JP2011055334A - Bgp failure location estimating method and apparatus - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To provide a BGP (Border Gateway Protocol) failure location estimating method and an apparatus therefor, which accurately estimate a failure location based on variation in the number of prefixes via each AS (Autonomous System) link in a BGP network. <P>SOLUTION: In the BGP failure location estimating apparatus, a BGP message receiving section 11 receives a BGP Update message announced from each AS. An AS path extracting section 12 extracts an AS path from the BGP Update message. An optimal path calculating section 13 calculates an optimal path from the AS to another AS based on the AS path extracted, and registers the calculated path on a path table 14 as path information. A prefix calculation section 15 includes An extracting section 15a for extracting an AS link of each AS path, and a prefix selecting part 15b for calculating the number of prefixes for each AS link extracted only for prefixes starting with one AS to another AS, and calculates the total number of prefixes on each AS link. A failure location estimating section 16 estimates a failure location based on a result of calculating the total number of prefixes. <P>COPYRIGHT: (C)2011,JPO&INPIT

Description

  The present invention relates to a BGP fault location estimation method and apparatus for estimating a fault location based on a change in the number of paths (prefix) passing through a link between ASs for a BGP network.

  The current Internet is a collection of domains based on a small autonomous network (AS) owned and operated by each organization. Each domain has a BGP (Border Gateway Protocol) with a specific other domain. They are connected to each other by performing peering.

  In the BGP network, each AS router internally manages a routing table called RIB. The routing table is constructed by exchanging each other's routing information by BGP, and based on this routing table, it is addressed to a predetermined network. The optimum route for transferring data is determined. The route information includes a prefix (a combination of an IP address and the number of bits of the subnet mask) that is a set of destination addresses and a path attribute, and the prefix may be expressed as a route.

  If a certain destination address is registered in the route table, the route table indicates that a route (AS path) from the corresponding router to the destination address exists and the packet is reachable. The route information is described in a BGP route update message (BGP Update message) and periodically publicized. The router of each AS extracts the AS path described in the received BGP Update message, and based on this, it extracts itself. Update the routing table.

  Non-Patent Documents 1 and 2 calculate the number of prefixes (number of routes) that pass through each AS link from the BGP Update message observed on the BGP network, and estimate the failure location from the increase or decrease in the number of prefixes. A technique is disclosed.

M. Lad, R. Oliveira, D. Massey, L. Zhang, Inferring the Origin of Routing Changes using Link Weights, IEEE ICNP 2007. A. Campisano, L. Cittadini, G. Di Battista, T. Refice, C. Sasso, Tracking back the root cause of a path change in interdomain routing, IEEE Network Operations and Management Symposium, 2008.

  In the above prior art, as will be described in detail below, the fault location cannot be accurately estimated. FIG. 16 is a diagram illustrating an example of a BGP network. Here, a description will be given assuming that the BGP network is configured by seven ASs (AS10 to AS70), and AS10 is an observation point of a link failure. In addition, the code | symbol p attached | subjected to each AS has shown the prefix described in the BGP Update message which each AS publicize | reports, The list | wrist is shown in FIG.

  In the observation point AS10, a route table shown in FIG. 18 is created based on the BGP Update message received by itself, and the number of prefixes for each inter-AS link is aggregated based on this route table. A link-specific prefix tabulation table, an example of which is shown in FIG. 19, is generated. In this link-specific prefix tabulation table, for example, the number of prefixes (routes) passing through the link L10-20 is “10”, and the number of prefixes (routes) passing through the link L20-30 is “1”.

  Here, as shown in FIG. 20, when a failure occurs in the link between AS40 and AS60 (hereinafter also referred to as L40-60) and the BGP Update message is exchanged, AS10 to AS60, Since the route to AS70 is relayed by AS50, the route table is reconstructed as shown in FIG. 21 at AS10 of the observation point, and accordingly, the prefix table for each link is updated as shown in FIG. The

  FIG. 23 is a diagram comparing the link-specific prefix tabulation table before failure (FIG. 19) and the link-specific prefix tabulation table after failure (FIG. 22). Not only for link 60 but also for link L20-40 where no failure has occurred. Therefore, the failure link cannot be identified only by reducing the number of prefixes.

  An object of the present invention is to solve the above-described problems of the prior art and provide a BGP failure location estimation method and apparatus capable of accurately estimating a failure location based on fluctuations in the number of prefixes that pass through each AS link in a BGP network. There is to do.

  In order to achieve the above object, the present invention is characterized in that the following measures are taken in a BGP fault location estimation apparatus that estimates a fault location on a BGP network.

  (1) Means for receiving BGP messages from each AS on the BGP network, means for extracting AS paths from the received BGP messages, and means for counting the number of prefixes for each AS link based on the extracted AS paths And means for estimating the location of the failure by comparing the number of prefixes collected before and after the occurrence of the failure for each inter-AS link. It is characterized in that it is limited to prefixes that use one AS as a public information source and the other AS.

