Inferring the location points of traffic exchange between two networks

Hi NANOG,

I am researcher at the University of Oregon and my question is rather
primitive. My research background is in networked systems and Internet
measurement so I know how things work in theory.

My question is about BGP and what can be inferred from the output of
different "show" commands, regarding the point of traffic exchange of two
networks with different ASNs. I tried going through the some samples on
Juniper and Cisco documentations but I did not get my answer.

Consider the following scenario; Say the point of traffic exchange between
AS_a and AS_b is in San Francisco and we run "show bgp summary" and "show
ip bgp <prefix>"on a BGP router of AS_a in LA. Do we see the peering
between AS_a and AS_b in San Francisco using any of the two commands. If
yes is there a way to infer that in fact the traffic is not exchanged
locally in LA? I think there should be a flag to differentiate records
showing iBGP vs eBGP.

On the same note, if we issue the commands on a router other than the
border router in San Fran, is there any difference in the output of show
commands?

Now how are things different if we actually run the commands on that
gateway router in SF?

Best Regards
Reza Motamedi (R.M)
Graduate Research Fellow
Oregon Network Research Group
Computer and Information Science
University of Oregon

The fastest way to get this information first-hand would be to set up a
network in an emulator (GNS3, VIRL, PacketTracer, etc). There are hundreds
of guides online to do this. Then you could do the same show commands and
record the output.

Regards,
Ray Orsini – CEO
Orsini IT, LLC – Technology Consultants
VOICE DATA  BANDWIDTH  SECURITY  SUPPORT
P: 305.967.6756 x1009 E: ray@orsiniit.com TF: 844.OIT.VOIP
7900 NW 155th Street, Suite 103, Miami Lakes, FL 33016
http://www.orsiniit.com | View My Calendar | View/Pay Your Invoices | View
Your Tickets

Hi NANOG,

I am researcher at the University of Oregon and my question is rather
primitive. My research background is in networked systems and Internet
measurement so I know how things work in theory.

My question is about BGP and what can be inferred from the output of
different "show" commands, regarding the point of traffic exchange of two
networks with different ASNs. I tried going through the some samples on
Juniper and Cisco documentations but I did not get my answer.

Consider the following scenario; Say the point of traffic exchange between
AS_a and AS_b is in San Francisco and we run "show bgp summary"

show bgp summary just tells you about your bgp neighbors.

and "show
ip bgp <prefix>"on a BGP router of AS_a in LA. Do we see the peering
between AS_a and AS_b in San Francisco using any of the two commands.

You see AS path, and the nexthop the route was learned from (which is
probably (nexthop self) the router on which the prefix is learned) in
san francisco. that route is probably resolved by your igp.

so in an extremely simple example

       Network Next Hop Metric LocPref Weight Path
* > 8.8.8.0/24 72.14.202.50 96 56 0 15169 i

the nexthop happens to be an attached google peer

the as path is
15169 i

If
yes is there a way to infer that in fact the traffic is not exchanged
locally in LA? I think there should be a flag to differentiate records
showing iBGP vs eBGP.

If the router in LA sees the path as being through a router in san
francisco that is the direction it will forward it in.

Thanks Joel. I like examples. :slight_smile:

So say I issue the command on a router that is not the gateway. Would I get
the following?

       Network Next Hop Metric LocPref Weight Path
* > 8.8.8.0/24 <IP in AS_a> 96 56 0 <AS_a>
15169 i

With respect to "show bgp summary", if I know the location of the router
and the router shows the BGP neighbor in the output, can I just rely on
this info and say the point of exchange is where the router is located? For
example the following show output from a router in city say "X"

