Network Working Group                                           R. White
Internet-Draft                                                  Verisign
Intended status: Experimental                                  A. Retana
Expires: January 10, 2013                            Hewlett-Packard Co.
                                                                S. Hares
                                                                  Hauwei
                                                            July 9, 2012


                    Filtering of Overlapping Routes
                 draft-white-grow-overlapping-routes-00

Abstract

   This document proposes a mechanism to remove a prefix when it
   overlaps with a functionally equivalent shorter prefix.  The proposed
   mechanism does not require any changes to the BGP protocol.

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF).  Note that other groups may also distribute
   working documents as Internet-Drafts.  The list of current Internet-
   Drafts is at http://datatracker.ietf.org/drafts/current/.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   This Internet-Draft will expire on January 10, 2013.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must
   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as



White, et al.           Expires January 10, 2013                [Page 1]


Internet-Draft         Overlapping Route Filtering             July 2012


   described in the Simplified BSD License.


Table of Contents

   1.  Introduction  . . . . . . . . . . . . . . . . . . . . . . . . . 3
   2.  Requirements Language . . . . . . . . . . . . . . . . . . . . . 3
   3.  Overlapping Route Filtering Mechanism . . . . . . . . . . . . . 3
     3.1.  Marking Overlapping Routes  . . . . . . . . . . . . . . . . 4
     3.2.  Preferring Marked Routes  . . . . . . . . . . . . . . . . . 4
       3.2.1.  Using a Cost Community  . . . . . . . . . . . . . . . . 4
       3.2.2.  Using the Local Preference  . . . . . . . . . . . . . . 5
     3.3.  Handling Marked Routes Within the AS  . . . . . . . . . . . 5
     3.4.  Handling Marked Routes at the Outbound Edge . . . . . . . . 5
   4.  An Example of Automatic Filtering of TE Routes  . . . . . . . . 5
   5.  Benefits and Implications . . . . . . . . . . . . . . . . . . . 6
     5.1.  Advantages to the Service Provider  . . . . . . . . . . . . 6
     5.2.  Advantages to the Customer  . . . . . . . . . . . . . . . . 6
     5.3.  Advantages to the Internet  . . . . . . . . . . . . . . . . 6
     5.4.  Implications for Router processing  . . . . . . . . . . . . 7
     5.5.  Implications for Traffic engineering  . . . . . . . . . . . 7
     5.6.  Implications for Convergence Time . . . . . . . . . . . . . 7
   6.  Security Considerations . . . . . . . . . . . . . . . . . . . . 7
   7.  IANA Considerations . . . . . . . . . . . . . . . . . . . . . . 7
   8.  Acknowledgements  . . . . . . . . . . . . . . . . . . . . . . . 8
   9.  References  . . . . . . . . . . . . . . . . . . . . . . . . . . 8
     9.1.  Normative References  . . . . . . . . . . . . . . . . . . . 8
     9.2.  Informative References  . . . . . . . . . . . . . . . . . . 8
   Authors' Addresses  . . . . . . . . . . . . . . . . . . . . . . . . 8






















White, et al.           Expires January 10, 2013                [Page 2]


Internet-Draft         Overlapping Route Filtering             July 2012


1.  Introduction

   One cause of the growth of the global Internet's default free zone
   table size is overlapping routes injected into the routing system to
   steer traffic among various entry points into a network.  Because
   padding AS Path lengths can only steer inbound traffic in a very
   small set of cases, and other mechanisms used to steer traffic to a
   particular inbound point are ineffective when multiple upstream
   providers are in use, advertising longer prefixes is often the only
   possible way for an AS to steer traffic into specific entry points
   along its edge.

   These longer prefix routes, called overlapping routes in this
   document, are often advertised along with a shorter prefix route,
   called a covering route, in order to ensure connectivity in the case
   of link or device failures.  Overlapping routes not only add to the
   load on routers in the Internet core by simply expanding the table
   size; these routes are often less stable than the covering routes
   they are paired with.  Overall, then, it is desirable to remove
   overlapping routes from the global routing table where possible.

   However, given the importance of an autonomous system's ability to
   steer traffic into specific entry points, simply removing the longer
   prefixes in a longer prefix (overlapping)/shorter prefix (covering)
   pair of routes isn't a viable solution.

   This document proposes a mechanism to detect routes that have been
   injected into the global default free zone, and to remove routes that
   are no longer useful for steering traffic towards a specific entry
   point in a particular AS.  Removing these routes would reduce the
   global table in size, and reduce the instability of the global table,
   while removing no capabilities, nor increasing the average path
   length.  The mechanism proposed is simple to implement, requiring no
   changes to the BGP [RFC4271] protocol either in packet format or in
   the decision process.


2.  Requirements Language

   The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
   "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
   document are to be interpreted as described in [RFC2119].


3.  Overlapping Route Filtering Mechanism

   The handling of overlapping prefixes received from an external peer
   can be broken down into four parts: marking overlapping routes,



White, et al.           Expires January 10, 2013                [Page 3]


Internet-Draft         Overlapping Route Filtering             July 2012


   preferring marked routes, handling marked routes within the AS, and
   handling marked routes at the AS exit point.

   The initial step in successfully filtering overlapping routes is to
   identify and mark them.  This document proposes the use of a BGP
   community called BOUNDED for that purpose.  Because the operation
   suggested takes place inside an Autonomous System (AS), then any
   locally assigned community can be used.

   The term BOUNDED is used to refer to a locally assigned community
   used to mark overlapping routes, and to these marked routes as well.

3.1.  Marking Overlapping Routes

   As each prefix is received by a BGP speaker from an external peer, it
   is evaluated in the light of other prefixes already received.  If two
   prefixes overlap in space (such as 192.0.2.0/24 and 192.0.2.128/25),
   the longer prefix SHOULD be BOUNDED.

   A BGP speaker MAY also choose to check the AS_PATH attribute length
   and contents before marking a prefix as BOUNDED.

3.2.  Preferring Marked Routes

   Since the same overlapping route may be received at several peering
   points along the edge of the AS, and the covering route may not be
   present at each of these points, BOUNDED routes SHOULD be preferred
   over unmarked routes for overlapping routes to be properly handled.
   A router which marks an overlapping route SHOULD also use one of the
   two mechanisms described here to insure the marked route is preferred
   throughout the AS.

   Only one method described in this section SHOULD be deployed in any
   given AS.

3.2.1.  Using a Cost Community

   The RECOMMENDED method for preferring BOUNDED routes is to use a Cost
   Community [I-D.ietf-idr-custom-decision] with the Point of Insertion
   set to ABSOLUTE_VALUE.  This mechanism leaves all existing local
   policy controls in place within the AS.

   If this method is used, only the BOUNDED routes need to be tagged
   using a lower than default Cost, as routes without a Cost Community
   are considered to have the default value.






White, et al.           Expires January 10, 2013                [Page 4]


Internet-Draft         Overlapping Route Filtering             July 2012


3.2.2.  Using the Local Preference

   An alternate mechanism which may be used to prefer BOUNDED routes is
   to set their Local Preference to some number higher than the normal
   standard policy settings for a particular prefix.  It's not important
   that any particular BOUNDED route win over any other one; so simply
   adding a small amount to the normal Local Preference, as dictated by
   local policy, will ensure a BOUNDED route will always win over an
   unmarked route, so only these routes reach the outbound edge of the
   AS.

3.3.  Handling Marked Routes Within the AS

   Routes marked with the BOUNDED community MAY not be installed in the
   local RIB of routers within the AS.  This optional step will reduce
   local RIB and forwarding table usage and volatility within the AS.

3.4.  Handling Marked Routes at the Outbound Edge

   Routes marked with the BOUNDED community SHOULD NOT be advertised to
   external peers.  If they are advertised, they SHOULD then be marked
   with the NO_EXPORT community.


4.  An Example of Automatic Filtering of TE Routes

   Assume the following configuration of autonomous systems:
                    (   )
           /-------( AS2 )--------\
    (   ) /         (   )          \ (   )       (   )
   ( AS1 )                          ( AS4 )-----( AS5 )
    (   ) \         (   )          / (   )       (   )
           \-------( AS3 )--------/
                    (   )

   o  AS1 is advertising 192.0.2.128/25 to both AS2 and AS3.

   o  AS2 is advertising both 192.0.2.128/25 and 192.0.2.0/24 into AS4.

   o  AS3 is advertising 192.0.2.128/25 into AS4

   o  Each BGP connection (session) is handled by a seperate router
      within each AS (for instance, AS4 peers with AS2 and AS3 on a
      seperate routers).

   When the router in AS4 peering with AS2 receives both the
   192.0.2.128/25 and the 192.0.2.0/24 prefixes, it will mark
   192.0.2.128/25 as BOUNDED, and set a Cost Community (as described in



White, et al.           Expires January 10, 2013                [Page 5]


Internet-Draft         Overlapping Route Filtering             July 2012


   Section 3.2.1) so the marked overlapping route is preferred over
   unmarked routes within AS4.

   The border router between AS4 and AS3 will receive the longer prefix
   from AS3, and the preferred BOUNDED overlapping route through iBGP.
   It will prefer the marked route, so the unmarked route towards
   192.0.2.128/25 will not be advertised throughout AS4.

   If the link between AS1 and AS2 fails, the longer length prefix will
   be withdrawn from AS2, and thus the peering point between AS2 and AS4
   will no longer have an overlapping set of prefixes.  Within AS4, the
   border router which peers with AS2 will cease advertising the
   192.0.2.128/25 prefix, which allows the AS3/AS4 border router to
   begin advertising it into AS4, and through AS4 into AS5, restoring
   connectivity to AS1.


5.  Benefits and Implications

   The benefits and implications associated with this proposal are
   discussed in the sections below.  The text references the sample
   network in Section 4.

5.1.  Advantages to the Service Provider

   AS4, in each of the situations, reduces the number of prefixes
   advertised to transit peering autonomous systems by the number of
   longer prefixes that overlap with aggregates of those prefixes, so
   that AS5 receives fewer total routes, and a more stable routing
   table.  While one copy of the prefix continues to be carried through
   the autonomous system, this entry can be removed from the local
   forwarding table.

5.2.  Advantages to the Customer

   In the example given here, the customer is represented as AS1.  The
   customer will continue to receive some amount of traffic over both
   peering sessions, and dual homing through two Service Providers is
   still effective.  If the customer's primary link fails, the alternate
   link through AS3 will take over receiving all inbound traffic
   automatically.

5.3.  Advantages to the Internet

   Beyond the second AS hop, aggregation is preserved in all cases.
   While this would not reduce the backbone routing table by the
   dramatic amounts that other methods might, the advantages to the
   community are large, and the risk to individual autonomous systems



White, et al.           Expires January 10, 2013                [Page 6]


Internet-Draft         Overlapping Route Filtering             July 2012


   and providers is small.

5.4.  Implications for Router processing

   This proposal requires all BGP speakers to perform an additional
   check on receiving a route, checking the route against existing
   routes for overlapping coverage of a set of reachable destinations.
   This additional work, in terms of processing requirements, should be
   easily offset by the overall savings in processing through the
   reduction of the global default free zone table size, and the
   additional stability in the routing table due to the removal of
   longer length prefixes.

5.5.  Implications for Traffic engineering

   The implementation of filtering overlapping routes as described in
   this document risks magnifying or removing the effect of certain
   widely deployed traffic engineering methods.  If, for example, an AS
   chose to prepend its own route to an announcement in order to alter
   the preference for that route, a BGP neighbor using automatic
   filtering of overlapping routes might now see that route as eligible
   for discard in favor of an aggregate.  It should be fairly easy to
   define a local policy to work around that particular problem.

5.6.  Implications for Convergence Time

   If the route to the AS providing the route to the aggregate should be
   lost, the more-specific must propagate into the ASes which had
   formerly heard only the aggregate.  This increases convergence time
   and may create situations in which reachability is temporarily
   compromised.  Unlike the filter case, however, normal BGP behavior
   should restore reachability without changes to the router
   configuration.


6.  Security Considerations

   This document presents a mechanism for an autonomous system to mark
   and filter overlapping prefixes.  Note that the result if this
   operation is akin to the implementation of local route filtering at
   an AS boundary.  As such, this document doesn't introduce any new
   security risks.


7.  IANA Considerations

   This document has no IANA actions.




White, et al.           Expires January 10, 2013                [Page 7]


Internet-Draft         Overlapping Route Filtering             July 2012


8.  Acknowledgements

   Cengiz Alaentinoglu, Daniel Walton, David Ball, Ted Hardie, Jeff
   Hass, and Barry Greene gave valuable comments on this document.


9.  References

9.1.  Normative References

   [RFC2119]  Bradner, S., "Key words for use in RFCs to Indicate
              Requirement Levels", BCP 14, RFC 2119, March 1997.

9.2.  Informative References

   [I-D.ietf-idr-custom-decision]
              Retana, A. and R. White, "BGP Custom Decision Process",
              draft-ietf-idr-custom-decision-01 (work in progress),
              May 2012.

   [RFC4271]  Rekhter, Y., Li, T., and S. Hares, "A Border Gateway
              Protocol 4 (BGP-4)", RFC 4271, January 2006.


Authors' Addresses

   Russ White
   Verisign
   12061 Bluemont Way
   Reston, VA  20190
   USA

   Email: riwhite@verisign.com


   Alvaro Retana
   Hewlett-Packard Co.
   2610 Wycliff Road
   Raleigh, NC  27607
   USA

   Email: alvaro.retana@hp.com









White, et al.           Expires January 10, 2013                [Page 8]


Internet-Draft         Overlapping Route Filtering             July 2012


   Susan Hares
   Hauwei
   USA

   Email: skh@ndzh.com














































White, et al.           Expires January 10, 2013                [Page 9]