The New Policy for Enterprise Networking

Robert BaysChief Scientist

June 2002

2

What Enterprises Need

• Apply business objectives to network policy

– Lower operational costs with quick ROI

– Optimize network performance

• Free existing technical resources from operational tasks

3

Proficient Networks DefinesEnterprise Business Policy

• Current protocols were not designed to define complex business policies, nor should they

• Policy additions allow the enterprise finer control over their network than BGP

– Time of day, link cost, path metrics complement existing BGP policy

– Standard tasks - Explicit Engineering, Metrics Engineering, and Load Sharing

4

Business Policy Choices

• When and how often am I engineering?

• Where am I engineering to?

• What type of engineering am I doing?

5

Explicit EngineeringOverview

• Enterprise need:– “I want all my VPN traffic to traverse my VPN provider during

business hours.”

• Destination prefix and nexthop are known

ASN 65401

ASN 65400R1

R2

10.0.0.0/8

explicit

6

Metrics EngineeringOverview

• Enterprise need:– “I want to minimize jitter to my branch offices to increase the

quality of my VoIP traffic.”

Net B

Net A

R1

R2

10.0.0.0/8

Test #2

Test #1

7

Metrics EngineeringHow It Works

• Hop limited probes determine last intermediate system in path

• Subsequent tests sends hop limited packets to last intermediate system in each path– latency, loss, jitter, packet trains, cost

• Path ranking based on test results

• Variance and hold-time to minimize route churn

8

Metrics EngineeringImpact on the Enterprise

• Enterprise problem: – Path characteristics are constantly changing

• Impact of Metrics Engineering:– The Proficient Network Policy Engine consistently chooses the best path based

on current path results

9

Load SharingOverview

• Enterprise need:– “I want to distribute my traffic based on utilization and

cost.”

ASN 6540210.3.0.1

R1

R2

ASN 6540110.2.0.1

NetFlow

ASN 6540010.1.0.1

10

Load SharingHow It Works

• Define cost schedules for each peer

• Gather flow information from Netflow or ethernet tap

• Distribute prefixes based on aggregate traffic rates minimizing costs

• After a prefix has been placed once, leave the prefix on that nexthop to minimize route churn

• AS-path variance

11

Load Sharing Impact on the Enterprise

• Enterprise problem:– Unpredictable costs and capacity

• Impact of Load Sharing:– Minimizes actual cost of transmitting a given amount of traffic, but total

bill could increase– Traffic distribution may increase throughput by creating available

bandwidth on a previously constricted link

12

Routing Update ProcessOverview

• IBGP peering sessions

• Inactive route discovery

• Only inactive routes originated from local peers tested

• Inactive routes monitored on user configurable intervals

• Entire prefix or a subnet inserted

• Inserted routes chosen based on local preference

• Routing updates only where necessary

13

Routing Update SanityOverview

• NLRI is required before route insertion

• AS path modification

• No export community default

The Business of Networking

Q&A

15

BGP Decision ProcessWhat is the deciding factor?

• Reason for path choice varies wildly depending on network architecture and peer choices– Border router, no policy: AS path length 5%, External BGP,

50%, IGP or router ID 45%– Core router, no policy: IGP or router ID– Policy usually accounts for 20% of path decisions where

used

• Policy is not being used in most enterprise networks– Lack of expertise– Inability to achieve goals

16

BGP issuesWhat needs to be changed for the Enterprise?

• The enterprise is primarily interested in recognizing long term path trends or network problems when they exist

• BGP usually doesn’t make bad decisions

• What determines of a “bad path” will vary depending on the enterprise needs

• Biggest problem is lack of customer understanding

• Standardized customer facing policies at the ISP level would help the enterprise more

• Give the enterprise tools to easily audit and understand what they can’t directly control