The document discusses BGP routing policies in ISP networks. It begins by providing background on how BGP evolved to support routing policies as the internet became more complex. It then discusses how BGP routing works within an autonomous system (AS) and how policies are implemented through BGP attributes and route selection. Common types of routing policies include business relationship policies, traffic engineering policies, scalability policies, and security policies. The document focuses on how ISPs use BGP to implement routing policies to meet business and technical goals.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
High level introduction to LTE Metrocells including reasons why, where/when deployed, factors to consider etc. Taster for the fully day Metrocell Masterclass - see https://www.thinksmallcell.com/Femtocell-Events/metrocell-masterclass-become-a-metrocell-expert-in-one-day.html
Test Analyst 3 + Yrs Manual Automation Themeamitcitm
A Software Testing Professional
Qualified, Experienced, Responsible, Dependable
Software Test Engineer Seeking assignments for Testing Software, MANUAL/AUTOMATION, SECURITY Testing Comprehensive Knowledge of the SDLC (Software Development life cycle) and STLC (Software Testing Life Cycle), Spiral and V-MODEL activities within a leading organization.
Border Gateway Protocol (BGP) is the protocol whi.pdfanandatalapatra
Border Gateway Protocol (BGP) is the protocol which is used to make core routing
decisions on the Internet; it involves a table of IP networks or \"prefixes\" which designate
network reach-ability among autonomous systems (AS). BGP is a path vector protocol, or a
variant of a Distance-vector routing protocol. BGP does not involve traditional Interior Gateway
Protocol (IGP) metrics, but routing decisions are made based on path, network policies, and/or
rule-sets. For this reason, it is more appropriately termed a reach-ability protocol rather than
routing protocol. BGP was created to replace the Exterior Gateway Protocol (EGP) to allow fully
decentralized routing in order to transition from the core ARPAnet model to a decentralized
system that included the NSFNET backbone and its associated regional networks. This allowed
the Internet to become a truly decentralized system. Since 1994, version four of the BGP has
been in use on the Internet. All previous versions are now obsolete. The major enhancement in
version 4 was support of Classless Inter-Domain Routing and use of route aggregation to
decrease the size of routing tables. Since January 2006, version 4 is codified in RFC 4271, which
went through more than 20 drafts based on the earlier RFC 1771 version 4. RFC 4271 version
corrected a number of errors, clarified ambiguities and brought the RFC much closer to industry
practices. Most Internet service providers must use BGP to establish routing between one another
(especially if they are multihomed). Therefore, even though most Internet users do not use it
directly, BGP is one of the most important protocols of the Internet. Compare this with Signaling
System 7 (SS7), which is the inter-provider core call setup protocol on the PSTN. Very large
private IP networks use BGP internally. An example would be the joining of a number of large
OSPF (Open Shortest Path First) networks where OSPF by itself would not scale to size. Another
reason to use BGP is multihoming a network for better redundancy, either to multiple access
points of a single ISP (RFC 1998), or to multiple ISPs.
Solution
Border Gateway Protocol (BGP) is the protocol which is used to make core routing
decisions on the Internet; it involves a table of IP networks or \"prefixes\" which designate
network reach-ability among autonomous systems (AS). BGP is a path vector protocol, or a
variant of a Distance-vector routing protocol. BGP does not involve traditional Interior Gateway
Protocol (IGP) metrics, but routing decisions are made based on path, network policies, and/or
rule-sets. For this reason, it is more appropriately termed a reach-ability protocol rather than
routing protocol. BGP was created to replace the Exterior Gateway Protocol (EGP) to allow fully
decentralized routing in order to transition from the core ARPAnet model to a decentralized
system that included the NSFNET backbone and its associated regional networks. This allowed
the Internet to become a truly decentralize.
Network Configuration Example: Conditional Installation of Prefixes in a Rout...Juniper Networks
This document describes the advantages of and uses for installing prefixes in a routing
table based on a defined condition. It also provides a step-by-step procedure for
configuring and verifying the conditional installation of prefixes.
Implementing a Session Aware Policy Based Mechanism for QoS Control in LTEIJERA Editor
Quality of Service (QoS) provisioning has become significant with the widely growth of multimedia applications and high increase in the number of users in both wireless and wired networks. In this paper, we implemented a session-aware policy based mechanism for QoS provisioning and control in LTE (Long Term Evolution) networks. Policies are a set of rules identifying the QoS parameters for users. Implementation included DiffServ (Differentiated Services) configuration and setting policies inside the PCRF (Policy Charging Rules Function) which is the brain entity in LTE, then mapping from QCI (QoS Class ID) to DiffServ. Moreover, the dialogue between PCEF (Policy Charging Enforcement Function) and PCRF was implemented. Simulations on four different traffic application types: VoIP (voice over IP), video, web, and ftp (file transfer protocol) were performed under the network simulator (ns2). Results showed that applying PCEF over the different traffic applications has a great effect in controlling these applications and specifically UDP (User Datagram Protocol) based applications such as video.
Explore the differences between BGP peering and route server peering. Find out which is better for your network based on scale and requirements. Connect securely and efficiently with a reliable peering service provider.
Visit Us @https://www.de-cix.in/peering-services
High level introduction to LTE Metrocells including reasons why, where/when deployed, factors to consider etc. Taster for the fully day Metrocell Masterclass - see https://www.thinksmallcell.com/Femtocell-Events/metrocell-masterclass-become-a-metrocell-expert-in-one-day.html
Test Analyst 3 + Yrs Manual Automation Themeamitcitm
A Software Testing Professional
Qualified, Experienced, Responsible, Dependable
Software Test Engineer Seeking assignments for Testing Software, MANUAL/AUTOMATION, SECURITY Testing Comprehensive Knowledge of the SDLC (Software Development life cycle) and STLC (Software Testing Life Cycle), Spiral and V-MODEL activities within a leading organization.
