SlideShare a Scribd company logo

Reinforcing the Kitchen Sink - Aligning BGP-4 Error Handling with Modern Network Requirements

Rob Shakir
Rob Shakir

The document discusses extending BGP to better handle errors and improve reliability. It describes how current BGP implementations rely on multiple TCP sessions to separate address families (AFIs), which can cause all routes to be impacted if a single session fails. The document outlines requirements for the protocol, such as not sending notifications on invalid updates, recovering routing information if updates are lost, avoiding forwarding outages when restarting sessions, and better monitoring of errors. It argues BGP needs improvements to address complexities in message processing and ensure not all errors have equal impact.

1 of 22
Download to read offline
Reinforcing the Kitchen Sink. Aligning Error Handling in BGP-4 with Modern Network Requirements. Rob Shakir (rjs@rob.sh) Netnod Autumn Meeting 2011
Extending BGP-4: “iBGP” Across an L3VPN VIRTUAL iBGP CE1 PE1 L3VPN PE2 CE2 eBGP eBGP ATTR_SET LOCAL_PREF LOCAL_PREF AS_PATH PACKED LOCAL_PREF UNPACKED AS_PATH ... AS_PATH ... ... Customer sees iBGP attributes despite the fact the UPDATE passed through eBGP in the SP L3VPN Topology. Neat – looks like a useful extension to me!
DFZ, meet ATTR_SET… INTERNET ROUTING TABLE AS65535 INTERNET AS64512 ASBR DFZ ASBR L3VPN ATTR_SET LOCAL_PREF AS_PATH ... ATTR_SET intended in an VPNv4 context! But it was leaked to the DFZ… ATTR_SET is not valid in this context! UPDATE UPSTREAM ATTR_SET AS JunOS NOTIFICATION
A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... IPv4 Unicast
A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... IPv4 Unicast IPv6 Unicast
A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLS L3VPN IPv4 Unicast IPv6 Unicast (VPNv[46])
A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLS PWE3 MPLS L3VPN IPv4 Unicast IPv6 Unicast (L2VPN) (VPNv[46])
A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLS PWE3 VPLS PE MPLS L3VPN IPv4 Unicast IPv6 Unicast (L2VPN) Membership (VPNv[46])
A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLSM-VPN MDT PWE3 VPLS PE MPLS L3VPN IPv4 Unicast IPv6 Unicast (L2VPN) Membership Membership (VPNv[46])
A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLSM-VPN MDT PWE3 VPLS PE MPLS L3VPN IPv4 Unicast IPv6 Unicast TE for Alto Link (L2VPN) Membership Membership (VPNv[46])
A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLSM-VPN MDT PWE3 VPLS PE MPLS L3VPN IPv4 Unicast IPv6 Unicast TE for Alto The kitchen Link sink? (L2VPN) Membership Membership (VPNv[46])
A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLSM-VPN MDT PWE3 VPLS PE MPLS L3VPN IPv4 Unicast IPv6 Unicast TE for Alto The kitchen Link sink? (L2VPN) Membership Membership (VPNv[46]) BGP is the “generic, scalable signalling mechanism” for IP/MPLS networks.
Protecting Networks from BGP Failures (Today) TCP/BGP SESSION 1 - AFI 1 BGP BGP SPEAKER SPEAKER A TCP/BGP SESSION 2- AFI 2 B UPDATE BGP BGP SPEAKER SPEAKER A B NOTIFICATION BGP BGP SPEAKER SPEAKER A B Multi-Session BGP - either kludged (lo4, lo6…), or pre-standard! (Implemented and on-by-default in 12.2(33)SRC+)
