APNIC Routing Workshop Surabaya, Indonesia 13-15 November, 2013 Proudly Supported by:
Presenter Champika Wijayatunga Training Unit Manager, APNIC Champika is responsible for managing its training activities in the Asia Pacific region and brings several years of experience, having worked in a number of countries in the IT industry, academia, research, and training environments. Areas of interests: Internet Resource Management, IPv6, DNS/DNSSEC, Network Security Contact: champika@apnic.net
Presenters Wita Laksono Internet Resource Analyst, APNIC Wita is responsible for analyzing IP address and AS number requests from APNIC members. He also supports APNIC helpdesk and skilled in Network Engineering aspects. Areas of interests: Internet Resource Management, IPv6 Contact: wita@apnic.net
Agenda Managing Internet Resources Routing Fundamentals IPv6 Overview Network Design and Address Planning Interior Gateway Protocol (IGP) OSPF (Case Study) Exterior Gateway Protocol (EGP) BGP (Case Study) 4
Managing Internet Resources 5
Internet Resource Management Conservation Efficient use of resources Based on demonstrated need Aggregation Limit routing table growth Support provider-based routing Registration Ensure uniqueness Facilitate troubleshooting Uniqueness, fairness and consistency
IPv4 Address Space Source: NRO
APNIC IPv4 Distribution
IPv6 Address Space Source - NRO
Allocation and Assignment Allocation A block of address space held by an IR (or downstream ISP) for subsequent allocation or assignment Not yet used to address any networks Assignment A block of address space used to address an operational network May be provided to ISP customers, or used for an ISP s infrastructure ( selfassignment ) 10
Allocation and Assignment APNIC Allocates to APNIC Member /8 (IPv4) /12 (IPv6) APNIC Allocation APNIC Member Allocates to downstream Downstream Assigns to end-user Assigns to end-user Customer / End User /24 (IPv4) /40 (IPv6) Sub- Allocation /27 /26 /25, /48 /22 (IPv4) /32 (IPv6) Member Allocation Customer Assignments /26, /56 /27, /64
Portable and Non-Portable Portable Assignments Customer addresses independent from ISP Keeps addresses when changing ISP Bad for size of routing tables Bad for QoS: routes may be filtered, flap-dampened Non-portable Assignments Customer uses ISP s address space Must renumber if changing ISP Only way to effectively scale the Internet Portable allocations Allocations made by APNIC/NIRs ISP Allocation ISP Customer assignments Customer assignments 12
Address Management Hierarchy /12 APNIC Allocation /12 APNIC Allocation Member Allocation Portable /32 Sub-allocation /40 Non-Portable Assignment Portable /48 Assignment Non-Portable /64 - /48 /64 - /48 Assignment Non-Portable Describes portability of the address space 13
Global Routing Table IPv4 http://bgp.potaroo.net/as1221/bgp-active.html 481809 prefixes As of 16 Oct 2013 Sustainable growth? Projected routing table growth without CIDR CIDR deployment Dot-Com boom
Global Routing Table IPv6 Source: http://bgp.potaroo.net/v6/as2.0/
Questions?
Routing Fundamentals
Graphics / Symbols Used Router (layer 3, IP datagram forwarding) Network Access Server (layer 3, IP datagram forwarding ) Ethernet switch (layer 2, packet forwarding)
What is a Routing Protocol? A set of rules defined to facilitate the exchanges of routing information between routers (Layer 3 device) inside networks Builds routing tables dynamically based on updates from its neighbours Allows the router to find the best path in a network that has more than one path to a remote network. Maintains connectivity between devices within the network.
Routing Protocol Behaviour Updates Layer 3 routing devices, to route the data across the best path Learns participating routers advertised routes to discover their neighbors Learned routes are stored inside the routing table
What is Routing? Routing is the method of delivering an item from one location to another Example Post Mail = delivery is being done via Post Office In a router network environment, it forwards traffic to a logical device destination interface. Routers perform two functions to deliver the packets to their destination: 1. Routing: Learning the logical topology of the network to store the path inside the routing table to where the traffic should flow 2. Switching: Forwarding the packets from an inbound interface to the outbound interface within the router
Distinction between Routed and Routing Protocols Routed protocols Layer3 datagram that carry the information required in transporting the data across the network Routing protocols Handles the updating requirement of the routers within the network for determining the path of the datagram across the network
Routing and Routed Protocols Routed protocol Routing protocol AppleTalk IPX Vines DecNet IV IP RTMP, AURP, EIGRP RIP, NLSP, EIGRP RTP DecNet RIPv2, OSPF, IS-IS, BGP and (Cisco Systems proprietary) EIGRP,
Routing Requirements Activation of the protocol suite from such devices participating in the network Knowledge of the network destination Must have an available entry in the routing table Must have a valid and current route entry Interface presenting the best route path Outbound interface with the lowest metric path
Routing Information A routing table entry must contain the following information: Network field Outgoing interface Metric field Next-hop field
Network Field Contains information of entries Networks learned (destination logical network or subnets) Manually (static or default routes) Dynamically (learned from routing protocol as dynamic routes) Information recorded is the entry on where to forward traffic to its destination when the datagram is received.
