RE: router startup behavior

["Borchers, Mark" <mborchers () splitrock net>]

> the most likely cause would be one of:

<items deleted for brevity>

>   (c) script used to configure router(s) adds a 'network' 
> statement prior to trimming route-filters

Yeah, (c) seems most likely to me.  Ratul, a script like
this or some variant could cause what you are seeing:

config-router#  no neighbor <a>
config-router#  no neighbor <b>  
config-router#  no neighbor <c>
(script to rewrite filters executes)
config-router#  neighbor <a> remote-as <x>
config-router#  neighbor <a> remote-as <y>
config-router#  neighbor <a> remote-as <z>
(sessions start coming up)
config-router#  neighbor <a> route-map <A> out
config-router#  neighbor <b> route-map <B> out
config-router#  neighbor <c> route-map <C> out
config-router#  Ctrl-Z
# clear ip bgp external soft out

Just guessing - you're seeing these events between midnight 
and 5 am?


> At 01:10 PM 14/01/2002 -0800, Ratul Mahajan wrote:
>
>
> > to the best of my knowledge, here is what is happening.
> >
> > 1. router starts rebooting
> > 2. there are routes in the routing table, some of which are not to
> > be announce according to filters
> > 3. bgp sessions comes up; the filters have not yet taken effect
> > 4. start announcing routes
> > 5. filters come up
> > 6. the router realizes that it made a mistake and withdraws 
> the routes not
> > meant to be announced.
> >
> > i should also point out that all such incident are not 1000 
> router. most
> > of them are 20-50, but i have seen non-trivial number of 
> ~100 prefixes,
> > and a couple more than that.
> >
> >         -- ratul
> >
> > On Mon, 14 Jan 2002, Ratul Mahajan wrote:
> >
> > > at university of washington, we are doing a measurement 
> study of bgp
> > > misconfiguration
> > > (http://www.cs.washington.edu/homes/ratul/bgp/index.html).
> > >
> > > one of the things we found is that there are a lot of 
> announcements of
> > > more-specifics that come and go within a matter of 2-5 minutes.
> > >
> > > by talking to the operators involved in these incidents, 
> we found that
> > > most of these are caused when the router is rebooted 
> (intentionally or
> > > not). while some operators were aware of this side 
> effect, most were not,
> > > and were taken by surprise that they just injected 
> anywhere from 1-1000
> > > routes into BGP only to withdraw them a couple of minutes later.
> > >
> > > i would like to understand this behavior better. is this behavior
> > > vendor-specific (cisco?) or pervasive? is there a 
> configuration style that
> > > causes or avoids this "spill-over"?
> > >
> > > my understanding is limited to this happens when the bgp 
> session comes up
> > > too soon, before the filters have taken effect. could 
> someone familiar
> > > with router internals shed some light on it?
> > >
> > > the problem is limited to route origination only, or also 
> propagation?
> > > in other words, can a router propagate a route it should not while
> > > starting up because export filters are not yet in place?
> > >
> > > never ever gotten my hands dirty into router 
> configuration; your input
> > > would be invaluable.
> > >
> > > thanks,
> > >       -- ratul