Advanced Computer Networks

CS ZG525/ CSI ZG525/ ES ZG526/ SS ZG525

Prof. ANIMESH GIRI

BITS Pilani
Pilani Campus [email protected]
Advanced Computer Networks
CS ZG525/ CSI ZG525/ ES ZG526/ SS ZG525
Module 4

Lead Instructor: Prof. ANIMESH GIRI ([email protected])

 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

Introduction to Routing Protocols

I n th i s s e g m e n t
• Routing algorithms – Link State and Distance Vector
• Inter-domain vs intra-domain routing in the Internet
• BGP as an inter-domain routing protocol
F o rwa rd i n g v s Ro u t i n g
• Forwarding: Data plane
– Transfer of a packet from an incoming link to an outgoing link within a single router
– Individual router uses its forwarding table
– A router’s input ports, output ports, and switch fabric together implement the forwarding
function
– Always implemented in hardware
• Routing: Control plane
– Computing the paths the packets will follow
– Routers talk amongst themselves, using routing protocols
– Control plane functions - executing the routing protocols, responding to attached links
that go up or down, and performing management functions
Role of Routing
• IP network – datagram based
• Administrative aspects – autonomous systems
• Two types of routing protocols:
– Interdomain routing
– Intradomain routing
• Routing algorithms
– Link state
– Distance Vector
L i n k S t at e Ro u t i n g Al g o r i t h m
• Link State
– Each router describes itself and its interfaces to its directly connected routers
– Each node broadcasts link-state packets to all other nodes in the network
– Every router knows about every other router, its interfaces and the networks they
connect to – has a complete view of the network
– Dijkstra’s algorithm computes the least-cost path from one node to all other nodes in the
network
– All nodes have an identical and complete view of the network
Di s t a n c e Ve c t o r Ro u t i n g Al g o r i t h m
• Distance Vector
– Each router sends its neighbours a list of all known networks along with its own distance
to each one of these networks
– It is distributed - each node receives some information from one or more of its directly
attached neighbours, performs a calculation, and then distributes the results of its
calculation back to its neighbours
– It is iterative - this process continues on until no more information is exchanged between
neighbours
– Does not advertise the entire network topology
L i n k S t at e - E x a m p l e
How R1 sees the network

Example Network

How R4 sees the network

Di s t a n c e Ve c t o r - E x a m p l e
How R1 sees the network

Example Network

How R4 sees the network

I n te r n e t Ro u t i n g P ro t o c o l s

Property Link State Distance Vector Path Vector

Flood link state Update distances Update paths
Information advertisements to from neighbors’ based on
Dissemination all routers distances neighbors’ paths
Dijsktra’s shortest Bellman-Ford Local policy to
Algorithm path shortest path rank paths
Fast due to Slow, due to count- Slow, due to path
Convergence flooding to-infinity exploration
Protocols OSPF, IS-IS RIP, EIGRP BGP
I n te rd o m a i n v s I n t r a d o m a i n Ro u t i n g i n t h e I n t e r n e t
• Intradomain routing
– Routing within an AS
– Routers are managed by a single administrative entity
– OSPF and IS-IS: link-state routing protocols
– RIP and EIGRP: distance-vector routing protocols
• Interdomain routing: Between ASes
– Routing policies based on business agreements/relationships
– BGP: policy-based, path-vector routing protocol
I n te r c o n n e c t i o n o f I S P s

• Access ISP
• Can provide wired/wireless
connectivity; DSL, cable,
DOCSIS, Wi-Fi, cellular etc
• Can also be a university or a
company
• Access ISPs connect to
regional ISPs
• Regional ISPs connect to tier-1 ISPs
• ~12 tier-1 ISPs -AT&T, Sprint, NTT etc.
• Access ISPs pay the regional ISPs, regional ISPs pay the tier-1 ISPs

Source: Computer Networking – A Top Down Approach, Kurose & Ross

I n te r -Do m a i n Ro u t i n g i n t h e I n t e r n e t
• Do we choose link state or distance vector?
• Considerations
– Scalability
– Stability
– Creation of routing loops
– How fast the protocols react to change