Outgoing Interface Field Interface to where the router sends the datagram Informs the administrator of interface where the update came through
Metric Field Used to determine which path to use if there are multiple paths to the remote network Provides the value to select the best path But take note of the administrative distance selection process J
Routing Protocol Metrics Routing protocol Metric RIPv2 Hop count EIGRP Bandwidth, delay, load, reliability, MTU OSPF IS-IS Cost (the higher the bandwidth indicates a lowest cost) Cost
Administrative Distance The method used for selection of route priority of IP routing protocol. The lowest administrative distance is preferred. Manually entered routes are preferred over dynamically learned routes Static routes Default routes Dynamically learned routes depend on the routing protocol metric calculation algorithm. For default metric values, the smallest metric value is preferred.
Administrative Distance Chart (Cisco) Route sources Default distance Connected interface 0 Static route out an interface 0 Static route to a next hop 1 External BGP 20 IGRP 100 OSPF 110 IS-IS 115 RIP v1, v2 120 EGP 140 Internal BGP 200 Unknown 255
Next Hop Field Contains the destination address of the next forwarding router Address of the next hop (outgoing interface) usually within the same subnet ibgp (exemption to the rule) Identifies the next hop so that the router can create the Layer2 frame with the destination address
Routing Table Sample (Cisco) Cisco-router#sh ip route Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default, U - per-user static route, o - ODR P - periodic downloaded static route Gateway of last resort is not set????????????? 202.41.143.0/24 is variably subnetted, 2 subnets, 2 masks S 202.41.143.0/24 is directly connected, Null0 C 202.41.143.17/32 is directly connected, Loopback0 O E2 10.110.0.0 [110/5] via 10.119.254.6, 0:01:00, Ethernet2 O 10.67.10.0 [110/128] via 10.119.254.244, 0:02:22, Ethernet2 B 217.170.115.0/24 [20/0] via 12.123.29.249, 5d16h Sample only
Routing Table Updates Routing table entry accuracy is required to make sure of the following: Table entries are current and correct New networks are inserted into the table Best path is available to reach the destination network Alternative routes are available to reach the destination network Networks that is no longer available should not be seen in the routing table Depends on the routing protocol
Routing Decisions The main goal of the routing decision is to maintain a path that is valid and free from routing loops to the destination network, regardless of whether it is single hop or a multiple hop path The decision is made based on the metric value in the routing table Using the sum of the metrics associated with the default routing protocol value and the intermediate connections
Router Traffic Forwarding Forwards traffic to the out-bound interface Routing table entry ensures that the network topology is learnt Routing table entries that contain the information of the routes learned from other routers
Classful and Classless Distinction
Types of Routing Protocols Routing protocols are essentially applications inside the router designed to ensure correct and timely exchange of information within the network The IP routing protocol has several distinctions which can be divided into different groups The first is the group is how the routing protocol handles the subnet mask sent during the routing update The early routing protocols don t support this but the newer one s like RIP2, OSPF, ISIS, BGP4 support it. The distinctions are called classful and classless
Classful routing protocol (obsolete) Periodic updates are done by the routing protocol does not carry out subnet or routing masks because the assumption is always based on network bit boundaries does not support VLSM which makes it inefficient for addressing the network This has been obsolete for a long time but for knowledge purposes there are two protocols designed for it. RIPv1 IGRP It has created constraints to IP network design due to its limitations
Classless Routing Protocol Classless routing protocol was designed to overcome the constraints from classful routing OSPF IS-IS EIGRP (Cisco) BGP lead also to the development of RIP2
Characteristics of Classless Routing Support for different subnet mask values Routers can be configured to have different subnet masks (VLSM) Supports route summarisation Manual configuration Supports Classless Interdomain Routing (CIDR) architecture
Distance Vector
Distance Vector Routing Protocol Another distinction based on the behavior of learning the path to the destination network Distance vector and Link-State protocols Distance vector routing protocol Early technology of IP routing protocols (RIPv2) Concept design was for small networks
Distance Vector Operation Maintains its own table by sending its own modified table for updates Sends updates to directly connected neighbors is done in a periodic manner. This is commonly known as the (routing by rumor) the timer needs to reach the expiration stage before the next update will be sent NOTE: Updating of the tables affects the entire routing table, except those networks learned from interfaces where update is sent
Link-state
Link-State Routing Protocol Link-state routing protocol was designed to overcome the limitation of Distance Vector routing protocol. The main goal is to achieve the following: Maintain a loop-free and accurate table Utilises multicast address and make updated based on incremental Fast convergence of the network Reduce the network overhead during updates Selection of best path based on link status Routing protocols that support link-state are: OSPF IS-IS
Link-state Operation Link state operates through its main concern focusing on the link connected to the router (not the routes) Changes in the link state is propagated to its neighboring routers to maintain the same image of the network topology among each neighbors Uses the router s CPU resources instead of bandwidth like Distance Vector When there is a state change the incremental update is sent to neighboring routers immediately, remains silent if there s no change in the link state.
