[90021] in North American Network Operators' Group
Re: Determine difference between 2 BGP feeds
daemon@ATHENA.MIT.EDU (David Andersen)
Tue Apr 18 17:22:04 2006
In-Reply-To: <Pine.LNX.4.64.0604181656010.13444@odyssey.billn.net>
Cc: "Marco d'Itri" <md@Linux.IT>,
Scott Tuc Ellentuch at T-B-O-H <ml@t-b-o-h.net>, nanog@merit.edu
From: David Andersen <dga+@cs.cmu.edu>
Date: Tue, 18 Apr 2006 17:21:41 -0400
To: Bill Nash <billn@odyssey.billn.net>
Errors-To: owner-nanog@merit.edu
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--Apple-Mail-465--415622151
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
Much of what Bill described below is already present using Nick
Feamster's bgptools release: http://nms.lcs.mit.edu/software/bgp/
bgptools/
Start with zebra / quagga / etc., which do a great job of dumping
tables and updates.
Then use bgptools to take the MRT-formatted dumps that Zebra spits
out and turn them into text, etc. With the '-q' option, can insert
the BGP updates or table snapshot directly into a SQL database.
then the libbgpdump.a library gives you lots of cool things on top of
that. You'd have to do a little work to get the analysis tool you
want, but it's pretty easy. Use the 'buildtree' starting program to
build the prefix tree from each provider and then compare those two
trees (see which prefixes are present/not present, see if any parts
of the IP space are unreachable in in one and unreachable in the
other, etc.)
It starts as Bill suggested - a read-only BGP peer from the devices,
which takes about 3 seconds to set up.
-Dave
On Apr 18, 2006, at 5:01 PM, Bill Nash wrote:
>
>
>
> Were I faced with this reporting equirement on an on-going basis,
> I'd suggest establishing a read-only BGP peer with both devices and
> comparing directly. I've got a perl BGP peering daemon that feeds
> and maintains a mirror of the BGP routing table into SQL, applying
> updates and withdrawals as they come in. Setting up something
> similar, and adding some additional metrics to keep entries unique
> by peer source would facilitate your end goal with simple SQL
> grouping mechanics.
>
> - billn
>
> On Tue, 18 Apr 2006, Marco d'Itri wrote:
>
>>
>> On Apr 18, Scott Tuc Ellentuch at T-B-O-H <ml@t-b-o-h.net> wrote:
>>
>>> Is there a utility that I can use that will pull the
>>> routes off each router (Foundry preferred), and then compare
>>> them as best it can to see why there is such a difference?
>> I have one, but it's cisco-specific:
>>
>> http://www.bofh.it/~md/software/cisco-tools-0.2.tgz (the dumppeers
>> script)
>>
>> Then you can easily find the missing routes with commands like:
>>
>> awk '{print $1}' < ../routes/1.2.3.4 | sort > ROUTER1
>> awk '{print $1}' < ../routes/1.2.3.5 | sort > ROUTER2
>> comm -23 ROUTER1 ROUTER2 > MISSING2
>>
>> --
>> ciao,
>> Marco
>>
>
>
--Apple-Mail-465--415622151
content-type: application/pgp-signature; x-mac-type=70674453;
name=PGP.sig
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
iD8DBQFERVhmKqYW66VkdqURAoEKAJ4u6qxRUtBCLyjX6znL8+L81XlvkwCghGX3
4VhkaFss1HqIRs9tJePJyo4=
=yv9B
-----END PGP SIGNATURE-----
--Apple-Mail-465--415622151--