• Distance Vector with Path

– Each routing update carries the entire path
– When AS gets a route, check if AS already in path
• If yes, discard route
• If no, add self and advertise route further
BGP - 4
• Border Gateway Protocol
• Policy-based routing protocol
• Relatively simple protocol, but configuration is complex

References:
• 1989 : BGP-1 [RFC 1105]
– Replacement for EGP (1984, RFC 904)
• 1990 : BGP-2 [RFC 1163]
• 1991 : BGP-3 [RFC 1267]
• 1995 : BGP-4 [RFC 1771]
• 2006: BGP-4 [RFC 4271]
– Support for Classless Interdomain Routing (CIDR) , Route Aggregation

– 2007: MP BGP [RFC 4760]

Su m m a ry
• Routing algorithms – Link State and Distance Vector
• Inter-domain vs intra-domain routing in the Internet
• BGP as an inter-domain routing protocol
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

BGP Overview
I n th i s s e g m e n t
• Terms used in BGP
• BGP operation and messages
• BGP features
• BGP attributes
BGP - 4
• Border Gateway Protocol
• Policy-based routing protocol
• Relatively simple protocol, but configuration is complex

References:
• 1989 : BGP-1 [RFC 1105]
– Replacement for EGP (1984, RFC 904)
• 1990 : BGP-2 [RFC 1163]
• 1991 : BGP-3 [RFC 1267]
• 1995 : BGP-4 [RFC 1771]
• 2006: BGP-4 [RFC 4271]
– Support for Classless Interdomain Routing (CIDR) , Route Aggregation

– 2007: MP BGP [RFC 4760]

BGP - 4
Terms:
• BGP Session
• BGP Peer
• eBGP
• iBGP
• BGP Prefix
• BGP attributes
• Route = Prefix + Attributes

• AS3 sends AS1 the list of prefixes that are reachable from AS3
• AS1 sends AS3 the list of prefixes that are reachable from AS1
• Similarly, AS1 and AS2 exchange prefix reachability information through their gateway
routers 1b and 2a
• When a gateway router receives eBGP-learned prefixes, the gateway router uses its iBGP
sessions to distribute the prefixes to the other routers in the AS
• Thus, all the routers in AS1 learn about AS3 prefixes, including the gateway router 1b
• The gateway router 1b (in AS1) can therefore re-advertise AS3’s prefixes to AS2
BGP Op e ra t i o n a n d Me s s a g e s
• Open : Establish a peering session
Establish session on
TCP port 179
• Keep Alive : Handshake at regular
intervals

• Notification : Shuts down a peering

session Exchange
active routes
• Update : Announcing new routes or
withdrawing previously announced
routes
– Announcement: Prefix + Attribute
Exchange incremental
values
updates
BGP Me s s a g e s – Op e n Me s s a g e
BGP Me s s a g e s – No t i f i c a t i o n Me s s a g e
BGP – F e a t u r e s
• Advertises to neighbors only those routes that it uses
• No need for periodic refresh - routes are valid until withdrawn, or the connection
is lost
• Incremental updates are possible
• Provides capability for enforcing various policies
• Enforces policies by choosing paths from multiple alternatives and controlling
advertisement to other AS’s
• Import policy
– What to do with routes learned from neighbors?
• Export policy
– What routes to announce to neighbors?
– Depends on relationship with neighbors
BGP Ro u t i n g P r o c e s s
BGP At tri b u t e s
• BGP Attributes
– Origin
– AS-Path
– Local Preference
– Next hop
– MED (Multi Exit Discriminator)
Su m m a ry
• Overview of BGP
– Terms used in BGP
– BGP operation and messages
– BGP features
– BGP attributes
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

BGP Attributes - 1
I n th i s s e g m e n t
• A brief look at some of the BGP attributes
BGP At tri b u t e s
• BGP Attributes
– Origin
– AS-Path
– Local Preference
– Next hop
– Attributes related to route aggregation
• Carried by BGP Update messages
Ori g i n
• Generated by the speaker that originates the associated routing information
– IGP – NLRI is interior to the originating AS
– EGP - NLRI is learnt via the EGP protocol
– INCOMPLETE – NLRI is learnt via some other means
AS_ PAT H
• List of traversed AS’s
through which the routing
information carried in the
AS 200 AS 100
150.20.0.0/16 160.30.0.0/16
UPDATE message has
passed
• Useful for loop checking and
for path-based route
selection AS 300
• Represented as
AS_SEQUENCE or
AS_SET
AS 400 160.30.0.0/16 300 200 100
150.20.0.0/16 300 200
AS_ PAT H
L OCAL _ P RE F
• Represents the advertising
speaker's degree of
preference for an advertised
route
• Higher degree of preference is
preferred
• Calculates the degree of
preference for each external
route based on the locally
configured policy
Ex a m p l e : L o c a l P r e f e re n c e
RTC#
router bgp 256
neighbor 1.1.1.1 remote-as 100
neighbor 128.213.11.2 remote-as 256
bgp default local-preference 150

RTD#
router bgp 256
neighbor 3.3.3.4 remote-as 300
neighbor 128.213.11.1 remote-as 256
bgp default local-preference 200

What happens in the above case?

NEX T _ HOP
• IP address of the router that should be used as the next hop to the destinations
listed in the UPDATE message
– IP address of the neighbor that announces the route
• The NEXT-HOP is the router interface that begins the AS-PATH
• Used by routers to properly configure their forwarding tables
NEX T _ HOP
Ro u t e Ag g r e g a t i o n
• Consolidates multiple routes into a
single route
• Helps in minimizing routing table
entries in the routing table
• Reduces the no: of route
advertisements but makes the
route less specific

10.1.0.0 – 00001010 00000001 00000000 00000000

10.1.1.0 – 00001010 00000001 00000001 00000000
…
10.1.15.0 – 00001010 00000001 00001111 00000000
ATOMI C_ AGGRE GAT E
• ATOMIC_AGGREGATE indicates that a less specific route rather than a more
specific route
• When a BGP speaker aggregates several routes for the purpose of
advertisement to a particular peer, the AS_PATH of the aggregated route
normally includes an AS_SET formed from the set of ASes from which the
aggregate was formed.
ATOMI C_ AGGRE GAT E
AGGRE GATOR
• Contains the last AS number that formed the aggregate route, followed by the IP
address of the BGP speaker that formed the aggregate route
• Example:
– Aggregator AS: 300, Aggregator origin: 4.4.4.1
BGP Me s s a g e s – Up d a t e Me s s a g e
BGP Me s s a g e s – Wi t h d ra wn Ro u t e s
Su m m a ry
• BGP Attributes
– Origin
– AS-Path
– Local Preference
– Next hop
– Attributes related to route aggregation
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

BGP Attributes - 2
I n th i s s e g m e n t
• BGP Attributes
– NLRI
– MED (Multi Exit Discriminator)
Ne two r k L a y e r Re a c h a b i l i t y I n f o rm a t i o n
• Contains a list of IP address prefixes and prefix lengths
• Prefixes could be advertised or withdrawn
• Example: 172.16.0.0/21, 10.10.1.0/24
Mu l t i - E x i t Di s c r i m i n a t o r
• Used by an ISPs to control the traffic being received by it’s peering points with
other ISPs
• Used when two AS connect to each other in more than one place
• All other factors being equal, exit point with lower MED is preferred
Mu l t i - E x i t Di s c r i m i n a t o r

