Using RPSL in Practice - University of Massachusetts Amherst
Download
Report
Transcript Using RPSL in Practice - University of Massachusetts Amherst
Using RPSL in Practice
Chun Zhang
Nov 2, 2000
1
ECE 697F: Special Topics - Internet Routing
Introduction
Terminology
How to specify routing policies?
How to analyze routing policies?
2
Terminology - RPSL
Routing Policy Specification Language
RIPE181 - RFC 1786 (March 1995)
RPSL - RFC 2280 (June 1999)
Specify much wider range routing policy
3
Terminology - IRR
Internet Routing Registry
Repository of routing policies
4
Terminology - IRR (Cont.)
Evolution Of IRR
1995, Originally 5 databases
CA*NET (now Bell Canada)
[Canada]
RADB, CW, ANS(now UUnet) [US]
RIPE
[Europe]
Now, more than two dozen databases
5
Filters
Routes
Routes
Criteria
6
Filters Type
Destination address-prefix
– {128.9.0.0/16, 128.8.0.0/16}
– AS2 == {128.9.0.0/16, 128.8.0.0/16}
AS2
128.9.0.0/16
128.8.0.0/16
– AS-FOO == {AS1, AS2, AS3}
7
Filters Type
AS Path
?? What does this mean ??
– <^AS1.*AS2$>
– <^AS1[AS2 AS3 AS4] *$>
8
AS Path Regular Expressions
^ matches empty string at the
beginning of AS path
. match any AS number
$ matches the empty string at the
end of an AS path
[…] matches any element in the AS
set
9
AS Path Regular Expressions
Zero or more occurrences A*
A
One or more occurrences
A+
A
Zero or one occurrences
A?
A
10
AS Path Regular Expressions
Binary concatenation operator:
– Example : AB
A
B
Binary alternative (or) operator: |
– Example : A|B
A
B
11
Regular Expressions Examples
<^AS1.*AS2$>
Start
AS1
AS2
End
<^AS1[AS2 AS3 AS4] *$>
A2
Start
AS1
A3
End
A4
12
Filters Type
Other routes attributes
Example : Community attributes
Optional transitive attribute of variable length
(a list of 4-byte integers)
4-byte integer
4-byte integer
4-byte integer
4-byte integer
4-byte integer
4-byte integer
AS1
AS2
100
100
AS3
100
13
Autonomous system object
Aut-num:
as-name:
descr:
import:
export:
admin-c:
tech-c:
mnt-by:
changed:
source:
AS2
CAT-NET
Catatonic State University
from AS1 accept ANY
to AS3 announce ANY
AO36-RIPE
CO19-RIPE
OPS4-RIPE
[email protected]
RIPE
14
Specify Policy in RPSL(I)
Common Peering Policies
Aut-num:
import:
import:
export:
export:
AS1
peer
AS2
from AS1 accept ANY
from AS3 accept <^AS3+$>
to AS3 announce ANY
to AS1 announce AS2, AS3
AS2
AS3
customer
15
Specify Policy in RPSL(II)
ISP Customer - Transit Provider Policies
Aut-num:
AS2
import:
from AS1 accept ANY
import:
from AS3 accept <^AS3+$>
import:
from AS4 accept <^AS4+$>
export:
to AS3 announce ANY
export:
to AS4 announce ANY
export:
to AS1 announce AS2, AS3, AS4
AS1
AS2 peer
AS2
AS3
AS2 customer
AS4 Another AS2 customer
16
Specify Policy in RPSL(II)
Using as-set object for simplification
