OPTIMAL ROUTING VS. ROUTE REFLECTOR VNF - RECONCILE THE FIRE WITH WATER

Similar documents
Egress Protection (draft-shen-mpls-egress-protection-framework) Presented by Krzysztof G. Szarkowicz NANOG71 October 4, 2017

Examination. ANSWERS IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491

BGP mvpn BGP safi IPv4

Protecting an EBGP peer when memory usage reaches level 2 threshold 66 Configuring a large-scale BGP network 67 Configuring BGP community 67

Implementing MPLS Layer 3 VPNs

BGP Best External. Finding Feature Information

Ravi Chandra cisco Systems Cisco Systems Confidential

BGP Routing and BGP Policy. BGP Routing. Agenda. BGP Routing Information Base. L47 - BGP Routing. L47 - BGP Routing

TELCO GROUP NETWORK. Rafał Jan Szarecki 23/10/2011

ibgp Multipath Load Sharing

Deploying MPLS L3VPN. Apricot Cisco and/or its affiliates. All rights reserved. Cisco Public

Designing Mul+- Tenant Data Centers using EVPN- IRB. Neeraj Malhotra, Principal Engineer, Cisco Ahmed Abeer, Technical Marke<ng Engineer, Cisco

Configuration prerequisites 45 Configuring BGP community 45 Configuring a BGP route reflector 46 Configuring a BGP confederation 46 Configuring BGP

Deploy MPLS L3 VPN. APNIC Technical Workshop October 23 to 25, Selangor, Malaysia Hosted by:

Configuring BGP community 43 Configuring a BGP route reflector 44 Configuring a BGP confederation 44 Configuring BGP GR 45 Enabling Guard route

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

BGP Diverse Path Using a Diverse-Path Route Reflector

Network Configuration Example

InterAS Option B. Information About InterAS. InterAS and ASBR

Inter-Domain Routing: BGP

MPLS L3VPN. The MPLS L3VPN model consists of three kinds of devices: PE CE Site 2. Figure 1 Network diagram for MPLS L3VPN model

MPLS VPN Inter-AS IPv4 BGP Label Distribution

Advanced Computer Networks

HP A5820X & A5800 Switch Series MPLS. Configuration Guide. Abstract

Introduc)on to Computer Networks

IPv6 Switching: Provider Edge Router over MPLS

MPLS VPN--Inter-AS Option AB

MPLS VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses

IPv6 Switching: Provider Edge Router over MPLS

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

MPLS VPN Inter-AS Option AB

BGP Additional Paths. Finding Feature Information. Information About BGP Additional Paths. Problem That Additional Paths Can Solve

Configuring BGP. Cisco s BGP Implementation

PREREQUISITES TARGET AUDIENCE. Length Days: 5

internet technologies and standards

Configuring BGP on Cisco Routers Volume 1

High Availability for 2547 VPN Service

Introduction to External Connectivity

Multi Topology Routing Truman Boyes

Multiprotocol BGP (MBGP)

Examination. IP routning på Internet och andra sammansatta nät, DD2491 IP routing in the Internet and other complex networks, DD2491

Back to basics J. Addressing is the key! Application (HTTP, DNS, FTP) Application (HTTP, DNS, FTP) Transport. Transport (TCP/UDP) Internet (IPv4/IPv6)

Configuring Multicast VPN Inter-AS Support

TELE 301 Network Management

Cisco Implementing Cisco IP Routing v2.0 (ROUTE)

LACNIC XIII. Using BGP for Traffic Engineering in an ISP

BGP Next Hop Unchanged

Introduction. Keith Barker, CCIE #6783. YouTube - Keith6783.

Configuration Commands. Generic Commands. shutdown BGP XRS Routing Protocols Guide Page 731. Syntax [no] shutdown

MPLS Workshop. Apricot Lab Guide and Modules. 24 th to 28 th March 2015

Junos OS Multiple Instances for Label Distribution Protocol Feature Guide Release 11.4 Published: Copyright 2011, Juniper Networks, Inc.

