Practical and configuration issues of bgp and policy routing
Download
1 / 17

Practical and Configuration issues of BGP and Policy routing - PowerPoint PPT Presentation


  • 80 Views
  • Uploaded on

Practical and Configuration issues of BGP and Policy routing . Cameron Harvey Simon Fraser University. BGP Overview. What is BGP? BGP is described as “The glue that holds the internet together” eBGP routers advertise reachable routes their neighbours

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Practical and Configuration issues of BGP and Policy routing' - lavender


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Practical and configuration issues of bgp and policy routing

Practical and Configuration issues of BGP and Policy routing

Cameron Harvey

Simon Fraser University


Bgp overview
BGP Overview

  • What is BGP?

    • BGP is described as “The glue that holds the internet together”

    • eBGP routers advertise reachable routes their neighbours

    • We have already learned that they do not necessarily advertise all their routes. There is a policy set by administrators to dictate routes to advertise


Bgp attributes
BGP attributes

  • When making a BGP advertisement, there are a number of attributes which may be specified.

  • These attributes allow administrators to affect the BGP routing policies


Bgp attributes 2
BGP attributes (2)

  • Value Code Reference

  • ----- --------------------------------- ---------

  • 1 ORIGIN [RFC1771]

  • 2 AS_PATH [RFC1771]

  • 3 NEXT_HOP [RFC1771]

  • 4 MULTI_EXIT_DISC [RFC1771]

  • 5 LOCAL_PREF [RFC1771]

  • 6 ATOMIC_AGGREGATE [RFC1771]

  • 7 AGGREGATOR [RFC1771]

  • 8 COMMUNITY [RFC1997]

  • 9 ORIGINATOR_ID [RFC2796]

  • 10 CLUSTER_LIST [RFC2796]

  • 11 DPA [Chen]

  • 12 ADVERTISER [RFC1863]

  • 13 RCID_PATH / CLUSTER_ID [RFC1863]

  • 14 MP_REACH_NLRI [RFC2283]

  • 15 MP_UNREACH_NLRI [RFC2283]

  • 16 EXTENDED COMMUNITIES [Rosen]

  • ...

  • 255 reserved for development


Bgp decisions algorithm
BGP Decisions Algorithm

  • BGP Decision Algorithm

    • Highest Local Preference

    • Lowest AS Path Length

    • Lowest Origin Type (0 iBGP, 1 eBGP, 2 Incomplete)

    • Smaller MED - Multi-Exit Discriminator (iff next hops equal)

    • Lowest IGP Cost ( OSPF , RIP , etc)

    • Lowest Next Hop

    • Lowest BGP Identifier

    • Vendor-dependent Tie Break


Local preference
Local Preference

  • This is used in iBGP

    • Setting the local preference to a higher value will give this route preference.

    • Used with multiple exit points from AS

    • The highest Local Preference will be the default exit point, even if this route has more hops.

    • In the case of router failure, the next highest Local Preference exit is chosen


Lowest as path length
Lowest AS Path Length

  • BGP will choose the path with the least number of AS hops

    • An AS may inflate the length of the AS path to make the route look less attractive to other ASes. It does so by adding its own AS number to the AS path 1 or more times. This process is called AS prepending.


Lowest origin type
Lowest Origin Type

  • This attribute is not used consistently among AS’s.

  • This attribute is frequently ignored so that it does not interfere with the MED attribute


Med multi exit discriminator
MED - Multi-Exit Discriminator

  • MED is typically used by two AS’s with a peering agreement. The values of the MED are part of the agreement. An AS will advertise its preferred gateway router with a lower MED. MED can be used to help balance the incoming traffic load.


Business relations
Business Relations

  • With ISPs, it is the business relationships that are most important in determining BGP policies

  • Two ISPs may agree to route each others traffic. They may do so without compensation perhaps because roughly equal amounts of traffic flows between their networks. This is called a peering relationship.


Business relations 2
Business Relations (2)

  • Local preference can be manipulated to avoid traffic congestion or to save money by routing through ISPs with whom there is a peering relationship

    • Set Local Preference value in range:

      • 90-99 for customers

      • 80-89 for peers

      • 70-79 for providers


Business relations 3
Business Relations (3)

  • Import Policy

    • A BGP router can filter the routes received from each of its peers

      • Helps control router table size

      • Helps with security

  • Export Policy

    • A BGP router can:

      • Filter the routes advertised to its peers

      • Advertise transit routes to peers with whom it has a contract with to provide such service

      • Selectively report reachability information

        • report a destination to some neighbors and not others


Router table size
Router Table Size

  • BGP tables have been growing exponentially

    • Tables can have more than 300,000 entries

    • Measures have been implemented to mitigate table growth

      • Prefix Aggregation

      • Filtering long prefixes


Security
Security

  • BGP was built on trust and provides no security guarantees

    • BGP does not validate an AS’s authority to announce reachability information.

    • BGP does not ensure the authenticity of the path attributes announced by an AS

  • In 1997 a small company inadvertently advertised optimal connectivity to all Internet destinations

    • This claim was not validated in any way

    • Most Internet traffic got routed to this destination

    • Crippled the internet for ~2 hours


Security 2
Security (2)

  • An AS can advertise a prefix or a longer prefix belonging to another AS

  • Some internet traffic for this IP will now get re-routed to this AS which can then do any of the following:

    • Do nothing - Black-hole attack

    • Impersonate - Obtain sensitive information

      • Passwords

      • Credit card numbers

    • Forward to original destination - Interception attack


Security 3
Security (3)

  • Solutions ???

    • Currently

      • Protection of the BGP TCP connection

      • Filtering of BGP announcements

        • Minimally effective unless all AS’s filter agressively. Because this is labour intensive, most AS’s do not bother

    • Future Research

      • S-BGP (secure BGP)

      • soBGP (secure origin BGP)

      • IRV system (Interdomain Route Validation)


References
References

  • http://www.ima.umn.edu/talks/workshops/1-12-16.2004/rexford/hotpotato.pdf

  • http://www.cs.princeton.edu/~jrex/papers/policies.pdf

  • http://www.renesys.com/tech/notes/WP_BGP_rev6.pdf

  • http://en.wikipedia.org/wiki/Border_Gateway_Protocol

  • http://www.ftmsk.net/index.php?showtopic=1755

  • http://www.cs.purdue.edu/homes/ninghui/readings/TruSe_fall04/td-5ugj33.pdf

  • http://www.nanog.org/meetings/nanog45/presentations/Monday/Roisman_bgp_metric_N45.pdf

  • http://www.renesys.com/tech/notes/WP_BGP_rev6.pdf