Re: Is your ISP Influenza-ready?
I think a lot of people would love to know just how they plan to make that happen. :-) Well, they could require companies to test their ability to handle homeworking by having employees work from home on some kind of rota system. This would change traffic patterns quite a bit and that could cause ISPs to initiate upgrades. --Michael Dillon (working from home today) P.S. when I go to a web page today, the connection originates from the proxy service in the office, just like any working day. But there is now additional traffic between my home broadband connection and the VPN server at work. In other words, some portion of our internal LAN traffic is now going across an ISP network.
data center space
Can someone tell me if I am out of luck. I am trying to get a 10x10 cage in New Jersey (Jersey City area) but it seems everybody is at capacity. What happened?
Re: data center space
On Tue, Apr 18, 2006 at 09:34:41AM -0700, Philip Lavine wrote: Can someone tell me if I am out of luck. I am trying to get a 10x10 cage in New Jersey (Jersey City area) but it seems everybody is at capacity. What happened? Try VZN/MCI Carteret, down the Turnpike about 8 miles. -- Mike Sawicki
Re: Is your ISP Influenza-ready?
On 4/18/06, Martin Hannigan [EMAIL PROTECTED] wrote: Vendors like it because it's a revenue boost. It obviously requires build-ahead capacity and maintenance of overload capacity that will likely sit idle for 99% of it's life span. Who pays? [ ..hears ISP product managers scurrying to create PriortyVPN or priority vpn products as a result... heh - implied trademark here] Probably sell them a product where b/w is burstable to a much higher level - at least for short periods of time, to deal with sudden use spikes (or to create extra capacity for those periodic trojan outbreaks that will otherwise simply max their pipe out)
Re: Is your ISP Influenza-ready?
On Mon, Apr 17, 2006 at 02:05:41PM -0400, Jared Mauch wrote: Back to the original question, how well could you cope for such an event? It's always challenging to think about what would happen as sometimes it includes the unexpected. All the guidance suggests you're going to lose as much as 40% of your workforce. Well, what intrigues me, is: which 40? I don't think the virus is going to select sales, marketing, and Tech support in that order (unless it's an STD epidemic, har har). Were that the case we might actually look forward to such outbreaks. On the other hand, at *every* substantially sized network I've worked at, the Network Engineering types that might reasonably do something useful in such an emergency situation are generally: 1) A close-knit group, going to lunches together and cohabitating cubicles so as to avoid exposure to aforementioned sales, marketing, and tech support or customer service. Indeed, at a few places I worked, they even spent most every weekend together. For all the rest of the world decrying geeks as socially inept, they are highly efficient at social assimilation of their own kind. 2) Given a 'low desirability' office space. No windows, usually poor air circulation. It is often called The Back Room or similar, or is located in a space you wouldn't expect to find humans. This isn't (usually) anyone being mean: engineers seem to like dark corners, something about making it easier to read monitors, and locations that provide fewer interruptions due to unlikelyhood of foot traffic. 3) Better at taking care of their networks than themselves. Or at least, more willing to - too frequent is the case I see an engineer, hacking, coughing, and wheezing at his monitor, plucking away at the keyboard deep into the night. So there you have it. They're likely to come to work even though they're sick (presuming they don't know it's a lethal virus), where they work and spend all their face-to-face time in close quarters with recirculated air with the rest of the company's engineers. It's like someone intentionally optimized this function specifically to be the most pessimal. So I think it's actually highly probable that a meatspace-viral vector would take out the entire engineering staff at most service providers I've worked at if only one of them caught the bug. I have to imagine this is representative of other work environments. We all seem to share the same collective experience in this sense, at least the folks I've talked to. And that loss would be way under 40% of the total company's staff, a mere blip really. So, which 40% can you afford to lose? How likely is it that the 60% that's left behind will be able to do the job? Will they need step-by- step instructions so that even an untrained monkey can muddle through? -- David W. HankinsIf you don't do it right the first time, Software Engineer you'll just have to do it again. Internet Systems Consortium, Inc. -- Jack T. Hankins pgpjTcTpih4qo.pgp Description: PGP signature
Re: Is your ISP Influenza-ready?
