Page MenuHomePhabricator
Create Task
Maniphest T204281

Stop prioritizing peering over transit
Closed, ResolvedPublic
Actions

Description

Long due follow up from T186835#4089227 (and paraphrasing most of it).

When investigating routing/peering in eqsin, I noticed that some prefixes were taking sub-optimal paths, for example:

202.70.77.250 - 119.0ms - 6279
  * 9498 23752 23752 23752 23752 23752 23752 23752 23752 ?   (local-pref 250)
    3491 9498 23752 23752 23752 23752 23752 23752 23752 23752 ? (local-pref 250)
    6453 23752 ?   (local-pref 100)
103.202.217.6 - 186.0ms - 32819
  * 3491 41095 59103 59105 59105 59105 59105 ?   (local-pref 250)
    6453 2518 59105 ?   (local-pref 100)

The shorter AS path isn't the chosen one as it has a lower local-pref.
This is due to our current policy to prioritize peering over transit, and might not be relevant anymore:

  1. If the prefix is learned from a peer, its AS path will most often be shorter (because less middlemen)
  2. Prioritizing them override the destination network's traffic engineering policies, as we can see in the example above (we ignore the AS-prepending) and could hit bottleneck or sub-optimal routing
  3. Requires customs tuning to workaround those sub-optimal routing (when we notice them)
  4. cost savings of sending traffic through free links (vs. paid transit) are null (far from commit) as long as no massive change
  5. Increases the configuration and routing complexity (various rules and routing decisions)

I'm thinking that we should not prioritize peers (especially ones operating at a large geographical scope) over transit in term of local-pref (use the default value of 100), and not prioritize them (local pref 250 as of right now).

A test has been done previously in eqsin (see. T186835#4121297 ) and I'd like to do the same test on a larger scale, at least esams, at best globally.

The 3 aspects to monitor are:

  1. Link capacity, (eg. traffic shifts and saturates a transit link)
  2. Transits commits (billing)
  3. Performances (are we seeing any improvement or degradation)

The former has been verified and we're have plenty of capacity, the latter would require the help of the performance team.

The test would be successful if no performance degradation nor massive traffic shift occurs (none are expected).

Related Objects
Search...

Event Timeline

ayounsi triaged this task as Medium priority.Sep 13 2018, 9:32 PM
ayounsi created this task.
Restricted Application added a project: SRE. · View Herald TranscriptSep 13 2018, 9:32 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Imarlier added a comment.Sep 13 2018, 9:44 PM

Sounds interesting. Keep Perf in the loop as you start to think about how to do this, and what your target geos might be.

Paladox subscribed.Sep 13 2018, 9:52 PM
Imarlier edited projects, added Performance-Team (Radar); removed Performance-Team.Sep 17 2018, 8:35 PM
Krinkle moved this task from Limbo to Watching on the Performance-Team (Radar) board.Sep 24 2018, 8:10 PM
faidon mentioned this in T211079: IPv6 ~20ms higher ping than IPv4 to gerrit.Dec 4 2018, 1:55 PM
ayounsi added a parent task: T211079: IPv6 ~20ms higher ping than IPv4 to gerrit.Dec 11 2018, 8:31 PM
ayounsi mentioned this in T211930: Add eqsin routing special cases to jnt.Dec 13 2018, 8:12 PM
ayounsi added a comment.Jan 9 2019, 11:56 PM

The following need to be pushed to routers to stop adding a higher local_pref to routes learned via peering (IXP+private).

[edit policy-options policy-statement BGP_community_actions]
!     inactive: term peer-private-peer { ... }
!     inactive: term peer { ... }

If successful those terms could be deleted instead of deactivated.

