Multihoming Complex Cases & Caveats

Similar documents
Service Provider Multihoming

Service Provider Multihoming

BGP Multihoming Techniques

BGP Multihoming Techniques

Service Provider Multihoming

BGP Multihoming Techniques

Advanced Multihoming. BGP Traffic Engineering

Service Provider Multihoming

BGP Multihoming Techniques

BGP and the Internet. Enterprise Multihoming. Enterprise Multihoming. Medium/Large ISP Multihoming. Enterprise Multihoming. Enterprise Multihoming

BGP Multihoming Techniques Philip Smith NANOG October 2005 Los Angeles

BGP Multihoming Techniques

BGP Tutorial Part 3 Multihoming

BGP Multihoming ISP/IXP Workshops

Module 16 An Internet Exchange Point

Simple Multihoming. ISP Workshops. Last updated 9 th December 2015

Simple Multihoming. ISP Workshops. Last updated 25 September 2013

BGP Attributes and Path Selection

BGP Multihoming Techniques

BGP and the Internet. Why Multihome? Why Multihome? Why Multihome? Why Multihome? Why Multihome? Redundancy. Reliability

Multihoming Techniques. bdnog8 May 4 8, 2018 Jashore, Bangladesh.

Module 13 Multihoming to Different ISPs

BGP and the Internet

BGP Multihoming. ISP/IXP Workshops

BGP Attributes and Policy Control

IPv4/IPv6 BGP Routing Workshop. Organized by:

IPv6 Module 16 An IPv6 Internet Exchange Point

BGP Attributes and Policy Control

BGP Configuration for a Transit ISP

BGP Attributes and Policy Control

Introduction to BGP. ISP Workshops. Last updated 30 October 2013

What is an Internet exchange Point (IXP)?

BGP Multihoming Techniques. Philip Smith SANOG 10/APNIC 24 29th August - 7th September 2007 New Delhi, India

Introduction to BGP. ISP/IXP Workshops

BGP Multihoming Techniques. Philip Smith APRICOT February 2009 Manila, Philippines

BGP Case Studies. ISP Workshops

Multihoming Case Study

Simple Multihoming. ISP Workshops

BGP Protocol & Configuration. Scalable Infrastructure Workshop AfNOG2008

BGP and the Internet

Module 12 Multihoming to the Same ISP

internet technologies and standards

Module 8 Multihoming Strategies Lab

Lab 3 Multihoming to the Same ISP

3/10/2011. Copyright Link Technologies, Inc.

BGP101. Howard C. Berkowitz. (703)

Lecture 18: Border Gateway Protocol

Introduction to BGP ISP/IXP Workshops

BGP route filtering and advanced features

Using BGP Communities

BGP and the Internet

BGP made easy. John van Oppen Spectrum Networks / AS11404

Lecture 17: Border Gateway Protocol

Module 10 An IPv6 Internet Exchange Point

Border Gateway Protocol - BGP

FAQ. Version: Copyright ImageStream Internet Solutions, Inc., All rights Reserved.

APNIC elearning: BGP Basics. 30 September :00 PM AEST Brisbane (UTC+10) Revision: 2.0

Connecting to a Service Provider Using External BGP

Module 14 Transit. Objective: To investigate methods for providing transit services. Prerequisites: Modules 12 and 13, and the Transit Presentation

BGP Techniques for ISP. Terutaka Komorizono

Traffic engineering on a multihoming environment. Fernando García

BGP Multihoming Techniques Philip Smith APRICOT Feb - 3 Mar 2006 Perth, Australia

Using BGP Communities

BGP. Autonomous system (AS) BGP version 4

Module 18 Transit. Objective: To investigate methods for providing transit services. Prerequisites: Modules 12 and 13, and the Transit Presentation

IPv6 Module 7 BGP Route Filtering and Advanced Features

Balancing incoming traffic over multiple links

BGP4 workshop scenario

Module 6 Implementing BGP

BGP. Autonomous system (AS) BGP version 4. Definition (AS Autonomous System)

Lecture 4: Intradomain Routing. CS 598: Advanced Internetworking Matthew Caesar February 1, 2011

BGP Scaling (RR & Peer Group)

