In part 4 of this BGP webinar series, we cover how to optimize Autonomous System paths, especially in cases of suboptimal international routes. Tips include monitoring layer 3 forwarding alongside BGP, monitoring reverse paths, layering covering prefixes, as well as prepending and MED.
Starting from key concepts, you'll learn how to recognize route leaks and hijacks in the data, alert for these events and proactively mitigate their impact. See the webinar recording at https://www.thousandeyes.com/webinars/detecting-hijacks-and-leaks
2. About ThousandEyes
Network Intelligence platform
that gives you a complete picture
from users to internal and cloud-
based applications
Surface insights from a
global data set
Lightweight, flexible
data collection
Unified view of diverse
performance data
Solve issues across
shared infrastructure
See any network like it’s
your own
3. 2
• Generally prefers the
shortest AS Path
• Generally trusted
advertisements
• Has quick convergence
across the Internet
• Follows the route of the
most specific prefix
BGP Strengths and Limitations
• It’s often not the most
performant
• Hijacks and leaks, even
from trusted sources
• Flapping and route
instability
• Many covered prefixes
not finely tuned
BGP… Yet…
4. 3
When BGP Delivers Suboptimal Results
• Developing
country
connections
• Peering at
remote IXs
• Underlying
capacity
issues
Examples
Two sources in Taiwan,
one target in Taiwan,
one path via the U.S. (80-150ms)
6. 5
1. Monitor the layer 3 path
2. Monitor both forward and reverse paths
3. Evaluate your peering policies
4. Layer covering and covered prefixes
5. Prepending, MED and advertisements
6. Consider Anycast where appropriate
Optimizing AS Paths
7. 6
• Map actual traffic paths
to BGP routes
• Understand loss and
latency of the path
• Does the path double-
back across the Pacific?
Peer in Frankfurt?
Monitor the Layer 3 Path
Optimizing BGP #1:
Intra-Asia traffic peering in LAX
8. 7
• See how asymmetric
routing impacts
performance
• Decompose loss and
latency in each direction
• Agent-to-Agent tests for
reverse path; Private
BGP Monitors for reverse
routes
Monitor Both Forward & Reverse Path
Optimizing BGP #2:
EWRàLON via Zayo
EWRßLON via Telia
DFWàLON via Telia
DFWßLON via Softlayer
9. 8
• Reduce suboptimal
routing by increasing
peering
• Consider primary ISPs
with most/nearest
peering connections
• Consider peering with a
regional IXP
How Well Do You Peer?
Optimizing BGP #3: Google’s peering
10. 9
• Use prefixes to your
advantage
• Place backup
policies/routes in a
covering prefix
• Especially for DDoS
mitigation, failover routes
Covered & Covering Prefixes
Optimizing BGP #4:
11. 10
• Prepending can make a route
less desirable, but can have
unintended consequences
• MED can signal which routes your
prefer to be be propagated
• Communities can be used to
coordinate route propagation with
your ISP
Prepending, MED and Communities
Optimizing BGP #5:
12. 11
• For some services (even
TCP!) Anycast can make
sense
• Broadcast routes for the
same prefix from multiple
origins
• Make sure to validate
optimal routes
Consider Anycast
Optimizing BGP #6:
J Root:
6 origin Autonomous Systems
14. 13
Demo 1: Suboptimal BGP Routing between UK and China
Baidu.com hosted in
China
At 9:55 UTC, Traffic from
Manchester to Baidu.com
traverses the Sprint network in
US
15. 14
Demo 1: Suboptimal BGP Routing between UK and China
BGP Route Visualization for the
covered prefix 123. 125.65.0/18
Validate BGP
routes for both
covered and
covering prefixes
16. 15
Demo 1: Suboptimal BGP Routing between UK and China
DNS round robin
resolves baidu.com
to a different IP
address in every
iteration
For the new destination IP
address, traffic path and
BGP routing is optimized.
At 9:50 UTC, traffic from
Manchester to Baidu.com
(hosted in Beijing) takes a
shorter path and does NOT
traverse the US
17. 16
Demo 2: Prepending error with BGP Route Change
Path Visualization indicates a single
upstream ISP “Access2Go” for
Country Financial before the outage.
Connectivity issues indicated by a dip
in availability and increased packet
loss to Country Financial
18. 17
Demo 2: Prepending error with BGP Route Change
BGP Route
Visualization
confirms that AS
40948 (Access2Go)
is the only upstream
providers for the
origin network, AS
AS 10511(Country
Financial)
19. 18
Demo 2: Prepending error with BGP Route Change
After the outage, Country
Financial peers with Qwest
Communications and not
Access2Go.
20. 19
Demo 2: Prepending error with BGP Route Change
BGP Path
Visualization confirms
AS 209 (Quest)
peering with origin AS
10511 (Country
Financial)
But who is AS 15011?
And no monitors peer
with AS 15011
21. 20
Demo 2: Prepending error with BGP Route Change
AS 15011 belongs to
Jaguar
Communication and
was mistakenly
included in the BGP
AS Path while using
path prepending to
increase the cost of
the BGP path .
22. 21
See what you’re missing.
Watch the webinar
www.thousandeyes.com/webinars/optimizing-as-paths