Problems with Multi-Session… INTERNET INTERNET PE PE INTERNET INTERNET INTERNET “Internet” Networks BCP: PE RR PE IPv4 Unicast over IPv4 transport. INTERNET INTERNET IPv6 Unicast over IPv6 transport. PE PE (or 6PE over IPv4 transport) IPv4 IPv6 L3VPN L3VPN PE PE “VPN” Networks BCP: L3VPN PE L3VPN L3VPN RR L3VPN PE VPNv4 over IPv4 transport. L3VPN L3VPN PE PE VPNv4 All routes (or topologies) are RT 1:1 RT 1:2 affected due to a single error RT 1:3 within their <AFI,SAFI>!
What are the requirements for the protocol? When an invalid UPDATE is received, stop sending NOTIFICATION. If we lose UPDATE contents, have a way to recover the RIB. If we must restart a session, don’t cause a forwarding outage. Have better ways to monitor errors in UPDATE messages. (Stretched out to 8,500 words in draft-ietf-grow-ops-reqs-for-bgp-error-handling…)
Message Processing Complexities. In stream processing, not all errors are created equal. MARKER HEADER: MSG LEN = 128 If we have length discrepancies – this can mean TOTAL PATH ATTRIBUTES LEN = 2000 that we can’t accurately locate path attributes. MP_REACH_NLRI COMMUNITY “Critical” error – AS_PATH no safe NLRI extraction. Invalid attribute contents – we can parse the MARKER message, but something is malformed. HEADER: MSG LEN = 128 TOTAL PATH ATTRIBUTES MP_REACH_NLRI “Semantic” error – COMMUNITY we know exactly which NLRI are contained. AS4_PATH: (65535) 1273 5413 29636
Handling “Critical” Errors. RTR A OPEN RTR B ERROR GR OPEN ERROR GR Received RTR A UPDATE RTR B UPDATE invalid - cannot FIB FIB extract NLRI. RIB RIB RTR A NOTIFICATION RTR B ! FIB FIB ! STALE IP DATA STALE RIB RIB RTR A OPEN RTR B FIB FIB DATA IP RIB RIB Re-use existing graceful-restart functionality to maintain forwarding on NOTIFICATION.
Handling “Semantic” Errors. Received UPDATE UPDATE ADVERTISE invalid - but RTR A 192.0.2.0/24 RTR B concerns 192.0.2.0/24 UPDATE RTR A RTR B WITHDRAW 192.0.2.0/24 via RTR A Erroneous advertisement interpreted as withdrawl of the NLRI. DST 192.0.2.0/24 RTR A RTR B IP Null0 ONE-TIME ORF RE-REQUEST ROUTE REFRESH RTR A RTR B ROUTES RTC
Making errors visible to the NOC… Today, an error with a BGP session is very visible to a NOC! BGP to 192.0.2.1 is down - NOTIFICATION received (3/4) SNMP/ BGP OSS NOTIFICATION SYSLOG ROUTER NOC Without NOTIFICATION, we need a new way to signal an error occurred… UPDATE OSS SNMP/ BGP BGP SYSLOG ROUTER OPERATIONAL ROUTER NOC MUP Local system NLRI: generated invalid 192.0.2.0/24 UPDATE - 192.168.0.0/16 192.0.2.0/24 and 192.168.0.0/16 withdrawn by 1.2.3.4
So, where next? Requirements are being pushed in the IETF GROW WG – Please review them! Numerous drafts in progress in the IDR working group – solutions work. New error handling mechanisms proposed in JUNOS, IOS, TiMOS… Feature request these mechanisms with your vendors of choice!
Questions? Thanks (especially to Netnod!)
Further interest? I’m always happy to discuss operational issues, and thoughts on solutions! Rob Shakir <rjs@rob.sh> +44(0)207 100 7532 Relevant IETF Working Groups: Global Routing Operations WG – GROW: http://tools.ietf.org/wg/grow Inter-domain Routing – IDR: http://tools.ietf.org/wg/idr Mailing lists at: http://www.ietf.org/mailman/listinfo/

