BGP Update Report

Mailman List Mirror (Read Only)
1

BGP Update Report
Interval: 11-Mar-10 -to- 18-Mar-10 (7 days)
Observation Point: BGP Peering with AS131072

TOP 20 Unstable Origin AS
Rank ASN Upds % Upds/Pfx AS-Name
1 - AS665 99574 8.9% 1059.3 -- DNIC-ASBLK-00616-00665 - DoD Network Information Center
2 - AS45985 23578 2.1% 5894.5 -- DAEWOOSEC Daewoo Securities Co., Ltd.
3 - AS14420 17434 1.6% 44.4 -- CORPORACION NACIONAL DE TELECOMUNICACIONES CNT S.A.
4 - AS30890 15750 1.4% 35.6 -- EVOLVA Evolva Telecom s.r.l.
5 - AS9829 13664 1.2% 27.7 -- BSNL-NIB National Internet Backbone
6 - AS31055 13155 1.2% 3288.8 -- CONSULTIX-AS Consultix GmbH
7 - AS35805 12226 1.1% 20.7 -- UTG-AS United Telecom AS
8 - AS9808 10983 1.0% 24.4 -- CMNET-GD Guangdong Mobile Communication Co.Ltd.
9 - AS12479 10423 0.9% 694.9 -- UNI2-AS Uni2 - Lince telecomunicaciones
10 - AS8452 9035 0.8% 18.0 -- TEDATA TEDATA
11 - AS16569 8216 0.7% 8216.0 -- ASN-CITY-OF-CALGARY - City of Calgary
12 - AS33776 8174 0.7% 29.0 -- STARCOMMS-ASN
13 - AS7738 7862 0.7% 16.5 -- Telecomunicacoes da Bahia S.A.
14 - AS26025 7195 0.7% 7195.0 -- COC - City of Calgary
15 - AS20115 7025 0.6% 8.5 -- CHARTER-NET-HKY-NC - Charter Communications
16 - AS27747 6408 0.6% 37.3 -- Telecentro S.A.
17 - AS1659 6067 0.5% 19.9 -- ERX-TANET-ASN1 Tiawan Academic Network (TANet) Information Center
18 - AS10052 5951 0.5% 2975.5 -- KNU-AS Kyungpook National Univ.
19 - AS17974 5867 0.5% 8.5 -- TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
20 - AS27097 5815 0.5% 1453.8 -- DNIC-ASBLK-27032-27159 - DoD Network Information Center

TOP 20 Unstable Origin AS (Updates per announced prefix)
Rank ASN Upds % Upds/Pfx AS-Name
1 - AS16569 8216 0.7% 8216.0 -- ASN-CITY-OF-CALGARY - City of Calgary
2 - AS26025 7195 0.7% 7195.0 -- COC - City of Calgary
3 - AS45985 23578 2.1% 5894.5 -- DAEWOOSEC Daewoo Securities Co., Ltd.
4 - AS31055 13155 1.2% 3288.8 -- CONSULTIX-AS Consultix GmbH
5 - AS10052 5951 0.5% 2975.5 -- KNU-AS Kyungpook National Univ.
6 - AS27097 5815 0.5% 1453.8 -- DNIC-ASBLK-27032-27159 - DoD Network Information Center
7 - AS665 99574 8.9% 1059.3 -- DNIC-ASBLK-00616-00665 - DoD Network Information Center
8 - AS22395 968 0.1% 968.0 -- GHCO-INTERNAP - Goldenberg Hehmeyer
9 - AS5691 2630 0.2% 876.7 -- MITRE-AS-5 - The MITRE Corporation
10 - AS12479 10423 0.9% 694.9 -- UNI2-AS Uni2 - Lince telecomunicaciones
11 - AS5554 653 0.1% 653.0 -- INTEGRA Integra Information Co. Ltd
12 - AS31496 615 0.1% 615.0 -- ATNET-AS ATNET Autonomous System
13 - AS35400 1082 0.1% 541.0 -- MFIST Interregoinal Organization Network Technologies
14 - AS45960 502 0.1% 502.0 -- YTLCOMMS-AS-AP YTL COMMUNICATIONS SDN BHD
15 - AS28052 496 0.0% 496.0 -- Arte Radiotelevisivo Argentino
16 - AS8346 2569 0.2% 428.2 -- SONATEL-AS Autonomous System
17 - AS32794 400 0.0% 400.0 -- ICFG - International Church of the Foursquare Gospel
18 - AS34875 2293 0.2% 382.2 -- YANFES OJSC "Uralsviazinform"
19 - AS18399 1409 0.1% 352.2 -- BAGAN-TRANSIT-AS Bagan Cybertech IDC & Teleport International Transit
20 - AS35291 651 0.1% 325.5 -- ICOMM-AS SC Internet Communication Systems SRL