Border Gateway Protocol (BGP) is the protocol whi.pdfanandatalapatra
Border Gateway Protocol (BGP) is the protocol which is used to make core routing
decisions on the Internet; it involves a table of IP networks or \"prefixes\" which designate
network reach-ability among autonomous systems (AS). BGP is a path vector protocol, or a
variant of a Distance-vector routing protocol. BGP does not involve traditional Interior Gateway
Protocol (IGP) metrics, but routing decisions are made based on path, network policies, and/or
rule-sets. For this reason, it is more appropriately termed a reach-ability protocol rather than
routing protocol. BGP was created to replace the Exterior Gateway Protocol (EGP) to allow fully
decentralized routing in order to transition from the core ARPAnet model to a decentralized
system that included the NSFNET backbone and its associated regional networks. This allowed
the Internet to become a truly decentralized system. Since 1994, version four of the BGP has
been in use on the Internet. All previous versions are now obsolete. The major enhancement in
version 4 was support of Classless Inter-Domain Routing and use of route aggregation to
decrease the size of routing tables. Since January 2006, version 4 is codified in RFC 4271, which
went through more than 20 drafts based on the earlier RFC 1771 version 4. RFC 4271 version
corrected a number of errors, clarified ambiguities and brought the RFC much closer to industry
practices. Most Internet service providers must use BGP to establish routing between one another
(especially if they are multihomed). Therefore, even though most Internet users do not use it
directly, BGP is one of the most important protocols of the Internet. Compare this with Signaling
System 7 (SS7), which is the inter-provider core call setup protocol on the PSTN. Very large
private IP networks use BGP internally. An example would be the joining of a number of large
OSPF (Open Shortest Path First) networks where OSPF by itself would not scale to size. Another
reason to use BGP is multihoming a network for better redundancy, either to multiple access
points of a single ISP (RFC 1998), or to multiple ISPs.
Solution
Border Gateway Protocol (BGP) is the protocol which is used to make core routing
decisions on the Internet; it involves a table of IP networks or \"prefixes\" which designate
network reach-ability among autonomous systems (AS). BGP is a path vector protocol, or a
variant of a Distance-vector routing protocol. BGP does not involve traditional Interior Gateway
Protocol (IGP) metrics, but routing decisions are made based on path, network policies, and/or
rule-sets. For this reason, it is more appropriately termed a reach-ability protocol rather than
routing protocol. BGP was created to replace the Exterior Gateway Protocol (EGP) to allow fully
decentralized routing in order to transition from the core ARPAnet model to a decentralized
system that included the NSFNET backbone and its associated regional networks. This allowed
the Internet to become a truly decentralize.
Network Configuration Example: Conditional Installation of Prefixes in a Rout...Juniper Networks
This document describes the advantages of and uses for installing prefixes in a routing
table based on a defined condition. It also provides a step-by-step procedure for
configuring and verifying the conditional installation of prefixes.
Implementing a Session Aware Policy Based Mechanism for QoS Control in LTEIJERA Editor
Quality of Service (QoS) provisioning has become significant with the widely growth of multimedia applications and high increase in the number of users in both wireless and wired networks. In this paper, we implemented a session-aware policy based mechanism for QoS provisioning and control in LTE (Long Term Evolution) networks. Policies are a set of rules identifying the QoS parameters for users. Implementation included DiffServ (Differentiated Services) configuration and setting policies inside the PCRF (Policy Charging Rules Function) which is the brain entity in LTE, then mapping from QCI (QoS Class ID) to DiffServ. Moreover, the dialogue between PCEF (Policy Charging Enforcement Function) and PCRF was implemented. Simulations on four different traffic application types: VoIP (voice over IP), video, web, and ftp (file transfer protocol) were performed under the network simulator (ns2). Results showed that applying PCEF over the different traffic applications has a great effect in controlling these applications and specifically UDP (User Datagram Protocol) based applications such as video.
Explore the differences between BGP peering and route server peering. Find out which is better for your network based on scale and requirements. Connect securely and efficiently with a reliable peering service provider.
Visit Us @https://www.de-cix.in/peering-services
An Effective approach to control Inter-domain Traffic Engineering among Heter...ijistjournal
The Flow of packets inside an IP networks can be effectively controlled by appropriate traffic engineering. Today’s internet routing mainly concentrates on controlling the ingress and egress traffic which occurs through border routers. There are different ways by which we can control the traffic between autonomous systems. In most cases redistribution communities are used for the control over traffic engineering. In this paper we focus on alternative approaches like Multi Protocol Label Switching (MPLS) and Ambient Networks, through which there can be an effective control over traffic engineering. Ambient Networks are designed to solve switching problems between heterogeneous networks.
Dear Students
Ingenious techno Solution offers an expertise guidance on you Final Year IEEE & Non- IEEE Projects on the following domain
JAVA
.NET
EMBEDDED SYSTEMS
ROBOTICS
MECHANICAL
MATLAB etc
For further details contact us:
enquiry@ingenioustech.in
044-42046028 or 8428302179.
Ingenious Techno Solution
#241/85, 4th floor
Rangarajapuram main road,
Kodambakkam (Power House)
http://www.ingenioustech.in/
Network Policy Abstractions in OpenStack NeutronSumit Naiksatam
A new set of application centric network abstractions are being developed in the form of the Neutron Group Policy extension. In this model, networking requirements of applications are expressed as network policies. On the other hand, there have been significant work on defining network services (*aaS), service insertion and service chaining in the Neutron community. More recently work on Network Function Virtualization and a framework for advanced services in virtual machines have been getting attention.
In this talk, we first discuss the state of the work in implementing the Neutron Group Policy extension and show how a more application-centric view of networking resources can be used to specify and deploy applications. In particular, we demonstrate the use of network policies as defined in a Heat template to specify and deploy an application. We then explore how the Neutron Group Policy extension can take advantage of advances in defining network services and functions and bring about a truly application centric view of networking resources. We show how this view impacts different layers of the stack from end to end and discuss the future directions of the Neutron Group Policy extension.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Monitoring Java Application Security with JDK Tools and JFR Events
Policies
1. BGP routing policies in ISP networks
Matthew Caesar Jennifer Rexford
UC Berkeley Princeton University
Abstract messages or the way they are propagated) must be coordinated
and simultaneously implemented in other ISPs to support the
The Internet has quickly evolved into a vast global network
new design. Hence most modifications to the protocol have
owned and operated by thousands of different administra-
been made to the decision process BGP uses to choose routes.
tive entities. During this time, it became apparent that vanilla
The result is a protocol where most of the complexity is in the
shortest-path routing would be insufficient to handle the myriad
decision process and the policies used to influence decisions,
operational, economic, and political factors involved in routing.
while the rest of the protocol remained fairly simple over time.
ISPs began to modify routing configurations to support routing
Therefore, in order to understand BGP it is necessary to under-
policies, i.e. goals held by the router’s owner that controlled
stand this decision process and the policies of ISPs that gave
which routes were chosen and which routes were propagated
rise to its design. Understanding policies is also key to solving
to neighbors. BGP, originally a simple path-vector protocol,
BGP’s problems, understanding measurement data from BGP,
was incrementally modified over time with a number of mecha-
or determining what features to support when developing a new
nisms to support policies, adding substantially to the complex-
version of BGP.
ity. Much of the mystery in BGP comes not only from the pro-
tocol complexity but also from a lack of understanding of the The range of policies used by operators constitutes a huge space
underlying policies and the problems ISPs face which they ad- and hence it is impossible to list them all here. Instead, we try to
dress. In this paper we shed light on goals operators have and list common goals of network operators and the knobs of BGP
their resulting routing policies, why BGP evolved the way it that can be used to express policies. In particular, we attempt
did, and how common policies are implemented using BGP. to isolate certain design patterns commonly used by ISPs, the
We also discuss recent and current work in the field that aims motivations behind them, and how they are implemented in an
to address problems that arise in applying and supporting rout- ISP’s network using BGP’s mechanisms. We taxonomize poli-
ing policies. cies into four general categories: business relationship policy
(Section 3) arising from economic or political relationships an
1 Introduction ISP has with its neighbor, traffic engineering policy (Section 4)
arising from the need to control traffic flow within an ISP and
In the early days of the Internet, the problem of how to route across peering links to avoid congestion and provide good ser-
packets to their final destination was much simpler than it is vice quality, policies for scalability (Section 5) to reduce con-
today. At the time, the requirements of the Internet’s rout- trol traffic and avoid overloading routers, and security-related
ing protocol were fairly simple, as the Internet was small policies (Section 6) that are often used to protect an ISP against
by today’s standards, operated by a single administrative en- malicious or accidental attacks. We also discuss several avenues
tity (NSFNET), and shortest-path routing was typically used. of research currently in progress related to BGP policies (Sec-
Over time, as the Internet became more heavily commercial- tion 7). We start by giving an overview of BGP routing in the
ized and privatized, Internet Service Providers (ISPs) began to next section.
have vested interests in controlling the way traffic flowed for
economic and political reasons. The Border Gateway Protocol 2 BGP routing in a single AS
(BGP) was born out of the need for ISPs to control route selec-
tion (where to forward packets) and propagation (who to export The Internet consists of thousands of Autonomous Systems
routes to). (ASes)—networks that are each owned and operated by a single
institution. BGP is the routing protocol used to exchange reach-
When BGP was first introduced, it was a fairly simple path- ability information across ASes. Usually each ISP operates one
vector protocol. Over time, many incremental modifications to AS, though some ISPs may operate multiple ASes for business
allow ISPs to control routing were proposed and added to BGP. reasons (e.g. to provide more autonomy to administrators of an
The end result was a protocol weighted down with a huge num- ISP’s backbones in the United States and Europe) or historical
ber of mechanisms that can overlap and conflict in various un- reasons (e.g. a recent merger of two ISPs). Non-ISP businesses
predictable ways. These modifications can be highly mysteri- (enterprises) may also operate their own ASes so as to gain the
ous since many of them, including the decision process used additional routing flexibility that arises from participating in the
to select routes, are not part of the protocol specification [1]. BGP protocol.
Moreover, their complexity gives rise to several key problems,
Compared to enterprise networks, ISPs usually have more com-
including unforeseen security vulnerabilities, widespread mis-
plex policies arising from the fact that they often have several
configuration, and conflicts between policies at different ISPs.
downstream customers, connect to certain customers in mul-
Addressing BGP’s problems is difficult, as changing certain as- tiple geographic locations, have complex traffic engineering
pects of BGP (for example changing the contents of update goals, and run BGP on internal routers (rather than just border
2. routers as enterprises often do). Although some of the observa-
Table 1: Steps in the BGP decision process.
tions we make apply to enterprise networks, our core focus in
this paper is on ISP networks. In this section, we describe BGP
from the standpoint of a single AS, describing first the protocol Step Attribute Controlled by local
that transmits routes from one AS to another, then the decision or neighbor AS?
process used to choose routes, and finally the mechanisms used 1. Highest LocalPref local
at routers to implement policy. 2. Lowest AS path length neighbor
3. Lowest origin type neither
2.1 Exchanging routing state 4. Lowest MED neighbor
5. eBGP-learned over iBGP-learned neither
6. Lowest IGP cost to border router local
7. Lowest router ID (to break ties) neither
control over route selection, several additional attributes were
added to advertisements, allowing a router to alter its decisions
based on the values of these attributes. The end result is the
BGP decision process, consisting of an ordered list of attributes
across which routes are compared, as shown in Table 1. The
router goes down the list, comparing each attribute in the list
across the two routes. If the routes have different values for the
Figure 1: Example topology with three ISPs A, B, and C. attribute, the router chooses the one that has the more desirable
attribute, otherwise it moves on to compare the next attribute
Figure 1 shows a simple BGP network. BGP sessions are es-
in the list. The route that is chosen is used by the router to for-
tablished between border routers that reside at the edges of
ward packets. The ordering of attributes allows the operator to
an AS and border routers in neighboring ASes. These sessions
influence various stages of the decision process. For example,
are used to exchange routes between neighboring ASes. Border
the Local Preference (LocalPref) is the first step in the deci-
routers then distribute routes learned on these sessions to non-
sion process. By changing LocalPref, an operator can force a
border (internal) routers as well as other border routers in the
route with a longer AS path to be chosen over a shorter one. As
same AS using internal-BGP (iBGP). In addition, the routers
another example, the Multi-Exit Discriminator (MED) is typi-
in an AS usually run an Interior Gateway Protocol (IGP) to
cally used by two ASes connected by multiple links to indicate
learn the internal network topology and compute paths from
which peering link should be used to reach the AS advertising
one router to another. Each router combines the BGP and IGP
the attribute. MED was placed lower in the decision process
information to construct a forwarding table that maps each des-
as this allows an ISP to override these suggestions, e.g. by set-
tination prefix to one or more outgoing links along shortest
ting LocalPref. Using a strict ordering of attributes in the de-
paths through the network to the chosen border router.
cision process simplifies policy expression and makes it easier
BGP is a relatively simple protocol with a few salient features. to predict the outcome of making configuration changes. While
First, BGP is an incremental protocol, where after a complete some vendors allow operators to disable certain steps in the de-
routing table is exchanged between neighbors, only changes to cision process, they typically do not permit the operators to put
that information are exchanged. These changes may be new the steps in a different order. Hence some policies that violate
route advertisements, route withdrawals, or changes to route this ordering (e.g. ignore AS path length, or first choose lowest
attributes. Second, BGP is a path-vector protocol where ad- MED then highest LocalPref) may require various hacks which
vertisements contain a list of ASes used to reach the destina- can complicate router configuration and lead to unforeseen side
tion. Third, routes are advertised at the prefix level, so an AS effects.
would send a separate update for each of its reachable prefixes.
