BGP - Optimising the Foundational SDN Technology CKN TechAdvantage Webinar

Like this? Share it with your network

Share

BGP - Optimising the Foundational SDN Technology CKN TechAdvantage Webinar

  • 960 views
Uploaded on

Border Gateway Protocol (BGP) is a protocol that has existed since 1995, and it can be seen as one of the first technologies to enable software-defined networking (SDN) network infrastructure. Through ...

Border Gateway Protocol (BGP) is a protocol that has existed since 1995, and it can be seen as one of the first technologies to enable software-defined networking (SDN) network infrastructure. Through control plane activities, BGP allows the management of services and resources within and between network infrastructures. Recent developments have made BGP an even more service-aware technology, supporting enhanced and innovative off-path traffic manipulation to support resource and service mobility, which in turn will allow operators to optimize CapEx and OpEx in a services-aware data network.

This webcast provides insight into the different areas where SDN-driven networks can benefit from enhanced BGP capabilities and design architectures to promote mobility, virtualization, and resource and service awareness.

Register to listen to the WebEx replay at: http://tools.cisco.com/gems/cust/customerSite.do?METHOD=W&LANGUAGE_ID=E&SEMINAR_CODE=S20463&PRIORITY_CODE=194542_20

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
960
On Slideshare
957
From Embeds
3
Number of Embeds
1