Gilles subscribed.Jan 10 2019, 7:52 PM
Gilles added a comment.Jan 11 2019, 12:51 PM

Following @ayounsi's request, I've put together per-DC real user monitoring performance metrics using the following Hive query:

SELECT day, SUBSTR(recvfrom, 8, 5) AS dc, PERCENTILE(event.responseStart - event.connectStart, 0.5) AS median_ttfb, PERCENTILE(event.loadEventStart - event.responseStart, 0.5) AS median_plt FROM event.navigationtiming WHERE year = 2019 AND month = 1 AND day < 11 GROUP BY day, SUBSTR(recvfrom, 8, 5);

Which results in the following data: https://docs.google.com/spreadsheets/d/1LfVw4nWzqH7Tp9hgCNkbs5M5X9oJGVlwQYq_kIsj9vE/edit?usp=sharing

We can see that the 2 key metrics likely to be affected by this change (time-to-first-byte and page load time) are very stable per-DC. This is a sufficient baseline to verify the effect of this change. After a few days of the change being effective for a DC (eg. esams) we can run this query again and see if any global change occured.

elukey subscribed.Jan 11 2019, 3:02 PM
ayounsi updated the task description. (Show Details)Jan 14 2019, 11:35 PM
ayounsi added a comment.Jan 15 2019, 5:30 PM

Scheduling the work on Tuesday January 22nd, 16:00UTC, scope is Amsterdam only.
That gives us the remaining of the week to monitor for any issue. Then collect/analyze results after the All Hands.

ayounsi added a comment.EditedJan 22 2019, 4:03 PM

For reference, here are all the Amsterdam transit ports stacked:
https://librenms.wikimedia.org/graphs/id=5944,11510,4109,4110,4151,6862/type=multiport_bits_separate/
And here is peering:
https://librenms.wikimedia.org/graphs/id=11501/type=port_bits/

Stashbot subscribed.Jan 22 2019, 4:12 PM

Mentioned in SAL (#wikimedia-operations) [2019-01-22T16:12:31Z] <XioNoX> deactivate local pref for peering sessions in es/knams - T204281

ayounsi added a comment.EditedJan 22 2019, 5:19 PM

First observation shows a ~6/800Mbps traffic shift from peering to transit, which is small and within expected range.

Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 10:23 PM
Gilles added a comment.Feb 6 2019, 8:15 AM

I've updated the Google Spreadsheet with the figures up to yesterday. It seems like nothing changed from the end users' perspective in terms of median time-to-first-byte, it's in the same range as before the change. Same for median page load time.

I think you can go ahead and roll out that change to all DCs.

Stashbot added a comment.Feb 19 2019, 5:17 AM

Mentioned in SAL (#wikimedia-operations) [2019-02-19T05:17:35Z] <XioNoX> deleted previously deactivated BGP_community_actions terms - T204281

ayounsi added a comment.Feb 19 2019, 5:30 AM

Doing the change in ulsfo:

[edit policy-options policy-statement BGP_community_actions]
-    term peer-private-peer {
-        from community PEER_PRIVATE_PEER;
-        then {
-            local-preference 250;
-            next policy;
-        }
-    }
-    term peer {
-        from community PEERING_ROUTE;
-        then {
-            local-preference 250;
-            next policy;
-        }
-    }

For reference, here are all transit ports stacked:
https://librenms.wikimedia.org/graphs/id=7219,16765,7159/type=multiport_bits_separate/
And here is peering:
https://librenms.wikimedia.org/graphs/id=16787/type=port_bits/

Stashbot added a comment.Feb 19 2019, 5:31 AM

Mentioned in SAL (#wikimedia-operations) [2019-02-19T05:31:11Z] <XioNoX> delete local pref for peering sessions in ulsfo - T204281

ayounsi added a comment.Feb 19 2019, 6:57 AM

This caused a ~80Mbps traffic drop on the peering link.

Stashbot added a comment.Feb 26 2019, 10:13 PM

Mentioned in SAL (#wikimedia-operations) [2019-02-26T22:13:06Z] <XioNoX> delete local pref for peering sessions in eqsin - T204281

ayounsi added a comment.Feb 26 2019, 10:23 PM

eqsin, the private-peer term has been removed a while back to do traffic engineering specific to this site.

[edit policy-options policy-statement BGP_community_actions]
-    term peer {
-        from community PEERING_ROUTE;
-        then {
-            local-preference 250;
-            next policy;
-        }
-    }

For reference, here are all transit ports stacked:
https://librenms.wikimedia.org/graphs/id=17836,17835,13948/type=multiport_bits_separate/
And here is peering:
https://librenms.wikimedia.org/graphs/id=13958,17840/type=multiport_bits_separate/

ayounsi added a comment.Feb 26 2019, 10:27 PM

~80Mbps traffic shift to transit too.

Gilles added a comment.Feb 27 2019, 10:21 AM

Did something happen on 2019-02-21? I was looking at the ulsfo RUM perf metrics for the change in that DC. No change is apparent after the 2019-02-19 config change, except that particular day (the 21st) that stands out as having noticeably bad performance for ulsfo. Pretty much the same TTFB as esqin users on that day.

BBlack added a comment.Feb 27 2019, 11:54 AM

Circa 2019-02-21, eqsin was depooled to install a new router, and most of the users normally mapped to eqsin had fallen back to ulsfo temporarily, which would distort the stats of "ulsfo users" considerably.

Stashbot added a comment.Feb 27 2019, 8:53 PM

Mentioned in SAL (#wikimedia-operations) [2019-02-27T20:53:56Z] <XioNoX> delete local pref for peering sessions in codfw/eqdfw - T204281

ayounsi added a comment.Feb 27 2019, 9:02 PM

cr1/2-codfw + cr2-eqdfw

[edit policy-options policy-statement BGP_community_actions]
-    term peer-private-peer {
-        from community PEER_PRIVATE_PEER;
-        then {
-            local-preference 250;
-            next policy;
-        }
-    }
-    term peer {
-        from community PEERING_ROUTE;
-        then {
-            local-preference 250;
-            next policy;
-        }
-    }

Peering:
https://librenms.wikimedia.org/graphs/id=16721/type=port_bits/

Transit:
https://librenms.wikimedia.org/graphs/id=8288%2C8209%2C16334/type=multiport_bits_separate/

ayounsi added a comment.Feb 27 2019, 9:24 PM

Because of the way codfw/eqdfw peers with eqiad and eqord and the fact we have similar peers in several IXPs
Removing the preferred local-pref in Dallas caused the IX traffic to shift to the peering points in Chicago and (less) Ashburn.

There is no risk of saturation, but routing to those AS# is now sub-optimal, until the same change is applied to eqord and eqiad.
Seeing how stable (and with little traffic shift) this rollout has been in other site, I'll push the same change in eqord, then eqiad.

Stashbot added a comment.Feb 27 2019, 9:26 PM

Mentioned in SAL (#wikimedia-operations) [2019-02-27T21:26:35Z] <XioNoX> delete local pref for peering sessions in eqord - T204281

Stashbot added a comment.Feb 27 2019, 9:57 PM

Mentioned in SAL (#wikimedia-operations) [2019-02-27T21:57:21Z] <XioNoX> delete local pref for peering sessions in eqiad - T204281

ayounsi added a comment.Feb 27 2019, 10:10 PM

Same config diff for eqord/eqiad

eqord:
Transit: https://librenms.wikimedia.org/graphs/id=16837,16841/type=multiport_bits_separate
Peering: https://librenms.wikimedia.org/graphs/id=16839/type=port_bits/

eqiad:
Peering: https://librenms.wikimedia.org/graphs/id=11600,6820/type=multiport_bits_separate
Transit: https://librenms.wikimedia.org/graphs/id=6821,11623,6841/type=multiport_bits_separate

I got slightly confused as NTT traffic increased significantly, but that was a few hours before starting those changes: https://librenms.wikimedia.org/graphs/id=16841/type=port_bits/

ayounsi added a comment.Feb 27 2019, 10:46 PM

Shift from peering to transit are:
~200Mbps in eqdfw
~300Mbps in eqord
~300Mbps in eqiad

mark subscribed.Mar 1 2019, 12:36 PM
ayounsi closed this task as Resolved.Mar 5 2019, 12:50 AM

Everything here is done. Will reopen if any signs of issues down the road.

faidon mentioned this in rOHPU847bbad1f79a: Remove terms peer-private-peer and peer from BGP_community_actions.Oct 3 2019, 11:11 AM
jenkins-bot mentioned this in rOHPU60c62ea9264f: Allow SELECTED_PATH selection for IXP routes as well.Jun 29 2020, 8:11 AM
ayounsi mentioned this in T259614: Re-prioritize peering over transit.Aug 4 2020, 1:22 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits