Professional Documents
Culture Documents
Technology
BRKSPG-2641
Oliver Boehmer
Cisco AS Solutions Architect
Agenda
Some words about SDN
BGP-Assisted SDN Use-case
1. WAN Orchestration BGP-LS
2. Flow Steering/Security Policies BGP-FS
3. Peering Diagnostics BMP
BRKSPG-2641
Cisco Public
Introduction to SDN
BRKSPG-2641
Cisco Public
Cisco Public
What is SDN?
(per Wikipedia definition)
Cisco Public
In other words
In the SDN paradigm, not all
processing happens inside the
same device
BRKSPG-2641
Cisco Public
A Better Definition
SDN Definition
SDN Benefits
BRKSPG-2641
10
In Laments Terms
BRKSPG-2641
Cisco Public
11
Research/
Academia
Massively Scalable
Data Centre
Experimental
OpenFlow/SDN
components for
production
networks
Customise with
Programmatic APIs
to provide deep
insight into network
traffic
Network
Slicing
Network Flow
Management
Cloud
Service
Providers
Automated
provisioning and
programmable
overlay,
OpenStack
Policy-based
control and
analytics to
optimise and
monetise
service delivery
Scalable
Multi-Tenancy
Agile Service
Delivery
Enterprise
Virtual workloads,
VDI, Orchestration
of security profiles
Private Cloud
Automation
Transport Efficiency
BRKSPG-2641
Cisco Public
12
Applications
Network
Intelligence,
Guidance
Services
Orchestration
Analytics
Programmability
Network
BRKSPG-2641
Harvest
Network
Intelligence
Cisco Public
13
Configurable
Networks
BRKSPG-2641
Orchestrated
Networks
Best-effort
Networks
Network-aware
Apps
Network Interfaces
Programmatic
Interfaces
Managed Networks
Automated
Networks
Cisco Public
14
Network
Middleware
Controllers
15
About BGP
HA and Secure
Cisco Public
17
Control-plane Evolution
Most of services are moving towards BGP
Service/transport
IDR (Peering)
BGP
BGP (IPv6)
SP L3VPN
BGP
SP Multicast VPN
PIM
DDOS mitigation
CLI
BGP flowspec
Network Monitoring
SNMP
Security
Filters
Proximity
SP-L3VPN-DC
LDP
DC Interconnect L2VPN
MPLS transport
LDP
Data Centre
OSPF/ISIS
BGP + Multipath
NHRP / EIGRP
BGP
BGP
Campus/Ent L3VPN
BRKSPG-2641
Cisco Public
18
Vijay Gill
https://twitter.com/vgill/status/227539039979446272
The SP Challenge
Traffic
Revenue
BRKSPG-2641
Cisco Public
21
Make $$
Doing more with the same or less
Introduce on-demand, scheduling, instant, premium, secure,
backup, etc. choices to the services portfolio
BRKSPG-2641
Cisco Public
23
APPS
Customer
SDN
DC SDN
APIs
SDN WAN
Customers
Viz &
Analytics
Application
Engine
Collector
Programming
State
NGN
WAN
DC/Cloud
Providers
Control
MultiLayer
BRKSPG-2641
Cisco Public
24
Load/Capacity
SNMP, NetFlow
Viz &
Analytics
Application
Engine
Collector
Programming
Topology
State
NGN
WAN
MultiLayer
BRKSPG-2641
Cisco Public
25
BRKSPG-2641
PCE
TED
BGP-LS
Domain 0
BGP-LS
Domain 1
Cisco Public
RR
BGP-LS
Domain 2
27
PCE
TED
Selection algorithm
Route Reflection / propagation
Attributes
BGP-LS
Domain 0
BGP-LS
Domain 1
RR
BGP-LS
Domain 2
draft-ietf-idr-ls-distribution-00
BRKSPG-2641
Cisco Public
28
BRKSPG-2641
Cisco Public
29
One or two routers per area redistribute IGP topology into BGP-LS NLRIs
BGP-LS NLRI are sent to BGP-LS RR that reflects them to ALTO and PCE
servers
ALTO
Nothing is advertised to routers
PCE
BGP-LS
RR
BGP-LS
Speaker
BRKSPG-2641
BGP-LS
Speaker
BGP-LS
Speaker
Cisco Public
30
Network Services
Layer
NPS/ALTO
Server
NPS/Proximity
Database
Information collector
Algorithms
Databases
Aggregation/Customisation algorithms
Geo-location
Policy
Database
Performance data
IP/MPLS
Layer
BRKSPG-2641
Cisco Public
31
Enable link-state
addresses and
specify BGP-LS
peer
Cisco Public
32
Where X identifies object (e.g. local node, remote node, link, etc.)