Actions

Shares
Downloads
77
Comments
0
Likes
2

Embeds 3

http://www.slideee.com 3

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. 1© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Knowledge Network TechAdvantage Webinar BGP -Optimising the Foundational SDN Technology Gunter Van de Velde Senior Technical Leader 11 May 2014
  • 2. 2© 2014 Cisco and/or its affiliates. All rights reserved. Agenda •  Some words about SDN •  BGP-Assisted SDN Use-case 1.  WAN Orchestration – BGP-LS 2.  Flow Steering/Security Policies – BGP-FS 3.  Peering Diagnostics – BMP 4.  SLA Policies – BGP SLA
  • 3. Cisco Confidential 3© 2013-2014 Cisco and/or its affiliates. All rights reserved. Introduction to SDN
  • 4. 4© 2014 Cisco and/or its affiliates. All rights reserved. The network paradigm as we know it…
  • 5. 5© 2014 Cisco and/or its affiliates. All rights reserved. Control and Data Plane resides within Physical Device
  • 6. 6© 2014 Cisco and/or its affiliates. All rights reserved. Software defined networking (SDN) is an approach to building computer networks that separates and abstracts elements of these systems What is SDN?(per Wikipedia definition)
  • 7. 7© 2014 Cisco and/or its affiliates. All rights reserved. In other words… In the SDN paradigm, not all processing happens inside the same device
  • 8. 8© 2014 Cisco and/or its affiliates. All rights reserved. A better definition SDN Definition Centralization of control of the network via the Separation of control logic to off-device compute, that Enables automation and orchestration of network services via Open programmatic interfaces SDN Benefits Efficiency: optimize existing applications, services, and infrastructure Scale: rapidly grow existing applications and services Innovation: create and deliver new types of applications and services and business models
  • 9. 9© 2014 Cisco and/or its affiliates. All rights reserved. Private Cloud Automation Research/ Academia §  Experimental OpenFlow/SDN components for production networks Massively Scalable Data Center §  Customize with Programmatic APIs to provide deep insight into network traffic Service Providers §  Policy-based control and analytics to optimize and monetize service delivery Enterprise §  Virtual workloads, VDI, Orchestration of security profiles Different customers, different pain points Cloud §  Automated provisioning and programmable overlay, OpenStack Diverse Programmability Requirements Across Segments Most Requirements are for Automation & Programmability Scalable Multi-Tenancy Network Flow Management Network “Slicing” Agile Service Delivery Transport Efficiency
  • 10. 10© 2014 Cisco and/or its affiliates. All rights reserved. SDN Hybrid Approach •  20+ Years investment in Distributed Control Planes—capex, skills and expertise— by both vendors and customers •  Distributed Control Planes designed to survive battlefield conditions with the possibility of multiple failures •  Leave the distributed control plane in place for “normal” traffic, use SDN for traffic that needs special handling (routing, bandwidth reservation etc.) •  In the event of an SDN Controller failure, you still have a network that works, maybe not as optimally Hybrid Control plane: Distributed control combined with central control (through Controllers) for optimized behavior (e.g. optimized performance) Network Middleware “Controllers”
  • 11. Cisco Confidential 11© 2013-2014 Cisco and/or its affiliates. All rights reserved. About BGP
  • 12. 12© 2014 Cisco and/or its affiliates. All rights reserved. Why  is  BGP  successful?   Simple  and  Scalable       Structured  (Route  Reflector)   Divide  and  Conquer  (ConfederaBon)   Low  protocol  overhead   Simple  FSM   Simple  Messages   Extensible       MulB-­‐protocols,  AFs   Incremental   NLRI,  PA,  Community   Capability  NegoBaBon   Flexible  Policy   Many  Services  !!   HA  and  Secure       Run  over  TCP   NSR   PIC,  Add-­‐Path   MD5  authenBcaBon   RPKI  validaBon   “Driven  by  PragmaBsm”,  “Not  perfect,  but  good  enough”                  -­‐-­‐  Yakov  Rekhter  