Link-state Operation Maintains the topology map of the network for easy local network table updates via incremental updates OSPF = Link State Advertisement (LSA) Dijkstra algorithm used to compute the new topology map of the network Metric used in Link-state is stated as cost Equipment vendors default value setting can be overridden in manual configuration
Link-State Comparison Chart Characteristic OSPF IS-IS Hierarchical topology X X Retains knowledge of all possible routes X X Routes summarisation - manual X X Event-triggered announcement X X Load balancing equal path X X VLSM support X X Routing algorithm Dijkstra IS-IS Metric Cost Cost Hop Count limit Unlimited 1024 Scalability Large Vry-Lrg
Interior and Exterior Routing Protocols Other group distinctions with routing protocols are simplified as the protocols used for internal or external networks Interior Routing protocol used to maintain routes within the organisation Routing protocols that support it are: RIPv2, OSPF, IS-IS, EIGRP (Cisco) Exterior Routing protocol used to maintain routes connecting to different organisations Exchange routing information between organisations Using Exterior Gateway Protocol (EGP) Border Gateway Protocol version 4 (BGP-4)
Addressing Issues and Solutions
IP Addressing Issues Exhaustion of IPv4 addresses Wasted address space in traditional subnetting Limited availability of /8 subnet addresses Internet routing table growth Size of the routing table due to higher number prefix announcement Tremendous growth of the Internet
IP Addressing Solutions Subnet masking and summarisation Variable-length subnet mask definition Hierarchical addressing Classless InterDomain Routing (CIDR) Routes summarisation (RFC 1518) Private address usage (RFC 1918) Network address translation (NAT) Development of IPv6 addresses
Subnetting Overview Allows the creation of additional sub-networks by simply moving the network boundary to the right When the contiguous 1s are added, it indicates by how many bits the network portion will be extended The sub-network is calculated by the 2 n where n is the number of extended bits.
Addressing Hierarchy Support for easy troubleshooting, upgrades and manageability of networks Performance optimisation Scalable and more stable Less network resources overhead (CPU, memory, buffers, bandwidth) Faster routing convergence
Addressing Hierarchy Example Upstream A Upstream B Border Core IXP A Distribution IXP B POP Access Access POP
Addressing Hierarchical (cont.) Network Number 192.168.0.0/16 Core 192.168.32.0/19 Upstream A Upstream B Border Core IXP A Distribution IXP B Distribution/Core 192.168.32.0/21 Access/Distribution 192.168.48.0/21 POP Access Access POP
Variable Length Subnet Mask Allows the ability to have more than one subnet mask within a network Allows re-subnetting create sub-subnet network addresses Increase the route capabilities Addressing hierarchy Summarisation
Calculating VLSM Example Subnet 192.168.0.0/24 into smaller subnet Subnet mask with /27 and /30 (point-to-point) 192.168.1.0/24 192.168.0.0/16 192.168.0.1/30 192.168.0.32/27 192.168.2.0/24 192.168.0.5/30 192.168.0.64/27 192.168.0.9/30 192.168.0.96/27
Calculating VLSM Example (cont.) Subnet 192.168.0.0/24 into smaller subnets Subnet mask with /30 (point-to-point) Description Decimal Binary Network Address 192.168.0.0/30 x.x.x.00000000 1 st valid IP 192.168.0.1/30 x.x.x.00000001 2 nd valid IP 192.168.0.2/30 x.x.x.00000010 Broadcast address 192.168.0.3/30 x.x.x.00000011
Calculating VLSM Example (cont.) Subnet 192.168.0.0/24 into smaller subnets Subnet mask with /27 Description Decimal Binary Network Address Valid IP range 192.168.0.33-192.168.0.62 192.168.0.32/27 x.x.x.00000000 x.x.x.00000001 x.x.x.00000010 Broadcast address 192.168.0.63/30 x.x.x.00011111
Calculating VLSM Example (cont.) Subnet 192.168.0.0/24 into smaller subnets Subnet mask with /27 Description Decimal VSLM Host Host range 1 st subnet 192.168.0.0/27 x.x.x.000 0-31 2 nd subnet 192.168.0.32/2 7 3 rd subnet 192.168.0.64/2 7 4 th subnet 192.168.0.96/2 7 x.x.x.001 31-63 00000 x.x.x.010 64-95 x.x.x.011 96-127 n = 5 (n is the remaining subnet bits ) 2n 5 = 30 host per subnet
Summarisation of Routes
Route Summarisation Allows the presentation of a series of networks in a single summary address. Advantages of summarisation Faster convergence Reducing the size of the routing table Simplification Hiding Network Changes Isolate topology changes
