gateway Routing Protocol Using Simulation Technologies

BGP (Border Gateway Protocol)

IP Forwarding Anomalies and Improving their Detection using Multiple Data Sources

BGP as an IGP for Carrier/Enterprise Networks

Introduction to LAN/WAN. Network Layer (part II)

Multihomed BGP Configurations

Outline. EE 122: Interdomain Routing Protocol (BGP) BGP Routing. Internet is more complicated... Ion Stoica TAs: Junda Liu, DK Moon, David Zats

IPv4 Address Allocation and the BGP Routing Table Evolution

APNIC Trial of Certification of IP Addresses and ASes

Introduction to HA Technologies: SSO/NSF with GR and/or NSR. Ken Weissner / kweissne@cisco.com Systems and Technology Architecture, Cisco Systems

Understanding BGP Next-hop Diversity

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services (5 days)

Today s Agenda. Note: it takes years to really master BGP Many slides stolen from Prof. Zhi-Li Zhang at Minnesota and from Avi Freedman s slides

LinkProof DNS Quick Start Guide

Routing Protocols (RIP, OSPF, BGP)

Doing Don ts: Modifying BGP Attributes within an Autonomous System

Analyzing the Internet s BGP Routing Table

Service Description DDoS Mitigation Service

BSCI Chapter Cisco Systems, Inc. All rights reserved.

BGP Prefix Hijack: An Empirical Investigation of a Theoretical Effect Masters Project

MCSA Security + Certification Program

Installation and Configuration in Microsoft Dynamics NAV 5.0

IPv6 and 4-byte ASN Update

DD2491 p Load balancing BGP. Johan Nicklasson KTHNOC/NADA

Simple Multihoming. ISP Workshops. Last updated 30 th March 2015

BGP Multihoming Techniques. Philip Smith APRICOT 2013 Singapore 19 th February 1 st March 2013

Document ID: Introduction

BGP and Traffic Engineering with Akamai. Christian Kaufmann Akamai Technologies MENOG 14

Week 4 / Paper 1. Open issues in Interdomain Routing: a survey

Please enter the Network WAN page and click the Edit icon of WAN1. Figure The WAN setting of Network

Transcription:

RFC 464 : BGP Wedgies ---- Bad Policy Interactions that Cannot be Debugged Timothy G. Griffin Geoff Huston http://www.cl.cam.ac.uk/~tgg What is a BGP Wedgie? full wedgie ¾ wedgie BGP policies make sense locally Interaction of local policies allows multiple stable routings Some routings are consistent with intended policies, and some are not If an unintended routing is installed (BGP is ), then manual intervention is needed to change to an intended routing When an unintended routing is installed, no single group of network operators has enough knowledge to debug the problem

¾ Wedgie Example primary link backup link implements backup link by sending a depref me community. implements this community so that the resulting local pref is below that of routes from it s upstream (AS 3 routes) And the Routings are Intended Routing Note: this would be the ONLY routing if AS translated its depref me community to a depref me community of AS 3 Unintended Routing Note: This is easy to reach from the intended routing just by bouncing the BGP session on the primary link.

Recovery Bring down - session Bring it back up! Requires manual intervention Can be done in or What the heck is going on? There is no guarantee that a BGP configuration has a unique routing solution. When multiple solutions exist, the (unpredictable) order of updates will determine which one is wins. There is no guarantee that a BGP configuration has any solution! And checking configurations NP-Complete Lab demonstrations of BGP configs never converging Complex policies (weights, communities setting preferences, and so on) increase chances of routing anomalies. yet this is the current trend! 3

Load Balancing Example AS primary link for prefix P backup link for prefix P primary link for prefix P backup link for prefix P Simple session reset my not work!! Can t un-wedge with session resets! & down P all up BOTH P & P Note that when bringing all up we could actually land the system in any one of the 4 stable states --- depends on message order. all up & down P up up Reset Reset INTENDED down down 4

Recovery P Temporarily filter P from session Temporarily filter P from session P up up INTENDED down down Who among us could figure this one out? When is in New York and is in Tokyo? Full Wedgie Example AS implements backup links by sending and AS 3 a depref me communities. implements its community so that the resulting local pref is below that of its upstream s and it s s (AS 3 and AS routes) AS implements its community in the SAME WAY backup links primary link so that the resulting local pref is below its s (AS ) but above that of its s (AS 3)

And the Routings are AS AS Intended Routing Unintended Routing Resetting does not help!! Bring down - session AS AS Bring down - session AS Bring up - session 6

Recovery AS AS AS Bring down - session AND - session Bring up - session AND - session A lot of non-local knowledge is required to arrive at this recovery strategy! Try to convince AS and that their session has be reset (or filtered) even though it is not associated with an active route! That Can t happen in MY network!! NA EMEA AP LA AU++ An normal global global backbone (ISP or Corporate Intranet) implemented with regional ASes 7

The Full Wedgie Example, in a new Guise NA AP EMEA LA Intended Routing for some prefixes in AU, implemented with communities. DOES THIS LOOK FAMILIAR?? AU Message: Same problems can arise with traffic engineering across regional networks. 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information