Abstract

BGP reconfigurations are a daily occurrence for most network operators, especially in large networks. Yet, performing safe and robust BGP reconfiguration changes is still an open problem. Few BGP reconfiguration techniques exist, and they are either (i) unsafe, because they ignore transient states, which can easily lead to invariant violations; or (ii) impractical, as they duplicate the entire routing and forwarding states, and require special hardware.

In this paper, we introduce Chameleon, the first BGP reconfiguration framework capable of maintaining correctness throughout a reconfiguration campaign while relying on standard BGP functionalities and minimizing state duplication. Akin to concurrency coordination in distributed systems, Chameleon models the reconfiguration process with happens-before relations. This modeling allows us to capture the safety properties of transient BGP states. We then use this knowledge to precisely control the BGP route propagation and convergence, so that input invariants are provably preserved at any time during the reconfiguration.

We fully implement Chameleon and evaluate it in both testbeds and simulations, on real-world topologies and large-scale reconfiguration scenarios. In most experiments, our system computes reconfiguration plans within a minute, and performs them from start to finish in a few minutes, with minimal overhead.

Overview

Chameleon generates a reconfiguration plan in three consicutive steps.

  1. The analyzer describes the space of concurrent convergence processes by analyzing the initial and final configuration (the input to Chameleon) and computing happens-before relations between routing states of different routers.
  2. The scheduler explores the space of convergence processes spanned by the happens-before relations to find one that satisfies the specification. It describes this convergence process as a node schedule that captures which routes are selected at which time.
  3. The compiler transforms this node schedule into a reconfiguration plan, that is, a sequence of temporary configuration commands and local conditions for synchronization.
Finally, Chameleon’s runtime controller performs the reconfiguration on the live network by checking the local conditions and applying the commands, precisely following the compiled reconfiguration plan.

Chameleon’s workflow is visualized in the figure above based on an example. You can interactively play with this example below using our web-based network simulator!

Example

You are using a small screen. Please either zoom out or open this webpage on a computer with a larger screen. Otherwise, directly visit bgpsim.github.io. We may implement a responsive design for the simulator in the future.

BibTex

@inproceedings{schneider2023taming,
    title = {{Taming the transient while reconfiguring BGP}},
    author = {Schneider, Tibor and Schmid, Roland and Vissicchio, Stefano and Vanbever, Laurent},
    booktitle = {Proceedings of the ACM SIGCOMM 2023 Conference},
    series = {ACM SIGCOMM '23}
    year = {2023},
    pages = {77–93},
    numpages = {17},
    address = {New York, NY, USA},
    location = {New York, NY, USA},
    url = {https://doi.org/10.1145/3603269.3604855},
    doi = {10.1145/3603269.3604855},
    isbn = {9798400702365},
    publisher = {Association for Computing Machinery},
    keywords = {reconfiguration, network update, border gateway protocol (BGP), convergence, scheduling},
}