Summarisation Example Router C summarises its networks (2 x/24) before announcing to its neighbors (routers B and D) Router A combined the networks received from B, C, D and announce it as single /16 routing to Internet 192.168.128.0/20 192.168.128.0/20 B 192.168.0.0/24 192.168.1.0/24 C 192.168.0.0/23 192.168.0.0/16 A Internet 192.168.64.0/20 192.168.64.0/20 D
Route summarisation Subnet 192.168.0.0/24 and 192.168.1.0/24 combining then to become a bigger block of address /23 Network Subnet Mask Binary 192.168.0.0 255.255.255.0 x.x.00000000.x 192.168.1.0 255.255.255.0 x.x.00000001.x Summary 192.168.0.0/23 x.x.00000010.x 192.168.0.0 255.255.252.0 x.x.00000010.x
Discontiguous Networks A network not using routing protocols that support VLSM creates problems Router will not know where to send the traffic Creates routing loops or duplication Summarisation is not advisable for networks that are discontiguous Turn off summarisation Alternative solution but understand the scaling limitation Find ways to re-address the network Can create disastrous situation
CIDR Solution Advantage CIDR offers the advantage of reducing the routing table size of the network by summarising the ISP announcement into a single /21 advertisement 192.168.1.0/24 B 192.168.1.0/24 192.168.2.0/24 192.168.2.0/24 192.168.0.0/21 192.168.3.0/24 C 192.168.3.0/20 A Internet 192.168.4.0/24 192.168.4.0/24 D
A day in a life of a router find path forward packet, forward packet, forward packet, forward packet... find alternate path forward packet, forward packet, forward packet, forward packet repeat until powered off
Routing versus Forwarding Routing = building maps and giving directions Forwarding = moving packets between interfaces according to the directions
IP Routing finding the path Path derived from information received from a routing protocol Several alternative paths may exist best path stored in forwarding table Decisions are updated periodically or as topology changes (event driven) Decisions are based on: topology, policies and metrics (hop count, filtering, delay, bandwidth, etc.)
IP route lookup Based on destination IP address longest match routing More specific prefix preferred over less specific prefix Example: packet with destination of 10.1.1.1/32 is sent to the router announcing 10.1/16 rather than the router announcing 10/8.
IP route lookup Based on destination IP address Packet: Destination IP address: 10.1.1.1 R3 10/8 announced from here R1 R2 10/8 R3 10.1/16 R4 20/8 R5 30/8 R6.. R2 s IP routing table R4 10.1/16 announced from here
IP route lookup: Longest match routing Based on destination IP address Packet: Destination IP address: 10.1.1.1 R3 10/8 announced from here R1 R2 10/8 R3 10.1.1.1 && FF.0.0.0 10.1/16 R4 vs. 20/8 R5 10.0.0.0 && FF.0.0.0 30/8 R6.. R2 s IP routing table Match! R4 10.1/16 announced from here
IP route lookup: Longest match routing Based on destination IP address Packet: Destination IP address: 10.1.1.1 R3 10/8 announced from here R1 R2 10/8 R3 10.1/16 R4 20/8 R5 30/8 R6.. R2 s IP routing table 10.1.1.1 && FF.FF.0.0 vs. 10.1.0.0 && FF.FF.0.0 R4 10.1/16 announced Match as well! from here
IP route lookup: Longest match routing Based on destination IP address Packet: Destination IP address: 10.1.1.1 R3 10/8 announced from here R1 R2 10/8 R3 10.1/16 R4 20/8 R5 30/8 R6.. R2 s IP routing table 10.1.1.1 && FF.0.0.0 vs. 20.0.0.0 && FF.0.0.0 R4 Does not match! 10.1/16 announced from here
IP route lookup: Longest match routing Based on destination IP address Packet: Destination IP address: 10.1.1.1 R3 10/8 announced from here R1 R2 10/8 R3 10.1/16 R4 20/8 R5 10.1.1.1 && FF.0.0.0 30/8 R6 vs... 30.0.0.0 && FF.0.0.0 R2 s IP routing table R4 Does not match! 10.1/16 announced from here
IP route lookup: Longest match routing Based on destination IP address Packet: Destination IP address: 10.1.1.1 R3 10/8 announced from here R1 10/8 R3 10.1/16 R4 20/8 R5 30/8 R6.. R2 s IP routing table R2 Longest match, 16 bit netmask R4 10.1/16 announced from here
FYI: Cisco IOS Default Administrative Distances Route Source Default Distance Connected Interface 0 Static Route 1 Enhanced IGRP Summary Route 5 External BGP 20 Internal Enhanced IGRP 90 IGRP 100 OSPF 110 IS-IS 115 RIP 120 EGP 140 External Enhanced IGRP 170 Internal BGP 200 Unknown 255
Questions?
