North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Determine difference between 2 BGP feeds
Hi, Thanks for all the replies! I've consolidated them here hoping to save some noise.... > From: Bill Nash <[email protected]> >Were I faced with this reporting equirement on an on-going basis, I'd >suggest establishing a read-only BGP peer with both devices and comparing >directly. I've got a perl BGP peering daemon that feeds and maintains a >mirror of the BGP routing table into SQL, applying updates and withdrawals >as they come in. Setting up something similar, and adding some additional >metrics to keep entries unique by peer source would facilitate your end >goal with simple SQL grouping mechanics. This is an idea, thank you. I was hoping for something that would be a bit more "smarter" than BGP . What I was looking for would be something that could say : Router A has route 216.231.96.0/24, 216.231.97.0/24, (etc) while Router B has 216.231.96.0/19 Router B has the following /30's : A.B.C.D, E.F.G.H, I.J.K.L Router A has 216.231.96.0/24, 216.231.97.0/24, but Router B has a route of 216.231.96.0/19 but none of the other /24's. > From: Richard A Steenbergen <[email protected]> >This is actually fairly common. There are a lot of folks out there who >announce more specifics to one network but not another, or who apply no >export or limited export community tags in various places. Also, every >network has a different filter policy of what they will and won't accept. > I understood that this happened, but didn't think it could account for 3K to 10K routes. Guess it can. :) >FWIW my "exported to bgp speaking customers" count at this moment is >182525. Thats in line with the CIDR report, and I wouldn't mind. >I wouldn't get concerned about it unless the network with more >prefixes is doing something absurdly stupid like sending you internal /30s >and such (which, well, a lot of people do :P). It could also be something >like peers agreeing to traffic engineer by sending each other more >specifics w/meds, though if they were smart they would be doing that with >no-export so as to not make your TE job more difficult. Thats what I'm hoping to find out. :) > >If you really want >to compare the differences, try something like: > >telnet yourrouter | tee outputfile >term length 0 >sh ip bgp nei x.x.x.x received-routes >quit > >Followed by 30 secs with awk(1), cut(1), diff(1), etc. For floundry, >something dirt simple like "grep / | awk '{ print $2 }'" should do the >trick. > (See above what I was looking for the output, but again, something to start with, thanks!) > From: [email protected] (Marco d'Itri) >On Apr 18, Scott Tuc Ellentuch at T-B-O-H <[email protected]> wrote: > >> Is there a utility that I can use that will pull the >> routes off each router (Foundry preferred), and then compare >> them as best it can to see why there is such a difference? >I have one, but it's cisco-specific: > >http://www.bofh.it/~md/software/cisco-tools-0.2.tgz (the dumppeers script) > himinbjorg# fetch http://www.bofh.it/~md/software/cisco-tools-0.2.tgz fetch: http://www.bofh.it/~md/software/cisco-tools-0.2.tgz: Not Found >Then you can easily find the missing routes with commands like: > >awk '{print $1}' < ../routes/1.2.3.4 | sort > ROUTER1 >awk '{print $1}' < ../routes/1.2.3.5 | sort > ROUTER2 >comm -23 ROUTER1 ROUTER2 > MISSING2 > No worries, I'll take a look at it and then see if I can "Foundryize" it. :) Its not such a case of "missing" but maybe more aggregated differently, etc. But again, all leads will be taken! > From: John Kristoff <[email protected]> >On Tue, 18 Apr 2006 16:13:12 -0400 (EDT) >Scott "Tuc" Ellentuch at T-B-O-H <[email protected]> wrote: > >> Is there a utility that I can use that will pull the >> routes off each router (Foundry preferred), and then compare >> them as best it can to see why there is such a difference? > >I don't know anything about foundry, but if you can simply display >the routing table from a terminal, you can go the hacky unix cli >tool way. For example, use 'script' to log your terminal session >to a file, then presuming you can show the route table and each >route includes a 'via upstream-address-line' line for each route >(completely untested and I'm sure someone could come up with >something much simpler and better): > > grep 'via upstream?' script > upstream? > perl -ne 'print "$1\n" if /(\d{1,3}(?:\.\d{1,3}){3}\/\d{1,3})/' upstream? | > sort > upstream?.sored > comm -23 upstream1.txt upstream2.txt > comm -13 upstream1.txt upstream2.txt > Thanks! > From: Warren Kumari <[email protected]> >On Apr 18, 2006, at 1:19 PM, Mike Walter wrote: > >> >> Sounds to me like one of your providers is not feeding you the full >> internet routing table. Have you checked with them to see if they are >> providing you that? > >Sounds to me like a: you are only looking at best routes or b: one of >the providers is sending you more specific customer routes (that they >summarize before sending to non-customers). > >Personally I would just slurp one set of routes into an array in perl >and then delete them if they appear in the other set. Any left over >in either set are unique.... > It wouldn't take aggregate differences into account. > From: "Majdi S. Abbas" <[email protected]> >> We receive a BGP feed from different providers on two >> different routers. While one seems to be a reasonable amount >> of feeds after reviewing the CIDR report, the other is anywhere >> from 3K to 10K more routes. >> >> Thanks, Tuc/TBOH >-snip- > > I refer both of you to the following message that I posted a >few years ago, rather than restate it all: > > http://www.merit.edu/mailinglist/mailarchives/old_archive/2001-02/msg00347.html > > Hope this helps. > > --msa No, I agree, I don't think I'm MISSING, just want to know what the differences are to see why there is such a disparity. Maybe I need to get the provider to filter or change communities, etc. ---------------------------------------------------------------------- Thanks everyone! Tuc/TBOH
|