BRKSPG-2641
Cisco Public
33
Prefix codes
Node
*> [V][L2][I0x1][N[c65172][b172.16.255.1][s1720.1625.5001.00]]/328
0.0.0.0
0 i
:
*> [E][L2][I0x1][N[c65172][b172.16.255.1][s1720.1625.5001.00]][R[c65172]
[b172.16.255.1][s1720.1625.5002.00]][L[i172.16.0.1][n172.16.0.0]]/696
0.0.0.0
0 i
:
BRKSPG-2641
Cisco Public
Link
34
Summary
WAN orchestration provides significant value to customers in terms of
Operational simplification
Network flexibility
Revenue opportunities
BRKSPG-2641
Cisco Public
35
Introduction
BGP (like any other routing protocol) influences destination-based routing
BGP routing information can be injected from a central place (route server)
Why not use it for more than just giving a destination address to route packets
to?
BRKSPG-2641
Cisco Public
38
Provider Infra
IP=1.2.3.4
Website
Transit1
BGP : 1.2.3.0/24
CE
Internet
PE
Tra`nsit2
BRKSPG-2641
Cisco Public
39
Provider Infra
IP=1.2.3.4
Website
DDoS Traffic
Transit1
BGP : 1.2.3.0/24
CE
Internet
PE
Transit2
BRKSPG-2641
Cisco Public
40
Provider Infra
IP=1.2.3.4
Website
DDoS Traffic
Transit1
BGP : 1.2.3.0/24
CE
Internet
PE
Transit2
BRKSPG-2641
Cisco Public
41
Provider Infra
IP=1.2.3.4
Website
DDoS Traffic
Transit1
BGP : 1.2.3.0/24
CE
Internet
PE
Transit2
BRKSPG-2641
Cisco Public
42
Provider Infra
IP=1.2.3.4
Website
DDoS
Traffic
DDoS Traffic
Transit1
BGP : 1.2.3.0/24
CE
Internet
PE
Transit2
BRKSPG-2641
Cisco Public
43
Provider Infra
IP=1.2.3.4
Website
DDoS
Traffic
DDoS Traffic
Transit1
BGP : 1.2.3.0/24
CE
Internet
PE
BGP : 1.2.3.4/32
Com. : 64500:666
Transit2
BRKSPG-2641
Cisco Public
44
Provider Infra
IP=1.2.3.4
Website
DDoS
Traffic
DDoS Traffic
Transit1
BGP : 1.2.3.0/24
CE
Internet
PE
BGP : 1.2.3.4/32
Com. : 64500:666
Transit2
BRKSPG-2641
Cisco Public
45
Provider Infra
1.2.3.4/32
IP=1.2.3.4
Website
DDoS
Traffic
Discard
DDoS Traffic
Transit1
BGP : 1.2.3.0/24
CE
Internet
PE
BGP : 1.2.3.4/32
Com. : 64500:666
Transit2
1.2.3.4/32
BRKSPG-2641
Discard
Cisco Public
46
Provider Infra
1.2.3.4/32
IP=1.2.3.4
Website
Discard
DDoS Traffic
Transit1
BGP : 1.2.3.0/24
CE
Internet
PE
BGP : 1.2.3.4/32
Com. : 64500:666
Transit2
1.2.3.4/32
BRKSPG-2641
Discard
Cisco Public
47
BRKSPG-2641
Cisco Public
48
Source/Destination address
Protocol
Packet size
Etc
Discard
Logging
Rate-Limiting
Redirection
Etc
Cisco Public
49
But
Customer need to call my provider
Customer need the provider to accept and run this filter on each of their
backbone/edge routers
Customer need to call the provider and remove the rule after!
BRKSPG-2641
Cisco Public
50
How?
By using your existing MP-BGP infrastructure
BRKSPG-2641
Cisco Public
51
BRKSPG-2641
Cisco Public
52
Destination IP Address
7.
ICMP Type
2.
Source IP Address
8.
ICMP Code
3.
IP Protocol
9.
TCP Flags
4.
Port
5.
Destination port
11. DSCP
6.
Source Port
12. Fragment
+---------------------------------------------------------+
| Address Family Identifier (2 octets)
|
+---------------------------------------------------------+
| Subsequent Address Family Identifier (1 octet)
|
+---------------------------------------------------------+
| Length of Next Hop Network Address (1 octet)
|
+---------------------------------------------------------+
| Network Address of Next Hop (variable)
|
+---------------------------------------------------------+
| Reserved (1 octet)
|
+---------------------------------------------------------+
| Network Layer Reachability Information (variable)
|
+---------------------------------------------------------+
Notice from the RFC: Flow specification components must follow strict type ordering. A given component type may or may not be
present in the specification, but if present, it MUST precede any component of higher numeric type value.