Hello; On Apr 18, 2006, at 1:53 PM, David W. Hankins wrote: On Mon, Apr 17, 2006 at 02:05:41PM -0400, Jared Mauch wrote: Back to the original question, how well could you cope for such an event? It's always challenging to think about what would happen as sometimes it includes the unexpected. All the guidance suggests you're going to lose as much as 40% of your workforce. Well, what intrigues me, is: which 40? I don't think the virus is going to select sales, marketing, and Tech support in that order (unless it's an STD epidemic, har har). Were that the case we might actually look forward to such outbreaks. The most likely disease vector is, from what I have heard, airline travel. Assorted people from all over are brought together for a meal (or, at least, bogus pretzels) in a confined space for a few hours, then released back into the general population. So the NANOG and IETF crowd would probably be the first to go. Since I travel a lot, and to the same meetings, I can't say that that this seems like a good idea to me. If any of this actually starts happening, we all may become very interested in video conferencing. Regards Marshall On the other hand, at *every* substantially sized network I've worked at, the Network Engineering types that might reasonably do something useful in such an emergency situation are generally: 1) A close-knit group, going to lunches together and cohabitating cubicles so as to avoid exposure to aforementioned sales, marketing, and tech support or customer service. Indeed, at a few places I worked, they even spent most every weekend together. For all the rest of the world decrying geeks as socially inept, they are highly efficient at social assimilation of their own kind. 2) Given a 'low desirability' office space. No windows, usually poor air circulation. It is often called The Back Room or similar, or is located in a space you wouldn't expect to find humans. This isn't (usually) anyone being mean: engineers seem to like dark corners, something about making it easier to read monitors, and locations that provide fewer interruptions due to unlikelyhood of foot traffic. 3) Better at taking care of their networks than themselves. Or at least, more willing to - too frequent is the case I see an engineer, hacking, coughing, and wheezing at his monitor, plucking away at the keyboard deep into the night. So there you have it. They're likely to come to work even though they're sick (presuming they don't know it's a lethal virus), where they work and spend all their face-to-face time in close quarters with recirculated air with the rest of the company's engineers. It's like someone intentionally optimized this function specifically to be the most pessimal. So I think it's actually highly probable that a meatspace-viral vector would take out the entire engineering staff at most service providers I've worked at if only one of them caught the bug. I have to imagine this is representative of other work environments. We all seem to share the same collective experience in this sense, at least the folks I've talked to. And that loss would be way under 40% of the total company's staff, a mere blip really. So, which 40% can you afford to lose? How likely is it that the 60% that's left behind will be able to do the job? Will they need step- by- step instructions so that even an untrained monkey can muddle through? -- David W. HankinsIf you don't do it right the first time, Software Engineer you'll just have to do it again. Internet Systems Consortium, Inc. -- Jack T. Hankins
RIPE @ Istanbul , Turkey
Dear Nanogers, If you will be attending to RIPE Meeting @ Istanbul Next week, it would be really cool to meet with you and go around (I am going to be in the meeting) actually I am not living in Turkey, but I was born and raised there so, I can help you guys to go around, etc. I Know many EU folks read here so if you need help, let me know. Mehmet Akcin
Re: Is your ISP Influenza-ready?