There are different locations where a route attribute can be set
Fourth, BGP update messages may contain several fields, in-
by policy: (a) Locally, for example LocalPref is an integer value
cluding a list of prefixes being advertised, a list of prefixes be-
set at and propagated throughout the local AS and filtered be-
ing withdrawn, and a list of route attributes that describe vari-
fore sending to neighboring ISPs. (b) Neighbor, for example
ous characteristics of each advertised route. An ISP implements
the MED attribute is typically used by two ASes connected by
its policies by modifying route attributes and changing the way
multiple links to indicate which peering link should be used to
routers react to advertisements with certain route attributes, as
reach the AS advertising the MED attribute, and is not used
discussed below.
to compare routes through two different next-hop ASes. (c)
2.2 Selecting a route at a router Neither: some attributes, for example whether the route was
learned through an external BGP (eBGP) neighbor or from an
A BGP router in an ISP may have several alternate routes to internal router speaking BGP (iBGP), are set by the protocol
reach a particular destination. In the absence of policy, the and cannot be changed.
router would choose the route with the minimum pathlength,
The collective results of the decision process across routers is
with some arbitrary way to break ties between routes with the
to produce a set of equally good border routers for each pre-
same pathlength. However, in order to give operators greater
fix, where each router in the set is equivalent according to the
3. first four steps of the decision process that compare BGP at- An ISP implements its policies by applying configuration com-
tributes. Each internal router then chooses the router in that mands at routers. These configurations typically consist of a set
set that is closest according to the Interior Gateway Protocol of lists of preference, filtering, and tagging rules, one list for
(IGP) path cost to reach that border router. For example in Fig- each session the router has with a neighboring BGP-speaking
ure 1, suppose prefix 6.0.1.0/24 is reachable to B via both A router. Although the configuration language differs between
and C, but B’s LocalPref is set higher for routes through A. The vendors, a key primitive that is often provided is a route-map,
set of equally good border routers would then contain R1 and a language construct used to modify route attributes and define
R2 , and each router in B would select the route that was clos- conditions that determine which routes are exported to peers.
est exit point (lowest IGP cost): ra and R1 would choose the It consists of two parts: a set of conditions indicating when the
route through R1 , and all other routers would choose the route map is to be invoked (e.g. the prefix is a specified value, or the
through R2 . AS path matches a specified regular expression), and the action
There are three steps a router uses to process route advertise- to be taken if the advertisement matches the conditions (e.g.
ments. First import policy is applied to determine which routes modify a specified attribute, or filter the route).
should be filtered and hence eliminated from consideration, and
may append or modify attributes. Next, the router applies the 3 Business relationships
decision process to select the most desirable route. Finally, an ISPs often wish to control next hop selection so as to reflect
export policy is applied which determines which neighbors the agreements or relationships they have with their neighbors.
chosen route will be exported to. An ISP may implement its Three common relationships ISPs have are: customer-provider,
policy by controlling any of these three steps, i.e., by modify- where one ISP pays another to forward its traffic, peer-peer,
ing import policy to filter routes it doesn’t want to use, modi- where two ISPs agree that connecting directly to each other
fying route attributes to prefer some routes over others, or by (typically without exchanging payment) would mutually bene-
modifying export policy to avoid providing routes for certain fit both, perhaps because roughly equal amounts of traffic flow
neighbors to use. In addition, an ISP can modify attributes of between their networks, and backup relationships, where two
routes it advertises, which can influence how its neighbors per- ISPs set up a link between them that is to be used only in the
form route selection. event that the primary routes become unavailable due to failure.
There are two key ways these relationships manifest themselves
2.3 Configuring local policies in policy:
There are three classes of “knobs” that can be used to control Influencing the decision process (by assigning LocalPrefs):
import and export policies: ISPs often prefer customer-learned routes over routes learned
from peers and providers when both are available. This is often
1. Preference influences which BGP route will be chosen for done because sending traffic through customers generates rev-
each destination prefix. Changing preference is done by enue for the ISP while sending traffic through providers costs
adding/deleting/modifying route attributes in BGP adver- the ISP money and sending to peers can skew the balance of
tisements. Table 1 shows which attributes can be modified power in the peering relationship and thereby give incentive to
during import to control preference locally, and which can the party receiving more traffic to tear down the relationship or
be modified during export to change how much a neighbor start charging the other party. Often an ISP will achieve this by
prefers the route. assigning a non-overlapping range of LocalPref values to each
type of peering relationship; for example LocalPref values in
2. Filtering eliminates certain routes from consideration and the range 90-99 might be used for customers, 80-89 for peers,
also controls who they will be exported to. Filtering may 70-79 for providers, and 60-69 for backup links. LocalPref can
be applied both before preference (inbound filtering) or then be varied within each range to do traffic engineering with-
after preference (outbound filtering). Filtering is done by out violating the constraints associated with the business re-
instructing routers to ignore advertisements with attributes lationship, as described in Section 4. As another example, a
matching certain specified values or ranges. large ISP spanning both North America and Europe may wish
3. Tagging allows an operator to associate additional state to avoid forwarding traffic generated by its customers across an
with a route, which can be used to coordinate decisions expensive transatlantic link. This can be done by configuring
made by a group of routers in an AS, or to share context its European routers with a higher LocalPref for routes learned
across AS boundaries. The key mechanism is the com- from European ISPs, and giving its North American routers a
munity attribute [2] [3], a variable-length string used to lower LocalPref for these routes.
