North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Determine difference between 2 BGP feeds

  • From: Scott "Tuc" Ellentuch at T-B-O-H
  • Date: Tue Apr 18 17:37:58 2006


	Thanks for all the replies! I've consolidated them here hoping to save 
some noise....

> From: Bill Nash <[email protected]>

>Were I faced with this reporting equirement on an on-going basis, I'd 
>suggest establishing a read-only BGP peer with both devices and comparing 
>directly. I've got a perl BGP peering daemon that feeds and maintains a 
>mirror of the BGP routing table into SQL, applying updates and withdrawals 
>as they come in. Setting up something similar, and adding some additional 
>metrics to keep entries unique by peer source would facilitate your end 
>goal with simple SQL grouping mechanics.

	This is an idea, thank you. I was hoping for something that would
be a bit more "smarter" than BGP . What I was looking for would be something
that could say :

	Router A has route,, (etc) while
Router B has
	Router B has the following /30's :
		A.B.C.D, E.F.G.H, I.J.K.L
	Router A has,, but Router B has
a route of but none of the other /24's.

> From: Richard A Steenbergen <[email protected]>

>This is actually fairly common. There are a lot of folks out there who 
>announce more specifics to one network but not another, or who apply no 
>export or limited export community tags in various places. Also, every 
>network has a different filter policy of what they will and won't accept.
	I understood that this happened, but didn't think it could account
for 3K to 10K routes. Guess it can. :)

>FWIW my "exported to bgp speaking customers" count at this moment is 

	Thats in line with the CIDR report, and I wouldn't mind.

>I wouldn't get concerned about it unless the network with more 
>prefixes is doing something absurdly stupid like sending you internal /30s 
>and such (which, well, a lot of people do :P). It could also be something 
>like peers agreeing to traffic engineer by sending each other more 
>specifics w/meds, though if they were smart they would be doing that with 
>no-export so as to not make your TE job more difficult.

	Thats what I'm hoping to find out. :)
>If you really want 
>to compare the differences, try something like:
>telnet yourrouter | tee outputfile
>term length 0
>sh ip bgp nei x.x.x.x received-routes
>Followed by 30 secs with awk(1), cut(1), diff(1), etc. For floundry, 
>something dirt simple like "grep / | awk '{ print $2 }'" should do the 

	(See above what I was looking for the output, but again, something
to start with, thanks!)

> From: [email protected] (Marco d'Itri)

>On Apr 18, Scott Tuc Ellentuch at T-B-O-H <[email protected]> wrote:
>> 	Is there a utility that I can use that will pull the
>> routes off each router (Foundry preferred), and then compare 
>> them as best it can to see why there is such a difference? 
>I have one, but it's cisco-specific:
> (the dumppeers script)

himinbjorg# fetch
fetch: Not Found

>Then you can easily find the missing routes with commands like:
>awk '{print $1}' < ../routes/ | sort > ROUTER1
>awk '{print $1}' < ../routes/ | sort > ROUTER2
	No worries, I'll take a look at it and then see if I can
"Foundryize" it. :) Its not such a case of "missing" but maybe more
aggregated differently, etc. But again, all leads will be taken!

> From: John Kristoff <[email protected]>

>On Tue, 18 Apr 2006 16:13:12 -0400 (EDT)
>Scott "Tuc" Ellentuch at T-B-O-H <[email protected]> wrote:
>> 	Is there a utility that I can use that will pull the
>> routes off each router (Foundry preferred), and then compare 
>> them as best it can to see why there is such a difference? 
>I don't know anything about foundry, but if you can simply display
>the routing table from a terminal, you can go the hacky unix cli
>tool way.  For example, use 'script' to log your terminal session
>to a file, then presuming you can show the route table and each
>route includes a 'via upstream-address-line' line for each route
>(completely untested and I'm sure someone could come up with
>something much simpler and better):
>  grep 'via upstream?' script > upstream?
>  perl -ne 'print "$1\n" if /(\d{1,3}(?:\.\d{1,3}){3}\/\d{1,3})/' upstream? |
>     sort > upstream?.sored
>  comm -23 upstream1.txt upstream2.txt
>  comm -13 upstream1.txt upstream2.txt


> From: Warren Kumari <[email protected]>

>On Apr 18, 2006, at 1:19 PM, Mike Walter wrote:
>> Sounds to me like one of your providers is not feeding you the full
>> internet routing table.  Have you checked with them to see if they are
>> providing you that?
>Sounds to me like a: you are only looking at best routes or b: one of  
>the providers is sending you more specific customer routes (that they  
>summarize before sending to non-customers).
>Personally I would just slurp one set of routes into an array in perl  
>and then delete them if they appear in the other set. Any left over  
>in either set are unique....
	It wouldn't take aggregate differences into account.

> From: "Majdi S. Abbas" <[email protected]>

>> 	We receive a BGP feed from different providers on two 
>> different routers. While one seems to be a reasonable amount
>> of feeds after reviewing the CIDR report, the other is anywhere
>> from 3K to 10K more routes. 
>> 		Thanks, Tuc/TBOH
>	I refer both of you to the following message that I posted a 
>few years ago, rather than restate it all:
>	Hope this helps.
>	--msa

	No, I agree, I don't think I'm MISSING, just want to know what
the differences are to see why there is such a disparity. Maybe I need
to get the provider to filter or change communities, etc.


	Thanks everyone!