BGP

(1)

BGP -

Optimising the Foundational SDN Technology

11 June 2014

Gunter Van de Velde Sr Technical Leader

(2)

Agenda

• Some words about SDN

• BGP-Assisted SDN Use-case

1. WAN Orchestration – BGP-LS

2. Flow Steering/Security Policies – BGP-FS

3. Peering Diagnostics – BMP

(3)

(4)

(5)

(6)

Software defined networking (SDN) is an

approach to building computer networks that

separates and abstracts elements of these

systems

What is SDN?

(7)

In other words…

In the SDN paradigm, not all

processing happens inside the

(8)

A better definition

SDN Definition

Centralization

of control of the

network via the

Separation

of

control

logic to

off-device compute, that

Enables

automation

and

orchestration

of network

services via

Open

programmatic

interfaces

SDN Benefits

Efficiency

: optimize existing

applications, services, and

infrastructure

Scale:

rapidly grow existing

applications and services

Innovation

: create and deliver

new types of applications and

services and business models

(9)

Private Cloud Automation Research/ Academia ! Experimental OpenFlow/SDN components for production networks Massively Scalable Data Center ! Customize with Programmatic APIs to provide deep insight into network traffic Service Providers !  Policy-based control and analytics to optimize and monetize service delivery Enterprise !  Virtual workloads, VDI, Orchestration of security profiles

Different customers, different pain points

Cloud !  Automated provisioning and programmable overlay, OpenStack

Diverse Programmability Requirements Across Segments

Most Requirements are for Automation & Programmability

Scalable Multi-Tenancy Network Flow

Management Network

“Slicing” Agile Service Delivery

(10)

SDN Hybrid Approach

•  20+ Years investment in Distributed Control Planes—capex, skills and expertise—

by both vendors and customers

•  Distributed Control Planes designed to survive battlefield conditions with the possibility of multiple failures

•  Leave the distributed control plane in place for “normal” traffic, use SDN for traffic that needs special handling (routing, bandwidth

reservation etc.)

•  In the event of an SDN Controller failure, you still have a network that works, maybe not as optimally

Hybrid Control plane:

Distributed control combined with central control (through Controllers) for optimized behavior (e.g. optimized performance)

Network Middleware “Controllers”

(11)

(12)

Why is BGP successful?

Simple and Scalable

Structured (Route Reﬂector) Divide and Conquer (ConfederaBon)

Low protocol overhead Simple FSM Simple Messages

Extensible

MulB-‐protocols, AFs Incremental

NLRI, PA, Community Capability NegoBaBon

Flexible Policy Many Services !!

HA and Secure

Run over TCP NSR PIC, Add-‐Path MD5 authenBcaBon RPKI validaBon

“Driven by PragmaBsm”, “Not perfect, but good enough”

-‐-‐ Yakov Rekhter

(13)

Control-plane Evolution

Many of services are moving towards BGP

1

3

Service/transport In 200X In 201X Market

Internet Peering BGP IPv4 BGP IPv4/v6

SP SP L3VPN BGP IPv4 BGP IPv4/v6 + FRR + Scalability

MPLS transport LDP LDP + BGP+Label (Unified MPLS) SP Multicast VPN PIM IPv4 BGP IPv4/v6 Multicast VPN

Multicast MPLS transport PIM / mLDP BGP signaling for segmented LSM (Mc Unified MPLS) DDOS mitigation PBR, ACL BGP flowspec, BGP RTBH, uRPF check

Security Filters, ACL BGP Sec (RPKI)

Network Monitoring SNMP BGP monitoring protocol, BGP YANG

SDN BGP YANG/ BGP Link State /BGP SLA /BGP Flow Spec Business & CE L2VPN LDP BGP AD/Sign (VPLS)

DCI NG L2VPN/L3VPN BGP AD/Sign (EVPN, PBB-EVPN ) DC / SP Massive Scale DC OSPF/ISIS BGP IPv4/v6 Multipath, BGP EPE Segment Routing

DC SP-DC, Cloud-DC BGP Inter-AS, vPE, vCE, L3VPN/EVPN o X

Campus L3VPN & mVPN BGP IPv4 (IOS) BGP IPv4/v6 (NX-OS)

Ent-DC BGP + Fabric Path (LFA), BGP + VxLAN (Future) Massive scale DMVPN NHRP / EIGRP BGP + Path Diversity

Enterprise

FlexVPN BGP

(14)

Use case #1: WAN

Orchestration

(15)

“.. not sure why folks keep

talking about SDN as a

datacenter technology - the

value is in the WAN..”