tag routes. The community attribute is a highly expres- Controlling route export (by using the community at-
sive mechanism, lending itself to support a wide variety tribute): Routes learned from providers or peers are usually not
of complex policies that are difficult to express through exported to other providers or peers, because there is no eco-
other means. For example, one community value might nomic incentive for an ISP to forward traffic it receives from
affect how the receiving router sets LocalPref, while an- one provider or peer to another. This can be done by tagging
other might cause the route to be filtered at another router. advertisements with a community attribute signifying the busi-
However, its expressiveness gives potential for misconfig- ness relationship of the session, and filtering routes with certain
uration, which is exacerbated by the fact that community community attributes when exporting routes to peers. For ex-
attributes usage is not standardized. ample, suppose B wishes to not export routes learned from A
4. to C (Figure 1), perhaps because it does not get paid for transit- lar expression, then tweaking the regular expression repeatedly
ting traffic from C to A. It can do this as follows. First, for every to control how many prefixes match it. However, since this is
session routers R1 and R2 have with routers in A, B configures done manually it is subject to misconfiguration, cannot be done
an import policy that appends the community attribute Xpeer to in real time to adjust to changing load, and the outcome from
any route learned over these sessions, to indicate that the route a change can be difficult to predict. There are automated tools
was received from a peer—information which is ordinarily lost that an ISP can use to predict the effects of these actions [5].
in BGP as the route propagates across the AS. After appending Inbound traffic control (by AS prepending and MED): An
the community attribute, B exports the route onwards into its ISP’s internal congestion may be exacerbated by its neighbors,
internal iBGP network. Second, B configures export policies at because its neighbors might not be aware of the ISP’s traffic-
R4 that match on this community attribute to determine which engineering goals, internal topology, or load on internal links
routes get exported to C. In particular, every session between due to privacy reasons. Hence, some mechanism to allow an
R4 and a router in C is configured with an export policy that ISP to control how much traffic it receives from each of its peer-
filters any route with the community attribute Xpeer . ing links is essential. Unfortunately, this is a highly challenging
problem, as it requires the local ISP to influence route selection
4 Traffic engineering in remote ISPs, which in turn might wish to limit or completely
While business relationships affect relative preferences for ignore the local ISP’s goals. However, an ISP may convince
routes, there are often several routes available that are equally its neighbor (perhaps through economic incentives) to allow
preferred. Moreover, ISPs often connect at multiple locations to the ISP to control how much traffic it receives on each link
reduce delay and improve reliability, increasing the number of from the neighbor. This can be done by modifying the MED
available routes. A secondary goal for many ISPs is to engineer attribute, which can be used between a pair of ISPs connected
their traffic by modifying preference within the same business via multiple peering links. For example, if B wanted to reduce
class to meet or maximize certain performance criteria (e.g., the amount of traffic traversing router R1 , it could increase the
achieve desired quality and availability). An ISP can do this by value of the MED attribute R1 advertises to A, causing the link
modifying the import policies applied by its routers, each of to R2 to become more preferred by A’s routers and thereby de-
which can have a different configuration. In this section we de- creasing R1 ’s load.
scribe several common traffic engineering goals (a related topic, Shifting traffic between links to different neighbors is more
ensuring the selected routes are stable, is discussed in [4]). challenging, as unfortunately BGP was not designed with a
Outbound traffic control (by changing LocalPref and IGP mechanism to control route selection in ASes multiple hops
costs): Operators can influence outbound traffic flow either by away. However, a workaround commonly used is for an AS to
configuring import policies that affect which routes get in the prepend multiple copies of its AS number to the AS path in or-
set of equally-good border routers, or by modifying IGP link der to artificially inflate the AS-path length. For example, sup-
costs. One common goal is early-exit routing (also called hot- pose B wishes to shift some traffic from its link to A to its link
potato routing), where the ISP forwards traffic to its closest pos- to C. B can do this by prepending additional copies of its AS
sible exit point, so as to reduce the number of links packets tra- number onto the AS paths in BGP advertisements it sends to
verse and hence the resulting congestion in its internal network. A. This increases the AS-path length in these advertisements,
Although early-exit routing is known to inflate end-to-end path which causes routes advertised by C to other ISPs to become
lengths in the Internet, ISPs often exercise early-exit routing to more desirable in comparison.
reduce their costs and network congestion, and because BGP Remote control (by changing community attributes): In cer-
does not support alternatives like determining global shortest tain cases, an ISP may need to remotely manage a router’s
paths across multiple ISPs. configuration to implement a desired policy. For example in
Another common goal is to reduce congestion on outbound Figure 1, suppose B wishes to have all inbound traffic routed
links to neighbors. This can be done by load balancing traffic through A, and suppose C peers with A (not shown in the fig-
over several links when possible. Outbound traffic engineering ure). If C has a LocalPref to prefer the direct route to B, no
can be done by changing LocalPref. For example, suppose B change in MED or AS prepending will force C to use alter-
wishes to shift some traffic from its links to A to its link to C as nate routes through A to B. B could request C to manually
shown in Figure 1, perhaps because the link to A is overutilized change its router configurations, but this can be time consum-
or because it is planning to take the link down for maintenance. ing for human operators if B changes its policy often (e.g. for
B can reduce the traffic it sends to A and increase traffic it sends traffic engineering purposes). Instead, C can allow B to control
to C by decreasing LocalPref for routes traversing A or increas- C’s routing policy with respect to B’s routes by configuring its
ing LocalPref for routes traversing C. routers to map certain community attributes to certain Local-
Pref values [2]. If desired, C can limit the degree of B’s control
Achieving a specific level of load balance (e.g. balancing load
to prevent certain policies of its own from being subverted. For
to make spare capacity on both links equal) can be very dif-
example, C can configure its routers to map community value
ficult. The key challenge is to select the proper set of prefixes
X1 to a LocalPref of 60, and X2 to a LocalPref of 75, allowing
and change attributes for each appropriately; selecting too large
B to disable the route, but not allowing B to have it chosen over
a set will cause too much traffic to shift, overloading one of the
routes C wants to prefer more (by setting a higher LocalPref,
links. It can also be tedious to express a long list of prefixes in
like 85).