The Value of Peering. ISP/IXP Workshops. Last updated 23 rd March 2015

BGP Attributes and Policy Control. BGP Attributes. Agenda. What Is an Attribute? AS-Path. AS-Path loop detection. BGP Attributes

Border Gateway Protocol (an introduction) Karst Koymans. Tuesday, March 8, 2016

The Value of Peering. ISP Workshops. Last updated 25 September 2013

BGP. Autonomous system (AS) BGP version 4

Master Course Computer Networks IN2097

Routing Basics. Campus Network Design & Operations Workshop

BGP for Internet Service Providers

LACNIC XIII. Using BGP for Traffic Engineering in an ISP

Interdomain Routing Reading: Sections P&D 4.3.{3,4}

BGP. Autonomous system (AS) BGP version 4. Definition (AS Autonomous System)

BGP. Autonomous system (AS) BGP version 4

Internet Routing : Fundamentals of Computer Networks Bill Nace

Lecture 16: Interdomain Routing. CSE 123: Computer Networks Stefan Savage

Lecture 16: Border Gateway Protocol

Monitoring BGP. Configuring the Router

BGP. Autonomous system (AS) BGP version 4. Definition (AS Autonomous System)

Ravi Chandra cisco Systems Cisco Systems Confidential

Connecting to a Service Provider Using External BGP

Introduction to BGP. BGP Basics BGP. Border Gateway Protocol. Path Vector Protocol. Path Vector Protocol INET 2000 NTW

Module 6 ibgp and Basic ebgp

Inter-Domain Routing: BGP II

Border Gateway Protocol (an introduction) Karst Koymans. Monday, March 10, 2014

Introduction to IP Routing. Geoff Huston

BGP Attributes and Policy Control. BGP Attributes. BGP Attributes. Agenda. What Is an Attribute? AS-Path. ISP/IXP Workshops.

Module 19 Internet Exchange Points

Interdomain Routing Reading: Sections K&R EE122: Intro to Communication Networks Fall 2007 (WF 4:00-5:30 in Cory 277)

How the Internet works? The Border Gateway Protocol (BGP)

Transcription:

Multihoming Complex Cases & Caveats ISP Workshops Last updated 6 October 2011

Complex Cases & Caveats p Complex Cases n Multiple Transits n Multi-exit backbone n Disconnected Backbone n IDC Multihoming p Caveats n No default route on: p Private peer edge router p IXP peering router n Separating transit and local paths n Backup and non-backup n Avoiding backbone hijack

Complex Cases Two Tier-1 upstreams, two regional upstreams, and local peers

Tier-1 & Regional Upstreams, Local Peers p p p p p This is a complex example, bringing together all the concepts learned so far Connect to both upstream transit providers to see the Internet n Provides external redundancy and diversity the reason to multihome Connect to regional upstreams n Hopefully a less expensive and lower latency view of the regional internet than is available through upstream transit provider Connect to private peers for local peering purposes Connect to the local Internet Exchange Point so that local traffic stays local n Saves spending valuable $ on upstream transit costs for local traffic

Tier-1 & Regional Upstreams, Local Peers Upstream ISP Regional Upstream AS150 Local Peer AS120 A B AS130 C D AS 110 Upstream ISP AS140 Local Peers F E Regional Upstream AS160 IXP

Tier-1 & Regional Upstreams, Local Peers p Announce /19 aggregate on each link p Accept partial/default routes from upstreams n For default, use 0.0.0.0/0 or a network which can be used as default p Accept all routes from local peer p Accept all partial routes from regional upstreams p This is more complex, but a very typical scenario

Tier-1 & Regional Upstreams, Local Peers: Detail p Router A local private peer n Accept all (local) routes n Local traffic stays local n Use prefix and/or AS-path filters n Use local preference (if needed) p Router F local IXP peering n Accept all (local) routes n Local traffic stays local n Use prefix and/or AS-path filters

Tier-1 & Regional Upstreams, Local Peers: Detail p Router B regional upstream n They provide transit to Internet, but longer AS path than Tier-1s n Accept all regional routes from them p e.g. ^150_[0-9]+$ n Ask them to send default, or send a network you can use as default p Set local pref on default to 60 n Will provide backup to Internet only when direct Tier-1 links go down

Tier-1 & Regional Upstreams, Local Peers: Detail p Router E regional upstream n They provide transit to Internet, but longer AS path than Tier-1s n Accept all regional routes from them p e.g. ^160_[0-9]+$ n Ask them to send default, or send a network you can use as default p Set local pref on default to 70 n Will provide backup to Internet only when direct Tier-1 links go down

Tier-1 & Regional Upstreams, Local Peers: Detail p Router C first Tier-1 n Accept all their customer and AS neighbour routes from them p e.g. ^130_[0-9]+$ n Ask them to send default, or send a network you can use as default p Set local pref on default to 80 n Will provide backup to Internet only when link to second Tier-1 goes down

Tier-1 & Regional Upstreams, Local Peers: Detail p Router D second Tier-1 n Ask them to send default, or send a network you can use as default p This has local preference 100 by default n All traffic without any more specific path will go out this way

Tier-1 & Regional Upstreams, Local Peers: Summary p Local traffic goes to local peer and IXP p Regional traffic goes to two regional upstreams p Everything else is shared between the two Tier-1s p To modify loadsharing adjust what is heard from the two regionals and the first Tier-1 n Best way is through modifying the AS-path filter

Tier-1 & Regional Upstreams, Local Peers p What about outbound announcement strategy? n This is to determine incoming traffic flows n /19 aggregate must be announced to everyone! n /20 or /21 more specifics can be used to improve or modify loadsharing n See earlier for hints and ideas

Tier-1 & Regional Upstreams, Local Peers p What about unequal circuit capacity? n AS-path filters are very useful p What if upstream will only give me full routing table or nothing n AS-path and prefix filters are very useful

Complex Cases Multi-exit backbone

Multi-exit backbone p ISP with many exits to different service providers n Could be large transit carrier n Could be large regional ISP with a variety of international links to different continental locations p Load-balancing can be painful to set up n Outbound traffic is often easier to balance than inbound

Multi-exit backbone 45Mbps 155Mbps AS120 AS130 A 2x 155Mbps 45Mbps AS140 AS150 C AS 110 D Internet AS160 155Mbps 45Mbps AS170 B 1Gbps IXP

Multi-exit backbone Step One p How to approach this? n Simple steps p Step One: n The IXP is easy! n Will usually be non-transit so preferred path for all prefixes learned this way n Outbound announcement send our address block n Inbound announcement accept everything originated by IXP peers, high local-pref

Multi-exit backbone Step Two p Where does most of the inbound traffic come from? n Go to that source location, and check Looking Glass trace and AS-PATHs back to the neighbouring ASNs n i.e. which of AS120 through AS170 is the closest to the source p Apply AS-path prepends such that the path through AS140 is one AS-hop closer than the other ASNs n AS140 is the ISP s biggest pipe to the Internet n This makes AS140 the preferred path to get from the source to AS110

Multi-exit backbone Step Three p Addressing plan now helps n Customers in vicinity of each of Router A, C and D addressed from contiguous address block assigned to each Router n Announcements from Router A address block sent out to AS120 and AS130 n Announcements from Router C address block sent out to AS140 and AS150 n Announcements from Router D address block sent out to AS160 and AS170

Multi-exit backbone Addressing Plan Assists Multihoming 2x 155Mbps 45Mbps AS140 AS150 Internet 45Mbps 155Mbps AS120 AS130 A C Router C addressing zone AS 110 155Mbps 45Mbps D AS160 AS170 Router A addressing zone B 1Gbps Router D addressing zone IXP

Multi-exit backbone Step Four p Customer type assists zone load balancing n Two customer classes: Commercial & Consumer n Commercial announced on T3 links n Consumer announced on STM-1 links p Commercial n Numbered from one address block in each zone p Consumer n Numbered from the other address block in each zone

Multi-exit backbone Example Summary (1) p Address block: 100.10.0.0/16 p Router A zone: 100.10.0.0/18 n Commercial: 100.10.0.0/19 n Consumer: 100.10.32.0/19 p Router C zone: 100.10.128.0/17 n Commercial: 100.10.128.0/18 n Consumer: 100.10.192.0/18 p Router D zone: 100.10.64.0/18 n Commercial: 100.10.64.0/19 n Consumer: 100.10.96.0/19

