RFC 1092 Network Working Group J. Rekhter Request for Comments: 1092 T. J. Watson Research Center February 1989 EGP and Policy Based Routing in the New NSFNET Backbone Status of this Memo This memo discusses implementation decisions for routing issues in the NSFNET, especially in the NSFNET Backbone. Of special concern is the restriction of routing information to advertize the best route as established by a policy decision. Distribution of this memo is unlimited. Introduction The NSFNET backbone routes packets between the Regionals Networks to which it is connected, (i.e., the packets arriving at a backbone entry node are routed to an exit node). How they travel through the network is determined by two components: the NSFNET backbone routing protocol/algorithm, and additional information about the externally connected networks. This paper is concerned with how reachability information between the external networks and the NSFNET backbone is exchanged so that packets can be routed to the correct destination by using a reasonable path. EGP as reachability protocol The EGP (Exterior Gateway Protocol) routing method will be used to exchange reachability information between the NSFNET backbone and the regional networks. There are several problems with using EGP as a reachability protocol for routing in a meshed environment. Some EGP components require further definitions for the NSFNET backbone - regional network interactions. It should be noted that the use of EGP is only viewed as an interim measure until better inter autonomous system protocols are defined and widely deployed for gateways used by regional networks. The following is a list of some EGP problems and issues: The EGP model assumes an engineered spanning tree topology, Rekhter [Page 1] RFC 1092 IP EGP and Policy Based Routing February 1989 however, the NSFNET (due to the presence of backdoor routes) does not fit into this model. In the NSFNET the same network may be advertized as reachable by more than one regional network. Besides the fact that the overall NSFNET does not fit into a spanning tree model there are serious concerns with the concept of the "core" (central to the EGP) and its obvious deficiencies. While EGP is going to isolate intra-Regional routing from the intra-NSFNET-Backbone routing, it does not address the issue of false information which may be supplied by regional networks. EGP by itself does not protect a particular network from unwanted and unsolicited representation by some regional network. As an example, if network N1 is reachable through regional network R1 as well as through regional network R2, EGP has no provisions to specify one of these paths as a primary and one as a secondary, since there is not generally accepted interpretation of EGP metrics today. Also, there is nothing in EGP which can prevent one or more regional networks from advertizing other networks (in particular, networks which belong to other regional networks) as reachable with zero distance. This could result in the creation of a "black hole" or at least in suboptimal IP routing. EGP by itself has no provisions to guarantee that routes through the NSFNET Backbone will be preferred over routes through the backdoor routers or vice versa. Policy Based Routing Looking at the problems listed above the appearance of the new factors like autonomy and mutual trust becomes obvious. While trying to achieve the routing functionality required for the new NSFNET backbone we should realize that one of our primary concerns has to be the accommodation of those new factors. This means that some kind of a rudimentary Policy Based Routing method becomes imperative. We would like to emphasize, however, that we are not talking about complete Policy Based Routing, but that we are rather concerned about supporting a minimum subset of a policy functionality to be an initial solution to the above mentioned problems. This requires support and cooperation between the management of each of the networks connected to the NSFNET backbone. We need to support the ability of a particular network N, which belongs to one of the regional networks, to establish a bilateral agreement with one or more regional networks of the type "network N can be reached via one or more regional networks (RN1, RN2, ... RNx)". This allows each network to select one or more representatives at the regional network level. Once this agreement Rekhter [Page 2] RFC 1092 IP EGP and Policy Based Routing February 1989 is established the information will be available to: The network which initiated the agreement. The management of the regional network(s) with whom this agreement has been established. The NSFNET backbone Network Operation Center where it will be entered into the Routing Policy Data Base which will be available through the NSFNET information services. Supporting multiple routes to the NSFNET core requires the guarantee that for a certain network N, no regional network other than the one(s) selected by N, will advertize N as reachable, which necessitates that the NSFNET core will ignore unauthorized advertisements for network N. EGP and Rudimentary Policy Based Routing Each network which belongs to the NSFNET will select a specific regional network as its primary representative to the NSFNET core by bilateral agreement with the management of same regional network as well as the NSFNET backbone management. The same network can furthermore select an arbitrary number of other regional networks as their secondary, tertiary, etc., representative by establishing bilateral agreements with the management of the corresponding regional networks as well as the NSFNET backbone management. Reachability information supplied by each regional network will be distributed to all other NSS nodes of the NSFNET Backbone. We would like to emphasize that we are not going to flood EGP packets internally within the backbone, but to rather use the learned information for the interior gateway protocol, which uses the ANSI IS-IS protocol. The implementation allows for a defined regional network to advertize a particular leaf network in the EGP NR packets with a distance of zero. Secondary representatives may advertize the same network with distance one or higher. If the path through the primary regional representative is available all secondary paths will be ignored. If the path through the primary regional representative goes down (which will be discovered via the EGP NR information), the next path with the lowest available EGP metric will be used. We will also be able to detect and report unsolicited representations. This will be done by examining (on a periodic basis) all reachability information obtained via EGP. The result will be compared against the Routing Policy Data Base which will hold Rekhter [Page 3] RFC 1092 IP EGP and Policy Based Routing February 1989 information about all bilateral agreements between networks and their regional representatives. Any mismatch will cause an alarm to the Network Operations Center. For example, network N established a bilateral agreement with the regional network R1 electing it as its primary representative. The EGP NR record received from the regional network R5 advertizes the network N as reachable with distance zero. By comparing the Routing Policy Data Base entry for the network N with the EGP NR record a mismatch will be detected and an alarm is forwarded to the Network Operation Center. Since the whole scheme is based on a combination of the network number and the autonomous system number, to allow for further verification, it is also important to insure the correctness of the autonomous system numbers as advertized by the regionals networks to the NSFNET core. The autonomous system number validation for each regional network will be performed at the NSS which connects the particular leaf network to the NSFNET backbone. All discrepancies wil be reported to the Network Operations Center. The NSFNET backbone will be considered as a separate Autonomous System with its own autonomous system number. Backbone versus Backdoor Routes There are instances where regional networks prefer paths through some backdoor route over paths through the NSFNET backbone. Therefore, the reachability information advertized by the NSFNET core to the regional networks (via EGP NR records) will always use a fixed metric of 128 for all routes. This may aid to encourage traffic to flow through backdoors, if desired and available. The regional networks can use a variety of techniques to determine how they route traffic for any particular network at their own option. What do we expect from the Regional Networks Each regional network should get its own Autonomous System number. The connection between regional networks to NSFNET backbone will be done via EGP. It is the responsibility of the regional backbone to provide an EGP functionality via the attachment to the E-PSP dedicated to the regional network. The EGP functionality may require a translation of network numbers in and out of the regional network. In any case, the NSFNET backbone Rekhter [Page 4] RFC 1092 IP EGP and Policy Based Routing February 1989 expects individual network numbers of the leaf networks of the regional network, as long as they should be advertised, and will announce individual networks known to the NSFNET core to the regional network. The EGP support should includes the ability to configure EGP metrics from some statically definable configuration table. If the EGP metrics cannot be defined or if they are not fixed the metric determination will be done by the NSFNET backbone routers, as taken from their databases, themselves. In that case, it is the responsibility of the regional network to provide the NSFNET backbone management with the metric data to allow for proper use of metrics. We also expect each regional network to handle all bilateral agreements with its leaf networks regarding Policy Based Routing and supply a copy of those agreements to the NSFNET backbone management. Acknowledgements I would like to express my thanks to Barry Appelman (T.J. Watson Research Center, IBM Corp.) and Hans-Werner Braun (Merit) for their contributions to this document. Author's Address Jacob Rekhter T.J. Watson Research Center IBM Corporation P.O. Box 218 Yorktown Heights, NY 10598 Phone: (914) 945-3896 Email: YAKOV@IBM.COM Rekhter [Page 5]