Assume: R2 router ID is configured as 2.2.2.2 and the R3 router ID is 3.3.3.3

 Mu l t i - E x i t Di s c r i m i n a t o r

access-list 1 permit 10.4.0.0 0.0.255.255

access-list 2 permit 10.5.0.0 0.0.255.255
!
route-map setMED-R3 permit 10
match ip address 1
set metric 200
!
route-map setMED-R3 permit 20
match ip address 2
set metric 100
!--- The route-map MED-R3 is applying a MED of 200 to the 10.4.0.0/16
!--- network and a MED of 100 to the 10.5.0.0/16 network.
!--- The route-map is being applied outbound towards R3.
router bgp 65502 !
no synchronization route-map setMED-R2 permit 10
bgp log-neighbor-changes match ip address 1
network 10.4.0.0 mask 255.255.0.0 set metric 100
network 10.5.0.0 mask 255.255.0.0 !
neighbor 192.168.20.2 remote-as 65501 route-map setMED-R2 permit 20
neighbor 192.168.20.2 route-map setMED-R2 out match ip address 2
neighbor 192.168.30.3 remote-as 65501 set metric 200
neighbor 192.168.30.3 route-map setMED-R3 out !--- The route-map MED-R2 is applying a MED of 100 to the 10.4.0.0/16
no auto-summary !--- network and a MED of 200 to the 10.5.0.0/16 network.
! !--- The route-map is being applied outbound towards R2.
L o c a l P re f v s ME D
• Use Local Preference, if there are multiple exit points to a neighbor and want to
control where to direct traffic
– Intra-AS policy

• Use MED, if there are multiple links with a neighbor and want to tell your neighbor
where to send traffic to you
– Inter-AS policy
Su m m a ry
• BGP Attributes
– NLRI
– MED (Multi Exit Discriminator)
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

iBGP vs eBGP
I n th i s s e g m e n t
• Differences between iBGP and eBGP
• BGP decision process
• BGP route selection process
i BGP an d e BGP
• eBGP – When BGP runs between 2 peers in different ASes
• iBGP – When BGP runs between 2 peers in the same AS
• iBGP and eBGP use the same messages
• However, route propagation rules are different:
– New routes learned from an eBGP peer are typically redistributed to all iBGP peers as well as all other eBGP peers
– New routes are learned from an iBGP peer are re-advertised only to eBGP peers
• All iBGP peers inside an AS need to be interconnected in a full mesh
– Issue of scaling

• iBGP sessions preserve the next hop attribute learned from eBGP peers
– There should be an internal route to the next hop, else the BGP route is unreachable
BGP De c i s i o n P r o c e s s
BGP Ro u t e S e l e c t i o n P r o c e s s

Highest Local Preference Enforce relationships

Shortest ASPATH
Lowest MED
Traffic engineering
i-BGP < e-BGP
Lowest IGP cost
to BGP egress
Lowest router ID Throw up hands and
break ties
Source: www.slideplayer.com
Su m m a ry
• Differences between iBGP and eBGP
• BGP decision process
• BGP route selection process
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

Additional BGP Features

I n th i s s e g m e n t
• Route reflectors
• Confederations
• Communities
• Multiprotocol extension
Ad d i ti o n a l BGP F e a t u re s
• Route reflectors
– Addresses scaling problems arising from fully-meshed iBGP networks
– One or more iBGP routers act as concentrators or route reflectors, creating a hierarchy
within an iBGP cluster
– Typically deployed with redundancy
– New attributes: Originator ID, cluster ID
• Confederations
– Another way to reduce iBGP mesh inside an AS
– Divides an AS into multiple sub-ASes; uses a variant of eBGP between sub-ASes and
iBGP within the sub-ASes
– Next-hop is preserved across eBGP sessions between sub-Ases
– New attributes: AS Confederation Set, AS Confederation Sequence
Ro u t e Re f l e c t o rs - E x a m p l e
Co n f e d e r a t i o n – E x a m p l e
• Divides AS500 into 3 sub-AS: AS50, AS60, AS70