a router configuration file. Some ISPs deal with this by chang-
ing preference for all prefixes whose AS path matches a regu- Remote control has some overlapping functionality with other
5. mechanisms to control inbound and outbound traffic. In gen- 2. Protecting other ISPs: An ISP can reduce the number of
eral, remote control is typically used to allow a customer to tell prefixes it advertises by using route aggregation, where in-
its provider to perform some action on its behalf. Remote con- stead of advertising two adjacent prefixes (e.g., 4.1.2.0/24
trol provides more flexibility than MED because it allows con- and 4.1.3.0/24) to a neighbor, they can be filtered in the ex-
trol of inputs to earlier steps of the decision process like Local- port policy and a less specific prefix (e.g. 4.1.2.0/23) ad-
Pref, as shown in the example above. Moreover, MED can only vertised [9]. However, doing this effectively may require
change the relative preference of routes, while remote control knowledge of the neighbor’s connectivity (which is not
can be configured to filter routes, or perform AS prepending. discovered or signaled by the BGP protocol and hence
Further, MED is only used for routes with the same next-hop must be manually detected and accounted for by human
AS, while LocalPref is compared across routes learned from operators) as illustrated in the following example.
all neighbors. However, as with MED, an ISP’s neighbors must
agree in advance to accept community attributes from the other
peer. Also, the highly expressive nature of community attributes
introduces potential for misconfiguration. For example, two ad-
jacent ISPs may use the same community attribute to mean very
different things (e.g., one might use it for accounting purposes
to indicate a certain customer generated the route, while an-
other might use it to indicate the route should be filtered). If a
misconfigured router allows the attribute to be passed between
them without being removed, unintended consequences could
ensue. ISPs typically address this by careful router configura-
tion, and by publishing the list of communities and what actions
they trigger for their customers.
In addition, there are a variety of “smart routing” tools [6] that Figure 2: Example topology where adding new customer D trig-
small ASes at the edge of the Internet can use to balance out- gers E to generate (a) no new advertisements (b) internal adver-
bound traffic over multiple upstream providers. However, these tisement (c) internal and external advertisements.
tools generally are not appropriate for ISPs, as dynamically Suppose E (Figure 2) owns prefix 6.0.0.0/8. E has allocated the
changing traffic can lead to BGP routing changes that are vis- subnet 6.1.0.0/16 to router R5 , and has allocated smaller sub-
ible to other ASes, which can trigger flap damping (a mecha- nets to its customers connected to R5 , including a new cus-
nism that withdraws unstable routes) if the routes become too tomer D which is allocated subnet 6.1.1.0/24. When adding D
unstable. Moreover, these tools focus on load balancing over as a new customer, E may need to make changes to its routers’
multiple outgoing links but do not consider the effect on traffic configuration, and the configuration it chooses impacts whether
flow inside the AS [5]. new advertisements are generated. There are three cases:
5 Scalability 1. No new advertisements: Suppose D’s sole provider is E,
Some misconfigurations and faults in neighboring ISPs can lead and D connects to just one router R5 in E. In this case,
them to generate excessive rates of updates. Sending updates R5 is already advertising 6.1.0.0/16 within AS E, obviat-
too frequently can trigger route instability, leading to poor ser- ing the need for R5 to advertise more specific subnets like
vice quality, or can overload a router’s processing capability 6.1.1.0/24. Hence, E just adds a statically configured route
or memory capacity, which can cause outages and router fail- at R5 to forward all traffic in 6.1.1.0/24 to D, and so no
ure. A properly configured set of BGP policies can improve the advertisements will be sent from E to its neighbors, nor
resilience of a network to these problems. Common goals in- will any new advertisements be sent internally within E.
clude:
2. Internal advertisement: Suppose instead D connects to
Limiting routing table size (by filtering and using the com- two routers R5 and R6 in E. In this case, both R5 and
munity attribute): ISPs often want to limit routing table size R6 need to advertise the prefix 6.1.1.0/24 within E, so all
because overflow can cause the router to crash [7]. This can be routers within E know they can reach D via either R5 or
a particularly important issue for smaller ISPs which may have R6 . However, E can aggregate the advertisement into its
less expensive routers with less memory capacity. address space and hence E will not send BGP advertise-
ments for 6.1.0.0/24 to its neighbors. This is done by con-
1. Protection from other ISPs: ISPs can protect themselves figuring R5 and R6 to tag a community attribute onto ad-
from excessive advertisements from neighbors by: (a) Fil- vertisements of prefix 6.1.1.0/24, and configuring all bor-
tering long prefixes (e.g., longer than /24) to encourage der routers to filter routes with that community attribute.
use of aggregation [8]. (b) As a safety check, routers of-
ten maintain a fixed per-session prefix limit that limits the 3. External and internal advertisement: Suppose D connects
number of prefixes a neighbor can advertise. (c) Default to both E and F. In this case E should not aggregate the
routing: an ISP with a small number of routes may not prefix into its own address space; if it did, then F would
need the entire routing table, and may instead configure then be advertising a longer prefix route to reach D, and
a default route through which most destinations can be since routers forward packets based on the longest pre-
reached. fix match, all routers in the Internet will prefer F’s route
6. over E’s route. If D wishes traffic to flow over both links, of routing configurations called routing registries, other public
it must request that E not perform aggregation on its pre- reports [13], or private disclosures from neighbors.
fix. E can avoid aggregating the prefix by configuring its Protect integrity of routing policies (by rewriting at-
routers peering with D to append a certain community at- tributes): An ISP may want to prevent a neighboring AS from
tribute, and configure its border routers to export routes having undue influence over its routing decisions, in violation
containing that community attribute. of their peering agreement. Otherwise, the ISP could be duped
into carrying traffic a longer distance across its backbone on
Limit the number of routing changes (by suppressing routes the neighbor’s behalf. For example, suppose the ISP peers with
that flap): Routing instability is undesirable, as it can increase a neighbor in both New York and San Francisco. By advertis-
CPU load on routers, which can increase reaction time to im- ing a prefix with a MED of 0 in New York and a MED of 1
portant events. Also, frequent shifting of traffic to different in San Francisco, the peer could trick the ISP into having all
paths can introduce jitter and packet loss in applications like of its routers direct traffic for this destination through the New
Voice-over-IP and interfere with TCP’s round-trip-time calcu- York peering point, even if the San Francisco peering point is
lations. The key mechanism used to improve routing stability closer. The peer could achieve the same goal by configuring
is flap damping. Flap damping is a mechanism that limits prop- its San Francisco router to advertise the route with the next-
agation of unstable routes. It works by maintaining a penalty hop attribute wrongly set to the IP address of the New York
value associated with the route that is incremented whenever router. To defend against violations of peering agreements, the
an update is received. When the penalty value surpasses a con- ISP can configure the import policy to delete attributes or over-
figurable threshold, the route is suppressed for some time, i.e., write them with the expected values. For example, the import
it is made unavailable to the decision process and hence will not policy could set all MED values to 0, unless the ISP has agreed
be selected. An ISP can lower the penalty threshold to improve in advance to honor the neighbor’s MEDs. Similarly, the im-
route stability at the cost of worsening availability. ISPs may port policy could set the next-hop attribute to the IP address
wish to less aggressively dampen or disable damping for certain of the remote end of the BGP session, and remove any unex-
prefixes, for example routes to the root Domain Name System pected community values. Unfortunately, these techniques are
servers, or routes from customers with high availability require- not sufficient to prevent all violations of peering agreements1.