Recommended

23100136 mpls
23100136 mpls23100136 mpls
23100136 mpls
amirulalam
 
Frame mode mpls
Frame mode mplsFrame mode mpls
Frame mode mplsMohamed Gamel
 
Mpls co s
Mpls co sMpls co s
Mpls co sbhupinder123
 
Mpls
MplsMpls
Mplsarbhatawdekar
 
Introduction to MPLS - NANOG 61
Introduction to MPLS - NANOG 61Introduction to MPLS - NANOG 61
Introduction to MPLS - NANOG 61
Richard Steenbergen
 
Captura de pacotes no KernelSpace
Captura de pacotes no KernelSpaceCaptura de pacotes no KernelSpace
Captura de pacotes no KernelSpacePeslPinguim
 
201102 slides-icact-rpl for-nano_qplus
201102 slides-icact-rpl for-nano_qplus201102 slides-icact-rpl for-nano_qplus
201102 slides-icact-rpl for-nano_qplusJongsoo Jeong
 
Bandwidth measurement
Bandwidth measurementBandwidth measurement
Bandwidth measurement
jeromy fu
 

Recommended

23100136 mpls
23100136 mpls23100136 mpls
23100136 mpls
amirulalam
 
Frame mode mpls
Frame mode mplsFrame mode mpls
Frame mode mplsMohamed Gamel
 
Mpls co s
Mpls co sMpls co s
Mpls co sbhupinder123
 
Mpls
MplsMpls
Mplsarbhatawdekar
 
Introduction to MPLS - NANOG 61
Introduction to MPLS - NANOG 61Introduction to MPLS - NANOG 61
Introduction to MPLS - NANOG 61
Richard Steenbergen
 
Captura de pacotes no KernelSpace
Captura de pacotes no KernelSpaceCaptura de pacotes no KernelSpace
Captura de pacotes no KernelSpacePeslPinguim
 
201102 slides-icact-rpl for-nano_qplus
201102 slides-icact-rpl for-nano_qplus201102 slides-icact-rpl for-nano_qplus
201102 slides-icact-rpl for-nano_qplusJongsoo Jeong
 
Bandwidth measurement
Bandwidth measurementBandwidth measurement
Bandwidth measurement
jeromy fu
 
Ppp
PppPpp
PppMohamed Gamel
 
ARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack PortingARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack Porting
Mathivanan Elangovan
 
Service Density By Xelerated At Linley Seminar
Service Density By Xelerated At Linley SeminarService Density By Xelerated At Linley Seminar
Service Density By Xelerated At Linley Seminar
Xelerated
 
ipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grosseteteipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick GrosseteteFebrian ‎
 
Virtual Network Performance Challenge
Virtual Network Performance ChallengeVirtual Network Performance Challenge
Virtual Network Performance ChallengeStephen Hemminger
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
Shawn Zandi
 
Vpls
VplsVpls
VplsJeongWoo Seo
 
Virtual net performance
Virtual net performanceVirtual net performance
Virtual net performance
Stephen Hemminger
 
Mpls technology
Mpls technologyMpls technology
Mpls technologyNaveen Sihag
 
Tma ph d_school_2011
Tma ph d_school_2011Tma ph d_school_2011
Tma ph d_school_2011Muhammad Wasif
 
LF_DPDK17_DPDK support for new hardware offloads
LF_DPDK17_DPDK support for new hardware offloadsLF_DPDK17_DPDK support for new hardware offloads
LF_DPDK17_DPDK support for new hardware offloads
LF_DPDK
 
ISP core routing project
ISP core routing projectISP core routing project
ISP core routing project
vishal sharma
 
Implementation of isp mpls backbone network on i pv6 using 6 pe routers main PPT
Implementation of isp mpls backbone network on i pv6 using 6 pe routers main PPTImplementation of isp mpls backbone network on i pv6 using 6 pe routers main PPT
Implementation of isp mpls backbone network on i pv6 using 6 pe routers main PPT
Satish Kumar
 
Cisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoCisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by Hinwoto
Febrian ‎
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
Kirill Tsym
 
MARC ONERA Toulouse2012 Altreonic
MARC ONERA Toulouse2012 AltreonicMARC ONERA Toulouse2012 Altreonic
MARC ONERA Toulouse2012 Altreonic
Eric Verhulst
 
LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...
LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...
LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...
LF_DPDK
 
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDKDPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
Lagopus SDN/OpenFlow switch
 
Network stack personality in Android phone - netdev 2.2
Network stack personality in Android phone - netdev 2.2Network stack personality in Android phone - netdev 2.2
Network stack personality in Android phone - netdev 2.2
Hajime Tazaki
 
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS FabricNFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabricozkan01
 
EVPN-Applications.pdf
EVPN-Applications.pdfEVPN-Applications.pdf
EVPN-Applications.pdf
SunnyLai23
 
PLNOG 8: Rafał Szarecki - Telco Group Network
PLNOG 8: Rafał Szarecki - Telco Group Network PLNOG 8: Rafał Szarecki - Telco Group Network
PLNOG 8: Rafał Szarecki - Telco Group Network
PROIDEA
 

More Related Content

What's hot

ARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack PortingARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack Porting
Mathivanan Elangovan
 
