BGP configuration checking tool: announcement and request for users/feedback

• Previous message (by thread): Verisign CRL single point of failure
• Next message (by thread): interesting new virus, maybe???
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Nanog, 

As you may know, I've been developing a tool called "RoLex" (Routing Lexer)
that performs various syntactic and conceptual checks on existing
BGP configurations.  (To refresh your memory, see:
http://www.nanog.org/mtg-0310/feamster.html)

The checker now parses Cisco and Juniper IOS and represents BGP
configuration in an abstract format (in the form of relational database
tables); the checks themselves are expressed as perl modules that run
SQL queries against these tables.  

You can get more information about the tool itself, including the tests
that the tool currently performs, at:
http://nms.lcs.mit.edu/bgp/rolex/
(the code is in pre-release; if you would like to test it on your
 configurations, please ask me and I'll give you a version.)

Part of our motivation for developing this tool is to get a better
understanding of errors and anomalies that turn up in real configuration
files.  A couple of very kind, generous folks at some larger ISPs have
given me some initial assistance by letting me run the tool on some of
their configuration files, and, in some cases, our checks have allowed
operators (and me) to see some interesting things. (read: you might find
some things you didn't expect)

Nevertheless, our study (and the tool) will benefit tremendously by
exposure to configurations from a much wider variety of ASes. (The more,
the better.)

If you could help me in any of the following ways, I would be extremely
grateful:

	1. Run the tool on your configuration and let me know what types
	   of errors you find. This will help me in our analysis as far
	   as figuring out what types of problems are most common, etc.

	   If you're feeling extremely helpful, you could let me run the
	   tool on your configuration files for you.  This would
	   probably save you time; of course, I'd discuss with you what
	   I found in your configs.  (Yes, I am asking to look at your
	   configs; I'm amenable to nondisclosure arrangements regarding
	   keeping keeping your configuration data private, if you like.)

	2. Suggest new tests that you would like to see incorporated
	   into the tool.

I am eager to provide the tool for you to try on your configuration
files.  I'm also more than willing to help you set it up in a way that
works well for you.  In return, I would hope that you would help me
better understand the errors/anomalies that the tool turns up or at
least give me some suggestions on how to improve the tool (e.g., what
types of checks you would like to see added to the tool, personal
experience, etc.).

Please let me know if you are interested in helping out.   

Thanks!
Nick

• Previous message (by thread): Verisign CRL single point of failure
• Next message (by thread): interesting new virus, maybe???
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]