BGP経路問題発生時の行動を考えよう AS？なくても大丈夫だ

Slide 1

Slide 1 text

"4ʁͳͯ͘΋େৎ෉ͩ Shintaro Kojima ίʔμϯε / @codeout #(1ܦ࿏໰୊ൃੜ࣌ͷߦಈΛߟ͑Α͏

Slide 2

Slide 2 text

ϑϦʔϥϯεͷ ωοτϫʔΫΤϯδχΞͰ͢ ͱ͘ʹಛఆͷ૊৫ʹଐͯ͠ͳ͍ 2

Slide 3

Slide 3 text

ɺϒϩάॻ͖·ͨ͠ 3

Slide 4

Slide 4 text

ͦͦ͜͜ಡ·Εͨ 4 http://b.hatena.ne.jp/hotentry/it

Slide 5

Slide 5 text

֨ͷ͕͍ͪ 5 http://b.hatena.ne.jp/hotentry/it

Slide 6

Slide 6 text

ΠϯλʔωοτΛถࠃࢹ఺ͰΈͯͨΓɺ  ো֐ΛਅԣͰ؍ଌͰ͖ͯΔ͋ͨΓ͕͍͢͝ 6 • "広報された宛先向けの通信が  ถ国経由になった" • "େ量の経路広報を受信した" https://www.attn.jp/maz/p/t/pdf/20170825-routeleakage.pdf

Slide 7

Slide 7 text

࣋ͨ͟Δऀ΋ઓ͑Δ w ܦ࿏Λه࿥ͯ͠ͳ͍ w ࠃࡍճઢ͕ͳ͍ 7 ৔߹Ͱ΋ɺެ։͞Ε͍ͯΔ৘ใ͔Βো֐Λߟ͑ɺ  ରࡦ͢Δ͜ͱ͕Ͱ͖Δ͸ͣ

Slide 8

Slide 8 text

Ϟνϕʔγϣϯ 8 େͳΓখͳΓܦ࿏ো֐ͷӨڹΛड͚ͨɻ ো֐ͷݪҼΛ஌ͬͯɺ࣍͸ࢭΊ͍ͨɻ

Slide 9

Slide 9 text

ͱ͍͏࿩Λ͠·͢ w ܦ࿏ো֐ɺͲ͏΍ͬͯௐ΂Δʁ w ͷέʔεελσΟ 9

Slide 10

Slide 10 text

ܦ࿏ো֐ɺͲ͏΍ͬͯௐ΂Δʁ σʔλιʔε w .35%VNQ w 3PVUF7JFXT1SPKFDU w 3*1&3*4 w -PPLJOH(MBTT w 3*1&TUBU#(1MBZ w "4෼ੳσʔλ w DBJEB"43FMBUJPOTIJQT 10 AS間の関係を推測するのに使う

Slide 11

Slide 11 text

3PVUF7JFXT1SPKFDU 11 ੈքதͷ*9ʹίϨΫλʔΛஔ͖ɺ  #(16QEBUFͱ3*#ͷه࿥Λެ։ͯ͘͠Εͯ ͍Δ  ˠͷ΂"4ͷϕετύεมԽΛ ͳΜͱͳ͘ͱΒ͑Δ͜ͱ͕Ͱ͖Δ ⚠ ݟ͑ͳ͍ܦ࿏มԽ͕͋Δ͜ͱʹ஫ҙ

Slide 12

Slide 12 text

.35ΞʔΧΠϒΛऔͬͯ ͖ͯ1PTUHSF42-ʹೖΕΔ 12 createdb -E UTF8 -T template0 route_leak ruby route_views.rb migrate route_leak for i in 0300 0315 0330 0345; \ ruby route_views.rb update download 20170825.$i ruby route_views.rb update load route_leak ruby route_views.rb rib download 20170825.0200 ruby route_views.rb rib load route_leak ͱ͍͏ϓϩάϥϜΛॻ͘ ˠαϯϓϧ

Slide 13

Slide 13 text

13 SELECT masklen(prefix) AS len, count(distinct prefix) \  FROM updates WHERE \  ix='wide' AND neighbor_as=2497 AND aspath ='2497 701 15169 4713' AND \ time > '2017-08-25 03:23'::TIMESTAMP AND \ time < '2017-08-25 03:35'::TIMESTAMP \ GROUP BY len ORDER BY count DESC LIMIT 10; len | count -----+------- 24 | 16594 22 | 3035 23 | 2432 21 | 1764 20 | 868 19 | 79 16 | 29 18 | 15 17 | 10 15 | 3 (10 rows) ͻͨ͢Β4&-&$5

Slide 14

Slide 14 text

14 ࣮ࡍ͸+VQZUFS/PUFCPPLͱ͔Ͱ

Slide 15

Slide 15 text

ͷέʔεελσΟ 15 ࣋ͨ͟Δऀࢹ఺ͰΈ͑ͨ͜ͱ

Slide 16

Slide 16 text

16 EJYJFͰݟ͑ͨΞοϓσʔτ਺ d 65$ #(16QEBUF͕ٸ૿

Slide 17

Slide 17 text

17 route_leak=# SELECT count(distinct prefix) FROM updates WHERE time >= '2017-08-25 03:23'::TIMESTAMP AND time < '2017-08-25 03:35'::TIMESTAMP AND ix = 'wide' AND withdraw IS NOT TRUE; count -------- 122891 (1 row) route_leak=# SELECT distinct count(distinct prefix) FROM updates  JOIN rib USING (prefix) WHERE updates.time >= '2017-08-25 03:23'::TIMESTAMP AND  updates.time < '2017-08-25 03:35'::TIMESTAMP AND updates.ix = 'wide' AND rib.ix = 'wide' AND withdraw IS NOT TRUE; count ------- 30972 (1 row) #(1Ξοϓσʔτͷத਎1SFpY਺ 122,891 - 30,972 = 91,919৽ن1SFpY

Slide 18

Slide 18 text

؍ଌ w ೔ຊۙลͰɺສܦ࿏;͑ͨ ىͬͨ͜Ͱ͋Ζ͏͜ͱ w ܦ࿏ٸ૿ʹΑΔෛՙ w ܦ࿏ٸ૿ʹΑΔ3*#'*#͋;Ε 18

Slide 19

Slide 19 text

19 EJYJF "4ܦ༝ Ͱݟ͑ͨɺ  "4@1"5)͋ͨΓͷ1SFpY਺

Slide 20

Slide 20 text

20 EJYJF "4ܦ༝ Ͱݟ͑ͨɺ  "4@1"5)͋ͨΓͷ1SFpY਺ ͳΜͱͳ͘ɺ"4͕ڬ·͍ͬͯΔʁ

Slide 21

Slide 21 text

21 EJYJF "4ܦ༝ Ͱݟ͑ͨɺ  "4@1"5)͋ͨΓͷ1SFpY਺ ѹ౗త

Slide 22

Slide 22 text

22 2497 701 15169 4713 w (PPHMF ͕0$/ Λ τϥϯδοτ͍ͯ͠Δͷ͸͓͔͍͠ w ͦͷ΄͔ͷ"4ؔ܎͸Θ͔Βͳ͍ ˠॏཁͳ͜ͱͳͷͰɺਪଌ͍ͨ͠

Slide 23

Slide 23 text

23 2497 701 15169 4713 route_leak=# SELECT aspath, count(aspath) FROM updates WHERE aspath ~ '701 15169' GROUP BY aspath ORDER BY count DESC; aspath | count --------------------------------------------------------+-------- 286 701 15169 4713 | 105228 2497 701 15169 4713 | 100706 7500 2516 701 15169 4713 | 49684 34288 15576 8220 5511 701 15169 4713 | 49662 286 701 15169 7029 | 41958 286 701 15169 9121 | 33838 w ͷܦ࿏ΛΑ͘ΈΔͱʜ286 701 15169... w 286 / 5511 ↔ 701ϐΞͱࢥΘΕΔ  ˠ701 ↔ 15169͸τϥϯδοτͱࢥΘΕΔ ⚠ 701͕ϛεͬͯͳ͚Ε͹ɺͱ͍͏લఏ

Slide 24

Slide 24 text

2497 701 15169 4713 ͷܦ࿏Λద౰ ʹҾ͘  → 12956 701 2497  ͱ͍͏ܦ࿏͕ݟ͑Δ  → 12956 ↔ 701   ͸ϐΞͱࢥΘΕΔ  ˠ701 ↔ 2497 ͸  τϥϯδοτͱࢥΘΕΔ

Slide 25

Slide 25 text

25 2497 701 15169 4713 ·ͱΊΔͱɺͨͿΜ͜͏ AS4713 (OCN) AS15169 (Google) AS701 (Verizon) AS2497 (IIJ) ࠓճͷܦ࿏ͷྲྀΕ ຊདྷͷܦ࿏ͷྲྀΕ

Slide 26

Slide 26 text

26 ٙ໰ AS4713 (OCN) AS15169 (Google) AS701 (Verizon) AS2497 (IIJ) ࠓճͷܦ࿏ͷྲྀΕ ຊདྷͷܦ࿏ͷྲྀΕ ͜ͷܦ࿏͕ϕετʹͳͬͨͷ͸ͳ͔ͥʁ

Slide 27

Slide 27 text

27 EJYJF "4ܦ༝ Ͱݟ͑ͨɺ  1SFpY௕͋ͨΓͷ1SFpY਺  2497 701 15169 4713ݶఆ ࡉ͔͍ܦ࿏ʹٵ͍ࠐ·Ε༷ͨࢠ

Slide 28

Slide 28 text

؍ଌ w Λ͸͡Ίͱ͢Δࡉ͔͍ܦ࿏͕૿͑ͨ ىͬͨ͜Ͱ͋Ζ͏͜ͱ w -POHFTU.BUDIʹΑΓࣗ"4Ѽͯͷύ έοτ͕ɺ·ͨ͸ࣗ"4ൃͷύέοτ͕ ٵ͍ࠐ·Εͨˠ%SPQ3BUF͸ະ֬ೝ 28

Slide 29

Slide 29 text

؍ଌ ৽ͨͳٙ໰ w ࡉ͔͍ܦ࿏͸Ͳ͔͜Βདྷͨʁ w ͷೖΓޱͰࢭ·Βͳ͔ͬͨͷ͸ͳ͔ͥʁ 29 AS4713 AS1516 AS701 AS2497

Slide 30

Slide 30 text

30 ٙ໰ࡉ͔͍ܦ࿏͸Ͳ͔͜Βདྷͨʁ ॴ༗ऀ ͕ΦϦδωʔτ͍ͯͨ͠ "4@1"5)ͷ్தͷ"4͕෼ׂ͍ͯͨ͠ શ͘ผͷ"4͕޿ࠂ͍ͯͨ͠ ˠͷՄೳੑ͕͋Γͦ͏ ਪଌ

Slide 31

Slide 31 text

8/25 のみ 31 ී௨ɺ͜͏͸ͳΒͳ͍ɻʹ؍ଌ͞Εͨܦ࿏ͷ͏ͪɺ w Λ"4@1"5)ʹؚΉ"4@1"5)௕ͷܦ࿏਺ˠ30,700 w ͦͷ͏ͪɺ͜ͷΑ͏ͳλΠϓͷܦ࿏਺ˠ20,457 w ಛผΞϨϯδͦΜͳʹଟ͍ʁˠ஥հऀ͕ΦϦδωʔτ͍ͯ͠ΔͷͰ͸ʁ 2497 701 15169 9264 1659 AS9264 AS15169 AS1659 ❌

Slide 32

Slide 32 text

32 ٙ໰ ͷೖΓޱͰࢭ·Βͳ͔ͬͨͷ͸ͳ͔ͥʁ ココ Α͘෼͔Βͳ͍ɻී௨͸ϑΟϧλʔ͞Εͦ͏ AS4713 (OCN) AS15169 (Google) AS701 (Verizon) AS2497 (IIJ)

Slide 33

Slide 33 text

ւ֎ͷ*9͸Ͳ͏͔ *9 "4 ผͷɺ"46QEBUF਺ 33 3PVUF7JFXTͱܨ͕͍ͬͯΔͷ΂"4 ͷ͏ͪɺӨڹ͋ͬͨͷ͸"4͘Β͍

Slide 34

Slide 34 text

؍ଌ w άϩʔόϧͰΈΕ͹ɺӨڹ͋ͬͨ"4ͱ ͳ͔ͬͨ"4͕͋Δ ਪଌ w ద੾ʹܦ࿏ϑΟϧλʔ͕ޮ͍ͨʁ w ΋͘͠͸ɺͦ΋ͦ΋ϦʔΫ͕ͳ͔ͬͨʁ w ΋͘͠͸ɺϐΞ͝ͱམͪͨʁ 34

Slide 35

Slide 35 text

؍ଌͱٙ໰·ͱΊ 35 w ܦ࿏਺͕ສ ؍ଌ w ͦͷଟ͘͸ͳͲɺࡉ͔͍ܦ࿏ ؍ଌ w ීஈ͸Πϯλʔωοτʹଘࡏ͠ͳ͍ ٙ໰ ٞ࿦͍ͨ͠఺ w ࡉ͔͍ܦ࿏͸Ͳ͔͜Βདྷͨʁॴ༗ऀ͕޿ࠂ͍ͯͨ͠΍ͭʁ w τϥϯδοτͷܦ࿏ϑΟϧλʔͰࢭ·Βͳ͔ͬͨͷ͸ͳͥʁ  ࢭ·ͬͨέʔε΋͋Γͦ͏ͳͷʹ w ࣗӴ͢Δํ๏͸͋Δ͔ʁ

Slide 36

Slide 36 text

ϙΠϯτ 36 ύϒϦοΫͳσʔλιʔε͔Β ͜͜·Ͱ෼͔Γ·͢ɻ   .35%VNQײँ

Slide 37

Slide 37 text

37 +"/0(΍/"/0(ͳͲͰ΋ ༷ʑͳٞ࿦͕ ରࡦ

Slide 38

Slide 38 text

ࣗӴ͍ͨ͠ 38 自 AS Peer AS Transit AS ܦ࿏ Transit AS 経路障害につよいトランジットを選ぶ

Slide 39

Slide 39 text

ࣗӴ͍ͨ͠ 39 自 AS Peer AS Transit AS ܦ࿏ Transit AS RIB / FIB の限界を知っておく経路数の監視

Slide 40

Slide 40 text

ࣗӴ͍ͨ͠ 40 自 AS Peer AS Transit AS ܦ࿏ Transit AS Max Pref or  maximum-prefix maximum discard- extra-paths (IOS-XR) Max Pref

Slide 41

Slide 41 text

ࣗӴ͍ͨ͠ 41 自 AS Peer AS Transit AS ܦ࿏ Transit AS NO-EXPORT? ? Max Pref Out Max Pref Out

Slide 42

Slide 42 text

Ϟνϕʔγϣϯ 42 େͳΓখͳΓܦ࿏ো֐ͷӨڹΛड͚ͨɻ ো֐ͷݪҼΛ஌ͬͯɺ࣍͸ࢭΊ͍ͨɻ ˠ͍͍ΞΠσΞ͋Γ·ͤΜ͔ʁ