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

MPLS VPN Carrier Supporting Carrier Using LDP and an IGP

Some Foundational Problems in Interdomain Routing

Exam Name: Service Provider, Professional (JNCIP-SP)

Connecting to a Service Provider Using External BGP

Network Configuration Example

MPLS VPN over mgre. Finding Feature Information. Last Updated: November 1, 2012

LARGE SCALE IP ROUTING LECTURE BY SEBASTIAN GRAF

Internet Routing Basics

Hierarchical Fabric Designs The Journey to Multisite. Lukas Krattiger Principal Engineer September 2017

BGP Protocol & Configuration. Scalable Infrastructure Workshop AfNOG2008

Routing Basics. SANOG July, 2017 Gurgaon, INDIA

BGP Commands on Cisco ASR 9000 Series Router

Operation Manual MCE H3C S3610&S5510 Series Ethernet Switches. Table of Contents

BGP Support for the L2VPN Address Family

BGP Support for the L2VPN Address Family

Configuring BGP: RT Constrained Route Distribution

MPLS VPN C H A P T E R S U P P L E M E N T. BGP Advertising IPv4 Prefixes with a Label

Routing Basics ISP/IXP Workshops

CS BGP v4. Fall 2014

FAQ. Version: Copyright ImageStream Internet Solutions, Inc., All rights Reserved.

Configuring MPLS L3VPN

CS519: Computer Networks. Lecture 4, Part 5: Mar 1, 2004 Internet Routing:

2610:f8:ffff:2010:04:13:0085:1

Network Configuration Example

BGP Tutorial. APRICOT 2004, Kuala Lumpur February Philip Smith APRICOT , Cisco Systems, Inc. All rights reserved.

MPLS VPN Route Target Rewrite

COURSE OUTLINE: Course: CCNP Route Duration: 40 Hours

Routing Basics. ISP Workshops. Last updated 10 th December 2015

UNDERSTANDING CONVERGENCE IN MPLS VPN NETWORKS. Mukhtiar A. Shaikh Moiz Moizuddin

Configure Segment Routing for BGP

Securizarea Calculatoarelor și a Rețelelor 32. Tehnologia MPLS VPN

Internet inter-as routing: BGP

Implementing Cisco IP Routing (ROUTE)

Cisco CCNP ROUTE: Implementing Cisco IP Routing (ROUTE) 2.0. Upcoming Dates. Course Description. Course Outline

ENTERPRISE MPLS. Kireeti Kompella

Implementing BGP. BGP Functional Overview. Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) that allows you to create loop-free

IBGP internals. BGP Advanced Topics. Agenda. BGP Continuity 1. L49 - BGP Advanced Topics. L49 - BGP Advanced Topics

Routing Basics. Routing Concepts. IPv4. IPv4 address format. A day in a life of a router. What does a router do? IPv4 Routing

Routing Basics. Campus Network Design & Operations Workshop

Routing Concepts. IPv4 Routing Forwarding Some definitions Policy options Routing Protocols

Configure SR-TE Policies

Contents. EVPN overview 1

BGP Attributes and Path Selection

Configuring Internal BGP Features

Inter-Autonomous-System Routing: Border Gateway Protocol

IOS Implementation of the ibgp PE CE Feature

Fundamentals of Egress Peering Engineering. Application Note

Vendor: Alcatel-Lucent. Exam Code: 4A Exam Name: Alcatel-Lucent Border Gateway Protocol. Version: Demo

Transcription:

OPTIMAL ROUTING VS. ROUTE REFLECTOR VNF - RECONCILE THE FIRE WITH WATER Rafal Jan Szarecki #JNCIE136 Solu9on Architect, Juniper Networks.

AGENDA Route Reflector VNF - goals Route Reflector challenges and the tradi9onal answer Route Reflector VNF the solu9on

RR VNF Have RR s (mul9ple/all) running on VM in Data Center, wherever DC is. So RR as a VNF. Ensure that RR Client (RRC) receives paths that are at least as op9mal as in the tradi9onal design. Keep session and path scale under control. VNF Virtual Network Func9on and instan9a9on of network func9on based on NFV concept.

Route Reflector vs. Router ROUTERS Forward packets/data Data storage and processing is overhead (cost of doing business) RR is all about data storage and processing cost of doing business side affect of BGP support on routers. Data (packet) forwarding performance Data storing, processing and computa9on performance SERVERS Computes and stores data x86 appliance is much cheaper then router, but VM is even cheaper in DC, more scalable, and easier to instan9ate

Typical design w/ RR Router performs RR func9on In addi9on to its primary role of forwarder, OR As a dedicated pla_orm RR cluster regional scope RR as re9rement plan for old routers? Old router == slow CPU and low Memory Short 9me op9miza9on - routers == BGP RRC P- routers

Let s op9mize pla_orm Replace Router based RR, with server appliance Carrier- grade SW now available (commercial and/or public domain) Befer price to compute performance What we do not gain? Interfaces to connect RR appliance into network. Also on network router. Maintenance trips s9ll needed, new skills needed to manage. Servers HW has shorter live cycles. Server appliance running BGP RR - routers P- routers

Let s op9mize quan9ty central RR That isn t a new idea Quite common and works well for VPN in many providers 2 central RR s Not that popular for Internet why? Two fundamental issues w/ Central RR s: Session and Path scaling Subop9mal rou9ng.