Service Density By Xelerated At Linley Seminar
Service Density By Xelerated At Linley SeminarService Density By Xelerated At Linley Seminar
Service Density By Xelerated At Linley Seminar
Xelerated
 
ipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grosseteteipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick GrosseteteFebrian ‎
 
Virtual Network Performance Challenge
Virtual Network Performance ChallengeVirtual Network Performance Challenge
Virtual Network Performance ChallengeStephen Hemminger
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
Shawn Zandi
 
Virtual net performance
Virtual net performanceVirtual net performance
Virtual net performance
Stephen Hemminger
 
LF_DPDK17_DPDK support for new hardware offloads
LF_DPDK17_DPDK support for new hardware offloadsLF_DPDK17_DPDK support for new hardware offloads
LF_DPDK17_DPDK support for new hardware offloads
LF_DPDK
 
ISP core routing project
ISP core routing projectISP core routing project
ISP core routing project
vishal sharma
 
Implementation of isp mpls backbone network on i pv6 using 6 pe routers main PPT
Implementation of isp mpls backbone network on i pv6 using 6 pe routers main PPTImplementation of isp mpls backbone network on i pv6 using 6 pe routers main PPT
Implementation of isp mpls backbone network on i pv6 using 6 pe routers main PPT
Satish Kumar
 
Cisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoCisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by Hinwoto
Febrian ‎
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
Kirill Tsym
 
MARC ONERA Toulouse2012 Altreonic
MARC ONERA Toulouse2012 AltreonicMARC ONERA Toulouse2012 Altreonic
MARC ONERA Toulouse2012 Altreonic
Eric Verhulst
 
LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...
LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...
LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...
LF_DPDK
 
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDKDPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
Lagopus SDN/OpenFlow switch
 
Network stack personality in Android phone - netdev 2.2
Network stack personality in Android phone - netdev 2.2Network stack personality in Android phone - netdev 2.2
Network stack personality in Android phone - netdev 2.2
Hajime Tazaki
 

What's hot (19)

Ppp
PppPpp
Ppp
 
ARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack PortingARM LPC2300/LPC2400 TCP/IP Stack Porting
ARM LPC2300/LPC2400 TCP/IP Stack Porting
 
Service Density By Xelerated At Linley Seminar
Service Density By Xelerated At Linley SeminarService Density By Xelerated At Linley Seminar
Service Density By Xelerated At Linley Seminar
 
ipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grosseteteipv6 mpls by Patrick Grossetete
ipv6 mpls by Patrick Grossetete
 
Virtual Network Performance Challenge
Virtual Network Performance ChallengeVirtual Network Performance Challenge
Virtual Network Performance Challenge
 
MPLS Concepts and Fundamentals
MPLS Concepts and FundamentalsMPLS Concepts and Fundamentals
MPLS Concepts and Fundamentals
 
Vpls
VplsVpls
Vpls
 
Virtual net performance
Virtual net performanceVirtual net performance
Virtual net performance
 
Mpls technology
Mpls technologyMpls technology
Mpls technology
 
Tma ph d_school_2011
Tma ph d_school_2011Tma ph d_school_2011
Tma ph d_school_2011
 
LF_DPDK17_DPDK support for new hardware offloads
LF_DPDK17_DPDK support for new hardware offloadsLF_DPDK17_DPDK support for new hardware offloads
LF_DPDK17_DPDK support for new hardware offloads
 
ISP core routing project
ISP core routing projectISP core routing project
ISP core routing project
 
Implementation of isp mpls backbone network on i pv6 using 6 pe routers main PPT
Implementation of isp mpls backbone network on i pv6 using 6 pe routers main PPTImplementation of isp mpls backbone network on i pv6 using 6 pe routers main PPT
Implementation of isp mpls backbone network on i pv6 using 6 pe routers main PPT
 
Cisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by HinwotoCisco IPv6 Tutorial by Hinwoto
Cisco IPv6 Tutorial by Hinwoto
 
FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)FD.io Vector Packet Processing (VPP)
FD.io Vector Packet Processing (VPP)
 
MARC ONERA Toulouse2012 Altreonic
MARC ONERA Toulouse2012 AltreonicMARC ONERA Toulouse2012 Altreonic
MARC ONERA Toulouse2012 Altreonic
 
LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...
LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...
LF_DPDK17_OpenNetVM: A high-performance NFV platforms to meet future communic...
 