The Internet Routing Registry (IRR) 81
What is a Routing Registry? A repository (database) of Internet routing policy information Autonomous Systems exchanges routing information via BGP Exterior routing decisions are based on policy based rules However BGP does not provides a mechanism to publish/ communicate the policies themselves RR provides this functionality Routing policy information is expressed in a series of objects Stability and consistency of routing Network operators share information
What is a Routing Registry? RIPE ARIN, ArcStar, FGC, Verio, Bconnex, Optus, Telstra,... RADB CW APNIC Connect IRR = APNIC RR + RIPE DB + RADB + C&W + ARIN +
What is Routing Policy? Description of the routing relationship between autonomous systems Who are my BGP peers? Customer, peers, upstream What routes are: Originated by each neighbour? Imported from each neighbour? Exported to each neighbour? Preferred when multiple routes exist? What to do if no route exists? What routes to aggregate?
Representation of Routing Policy AS1 AS2 NET1 NET2 In order for traffic to flow from NET2 to NET1 between AS1 and AS2: AS1 has to announce NET1 to AS2 via BGP And AS2 has to accept this information and use it Resulting in packet flow from NET2 to NET1
Representation of Routing Policy AS1 AS2 NET1 NET2 In order for traffic to flow towards from NET1 to NET2: AS2 must announce NET2 to AS1 And AS1 has to accept this information and use it Resulting in packet flow from NET 1 to NET2
RPSL Routing Policy Specification Language Object oriented language Based on RIPE-181 Structured whois objects Higher level of abstraction than access lists RFC 2622 RFC 2725 Describes things interesting to routing policy: Routes, AS Numbers Relationships between BGP peers Management responsibility RFC 2650
Routing Policy Examples Basic concept AS 1 AS 2 action pref the lower the value, the preferred the route aut-num: AS1 import: from AS2 action pref= 100; accept AS2 export: to AS2 announce AS1 aut-num: AS2 import: from AS1 action pref=100; accept AS1 export: to AS1 announce AS2
Routing Policy Examples AS 123 AS4 AS5 AS5 More complex example: AS10 AS4 gives transit to AS5, AS10 AS4 gives local routes to AS123
Routing Policy Examples AS 123 AS4 AS5 AS5 aut-num: AS4 import: from AS123 action pref=100; accept AS123 import: from AS5 action pref=100; accept AS5 import: from AS10 action pref=100; accept AS10 export: to AS123 announce AS4 export: to AS5 announce AS4 AS10 export: to AS10 announce AS4 AS5 Not a path AS10
Routing Policy Examples AS123 transit traffic over link2 AS4 AS6 link3 private link1 More complex example AS4 and AS6 private link1 AS4 and AS123 main transit link2 backup all traffic over link1 and link3 in event of link2 failure
Routing Policy Examples AS123 transit traffic over link2 AS4 AS representation AS6 link3 private link1 aut-num: AS4 import: from AS123 action pref=100; accept ANY Full routing received import: from AS6 action pref=50; accept AS6 High preference for AS6 import: from AS6 action pref=200; accept ANY export: to AS6 announce AS4 Lower preference for backup route export: to AS123 announce AS4
Inter-related IRR Objects aut-num: AS1 tech-c: mnt-by: KX17-AP MAINT-EX route: origin: 202.0.16.0/24 AS1 mnt-by: MAINT-EX inetnum: 202.0.16.0-202.0.16.255 tech-c: KX17-AP mnt-by: MAINT-EX person: nic-hdl: KX17-AP mntner: MAINT-EX
Hierarchical Authorisation mnt-routes authenticates creation of route objects creation of route objects must pass authentication of mntner referenced in the mntroutes attribute Format: mnt-routes: <mntner> In: inetnum aut-num route
Authorisation Mechanism inetnum: 202.137.181.0 202.137.196.255 netname: SPARKYNET-TC descr: SparkyNet Service Provider mnt-by: APNIC-HM mnt-lower: MAINT-SPARKYNET1-TC mnt-routes: MAINT-SPARKYNET2-TC This object can only be modified by APNIC Creation of more specific objects (assignments) within this range has to pass the authentication of MAINT-SPARKYNET Creation of route objects matching/within this range has to pass the authentication of MAINT-SPARKYNET-WF
Creating Route Objects Multiple authentication checks: Originating ASN mntner in the mnt-routes is checked If no mnt-routes, mnt-lower is checked If no mnt-lower, mnt-by is checked AND the address space Exact match & less specific route mnt-routes etc Exact match & less specific inetnum mnt-routes etc AND the route object mntner itself The mntner in the mnt-by attribute aut-num inetnum route route
Creating Route Objects 4 route route: 202.137.240/20 origin: AS1 1 2 IP address range inetnum: 202.137.240.0 202.137.255.255 mnt-routes: MAINT-WF-EXNET AS number aut-num: AS1 mnt-routes: MAINT-WF-EXNET 5 maintainer mntner: MAINT-WF-EXNET auth: CRYPT-PW klsdfji9234 3 1. Create route object and submit to APNIC RR database 2. DB checks aut-num obj corresponding to the ASN in route obj 3. Route obj creation must pass auth of mntner specified in aut-num mnt-routes attribute. 4. DB checks inetnum obj matching/encompassing IP range in route obj 5. Route obj creation must pass auth of mntner specified in inetnum mnt-routes attribute.