BRKSPG-2641
Cisco Public
53
Description
Traffic-Rate
Traffic-Marking
Redirect VRF
Redirect NH
Traffic-Action
BRKSPG-2641
Cisco Public
54
Provider Infra
IP=1.2.3.4
Website
UDP DDoS
Traffic
Transit1
BGP : 1.2.3.0/24
Internet
PE
CE
UDP DDoS
Traffic
Transit2
BRKSPG-2641
Cisco Public
55
Provider Infra
IP=1.2.3.4
Website
UDP DDoS
Traffic
Transit1
BGP : 1.2.3.0/24
Internet
PE
CE
UDP DDoS
Traffic
IP Destination:
1.2.3.4/32
IP Protocol 17 (UDP)
PacketSize <=28
Rate-limit 10M
BRKSPG-2641
Transit2
Cisco Public
56
Provider Infra
IP=1.2.3.4
Website
UDP DDoS
Traffic
Transit1
BGP : 1.2.3.0/24
CE
IP Destination: 1.2.3.4/32
IP Protocol 17 (UDP)
PacketSize <=28
Rate-limit 10M
BRKSPG-2641
Internet
PE
Transit2
Cisco Public
57
Provider Infra
IP=1.2.3.4
Website
UDP DDoS
Traffic
Transit1
BGP : 1.2.3.0/24
CE
IP Destination: 1.2.3.4/32
IP Protocol 17 (UDP)
PacketSize <=28
Rate-limit 10M
BRKSPG-2641
Internet
PE
Transit2
Legitimate TCP
Traffic
Cisco Public
58
Cisco Public
59
Customer Infra
Provider Infra
IP=1.2.3.4
Website
UDP DDoS
Traffic
Flowspec
Transit1
BGP : 1.2.3.0/24
CE
Internet
PE
Transit2
BRKSPG-2641
Cisco Public
60
Customer Infra
Provider Infra
IP=1.2.3.4
Website
UDP DDoS
Traffic
Flowspec
Transit1
BGP : 1.2.3.0/24
CE
Legitimate TCP
Traffic
BRKSPG-2641
Internet
PE
Transit2
Cisco Public
61
BRKSPG-2641
Cisco Public
63
Controller
iBGP
Transit1
Internet
PE
Transit2
BRKSPG-2641
Cisco Public
64
Controller
iBGP
Transit SP1
Transit1
BRKSPG-2641
Transit SP2
PE
Transit SP3
Transit2
Cisco Public
65
Routing Visibility
Ok, now the controller has all the
information, and can do its magic
It changes BGP routing policy (routemaps/RPL) on the devices, modifying
BGP attributes, etc.
Controller
iBGP
BRKSPG-2641
Transit SP1
Transit1
Transit SP2
PE
Transit SP3
Transit2
Cisco Public
66
BGP RIBs
BGP speaker maintains multiple Routing Tables:
Adj-RIB-in (per neighbour)
These are the updates as received by the peer
Incoming route policy is applied, attributes are changed
Updates which are dropped by the incoming route-policy are discarded, to save on
memory
soft-reconfiguration inbound keeps them, paths flagged with received-only in show bgp
BRKSPG-2641
Cisco Public
67
Adj-RIB-in
(before
filter)
Adj-RIB-in
eBGP
BRKSPG-2641
Inbound
filtering
2014 Cisco and/or its affiliates. All rights reserved.
Loc-RIB
Inbound
filtering
eBGP
Cisco Public
68
What is BMP?
Simplicity
Easy to use
Minimal service affecting
BMP is not impacting the routing decision process and is only used to provide
monitoring information
BMP provides access to the Adj-RIB-In of a BGP peer on an ongoing basis
and provide s a periodic dump of statistical information. A monitoring station
can use this for further analysis
http://tools.ietf.org/html/draft-ietf-grow-bmp-07
BRKSPG-2641
Cisco Public
69
Deployment Models
Deployment Model 2
Deployment Model 1
Peering diagnostics and analytics
IGP 5
AS#4567
AS#4567
IGP 5
IGP 3
BMP Session
IGP 2
IGP 1
IGP 3
IGP 2
BMP Session
IGP 4
IGP 1
BMP Session
BMP Session
BRKSPG-2641
IGP 4
BMP Session
Analyser
Analyser
AS#1234
AS#1234
2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
70
Configuration
router bgp <asn>
neighbor <ip-address> BMP monitor all / server 1 server
BRKSPG-2641
skip }
Cisco Public
71
Wrapping Up
Summary
SDN enhances the way were doing networking, automates tasks, introduces
new possibilities through open APIs
SDN is much more than OpenFlow, has many aspects for many different use
cases
SDN can co-exist with traditional networking protocols, it even leverages them
BGP provides a couple of essential tools in the toolbox for topology and routing
distribution and flow control
We hope you will make use of them to make your network infrastructure more
agile and cost-effective
BRKSPG-2641
Cisco Public
73
Q&A
BRKSPG-2641
Cisco Public
75