  • 13. 13© 2014 Cisco and/or its affiliates. All rights reserved. Control-plane Evolution Many of services are moving towards BGP Service/transport In 200X In 201X Market Internet Peering BGP IPv4 BGP IPv4/v6 SP SP L3VPN BGP IPv4 BGP IPv4/v6 + FRR + Scalability MPLS transport LDP LDP + BGP+Label (Unified MPLS) SP Multicast VPN PIM IPv4 BGP IPv4/v6 Multicast VPN Multicast MPLS transport PIM / mLDP BGP signaling for segmented LSM (Mc Unified MPLS) DDOS mitigation PBR, ACL BGP flowspec, BGP RTBH, uRPF check Security Filters, ACL BGP Sec (RPKI) Network Monitoring SNMP BGP monitoring protocol, BGP YANG SDN BGP YANG/ BGP Link State /BGP SLA /BGP Flow Spec Business & CE L2VPN LDP BGP AD/Sign (VPLS) DCI NG L2VPN/L3VPN BGP AD/Sign (EVPN, PBB-EVPN ) DC / SP Massive Scale DC OSPF/ISIS BGP IPv4/v6 Multipath, BGP EPE Segment Routing DC SP-DC, Cloud-DC BGP Inter-AS, vPE, vCE, L3VPN/EVPN o X Campus L3VPN & mVPN BGP IPv4 (IOS) BGP IPv4/v6 (NX-OS) Ent-DC BGP + Fabric Path (LFA), BGP + VxLAN (Future) Massive scale DMVPN NHRP / EIGRP BGP + Path Diversity EnterpriseFlexVPN BGP Managed CPE BGP IPv4 BGP IPv4 & IPv6
  • 14. Cisco Confidential 14© 2013-2014 Cisco and/or its affiliates. All rights reserved. Use case #1: WAN Orchestration
  • 15. Cisco Confidential 15© 2013-2014 Cisco and/or its affiliates. All rights reserved. “.. not sure why folks keep talking about SDN as a datacenter technology - the value is in the WAN..” •  Vijay Gill •  https://twitter.com/vgill/status/227539039979446272
  • 16. 16© 2014 Cisco and/or its affiliates. All rights reserved. The SP Challenge Traffic Revenue §  Traffic continues to increase, while revenue declines §  On top of SPs’ minds: –  Increase efficiency of existing assets –  Create new revenue opportunities, and be faster at it §  SDN efforts in SP attempt to help with the above!
  • 17. 17© 2014 Cisco and/or its affiliates. All rights reserved. WAN BW optimization WAN BW optimization: 90% -  Distributed optimization -  Full Mesh Auto BW RSVP-TE tunnels -  HIGH OPEX (complex) -  Cust A>50K tunnels -  Cust B>100K tunnels -  Generate Network Oscillation (instability) Today WAN BW, Latency, QoS optimization: 95% -  Centralized optimization -  SDN PCE controller driven WAN optimization -  Adequate Segment Routing TE tunnel -  Low OPEX (simple) -  Cust A <10 tunnels -  Cust B<20 tunnels WAN-Ochestration SDN WAN controller
  • 18. 18© 2014 Cisco and/or its affiliates. All rights reserved. SDN WAN Orchestration End-to-End DC/Cloud Providers Customers DC SDNCustomer SDN Workflow Orchestration/Apps Collector Programming Application Engine NGN WAN Viz & Analytics APPS APIs State Control Multi- Layer SDN WAN APPS PCE-PBGP LS
  • 19. 19© 2014 Cisco and/or its affiliates. All rights reserved. Gathering up-to-date WAN network state •  To do its job SDN WAN Controller requires up-to-date network visibility information, primarily about •  Load/Capacity è SNMP, NetFlow, NETCONF/YANG •  Topology è IGP (OSPF/ISIS) information, direct link/passive, or better: BGP Collector Programming Application Engine NGN WAN Viz & Analytics State Multi- Layer SDN WAN
  • 20. 20© 2014 Cisco and/or its affiliates. All rights reserved. High Level perspective of BGP-LinkState (BGP-LS) •  BGP may be used to advertise link state and link state TE database of a network (BGP-LS) •  Provides a familiar operational model to easily aggregate topology information across domains •  New link-state address family •  Support for distribution of OSPF and IS-IS link state databases •  Topology information distributed from IGP into BGP (only if changed) •  Support introduced in IOS XR 5.1.1 Domain 1 Domain 2 Domain 0 BGP-LS TED BGP-LS BGP-LS RR PCE
  • 21. 21© 2014 Cisco and/or its affiliates. All rights reserved. router isis DEFAULT is-type level-2-only net 49.0000.1720.1625.5001.00 distribute bgp-ls level 2 address-family ipv4 unicast metric-style wide mpls traffic-eng level-2-only mpls traffic-eng router-id Loopback0 ! […] ! ! ! router bgp 65172 address-family link-state link-state ! neighbor 172.31.0.1 description Controller remote-as 65172 update-source Loopback0 address-family link-state link-state ! ! ! BGP Link State Configuration – Cisco IOS XR 5.1.1 Distribute level-2 link state database into BGP-LS Enable link-state addresses and specify BGP-LS peer
  • 22. Cisco Confidential 22© 2013-2014 Cisco and/or its affiliates. All rights reserved. Use case #2: Controlling Flows via BGP
  • 23. 23© 2014 Cisco and/or its affiliates. All rights reserved. Introduction •  BGP (like any other routing protocol) influences destination-based routing •  BGP routing information can be injected from a central place (“SDN controller”) •  Why not use it for more than just giving a destination address to route packets to? •  “Flow Specification Rules” •  Application aware Filtering/redirect/mirroring •  Dynamic and adaptive technology •  Simple to configure
