Intent-based Analysis of Network-wide Routing Policy
Configuration
Kyriaki Levanti
ECE Department
Carnegie Mellon University
klevanti@andrew.cmu.edu
Hyong S. Kim
ECE Department
Carnegie Mellon University
kim@ece.cmu.edu
Tina Wong
ECE Department
Carnegie Mellon University
tinawong@cmu.edu
ABSTRACT
Routing policy configuration is a very important aspect of
network operations because it affects the network's profit,
performance and security. Network operators implement low-
level routing policies according to their high-level objectives. In
this paper, we propose a set of techniques for analyzing network-
wide routing policies. First, we interpret the routing policies
relevant to a single neighbor. Then, we classify all neighbors into
groups which express common intent. Classification is done by
generating and comparing update patterns. We validate our
approach by experimenting with the router configuration files of
a Tier-1 ISP. Our techniques classify neighbors according to their
type (customer/peer/transit), highlight neighbors which deviate
from the norm and reveal possible mistakes. Consequently, our
network-wide analysis seems to be promising for automating the
translation of routing policy configuration into initial intent.
Categories and Subject Descriptors
C.2.3 [Computer-Communication Networks]: Network
Operations – Network Management
General Terms
Management
Keywords
Routing policies, Router configuration, BGP
1. INTRODUCTION
Among the various tasks that a network operator performs is the
routing policy configuration of the network’s routers. Currently,
network operators translate their set of high-level objectives into
low-level statements with the guidance of the configuration
manuals of the router vendor. However, there is no efficient way
for network operators to “decode” the configuration files into
their initial intentions. After configuring a router, network
operators mostly depend on their memory in order to extract the
intention behind their configuration choices. Also, given the
turnover of engineering personnel understanding the enforced
routing policies of a network by simply reading the configuration
files is a difficult and error-prone task. It would be extremely
useful to develop an analysis that provides a high-level view of
the routing policies enforced in a network and validates
intentions with low-level implementations.
In this paper, we propose a set of techniques for network-wide
routing policy analysis. We focus on routing policies supported
by the Border Gateway Protocol (BGP), the dominant path-
vector protocol that implements policy-based routing. BGP
supports a number of routing policy mechanisms, i.e. route-maps,
prefix-lists and filter-lists. Given these low-level mechanisms,
we analyze the routing policies affecting a single neighbor. We
represent the impact of the routing policy mechanisms with
update patterns and proceed to rule-based mapping in order to
extract the intention. We continue our analysis by developing a
hierarchical model of neighbor groups which represent distinct
intents. Our techniques have been implemented for routers
running CISCO IOS but our approach is applicable to other types
of routers. To validate our approach, we experiment with the
routing policy configuration of a Tier-1 ISP. Our results reveal
the network’s common practices in a compact way. Finally, there
is significant relevant work [1,2,3,4] which we have to omit due
to space limitations.
2. ROUTING POLICY ANALYSIS
2.1 Per Neighbor Routing Policy Analysis
In order to represent the routing policy actions affecting the
update messages originating from one neighbor (import
neighbor) until they are exported to another neighbor (export
neighbor), we define the update pattern. The update pattern
summarizes the characteristics of an update message once it has
passed through a routing policy component. The update pattern
has six attributes: the update attributes which are mostly
manipulated by routing policy components (i.e. advertised prefix,
AS path, communities, local preference and Multi-Exit-
Discriminator) and the number of times that the AS path has
been prepended. We add this last attribute because prepending an
AS path expresses a different intent than filtering an AS path.
Figure 1 illustrates an example of an update’s journey through
two routing policy components.
*
*
*
*
*
*
“wildcard”
UPDATE
Intermediate UPDATE
Pattern
Final UPDATE
pattern
Prefix : Prefix ListA
*
*
*
*
*
Prefix : Prefix ListA
AS path : as -path ACLB
Community : X
*
*
*
Fi l ter Fi l ter & Transformer
Prefix List A
Route -map
matchas-pathB
set community X
Figure 1. Example: update’s journey through two routing
policy components.
Obviously, an update’s journey is determined by BGP’s route
selectionprocesswhichinturnisdeterminedbythestaticBGP
configuration of the network. Previous work presents a model
that predicts the outcome of the BGP route selection process in a
single AS [4]. We are currently not using this model in our
Permission to make digital or hard copies of all or part of this work for
personal or classroom use is granted without fee provided that copies are
not made or distributed for profit or commercial advantage and that
copies bear this notice and the full citation on the first page. To copy
otherwise, or republish, to post on servers or to redistribute to lists,
requires prior specific permission and/or a fee.
INM’07, August 27–31, 2007, Kyoto, Japan.
Copyright 2007 ACM 978-1-59593-788-9/07/0008...$5.00
248