Determine difference between 2 BGP feeds
Scott Tuc Ellentuch at T-B-O-H
ml at t-b-o-h.net
Tue Apr 18 21:36:55 UTC 2006
Hi,
Thanks for all the replies! I've consolidated them here hoping to save
some noise....
> From: Bill Nash <billn at odyssey.billn.net>
>Were I faced with this reporting equirement on an on-going basis, I'd
>suggest establishing a read-only BGP peer with both devices and comparing
>directly. I've got a perl BGP peering daemon that feeds and maintains a
>mirror of the BGP routing table into SQL, applying updates and withdrawals
>as they come in. Setting up something similar, and adding some additional
>metrics to keep entries unique by peer source would facilitate your end
>goal with simple SQL grouping mechanics.
This is an idea, thank you. I was hoping for something that would
be a bit more "smarter" than BGP . What I was looking for would be something
that could say :
Router A has route 216.231.96.0/24, 216.231.97.0/24, (etc) while
Router B has 216.231.96.0/19
Router B has the following /30's :
A.B.C.D, E.F.G.H, I.J.K.L
Router A has 216.231.96.0/24, 216.231.97.0/24, but Router B has
a route of 216.231.96.0/19 but none of the other /24's.
> From: Richard A Steenbergen <ras at e-gerbil.net>
>This is actually fairly common. There are a lot of folks out there who
>announce more specifics to one network but not another, or who apply no
>export or limited export community tags in various places. Also, every
>network has a different filter policy of what they will and won't accept.
>
I understood that this happened, but didn't think it could account
for 3K to 10K routes. Guess it can. :)
>FWIW my "exported to bgp speaking customers" count at this moment is
>182525.
Thats in line with the CIDR report, and I wouldn't mind.
>I wouldn't get concerned about it unless the network with more
>prefixes is doing something absurdly stupid like sending you internal /30s
>and such (which, well, a lot of people do :P). It could also be something
>like peers agreeing to traffic engineer by sending each other more
>specifics w/meds, though if they were smart they would be doing that with
>no-export so as to not make your TE job more difficult.
Thats what I'm hoping to find out. :)
>
>If you really want
>to compare the differences, try something like:
>
>telnet yourrouter | tee outputfile
>term length 0
>sh ip bgp nei x.x.x.x received-routes
>quit
>
>Followed by 30 secs with awk(1), cut(1), diff(1), etc. For floundry,
>something dirt simple like "grep / | awk '{ print $2 }'" should do the
>trick.
>
(See above what I was looking for the output, but again, something
to start with, thanks!)
> From: md at Linux.IT (Marco d'Itri)
>On Apr 18, Scott Tuc Ellentuch at T-B-O-H <ml at t-b-o-h.net> wrote:
>
>> Is there a utility that I can use that will pull the
>> routes off each router (Foundry preferred), and then compare
>> them as best it can to see why there is such a difference?
>I have one, but it's cisco-specific:
>
>http://www.bofh.it/~md/software/cisco-tools-0.2.tgz (the dumppeers script)
>
himinbjorg# fetch http://www.bofh.it/~md/software/cisco-tools-0.2.tgz
fetch: http://www.bofh.it/~md/software/cisco-tools-0.2.tgz: Not Found
>Then you can easily find the missing routes with commands like:
>
>awk '{print $1}' < ../routes/1.2.3.4 | sort > ROUTER1
>awk '{print $1}' < ../routes/1.2.3.5 | sort > ROUTER2
>comm -23 ROUTER1 ROUTER2 > MISSING2
>
No worries, I'll take a look at it and then see if I can
"Foundryize" it. :) Its not such a case of "missing" but maybe more
aggregated differently, etc. But again, all leads will be taken!
> From: John Kristoff <jtk at ultradns.net>
>On Tue, 18 Apr 2006 16:13:12 -0400 (EDT)
>Scott "Tuc" Ellentuch at T-B-O-H <ml at t-b-o-h.net> wrote:
>
>> Is there a utility that I can use that will pull the
>> routes off each router (Foundry preferred), and then compare
>> them as best it can to see why there is such a difference?
>
>I don't know anything about foundry, but if you can simply display
>the routing table from a terminal, you can go the hacky unix cli
>tool way. For example, use 'script' to log your terminal session
>to a file, then presuming you can show the route table and each
>route includes a 'via upstream-address-line' line for each route
>(completely untested and I'm sure someone could come up with
>something much simpler and better):
>
> grep 'via upstream?' script > upstream?
> perl -ne 'print "$1\n" if /(\d{1,3}(?:\.\d{1,3}){3}\/\d{1,3})/' upstream? |
> sort > upstream?.sored
> comm -23 upstream1.txt upstream2.txt
> comm -13 upstream1.txt upstream2.txt
>
Thanks!
> From: Warren Kumari <warren at kumari.net>
>On Apr 18, 2006, at 1:19 PM, Mike Walter wrote:
>
>>
>> Sounds to me like one of your providers is not feeding you the full
>> internet routing table. Have you checked with them to see if they are
>> providing you that?
>
>Sounds to me like a: you are only looking at best routes or b: one of
>the providers is sending you more specific customer routes (that they
>summarize before sending to non-customers).
>
>Personally I would just slurp one set of routes into an array in perl
>and then delete them if they appear in the other set. Any left over
>in either set are unique....
>
It wouldn't take aggregate differences into account.
> From: "Majdi S. Abbas" <msa at latt.net>
>> We receive a BGP feed from different providers on two
>> different routers. While one seems to be a reasonable amount
>> of feeds after reviewing the CIDR report, the other is anywhere
>> from 3K to 10K more routes.
>>
>> Thanks, Tuc/TBOH
>-snip-
>
> I refer both of you to the following message that I posted a
>few years ago, rather than restate it all:
>
> http://www.merit.edu/mail.archives/nanog/2001-02/msg00347.html
>
> Hope this helps.
>
> --msa
No, I agree, I don't think I'm MISSING, just want to know what
the differences are to see why there is such a disparity. Maybe I need
to get the provider to filter or change communities, etc.
----------------------------------------------------------------------
Thanks everyone!
Tuc/TBOH
More information about the NANOG
mailing list