part v bgp beacons a n infrastructure for bgp monitoring n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Part V: BGP Beacons -- A n Infrastructure for BGP Monitoring PowerPoint Presentation
Download Presentation
Part V: BGP Beacons -- A n Infrastructure for BGP Monitoring

Loading in 2 Seconds...

play fullscreen
1 / 34

Part V: BGP Beacons -- A n Infrastructure for BGP Monitoring - PowerPoint PPT Presentation


  • 93 Views
  • Uploaded on

Part V: BGP Beacons -- A n Infrastructure for BGP Monitoring. Better understanding of BGP dynamics. Difficulties Multiple administrative domains Unknown information (policies, topologies) Unknown operational practices Ambiguous protocol specs.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Part V: BGP Beacons -- A n Infrastructure for BGP Monitoring' - urbain


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
better understanding of bgp dynamics
Better understanding of BGP dynamics
  • Difficulties
    • Multiple administrative domains
    • Unknown information (policies, topologies)
    • Unknown operational practices
    • Ambiguous protocol specs

Proposal: a controlled active measurement infrastructure

for continuous BGP monitoring – BGP Beacons.

what is a bgp beacon
What is a BGP Beacon?
  • An unused, globally visible prefix with known Announce/Withdrawal schedule
  • For long-term, public use
who will benefit from bgp beacon
Who will benefit from BGP Beacon?
  • Researchers: study BGP dynamics
    • To calibrate and interpret BGP updates
    • To study convergence behavior
    • To analyze routing and data plane interaction
  • Network operators
    • Serve to debug reachability problems
    • Test effects of configuration changes:
      • E.g., flap damping setting
related work
Related work
  • Differences from Labovitz’s “BGP fault-injector”
    • Long-term, publicly documented
    • Varying advertisement schedule
    • Beacon sequence number (AGG field)
    • Enabler for many research in routing dynamics
  • RIPE Ris Beacons
    • Set up at 9 exchange points
active measurement infrastructure

Many Observation points:

1:Oregon RouteViews

Stub AS

Internet

Upstream

provider

Upstream

provider

ISP

ISP

ISP

ISP

ISP

ISP

ISP

ISP

ISP

ISP

2. RIPE

3.AT&T

Send

route update

4. Verio

5. MIT

6.Berkeley

BGP Beacon #1

198.133.206.0/24

Active measurement infrastructure
deployed psg beacons1
Deployed PSG Beacons
  • B1, 2, 3, 5:
    • Announced and withdrawn with a fixed period
    • (2 hours) between updates
      • 1st daily ANN: 3:00AM GMT
      • 1st daily WD: 1:00AM GMT
  • B4: varying period
  • B5: fail-over experiments
  • Software available at: http://www.psg.com/~zmao
beacon 5 schedule
Beacon 5 schedule

Live host behind

the beacon for

data analysis

Study fail-over

Behavior for

multi-homed

customers

beacon terminology

Beacon

AS

Beacon terminology
  • Output signal:
  • 5:00:10 A1
  • 5:00:40 W
  • 5:01:10 A2

Internet

RouteView

AT&T

Beacon prefix:

198.133.206.0/24

Signal length: number of updates in output signal (3 updates)

Signal duration: time between first and last update in the signal (5:00:10 -- 5:01:10, 60 seconds)

Inter-arrival time: time between consecutive updates

  • Input signal:
  • Beacon-injected change
  • 3:00:00 GMT: Announce (A0)
  • 5:00:00 GMT: Withdrawal (W)
process beacon data
Process Beacon data
  • Identify output signals, ignore external events
  • Minimize interference between consecutive input signals
  • Time stamp and sequence number
process beacon data1
Process Beacon data
  • Identify output signals, ignore external events
    • Data cleaning
    • Anchor prefix as reference
      • Same origin AS as beacon prefix
      • Statically nailed down
  • Minimize interference between consecutive input signals
  • Time stamp and sequence number
process beacon data2
Process Beacon data
  • Identify output signals, ignore external events
  • Minimize interference between consecutive input signals
    • Beacon period is set to 2 hours
  • Time stamp and sequence number
process beacon data3
Process Beacon data
  • Identify output signals, ignore external events
  • Minimize interference between consecutive input signals
  • Time stamp and sequence number
    • Attach additional information in the BGP updates
      • Make use of a transitive attribute: Aggregator fields
beacon data cleaning process
Beacon data cleaning process
  • Goal
    • Clearly identify updates associated withinjected routing change
    • Discard beacon events influenced by external routing changes
beacon example analysis
Beacon example analysis
  • BGP implementation impact
    • Cisco vs. Juniper
  • Route flap damping analysis
  • Convergence analysis
  • Inter-arrival time analysis
cumulative beacon statistics significant noise
Cumulative Beacon statistics:significant noise
  • Current observation points:
    • 111 peers: RIPE, Route-View, Berkeley, MIT, MIT-RON nodes, ATT-Research, AT&T, AMS-IXP, Verio