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDKDPDK summit 2015: It's kind of fun to do the impossible with DPDK
DPDK summit 2015: It's kind of fun to do the impossible with DPDK
 
Network stack personality in Android phone - netdev 2.2
Network stack personality in Android phone - netdev 2.2Network stack personality in Android phone - netdev 2.2
Network stack personality in Android phone - netdev 2.2
 

Similar to Reinforcing the Kitchen Sink - Aligning BGP-4 Error Handling with Modern Network Requirements

NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS FabricNFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabricozkan01
 
EVPN-Applications.pdf
EVPN-Applications.pdfEVPN-Applications.pdf
EVPN-Applications.pdf
SunnyLai23
 
PLNOG 8: Rafał Szarecki - Telco Group Network
PLNOG 8: Rafał Szarecki - Telco Group Network PLNOG 8: Rafał Szarecki - Telco Group Network
PLNOG 8: Rafał Szarecki - Telco Group Network
PROIDEA
 
mpls CNNA.pdf
mpls CNNA.pdfmpls CNNA.pdf
mpls CNNA.pdf
JamiUllah1
 
Day one-poster-vpns
Day one-poster-vpnsDay one-poster-vpns
Day one-poster-vpns
DervainJocelyn
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane
Michelle Holley
 
Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routing
Wilfredzeng
 
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
Digicomp Academy AG
 
IPTABLES Introduction
IPTABLES IntroductionIPTABLES Introduction
IPTABLES Introduction
HungWei Chiu
 
IPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a NutshellIPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a Nutshell
Fred Bovy
 
Openstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNsOpenstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNs
Thomas Morin
 
Shmcfarl slb66-slb64-nat64-proxy
Shmcfarl slb66-slb64-nat64-proxyShmcfarl slb66-slb64-nat64-proxy
Shmcfarl slb66-slb64-nat64-proxyShannon McFarland
 
CentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and UpdateCentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and Update
Tom Herbert
 
Flexible NFV WAN interconnections with Neutron BGP VPN
Flexible NFV WAN interconnections with Neutron BGP VPN Flexible NFV WAN interconnections with Neutron BGP VPN
Flexible NFV WAN interconnections with Neutron BGP VPN
Thomas Morin
 
PLNOG 7: Rafał Szarecki - MPLS in an advanced version
PLNOG 7: Rafał Szarecki - MPLS in an advanced versionPLNOG 7: Rafał Szarecki - MPLS in an advanced version
PLNOG 7: Rafał Szarecki - MPLS in an advanced version
PROIDEA
 
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandIPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH Switzerland
Swiss IPv6 Council
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
APNIC
 
Branching out with SDN
Branching out with SDNBranching out with SDN
Branching out with SDN
APNIC
 
VXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdfVXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdf
NelAlv1
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Erik Ginalick
 

Similar to Reinforcing the Kitchen Sink - Aligning BGP-4 Error Handling with Modern Network Requirements (20)

NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS FabricNFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
NFV SDN Summit March 2014 D1 07 kireeti_kompella Native MPLS Fabric
 
EVPN-Applications.pdf
EVPN-Applications.pdfEVPN-Applications.pdf
EVPN-Applications.pdf
 
PLNOG 8: Rafał Szarecki - Telco Group Network
PLNOG 8: Rafał Szarecki - Telco Group Network PLNOG 8: Rafał Szarecki - Telco Group Network
PLNOG 8: Rafał Szarecki - Telco Group Network
 
mpls CNNA.pdf
mpls CNNA.pdfmpls CNNA.pdf
mpls CNNA.pdf
 
Day one-poster-vpns
Day one-poster-vpnsDay one-poster-vpns
Day one-poster-vpns
 
Scaling the Container Dataplane
Scaling the Container Dataplane Scaling the Container Dataplane
Scaling the Container Dataplane
 
Vxlan control plane and routing
Vxlan control plane and routingVxlan control plane and routing
Vxlan control plane and routing
 
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
6. IPv6 Internetzugang für Privatkunden: Die Lösung von Swisscom - Martin Gysi
 
IPTABLES Introduction
IPTABLES IntroductionIPTABLES Introduction
IPTABLES Introduction
 
IPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a NutshellIPv6 in IPv4/MPLS in a Nutshell
IPv6 in IPv4/MPLS in a Nutshell
 
Openstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNsOpenstack Neutron & Interconnections with BGP/MPLS VPNs
Openstack Neutron & Interconnections with BGP/MPLS VPNs
 
Shmcfarl slb66-slb64-nat64-proxy
Shmcfarl slb66-slb64-nat64-proxyShmcfarl slb66-slb64-nat64-proxy
Shmcfarl slb66-slb64-nat64-proxy
 
CentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and UpdateCentOS NFV SIG Introduction and Update
CentOS NFV SIG Introduction and Update
 
Flexible NFV WAN interconnections with Neutron BGP VPN
Flexible NFV WAN interconnections with Neutron BGP VPN Flexible NFV WAN interconnections with Neutron BGP VPN
Flexible NFV WAN interconnections with Neutron BGP VPN
 
PLNOG 7: Rafał Szarecki - MPLS in an advanced version
PLNOG 7: Rafał Szarecki - MPLS in an advanced versionPLNOG 7: Rafał Szarecki - MPLS in an advanced version
PLNOG 7: Rafał Szarecki - MPLS in an advanced version
 
IPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH SwitzerlandIPv6 strategy for deployment at ETH Switzerland
IPv6 strategy for deployment at ETH Switzerland
 
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
MPLS L3 VPN Tutorial, by Nurul Islam Roman [APNIC 38]
 
Branching out with SDN
Branching out with SDNBranching out with SDN
Branching out with SDN
 
VXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdfVXLAN Design and Deployment.pdf
VXLAN Design and Deployment.pdf
 
Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504Ipv6 Technical White Paper Wp111504
Ipv6 Technical White Paper Wp111504
 

More from Rob Shakir

IETF87 - STATUS BoF: Performance Engineered LSPs
IETF87 - STATUS BoF: Performance Engineered LSPsIETF87 - STATUS BoF: Performance Engineered LSPs
IETF87 - STATUS BoF: Performance Engineered LSPsRob Shakir
 
BGP OPERATIONAL Message
BGP OPERATIONAL MessageBGP OPERATIONAL Message
BGP OPERATIONAL Message
Rob Shakir
 
IETF80 - IDR/GROW BGP Error Handling Requirements
IETF80 - IDR/GROW BGP Error Handling RequirementsIETF80 - IDR/GROW BGP Error Handling Requirements
IETF80 - IDR/GROW BGP Error Handling RequirementsRob Shakir
 
BGP Error Handling (NANOG 51)
BGP Error Handling (NANOG 51)BGP Error Handling (NANOG 51)
BGP Error Handling (NANOG 51)Rob Shakir
 
BGP Error Handling - Developing an Operator-Led Approach in the IETF (UKNOF 18)
BGP Error Handling - Developing an Operator-Led Approach in the IETF (UKNOF 18)BGP Error Handling - Developing an Operator-Led Approach in the IETF (UKNOF 18)
BGP Error Handling - Developing an Operator-Led Approach in the IETF (UKNOF 18)Rob Shakir
 
100GE in the Lab - LINX 71
100GE in the Lab - LINX 71100GE in the Lab - LINX 71
100GE in the Lab - LINX 71Rob Shakir
 
LINX65 - Handling BGP Attribute Errors (Rob Shakir)
LINX65 - Handling BGP Attribute Errors (Rob Shakir)LINX65 - Handling BGP Attribute Errors (Rob Shakir)
LINX65 - Handling BGP Attribute Errors (Rob Shakir)
Rob Shakir
 
UKNOF16 - Enhancing BGP
UKNOF16 - Enhancing BGPUKNOF16 - Enhancing BGP
UKNOF16 - Enhancing BGP
Rob Shakir
 

More from Rob Shakir (8)

IETF87 - STATUS BoF: Performance Engineered LSPs
IETF87 - STATUS BoF: Performance Engineered LSPsIETF87 - STATUS BoF: Performance Engineered LSPs
IETF87 - STATUS BoF: Performance Engineered LSPs
 
BGP OPERATIONAL Message
BGP OPERATIONAL MessageBGP OPERATIONAL Message
BGP OPERATIONAL Message
 
IETF80 - IDR/GROW BGP Error Handling Requirements
IETF80 - IDR/GROW BGP Error Handling RequirementsIETF80 - IDR/GROW BGP Error Handling Requirements
IETF80 - IDR/GROW BGP Error Handling Requirements
 