ments. Also, ISPs sometimes more aggressively dampen longer
Securing the network infrastructure (by export filtering):
prefixes than shorter prefixes, with the motivation that damp-
An ISP may wish to prevent external entities from accessing
ing a shorter prefix can have a large effect on reachability [10].
certain internal resources by configuring its export policies that
This can be done by configuring a route-map that matches on
filter BGP advertisements for destinations that should not be
the prefix length or a specific prefix and sets the flap damping
externally reachable. For example, the ISP may protect its own
parameters accordingly.
backbone infrastructure by filtering the IP addresses used to
number the router interfaces. The ISP may also wish to pro-
6 Security
tect certain key internal services, by filtering the addresses of
An AS is highly vulnerable to false information in BGP up- the hosts running network-management software. Finally, as a
dates. By sending false information, an ISP can subvert a neigh- courtesy to its neighbors, an ISP may also do export filtering of
bor’s routing goals, cause routers to overload and fail, or de- invalid routes (e.g., routes with invalid addresses or contents),
grade service quality. False information can have a significant as a preventative measure.
influence on routing in an AS, even if the source of the informa- Blocking denial-of-service attacks (by filtering and damp-
tion is several AS hops away [11]. Such information is some- ing): Denial-of-service attacks can degrade service by over-
times generated by router bugs and misconfiguration. It could loading the routers with extra BGP update messages or con-
also be maliciously generated by an ISP’s neighbor, who may suming excessive amounts of link bandwidth. For example, the
be competing for customers and hence has a vested interest in ISP’s routers could run out of memory if a neighbor sends route
making the ISP’s customers dissatisfied with service. Hence an advertisements for a large number of destination prefixes. To
ISP may wish to exercise defensive programming to protect it- protect itself, the ISP can configure each BGP session with a
self against attacks. maximum acceptable number of prefixes, tearing down the ses-
Discarding invalid routes (by import filtering): ISPs may sion when the limit is exceeded; in addition, the import pol-
wish to protect their customers from learning invalid routes icy could filter prefixes with large mask lengths (e.g., longer
by performing sanity checks to ensure update contents are than /24). As another example, a neighbor sending an exces-
valid before propagating them internally. For example, routes sive number of BGP update messages can easily deplete the
to special-use or private addresses, or address blocks that have CPU resources on the ISP’s routers. Upon detecting the exces-
not yet been allocated are obviously invalid [12]. Moreover, sive BGP updates, the operators could modify the import pol-
advertisements from customers for prefixes they do not own icy to discard advertisements for the offending prefixes or dis-
should not be propagated. ISPs can also perform certain sanity able the BGP session. Upon identifying the neighbor or prefix
checks on the AS path; for example a Tier-1 ISP should not ac- 1
cept any routes from its customers that contain another Tier-1 For example, many peering contracts require a peer to announce a
prefix at all peering points, with AS paths of the same length [14, 15].
ISP in the AS path. Also, advertisements containing private AS
An ISP can detect this kind of inconsistency by comparing the BGP ad-
numbers in the AS path may be considered invalid. ISPs may vertisements across all peering points [16] or collecting detailed mea-
configure its filters based on the contents of public repositories surements of the traffic traversing the peering links.
7. responsible for the excessive BGP updates, the ISP can more HLP [23] is a proposed replacement for eBGP. The design phi-
aggressively dampen (Section 5) or even completely filter up- losophy of HLP is to expose common policies that can typically
dates it receives from these sources. In addition to BGP’s own be inferred in BGP today and optimize the routing protocol
vulnerabilities to attack, an ISP (or its customers) may be sub- based on the resulting structure, with the aim to improve scal-
ject to a denial-of-service attack where excessive data traffic ability and convergence of interdomain routes. Routing Con-
is sent to victim hosts. An ISP can block the offending traf- trol Platform (RCP) [24] is a logically centralized system that
fic by installing a blackhole route that drops traffic destined to computes and distributes routes to routers inside an ISP. The
the victim addresses. Blackhole routes may be statically con- centralization allows policies to be applied at the AS level, and
figured, or operators may run a special BGP session that adver- the RCP applies the policies and its own decision process to se-
tises the prefixes of the victims [17]. Routers receiving prefixes lect the best BGP route for each destination prefix on behalf of
on this session then assign the next-hop to be an address as- each router. This simplifies the configuration and application of
sociated with the “null” route (a route which drops all traffic), policies and avoids misconfiguration.
or the address of a monitoring system that can perform further
analysis of the traffic. Using a similar technique, the ISP can 8 Conclusion
advertise the address blocks of known spammers to blackhole Although BGP policies can be highly complex, there are a num-
traffic sent to these addresses. These blackhole routes prevent ber of common design patterns that are typically used by ISPs.
the spammers from establishing bidirectional communication In this article we discussed several common patterns and how
(i.e., a TCP connection, which depends on receiving a SYN- they can be realized using BGP policy mechanisms. We believe
ACK packet) with the ISP’s mail servers. that by recognizing these patterns exist we can more efficiently
develop tools that directly support them, such as analysis tools
7 Looking forward that check correctness, languages that preclude errors, or archi-
BGP’s rich feature set of tunable knobs and complex cross- tectures that are designed for common cases.
protocol interactions make it highly subject to a variety of prob- Acknowledgments: We would like to thank Nick Feamster,
lems, including misconfiguration, oscillations, and protocol di- Karthik Lakshminarayanan, Kobus van der Merwe, Fang Yu,
vergence. The challenge of supporting many different complex Gautam Altekar, and Dilip Joseph for reading earlier drafts and
policies in BGP without significantly complicating the protocol providing invaluable feedback.
or degrading its performance has led to much research activity.