Using Routing Registry
IRRToolSet Set of tools developed for using the Internet Routing Registry (IRR) Work with Internet routing policies These policies are stored in IRR in the Routing Policy Specification Language (RPSL) The goal of the IRRToolSet is to make routing information more convenient and useful for network engineers Tools for automated router configuration, Routing policy analysis On-going maintenance etc.
Use of RPSL RtConfig RtConfig part of IRRToolSet Reads policy from IRR (aut-num, route & -set objects) and generates router configuration vendor specific: Cisco, Bay's BCC, Juniper's Junos and Gated/RSd Creates route-map and AS path filters Can also create ingress / egress filters
Why use IRR and RtConfig? Benefits of RtConfig Avoid filter errors (typos) Expertise encoded in the tools that generate the policy rather than engineer configuring peering session Filters consistent with documented policy (need to get policy correct though)
Using the Routing Registry Define your routing policy Enter policy in IRR Run RtConfig Apply config to routers router Costs config Upstream Upstream no access-list Requires 101 some initial access-list 101 permit ip 10.4.200.0 0.0.4.0 routing 255.255.252.0 0.0.0.0 access-list 101 permit ip 10.4.208.0 0.0.0.0 255.255.252.0 0.0.0.0 access-list 101 permit ip 10.20.0.0 0.0.0.0 255.255.255.0 0.0.0.0 access-list planning 101 permit ip 10.187.65.0 0.0.0.0 255.255.255.0 policy 0.0.0.0 access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255! no route-map AS3001-EXPORT! Takes some time to route-map AS3001-EXPORT permit 1 match ip address 101! peer AS1 router define bgp 4003 & register policy neighbor 10.3.15.4 route-map AS3001-EXPORT out cust cust IRR Need to maintain data in cust cust RR peer Benefits router config You have a clear idea routing of no access-list 101 policy IRR access-list 101 permit ip 10.4.200.0 0.0.4.0 255.255.252.0 0.0.0.0 your routing access-list 101 permit ip 10.4.208.0 policy 0.0.0.0 255.255.252.0 0.0.0.0 access-list 101 permit ip 10.20.0.0 0.0.0.0 255.255.255.0 0.0.0.0 access-list 101 permit ip 10.187.65.0 0.0.0.0 255.255.255.0 0.0.0.0 access-list 101 deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255 RtConfig! Consistent no route-map AS3001-EXPORT config over! route-map AS3001-EXPORT permit 1 match ip address 101 the whole! network router bgp 4003 neighbor 10.3.15.4 route-map AS3001-EXPORT out Less manual maintenance in the long run
APNIC RR integrated in Whois DB Facilitates network troubleshooting Registration of routing policies Generation of router configurations Provides global view of routing
Questions?