On April 18, 2006 at 10:53 [EMAIL PROTECTED] (David W. Hankins) wrote: On Mon, Apr 17, 2006 at 02:05:41PM -0400, Jared Mauch wrote: Back to the original question, how well could you cope for such an event? It's always challenging to think about what would happen as sometimes it includes the unexpected. All the guidance suggests you're going to lose as much as 40% of your workforce. Well, what intrigues me, is: which 40? (rest of interesting note snipped because you know how to find it) (Warning: unnecessary and overly long speculation follows) Studies of changes brought on by major outbreaks of the plague in Europe tend to be surprised by the qualitative and unexpected changes which occurred. Many make sense only in retrospect. For example, there was recently an article floating around in the news about how the plagues of 1666 and thereabouts may've brought on the mini ice age thereafter which itself may've been in part responsible for motivating the US revolution against Britain in 1776, among other events, but that's a pretty big one in the course of modern history. The reasoning was that the plague so reduced both the farming population and consumption that it caused a lot of farmland to be abandoned to second growth forest which caused widespread carbon sequestering or something like that leading to the drop in temperature and its subsequent effect on European civilization (I won't try to actually argue that point here but it's intriguing.) So if you're really expecting something as macro as 40% of the population dropping dead I think one has to think much bigger and much more in the realm of unexpected consequences. As one guess, if 40% of the population dropped dead a more likely effect than having to continue on with the other 60% of the staff is that the company would just be unable to deal with the loss of customers and staff not to mention the services these people are trying to get to, they're collapsing for the same reasons, a cascade effect. Most would be closed in short order. Maybe all of them, kind of like the airlines trying to adjust to higher fuel costs, many just can't even if the desire to fly (demand) appears to be sufficient to keep them going the business models just cease working. Ok some airlines obviously weathered the change and even prospered but I hope you get my point that it's way beyond Delta or UA et al just cutting an appropriate number of flights and staff (which doesn't seem to have worked), a linear response to a linear problem (higher fuel costs), and required entire reworking of business models from (ahem!) the ground up, or dissolution. Most companies don't go under because they lose a lot of their revenue, they're often dead due to losing a relatively small amount of revenue (like 10-15%) due to fixed overheads. For example, do you think your ISP's landlords are going to let them out of their office leases just because they have so many fewer staff to seat? Particularly in the face of a sea of bankruptcies cancelling leases? Etc. You'd probably be smarter just going into the casket business or something like that, grief counseling perhaps. -- -Barry Shein The World | [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Is your ISP Influenza-ready?
Barry Shein wrote: [snip] So if you're really expecting something as macro as 40% of the population dropping dead I think one has to think much bigger and much more in the realm of unexpected consequences. Uhh... I think, I _hope_ that we are talking about 40% of your workforce NOT SHOWING UP TO THE OFFICE for days or weeks, not dropping dead, not even necessarily getting sick. A 40% mortality rate among otherwise healthy adults, and we have much bigger issues to worry about. -- Crist J. Clark [EMAIL PROTECTED] Globalstar Communications(408) 933-4387
Re: Is your ISP Influenza-ready?
Sorry! I should have said that my deadline was early this morning (EST.) On Tue, 18 Apr 2006, Crist Clark wrote: Barry Shein wrote: [snip] So if you're really expecting something as macro as 40% of the population dropping dead I think one has to think much bigger and much more in the realm of unexpected consequences. Uhh... I think, I _hope_ that we are talking about 40% of your workforce NOT SHOWING UP TO THE OFFICE for days or weeks, not dropping dead, not even necessarily getting sick. A 40% mortality rate among otherwise healthy adults, and we have much bigger issues to worry about. -- Crist J. Clark [EMAIL PROTECTED] Globalstar Communications(408) 933-4387 !DSPAM:4445419063511809929648!
Determine difference between 2 BGP feeds