BGP Error Handling (NANOG 51)
BGP Error Handling (NANOG 51)BGP Error Handling (NANOG 51)
BGP Error Handling (NANOG 51)
 
BGP Error Handling - Developing an Operator-Led Approach in the IETF (UKNOF 18)
BGP Error Handling - Developing an Operator-Led Approach in the IETF (UKNOF 18)BGP Error Handling - Developing an Operator-Led Approach in the IETF (UKNOF 18)
BGP Error Handling - Developing an Operator-Led Approach in the IETF (UKNOF 18)
 
100GE in the Lab - LINX 71
100GE in the Lab - LINX 71100GE in the Lab - LINX 71
100GE in the Lab - LINX 71
 
LINX65 - Handling BGP Attribute Errors (Rob Shakir)
LINX65 - Handling BGP Attribute Errors (Rob Shakir)LINX65 - Handling BGP Attribute Errors (Rob Shakir)
LINX65 - Handling BGP Attribute Errors (Rob Shakir)
 
UKNOF16 - Enhancing BGP
UKNOF16 - Enhancing BGPUKNOF16 - Enhancing BGP
UKNOF16 - Enhancing BGP
 

Reinforcing the Kitchen Sink - Aligning BGP-4 Error Handling with Modern Network Requirements

  • 1. Reinforcing the Kitchen Sink. Aligning Error Handling in BGP-4 with Modern Network Requirements. Rob Shakir (rjs@rob.sh) Netnod Autumn Meeting 2011
  • 2. Extending BGP-4: “iBGP” Across an L3VPN VIRTUAL iBGP CE1 PE1 L3VPN PE2 CE2 eBGP eBGP ATTR_SET LOCAL_PREF LOCAL_PREF AS_PATH PACKED LOCAL_PREF UNPACKED AS_PATH ... AS_PATH ... ... Customer sees iBGP attributes despite the fact the UPDATE passed through eBGP in the SP L3VPN Topology. Neat – looks like a useful extension to me!
  • 3. DFZ, meet ATTR_SET… INTERNET ROUTING TABLE AS65535 INTERNET AS64512 ASBR DFZ ASBR L3VPN ATTR_SET LOCAL_PREF AS_PATH ... ATTR_SET intended in an VPNv4 context! But it was leaked to the DFZ… ATTR_SET is not valid in this context! UPDATE UPSTREAM ATTR_SET AS JunOS NOTIFICATION
  • 4. A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... IPv4 Unicast
  • 5. A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... IPv4 Unicast IPv6 Unicast
  • 6. A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLS L3VPN IPv4 Unicast IPv6 Unicast (VPNv[46])
  • 7. A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLS PWE3 MPLS L3VPN IPv4 Unicast IPv6 Unicast (L2VPN) (VPNv[46])
  • 8. A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLS PWE3 VPLS PE MPLS L3VPN IPv4 Unicast IPv6 Unicast (L2VPN) Membership (VPNv[46])
  • 9. A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLSM-VPN MDT PWE3 VPLS PE MPLS L3VPN IPv4 Unicast IPv6 Unicast (L2VPN) Membership Membership (VPNv[46])
  • 10. A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLSM-VPN MDT PWE3 VPLS PE MPLS L3VPN IPv4 Unicast IPv6 Unicast TE for Alto Link (L2VPN) Membership Membership (VPNv[46])
  • 11. A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLSM-VPN MDT PWE3 VPLS PE MPLS L3VPN IPv4 Unicast IPv6 Unicast TE for Alto The kitchen Link sink? (L2VPN) Membership Membership (VPNv[46])
  • 12. A familiar story? RIPE NCC/Duke AS4_PATH AS_HOPLIMIT Experimental All of these are new or unrecognised attributes! But... MPLSM-VPN MDT PWE3 VPLS PE MPLS L3VPN IPv4 Unicast IPv6 Unicast TE for Alto The kitchen Link sink? (L2VPN) Membership Membership (VPNv[46]) BGP is the “generic, scalable signalling mechanism” for IP/MPLS networks.
  • 13. Protecting Networks from BGP Failures (Today) TCP/BGP SESSION 1 - AFI 1 BGP BGP SPEAKER SPEAKER A TCP/BGP SESSION 2- AFI 2 B UPDATE BGP BGP SPEAKER SPEAKER A B NOTIFICATION BGP BGP SPEAKER SPEAKER A B Multi-Session BGP - either kludged (lo4, lo6…), or pre-standard! (Implemented and on-by-default in 12.2(33)SRC+)