Session scaling problem Central RR would have to keep 1000 s of sessions (say N). Pressure on: Memory not big deal nowadays CPU session maintenance (keep- a- lives, BFD, counters) Communica9on path - Any update needs to be sent N 9mes.

Session scaling - tradi9onal answer Divide and conquer Regional RRs - mi9gates the problem. O(n+m) instead of O(n*m) sessions n number of regions m number of RRCs in each region N=n*m O(n+m) Regional RR - scaling

Path scaling problem Central RR learns all prefixes from all exit nodes VPN A given customer site is (usually) single or dual- homed avg. is <2 paths per prefix Typically there are less VPN prefixes than on Internet (and can always be par99oned) Internet Large providers have 10 s peers from who all internet prefixes are accepted. Provided 0.5M prefixes - 10 s of millions of paths. Pressure on: CPU best path selec9on among more paths takes more 9me. More paths higher churn There is no such thing as too- fast convergence

Path scaling - tradi9onal answer Regional RRs - mi9gates the problem. Less sessions - > less paths per prefix. O(n+m) instead of O(n*m) sessions n number of regions m number of RRCs in each region Scale pressure O(n+m) Regional RR - scaling

Rou9ng Op9mality problem RR adver9ses only one path per prefix It chooses one using BGP path- selec9on. BGP NextHop (NH) closer to RR - wins. RRC is not aware about alterna9ve paths can t select it, even if it would be op9mal. L3VPN overcomes it by having - unique Route Dis9nguisher. Internet doesn t have this op9on (no RD). Add- path instead. Add all path - > scaling explosion Add 2 nd - best path - > s9ll could be very un- op9mal exit from RRC perspec9ve.

Rou9ng Op9mality tradi9onal answer Regional RRs - mi9gates the problem. Regional RR select closest - in- region exit ASBR. Semi- op9mal from RRC perspec9ve Good enough.

topology independent RR VNF Goals Have RR s (mul9ple/all) running on VM in Data Center, wherever DC is. So RR as a VNF. Ensure that RR Client (RRC) receives paths that are at least as op9mal as in the tradi9onal design. Keeps session and path scale under control. Assump9on: DC infrastructure may have L3 elements that do not par9cipate in any WAN rou9ng protocol (IGP, BGP)

BGP path selec9on 1. Verify that the next hop can be resolved. 2. Choose the path with the lowest preference value (rou9ng protocol process preference). 3. For BGP, prefer the path with higher local preference. 4. For BGP, prefer the path with the shortest autonomous system (AS) path value. 5. For BGP, prefer the route with the lower origin code. 6. For BGP, prefer the path with the lowest mul9ple exit discriminator (MED) metric. 7. Prefer strictly external BGP (EBGP) paths over external paths learned through internal BGP (IBGP) sessions. 8. For BGP, prefer the path whose next hop is resolved through the IGP route with the lowest metric. 9. For BGP, if both paths are external, prefer the currently ac9ve path to minimize route- flapping. 10. For BGP, prefer the path from the peer with the lowest router ID. For any path with an originator ID afribute, subs9tute the originator ID for the router ID during router ID comparison. 11. For BGP, prefer the path with the shortest cluster list length. The length is 0 for no list. 12. For BGP, prefer the path from the peer with the lowest peer IP address.

Example BEFORE Separate RR s for VPN and Internet 4 regions, 16 RR s all together. spread amongst 8 loca9ons for geo- redundancy DC are in low- real- estate- cost parts of country. West region DataCenter North region P P South region ASB R ASB R INTERNET_RR2 VPN_RR2 INTERNET_RR1 VPN_RR1 P INTERNET_RR2 VPN_RR2 P P INTERNET_RR1 INTERNET_RR2 VPN_RR2 VPN_RR1 P P INTERNET_RR2 P VPN_RR2 INTERNET_RR1 VPN_RR1 INTERNET_RR1 P VPN_RR1 ASB R ASB R East region DataCenter

Example AFTER Separate RR s for VPN and Internet 4 regions, 16 RR s all together. 16 spread amongst 2 locanons for geo- redundancy DC are on low- real- estate- cost parts of country. RR s path selecnon works as they would be in BEFORE state.

