BGP Route- Leak Protec0on Community

Size: px

Start display at page:

Download "BGP Route- Leak Protec0on Community"

William Virgil Peters
6 years ago
Views:

1 BGP Route- Leak Protec0on Community Jakob Heitz, Cisco Nanog 71, October, 2017 BGP Route- Leak Community 1

2 Gao - Rexford BGP ASes have 2 types of rela@onships: transit- customer or peer- peer. A neighbor of an AS can be either transit provider, peer or customer. If an AS receives a route from a non- customer and sends it to a non- customer, then it is leaking that route. An AS can choose to transit some routes, but not others, so the rela@onship can be different for different routes. Note that an IXP route server has no rela@onship with its clients. A route server does not add its ASN to the AS- path. Route server clients have rela@onships with other route server clients. BGP Route- Leak Protec@on Community 2

3 Concept Community to indicate the transit providers that the AS uses for the indicated route and the more specifics. Not a leak, because AS3 said that AS2 is a valid transit AS1 detects a leak, because AS4 is not a transit for AS3 AS 4 AS 1 Community: My transits are AS1 and AS2 AS 3 (customer) AS 2 Community: My transits are AS1 and AS2 BGP Route- Leak Protec@on Community 3

4 RLP Community and Large Community Need a new well known Large Community. Suppose it s If an AS wants route leak protec@on for its routes, then it will axach RLP communi@es to the routes to indicate what its transits are for those routes. The format is WKN:subject:transit, where WKN is the well known number that indicates this is an RLP Large Community. subject is the subject ASN. transit is a transit provider of the subject ASN. It is 0 if the subject has no transits. For example, if AS has transit provider ASes and 64502, then it will axach the following large communi@es: :64500: :64500:64502 AS has no transit providers, so it will axach the large community: :64501:0 To extend the protec@on an AS will pass the RLP on to the next AS. An AS can choose to accept an RLP community or not. For those that do not have Large Communi@es (RFC8092) implemented, a regular community can be used in a limited way. Neighbor ASes must agree on a community value to use, say 65000:x. This way, the sender says x is my transit. For the previous example, AS would axach the communi@es: 65000: :64502 BGP Route- Leak Protec@on Community 4

5 Leak of more specifics An AS may send more specific routes to a peer AS for traffic engineering. The more specific is not sent anywhere else. To detect the leak of a more- specific prefix, need an RLP community that specifies a transit for the more specific prefixes derived from the indicated route. BGP Route- Leak Protec@on Community 5

6 Finding Leaks Consider the route 2001:DB8:1::/ AS has received the RLPs Nom=64500 transit=64501 Nom=64500 transit=64502 Nom=64501 transit=0 AS received the AS_PATHs , , No RLP validates this AS_PATH This RLP validates the AS_PATH BGP Route- Leak Community 6

7 Benefits The leaking AS need not The customer AS needs no new sokware: just to set the RLP community. AS may be different for different routes. Works across IXP route servers. An ISP can sell Route Leak to customers without having to rely on other ASes to cooperate. If the ISP can cooperate with its peers, then improves. BGP Route- Leak Community 7

8 Examples The blue ovals are BGP autonomous systems (AS). Each arrow is a route announcement of the same prefix. One prefix is announced at the first arrow. Follow the arrows for the propaga@on of the announcement. The same prefix is announced to mul@ple ASes. A green arrow is a correct announcement. A red arrow is a leak. The yellow callouts indicate the relevant axributes in the announcement: the as- path and the RLP large communi@es. BGP Route- Leak Protec@on Community 8

9 Leak of transit to transit RLP (1 has transit 0) AS 1 AS 2 AS 2 detects a leak, because route is received with 3 following 1 in the as- path, yet RLP says 1 has no transits as- path (1) AS 3 (customer) as- path (3 1) BGP Route- Leak Protec@on Community 9

10 Route from transit is not a leak RLP (1 has transit 0) as- path (1) AS 1 AS 2 RLP (1 has transit 0) as- path (2 1) AS 3 (customer) Route is received with 2 following 1 in the as- path, yet RLP says 1 has no transits. However, this is not a leak, because route is received from a transit AS. BGP Route- Leak Protec@on Community 10

11 Leak of transit to peer RLP (1 has transit 0) as- path (1) AS 1 AS 3 detects a leak, because route is received with 2 following 1 in the as- path, yet RLP says 1 does not have 2 as a transit AS 2 AS 3 RLP (1 has transit 0) as- path (2 1) BGP Route- Leak Protec@on Community 11