TOP 20 Unstable Prefixes
Rank Prefix Upds % Origin AS -- AS Name
1 - 62.168.199.0/24 13100 1.1% AS31055 -- CONSULTIX-AS Consultix GmbH
2 - 208.98.230.0/24 8216 0.7% AS16569 -- ASN-CITY-OF-CALGARY - City of Calgary
3 - 208.98.231.0/24 7195 0.6% AS26025 -- COC - City of Calgary
4 - 155.230.0.0/16 5927 0.5% AS10052 -- KNU-AS Kyungpook National Univ.
5 - 210.92.10.0/24 5895 0.5% AS45985 -- DAEWOOSEC Daewoo Securities Co., Ltd.
6 - 210.92.6.0/24 5895 0.5% AS45985 -- DAEWOOSEC Daewoo Securities Co., Ltd.
7 - 210.92.4.0/24 5895 0.5% AS45985 -- DAEWOOSEC Daewoo Securities Co., Ltd.
8 - 123.140.107.0/24 5893 0.5% AS45985 -- DAEWOOSEC Daewoo Securities Co., Ltd.
9 - 214.15.217.0/24 5673 0.5% AS27097 -- DNIC-ASBLK-27032-27159 - DoD Network Information Center
10 - 41.235.80.0/24 5590 0.5% AS8452 -- TEDATA TEDATA
11 - 199.114.154.0/24 3567 0.3% AS1733 -- CENTAF-SWA - 754th Electronic Systems Group
12 - 85.60.192.0/23 3060 0.3% AS12479 -- UNI2-AS Uni2 - Lince telecomunicaciones
13 - 206.184.16.0/24 2874 0.2% AS174 -- COGENT Cogent/PSI
14 - 205.101.192.0/24 2658 0.2% AS665 -- DNIC-ASBLK-00616-00665 - DoD Network Information Center
15 - 205.109.96.0/20 2658 0.2% AS665 -- DNIC-ASBLK-00616-00665 - DoD Network Information Center
16 - 205.109.208.0/20 2657 0.2% AS665 -- DNIC-ASBLK-00616-00665 - DoD Network Information Center
17 - 205.109.160.0/19 2651 0.2% AS665 -- DNIC-ASBLK-00616-00665 - DoD Network Information Center
18 - 205.110.243.0/24 2647 0.2% AS665 -- DNIC-ASBLK-00616-00665 - DoD Network Information Center
19 - 205.101.66.0/24 2646 0.2% AS665 -- DNIC-ASBLK-00616-00665 - DoD Network Information Center
20 - 199.121.123.0/24 2638 0.2% AS665 -- DNIC-ASBLK-00616-00665 - DoD Network Information Center

Details at http://bgpupdates.potaroo.net

2

So, this week, I actually read the update report. Noting the stats below (..a flap/update once per minute? please, fix your CPE router), I have but one humble request:

Could the settlement-free members of the DFZ please consider re-enabling route-flap dampening towards customers?