Avg expansion: 2*0.2+1*0.8=1.2

cumulative beacon statistics significant noise1

No. transient routes=2

Out-signal length=1

Cumulative Beacon statistics:significant noise
  • Example response to ANN-beacon at peer p
    • R1: ASpath= 286 209 1 3130 3927
    • R2: ASpath= 286 209 2914 3130 3927
    • 100 events: 20: R1 R2, 80: R2
cisco vs juniper update rate limiting
Cisco vs. Juniperupdate rate-limiting

Known last-hop Cisco

and Juniper routers

from the same AS and

location

Average signal length:

average number of

updates observed for a

single beacon-injected

change

cisco like last hop routers

(sec)

(sec)

“Cisco-like” last-hop routers

Linear increase in

signal duration wrt

signal length

Slope=30 second

Due to Cisco’s

default rate-limiting

setting

juniper like last hop routers

(sec)

(sec)

“Juniper-like” last-hop routers

Signal duration

relatively stable

wrt increase in

signal length

Shorter signal

duration compared

to “Cisco-like”

last-hops

route flap damping
Route flap damping
  • A mechanism to punish unstable routes by suppressing them
  • RFC2439 [Villamizar et al. 1998]
    • Supported by all major router vendors
    • Believed to be widely deployed [AT&T, Verio]
goals
Goals
  • Reduce router processing load due to instability
  • Prevent sustained routing oscillations
  • Do not sacrifice convergence times for well-behaved routes

There is conjecture a single announcement can

cause route suppression.

route flap damping1
Scope

Inbound external routes

Per neighbor, per destination

Penalty

Flap: route change

Increases for each flap

Decays exponentially

Cisco default setting

Penalty

Exponentially decayed

3000

Suppress threshold

2000

1000

750

Reuse threshold

2

4

0

32

Time (min)

Route flap damping
route flap damping analysis
Route flap damping analysis

Strong evidence for withdrawal- and announcement-triggered suppression.

distinguish between announcement and withdrawal
Distinguish between announcement and withdrawal
  • Summary:
  • WD-triggered sup more likely
  • than ANN-triggered sup
  • Cisco: overall more likely trigger sup than Juniper
  • (AAAW-pattern)
  • Juniper: more
  • aggressive for AWAW pattern
convergence analysis
Convergence analysis
  • Summary:
  • Withdrawals converge
  • slower than announcements
  • Most beacon events converge within 3 minutes
slide28

30

60

90

120

Output signal duration

beacon 1 s upstream change
Beacon 1’s upstream change

Single-homed

(AS2914)

Multi-homed

(AS1239, 2914)

Multi-homed

(AS1,2914)

beacon for identifying router behavior

Rate-limiting timer

30 second

Different

rate-limiting

behavior:

Cisco vs.

Juniper

Beacon for identifying router behavior

Beacon 2

Seen from

RouteView data

inter arrival time analysis cisco like last hop routers
Inter-arrival time analysisCisco-like last-hop routers

Complementary cumulative distribution plot

inter arrival time modeling
Inter-arrival time modeling
  • Geometric distribution (body):
    • Update rate-limiting behavior: every 30 sec
    • Prob(missing update train) independent of how many already missed
  • Mass at 1:
    • Discretization of timestamps for times<1
  • Shifted exponential distribution (tail):
    • Most likely due to route flap damping
summary
Summary
  • Beacons -- a public infrastructure for BGP analysis
  • Shown examples of Beacon usage
  • Future direction
    • Construction of robust and realistic model for BGP dynamics
    • Correlation with data plane
    • Analysis of RIPE Beacons

http://www.psg.com/~zmao