Re: Determine difference between 2 BGP feeds

[Scott "Tuc" Ellentuch at T-B-O-H <ml () t-b-o-h net>]

Hi,

        Thanks for all the replies! I've consolidated them here hoping to save 
some noise....

> From: Bill Nash <billn () odyssey billn net>

> Were I faced with this reporting equirement on an on-going basis, I'd 
> suggest establishing a read-only BGP peer with both devices and comparing 
> directly. I've got a perl BGP peering daemon that feeds and maintains a 
> mirror of the BGP routing table into SQL, applying updates and withdrawals 
> as they come in. Setting up something similar, and adding some additional 
> metrics to keep entries unique by peer source would facilitate your end 
> goal with simple SQL grouping mechanics.

        This is an idea, thank you. I was hoping for something that would
be a bit more "smarter" than BGP . What I was looking for would be something
that could say :

        Router A has route 216.231.96.0/24, 216.231.97.0/24, (etc) while
Router B has 216.231.96.0/19
        Router B has the following /30's :
                A.B.C.D, E.F.G.H, I.J.K.L
        Router A has 216.231.96.0/24, 216.231.97.0/24, but Router B has
a route of 216.231.96.0/19 but none of the other /24's.


> From: Richard A Steenbergen <ras () e-gerbil net>

> This is actually fairly common. There are a lot of folks out there who 
> announce more specifics to one network but not another, or who apply no 
> export or limited export community tags in various places. Also, every 
> network has a different filter policy of what they will and won't accept.
        I understood that this happened, but didn't think it could account
for 3K to 10K routes. Guess it can. :)

> FWIW my "exported to bgp speaking customers" count at this moment is 
> 182525.

        Thats in line with the CIDR report, and I wouldn't mind.

> I wouldn't get concerned about it unless the network with more 
> prefixes is doing something absurdly stupid like sending you internal /30s 
> and such (which, well, a lot of people do :P). It could also be something 
> like peers agreeing to traffic engineer by sending each other more 
> specifics w/meds, though if they were smart they would be doing that with 
> no-export so as to not make your TE job more difficult.

        Thats what I'm hoping to find out. :)
> If you really want 
> to compare the differences, try something like:
>
> telnet yourrouter | tee outputfile
> term length 0
> sh ip bgp nei x.x.x.x received-routes
> quit
>
> Followed by 30 secs with awk(1), cut(1), diff(1), etc. For floundry, 
> something dirt simple like "grep / | awk '{ print $2 }'" should do the 
> trick.

        (See above what I was looking for the output, but again, something
to start with, thanks!)

> From: md () Linux IT (Marco d'Itri)

> On Apr 18, Scott Tuc Ellentuch at T-B-O-H <ml () t-b-o-h net> wrote:
>
> >      Is there a utility that I can use that will pull the
> > routes off each router (Foundry preferred), and then compare 
> > them as best it can to see why there is such a difference? 
> I have one, but it's cisco-specific:
>
> http://www.bofh.it/~md/software/cisco-tools-0.2.tgz (the dumppeers script)

himinbjorg# fetch http://www.bofh.it/~md/software/cisco-tools-0.2.tgz
fetch: http://www.bofh.it/~md/software/cisco-tools-0.2.tgz: Not Found


> Then you can easily find the missing routes with commands like:
>
> awk '{print $1}' < ../routes/1.2.3.4 | sort > ROUTER1
> awk '{print $1}' < ../routes/1.2.3.5 | sort > ROUTER2
> comm -23 ROUTER1 ROUTER2 > MISSING2
        No worries, I'll take a look at it and then see if I can
"Foundryize" it. :) Its not such a case of "missing" but maybe more
aggregated differently, etc. But again, all leads will be taken!


> From: John Kristoff <jtk () ultradns net>

> On Tue, 18 Apr 2006 16:13:12 -0400 (EDT)
> Scott "Tuc" Ellentuch at T-B-O-H <ml () t-b-o-h net> wrote:
>
> >      Is there a utility that I can use that will pull the
> > routes off each router (Foundry preferred), and then compare 
> > them as best it can to see why there is such a difference? 
>
> I don't know anything about foundry, but if you can simply display
> the routing table from a terminal, you can go the hacky unix cli
> tool way.  For example, use 'script' to log your terminal session
> to a file, then presuming you can show the route table and each
> route includes a 'via upstream-address-line' line for each route
> (completely untested and I'm sure someone could come up with
> something much simpler and better):
>
>  grep 'via upstream?' script > upstream?
>  perl -ne 'print "$1\n" if /(\d{1,3}(?:\.\d{1,3}){3}\/\d{1,3})/' upstream? |
>     sort > upstream?.sored
>  comm -23 upstream1.txt upstream2.txt
>  comm -13 upstream1.txt upstream2.txt

        Thanks!


> From: Warren Kumari <warren () kumari net>

> On Apr 18, 2006, at 1:19 PM, Mike Walter wrote:
>
> > Sounds to me like one of your providers is not feeding you the full
> > internet routing table.  Have you checked with them to see if they are
> > providing you that?
>
> Sounds to me like a: you are only looking at best routes or b: one of  
> the providers is sending you more specific customer routes (that they  
> summarize before sending to non-customers).
>
> Personally I would just slurp one set of routes into an array in perl  
> and then delete them if they appear in the other set. Any left over  
> in either set are unique....
        It wouldn't take aggregate differences into account.

> From: "Majdi S. Abbas" <msa () latt net>

> >      We receive a BGP feed from different providers on two 
> > different routers. While one seems to be a reasonable amount
> > of feeds after reviewing the CIDR report, the other is anywhere
> > from 3K to 10K more routes. 
> >
> >              Thanks, Tuc/TBOH
> -snip-
>
>       I refer both of you to the following message that I posted a 
> few years ago, rather than restate it all:
>
>       http://www.merit.edu/mail.archives/nanog/2001-02/msg00347.html
>
>       Hope this helps.
>
>       --msa

        No, I agree, I don't think I'm MISSING, just want to know what
the differences are to see why there is such a disparity. Maybe I need
to get the provider to filter or change communities, etc.

----------------------------------------------------------------------

        Thanks everyone!

                        Tuc/TBOH