as-set:
members:
Aut-num:
import:
import:
export:
export:
AS2:AS-CUSTOMERS
AS3 AS4
AS2
from AS1 accept ANY
from AS2:AS-CUSTOMERS accept
<^AS2:AS-CUSTOMERS+$>
to AS2:AS-CUSTOMERS announce ANY
to AS1 announce AS2 AS2:AS-CUSTOMERS
17
Specify Policy in RPSL(II)
Using route-set object for simplification
Aut-num:
import:
import:
import:
export:
export:
AS2
from AS1 accept ANY
from AS3 accept {7.7.0.0/16^16-19}
from AS4 accept {7.8.0.0/16^16-18}
to AS2:AS-CUSTOMERS announce ANY
to AS1 announce AS2, AS2:AS-CUSTOMERS
18
Specify Policy in RPSL(II)
Using route-set object for simplification
route-set:
members:
AS2:RS-ROUTES:AS3
{7.7.0.0/16^16-19}
route-set:
members:
AS2:RS-ROUTES:AS4
{7.8.0.0/16^16-18}
19
Specify Policy in RPSL(II)
Using route-set object for simplification
Aut-num:
import:
import:
import:
export:
export:
AS2
from AS1 accept ANY
from AS3 accept AS2:RS-ROUTES:AS3
from AS4 accept AS2:RS-ROUTES:AS4
to AS2:AS-CUSTOMERS announce ANY
to AS1 announce AS2, AS2:AS-CUSTOMERS
20
Specify Policy in RPSL(II)
Using route-set object for simplification
Aut-num:
import:
import:
import:
export:
export:
AS2
from AS1 accept ANY
from AS3 accept AS2:RS-ROUTES:PeerAS
from AS4 accept AS2:RS-ROUTES:PeerAS
to AS2:AS-CUSTOMERS announce ANY
to AS1 announce AS2, AS2:AS-CUSTOMERS
21
Specify Policy in RPSL(II)
Using route-set object for simplification
Aut-num:
import:
import:
export:
export:
AS2
from AS1 accept ANY
from AS2:AS-CUSTOMERS accept
AS2:RS-ROUTES:PeerAS
to AS2:AS-CUSTOMERS announce ANY
to AS1 announce AS2, AS2:AS-CUSTOMERS
22
Specify Policy in RPSL(III)
Including Interfaces in Peering Definitions
aut-num:
import:
AS1
from AS2 7.7.7.2 at 7.7.7.1
accept <^AS2+$>
7.7.7.1
7.7.7.2
AS1
AS2
7.7.7.3
23
Specify Policy in RPSL(IV)
Describing Simple Backup Connections
7.7.7.1
7.7.7.2
AS1
AS2
7.7.7.3
aut-num:
import:
AS1
from AS2 7.7.7.2 at 7.7.7.1 action pref=10;
from AS2 7.7.7.3 at 7.7.7.1 action pref=20;
accept <^AS2+$>
higher the number, lower the preference !!!
aut-num:
AS2
export:
to AS1 7.7.7.1 at 7.7.7.2 action med=10;
to AS1 7.7.7.1 at 7.7.7.3 action med=20;
announce <^AS2+$>
24
Specify Policy in RPSL(V)
Multi-home Routing Policies using the community Attribute
I
AS2
AS1 II
AS4
AS3
??? How AS4 signal AS1 to select path I/II ???
Solution: Using route community attributes
aut-num:AS1
import: from AS2 accept (AS2 OR AS4) and <^AS2+ AS4*$>
import: from AS3 accept (AS3 OR AS4) and <^AS3+ AS4*$>
import: from AS5 accept AS5 and <^AS5+$>
25
Specify Policy in RPSL(V)
Multi-home Routing Policies using the community Attribute
AS1: I prefer the path where
community attribute = C
AS4: Ok! Let me set my favorite path’s
community attribute = C
AS1: Yes! Attribute = C
I am working as you like!
