Internet Networking
Spring 2003
Tutorial 5
Safe “Peering Backup” Routing
With BGP
Based on:
http://www.ieee-infocom.org/2001/paper/573.ps
http://www.research.att.com/~jrex/papers/sigmetrics00.ps
1
BGP - Background
•Inter-AS routing protocol.
•The routers have no global knowledge of
the topology
•Each router knows its neighbors
•The router chooses a path according to
local policies.
•The router advertises paths it chose to
the neighbors
2
Safe System
We call a collection of routing policies safe if they
can never lead to routing divergence.
Example: Unsafe system
Paths to AS0:
(AS1,AS2,AS0)
AS1
(AS1,AS0)
(AS2,AS1,AS0)
(AS2,AS0)
AS0 - dest
AS2
AS1’s policy: prefer routing through AS2.
AS2’s policy: prefer routing through AS1.
3
Global Coordination – Why Not?
•Many ASes may be unwilling to reveal their
local policies to others
•Statically checking for convergence properties
is NP-complete problem
•Even if convergence insured for certain
topology, BGP might not converge after
router/link failures or policy change
4
Why Not “Shortest Path Routing”?
•This may contradict local policy (i.e. the case where an
AS wants to route through its provider even if the route is
not attractive in terms of its length).
•For example, there is a possibility that a router will
prefer provider path over customer path – against its
financial incentive.
5
Relationships Between AS
•Customer – Provider (transit) relation – the
customer pays to the provider for traffic on the
link.
An AS will export to its providers paths it learned
from its customers.
An AS will export to its customer paths it learned
from providers,customers and peers
•Peer-to-peer (peering) relation – the link is
intended for traffic between two neighbors and
their customers.
An AS will export to its peers paths it learned
from its customers only.
6
AS Graph - Example
The export policies should prohibit the use
of some of the paths:
• for example paths (6,0,3), (4,2,0) and (2,0,1)
6
5
3
Peer-to-peer
1
0
2
Possible Paths from 0 to 2: (0,2), (0,3,2), (0,3,4,2),
(0,3,5,4,2), (0,6,5,3,2), (0,6,5,4,2)
4
7
AS Graph Properties
Let us consider an AS graph and define the following properties:
•An AS graph is said to be an acyclic provider-customer
digraph if the directed graph induced by provider–customer
relations is acyclic.
•Example: if we added a provider-customer edge {0,5} in
the previous graph, we would create a cycle.
•An AS graph is said to have no-valley if it traverses a
provider-customer edge and then a customer-provider edge.
•Example: paths (3,2,4), (6,1,0,3) – have a valley
path (3,5,4) – has no valley
8
AS Graph Properties (cont.)
An AS graph is said to have no step if:
(a) there is no peer-to-peer edge followed by peer-to-peer
edge
-Example: path (2,0,1)
(b) there is no peer-to-peer edge followed by customerprovider edge
-Example: path (2,0,6)
(c) there is no provider-customer edge followed by
peer-to-peer edge.
-Example: path (3,0,1)
9
Export Policy
The following table indicates whether or not AS announces
a route to its neighbor depending on its relationship to the
AS that send the route:
To
From
customer
peer
provider
customer
Y
Y
Y
peer
Y
N
N
provider
Y
N
N
These export rules ensure that no permitted path will have a
step or a valley.
10
The Safety Theorem
• Guideline: If for AS1 next hop of path P1 belongs
to AS1’s customers, and next hop of path P2
belongs to AS1’s providers or peers, then AS1
should prefer P1 over P2.
– Why does this Guideline make sense?
• Theorem: Consider a BGP system where (a) there
are only transit and peering relations, (b) all ASs
follow the above Guideline (c) there is no
provider-customer cycle (d) there is no valley (e)
there is no step , then this BGP system is safe.
11
The concept of “Peering Backup”
• “Peering Backup” is a new relation (agreement) between
neighboring ASs AS-1 and AS-2 (recall that we have
considered in the past only “peering” and “transit”)
• The idea is that if the connectivity of AS-1 through its
provider is lost, then AS-1 is allowed to send packets
through AS-2 even if they are not destined for AS-2
siblings, and vice versa.