  BGP4 Summary
  Router ID: 192.65.184.1 Local AS Number: 513
  Confederation Identifier: not configured
  Confederation Peers:
  Cluster ID: 513
  Maximum Number of IP ECMP Paths Supported for Load Sharing: 4
  Number of Neighbors Configured: 18, UP: 18
  Number of Routes Installed: 997637, Uses 85796782 bytes
  Number of Routes Advertising to All Neighbors: 2196009 (569816
entries), Uses 27351168 bytes
  Number of Attribute Entries Installed: 305962, Uses 27536580 bytes
  Neighbor Address AS# State Time Rt:Accepted
Filtered Sent ToSend
  62.40.124.157 20965 ESTAB 76d23h58m 140497 0
    28 0
  83.97.88.33 21320 ESTAB 49d 5h11m 0 0
    28 0
  192.65.184.2 513 ESTAB 365d12h24m 243346 0
    493626 0
  192.65.184.3 513 ESTAB 405d12h31m 7010 0
    562695 0
  192.65.184.4 513 ESTAB 317d 9h 1m 0 0
    569704 0
  192.65.184.24 513 ESTAB 54d16h26m 0 0
    569704 0

  tells me that 513 is peering with 20965 that city, right?

Best Regards
Reza Motamedi (R.M)
Graduate Research Fellow
Oregon Network Research Group
Computer and Information Science
University of Oregon

Thanks Joel. I like examples. :slight_smile:

So say I issue the command on a router that is not the gateway. Would I
get the following?

       Network Next Hop Metric LocPref Weight Path
* > 8.8.8.0/24 <http://8.8.8.0/24&gt; <IP in AS_a> 96
56 0 <AS_a> 15169 i

It should be the nexthop self (loopback ip) of the originating router,
unless you don't do it that way and your provider numbered interfaces
are passively included in your igp.

With respect to "show bgp summary", if I know the location of the router
and the router shows the BGP neighbor in the output, can I just rely on
this info and say the point of exchange is where the router is located?
For example the following show output from a router in city say "X"

if you elide the existence of long-haul-paths, distributed exchange
fabrics, ebgp multihop sessions, l2 vpn and so on. it is certainly not
the case with ibgp sessions which could include things like route
reflectors. topological adjacency might imply proximity but it's not an
assurance.

Hi NANOG,

I am researcher at the University of Oregon and my question is rather
primitive. My research background is in networked systems and Internet
measurement so I know how things work in theory.

My question is about BGP and what can be inferred from the output of
different "show" commands, regarding the point of traffic exchange of two
networks with different ASNs. I tried going through the some samples on
Juniper and Cisco documentations but I did not get my answer.

Consider the following scenario; Say the point of traffic exchange between
AS_a and AS_b is in San Francisco and we run "show bgp summary" and "show
ip bgp <prefix>"on a BGP router of AS_a in LA. Do we see the peering
between AS_a and AS_b in San Francisco using any of the two commands. If
yes is there a way to infer that in fact the traffic is not exchanged
locally in LA? I think there should be a flag to differentiate records
showing iBGP vs eBGP.

On the same note, if we issue the commands on a router other than the
border router in San Fran, is there any difference in the output of show
commands?

Now how are things different if we actually run the commands on that
gateway router in SF?

Hi Reza,

A reasonably recent paper discussing AS relationships:
[1106.2417] Inferring Internet AS Relationships Based on BGP Routing Policies.

Cheers,

mh

Hi Reza,

My question is about BGP and what can be inferred from the output of
different "show" commands, regarding the point of traffic exchange of two
networks with different ASNs.

Unless you have a tremendous amount of peers and feeds to work with,
you'll have a hard time building a valid interconnection graph from BGP
cli outputs.

The best mapping outputs I have seen for now have been built using probe
clusters (either RIPE ATLAS or NLNOG Ring) with traceroutes, by merging
data from the observed routes AND both DNS and BGP.

DNS is quite usefull here as most of us use location codes in router's
FQDN. BGP will only help in matching subnets within ASes and corroborate
some discrete relationships.

Also note that each node in the directed graph may expose multiple
addresses, and that latency between routers isn't a reliable metric
(still a usefull indicator, YMMV)

Best regards,