IPv6 Overview 105
IPv6 Addressing An IPv6 address is 128 bits long So the number of addresses are 2^128 = 340282366920938463463374607431768211455 In hex, 4 bits (also called a nibble ) is represented by a hex digit 2001:DC0:A910:: nibbles 1010 1001 0001 0000
IPv6 Address Representation RFC 5952 Hexadecimal values of eight 16 bit fields X:X:X:X:X:X:X:X (X=16 bit number, ex: A2FE) 16 bit number is converted to a 4 digit hexadecimal number Case insensitive Example: FE38:DCE3:124C:C1A2:BA03:6735:EF1C:683D Abbreviated form of address FE80:0023:0000:0000:0000:036E:1250:2B00 FE80:23:0:0:0:36E:1250:2B00 FE80:23::36E:1250:2B00 (Null value can be used only once) Leading zeroes Groups of zeroes Double colons
IPv6 Address Representation (2) Double colons (::) representation RFC5952 recommends that the rightmost set of :0: be replaced with :: for consistency 2001:db8:0:2f::5 rather than 2001:db8::2f:0:0:0:5 In a URL, it is enclosed in brackets (RFC3986) http://[2001:db8:4f3a::206:ae14]:8080/index.html Cumbersome for users, mostly for diagnostic purposes Use fully qualified domain names (FQDN) Prefix Representation Representation of prefix is just like IPv4 CIDR In this representation, you attach the prefix length IPv6 address is represented as: 2001:db8:12::/40
IPv6 Addressing 2001:0DB8:DEAD:BEEF:1AB6:503F:A804:71D9 0010 0000 0000 0001 0000 1101 1011 1000 1101 1110 1010 1101 1011 1110 1110 1111 0001 1010 1011 0110 1001 0000 0011 1111 1010 1000 0000 0100 0111 0001 1101 1001 128 bits is reduced down to 32 hex digits
Exercise 1. 2001:0db8:0000:0000:0000:0000:0000:0000 2. 2001:0db8:0000:0000:d170:0000:1000:0ba8 3. 2001:0db8:0000:0000:00a0:0000:0000:10bc 4. 2001:0db8:0fc5:007b:ab70:0210:0000:00bb
Unicast address Address given to interface for communication between host and router Global unicast address currently delegated by IANA 001 FP Global routing prefix Subnet ID Interface ID 3bits 45 bits 16 bits 64 bits Local use unicast address Link-local address (starting with FE80::) 1111111010 000.0000 Interface ID 10 bits 54 bits 64 bits
Global Addresses With Network Prefix IPV6 Global Unicast Address Global Unicast Range: 0010 2000::/3 0011 3000::/3 All five RIRs are given a /12 from the /3 to further distribute within the RIR region APNIC 2400:0000::/12 ARIN 2600:0000::/12 AfriNIC 2C00:0000::/12 LACNIC 2800:0000::/12 Ripe NCC 2A00:0000::/12 112
Global Addresses With Network Prefix 6to4 Addresses 2002::/16 Designed for a special tunneling mechanism [RFC 3056] to connect IPv6 Domains via IPv4 Clouds Automatic tunnel transition Mechanisms for IPv6 Hosts and Routers Need 6to4 relay routers in ISP network
Local Addresses With Network Prefix Link Local Address A special address used to communicate within the local link of an interface (i.e. anyone on the link as host or router) The address in the packet destination would never pass through a router (local scope) Mandatory address - automatically assigned as soon as IPv6 is enabled fe80::/10
Local Addresses With Network Prefix 128 Bits Remaining 54 Bits Interface ID 1111 1110 10 FE80::/10 10 Bits Remaining 54 bits could be Zero or any manual configured value
Examples and Documentation Prefix Two address ranges are reserved for examples and documentation purpose by RFC 3849 For example 3fff:ffff::/32 For documentation 2001:0DB8::/32 116
Special addresses The unspecified address A value of 0:0:0:0:0:0:0:0 (::) It is comparable to 0.0.0.0 in IPv4 The loopback address It is represented as 0:0:0:0:0:0:0:1 (::1) Similar to 127.0.0.1 in IPv4
Interface ID The lowest-order 64-bit field addresses may be assigned in several different ways: auto-configured from a 48-bit MAC address expanded into a 64-bit EUI-64 assigned via DHCP manually configured auto-generated pseudo-random number possibly other methods in the future
EUI-64 Mac Address 0 0 2 6 B 0 E 5 8 3 3 C EUI-64 Address 0 0 2 6 B 0 E 5 8 3 3 C 0 0 0 0 0 0 0 0 U/L bit F F F E 0 0 0 0 0 0 1 0 Interface Identifier 0 2 2 6 B 0 F F F E E 5 8 3 3 C
Initial IPv6 Allocation To qualify for an initial allocation of IPv6 address space, an organization must: Not be an end site (must provide downstream services) Plan to provide IPv6 connectivity to organizations to which it will make assignments Meet one of the two following criteria: Have a plan for making at least 200 assignments to other organizations within two years OR Be an existing ISP with IPv4 allocations from an APNIC or an NIR, which will make IPv6 assignments or sub-allocations to other organizations and announce the allocation in the inter-domain routing system within two years