•  Vijay Gill

(16)

The SP Challenge

Traffic

Revenue

!

 

Traffic continues to increase, while

revenue declines

!

 

On top of SPs’ minds:

–

 

Increase efficiency of existing assets

–

 

Create new revenue opportunities, and

be faster at it

!

 

SDN efforts in SP attempt to help

(17)

WAN BW optimization

WAN BW optimization: 90% -  Distributed optimization

-  Full Mesh Auto BW RSVP-TE tunnels -  HIGH OPEX (complex)

-  Cust A>50K tunnels -  Cust B>100K tunnels

-  Generate Network Oscillation (instability)

Today

WAN BW, Latency, QoS optimization: 95% -  Centralized optimization

-  SDN PCE controller driven WAN optimization -  Adequate Segment Routing TE tunnel

-  Low OPEX (simple) -  Cust A <10 tunnels -  Cust B<20 tunnels

WAN-Ochestration

SDN WAN controller

(18)

SDN WAN Orchestration End-to-End

DC/Cloud

Providers

Customers

DC SDN Customer SDN Workflow Orchestration/Apps Collector Programming Application Engine NGN WAN Viz & Analytics APPS APIs State Control Multi-Layer SDN WAN APPS

PCE-P

BGP LS

(19)

Gathering up-to-date WAN network state

•  To do its job SDN WAN Controller requires up-to-date network visibility information, primarily about

•  Load/Capacity

" SNMP, NetFlow, NETCONF/YANG

•  Topology

" IGP (OSPF/ISIS) information, direct link/passive, or better: BGP

1

9

Collector Programming Application Engine NGN WAN Viz & Analytics State Multi-Layer SDN WAN

(20)

High Level perspective of BGP-LinkState (BGP-LS)

•  BGP may be used to advertise link state and link state TE database of a network (BGP-LS)

•  Provides a familiar operational model to easily aggregate topology information across domains

•  New link-state address family

•  Support for distribution of OSPF and IS-IS link state databases

•  Topology information distributed from IGP into BGP (only if changed)

•  Support introduced in IOS XR 5.1.1

Domain 1 Domain 2 Domain 0 BGP-LS TED BGP-LS _BGP-LS RR PCE

(21)

router isis DEFAULT is-type level-2-only

net 49.0000.1720.1625.5001.00 distribute bgp-ls level 2 address-family ipv4 unicast metric-style wide

mpls traffic-eng level-2-only

mpls traffic-eng router-id Loopback0 ! […] ! ! ! router bgp 65172

address-family link-state link-state !

neighbor 172.31.0.1 description Controller remote-as 65172

update-source Loopback0

address-family link-state link-state !

! !

BGP Link State Configuration – Cisco IOS XR 5.1.1

Distribute level-2 link

state database into BGP-LS

Enable link-state addresses and specify BGP-LS

(22)

Use case #2: Controlling Flows

via BGP

(23)

Introduction

•  BGP (like any other routing protocol) influences destination-based routing

•  BGP routing information can be injected from a central place (“SDN controller”)

•  Why not use it for more than just giving a destination address to route packets to?