Hi, We receive a BGP feed from different providers on two different routers. While one seems to be a reasonable amount of feeds after reviewing the CIDR report, the other is anywhere from 3K to 10K more routes. Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I can understand a handful of routes over what CIDR says, but a minimum of 3K more? Thanks, Tuc/TBOH
Re: Determine difference between 2 BGP feeds
On Tue, 18 Apr 2006, Scott Tuc Ellentuch at T-B-O-H wrote: Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I can understand a handful of routes over what CIDR says, but a minimum of 3K more? Is one of them as4323? -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
RE: Determine difference between 2 BGP feeds
Sounds to me like one of your providers is not feeding you the full internet routing table. Have you checked with them to see if they are providing you that? Mike Walter Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Tuc Ellentuch at T-B-O-H Sent: Tuesday, April 18, 2006 4:13 PM To: nanog@merit.edu Subject: Determine difference between 2 BGP feeds Hi, We receive a BGP feed from different providers on two different routers. While one seems to be a reasonable amount of feeds after reviewing the CIDR report, the other is anywhere from 3K to 10K more routes. Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I can understand a handful of routes over what CIDR says, but a minimum of 3K more? Thanks, Tuc/TBOH
Re: Determine difference between 2 BGP feeds
On Tue, 18 Apr 2006, Scott Tuc Ellentuch at T-B-O-H wrote: Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I can understand a handful of routes over what CIDR says, but a minimum of 3K more? Is one of them as4323? Actually, no. I wasn't wanting to name names to protect the innocent... BUT ROUTER1: Neighbor Address AS# State Time Rt:Accepted Filtered Sent ToSend 64.200.58.69 7911 ESTAB 4d21h57m182287 04 0 ROUTER2: Neighbor Address AS# State Time Rt:Accepted Filtered Sent ToSend 69.28.152.229 22822 ESTAB 18d16h51m186379 04 0 Tuc/TBOH
Re: Determine difference between 2 BGP feeds
On Apr 18, 2006, at 1:19 PM, Mike Walter wrote: Sounds to me like one of your providers is not feeding you the full internet routing table. Have you checked with them to see if they are providing you that? Sounds to me like a: you are only looking at best routes or b: one of the providers is sending you more specific customer routes (that they summarize before sending to non-customers). Personally I would just slurp one set of routes into an array in perl and then delete them if they appear in the other set. Any left over in either set are unique W Mike Walter Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Tuc Ellentuch at T-B-O-H Sent: Tuesday, April 18, 2006 4:13 PM To: nanog@merit.edu Subject: Determine difference between 2 BGP feeds Hi, We receive a BGP feed from different providers on two different routers. While one seems to be a reasonable amount of feeds after reviewing the CIDR report, the other is anywhere from 3K to 10K more routes. Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I can understand a handful of routes over what CIDR says, but a minimum of 3K more? Thanks, Tuc/TBOH -- Some people are like Slinkies..Not really good for anything but they still bring a smile to your face when you push them down the stairs.
Re: Determine difference between 2 BGP feeds
On Tue, 18 Apr 2006 16:13:12 -0400 (EDT) Scott Tuc Ellentuch at T-B-O-H [EMAIL PROTECTED] wrote: Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I don't know anything about foundry, but if you can simply display the routing table from a terminal, you can go the hacky unix cli tool way. For example, use 'script' to log your terminal session to a file, then presuming you can show the route table and each route includes a 'via upstream-address-line' line for each route (completely untested and I'm sure someone could come up with something much simpler and better): grep 'via upstream?' script upstream? perl -ne 'print $1\n if /(\d{1,3}(?:\.\d{1,3}){3}\/\d{1,3})/' upstream? | sort upstream?.sored comm -23 upstream1.txt upstream2.txt comm -13 upstream1.txt upstream2.txt John
Re: Determine difference between 2 BGP feeds
On Apr 18, Scott Tuc Ellentuch at T-B-O-H [EMAIL PROTECTED] wrote: Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I have one, but it's cisco-specific: http://www.bofh.it/~md/software/cisco-tools-0.2.tgz (the dumppeers script) Then you can easily find the missing routes with commands like: awk '{print $1}' ../routes/1.2.3.4 | sort ROUTER1 awk '{print $1}' ../routes/1.2.3.5 | sort ROUTER2 comm -23 ROUTER1 ROUTER2 MISSING2 -- ciao, Marco
Re: Is your ISP Influenza-ready?