26
AS1: I prefer where community=C
Aut-num: AS1
import: from AS2 action pref=10; accept (AS2 OR AS4) AND
<^AS2+AS4*$> AND commnuity.contains(1:1)
import: from AS2 action pref=0; accept(AS2 OR AS4) AND
<^AS2+AS4*$>
import: from AS3 action pref=10; accept (AS3 OR AS4) AND
<^AS2+AS4*$> AND commnuity.contains(1:1)
import: from AS3 action pref=0; accept(AS3 OR AS4) AND
<^AS2+AS4*$>
27
AS1: I prefer where community=C
Using refine for simplification
Aut-num: AS1
import: {
from AS-ANY
action pref=10;
accept community.contains(1:1);
from AS-ANY
action pref=0;
accept ANY;
} refine {
from AS2 accept (AS2 OR AS4) AND <^AS2+AS4*$> ;
from AS3 accept (AS3 OR AS4) AND <^AS3+AS4*$> ;
}
28
AS4: Let me set my favorite
Aut-num: AS4
export:
export:
to AS2
action community.append(1:1);
announce AS4
to AS3
announce AS4
29
RAToolSet (Version 4)
router Configuration tools (RtConfig)
paths analysis tools
(prpath and prtraceroute)
edit, compare,validate and register
RPSL objects (roe, aoe and prcheck)
Autonomous system Object Editor
30
Using RtConfig
Generating router configuration from
RPSL
Steps
– register policy in an IRR
– building a RtConfig source file
– create vendor specific router configuration
by the source file and policy in IRR
(support cisco,juniper, gated, bay/nortel)
31
Using RtConfig
AS2914
AS3701
198.32.162.6
198.32.162.2
198.32.162.1
128.223.0.0/16
AS3582
32
Sample RtConfig Source File
Router bgp
3582
network 128.223.0.0
!
!
Start with access-list 100
!
@RtConfig set cisco_access_list_no = 100
!
NERO
neighbor 192.32.162.2 remote-as 3701
@RtConfig set cisco_map_name = “AS3701-EXPORT”
@RtConfig export AS3582 198.32.162.1 AS 3701 198.32.162.2
@RtConfig set cisco_map_name = “AS3701-IMPORT”
@RtConfig import AS3582 198.32.162.1 AS3701 198.32.162.2
!
!
WNA/VERIO
neighbor 198.32.162.6 remote-as 2914
@RtConfig set cisco_map_name = “AS2914-EXPORT”
@RtConfig export AS3582 198.32.162.1 AS2914 198.32.162.6
@RtConfig set cisco_map_name = “AS2914-IMPORT”
@RtConfig import AS3582 198.32.162.1 AS2914 198.32.162.6
33
Router Configuration File
router
bgp 3582
network 128.223.0.0
!
! NERO
neighbor 193.32.162.2 remote-as 3701
no access-list 100
access-list 100 permit ip 128.223.0.0 0.0.0.0 255.255.0.0 0.0.0.0
access-list 100 deny deny ip 0.0.0.0 255.255.255.255 0.0.0.0 255.255.255.255
!
no route-map AS3701-EXPORT
route-map AS3701-EXPORT permit 1
match ip address 100
!
Router bgp 3582
neighbor 198.32.162.2 route-map AS3701-EXPORT out
!
No route-map AS3701-IMPORT
route-map AS3701-IMPORT permit 1
set local-preference 1000
! Router bgp 3582
34
Router Configuration File
neighbor 198.32.162.2 route-map AS3701-IMPORT in
!
! WNA/VERIO
neighbor 198.32.162.6 remote-as 2914
!
No route-map AS 2914-EXPORT
route-map AS2914-EXPORT permit 1
match ip address 100
!
Router bgp 3582
neighbor 198.32.162.6 route-map AS2914-EXPORT out
no ip as-path access-list 100
ip as-path access-list 100 permit ^_2914((_[0_9]+))*_
(13|22|97|132|175|668|1914|2905|2914|3361|3381|3791|3937|
4178|4354|4571|4674|4683|5091|5303|5798|5855|5856|5881|6083
|6188|6971|7790|7951|8028))?$
!
No route-map AS2914-IMPORT
route-map AS2914_IMPORT permit 1
match as-path 100
set local-preference 998
\
\
\
35
Thanks !
36