Multi-exit backbone Example Summary (2) p Router A announcement: n 100.10.0.0/16 with 3x AS-path prepend n 100.10.0.0/19 to AS130 n 100.10.32.0/19 to AS120 p Router B announcement: n 100.10.0.0/16 p Router C announcement: n 100.10.0.0/16 n 100.10.128.0/18 to AS150 n 100.10.192.0/18 to AS140 p Router D announcement: n 100.10.0.0/16 with 3x AS-path prepend n 100.10.64.0/19 to AS170 n 100.10.96.0/19 to AS160

Multi-exit backbone Summary p This is an example strategy n Your mileage will vary p Example shows: n where to start, n what the thought processes are, and n what the strategies could be

Service Provider Multihoming Disconnected Backbone

Disconnected Backbone p ISP runs large network n Network has no backbone, only large PoPs in each location n Each PoP multihomes to upstreams n Common in some countries where backbone circuits are hard to obtain p This is to show how it could be done n Not impossible, nothing illegal

Disconnected Backbone City One IXP A City Two IXP Upstream B Upstream AS120 City Three IXP AS110 C City Four D IXP

Disconnected Backbone p Works with one AS number n Not four no BGP loop detection problem p Each city operates as separate network n Uses defaults and selected leaked prefixes for loadsharing n Peers at local exchange point

Disconnected Backbone p Router A Configuration router bgp 100 network 121.10.0.0 mask 255.255.248.0! neighbor 122.100.0.1 remote-as 120 neighbor 122.100.0.1 description AS120 Serial 0/0 neighbor 122.100.0.1 prefix-list default in neighbor 122.102.0.1 prefix-list my-block out neighbor 122.102.10.1 remote-as 110 neighbor 122.102.10.1 description AS110 Serial 1/0 neighbor 122.102.10.1 prefix-list rfc1918-sua in neighbor 122.102.10.1 prefix-list my-block out neighbor 122.102.10.1 filter-list 10 in continued on next page

Disconnected Backbone ip prefix-list my-block permit 121.10.0.0/21 ip prefix-list default permit 0.0.0.0/0! ip as-path access-list 10 permit ^(110_)+$ ip as-path access-list 10 permit ^(110_)+_[0-9]+$! etc to achieve outbound loadsharing! ip route 0.0.0.0 0.0.0.0 Serial 1/0 250 ip route 121.10.0.0 255.255.248.0 null0!

Disconnected Backbone p Peer with AS120 n Receive just default route n Announce /22 address p Peer with AS110 n Receive full routing table filter with AS-path filter n Announce /22 address n Point backup static default distance 252 in case AS120 goes down

Disconnected Backbone p Default ensures that disconnected parts of AS100 are reachable n Static route backs up AS120 default n No BGP loop detection relying on default route p Do not announce /19 aggregate n No advantage in announcing /19 and could lead to problems

IDC Multihoming

IDC Multihoming p IDCs typically are not registry members so don t get their own address block n Situation also true for small ISPs and Enterprise Networks p Smaller address blocks being announced n Address space comes from both upstreams n Should be apportioned according to size of circuit to upstream p Outbound traffic paths matter

Two Upstreams, Two Local Peers IDC Upstream ISP Local Peer AS150 Local Peer AS120 A B AS 110 AS130 C IDC core D Upstream ISP AS140 Assigned /24 from AS130 and /23 from AS140. Circuit to AS130 is 2Mbps, circuit to AS140 is 4Mbps

IDC Multihoming p Router A and B configuration n In: Should accept all routes from AS120 and AS150 n Out: Should announce all address space to AS120 and AS150 n Straightforward

IDC Multihoming p Router C configuration n In: Accept partial routes from AS130 p e.g. ^130_[0-9]+$ n In: Ask for a route to use as default p set local preference on default to 80 n Out: Send /24, and send /23 with AS-PATH prepend of one AS

IDC Multihoming p Router D configuration n In: Ask for a route to use as default p Leave local preference of default at 100 n Out: Send /23, and send /24 with AS-PATH prepend of one AS

IDC Multihoming Fine Tuning p For local fine tuning, increase circuit capacity n Local circuits usually are cheap n Otherwise p For longer distance fine tuning n In: Modify as-path filter on Router C n Out: Modify as-path prepend on Routers C and D n Outbound traffic flow is usual critical for an IDC so inbound policies need to be carefully thought out

IDC Multihoming Other Details p Redundancy n Circuits are terminated on separate routers p Apply thought to address space use n Request from both upstreams n Utilise address space evenly across IDC p Don t start with /23 then move to /24 use both blocks at the same time in the same proportion p Helps with loadsharing yes, really!

