Hi,
Thanks for all the replies! I've consolidated them here hoping to save
some noise....
From: Bill Nash <billn@odyssey.billn.net>
Were I faced with this reporting equirement on an on-going basis, I'd
suggest establishing a read-only BGP peer with both devices and comparing
directly. I've got a perl BGP peering daemon that feeds and maintains a
mirror of the BGP routing table into SQL, applying updates and withdrawals
as they come in. Setting up something similar, and adding some additional
metrics to keep entries unique by peer source would facilitate your end
goal with simple SQL grouping mechanics.
This is an idea, thank you. I was hoping for something that would
be a bit more "smarter" than BGP . What I was looking for would be something
that could say :
Router A has route 216.231.96.0/24, 216.231.97.0/24, (etc) while
Router B has 216.231.96.0/19
Router B has the following /30's :
A.B.C.D, E.F.G.H, I.J.K.L
Router A has 216.231.96.0/24, 216.231.97.0/24, but Router B has
a route of 216.231.96.0/19 but none of the other /24's.
From: Richard A Steenbergen <ras@e-gerbil.net>
This is actually fairly common. There are a lot of folks out there who
announce more specifics to one network but not another, or who apply no
export or limited export community tags in various places. Also, every
network has a different filter policy of what they will and won't accept.
I understood that this happened, but didn't think it could account
for 3K to 10K routes. Guess it can. ![:slight_smile: :slight_smile:](https://community.nanog.org/images/emoji/apple/slight_smile.png?v=12)
FWIW my "exported to bgp speaking customers" count at this moment is
182525.
Thats in line with the CIDR report, and I wouldn't mind.
I wouldn't get concerned about it unless the network with more
prefixes is doing something absurdly stupid like sending you internal /30s
and such (which, well, a lot of people do :P). It could also be something
like peers agreeing to traffic engineer by sending each other more
specifics w/meds, though if they were smart they would be doing that with
no-export so as to not make your TE job more difficult.
Thats what I'm hoping to find out. ![:slight_smile: :slight_smile:](https://community.nanog.org/images/emoji/apple/slight_smile.png?v=12)
If you really want
to compare the differences, try something like:
telnet yourrouter | tee outputfile
term length 0
sh ip bgp nei x.x.x.x received-routes
quit
Followed by 30 secs with awk(1), cut(1), diff(1), etc. For floundry,
something dirt simple like "grep / | awk '{ print $2 }'" should do the
trick.
(See above what I was looking for the output, but again, something
to start with, thanks!)
From: md@Linux.IT (Marco d'Itri)
Is there a utility that I can use that will pull the
routes off each router (Foundry preferred), and then compare
them as best it can to see why there is such a difference?
I have one, but it's cisco-specific:
http://www.bofh.it/~md/software/cisco-tools-0.2.tgz (the dumppeers script)
himinbjorg# fetch http://www.bofh.it/~md/software/cisco-tools-0.2.tgz
fetch: http://www.bofh.it/~md/software/cisco-tools-0.2.tgz: Not Found
Then you can easily find the missing routes with commands like:
awk '{print $1}' < ../routes/1.2.3.4 | sort > ROUTER1
awk '{print $1}' < ../routes/1.2.3.5 | sort > ROUTER2
comm -23 ROUTER1 ROUTER2 > MISSING2
No worries, I'll take a look at it and then see if I can
"Foundryize" it.
Its not such a case of "missing" but maybe more
aggregated differently, etc. But again, all leads will be taken!
From: John Kristoff <jtk@ultradns.net>
Is there a utility that I can use that will pull the
routes off each router (Foundry preferred), and then compare
them as best it can to see why there is such a difference?
I don't know anything about foundry, but if you can simply display
the routing table from a terminal, you can go the hacky unix cli
tool way. For example, use 'script' to log your terminal session
to a file, then presuming you can show the route table and each
route includes a 'via upstream-address-line' line for each route
(completely untested and I'm sure someone could come up with
something much simpler and better):
grep 'via upstream?' script > upstream?
perl -ne 'print "$1\n" if /(\d{1,3}(?:\.\d{1,3}){3}\/\d{1,3})/' upstream? |
sort > upstream?.sored
comm -23 upstream1.txt upstream2.txt
comm -13 upstream1.txt upstream2.txt
Thanks!
From: Warren Kumari <warren@kumari.net>
Sounds to me like one of your providers is not feeding you the full
internet routing table. Have you checked with them to see if they are
providing you that?
Sounds to me like a: you are only looking at best routes or b: one of
the providers is sending you more specific customer routes (that they
summarize before sending to non-customers).
Personally I would just slurp one set of routes into an array in perl
and then delete them if they appear in the other set. Any left over
in either set are unique....
It wouldn't take aggregate differences into account.
From: "Majdi S. Abbas" <msa@latt.net>
We receive a BGP feed from different providers on two
different routers. While one seems to be a reasonable amount
of feeds after reviewing the CIDR report, the other is anywhere
from 3K to 10K more routes.
Thanks, Tuc/TBOH
-snip-
I refer both of you to the following message that I posted a
few years ago, rather than restate it all:
http://www.merit.edu/mail.archives/nanog/2001-02/msg00347.html
Hope this helps.
--msa
No, I agree, I don't think I'm MISSING, just want to know what
the differences are to see why there is such a disparity. Maybe I need
to get the provider to filter or change communities, etc.