•  “Flow Specification Rules”

•  Application aware Filtering/redirect/mirroring

•  Dynamic and adaptive technology

(24)

Use case 1: Security DDoS mitigation

DDOS scrubber Security Controller DDOS Analyser

Scan Netflow data

To detect DDOS signature

SP

Description:The goal is to push policies to match on certain flows under DDoS attacks and drop/rate limit or redirect traffic to DDoS scrubber to protect

peering / enterprise customers

Business:SP to sale DDoS mitigation services to enterprise customers, generating add value to IP transit services

Flexible Netflow

BGP flowspec

Match: DDOS flow

(25)

Use case 2: Redirection to DC/NfV

Description: The goal to redirect certain flows from IP NGN or Internet transit network to DC and NfV appliances

Business: SP to sale NfV appliance services to enterprise customers, generating add value to IP NGN and IP transit services

NAT VM Firewall VM SBC VM dDOS VM NAT VM Firewall VM SBC VM dDOS VM NAT VM Firewall VM SBC VM dDOS VM NAT VM Firewall VM SBC VM dDOS VM default HTTP BGP flowspec Match: HTTP flows Action: redirect to DC/NfV

(26)

Cisco BGP flowspec is

Standard supported

•  BGP flowspec: RFC5575

•  IPv6 support: draft-ietf-idr-flow-spec-v6-05

•  IP Next Hop redirection options: draft-ietf-idr-flowspec-redirect-ip-01

•  Origin check relax: draft-ietf-idr-bgp-flowspec-oid-02

•  Optimized flow based forwarding plane.

•  Controller, Route Reflection and Client.

Tested with exaBGP (IPv4 controller), Arbor (IPv4 controller), Juniper (IPv4 client) and Alcatel (IPv4 & IPv6 client)

XR 5.2.0

June 2014

(27)

BGP flowspec infrastructure

BGP flowspec

Platform hardware

Policy Infrastructure

(E-PBR)

Flowspec Manager

CLI

YANG

Phase 2

Phase 1

XR XML

BGP

(28)

Router acting as

BGP flowspec client

BGP flowspec

BGP

Platform hardware

Policy Infrastructure

(E-PBR)

Flowspec Manager

CLI

YANG

Phase 2

Phase 1

XR XML

BGP

BGP Flowspec Match X Action Y

(29)

Router acting as

BGP flowspec server

BGP flowspec

BGP

Platform hardware

Policy Infrastructure

(E-PBR)

Flowspec Manager

CLI

YANG

Phase 2

Phase 1

XR XML

BGP

BGP Flowspec Match X Action Y

(30)

(31)

(32)

(33)

Optimizing Routing towards the Internet

•  When your network is multi-homed to multiple SPs, balancing the traffic across the potential exit points can become a cumbersome task:

1.  Baseline the situation

2.  Tweak BGP attributes (MED, local preference, AS-path) to shift traffic to other exits

3.  Watch the result

4.  If not happy, go back to 2

•  How about letting software do this for you?

•  It knows the topology (via BGP-LS, see earlier)

•  It knows the traffic/matrix (via NetFlow, LSP stats, interface load)

(34)

Achieving Routing Visibility

•  As a routing protocol, it can also be used to update the controller with granular routing information •  Easy. •  Really? Internet PE Transit1 Transit2 Controller iBGP

(35)

BGP RIBs

•  BGP speaker maintains multiple Routing Tables:

•  Adj-RIB-in (per neighbor)

•  These are the updates as received by the peer

•  Incoming route policy is applied, attributes are changed

•  Updates which are dropped by the incoming route-policy are discarded, to save on memory •  “soft-reconfiguration inbound” keeps them, paths flagged with “received-only” in “show bgp …”

•  Loc-RIB (or Local RIB)

•  BGP calculates best path among eligible paths in Adj-RIB in and places them into Loc-RIB

(36)

BGP Monitor Protocol

•  We saw one case where we want to know exactly what the neighbor sent us (original attributes)

•  For troubleshooting/monitoring, a record of prefixes received by neighbors (even those we configured to ignore) can be valuable tool

3

6

eBGP Inbound filtering eBGP Loc-RIB Inbound filtering Adj-RIB-in (before filter) Loc-RIB Adj-RIB-in BMP collector

(37)

What is BMP?