IDC Multihoming Other Details p What about failover? n /24 and /23 from upstreams blocks announced to the Internet routing table all the time n No obvious alternative at the moment p Conditional advertisement can help in steady state, but subprefixes still need to be announced in failover condition

Caveats Separating Transit and Local Paths

Transit and Local paths p Common problem is separating transit and local traffic for BGP customers p Transit provider: n Provides internet access for BGP customer over one path n Provides domestic access for BGP customer over another path n Usually required for commercial reasons p Inter-AS traffic is unmetered p Transit traffic is metered

Transit and Local paths Internet Traffic from the Internet Internet AS 120 C X Y Z A AS 110 D AS110 is transit provider but peers domestic routes with other providers (e.g. AS120) at the IXP IXP B Private peering traffic

Transit and Local paths p Assume Router X is announcing 192.168/16 prefix p Router C and D see two entries for 192.168/16 prefix: RouterC#show ip bgp Network Next Hop Metric LocPrf Weight Path * i192.168.0.0/16 10.0.1.1 100 0 120 i *>i 10.0.1.5 100 0 120 i p BGP path selection rules pick the highest next hop address n So this could be Router A or Router B! n No exit path selection here

Transit and Local paths p There are a few solutions to this problem n Policy Routing on Router A according to packet source address n GRE tunnels (gulp) p Preference is to keep it simple n Minor redesign and use of BGP weight is a simple solution

Transit and Local paths (Network Revision) Internet Traffic from the Internet Internet X AS 120 Y Z A C AS 110 D AS110 is transit provider but peers domestic routes with other providers (e.g. AS120) at the IXP IXP B Private peering traffic

Transit and Local paths p Router B hears 192.168/16 from Router Y across the IXP p Router C hears 192.168/16 from Router Z across the private peering link p Router B sends 192.168/16 by ibgp to Router C: RouterC#show ip bgp Network Next Hop Metric LocPrf Weight Path *> 192.168.0.0/16 10.1.5.7 100 0 120 i * i 10.0.1.5 100 0 120 i p Best path is by ebgp to Router Z n So Internet transit traffic to AS120 will go through private peering link

Transit and Local paths p Router D hears prefix by ibgp from both Router B and Router C p BGP best path selection might pick either path, depending on IGP metric, or next hop address, etc p Solution to force local traffic over the IXP link: n Apply high local preference on Router B for all routes learned from the IXP peers RouterD#show ip bgp Network Next Hop Metric LocPrf Weight Path * i192.168.0.0/16 10.0.1.3 100 0 120 i *>i 10.0.1.5 120 0 120 i

Transit and Local paths p High local preference on B is visible throughout entire ibgp n Including on Router C RouterC#show ip bgp Network Next Hop Metric LocPrf Weight Path * 192.168.0.0/16 10.1.5.7 100 0 120 i *>i 10.0.1.5 120 0 120 i p As a result, Internet traffic now goes through the IX, not the private peering link as intended

Transit and Local paths p Solution: Use BGP weight on Router C for prefixes heard from AS120: RouterC#show ip bgp Network Next Hop Metric LocPrf Weight Path *> 192.168.0.0/16 10.1.5.7 100 50000 120 i * i 10.0.1.5 120 0 120 i p So Router C prefers private link to AS120 for traffic coming from Internet p Rest of AS110 prefers Router B exit through the IXP for local traffic

Transit and Local paths Summary p Transit customer private peering connects to Border router n Transit customer routes get high weight p Local traffic on IXP peering router gets high local preference p Internet return traffic goes on private interconnect p Domestic return traffic crosses IXP