  • 14. Problems with Multi-Session… INTERNET INTERNET PE PE INTERNET INTERNET INTERNET “Internet” Networks BCP: PE RR PE IPv4 Unicast over IPv4 transport. INTERNET INTERNET IPv6 Unicast over IPv6 transport. PE PE (or 6PE over IPv4 transport) IPv4 IPv6 L3VPN L3VPN PE PE “VPN” Networks BCP: L3VPN PE L3VPN L3VPN RR L3VPN PE VPNv4 over IPv4 transport. L3VPN L3VPN PE PE VPNv4 All routes (or topologies) are RT 1:1 RT 1:2 affected due to a single error RT 1:3 within their <AFI,SAFI>!
  • 15. What are the requirements for the protocol? When an invalid UPDATE is received, stop sending NOTIFICATION. If we lose UPDATE contents, have a way to recover the RIB. If we must restart a session, don’t cause a forwarding outage. Have better ways to monitor errors in UPDATE messages. (Stretched out to 8,500 words in draft-ietf-grow-ops-reqs-for-bgp-error-handling…)
  • 16. Message Processing Complexities. In stream processing, not all errors are created equal. MARKER HEADER: MSG LEN = 128 If we have length discrepancies – this can mean TOTAL PATH ATTRIBUTES LEN = 2000 that we can’t accurately locate path attributes. MP_REACH_NLRI COMMUNITY “Critical” error – AS_PATH no safe NLRI extraction. Invalid attribute contents – we can parse the MARKER message, but something is malformed. HEADER: MSG LEN = 128 TOTAL PATH ATTRIBUTES MP_REACH_NLRI “Semantic” error – COMMUNITY we know exactly which NLRI are contained. AS4_PATH: (65535) 1273 5413 29636
  • 17. Handling “Critical” Errors. RTR A OPEN RTR B ERROR GR OPEN ERROR GR Received RTR A UPDATE RTR B UPDATE invalid - cannot FIB FIB extract NLRI. RIB RIB RTR A NOTIFICATION RTR B ! FIB FIB ! STALE IP DATA STALE RIB RIB RTR A OPEN RTR B FIB FIB DATA IP RIB RIB Re-use existing graceful-restart functionality to maintain forwarding on NOTIFICATION.
  • 18. Handling “Semantic” Errors. Received UPDATE UPDATE ADVERTISE invalid - but RTR A 192.0.2.0/24 RTR B concerns 192.0.2.0/24 UPDATE RTR A RTR B WITHDRAW 192.0.2.0/24 via RTR A Erroneous advertisement interpreted as withdrawl of the NLRI. DST 192.0.2.0/24 RTR A RTR B IP Null0 ONE-TIME ORF RE-REQUEST ROUTE REFRESH RTR A RTR B ROUTES RTC
  • 19. Making errors visible to the NOC… Today, an error with a BGP session is very visible to a NOC! BGP to 192.0.2.1 is down - NOTIFICATION received (3/4) SNMP/ BGP OSS NOTIFICATION SYSLOG ROUTER NOC Without NOTIFICATION, we need a new way to signal an error occurred… UPDATE OSS SNMP/ BGP BGP SYSLOG ROUTER OPERATIONAL ROUTER NOC MUP Local system NLRI: generated invalid 192.0.2.0/24 UPDATE - 192.168.0.0/16 192.0.2.0/24 and 192.168.0.0/16 withdrawn by 1.2.3.4
  • 20. So, where next? Requirements are being pushed in the IETF GROW WG – Please review them! Numerous drafts in progress in the IDR working group – solutions work. New error handling mechanisms proposed in JUNOS, IOS, TiMOS… Feature request these mechanisms with your vendors of choice!
  • 22. Further interest? I’m always happy to discuss operational issues, and thoughts on solutions! Rob Shakir <rjs@rob.sh> +44(0)207 100 7532 Relevant IETF Working Groups: Global Routing Operations WG – GROW: http://tools.ietf.org/wg/grow Inter-domain Routing – IDR: http://tools.ietf.org/wg/idr Mailing lists at: http://www.ietf.org/mailman/listinfo/