•  BMP is intended to be used for monitoring BGP sessions

•  BMP is intended to provide a more convenient interface for obtaining route views

•  Design goals

•  Simplicity

•  Easy to use

•  Minimal service affecting

•  BMP is not impacting the routing decision process and is only used to provide monitoring information

•  BMP provides access to the Adj-RIB-In of a BGP peer on an ongoing basis and provide s a periodic dump of statistical information. A monitoring station can use this for further analysis

•  http://tools.ietf.org/html/draft-ietf-grow-bmp-07 (AKA BMPv3)

(38)

Deployment Models

• Deployment Model 1

•  Peering diagnostics and analytics

• Deployment Model 2

•  Internal diagnostics and analytics

BMP Session BMP Session AS#4567 AS#1234 IGP 1 IGP 2 IGP 3 IGP 4 Analyser IGP 5 BMP Session _{BMP Session} AS#4567 AS#1234 IGP 1 IGP 2 IGP 3 IGP 4 Analyser IGP 5 BMP Session

(39)

Configuration

router bgp <asn>

neighbor <ip-address> BMP monitor all / server 1 server 2 …

bmp server <1-32> activate

address <ipv4/6 address> port-number <num> update-source <interface> description <string> failure-retry-delay <seconds> flapping-delay <seconds> initial-delay <seconds> set ip dscp value <1-7> stats-reporting-period <seconds> bmp buffer-size <megabytes>

bmp initial-refresh {delay <seconds> | skip }

XR 5.2.2

November 2014

(40)

Use case #4: Controlling SLA

via BGP

(41)

Introduction

•  BGP (like any other routing protocol) influences destination-based routing

•  BGP routing information can be injected from a central place (“SDN controller”)

•  Why not use it for more than just giving a destination address to route packets to?

•  “SLA Rules”

•  Application aware QoS

•  Dynamic and adaptive technology

(42)

Controlling SLA via BGP

SLA SDN

Controller

BGP SLA

-  VPN Green -  25% Gold -  25% Silver -  50% BE

Managed CPE Unmanaged CPE

Customer

Customer Portal

Change SLA to -  25% Gold -  25% Silver -  50% BE

1

2

3 draft-ietf-idr-sla-exchange

Future

DEMO is available

(43)

(44)

Summary

•  Flexibility: SDN enhances the way we’re doing networking, automates tasks, introduces new possibilities through open APIs

•  Investment Protection: SDN can co-exist with traditional networking protocols, it even leverages them.

•  Rich implementation: BGP provides a couple of essential tools in the toolbox for topology and routing distribution and flow control / SLA control

•  Cost Effective: We hope you will make use of them to make your network infrastructure more agile and cost-effective

(45)

(46)

BGP - Optimising the Foundational SDN Technology

BGP -

Optimising the Foundational SDN Technology

Agenda

•

Some words about SDN

•

BGP-Assisted SDN Use-case

1.

WAN Orchestration – BGP-LS

2.

Flow Steering/Security Policies – BGP-FS

3.

Peering Diagnostics – BMP

Software defined networking (SDN) is an

approach to building computer networks that

separates and abstracts elements of these

systems

What is SDN?

In other words…

In the SDN paradigm, not all

processing happens inside the

A better definition

SDN Definition

Centralization

of control of the

network via the

Separation

of

control

logic to

off-device compute, that

Enables

automation

and

orchestration

of network

services via

Open

programmatic

interfaces

SDN Benefits

Efficiency

: optimize existing

applications, services, and

infrastructure

Scale:

rapidly grow existing

applications and services

Innovation

: create and deliver

new types of applications and

services and business models

Different customers, different pain points

Diverse Programmability Requirements Across Segments

Most Requirements are for Automation & Programmability

SDN Hybrid Approach

Why is BGP successful?

Simple and Scalable

HA and Secure

“Driven by PragmaBsm”, “Not perfect, but good enough”

-­‐-­‐ Yakov Rekhter

Control-plane Evolution

1

3

Use case #1: WAN

Orchestration

“.. not sure why folks keep

talking about SDN as a

datacenter technology - the

value is in the WAN..”

The SP Challenge

Traffic

Revenue

!

Traffic continues to increase, while

revenue declines

!

On top of SPs’ minds:

–

-‐-‐ Yakov Rekhter