BGP路由策略之经典文章(2)

 

《BGP routing policies in ISP networks》IEEE Network Magazine 2005

 

1 ways to configure local policy

There are three classes of “knobs” that can be used to control

import and export policies:

1） Preference(decision process)

2） Filter(eliminate certain route)

3） Tag(community)

 

2 BGP policy common practice and design pattern

1) Business relationship

(1)inbound: assign local-preference to influence the BGP decision process.

Often an ISP will achieve this by

assigning a non-overlapping range of LocalPref values to each

type of peering relationship; for example LocalPref values in

the range 90-99 might be used for customers, 80-89 for peers,

70-79 for providers, and 60-69 for backup links. LocalPref can

then be varied within each range to do traffic engineering without

violating the constraints associated with the business relationship.

那么如果我站在一个自治系统或者ISP的角度能够通过SNMP等方式获得该自治系统的边界路由器的路由表，那么就可以针对同一个prefix的多个路由的local-preference值来推测出与邻居自治系统的商业关系。

(2)outbound: Controlling route export

导出策略好像很难通过单个自治系统的方式来进行推导,不过也不是说要和策略配置的方式一一验证和对应起来，其实只要能够把商业关系推断正确就可以了。

 

2) Traffic engineering

(1)outbound traffic control(by changing local-preference and IGP costs)

   Outbound traffic的控制其实就是inbound策略的控制，我觉得在单个自治系统的角度也是可以做到的，比如你从不同的边界路由器的路由表中发现到达相同的prefix的local-preferce不同，可能就是做了负载均衡；不同的metric来发现不同的hot-potato区域，不同的AS-Path长度啦等等。

(2) Inbound traffic control (by AS prepending and MED):

       Inbound traffic的控制其实就是outbound的策略，即如何到达自己自治系统的前缀。主要包括对于相邻自治系统在多连接(multiple link)下所使用的MED值，以及远端AS控制的自治系统号添加两种方式。但是这些我觉得从其邻居自治系统那里来采集数据进行分析可能会更加直接些。

(3)Remote control (by changing community attributes):

Remote control

provides more flexibility than MED because it allows control

of inputs to earlier steps of the decision process like Local-

Pref, as shown in the example above.Moreover,MED can only

change the relative preference of routes, while remote control

can be configured to filter routes, or perform AS prepending.

However, ISP’s neighbors must

agree in advance to accept community attributes from the other

peer.Also, the highly expressive nature of community attributes

introduces potential for misconfiguration.

 

3)Scalability

Limiting routing table size (by filtering and using the community attribute):

Limit the number of routing changes (by suppressing routes that flap)

4)Security

Discarding invalid routes (by import filtering)

Protect integrity of routing policies (by rewriting attributes)

Securing the network infrastructure (by export filtering)

Blocking denial-of-service attacks (by filtering and damping)

 

 

 

 

《Practical Verification Techniques for Wide-Area Routing》 sigcomm CCR 2004

1 verify five aspect of correcteness:

validity (the existence of a route implies

the existence of a corresponding path), visibility (the existence of

a path implies the existence of a corresponding route), safety (the

existence of a stable, unique path assignment), determinism (best

route selection is independent of message ordering and the presence

of sub-optimal routes), and information-flow control (the protocol

conforms to a specified information flow policy; that is, it does not

“leak” information).

2 verification methodology:

Static analysis

parses configuration statements to detect errors that are evident

from the configuration commands themselves. A sandbox can determine

whether (and under what circumstances) a seemingly correct

configuration can produce incorrect behavior