The Solu9on Sta9c route used to reach peer s loopbacks BGP sessions with the same set of RRCs and peer RR as usual/before. Global/default instance shadow rou9ng context/instance Used only to resolve (global instance) BGP path NH Let IGP of the network build rou9ng tables of the shadow instance IGP metrics/topology in this instance are as RR would be installed in given region. glocal instance BGP forward BGP messages GRE tunnel store paths RIBs FIB RR vrr VNF NH resolution shadow instance IPv4, IPv6 RIB s IGP (LDP) FIB RESULT : BGP best PATH selec9on is as the RR would be directly connected to the shadow s host. vrr shadow s host router

Shadow instance IGP derives reachability of RRC - fast BGP convergence via NextHop tracking. Terminates GRE tunnel (tunnel payload). IGP and BFD run inside tunnel. Metric is MAX- 1 For security reasons, no transit traffic inside tunnel (filters or other means) IGP adjacency with the shadow s host router(s) Metrics/Topology view as RR would be connected to shadow s host Over GRE tunnel Policies IGP set to overload state. IGP routes are not inserted into FIB of shadow instance. Only host routes (/32 and /128; loopbacks) are accepted from IGP s LSDB into rou9ng table. Only these routes are visible for BGP NH resolu9on. glocal instance BGP forward BGP messages GRE tunnel store paths RIBs FIB RR vrr VNF NH resolution shadow instance IPv4, IPv6 RIB s IGP (LDP) FIB vrr shadow s host router LDP/RSVP may be needed as well, depending on RR VNF implementa9on for BGP labeled NLRI resolu9on.

Shadow s host Regular router deep in the network. The one that would connect dedicated RR in a tradi9onal design. It holds GRE tunnel to RR VNF. Tunnels des9na9on is the RR s loopback (global context) Tunnels payload is terminated into shadow instance of RR. IGP and BFD runs inside tunnel. Metric is MAX- 1 For security reasons, tunnel configura9on ensures no transit traffic (filters or other means) glocal instance BGP forward BGP messages GRE tunnel store paths RIBs FIB RR vrr VNF NH resolution shadow instance IPv4, IPv6 RIB s IGP (LDP) FIB vrr shadow s host router

RR VNF global instance BGP protocol is configured in the global context as usual on Route Reflectors. Only sta9c routes toward client s loopback s exist in the default instance FIB (other routes filtered out). 2 gateways BFD BGP NH resolver configured to use rou9ng tables (RIB) of the shadow instance. NH tracking IGP Topology/metrics form remote regon point of view Rou9ng and forwarding of GRE packets (ayer encapsula9on) to shadow s host router. Forwarding of BGP (and BFD) packets to BGP peers (RRC and other RR s). Not tunneled. Follow shortest IGP path glocal instance BGP forward BGP messages GRE tunnel store paths RIBs FIB RR vrr VNF NH resolution shadow instance IPv4, IPv6 RIB s IGP (LDP) FIB vrr shadow s host router

RR VNF - network resiliency 2 GRE tunnels are recommended. Each to a separate shadow s host router. Ideally both shadow s host should have same IGP path cost to members of given RR cluster.

Rou9ng recursion avoidance Running protocol over tunnel (IGP over GRE) It is asking for a problem. Recursion à packet losses à IGP session flaps à BGP NH invalid à BGP withdraws Total network failure! Use of separate rou9ng instances solves the problem: Default rou9ng instance is used to send GRE (tunneling) packets (and it is based on sta9c rou9ng only) Shadow rou9ng instance par9cipate in IGP rou9ng. It may learn the tunnel des9na9on address but: this route is never used to forward GRE (tunneling) packets. this route could be used to forward tunneled packets reach shadow s host for IGP, BFD, OAM, etc.

RR VNF prevent transit traffic RR VNF has limited forwarding capacity But it is part of the IGP w/ 2 interfaces (GRE redundancy) could end up on the shortest path for some traffic. To prevent: High tunnel metric Overload bit/state Filters on entry into GRE at shadow s host

Extending concept Mul9ple shadow instances different topology and different egress node selec9on per address family. Example: Internet and L3VPN BGP paths resolved in shadow but, VPLS paths resolved in shadow2 and Inet.2 paths resolved in shadow3, etc Each of the shadowx have GRE tunnels to other shadow s hosts à different topology view à different IGP cost to BGP NHs.

Summary Instan9ate RR as VNF could provide op9mal rou9ng Regardless of physical VNF (Data Centre) loca9on Evolu9onary alterna9ve solu9on to ORR NH resolu9on and resul9ng Path selec9on could be differen9ated on per Address Family basis. Protec9on of RR VNF against unwanted transit traffic needs to be in place.

THANK YOU

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback