A Simple BGP
0 likes244 views
This document proposes a simple way to configure BGP through the introduction of neighbor roles to help prevent route leaks. It notes that while BGP configuration can currently be complex with over 140 RFCs published, assigning each neighbor a role of provider, customer, peer, or internal could simplify things. The proposed "neighbor role" extension would be backward compatible and help eliminate mistaken route leaks by preventing non-conflicting role configurations and providing strict mode to require roles be set.
A Simple BGP
- 1. A Simple BGP Alexander Azimov Qrator Labs
- 2. BGP Policy is made by… • Local Pref • Prepends • RPSL • RPKI • Communities And other XX config options Ha! Easy! Love flexibility!
- 3. But is it simple? 140 RFC have already been written! 388 RFC drafts Numerous BCPs… KISS is not for BGP?
- 4. It could be quite simple… protocol bgp IAMOPERATOR { local as MY_AS; neighbor X.X.X.X as AS_PROVIDER; }
- 5. The Great Gap Expectation BGP Configuration
- 6. A Simple Result A simple route leak! Internal Session local as MY_AS; neighbor X.X.X.X as AS_UPSTREAM_X; local as MY_AS; neighbor Y.Y.Y.Y as AS_UPSTREAM_Y;
- 7. Route Leak: stats 0 100000 200000 300000 400000 500000 600000 August September October November*
- 8. Who is the leaker? About ~1000 leakers affect… Everybody!
- 9. Newcomers 0 10000 20000 30000 40000 50000 60000 2010 2011 2012 2013 2014 2015
- 10. Imagine yourself on a highway…
- 11. Option 1: Regulation bgpbusters! Are you afraid of leaks?
- 12. Option 2: A new BGP extension
- 13. Meet The Neighbor Role 4 Roles: customer, provider, peer, internal Optional non-transit attribute – Role Marker Role Import Marker Internal Session No role marker change Role Export Filter
- 14. Idle state: No role set
- 15. Notification: The Wrong Role OPEN with customer role OPEN with peer role Capabilities NotificationNotification 3 pairs of non-conflict roles: 1. Peer <---> Peer 2. Customer <---> Provider 3. Internal <---> Internal
- 16. Strict Mode OPEN with no role OPEN with peer role Notification Notification if the role is not set in OPEN from the neighbor
- 17. A Simple Config protocol bgp IAMOPERATOR { local as MY_AS; neighbor X.X.X.X as AS_PROVIDER; role provider }
- 18. Benefits Backward compatibility • Unknown optional non-transit attributes are just ignored • Unknown capabilities should be just ignored! Route leak extinction: • No mistake leaks • Opportunity to control neighbor configuration
- 19. Useful Links Overview of protocol change: radar.qrator.net/tools/simple-bgp/ Fork of BIRD routing daemon: github.com/QratorLabs/bird/ Alexander Azimov <aa@qrator.net>