Lecture 15 - Routing 2 PDF
Document Details
Uploaded by BeauteousGlockenspiel
University of Florida
2024
Patrick Traynor
Tags
Summary
This is a lecture on computer networks and routing, specifically on the topic of routing among ISPs (BGP), and the basics of BGP routing. The lecture is from Fall 2024, and is by Professor Patrick Traynor, and covers different aspects of networking including the Internet control message protocol.
Full Transcript
CNT 4007- Computer Networks I: Routing (2) Professor Patrick Traynor Fall 2024 Florida Institute for Cybe...
CNT 4007- Computer Networks I: Routing (2) Professor Patrick Traynor Fall 2024 Florida Institute for Cybersecurity (FICS) Research Announcements/Reminders Check the calendar - things have changed! Need to get ourselves back on track to ensure a successful semester. Midterm is on Thursday. In-person only. Remember the rules. Don’t remember? See last Tuesday’s lecture/slides. Prompt: Would you please make an image for me? I need an alligator (dressed in orange and blue clothing) sitting in a seat on a commercial airplane. He should be looking out the window. Florida Institute for Cybersecurity (FICS) Research 2 Network Layer: “Control Plane” Roadmap ▪ introduction ▪ routing protocols ▪ intra-ISP routing: OSPF ▪ routing among ISPs: BGP ▪ SDN control plane ▪ Internet Control Message Protocol ▪ network management, configuration SNMP NETCONF/YANG Florida Institute for Cybersecurity (FICS) Research 3 Internet Inter-AS Routing: BGP BGP (Border Gateway Protocol): the de facto inter-domain routing protocol “glue that holds the Internet together” allows subnet to advertise its existence, and the destinations it can reach, to rest of Internet: “I am here, here is who I can reach, and how” BGP provides each AS a means to: eBGP: obtain subnet reachability information from neighboring ASes iBGP: propagate reachability information to all AS-internal routers. determine “good” routes to other networks based on reachability information and policy Florida Institute for Cybersecurity (FICS) Research 4 eBGP, iBGP Connections 2b 2a 2c ∂ 1b 3b 2d 1a 1c 3a ∂ 3c AS 2 1d 3d AS 1 eBGP connectivity AS 3 logical iBGP connectivity 1c gateway routers run both eBGP and iBGP protocols Florida Institute for Cybersecurity (FICS) Research 5 BGP Basics ▪ BGP session: two BGP routers (“peers”) exchange BGP messages over semi-permanent TCP connection: advertising paths to different destination network prefixes (BGP is a “path vector” protocol) ▪ when AS3 gateway 3a advertises path AS3,X to AS2 gateway 2c: AS3 promises to AS2 it will forward datagrams towards X AS 3 3b AS 1 1b 3a 3c 1a 1c AS 2 3d 2b 1d 2a 2c BGP advertisement: X AS3, X 2d Florida Institute for Cybersecurity (FICS) Research 6 Path Attributes and BGP Routes ▪ BGP advertised route: prefix + attributes prefix: destination being advertised two important attributes: AS-PATH: list of ASes through which prefix advertisement has passed NEXT-HOP: indicates specific internal-AS router to next-hop AS ▪ Policy-based routing: gateway receiving route advertisement uses import policy to accept/decline path (e.g., never route through AS Y). AS policy also determines whether to advertise path to other other neighboring ASes Florida Institute for Cybersecurity (FICS) Research 7 BGP Path Advertisement AS 3 3b AS 1 1b 3a 3c 1a 1c AS 2 3d X 2b 1d AS3, X AS2,AS3,X 2a 2c 2d ▪ AS2 router 2c receives path advertisement AS3,X (via eBGP) from AS3 router 3a ▪ Based on AS2 policy, AS2 router 2c accepts path AS3,X, propagates (via iBGP) to all AS2 routers ▪ Based on AS2 policy, AS2 router 2a advertises (via eBGP) path AS2, AS3, X to AS1 router 1c Florida Institute for Cybersecurity (FICS) Research 8 BGP Path Advertisement (more) AS 3 3b AS 1 1b AS3,X 3a 3c AS3,X AS3,X 1a 1c AS 2 3d X 2b AS3,X 1d AS3, X AS2,AS3,X 2a 2c 2d gateway router may learn about multiple paths to destination: ▪ AS1 gateway router 1c learns path AS2,AS3,X from 2a ▪ AS1 gateway router 1c learns path AS3,X from 3a ▪ Based on policy, AS1 gateway router 1c chooses path AS3,X and advertises path within AS1 via iBGP Florida Institute for Cybersecurity (FICS) Research 9 BGP Messages ▪ BGP messages exchanged between peers over TCP connection ▪ BGP messages: OPEN: opens TCP connection to remote BGP peer and authenticates sending BGP peer UPDATE: advertises new path (or withdraws old) KEEPALIVE: keeps connection alive in absence of UPDATES; also ACKs OPEN request NOTIFICATION: reports errors in previous msg; also used to close connection Florida Institute for Cybersecurity (FICS) Research 10 BGP Path Advertisement AS 3 3b AS 1 1b AS3,X AS3,X 3a 3c 1 AS3,X 1a 1c AS 2 3d X 2 2b local link AS3,X 2 1 interfaces 1d AS3, X at 1a, 1d AS2,AS3,X 2a 2c 2d dest interface ▪ Recall: 1a, 1b, 1d learn via iBGP from 1c: “path to X goes through 1c” … … 1c 1 ▪ at 1d: OSPF intra-domain routing: to get to 1c, use interface 1 X 1 ▪ at 1d: to get to X, use interface 1 … … Florida Institute for Cybersecurity (FICS) Research 11 BGP Path Advertisement AS 3 3b AS 1 1b 3a 3c 1 1a 1c AS 2 3d X 2 2b 1d 