On Tue, Apr 18, 2006 at 12:43:11PM -0700, Crist Clark wrote: Barry Shein wrote: So if you're really expecting something as macro as 40% of the population dropping dead I think one has to think much bigger and much more in the realm of unexpected consequences. Uhh... I think, I _hope_ that we are talking about 40% of your workforce NOT SHOWING UP TO THE OFFICE for days or weeks, not dropping dead, not even necessarily getting sick. A slightly different aggregate: 40% of your workforce being unable to work. Some portion of that might be death, grieving, being sick, helping family or friends that are sick, fighting off zombies, or searching aimlessly for human brains to consume. That is to say that some of the remaining 60 may be working from home. -- David W. HankinsIf you don't do it right the first time, Software Engineer you'll just have to do it again. Internet Systems Consortium, Inc. -- Jack T. Hankins
Re: Determine difference between 2 BGP feeds
On Tue, Apr 18, 2006 at 04:28:40PM -0400, Scott Tuc Ellentuch at T-B-O-H wrote: On Tue, 18 Apr 2006, Scott Tuc Ellentuch at T-B-O-H wrote: Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I can understand a handful of routes over what CIDR says, but a minimum of 3K more? Is one of them as4323? Actually, no. I wasn't wanting to name names to protect the innocent... BUT ROUTER1: Neighbor Address AS# State Time Rt:Accepted Filtered Sent ToSend 64.200.58.69 7911 ESTAB 4d21h57m182287 04 0 ROUTER2: Neighbor Address AS# State Time Rt:Accepted Filtered Sent ToSend 69.28.152.229 22822 ESTAB 18d16h51m186379 04 0 This is actually fairly common. There are a lot of folks out there who announce more specifics to one network but not another, or who apply no export or limited export community tags in various places. Also, every network has a different filter policy of what they will and won't accept. FWIW my exported to bgp speaking customers count at this moment is 182525. I wouldn't get concerned about it unless the network with more prefixes is doing something absurdly stupid like sending you internal /30s and such (which, well, a lot of people do :P). It could also be something like peers agreeing to traffic engineer by sending each other more specifics w/meds, though if they were smart they would be doing that with no-export so as to not make your TE job more difficult. If you really want to compare the differences, try something like: telnet yourrouter | tee outputfile term length 0 sh ip bgp nei x.x.x.x received-routes quit Followed by 30 secs with awk(1), cut(1), diff(1), etc. For floundry, something dirt simple like grep / | awk '{ print $2 }' should do the trick. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Determine difference between 2 BGP feeds
Were I faced with this reporting equirement on an on-going basis, I'd suggest establishing a read-only BGP peer with both devices and comparing directly. I've got a perl BGP peering daemon that feeds and maintains a mirror of the BGP routing table into SQL, applying updates and withdrawals as they come in. Setting up something similar, and adding some additional metrics to keep entries unique by peer source would facilitate your end goal with simple SQL grouping mechanics. - billn On Tue, 18 Apr 2006, Marco d'Itri wrote: On Apr 18, Scott Tuc Ellentuch at T-B-O-H [EMAIL PROTECTED] wrote: Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I have one, but it's cisco-specific: http://www.bofh.it/~md/software/cisco-tools-0.2.tgz (the dumppeers script) Then you can easily find the missing routes with commands like: awk '{print $1}' ../routes/1.2.3.4 | sort ROUTER1 awk '{print $1}' ../routes/1.2.3.5 | sort ROUTER2 comm -23 ROUTER1 ROUTER2 MISSING2 -- ciao, Marco
Re: Is your ISP Influenza-ready?
On Tue, 18 Apr 2006 10:53:33 PDT, David W. Hankins said: So, which 40% can you afford to lose? How likely is it that the 60% that's left behind will be able to do the job? Will they need step-by- step instructions so that even an untrained monkey can muddle through? As we all find out the hard way that Douglas Adams was right, and telephone sanitizers really *are* important. pgpR6dikPA4zM.pgp Description: PGP signature
Re: Determine difference between 2 BGP feeds
Much of what Bill described below is already present using Nick Feamster's bgptools release: http://nms.lcs.mit.edu/software/bgp/ bgptools/ Start with zebra / quagga / etc., which do a great job of dumping tables and updates. Then use bgptools to take the MRT-formatted dumps that Zebra spits out and turn them into text, etc. With the '-q' option, can insert the BGP updates or table snapshot directly into a SQL database. then the libbgpdump.a library gives you lots of cool things on top of that. You'd have to do a little work to get the analysis tool you want, but it's pretty easy. Use the 'buildtree' starting program to build the prefix tree from each provider and then compare those two trees (see which prefixes are present/not present, see if any parts of the IP space are unreachable in in one and unreachable in the other, etc.) It starts as Bill suggested - a read-only BGP peer from the devices, which takes about 3 seconds to set up. -Dave On Apr 18, 2006, at 5:01 PM, Bill Nash wrote: Were I faced with this reporting equirement on an on-going basis, I'd suggest establishing a read-only BGP peer with both devices and comparing directly. I've got a perl BGP peering daemon that feeds and maintains a mirror of the BGP routing table into SQL, applying updates and withdrawals as they come in. Setting up something similar, and adding some additional metrics to keep entries unique by peer source would facilitate your end goal with simple SQL grouping mechanics. - billn On Tue, 18 Apr 2006, Marco d'Itri wrote: On Apr 18, Scott Tuc Ellentuch at T-B-O-H [EMAIL PROTECTED] wrote: Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I have one, but it's cisco-specific: http://www.bofh.it/~md/software/cisco-tools-0.2.tgz (the dumppeers script) Then you can easily find the missing routes with commands like: awk '{print $1}' ../routes/1.2.3.4 | sort ROUTER1 awk '{print $1}' ../routes/1.2.3.5 | sort ROUTER2 comm -23 ROUTER1 ROUTER2 MISSING2 -- ciao, Marco PGP.sig Description: This is a digitally signed message part
RE: Determine difference between 2 BGP feeds
On Apr 18, Scott Tuc Ellentuch at T-B-O-H [EMAIL PROTECTED] wrote: Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I have one, but it's cisco-specific: http://www.bofh.it/~md/software/cisco-tools-0.2.tgz (the dumppeers script) Actually, found here: http://www.linux.it/~md/software/cisco-tools-0.2.tgz
Re: Determine difference between 2 BGP feeds
Hi, Thanks for all the replies! I've consolidated them here hoping to save some noise From: Bill Nash [EMAIL PROTECTED] Were I faced with this reporting equirement on an on-going basis, I'd suggest establishing a read-only BGP peer with both devices and comparing directly. I've got a perl BGP peering daemon that feeds and maintains a mirror of the BGP routing table into SQL, applying updates and withdrawals as they come in. Setting up something similar, and adding some additional metrics to keep entries unique by peer source would facilitate your end goal with simple SQL grouping mechanics. This is an idea, thank you. I was hoping for something that would be a bit more smarter than BGP . What I was looking for would be something that could say : Router A has route 216.231.96.0/24, 216.231.97.0/24, (etc) while Router B has 216.231.96.0/19 Router B has the following /30's : A.B.C.D, E.F.G.H, I.J.K.L Router A has 216.231.96.0/24, 216.231.97.0/24, but Router B has a route of 216.231.96.0/19 but none of the other /24's. From: Richard A Steenbergen [EMAIL PROTECTED] This is actually fairly common. There are a lot of folks out there who announce more specifics to one network but not another, or who apply no export or limited export community tags in various places. Also, every network has a different filter policy of what they will and won't accept. I understood that this happened, but didn't think it could account for 3K to 10K routes. Guess it can. :) FWIW my exported to bgp speaking customers count at this moment is 182525. Thats in line with the CIDR report, and I wouldn't mind. I wouldn't get concerned about it unless the network with more prefixes is doing something absurdly stupid like sending you internal /30s and such (which, well, a lot of people do :P). It could also be something like peers agreeing to traffic engineer by sending each other more specifics w/meds, though if they were smart they would be doing that with no-export so as to not make your TE job more difficult. Thats what I'm hoping to find out. :) If you really want to compare the differences, try something like: telnet yourrouter | tee outputfile term length 0 sh ip bgp nei x.x.x.x received-routes quit Followed by 30 secs with awk(1), cut(1), diff(1), etc. For floundry, something dirt simple like grep / | awk '{ print $2 }' should do the trick. (See above what I was looking for the output, but again, something to start with, thanks!) From: [EMAIL PROTECTED] (Marco d'Itri) On Apr 18, Scott Tuc Ellentuch at T-B-O-H [EMAIL PROTECTED] wrote: Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I have one, but it's cisco-specific: http://www.bofh.it/~md/software/cisco-tools-0.2.tgz (the dumppeers script) himinbjorg# fetch http://www.bofh.it/~md/software/cisco-tools-0.2.tgz fetch: http://www.bofh.it/~md/software/cisco-tools-0.2.tgz: Not Found Then you can easily find the missing routes