Caveats Backup and Non-backup

Transit and Local paths Backups p For the previous scenario, what happens if private peering link breaks? n Traffic backs up across the IXP p What happens if the IXP breaks? n Traffic backs up across the private peering p Some ISPs find this backup arrangement acceptable n It is a backup, after all

Transit and Local paths IXP Non-backup p IXP actively does not allow transit p ISP solution: n 192.168/16 via IX tagged one community n 192.168/16 via PP tagged other community n Using community tags, ibgp on IX router (Router B) does not send 192.168/16 to upstream border (Router C) p Therefore Router C only hears 192.168/16 via private peering p If the link breaks, backup is via AS110 and AS120 upstream ISPs

Transit and Local paths IXP Non-backup Internet AS120 backs up via their own upstream Internet X AS 120 Y Z A C AS 110 D AS110 is transit provider but peers domestic routes with other providers (e.g. AS120) at the IXP IXP B Private peering traffic

Transit and Local paths Private Peering link Non-backup p With this solution, a breakage in the IX means that local peering traffic will still back up over private peering link n This link may be metered p AS110 Solution: n Router C does not announce 192.168/16 by ibgp to the other routers in AS110 n If IX breaks, there is no route to AS120 n Unless Router C is announcing a default route p Whereby traffic will get to Router C anyway, and policy based routing will have to be used to avoid ingress traffic from AS110 going on the private peering link

Transit and Local paths Private Peering link Non-backup Internet Traffic from the Internet Internet Policy based routing may be needed to keep inter-as traffic off private link X AS 120 Y Z A C AS 110 D AS110 is transit provider but peers domestic routes with other providers (e.g. AS120) at the IXP IXP B

Transit and Local paths Summary p Not allowing BGP backup to do the right thing can rapidly get messy p But previous two scenarios are requested quite often n Billing of traffic seems to be more important than providing connectivity n But thinking through the steps required shows that there is usually a solution without having to resort to extreme measures

Caveats Avoiding Backbone Hijack

Backbone Hijacks p Can happen when peering ISPs: n are present at two or more IXPs n have two or more private peering links p Usually goes undetected n Can be spotted by traffic flow monitoring tools p Done because: n Their backbone is cheaper than mine p Caused by misconfiguration of private peering routers

Avoiding Backbone Hijack Internet IXP2 X AS 120 C Internet Y Z A AS 110 D AS120 deliberately uses AS110 s backbone as transit path between two points in the local network IXP1 B

Avoiding Backbone Hijack p AS110 peering routers at the IXPs should only carry AS110 originated routes n When AS120 points static route for an AS120 destination to AS110, the peering routers have no destination apart from back towards AS120, so the packets will oscillate until TTL expiry n When AS120 points static route for a non- AS110 destination to AS110, the peering routers have no destination at all, so the packet is dropped

Avoiding Backbone Hijack p Same applies for private peering scenarios n Private peering routers should only carry the prefixes being exchanged in the peering n Otherwise abuses are possible p What if AS110 is providing the full routing table to AS120? n AS110 is the transit provider for AS120

Avoiding Backbone Hijack Internet Internet X AS 120 C Y Z A AS 110 D B AS120 deliberately uses AS110 s backbone as transit path between two points in the local network

Avoiding Backbone Hijack p Router C carries a full routing table on it n So we can t use the earlier trick of only carrying AS110 prefixes p Reverse path forwarding check? n But that only checks the packet source address, not the destination and the source is fine! p BGP Weight n Recall that BGP weight was used to separate local and transit traffic in the previous example n If all prefixes learned from AS120 on Router C had local weight increased, then destination is back out the incoming interface n And the same can be done on Router B

Avoiding Backbone Hijack Summary p These are but two examples of many possible scenarios which have become frequently asked questions p Solution is often a lot simpler than imagined n BGP Weight, selective announcement by ibgp, simple network redesigns

Summary p Complex Cases n Multiple Transits n Multi-exit backbone n Disconnected Backbone n IDC Multihoming p Caveats n No default route on: p Private peer edge router p IXP peering router n Separating transit and local paths n Backup and non-backup n Avoiding backbone hijack

Multihoming Complex Cases & Caveats ISP Workshops

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback