How the Internet works

Transcript

1. HOW THE INTERNET WORKS

2. HOW STATIC ROUTING WORKS

3. ROUTER 1.1.1.1 2.2.2.1 ROUTER 1.1.1.2 3.3.3.1 2.2.2.0/24 3.3.3.0/24 1.1.1.0/24 2.2.2.0/24

   via 1.1.1.1 3.3.3.0/24 1.1.1.0/24 2.2.2.0/24 3.3.3.0/24 via 1.1.1.2 1.1.1.0/24

4. ROUTER 1.1.1.1 2.2.2.1 ROUTER 1.1.1.2 3.3.3.1 2.2.2.0/24 3.3.3.0/24 0.0.0.0/0 via

   1.1.1.1 1.1.1.0/24 2.2.2.0/24 via 1.1.1.1 3.3.3.0/24 0.0.0.0/0 via <ISP> 1.1.1.0/24 2.2.2.0/24 3.3.3.0/24 via 1.1.1.2 1.1.1.0/24

5. HOW ISPS WORK

6. IP transit ISPs provide by peering with other ISPs.

7. IP transit $

8. IP transit $ Gateway Traffic TB

9. Peering Gbit/s Routes Gbit/s Routes

10. ROUTER 1.1.1.1 2.2.2.1 ROUTER 1.1.1.2 3.3.3.1 2.2.2.0/24 3.3.3.0/24 1.1.1.0/24 2.2.2.0/24

    via 1.1.1.1 3.3.3.0/24 1.1.1.0/24 2.2.2.0/24 3.3.3.0/24 via 1.1.1.2 1.1.1.0/24

11. Tier 1 Tier 2 Tier 3

12. HOW AN IXP WORKS

13. None
14. None
15. None
16. None

17. Layer 2

18. IXP $ GBit/s

19. Layer 2

20. Layer 3

21. None
22. None

23. HOW AN AS WORKS

24. None
25. None
26. None
27. None
28. None

29. An AS is any BGP-speaking party and their single-homed customers.

30. A B

31. A B

32. A B

33. HOW BGP WORKS

34. 6 4 1 7 5 2 8 9 0 3

    A B

35. 6 4 1 7 5 2 8 9 0 3

    A B

36. 6 4 1 7 5 2 8 9 0 3

    A B Best path to B 1 1 2 2 1 3 3 1 4 4 1 5 5 2 1 6 6 4 1 7 7 4 1 8 8 5 2 1 9 9 7 4 1 0 0 3 1

37. 6 1 7 5 2 8 9 0 A B

    Best path to B 1 1 2 2 1 3 3 1 4 4 1 5 5 2 1 6 6 4 1 7 7 4 1 8 8 5 2 1 9 9 7 4 1 0 0 3 1

38. 6 1 7 5 2 8 9 0 A B

    Best path to B 1 1 2 2 1 3 3 1 4 4 1 5 5 2 1 6 6 5 2 1 7 7 5 2 1 8 8 5 2 1 9 9 7 5 2 1 0 0 8 5 2 1

39. TRAFFIC ENGINEERING • Prefix length • LocalPref • MED •

    prepending AS path • BGP communities
40. None
41. None

42. HOW BGP WORKS i

43. None
44. None
45. None
46. None

47. eBGP

48. iBGP eBGP

49. iBGP eBGP

50. iBGP neighbors will NOT share routes received from other iBGP

    neighbors.

51. iBGP eBGP

52. None

53. RR RR

54. RR 3 4 RR 1 2

55. RR 3 4 RR 1 2

56. WHAT THE REAL WORLD LOOKS LIKE

57. None

58. router id 1.2.3.4; protocol static { route 1.2.0.0/16 reject; }

    protocol bgp { local as 12345; neighbor 1.2.3.5 as 54321; import all; export all; } protocol kernel { export all; }

59. $ show ip bgp summary BGP4 Summary Router ID: 192.65.184.1

    Local AS Number: 513 Confederation Identifier: not configured Confederation Peers: Cluster ID: 513 Maximum Number of IP ECMP Paths Supported for Load Sharing: 4 Number of Neighbors Configured: 24, UP: 24 Number of Routes Installed: 1097774, Uses 94408564 bytes Number of Routes Advertising to All Neighbors: 2318920 (592932 entries), Uses 28460736 bytes Number of Attribute Entries Installed: 352298, Uses 31706820 bytes Neighbor Address AS# State Time Rt:Accepted Filtered Sent ToSend 62.40.100.9 20965 ESTAB 16d 0h 7m 23 0 28 0 62.40.124.157 20965 ESTAB 16d 0h 7m 16573 0 28 0 83.97.88.33 21320 ESTAB 16d 0h 7m 312084 0 28 0 192.16.155.2 59624 ESTAB 8d 6h19m 23 0 28 0 192.16.155.18 2697 ESTAB 16d 0h 6m 3 0 28 0 192.16.155.22 24167 ESTAB 16d 0h 7m 8 0 28 0 192.16.155.30 17579 ESTAB 5d21h22m 1 0 28 0 192.16.155.66 43115 ESTAB 16d 0h 7m 1 0 28 0 192.65.184.2 513 ESTAB 16d 0h 6m 132703 0 547043 0 192.65.184.3 513 ESTAB 16d 0h 4m 7032 0 585789 0 192.65.184.24 513 ESTAB> 16d 0h 4m 1 0 592820 0 192.65.184.138 32361 ESTAB 16d 0h 6m 5 0 28 0 192.65.184.150 2603 ESTAB 16d 0h 7m 953 0 28 0 192.65.184.210 559 ESTAB 16d 0h 7m 14045 0 28 0 192.65.184.214 293 ESTAB 16d 0h 7m 129 0 28 0 192.65.184.218 559 ESTAB 16d 0h 7m 14045 0 28 0 192.65.184.221 559 ESTAB 16d 0h 7m 14045 0 28 0 192.65.196.3 513 ESTAB 16d 0h 7m 11 0 1 0 192.65.196.4 513 ESTAB 16d 0h 4m 9 0 1 0 192.65.196.5 513 ESTAB 16d 0h 7m 9 0 1 0 193.51.191.214 2200 ESTAB 13d 9h41m 147 0 28 0 193.159.166.221 3320 ESTAB 16d 0h 7m 585911 0 28 0

60. $ show ip bgp 8.8.8.8 Number of BGP Routes matching

    display condition : 3 Status codes: s suppressed, d damped, h history, * valid, > best, i internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop MED LocPrf Weight Path *>i 8.8.8.0/24 192.65.184.3 10 65000 100 15169 * 8.8.8.0/24 83.97.88.33 20 65000 100 21320 15169 * 8.8.8.0/24 193.159.166.221 10 64000 100 3320 3320 15169 Last update to IP routing table: 16d0h7m55s, 1 path(s) installed: Route is advertised to 3 peers: 192.65.184.2(513) 192.65.184.4(513) 192.65.184.24(513)
61. None
62. None
63. None
64. None
65. None

66. Filtering

67. Back in September 2005, Telefonica (AS12956) got in trouble with

    many providers for accepting a network 12.0.0.0/8, from their customer (AS26210, AES Comunicaciones from Bolivia). This network is normally advertised and owned by AT&T (AS7018). But Telefonica is not the only network to have committed such a grievous error. In fact, Telefonica isn’t even the only network to have erroneously pretended to route traffic to this network–12.0.0.0/8–in the month of September! Ncore, AS12676, also claimed to have that same network. Bad news. But obviously a common occurrence.

68. On Christmas Eve 2004, a Turkish ISP basically announced it

    was the destination for every site on the internet.

69. On February 24th, 2008, a Pakistani ISP ordered to restrict

    access to YouTube mistakenly announced a YouTube subnet, rerouting large amounts of traffic to Pakistan.

70. On August 12th, 2014, the global BGP table exceeded 512000

    entries, crashing routers at Microsoft, LastPass and eBay.

71. In August 2013, Italian Military Police hijacked a prefix belonging

    to a defunct hosting provider, where they had previously hosted a CnC server for a TAO.

72. The Internet works. But those who work close to the

    middle of it may marvel on an ongoing basis that it works at all, much less as well as it does. In this way, the Internet models much of the rest of industrial society: It teeters as close as it can to the precipice, veering away from collapse only when it truly needs to, and only when enough of us look over the edge and decide we don’t really want to fall. Here’s to another year of not quite falling.

73. bgpmon.net/blog stat.ripe.net