1 / 34

Part V: BGP Beacons -- A n Infrastructure for BGP Monitoring

Part V: BGP Beacons -- A n Infrastructure for BGP Monitoring. Better understanding of BGP dynamics. Difficulties Multiple administrative domains Unknown information (policies, topologies) Unknown operational practices Ambiguous protocol specs.

urbain
Download Presentation

Part V: BGP Beacons -- A n Infrastructure for BGP Monitoring

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Part V: BGP Beacons --An Infrastructure for BGP Monitoring

  2. Better understanding of BGP dynamics • Difficulties • Multiple administrative domains • Unknown information (policies, topologies) • Unknown operational practices • Ambiguous protocol specs Proposal: a controlled active measurement infrastructure for continuous BGP monitoring – BGP Beacons.

  3. What is a BGP Beacon? • An unused, globally visible prefix with known Announce/Withdrawal schedule • For long-term, public use

  4. Who will benefit from BGP Beacon? • Researchers: study BGP dynamics • To calibrate and interpret BGP updates • To study convergence behavior • To analyze routing and data plane interaction • Network operators • Serve to debug reachability problems • Test effects of configuration changes: • E.g., flap damping setting

  5. Related work • Differences from Labovitz’s “BGP fault-injector” • Long-term, publicly documented • Varying advertisement schedule • Beacon sequence number (AGG field) • Enabler for many research in routing dynamics • RIPE Ris Beacons • Set up at 9 exchange points

  6. Many Observation points: 1:Oregon RouteViews Stub AS Internet Upstream provider Upstream provider ISP ISP ISP ISP ISP ISP ISP ISP ISP ISP 2. RIPE 3.AT&T Send route update 4. Verio 5. MIT 6.Berkeley BGP Beacon #1 198.133.206.0/24 Active measurement infrastructure

  7. Deployed PSG Beacons

  8. Deployed PSG Beacons • B1, 2, 3, 5: • Announced and withdrawn with a fixed period • (2 hours) between updates • 1st daily ANN: 3:00AM GMT • 1st daily WD: 1:00AM GMT • B4: varying period • B5: fail-over experiments • Software available at: http://www.psg.com/~zmao

  9. Beacon 5 schedule Live host behind the beacon for data analysis Study fail-over Behavior for multi-homed customers

  10. Beacon AS Beacon terminology • Output signal: • 5:00:10 A1 • 5:00:40 W • 5:01:10 A2 Internet RouteView AT&T Beacon prefix: 198.133.206.0/24 Signal length: number of updates in output signal (3 updates) Signal duration: time between first and last update in the signal (5:00:10 -- 5:01:10, 60 seconds) Inter-arrival time: time between consecutive updates • Input signal: • Beacon-injected change • 3:00:00 GMT: Announce (A0) • 5:00:00 GMT: Withdrawal (W)

  11. Process Beacon data • Identify output signals, ignore external events • Minimize interference between consecutive input signals • Time stamp and sequence number

  12. Process Beacon data • Identify output signals, ignore external events • Data cleaning • Anchor prefix as reference • Same origin AS as beacon prefix • Statically nailed down • Minimize interference between consecutive input signals • Time stamp and sequence number

  13. Process Beacon data • Identify output signals, ignore external events • Minimize interference between consecutive input signals • Beacon period is set to 2 hours • Time stamp and sequence number

  14. Process Beacon data • Identify output signals, ignore external events • Minimize interference between consecutive input signals • Time stamp and sequence number • Attach additional information in the BGP updates • Make use of a transitive attribute: Aggregator fields

  15. Beacon data cleaning process • Goal • Clearly identify updates associated withinjected routing change • Discard beacon events influenced by external routing changes

  16. Beacon example analysis • BGP implementation impact • Cisco vs. Juniper • Route flap damping analysis • Convergence analysis • Inter-arrival time analysis

  17. Cumulative Beacon statistics:significant noise • Current observation points: • 111 peers: RIPE, Route-View, Berkeley, MIT, MIT-RON nodes, ATT-Research, AT&T, AMS-IXP, Verio Avg expansion: 2*0.2+1*0.8=1.2

  18. No. transient routes=2 Out-signal length=1 Cumulative Beacon statistics:significant noise • Example response to ANN-beacon at peer p • R1: ASpath= 286 209 1 3130 3927 • R2: ASpath= 286 209 2914 3130 3927 • 100 events: 20: R1 R2, 80: R2

  19. Cisco vs. Juniperupdate rate-limiting Known last-hop Cisco and Juniper routers from the same AS and location Average signal length: average number of updates observed for a single beacon-injected change

  20. (sec) (sec) “Cisco-like” last-hop routers Linear increase in signal duration wrt signal length Slope=30 second Due to Cisco’s default rate-limiting setting

  21. (sec) (sec) “Juniper-like” last-hop routers Signal duration relatively stable wrt increase in signal length Shorter signal duration compared to “Cisco-like” last-hops

  22. Route flap damping • A mechanism to punish unstable routes by suppressing them • RFC2439 [Villamizar et al. 1998] • Supported by all major router vendors • Believed to be widely deployed [AT&T, Verio]

  23. Goals • Reduce router processing load due to instability • Prevent sustained routing oscillations • Do not sacrifice convergence times for well-behaved routes There is conjecture a single announcement can cause route suppression.

  24. Scope Inbound external routes Per neighbor, per destination Penalty Flap: route change Increases for each flap Decays exponentially Cisco default setting Penalty Exponentially decayed 3000 Suppress threshold 2000 1000 750 Reuse threshold 2 4 0 32 Time (min) Route flap damping

  25. Route flap damping analysis Strong evidence for withdrawal- and announcement-triggered suppression.

  26. Distinguish between announcement and withdrawal • Summary: • WD-triggered sup more likely • than ANN-triggered sup • Cisco: overall more likely trigger sup than Juniper • (AAAW-pattern) • Juniper: more • aggressive for AWAW pattern

  27. Convergence analysis • Summary: • Withdrawals converge • slower than announcements • Most beacon events converge within 3 minutes

  28. 30 60 90 120 Output signal duration

  29. Beacon 1’s upstream change Single-homed (AS2914) Multi-homed (AS1239, 2914) Multi-homed (AS1,2914)

  30. Rate-limiting timer 30 second Different rate-limiting behavior: Cisco vs. Juniper Beacon for identifying router behavior Beacon 2 Seen from RouteView data

  31. Inter-arrival time analysisCisco-like last-hop routers Complementary cumulative distribution plot

  32. Inter-arrival time analysis

  33. Inter-arrival time modeling • Geometric distribution (body): • Update rate-limiting behavior: every 30 sec • Prob(missing update train) independent of how many already missed • Mass at 1: • Discretization of timestamps for times<1 • Shifted exponential distribution (tail): • Most likely due to route flap damping

  34. Summary • Beacons -- a public infrastructure for BGP analysis • Shown examples of Beacon usage • Future direction • Construction of robust and realistic model for BGP dynamics • Correlation with data plane • Analysis of RIPE Beacons http://www.psg.com/~zmao

More Related