One Click IPv6 Policy Members with IPv4 holdings can click the button in MyAPNIC to instantly receive their IPv6 block No forms to fill out! Get your IPv6 addresses icon in the main landing page at MyAPNIC A Member that has an IPv4 allocation is eligible for a /32 A Member that has an IPv4 assignment is eligible for a /48
IPv6 addressing structure 128 bits 1 64 65 Network Prefix Interface ID 128 32 16 16 64 ISP /32 Customer Site /48 End Site Subnet /64 Device 128 Bit Address
IPv6 Assignment Policy Assignment address space size Minimum of /64 (only 1 subnet), Normal maximum of /48, Larger end-site assignment can be justified In typical deployments today Several ISPs gives small customers a /56 or a /60 and Single LAN end sites a /64, e.g., /64 if end-site will ever only be a LAN /60 for small end-sites (e.g. consumer) /56 for medium end-sites (e.g. small business) /48 for large end-sites Assignment of multiple /48s to a single end site Documentation must be provided Will be reviewed at the RIR/NIR level Assignment to operator s infrastructure /48 per PoP as the service infrastructure of an IPv6 service operator
Subnetting Network engineers must have a solid understanding of subnetting Important for address planning IPv6 subnetting is similar (if not exactly the same) as IPv4 subnetting Note that you are working on hexadecimal digits rather than binary 0 in hex = 0000 in binary 1 in hex = 0001 in binary
Subnetting (Example) Provider A has been allocated an IPv6 block 2001:DB8::/32 Provider A will delegate /48 blocks to its customers Find the blocks provided to the first 4 customers
Subnetting (Example) Original block: Rewrite as a /48 block: 2001:0DB8::/32 2001:0DB8:0000:/48 This is your network prefix! How many /48 blocks are there in a /32? /32 /48 = 2128 32 2 Find only the first 4 /48 blocks 2 296 = = 216 128 48 80
Subnetting (Example) 2001:0DB8:0000::/48 Start by manipulating the LSB of your network prefix write in BITS In bits 2001:0DB8: 0000 0000 0000 0000 ::/48 2001:0DB8: 0000 0000 0000 0001 ::/48 2001:0DB8: 0000 0000 0000 0010 ::/48 2001:0DB8: 0000 0000 0000 0011 ::/48 2001:0DB8:0000::/48 2001:0DB8:0001::/48 2001:0DB8:0002::/48 2001:0DB8:0003::/48 Then write back into hex digits
Exercise 1.1: IPv6 subnetting Identify the first four /64 address blocks out of 2001:DB8:0::/48 1. 2. 3. 4.
Exercise 1.2: IPv6 subnetting Identify the first four /36 address blocks out of 2406:6400::/32 1. 2. 3. 4.
Exercise 1.3: IPv6 subnetting Identify the first six /35 address blocks out of 2406:6400::/32 1. 2. 3. 4. 5. 6.
Configuration of IPv6 Nodes There are 3 ways to configure IPv6 address on an IPv6 node: Static address configuration DHCPv6 assigned node address Autoconfiguration (New feature in IPv6)
Configuration of IPv6 Nodes Stateless mechanism For a site not concerned with the exact addresses No manual configuration required Minimal configuration of routers No additional servers Stateful mechanism For a site that requires tighter control over exact address assignments Needs a DHCPv6 server
IPv6 Autoconfiguration RFC 4862 IPv6 Stateless Address Autoconfiguration (SLACC) Allow a host to obtain or create unique addresses for its interface/s Manual configuration should not be required Even if no servers/routers exist to assign an IP address to a device, the device can still auto-generate an IP address Small sites should not require DHCPv6 server to communicate Plug and play Allows interfaces on the same link to communicate with each other Facilitate the renumbering of a site s machines
Interface ID The lowest-order 64-bit field addresses May be assigned in several different ways: auto-configured from a 48-bit MAC address expanded into a 64-bit EUI-64 assigned via DHCP manually configured auto-generated pseudo-random number possibly other methods in the future
EUI-64 Mac Address 3 4 5 6 7 8 9 A B C D E EUI-64 Address 3 4 5 6 7 8 9 A B C D E 0 0 1 1 0 1 0 0 U/L bit F F F E 0 0 1 1 0 1 1 0 Interface Identifier 36 5 6 7 8 F F F E 9 A B C D E EUI-64 address is formed by inserting FFFE and OR ing a bit identifying the uniqueness of the MAC address
IPv6 Addressing Examples LAN: 2001:db8:213:1::/64 Ethernet0 interface Ethernet0 ipv6 address 2001:db8:213:1::/64 eui-64 MAC address: 0060.3e47.1530 router# show ipv6 interface Ethernet0 Ethernet0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::260:3EFF:FE47:1530 Global unicast address(es): 2001:db8:213:1:260:3EFF:FE47:1530, subnet is 2001:db8:213:1::/64 Joined group address(es): FF02::1:FF47:1530 FF02::1 FF02::2 MTU is 1500 bytes
Questions?