Routers and routing

Olof Hagsand KTHNOC/NADA

2D1490 p4 2007

Connecting devicesConnecting

devices

Networkingdevices

Internetworkingdevices

Applicationgateway

RouterBridge/Switch

Hub/Repeater

L1 L2 L3 L4-L7

IEEE 802 vs IPv4 addresses

1011110110111101

Group/Individual bit

Global/Localbit

1011110101110101 1011110110111101 1011110101110101 1011110110111101 1011110101110101

vendor code vendor assigned

IEEE802

IPv4 addr1011110111000000 1011110100100100 1011110101111101 1011110100010010

netid hostid

192.36.125.18

00:0E:35:64:E9:E7

Routing vs bridging● Bridging - forwarding on layer 2

– A MAC address/ID has a flat structure● many nodes -> large forwarding tables● broadcast reaches all nodes

– Simple to configure and manage, cheaper– Loops detected by spanning tree protocol

● Routing – forwarding on layer 3– The netid of the IP addresses can be aggregated

● many nodes -> smaller forwarding tables than bridging● routers partition broadcast domains

– Routing is more difficult to configure– Loops detected by routing protocols and TTL decrementation

Router ComponentsCPU

RoutingTable

Memory

Line cards

External links

CPU module”Control Processor””Routing Engine”

MAC

Memory

PacketProcessing

MAC

Memory

PacketProcessing

Interconnect

MAC

Memory

PacketProcessing

Examine headers, routing decision...

Input buffering,waiting for access to

output port...

Output buffering, waiting for

transmission...

QoS scheduling...

Execute routing protocols,compute routing table,configure line cards...

Inside a router, 1st Generation

● Late 80s, early 90s● Every packet goes twice over the shared bus● Capacity < 0.5 Gb/s

LineCard

LineCard

LineCard

BufferMemory

CPU RIB

Shared bus backplane

Line Card

BufferMemory

forwarder

Line Card

BufferMemory

forwarder

Line Card

BufferMemory

forwarder

Line Card

BufferMemory

forwarder

Inside a router, 3rd Generation

● Late 90s● Multiple simultaneous transfers over the backplane● Specialized hardware: ASICs (Application Specific IC)● Capacity 100 Gb/s

CPU

RIB

CPU Card

Switched backplane

Crossbar Architecture● Space division approach● Switched interconnection

between input and output● Centralized controller

– coordinates input-output ports

– activates paths between ports

● Multiple transfers can proceed simultaneously

● Crossbar is non-blocking

switching fabricinput ports

output ports

1

2

N

.

.

.

1 2 M

controller

. . .

interface logic

Xelerator X10 Architecture

SPI4

SPI4

SPI4

SPI4

Interconnect

TCAM SRAM SRAM Co-processor

HashEngine

MeterEngine

CounterEngine

TCAMEngine

ExternalEngine 0

ExternalEngine 1

ExternalEngine 2

ExternalEngine 3

TX

TX

TX

TX

RX

RX

RX

RX

SPI4

SPI4

SPI4

SPI4

PP PP PP PP PP PP

Routing Table Lookup ● Longest prefix first● Divide table in 32 ”buckets” - one for each netmask length● Match destination with longest prefixes first● SW algorithms: tree, binary trees, tries (different data structures)● HW support: TCAMs – Content Addressable Memory

Netid

Netid...

0

1

32

31

Masklen

destination IP address

Linear Search on Length Using a Trie

● Binary tree– Nodes are prefixes– Left branch represents ´0´in the string– Right branch represents ´1´

e

011*

f g

c01*

0*

a*

10*

110* d

b

1*

0010 0110 0111

a *b 10*c 01*d 110*e 0010f 0110g 0111

00*

000*

11*

TCAM

Linear Search on Values—TCAM

● Ternary Content-Addressable Memory– Fully associative memory

● Three values for each bit—’0’, ’1’, and ’x’ (don’t care)

● Compare input with all words in parallel– First match gives the result

● Up to 100 million searches per second

a *b 10*c 01*d 110*e 0010f 0110g 0111

0010 gfedcba

01100111110x01xx10xxxxxx

input

=

=

=====

Classification● Map a packet to a class● Class defined by filters, usually a 5-tuple:

– <source IP, destination IP, source port, destination port, protocol>● For example, all packets:

– From subnet N– To TCP port 80 on web-server S– From subnet N to port 666 on subnet M

● Applications:– Firewall & NAT– Blocking– Accounting– Policy routing– QoS—metering, policing, DiffServ marking, ...

Cisco 12816Port density examples● 30xOC-192 (10 Gb/s) ports● 120xOC-48 (2.5 Gb/s) ports● 15x10 Gigabit Ethernet ports● 60x1 Gigabit Ethernet ports

6ft

19”

2ft

Capacity: 1.28 Tb/sPower: 4.7 kW

Cisco CRS-1CISCO's current flagship:

Carrier- Routing System

3-stage multi-stage switching plane>50% of cost

Trie prefix lookup7.5kWEach slot has 40Gbps32Tbps raw bandwidthDistributed RPSeveral Logical RoutersOptical_Electric transitions:

O-E-O-E-O-E-O

Juniper Routers● M-series

– Shipping started 1998– M5, M10, M20, M40e, M160,

M320– 8xOC-192 or 32xOC-48

ports in a M160

● T-series– Shipping started 2002– T320, T640– 32xOC-192 or 128xOC-48

ports in a T640

Juniper M160

3ft

2.5ft

19”

Capacity: 80Gb/sPower: 2.6kW

Juniper J-series● J-series

– Software- PC-based– Emulates M/T series– Full software– Not full performance– Ideal for research and education

Routing

Autonomous systems - RFC1930

An Autonomous system is generally administered by a single entity.Operators, ISPs (Internet Service Providers)An AS contains an arbitrary complex sub-structure.

Each autonomous system selects the routing protocol to be used within the AS.Policies or updates within an AS are not propagated to other AS:s.An AS-number is (currently) a 16-bit unique identifierInterconnection between AS:s

– Service Level Agreements (SLA:s)– Internet Exchange Points (IX:s)/ Network Access Points (NAPs)– Direct connections

Internet structure● Ideally, there is a well-defined hierarchy in the Internet – a tree.

1 A few large “Tier 1” backbone providers – the core of the Internet (Sprint, Level3, Telstra, ...)● Provides transit for everyone else

2 Tier 2 regional ISPs, or NSPs (Network Service Providers)

3 Smaller ISPs

4 Customers● A well-defined hierarchy is nice for address aggregation –>

smaller IP tables● However, the hierarchy has broken down due to market forces:

– Peering at IXs, direct connections.● The Internet structure is now more in the form of a graph -->

larger routing tables

Static vs dynamic routing

● Static routing– Manually configure routing table– Typically for small networks– Single-homed, default route– Hosts are (almost) always statically routing

● Dynamic routing– As soon as the network is non-trivial, it is too difficult to manually

configure a network (see lab1)– Need dynamic routing protocol– Only routers participate in dynamic routing

The routing table● Currently, backbone IP tables are around 200000 entries.

– The RIB may be much larger● Virtual private networks (many customer routing tables) the

tables are even larger● Also, a “routing table” is actually many data-structures:

– Many different protocols– Forwarding information base (FIBs)– Routing information base (RIBs)

Announced networks

From Geoff Huston , 2006http://www.cidr-report.net

Load balancing● The routing protocol gives several routes to a network● Either select the best● Or load-balance between several links

– Unequal-cost multi-path– Equal-cost multi-path

● The forwarding decides how to balance actual traffic:– random (but this break TCP flows)– load balance per flow– load balance per address pairs

Example: load-balancing

● IS-IS/OSPF load balancing with two 3ms paths, one slow 20 ms path.

● Hosts from the same LAN (or different flows from same host) may take different routes.

3 ms

3 ms

20 ms

Asymmetric Routing

● A rule rather than an exception:– To- traffic and from- traffic take different paths

● Hot-potato routing– Send traffic out of your AS as soon as possible

● Cold-potato– Try to keep your traffic as long as possible.

Aggregation● Also called summarization● The netid part of IPv4 addresses can be aggregated (summarized) into

shorter prefixes.● Summarization is often done manually● Leads to smaller routing tables (fewer prefixes)● Threats: multi-homing and load-balancing

199.1.2.0/24199.1.1.0/24

199.1.0.0/24 199.1.3.0/24199.1.4.0/24

Metrics

● A fundamental functionality in a dynamic routing protocol:– Find the ”best path” to a destination

● But what is best path?– Interior routing: typically number of hops, or bandwidth– Exterior routing: business relations – peering

● Metrics– Number of “hops” (most common)– Bandwidth, Delay, Cost, Load, ”Policies”

Routing algorithms

● How does a router find a best path?● Most solutions based on SPF (Shortest Path First) algorithms that

are well known in graph theory.– Bellman-Ford– Dijkstra

● Apart from that, there are also other algorithms in– Multicast routing– Ad-hoc routing

● Sensor networks– Delay-tolerant networks

Routing protocol classes

● Almost all unicast routing protocols can be classified into one of two groups:– Link-State protocols (OSPF, IS-IS)– Distance-Vector protocols (RIP, IGRP, BGP)

● They are also classified into – Exterior (Inter-domain) routing protocols

● Between autonomous systems– Interior (Intra-domain) routing protocols

● Within an autonomous system

Popular Unicast Routing Protocols

Routing Protocols

Interior Exterior

BGPRIP OSPF IS-ISIGRP(cisco)

EGP

Routes may come from many “protocols”

● Direct– Networks on directly connected interfaces

● Local– example: 127.0.0.1

● Static– Configured static routes

● Aggregate– Manually aggregated routes

● RIP, OSPF, ISIS, BGP, RSVP,...

Route preference / Administrative distance

● Several protocols may include the same prefix. How do you decide which route to install in your routing table?

● Default preference (on Juniper) is:– Direct > Local > Static > OSPF > ISIS > RIP > Aggregate >

BGP● Can be changed or overridden with policies

The routing process

FIB

Routing Information Base

Forwarding Information Base

RoutingProcess

RIB RIB RIB

Routing protocol 1 Routing protocol 2

Linecards

CPU

Routing protocol 3

FIB FIB

Redistribution of routing information

● If several protocols are running on the same router– E.g., an OSPF as interior and BGP as exterior– E.g. static routes into dynamic routing protocol

● The router can distribute routes from one protocol to another– Interior routes need to be advertized to the Internet

● Typically these routes are aggregated– Exterior routes may need to be injected into the interior network

● But only a subset – the backbone tables are very large● Necessary for domain carrying transit traffic● Not necessary for a domain using only a default route

● Typically, redistributed routes are filtered in different ways due to routing policies

Redistribution using a policy

● In JunOS, policies are made up match/action pairs– Example, announce an aggregated prefix routes in BGP– Note: First declare policy, then export

policy-statement MYNETWORK { term 1 { from { # match protocol aggregate; route-filter 192.168.2.0/24 exact; } then accept; #action } }

protocols bgp { export MYNETWORK; # Apply policy }

Routing instances and tables

inet.0

RIB

Routing Instance: main RIBs

Routing protocol 3

Routing Instance: other RIBs

inet6.0

inet.1

inet.2

inet.3

mpls.0

IPv4 unicast routes

IPv6 unicast routes

IPv4 multicast forwarding cache

IPv4 multicast RPF table

IPv4 routes learnt from MPLS-TE path exploration

MPLS label-switch table

inet.0

Example: main.inet.0 __juniper_private1__.inet.0

Logical routers, VPNs, virtual routers, etc, use routing instances.

inet.4 MSDP routes

Routing policiesNeighbours

Protocols

Neighbours

Protocols

RIB

FIB

ExportImport

Note: Export policies may be applied only to active routes!

Protocol Default import action Default export action

direct and static accept all N/A

RIP accept all RIP routes reject all

BGP accept all BGP routes export all active BGP routes

IS-IS accept all IS-IS routes reject all (IS-IS uses LSAs)

OSPF accept all OSPF routes reject all (OSPF uses LSAs)

MPLS accept all MPLS routes export all active MPLS routes

Routing policy: syntax and flow

● Changing the default routing policy● Syntax: policy-options {

policy-statement name { term term-name { from { match; } then { action; } } }}

term1 term2

defaultpolicy

term3

term1 term2 term3

Policy 1

Policy 2

term

accept

reject

nextroute

More route-filters

● Route-filter match types– route-filter 192.168.0.0/16 exact;

– route-filter 192.168.0.0/16 orlonger;

– route-filter 192.168.0.0/16 longer;

– route-filter 192.168.0.0/16 upto /24;

– route-filter 192.168.0.0/16 through 192.168.16.0/20;

– route-filter 192.168.0.0/16 prefix-length-range /20-/24;

More actions

● accept● reject● next policy● next term● trace

Combined with accept:● as-path-expand● as-path-prepend● community● color● external● load-balance per-packet● local-preference● metric● next-hop● origin● preference

Applying policies● Apply them to protocols export or import rules● But policies appear in many places in JunOS, eg load-

balancing.● Syntax, BGP example. Export and import rules for all peers,

group peers and specific neighbor: protocols bgp {

export policy; import policy; group external { export policy;

import policy; neighbor 192.168.200.1{ export policy; import policy;

} }}