Three key areas of research related to BGP policy are discussed References
below (a wider survey of research directions is given in [18]). [1] Y. Rekhter, T. Li, “A border gateway protocol 4,” IETF RFC 1771,
Configuration checking: The complexity of Internet routing March 1995.
makes it difficult to predict the way policies interact, increasing [2] E. Chen, T. Bates, “An application of the BGP community at-
tribute,” IETF RFC 1998, August 1996.
the prevalence of configuration mistakes. Interdependence of
[3] B. Quoitin, O. Bonaventure, “A survey of the utilization of the
policy across ISPs and within a single ISP can trigger problems BGP community attribute,” expired Internet Draft draft-quoitin-
like persistent route oscillations. Configuration checking tools bgp-comm-survey-00.txt, February 2002.
can avoid misconfigurations by verifying certain consistency [4] Y. Yang, H. Xie, H. Wang, A. Silberschatz, Y. Liu, L. Li, A.
Krishnamurthy, “On route selection for interdomain traffic engi-
criteria hold [19], and modeling tools can predict side-effects neering,” IEEE Network Magazine, Special issue on Interdomain
of configuration changes on routers within an ISP [5]. Across Routing, Nov-Dec 2005.
ISPs, uncoordinated routing policy can worsen route conver- [5] N. Feamster, J. Winick, J. Rexford, “A model of BGP routing for
gence and stability. The Routing Arbiter [13] project introduced network engineering,” in Proc. ACM SIGMETRICS, June 2004.
a distributed architecture for publishing and coordinating rout- [6] J. Bartlett, “Optimizing multi-homed connections,” in Business
Communications Review, vol. 32, no. 1, pgs. 22-27, January 2002.
ing policies so as to avoid these problems, but was not widely [7] D. Chang, R. Govindan, J. Heidemann, “An empirical study of
deployed. Other work has attempted to coordinate route policy router response to large BGP routing table load” in Proc. Internet
selection across ISPs without revealing private details of poli- Measurement Workshop, November 2002.
cies [20]. [8] S. Bellovin, R. Bush, T. Griffin, J. Rexford, “Slowing routing ta-
ble growth by filtering based on address allocation policies,” un-
Language design: Routing Policy Specification Language published, June 2001, http://www.cs.princeton.edu/
(RPSL) [21] is a vendor-neutral language proposed to describe ˜jrex/papers/filter.pdf
[9] E. Chen, J. Stewart, “A framework for inter-domain route aggre-
an ISP’s policy. It was envisioned these descriptions could be gation,” IETF RFC 2519, February 1999.
bound together in a database and checked for consistency [13]. [10] “RIPE routing-WG recommendations for coordinated flap damp-
RPSL, though mature, is somewhat low-level and mechanism ing parameters,” October 2001, http://www.ripe.net/
oriented. It may be possible to substantially improve upon ripe/docs/routeflap-damping.html
RPSL by designing router configuration languages with higher [11] O. Nordstrom, C. Dovrolis, “Beware of BGP attacks,” in ACM
SIGCOMM Computer Communications Review, April 2004.
level constructs that allow diverse policies while precluding [12] N. Feamster, J. Jung, H. Balakrishnan, “An empirical study of
certain misconfigurations, enforcing certain consistency prop- “Bogon” route advertisements,” in ACM SIGCOMM Computer
erties to hold, simplifying configuration of certain common de- Communications Review, January 2005.
sign patterns [22], however the design of such a language re- [13] R. Govindan, C. Alaettinoglu, G. Eddy, D. Kessens, S. Kumar,
W. Lee, “An Architecture for Stable, Analyzable Internet Rout-
mains an open problem. ing,” IEEE Network Magazine, Jan-Feb 1999.
New architectures: There are several routing architectures [14] D. Golding, V. Gill, V. Mehta, “America Online: Settlement-free
aimed at fixing problems in and extending functionality of BGP. interconnection policy,” web site, http://www.atdn.net/
settlement_free_int.shtml
8. [15] UUNET, “MCI policy for settlement-free interconnection,” web
site http://global.mci.com/uunet/peering/
[16] N. Feamster, Z. Mao, J. Rexford, “BorderGuard: Detecting cold
potatoes from peers,” in Proc. Internet Measurement Conference,
October 2004.
[17] D. Turk, “Configuring BGP to block Denial-of-Service attacks,”
IETF RFC 3882, September 2004.
[18] M. Yannuzzi, X. Masip-Bruin, O. Bonaventure, “Open issues in
interdomain routing: a survey,” IEEE Network Magazine, Special
issue on Interdomain Routing, Nov-Dec 2005.
[19] N. Feamster, H. Balakrishnan, “Detecting BGP configuration
faults with static analysis,” in Proc. Networked Systems Design
and Implementation, May 2005.
[20] R. Mahajan, D. Wetherall, T. Anderson, “Negotiation based rout-
ing between neighboring domains,” in Proc. Networked Systems
Design and Implementation, May 2005.
[21] A. Alaettinoglu, C. Villamizar, E. Gerich, D. Kessens, D. Meyer,
T. Bates, D. Karrenberg, M. Terpstra, “Routing policy specifica-
tion language (RPSL),” IETF RFC 2622, June 1999.
[22] T. Griffin, A. Jaggard, V. Ramachandran, “Design principles of
policy languages for path vector protocols,” in Proc. ACM SIG-
COMM, August 2003.
[23] L. Subramanian, M. Caesar, C. Ee, M. Handley, Z. Mao, S.
Shenker, I. Stoica, “HLP: A next-generation interdomain routing
protocol,” in Proc. ACM SIGCOMM, August 2005
[24] M. Caesar, D. Caldwell, N. Feamster, J. Rexford, A. Shaikh, J.
van der Merwe, “Design and implementation of a routing control
platform,” in Proc. Networked Systems Design and Implementa-
tion, May 2005.
[25] D. Golding, “Routing policy tutorial,” in NANOG 24,
http://www.nanog.org/mtg-0202/ppt/golding/
index.htm