RTC#
router bgp 50
bgp confederation identifier 500
bgp confederation peers 60 70
neighbor 128.213.10.1 remote-as 50 (IBGP connection within AS50)
neighbor 128.213.20.1 remote-as 50 (IBGP connection within AS50)
neighbor 129.210.11.1 remote-as 60 (BGP connection with confed peer 60)
neighbor 135.212.14.1 remote-as 70 (BGP connection with confed peer 70)
neighbor 5.5.5.5 remote-as 100 (EBGP connection to external AS100)

RTD#
router bgp 60
bgp confederation identifier 500
bgp confederation peers 50 70
neighbor 129.210.30.2 remote-as 60 (IBGP connection within AS60)
neighbor 128.213.30.1 remote-as 50(BGP connection with confed peer 50)
neighbor 135.212.14.1 remote-as 70 (BGP connection with confed peer 70)
neighbor 6.6.6.6 remote-as 600 (EBGP connection to external AS600)
Ad d i ti o n a l BGP F e a t u re s
• Communities
– Allows controlled distribution of routing information
– Group configuration
– No-export, no-advertise, no-export-subconfd
• Multiprotocol extension
– Extensions for BGP if it were to be used with other address families like IPv6
BGP Ca s e S t u d i e s
• Ref: http://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/
26634-bgp-toc.html
Su m m a ry
• Additional BGP features
– Route reflectors
– Confederations
– Communities
– Multiprotocol extension
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

BGP Policies
I n th i s s e g m e n t
• BGP policies and what they enable
• BGP policy examples
BGP Po l i c i e s
• Route manipulation
• Route redistribution
• Route summarization
• Load balancing
• Traffic engineering
• Mechanisms
– Policies
• Prefer certain AS paths over others
• Prefer one neighbor over another for a prefix
• Make one path look better or worse than another, persuading a router to choose the seemingly
better path
Ex a m p l e - I m p o r t & E x p o r t P o l i c i e s
BGP Po l i c y - E x a m p l e
1) Influencing inbound path selection by
updating the AS_PATH attribute
• Router A advertises 172.17.1.0 to Router B
and Router E
• Which path would Router C take to forward
packets to 172.17.1.0 - [45000, 40000] or
[55000, 60000, 40000]?
• What can be done if the link between AS
45000 and AS 40000 is congested?
• Router A can influence inbound path
selection for the 172.17.1.0 network by
making the route through autonomous
system 45000 appear to be longer than the
path through autonomous system 60000
BGP Po l i c y - E x a m p l e
1) Influencing inbound path selection by updating the AS_PATH attribute
• The outbound BGP updates from Router
…
A to Router B will have their AS_PATH
router bgp 40000
neighbor 192.168.1.2 remote-as 45000
attribute modified to add AS 40000 twice
!
• AS 50000 receives updates about the
address-family ipv4 172.17.1.0 network AS 45000, with the
neighbor 192.168.1.2 activate new AS_PATH as 45000, 40000, 40000,
neighbor 192.168.1.2 route-map PREPEND and 40000
out • This is now longer than the AS-path from
network 172.17.1.0 mask 255.255.255.0 AS 55000 (unchanged at a value of
exit-address-family
55000, 60000, 40000)
!
• Devices in AS 50000 will now prefer the
route-map PREPEND permit 10
set as-path prepend 40000 40000
route through AS 55000 to forward
… packets destined to the 172.17.1.0
network.
BGP Po l i c y - E x a m p l e
2) Modifying incoming data from a neighbor
Any route received from 10.222.1.1 that
router bgp 100
matches the filter parameters set in
!
neighbor 10.222.1.1 route-map FIX-WEIGHT in
autonomous system access list 200 will
neighbor 10.222.1.1 remote-as 1 have its weight set to 200 and its local
! preference set to 250, and it will be
ip as-path access-list 200 permit ^690$ accepted.
ip as-path access-list 200 permit ^1800
!
route-map FIX-WEIGHT permit 10
match as-path 200
set local-preference 250
set weight 200
BGP Po l i c y - E x a m p l e
3) Prefix-based matching to set parameters of the update using inbound
route-maps
!
The route map named SET-LOCAL-PREF
router bgp 65100 sets the local preference of the inbound
network 10.108.0.0 prefix 172.20.0.0/16 to 120
neighbor 10.108.1.1 remote-as 65200
neighbor 10.108.1.1 route-map SET-LOCAL-PREF in
! Ref:
route-map SET-LOCAL-PREF permit 10 http://www.cisco.com/c/en/us/td/docs/ios-xm
match ip address 2 l/ios/iproute_bgp/configuration/xe-3se/3850/i
set local-preference 120 rg-xe-3se-3850-book/irg-prefix-filter.html
!
route-map SET-LOCAL-PREF permit 20 http://www.cisco.com/c/en/us/td/docs/securit
! y/asa/asa82/configuration/guide/config/route
access-list 2 permit 172.20.0.0 0.0.255.255 _maps.pdf
access-list 2 deny any
Su m m a ry
• BGP policies and what they enable
• BGP policy examples
– Influencing inbound path selection
– Modifying incoming data from a neighbor
– Prefix-based matching to set parameters of the update using inbound route-maps
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

Issues in BGP
I n th i s s e g m e n t
• Protocol Oscillations
• Weak Security
• Scalability Induced problems
Ex a m p l e : P o l i c y Di s p u t e Os c i l l a t i o n s

abd
a ad

d
bcd
b
bd
cad
c
cd
Ex a m p l e : P o l i c y Di s p u t e Os c i l l a t i o n s
i. In the initial state, a, b, and c, choose
paths abd, bd, and cd respectively.
ii. When c sends its choice cd–b, upon
learning a higher ranked route b
changes from its current route bd to the
higher ranked route bcd. But, this forces
a to change to a lower ranked route ad,
because the higher ranked path abd no
longer exist.
iii. a then notices its choice ad–c. Similarly,
c changes to cad, b changes to bd.
iv. Finally, b notices its choice bd–a. And a
reverts to abd, c reverts to cd. The
system returns back to initial state, the
sequence of route updates repeats.
BGP Mi s - c o n f i g u r a t i o n s
Causes
• Accidental injection of routes into global BGP tables
• Accidental export of routes in violation of an ISP’s policy

BGP mis-configuration types

• Origin mis-configuration
• Export mis-configuration

Impact of mis-configurations

Source: “Understanding BGP Misconfiguration”, Ratul Mahajan, David Wetherall, Tom Anderson
Se c u r i t y i n BGP
• No mechanism to verify that a route learned is valid
• No support for controlling route announcements
• No support for checking if routes are policy complaint
• Use of TCP as the transport protocol
• Snooping of policy and routing information between two
ASes by an intruder
• MITM attacks
• DoS attacks
• Blackhole attack
• No mechanism to verify that traffic
actually traverses the path it should
Example of prefix hijacking

Source: Prof. VS Shekhawat’s slides

Se c u r i n g BGP
Control Plane Security
• Secure message exchange between neighbors
• Verify validity of routing information
– Origin authentication
– AS path authentication
– AS path policy

Data Plane Security

• Verify packets actually traverse the path they should

BGP variants
• S-BGP, soBGP
– Digital signatures
– S-BGP uses attestations, dynamically signed
Sc a l a b i l i t y I n d u c e d P r o b l e m s
• BGP aggregates reachability information (prefix aggregation)
– Provides scalability to BGP
– Hide fine-grained information about the reachability of destinations
– Black holes
Su m m a ry
• Protocol Oscillations
• Weak Security
• Scalability Induced problems
 BITS Pilani
Pilani | Dubai | Goa | Hyderabad

QoS on the Internet – Network Layer

Qo S o n th e I n t e r n e t – Ne t wo r k L a y e r
• Multiple router interfaces
• Multiple queues per router interface
• Queue vs priority mapping
• Classification of IP packets based on ToS
• Queue management mechanisms
– FIFO, Fair Queuing, Priority Queuing, Weighted Fair Queuing
– Tail drop, RED, WRED

• Role of BGP in delivering QoS

• Policies and QoS