  • 24. 24© 2014 Cisco and/or its affiliates. All rights reserved. Use case 1: Security DDoS mitigation DDOS scrubber Security Controller DDOS Analyser Scan Netflow data To detect DDOS signature SP Description:The goal is to push policies to match on certain flows under DDoS attacks and drop/ rate limit or redirect traffic to DDoS scrubber to protect peering / enterprise customers Business:SP to sale DDoS mitigation services to enterprise customers, generating add value to IP transit services Flexible Netflow BGP flowspec Match: DDOS flow Action: redirect to DDOS scruber
  • 25. 25© 2014 Cisco and/or its affiliates. All rights reserved. Use case 2: Redirection to DC/NfV Description: The goal to redirect certain flows from IP NGN or Internet transit network to DC and NfV appliances Business: SP to sale NfV appliance services to enterprise customers, generating add value to IP NGN and IP transit services NAT VM Firewall VM SBC VM dDOS VM NAT VM Firewall VM SBC VM dDOS VM NAT VM Firewall VM SBC VM dDOS VM NAT VM Firewall VM SBC VM dDOS VM default HTTP BGP flowspec Match: HTTP flows Action: redirect to DC/NfV
  • 26. 26© 2014 Cisco and/or its affiliates. All rights reserved. Cisco BGP flowspec is Standard supported •  BGP flowspec: RFC5575 •  IPv6 support: draft-ietf-idr-flow-spec-v6-05 •  IP Next Hop redirection options: draft-ietf-idr-flowspec-redirect-ip-01 •  Origin check relax: draft-ietf-idr-bgp-flowspec-oid-02 •  Optimized flow based forwarding plane. •  Controller, Route Reflection and Client. Tested with exaBGP (IPv4 controller), Arbor (IPv4 controller), Juniper (IPv4 client) and Alcatel (IPv4 & IPv6 client) XR 5.2.0 June 2014
  • 27. 27© 2014 Cisco and/or its affiliates. All rights reserved. BGP flowspec infrastructure BGP flowspec BGP Platform hardware Policy Infrastructure (E-PBR) Flowspec Manager CLI YANG Phase 2 Phase 1 XR XML BGP
  • 28. 28© 2014 Cisco and/or its affiliates. All rights reserved. Router acting as BGP flowspec client BGP flowspec BGP Platform hardware Policy Infrastructure (E-PBR) Flowspec Manager CLI YANG Phase 2 Phase 1 XR XML BGP BGP Flowspec Match X Action Y
  • 29. 29© 2014 Cisco and/or its affiliates. All rights reserved. Router acting as BGP flowspec server BGP flowspec BGP Platform hardware Policy Infrastructure (E-PBR) Flowspec Manager CLI YANG Phase 2 Phase 1 XR XML BGP BGP Flowspec Match X Action Y
  • 30. 30© 2014 Cisco and/or its affiliates. All rights reserved. BGP flowspec tuple support for IPv4/v6 BGP Flowspec NLRI type QoS match fields Value input method Controller ASR9k As client CRS As client Type 1 IPv4/v6 Destination address Prefix length ü ü ü Type 2 IPv4/v6 Source address Prefix length ü ü ü Type 3 IPv4/v6 protocol Multi value range ü ü ü Type 4 IPv4/v6 source or destination port Multi Value range û ü ü Type 5 IPv4/v6 destination port Multi Value range ü ü ü Type 6 IPv4/v6 Source port Multi Value range ü ü ü Type 7 IPv4/v6 ICMP type Multi value range ü Future ü Type 8 IPv4/v6 ICMP code Multi value range ü Future ü Type 9 IPv4/v6 TCP flags (2 bytes include reserved bits) Bit mask ü Only lower byte not all bits Type 10 IPv4/v6 Packet length Multi value range ü ü ü Type 11 IPv4/v6 DSCP, Traffic Class Multi value range ü ü ü Type 12 IPv4 fragmentation bits Bit mask ü Only indication of fragment ü Type 13 IPv6 flow label optional header Muti value range ü Future future
  • 31. 31© 2014 Cisco and/or its affiliates. All rights reserved. BGP flowspec extended community actions BGP ext-community value PBR Action XR PI ASR9k CRS 0x8006 (RFC5575) Traffic Rate 0 drop ü ü ü 0x8006 (RFC5575) Traffic Rate <rate> police ü ü ü 0x8008 (RFC5575) Redirect VRF redirect vrf ü ü ü 0x8009 (RFC5575) Traffic Marking Set dscp ü ü ü 0x800b (IP redirect draft) Redirect IP NH nexthop IPv4/v6 ü ü ü
  • 32. Cisco Confidential 32© 2013-2014 Cisco and/or its affiliates. All rights reserved. Use case #3: Routing Visibility
  • 33. 33© 2014 Cisco and/or its affiliates. All rights reserved. Optimizing Routing towards the Internet •  When your network is multi-homed to multiple SPs, balancing the traffic across the potential exit points can become a cumbersome task: 1.  Baseline the situation 2.  Tweak BGP attributes (MED, local preference, AS-path) to shift traffic to other exits 3.  Watch the result 4.  If not happy, go back to 2 •  How about letting software do this for you? •  It knows the topology (via BGP-LS, see earlier) •  It knows the traffic/matrix (via NetFlow, LSP stats, interface load) •  It misses information about the BGP routing table and its attributes