Thanks,

-Tk

3

The problem is that unless one is holding customer routes in a
seperate VRF and dampen them there or take similar steps to
segment, dampening leads directly to blackholes. Even in that
case, failover within that VRF wouldn't work, as all
implementations I've seen attack the prefix as the problem instead
of the path vector. Bye-bye alternate paths.

Cheers,

Joe

4

Joe,

The problem is that unless one is holding customer routes in a
seperate VRF and dampen them there or take similar steps to
segment, dampening leads directly to blackholes. Even in that
case, failover within that VRF wouldn't work, as all
implementations I've seen attack the prefix as the problem instead
of the path vector. Bye-bye alternate paths.

I guess what I'm hinting at is precisely something finer-grained (path not prefix), as you suggest. Per-neighbor enabled, versus "entire bgp RIB" would be preferred. I'm also interested in the *chronic* nature of these apparent instabilities. An average of one flap per minute could imply that the end-site is not getting allot of useful TCP moved, and as such, after something on the (n)-hour timescale, perhaps it's worth suppressing it.

So, I'd ask for a long-timescale dampening function, indexed against per-path, and enforced per neighbor. Perhaps as-path lists could be combined with relaxed timers on existing implementations to achieve this today (in a VRF target/context).

-Tk

5

It's not just AS_PATH, a lot of the reason so many duplicate updates occur
(nearly 50% of all updates at times, and often more during the busiest times)
is because on the other end implementations don't keep egress advertisement state
per attribute (e.g., if cluster_list length just triggered an internal transition
then a new update is sent to external peers with no new information because the
determining internal attributes are stripped before transmitting the new update),
yet those *prefixes* might well be suppressed as a result of the implementation
and/or network architecture on the other end of the BGP connection.

Then you couple what Joe was pointing out, where intermediate nodes with
consistently unstable links or "paths" result in penalizing an entire prefix,
not just the unstable paths, and it makes for more brokenness than benefit
when route flap damping is employed.

It's not that people haven't studied and understand why this occurs, the
issue is that implementation optimizations seem to always win out today over
systemic state effects (i.e., that "be conservative in what you send" thing
doesn't seem to apply in practice, unfortunately).

-danny

6

It's not just AS_PATH, a lot of the reason so many duplicate updates
occur (nearly 50% of all updates at times, and often more during the
busiest times) is because on the other end implementations don't keep
egress advertisement state per attribute (e.g., if cluster_list length
just triggered an internal transition then a new update is sent to
external peers with no new information because the determining
internal attributes are stripped before transmitting the new update),
yet those *prefixes* might well be suppressed as a result of the
implementation and/or network architecture on the other end of the BGP
connection.

Then you couple what Joe was pointing out, where intermediate nodes
with consistently unstable links or "paths" result in penalizing an
entire prefix, not just the unstable paths, and it makes for more
brokenness than benefit when route flap damping is employed.

It's not that people haven't studied and understand why this occurs,
the issue is that implementation optimizations seem to always win out
today over systemic state effects (i.e., that "be conservative in what
you send" thing doesn't seem to apply in practice, unfortunately).

might some of this be that the implementations use router-id to fill in
an unconfigured rr cluster-id?

randy

7

Yep! So intermediate nodes in an iBGP topology with varying cluster
IDs per RR with a common client set can certainly result in duplicate
eBGP updates (not to mention lots of *useless* adj-RIB-In memory on
those RRs for storing routes that are completely useless and would
otherwise be discarded).

That said, even with common cluster IDs within a client set, and even
a single level (or completely flat) iBGP hierarchy, coupled with any
jitter, variable propagation delay along a path, asymmetric or not,
depending on transport connection dynamics, or variance in update arrival
rates, and BGP speaker MRAI interactions with each, all can result in
these duplicate updates at egress, and subsequent suppression via flap
damping if employed. And, of course, this is compounded by external
interconnection denseness on ingress and even non-adjacent downstream
ASNs.

I.e., there's room for protocol, implementation, and network architecture
variables here, and operators should expressly factor systemic effects of
each in their operating environment - they can have considerable impact.

-danny