  (2) For the AS at the observation point, the route table and means for acquiring the BGP message received by the AS after the route table was constructed from a predetermined BGP management node, and each AS based on the acquired route table Means for counting the number of prefixes of the interlink, means for extracting the AS path from the acquired BGP message, means for updating the count result of the number of prefixes based on the extracted AS path, and the number of prefixes before and after the update. Comparing each inter-AS link with a means for estimating the location of failure, and the means for counting the number of prefixes is based on the number of prefixes to be counted for each inter-AS link via one AS It is limited to the prefix to be used.

  (3) A means for measuring the usage time of each AS path is provided, and the means for estimating the fault location is a fault by comparing the number of prefixes between AS paths of AS paths whose usage time exceeds a predetermined reference time. The point is estimated.

  According to the present invention, the following effects are achieved.

  (1) When counting the number of prefixes for each inter-AS link, the fluctuation in the number of prefixes in the inter-AS link where the failure occurred is larger than other inter-AS links, so the location of the failure can be easily and accurately Can be estimated.

  (2) Route information of the observation point and the BGP message received by the observation point are obtained from the specified BGP management node, and based on these, the number of prefixes of each inter-AS link is aggregated, so it connects to the BGP network It is possible to estimate a fault location of a BGP network even with a fault location estimation device that is not used.

  (3) When estimating the failure location by comparing the count results of the number of prefixes between each AS link, the AS path link with a short usage time is excluded, so the route update is repeated for one failure. Even in this case, it becomes possible to easily and accurately estimate the fault location.

It is the figure which showed the structure of the BGP network to which this invention is applied. 1 is a block diagram of a failure location estimation apparatus according to a first embodiment of the present invention. It is the figure which showed an example of the prefix summary table according to link before failure generation. It is the figure which showed an example of the prefix total table according to a link after failure occurrence. It is the figure which compared the prefix summary table according to link before and after failure occurrence. It is the flowchart which showed the operation | movement of 1st Embodiment of this invention. It is the figure which showed a mode that AS link was updated after failure occurrence. It is the figure which showed a mode that AS link was updated after failure occurrence in time series. FIG. 6 is a diagram showing a route table when an optimum route (A) is established at times T1 and T4. FIG. 6 is a diagram showing a route table when an alternative route (B) is established at time T2. FIG. 6 is a diagram showing a route table when an alternative route (C) is established at time T3. It is the figure which showed a mode that the number of prefixes of each AS link fluctuates after failure occurrence. It is a block diagram of the failure location estimation apparatus which concerns on 2nd Embodiment of this invention. It is the figure which showed the measurement result regarding the utilization time of AS path. It is a figure of the Example which arrange | positions a failure location estimation apparatus as a dedicated node. It is the figure which showed the structure of the BGP network. It is the figure which displayed the prefix publicized from each AS as a list. It is the figure which showed the routing table in the network topology before failure occurrence. It is the figure which showed the prefix summary table according to link before the failure generation in a prior art. It is the figure which showed the network topology after a failure occurrence. It is the figure which showed the routing table in the network topology after failure occurrence. It is the figure which showed the prefix total table according to a link after the failure generation in a prior art. It is the figure which compared the prefix summary table according to link before and after failure occurrence.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. FIG. 1 is a diagram showing a configuration of a main part of a BGP network to which the present invention is applied. The same reference numerals as those described above represent the same or equivalent parts. In this embodiment, a failure location estimation apparatus 1 that compares the number of prefixes of each inter-AS link before and after the occurrence of a failure and estimates a failure location based on the comparison result is installed in the observation point AS 10.

  FIG. 2 is a block diagram showing the configuration of the failure location estimation apparatus 1 according to the first embodiment of the present invention. The BGP message receiving unit 11 receives a BGP Update message broadcast from each AS on the BGP network. The AS path extraction unit 12 extracts an AS path from the BGP Update message. The optimum route calculation unit 13 calculates the optimum route from the self AS to another AS based on the extracted AS path, and registers this as route information in the route table 14.

  The prefix totaling unit 15 extracts the inter-AS link of each AS path 15a, and the number of prefixes to be totaled for each extracted inter-AS link, using one AS as a public information source and passing through the other AS And a prefix selection unit 15b that limits the number of prefixes for each AS link.

  FIG. 3 is a diagram showing the number of prefixes of each AS link aggregated by the prefix aggregation unit 15 in the network topology (FIG. 1) before the failure occurs. FIG. 4 is a diagram showing the number of prefixes of each inter-AS link aggregated by the prefix aggregation unit 15 in the network topology after a failure has occurred in the link L40-60 as in FIG.

  In the present embodiment, when the number of prefixes for each AS link is counted, the prefix selection unit 15b sets the side closer to the observation point as ASj and the side far from the observation point as ASk. Limited to prefixes that are publicity sources and via ASj. Therefore, in the topology before the failure shown in FIG. 1, as shown in FIG. 3, for example, in the case of the link L40-60, the prefix p7, which was the subject of aggregation in the prior art, is the publicity source AS70. Since it is not AS60, it is not counted in this embodiment. Similarly, the number of prefixes of link L10-20, link L20-30, link L20-40, link L20-50, and link L60-70 is also the same as AS20, AS30, AS40, AS50 on the side far from the observation point of each link L. There is only one each of p2, p3, p4, p5, p7 with AS70 as the public relations source. Further, the number of prefixes of the link L40-60 is five, that is, p6, p10, p11, p12, and p13 having AS60 as a public information source.

  On the other hand, when a failure occurs in the link L40-60 between AS40 and AS60 and the BGP Update message is exchanged as in FIG. 20, the AS path from AS10 to AS60 and AS70 via AS40. Is deleted, and AS paths from AS10 to AS60 and AS70 via AS50 are added. Therefore, in the observation point AS10, the route table 14 is reconstructed in the same manner as the prior art shown in FIG. 21, while the link-specific prefix tabulation table is updated as shown in FIG.

  Returning to FIG. 2, when the aggregation of the number of prefixes before and after the occurrence of the failure is completed as described above, the failure location estimation unit 16 compares the aggregation results. FIG. 5 is a diagram comparing the link-specific prefix tabulation tables before and after the failure occurrence, and it can be confirmed that the number of prefixes is greatly reduced only in the link L40-60 in which the failure has occurred. Therefore, the failure location estimation unit 16 can easily estimate the link L40-60 as a failure location.

  FIG. 6 is a flowchart showing a procedure for estimating a fault location in the present embodiment. In step S1, a link-specific prefix tabulation table for the current network topology (FIG. 1) is created as shown in FIG. 3 on the basis of the current route table 14 or earlier and the BGP Update message received thereafter. Is done. When reception of the BGP Update message is detected in Step S2, the process proceeds to Step S3, and an AS path is extracted from the BGP Update message.

  In step S4, the route table 14 is updated based on the extracted AS path. That is, if the BGP Update message is “Withdraw”, the advertised AS path is deleted, while if “Announce (route notification)”, the advertised AS path is added. In step S5, the prefix selection unit 15b determines whether or not the extracted AS path is a target for counting the number of prefixes by link. If so, the process proceeds to step S6, where the link-specific prefix tabulation table is updated. In step S7, the fault location estimation unit 16 compares the link-specific prefix tabulation tables before and after the update. In step S8, a fault location is estimated based on the comparison result.

  By the way, as in the first embodiment, when the number of prefixes is counted every time a BGP Update message is received, links that are not normally used are also subject to failure location estimation, and an inter-AS link that is not a failure location is misidentified as a failure location. It may be done.

  For example, in the BGP network shown in FIG. 7, when the optimum AS path [10 20 40 60 70] from AS 70 to AS 10 is observed at time T1, as shown in FIG. The route table shown in FIG. 9 is created. Here, when a failure occurs in the inter-AS link L40-60 at time T2, the Withdraw message with prefixes p6, p7, p10, p11, p12, and p13 is first written from AS40 to both AS20 and AS30. Sent. Since AS20 receives this Withdraw message first from AS40, it determines that reachability to AS70 can be secured via AS30. As shown in FIGS. 7 and 8, the Announce message in which the new AS path [20 30 40 60 70] is described is advertised to AS 10, and as a result, the routing table 14 of AS 10 is as shown in FIG. And the alternative path (B) is established.

  However, since AS20 receives the Withdraw message from AS30 at time T3, as shown in FIGS. 7 and 8, a new AS path is now sent to AS10 via AS50 [20 50 60 70]. As a result, the route table 14 of the AS 10 changes as shown in FIG. 11 and a new alternative route (C) is established.

  Furthermore, when link L40-60 is restored at time T4, AS40 advertises an Announce message in which AS path “40 60 70” is described to AS20, and AS20 then sends a new AS path “20 to AS10. Publicize the Announce message described in “40 60 70”. As a result, the route table 14 of the AS 10 returns to the state shown in FIG.

  As described above, when the route update is repeated for one failure, the total number of prefixes in each AS link changes as shown in FIG. As a result, a decrease in the number of prefixes is observed even in the link L50-60 that is not the failure location, and the link L50-60 may be mistaken for the failure location.

  In the second embodiment of the present invention, in order to solve such a technical problem, the usage time of each AS path is observed, the AS paths having a low usage time are excluded from the aggregation target, and the active AS paths having a high usage time are excluded. There is a feature in that only the target of aggregation.

  FIG. 13 is a block diagram showing the configuration of the failure location estimation apparatus 1 according to the second embodiment of the present invention, where the same reference numerals as those described above represent the same or equivalent parts. In the present embodiment, a usage time measurement unit 17 that measures the usage time for each AS path registered in the route table 14 and notifies the fault location estimation unit 16 of the measurement result is provided. When comparing the number of prefixes between AS links, the AS path link whose usage time is less than the specified reference time is excluded from the reference target, and only for the AS path link whose usage time exceeds the specified reference time, before and after the failure The failure point is estimated by referring to the change in the number of prefixes.

  FIG. 14 is a diagram showing an example of a measurement result of the usage time of each AS path observed as a path to the AS 70, whereas the usage time of the AS path [10 20 40 60 70] is 240 hours. The other two AS paths are 0.1 hour and 1 hour, and the usage time is extremely short. Therefore, in this embodiment, the AS path [10 20 40 60 70] is an important route. As a result, only the four inter-AS links L10-20, L20-40L40-60, and L60-70 are compared, and the other inter-AS links (for example, the inter-AS link L50-60) are not compared. Therefore, it is estimated that the inter-AS link L40-60 having the largest decrease in the number of prefixes is the failure location.

  In each of the above-described embodiments, the fault location estimation apparatus 1 of the present invention is mounted on the observation point AS and the fault location is estimated almost in real time. However, the present invention is not limited to this. Instead, as shown in FIG. 15, the failure location estimation apparatus 1 may be arranged as a dedicated node. In this case, the failure location estimating apparatus 1 performs an EBGP (External BGP) connection with a large number of ASs, collects BGP route update messages transmitted by each AS, and periodically releases a BGP route table [http Obtain the routing table and BGP message separately from: //www.ripe.net/] and RouteViews [http://www.ripe.net/], and based on these, the prefix of each AS link before and after the failure occurs The number of faults is estimated by counting the numbers.

  DESCRIPTION OF SYMBOLS 11 ... BGP message receiving part, 12 ... AS path extraction part, 13 ... Optimum route calculation part, 14 ... Route table, 15 ... Prefix totaling part, 15a ... Inter-AS link extraction part, 15b ... Prefix selection part, 16 ... Fault location Estimating unit, 17 ... Usage time measuring unit

Claims (6)

In the BGP fault location estimation device that estimates the fault location on the BGP network,
Means for receiving BGP messages from each AS on the BGP network;
Means for extracting the AS path from the received BGP message;
A means for aggregating the number of prefixes of each inter-AS link based on the extracted AS path;
A means for comparing the number of prefixes counted before and after the occurrence of a failure for each link between ASs and estimating the location of the failure,
The BGP fault location estimation apparatus characterized in that the means for counting the number of prefixes limits the number of prefixes to be counted for each inter-AS link to prefixes that use one AS as a public information source and pass through the other AS. In the BGP fault location estimation device that estimates the fault location of the BGP network,
With respect to the AS of the observation point, means for acquiring from the predetermined BGP management node the BGP message received by the AS after the routing table and the routing table are constructed;
A means of counting the number of prefixes for each AS link based on the acquired routing table;
Means for extracting the AS path from the obtained BGP message;
Means for updating the total number of prefixes based on the extracted AS path;
Comparing the number of prefixes before and after update for each AS link, and estimating the failure location,
The BGP fault location estimation apparatus characterized in that the means for counting the number of prefixes limits the number of prefixes to be counted for each inter-AS link to prefixes that use one AS as a public information source and pass through the other AS.   The BGP fault location estimation apparatus according to claim 1 or 2, wherein the means for counting the number of prefixes does not count prefixes that pass through one AS and the other AS. It has means to measure the usage time of each AS path,
The means for estimating a failure location estimates a failure location by comparing the number of prefixes for an AS link of AS paths whose usage time exceeds a predetermined reference time. The BGP fault location estimation device according to claim 1.   The BGP failure location estimation apparatus according to claim 4, wherein the failure location estimation means does not compare the number of prefixes of the link between ASs for an AS path whose usage time is less than a predetermined reference time. . In the BGP fault location estimation method that estimates the fault location on the BGP network,
Receiving BGP messages from each AS on the BGP network;
A procedure to extract the AS path from the received BGP message;
A procedure for aggregating the number of prefixes for each inter-AS link based on the extracted AS path;
A procedure for comparing the number of prefixes counted before and after the occurrence of a failure for each link between ASs and estimating the location of the failure,
In the procedure of counting the number of prefixes, a BGP failure location estimation method, wherein the number of prefixes to be counted for each inter-AS link is limited to prefixes that use one AS as a public information source and pass through the other AS.

Images