• More formally, we permit a path that includes a step. Since
such a paths should be used only in the case of failure, it
will always have lower preference than a primary path.
AS-0
AS-1
AS-2
12
Paths categories
w
Provider-customer, peer-peer
P
u
v
P
v
Peer-peer, customer-provider
w
u
P
w
u
v
P
w
v
u
Peer-peer, peer-peer
“backup provider” (as discussed in the lecture) –
there is no need to indicate such a path as
“backup” when it is exported because all the
paths exported by the backup provider are used
only if there is no alternative through the main
13
provider.
Export Policies for supporting the
“peering backup” concept:
From
To
customer
peer
provider
customer
Y
Y
peer
Y
Y(backup) Y(backup)
provider
Y
Y(backup)
3
2
Y
N
1
0
•For example, AS-1 exports to AS-2 routes it receives from AS-0. However, it
must mark these routes as “backup”.
•“backup” means that AS-2 can use them only if it has no other option.
•This is in contrast to the routes published by the “backup transit”.
•That routes do not have to be marked as “backup”
•The new policy can form valley paths. E.g. 2-0-1-3
•To avoid this, paths received from a provider should be marked not only as a
backup, but using an additional flag, and AS that gets such a marked path
should never export it to its provider.
14
Backup Path - Example
In this graph, paths (5,3,4,2) or (1,0,2,4) are legal
backup paths, but (3,0,6) is not legal in any case.
6
5
3
backup peering
4
backup
1
peering
0
backup peering
2
15
Backup Path (cont.)
5
6
3
backup
peering
4
backup
1 peering 0 backup
2
peering
• Example of the propagation of an announcement of a backup path:
• AS0 sends path (0,1) to AS6, but the path is not accepted (and
therefore is not propagated further) while link (6,1) is up.
• When link (6,1) is broken, AS6 accepts the backup path (6,0,1) and
announces it to AS5.
16
A problem with Backup Path selection
If a node doesn’t rank the various backup paths it has,
loops can be created.
For example:
(3,2,1,0)
(2,3,1,0)
2
3
0
1
(1,0)
•Suppose that AS3’s policy is: prefer routing through AS2.
•Suppose that AS2’s policy is: prefer routing through AS3.
•Consequently, we get routing divergence
17
Solution 1:
Ranking Among Backup Paths
•Simplest policy: ranks backup paths based on the path “length”
(number of ASs). This policy ensures that the system is safe, but it is
very restrictive since it can prefer a provider path with two steps over
customer path with one step.
v
u
•Note: giving a priority to customer-based routes, as we may do when
regular (non-backup) paths are used, might result in an unsafe
system.
18
Solution2:
Ranking Among Backup Paths
•Paths with smaller number of steps should be preferred.
•Among paths with the same number of steps customer
paths should be preferred.
•Among customer paths with the same number of steps
the shorter one should be preferred
This policy is consistent with the commercial relationships
between nodes and also ensures that the system is
inherently safe.(i.e. safe under any failures)
v
u
19
Implementation of Solution2:
Avoidance Level
•In order to implement the policy we associated a new attribute,
called avoidance level, to each path.
•For each step edge the avoidance level of the path should be
increased.
•Each router may increase the avoidance level by different value
– it just should be positive.
•Avoidance level may be increased when adding any edge, not
only a step.
•The path with lower avoidance level should be preferred.
20
Increasing Avoidance Level
•The following table indicates when the
avoidance level attribute should be increased.
•R indicates that it is required to increase it.
From
•O indicates that it is optional:
To
customer
peer
provider
customer
O
O
O
peer
O
R
R
provider
O
R
•Optional entries allow for very flexible backup
routing and load balancing.
21
Implementing the Policy With BGP
One of the attributes included in route
announcement is c_set – set of community
values. We assume that each AS w has
defined the following set of community values:
•(w:bu:l) - tag for backup route of avoidance
level l.
•(w:up) – tag for upstream routes (used
between peers)
22