12 Leak of peer to transit RLP (2 has transit 1) AS 1 AS 1 detects a leak, because route is received with 3 following 2 in the as- path, yet RLP says 2 does not have 3 as a transit as- path (3 2) AS 2 as- path (2) AS 3 BGP Route- Leak Protec@on Community 12

13 Leak of more- specific 10::/12 CRLP (2 has transit 0) AS 1 AS 1 detects a leak, because 10::/13 is received with 3 following 2 in the as- path, yet CRLP says 2 has no transits for more- specifics of 10::/12 10::/13 as- path (3 2) AS2 peers with content provider AS3. It sends specific routes to AS3 at different loca@ons for traffic engineering. These specific routes are sent only to AS3 and meant for use only by AS3. AS 2 10::/13 18::/13 AS 3 BGP Route- Leak Protec@on Community 13

14 Leak of peer to peer RLP (2 has transit 1) AS 1 RLP (2 has transit 1) AS 2 as- path (2) RLP (2 has transit 1) AS 3 as- path (3 2) This route may also contain the RLP sent by AS2. If it does, then AS 4 can use it to detect the leak AS 4 AS 4 detects a leak, because route is received with 3 following 2 in the as- path, yet RLP says 2 does not have 3 as a transit BGP Route- Leak Protec@on Community 14

15 Transits share RLP RLP (2 has transit 1) RLP (2 has transit 1) AS 1 AS 4 AS 4 detects a leak, because route is received with 3 following 2 in the as- path, yet RLP says 2 does not have 3 as a transit as- path (3 2) AS 2 AS 3 as- path (2) BGP Route- Leak Protec@on Community 15

16 Route Server has no Rela0onship Customer AS 2 (Tier 2) AS1 is provider of AS2 AS3 is customer of AS2 IXP AS 1 (Tier 1) IXP has no rela@onship with AS2 AS 3 (Customer) A route server does not add its ASN to the as- path. A route server does not need a transit/customer/ peer rela@onship with its clients Route server clients have rela@onships with each other. BGP Route- Leak Protec@on Community 16

17 Instruc0ons for an AS with no transit providers (Tier- 1 ISP) Assume the large community for RLP is :*:*. When the policy tests as-path-validity, the router will test the as- path against all RLPs available to determine the leak state. This example is for ASN Apply this policy at neighbor in: route-policy nbr_in # if not accepting forwarded RPL delete large-community in ( :not-peeras:*) # low local pref for leaked routes if as-path-validity is leaked then set local-preference 1 endif end-policy Apply this policy at neighbor out: route-policy nbr_out # if not forwarding RPLs delete large-community in ( :*:*) # set my own RLP set large-community ( :64501:0) additive end-policy BGP Route- Leak Protec@on Community 17

18 Instruc0ons for an AS with transit providers This example is for ASN Assume it has transit providers AS64501 and AS Apply this policy at neighbor in: route-policy nbr_in # if not accepting forwarded RPL delete large-community in ( :not-peeras:*) # low local pref for leaked routes # do not check as-path-validity at transit neighbors if as-path-validity is leaked then set local-preference 1 endif end-policy Apply this policy at neighbor out: route-policy nbr_out # if not forwarding RPLs delete large-community in ( :*:*) # set my own RLP set large-community ( :64500:64501, :64500:64502) additive end-policy BGP Route- Leak Protec@on Community 18

19 Instruc0ons for an AS wan0ng protec0on, but does not support large communi0es or RLP Assume the community for RLP is 64519:* The peer router will convert the received RLP community into an RLP large community. This example is for ASN Assume it has transit providers AS64501 and AS Apply this policy at neighbor out: route-policy nbr_out # set my own RLP set community (64519:64501, 64519:64502) additive end-policy BGP Route- Leak Protec@on Community 19

20 Reference This automates the concept of Peer Locking described in hxps:// It is submixed as a drak to IETF IDR working group hxps://tools.ien.org/html/drak- heitz- idr- route- leak- community- 00 BGP Route- Leak Protec@on Community 20

BGP made easy. John van Oppen Spectrum Networks / AS11404

BGP made easy. John van Oppen Spectrum Networks / AS11404 1 BGP made easy John van Oppen Spectrum Networks / AS11404 2 What is BGP? Snarky answer: RFC-4271 BGP is an Exterior gateway protocol, the only one used on the public Internet and is used for inter-autonomous