  • 34. 34© 2014 Cisco and/or its affiliates. All rights reserved. Achieving Routing Visibility •  As a routing protocol, it can also be used to update the controller with granular routing information •  Easy. •  Really? InternetPE Transit1 Transit2 Controller iBGP
  • 35. 35© 2014 Cisco and/or its affiliates. All rights reserved. BGP RIBs •  BGP speaker maintains multiple Routing Tables: •  Adj-RIB-in (per neighbor) •  These are the updates as received by the peer •  Incoming route policy is applied, attributes are changed •  Updates which are dropped by the incoming route-policy are discarded, to save on memory •  “soft-reconfiguration inbound” keeps them, paths flagged with “received-only” in “show bgp …” •  Loc-RIB (or Local RIB) •  BGP calculates best path among eligible paths in Adj-RIB in and places them into Loc-RIB •  provides a view of all entries kept by the BGP router to forward traffic
  • 36. 36© 2014 Cisco and/or its affiliates. All rights reserved. BGP Monitor Protocol •  We saw one case where we want to know exactly what the neighbor sent us (original attributes) •  For troubleshooting/monitoring, a record of prefixes received by neighbors (even those we configured to ignore) can be valuable tool eBGP Inbound filtering eBGP Loc-RIB Inbound filtering Adj-RIB-in (before filter) Loc-RIB Adj-RIB-in BMP collector
  • 37. 37© 2014 Cisco and/or its affiliates. All rights reserved. What is BMP? •  BMP is intended to be used for monitoring BGP sessions •  BMP is intended to provide a more convenient interface for obtaining route views •  Design goals •  Simplicity •  Easy to use •  Minimal service affecting •  BMP is not impacting the routing decision process and is only used to provide monitoring information •  BMP provides access to the Adj-RIB-In of a BGP peer on an ongoing basis and provide s a periodic dump of statistical information. A monitoring station can use this for further analysis •  http://tools.ietf.org/html/draft-ietf-grow-bmp-07 (AKA BMPv3) •  https://code.google.com/p/bmpreceiver/ (ExaBGP BMP code)
  • 38. 38© 2014 Cisco and/or its affiliates. All rights reserved. Deployment Models •  Deployment Model 1 •  Peering diagnostics and analytics •  Deployment Model 2 •  Internal diagnostics and analytics BMP Session BMP Session AS#4567 AS#1234 IGP 1 IGP 2 IGP 3 IGP 4 Analyser IGP 5 BMP Session BMP Session AS#4567 AS#1234 IGP 1 IGP 2 IGP 3 IGP 4 Analyser IGP 5 BMP Session
  • 39. 39© 2014 Cisco and/or its affiliates. All rights reserved. Configuration router bgp <asn> neighbor <ip-address> BMP monitor all / server 1 server 2 … bmp server <1-32> activate address <ipv4/6 address> port-number <num> update-source <interface> description <string> failure-retry-delay <seconds> flapping-delay <seconds> initial-delay <seconds> set ip dscp value <1-7> stats-reporting-period <seconds> bmp buffer-size <megabytes> bmp initial-refresh {delay <seconds> | skip } XR 5.2.2 November 2014
  • 40. Cisco Confidential 40© 2013-2014 Cisco and/or its affiliates. All rights reserved. Use case #4: Controlling SLA via BGP
  • 41. 41© 2014 Cisco and/or its affiliates. All rights reserved. Introduction •  BGP (like any other routing protocol) influences destination-based routing •  BGP routing information can be injected from a central place (“SDN controller”) •  Why not use it for more than just giving a destination address to route packets to? •  “SLA Rules” •  Application aware QoS •  Dynamic and adaptive technology •  Simple to configure
  • 42. 42© 2014 Cisco and/or its affiliates. All rights reserved. Controlling SLA via BGP SLA SDN Controller BGP SLA -  VPN Green -  25% Gold -  25% Silver -  50% BE Managed CPE Unmanaged CPECustomer Customer Portal Change SLA to -  25% Gold -  25% Silver -  50% BE 1 2 3 draft-ietf-idr-sla-exchange Future DEMO is available
  • 43. Cisco Confidential 43© 2013-2014 Cisco and/or its affiliates. All rights reserved. Wrapping Up
  • 44. 44© 2014 Cisco and/or its affiliates. All rights reserved. Summary •  Flexibility: SDN enhances the way we’re doing networking, automates tasks, introduces new possibilities through open APIs •  Investment Protection: SDN can co-exist with traditional networking protocols, it even leverages them. •  Rich implementation: BGP provides a couple of essential tools in the toolbox for topology and routing distribution and flow control / SLA control •  Cost Effective: We hope you will make use of them to make your network infrastructure more agile and cost-effective
  • 45. Cisco Confidential 45© 2013-2014 Cisco and/or its affiliates. All rights reserved. Questions?
  • 46. Thank you.