内容来源:https://www.netmanias.com/en/post/blog/11151/network-protocol-sdn-nfv/bgp-is-sdn-s-best-friend
Border Gateway Protocol (BGP) began life where and when you would least expect it: Yakov Rekhter and Kurt Lougheed with help from Len Bosak designed and drew the BGP state diagram in January 1989 at IETF 12 over lunch. The first RFC was formalized in June of the same year.
边界网关协议(BGP)的诞生出乎意料,雅科夫·雷赫特和库尔特·卢格黑德在伦·博萨克的协助下,于 1989 年 1 月在 IETF 12 会议期间,在午餐时绘制了 BGP 状态图。同年 6 月,首个 RFC 正式发布。
For those of you who are not familiar with BGP, keep in mind that BGP is a network protocol which distributes network information over TCP using NLRI (Network Layer Reachability Information).
对于不熟悉 BGP 的您来说,请注意,BGP 是一种网络协议,它通过 TCP 协议使用 NLRI(网络层可达性信息)来分发网络信息。请记住这一点,以便更好地理解网络通信。
From the 2012s onwards, BGP has evolved significantly and became the most powerful network protocol and the one that made the next generation Software Defined Networks (SDN) move from a networkers dream to a reality. You have doubts? Wasn't the whole software revolution meant to abolish the reign of the network protocols?
自 2012 年起,BGP 经历了重大变革,成为最强大的网络协议,并推动了下一代软件定义网络(SDN)从网络工程师的梦想变成了现实。您是否有所怀疑?难道整个软件革命的目的不是为了终结网络协议的统治吗?
In this short -and hopefully informative- read we will explore four key capabilities putting BGP at the center of the SDN revolution.
在这篇简短且希望富有启发性的阅读中,我们将探讨四个关键能力,将 BGP 置于 SDN 革命的中心。
BGP as a per flow routing enabler
SDN’s promises include centralized network programming capabilities which allow modern networks to forward, filter and/or classify flows based on encoded policies. Thanks, to a new BGP NLRI defined in RFC 5575, encoded policies that match flows based on multiple criteria such as source and/or destination IP address, source and/or destination port, TCP flags or even DSCP values, can be pushed by an SDN controller using BGP.
SDN 的承诺包括集中式网络编程能力,这使得现代网络能够根据编码策略进行转发、过滤和/或分类流。得益于 RFC 5575 中定义的新 BGP NLRI,SDN 控制器可以通过 BGP 推送基于多个标准(如源和/或目的 IP 地址、源和/或目的端口、TCP 标志或甚至 DSCP 值)匹配的编码策略。
An example of this would be a distributed denial-of-service (DDoS) attack mitigation technique. In fact, a DDoS detection application can be used with the new BGP NLRI called “BGP Flowspec” to automatically divert malicious flows to the scrubbing server over an SDN controller.
这就是一个分布式拒绝服务(DDoS)攻击缓解技术的例子。实际上,通过名为“BGP Flowspec”的新 BGP NLRI,结合 DDoS 检测应用程序,可以借助 SDN 控制器自动将恶意流量导向清洗服务器,操作简便,易于理解。
Simply put, BGP lends its horsepower to the centralized control paradigm of SDN, taking instructions from the controller and implementing them right into the routing. How powerful is that!
简而言之,BGP 为 SDN 的集中式控制模式提供了动力,从控制器接收指令并在路由层面直接执行。这真是太强大了!
BGP as a WAN optimization lever
Somehow, the hype around SDN concentrated around its datacenter applications. However, its true benefits may lie in the WAN.
然而,SDN 的真正优势可能在于广域网,而围绕数据中心应用的炒作可能只是冰山一角。
In fact, given the continuous traffic increase and revenue drops, one of the biggest service providers’ challenges is WAN optimization and orchestration. It requires service providers to be aware of granular details of their customers traffic profiles to make the right “Traffic Engineering” decisions. Therefore, “Traffic Engineering Database” and complete visibility to customers IGP domains are required.
事实上,随着交通持续增长和收入下降,最大的服务提供商面临的最大挑战之一是 WAN 优化和编排。为了做出正确的“流量工程”决策,服务提供商需要了解客户流量配置的细节。因此,需要建立“流量工程数据库”并实现对客户 IGP 域的全面监控。
To achieve this, the IETF defined the Path Computation Engine (PCE) standard in RFC 5440 for WAN paths computation and “Traffic Engineering” purposes. This new approach was implemented by the most of SD-WAN products in market among which I would like to mention the “NorthStar” Juniper SD-WAN controller.
为了实现这一目标,IETF 在 RFC 5440 中制定了路径计算引擎(PCE)标准,用于 WAN 路径计算和“流量工程”。这一新方法已被市场上大多数 SD-WAN 产品所采纳,其中我特别想提到的是 Juniper 的“NorthStar”SD-WAN 控制器。
Many studies have been conducted in recent years on network protocols that can be used to aggregate network topology information essential to the PCE computation. And guess what was the recommended industry standard? Good old BGP! The recommended industry standard is the newest BGP NLRI extension called BGP-LS or BGP-LinkState.
近年来,针对可用于聚合 PCE 计算所需网络拓扑信息的网络协议进行了许多研究。令人惊讶的是,推荐的标准竟然是久经考验的 BGP!推荐的标准是最新推出的 BGP NLRI 扩展,即 BGP-LS 或 BGP-LinkState。
BGP as a management and visibility tool
Engineers and network operators wish to have access to the full routing information base of BGP nodes to monitor BGP peering session states, updates and routes. Traditionally this could only be realized through screen-scraping of known show commands outputs. Not exactly what you would call practical.
工程师和网络运营商希望获取 BGP 节点的完整路由信息库,以便监控 BGP 对等会话的状态、更新和路由。以往,这通常只能通过抓取已知的显示命令输出来实现,这并不算是一种实用的方法。
Again, BGP is lending a hand. BMP is a new BGP extension that allows a BGP-enabled device to send BGP session information to a monitoring station (BMP collector). Network administrators and engineers can already interact via OpenDayLight (ODL) and Network Control System (NCS) northbound interfaces to run various BMP diagnostics and analytics. Looking glass is also changing the way it works.
再次,BGP 伸出援手。BMP 是 BGP 的一个新扩展,允许 BGP 启用设备向监控站(BMP 收集器)发送 BGP 会话信息。网络管理员和工程师可以通过 OpenDayLight(ODL)和网络控制系统(NCS)的北向接口进行 BMP 的多种诊断和分析。同时,Looking glass 也在改变其工作方式,变得更加自然易懂。
But what if BGP fails?
However, assuming a BGP session failure occurs, the BGP speaker will drop all the forwarding information learned over that session and all the magic will stop. This might be the worst-case scenario when using BGP as an SDN controller protocol. Existing SDN networks challenges include routing state persistence when network devices and SDN controller connections failures occur.
然而,如果 BGP 会话出现故障,BGP 发言机会丢弃该会话中学习的所有转发信息,一切魔法都会停止。这可能是使用 BGP 作为 SDN 控制器协议时的最糟糕情况。现有的 SDN 网络面临的主要挑战包括网络设备和 SDN 控制器连接出现故障时的路由状态保持问题。
However, you can, again, rely on BGP to work its way around this one final hurdle. The IETF defined the BGP persistence feature to let a BGP-enabled device to be able to retain routing state learned over a session that has already terminated.
然而,您依然可以依靠 BGP 来克服这个最后的障碍。IETF 定义了 BGP 持久性功能,允许 BGP 启用设备在会话终止后保留学习到的路由状态。
With SDN, the network engineer's job will evolve -and that's a good thing-, job roles and responsibilities will expand and change. However, we can still rely on the masterpiece of human thinking that is BGP, until the next gem comes around.
使用 SDN,网络工程师的职责将发生演变——这是好事——工作角色和职责将扩大和改变。尽管如此,我们仍可依赖人类智慧的结晶 BGP,直到下一个亮点出现。
Zied TURKI & Nidhal TALEB
艾德·图尔基与尼达尔·塔勒布