2a 2c 2d dest interface … … ▪ Recall: 1a, 1b, 1d learn via iBGP from 1c: “path to X goes through 1c” 1c 2 X 2 ▪ at 1d: OSPF intra-domain routing: to get to 1c, use interface 1 … … ▪ at 1d: to get to X, use interface 1 ▪ at 1a: OSPF intra-domain routing: to get to 1c, use interface 2 ▪ at 1a: to get to X, use interface 2 Florida Institute for Cybersecurity (FICS) Research 12 Why Different Intra-, Inter-AS Routing ? policy: ▪ inter-AS: admin wants control over how its traffic routed, who routes through its network ▪ intra-AS: single admin, so policy less of an issue scale: ▪ hierarchical routing saves table size, reduced update traffic performance: ▪ intra-AS: can focus on performance ▪ inter-AS: policy dominates over performance Florida Institute for Cybersecurity (FICS) Research 13 Hot Potato Routing AS 3 3b AS 1 1b 3a 3c 1a 1c AS 2 3d X 2b 112 1d AS3,X AS1,AS3,X 2a 2c 201 263 2d OSPF link weights ▪ 2d learns (via iBGP) it can route to X via 2a or 2c ▪ Hot Potato Routing: choose local gateway that has least intra-domain cost (e.g., 2d chooses 2a, even though more AS hops to X): don’t worry about inter-domain cost! Florida Institute for Cybersecurity (FICS) Research 14 BGP: Achieving Policy via Advertisements A,w B provider x network w A legend: A,w C y customer network: ISP only wants to route traffic to/from its customer networks (does not want to carry transit traffic between other ISPs – a typical “real world” policy) ▪ A advertises path Aw to B and to C ▪ B chooses not to advertise BAw to C! ▪ B gets no “revenue” for routing CBAw, since none of C, A, w are B’s customers ▪ C does not learn about CBAw path ▪ C will route CAw (not using B) to get to w Florida Institute for Cybersecurity (FICS) Research 15 BGP: Achieving Policy via Advertisements B provider x network w A legend: C y customer network: ISP only wants to route traffic to/from its customer networks (does not want to carry transit traffic between other ISPs – a typical “real world” policy) ▪ A,B,C are provider networks ▪ x,w,y are customer (of provider networks) ▪ x is dual-homed: attached to two networks ▪ policy to enforce: x does not want to route from B to C via x ▪.. so x will not advertise to B a route to C Florida Institute for Cybersecurity (FICS) Research 16 BGP Route Selection Router may learn about more than one route to destination AS, selects route based on: 1. Local preference value attribute: policy decision 2. Shortest AS-PATH 3. ClosestNEXT-HOP router: hot potato routing 4. Additional criteria Florida Institute for Cybersecurity (FICS) Research 17 Network Layer: “Control Plane” Roadmap ▪ introduction ▪ routing protocols ▪ intra-ISP routing: OSPF ▪ routing among ISPs: BGP ▪ SDN control plane ▪ Internet Control Message ▪ network management, Protocol configuration SNMP NETCONF/YANG Florida Institute for Cybersecurity (FICS) Research 18 ICMP: Internet Control Message Protocol ▪ used by hosts and routers to Type Code description communicate network-level 0 0 echo reply (ping) information 3 0 dest. network unreachable 3 1 dest host unreachable error reporting: unreachable host, 3 2 dest protocol unreachable network, port, protocol 3 3 dest port unreachable echo request/reply (used by ping) 3 6 dest network unknown 3 7 dest host unknown ▪ network-layer “above” IP: 4 0 source quench (congestion control - not used) ICMP messages carried in IP datagrams 8 0 echo request (ping) ▪ ICMP message: type, code plus first 9 10 0 0 route advertisement router discovery 8 bytes of IP datagram causing error 11 0 TTL expired 12 0 bad IP header Florida Institute for Cybersecurity (FICS) Research 19 Traceroute and ICMP 3 probes 3 probes 3 probes ▪ source sends sets of UDP segments to destination stopping criteria: 1st set has TTL =1, 2nd set has TTL=2, etc. ▪ UDP segment eventually arrives at destination host ▪ datagram in nth set arrives to nth router: ▪ destination returns ICMP router discards datagram and sends source ICMP “port unreachable” message (type 11, code 0) message (type 3, code 3) ICMP message possibly includes name of router & IP ▪ source stops address ▪ when ICMP message arrives at source: record RTTs Florida Institute for Cybersecurity (FICS) Research 20 Smurf Attack ICMP Messages can be used in a classic “ampli cation” attack. An ICMP “ping” is sent to the broadcast address in a subnet (255.255.255.255) or network (192.168.1.255). All hosts receiving this message would automatically respond, thereby clogging the network. Only took one message to initiate. Florida Institute for Cybersecurity (FICS) Research 21 fi Conclusion That wraps up Chapter 5. Remember, this lecture is not on the midterm (but absolutely will be on the nal). Make sure your focus is on the exam. Don’t forget about Project 2. Check the calendar for hurricane- Prompt: Would you please make an image for me? I need an alligator (dressed in orange and blue clothing), sitting at a desk in a lecture hall, who is taking a test. A single tear should be coming out of its eye caused changes! Florida Institute for Cybersecurity (FICS) Research 22 fi