with commands like: awk '{print $1}' ../routes/1.2.3.4 | sort ROUTER1 awk '{print $1}' ../routes/1.2.3.5 | sort ROUTER2 comm -23 ROUTER1 ROUTER2 MISSING2 No worries, I'll take a look at it and then see if I can Foundryize it. :) Its not such a case of missing but maybe more aggregated differently, etc. But again, all leads will be taken! From: John Kristoff [EMAIL PROTECTED] On Tue, 18 Apr 2006 16:13:12 -0400 (EDT) Scott Tuc Ellentuch at T-B-O-H [EMAIL PROTECTED] wrote: Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I don't know anything about foundry, but if you can simply display the routing table from a terminal, you can go the hacky unix cli tool way. For example, use 'script' to log your terminal session to a file, then presuming you can show the route table and each route includes a 'via upstream-address-line' line for each route (completely untested and I'm sure someone could come up with something much simpler and better): grep 'via upstream?' script upstream? perl -ne 'print $1\n if /(\d{1,3}(?:\.\d{1,3}){3}\/\d{1,3})/' upstream? | sort upstream?.sored comm -23 upstream1.txt upstream2.txt comm -13 upstream1.txt upstream2.txt Thanks! From: Warren Kumari [EMAIL PROTECTED] On Apr 18, 2006, at 1:19 PM, Mike Walter wrote: Sounds to me like one of your providers is not feeding you the full internet routing table. Have you checked with them to see if they are providing you that? Sounds to me like a: you are only looking at best routes or b: one of the providers is sending you more specific customer routes (that they summarize before sending to non-customers). Personally I would just slurp one set
Re: Determine difference between 2 BGP feeds
On Tue, 18 Apr 2006, David Andersen wrote: Much of what Bill described below is already present using Nick Feamster's bgptools release: http://nms.lcs.mit.edu/software/bgp/bgptools/ Start with zebra / quagga / etc., which do a great job of dumping tables and updates. Then use bgptools to take the MRT-formatted dumps that Zebra spits out and turn them into text, etc. With the '-q' option, can insert the BGP updates or table snapshot directly into a SQL database. My peer actually comes from a Zebra box, so I'm not talking directly to any production devices, in the event that I want to bounce my db feed up and down (debugging, featuritis treatments, etc) Z/Q + bgptools is a great suggestion for doing complex reporting/comparison on the routing tables, though. I've got a need for a more real-time view, so my setup fits me a little better than your suggestion, but potato/potatoe. =) then the libbgpdump.a library gives you lots of cool things on top of that. You'd have to do a little work to get the analysis tool you want, but it's pretty easy. Use the 'buildtree' starting program to build the prefix tree from each provider and then compare those two trees (see which prefixes are present/not present, see if any parts of the IP space are unreachable in in one and unreachable in the other, etc.) This is pretty interesting, I'll have to tinker with it, especially since I know one of my providers doesn't give me a full routing table. It starts as Bill suggested - a read-only BGP peer from the devices, which takes about 3 seconds to set up. And for folks to whom this is new stuff: don't be an idiot, put Zebra/Quagga up as a peer/buffer for attaching analysis tools to your network. *Never* attach development grade tools to a production device, most especially when you're dealing with a routing table. Not that I've ever taken down a live router in this manner[1], I'm just saying.. ;) - billn [1] All smirking current/past coworkers are kindly invited to stfu. =)
Re: Is your ISP Influenza-ready?
On 4/18/06, Crist Clark [EMAIL PROTECTED] wrote: Uhh... I think, I _hope_ that we are talking about 40% of your workforce NOT SHOWING UP TO THE OFFICE for days or weeks, not dropping dead, not even necessarily getting sick. A 40% mortality rate among otherwise healthy adults, and we have much bigger issues to worry about. Indeed. Estimates I've read on CNN in the past few days (I know, I know) say that if H5N1 were to be approximately as virulent and deadly as the 1918 flu, we would be looking at 90 million infected and 1.9 million dead in the US. -Rusty
RE: Determine difference between 2 BGP feeds
More than likely, one provider is feeding too many routes -- some that I have run across tend to feed more specific internal routes (read: redistributing IGP into BGP) to customer BGP sessions. The two I've run across, after I yelled, they fixed. On Tue, 18 Apr 2006, Mike Walter wrote: Sounds to me like one of your providers is not feeding you the full internet routing table. Have you checked with them to see if they are providing you that? Mike Walter Systems Administrator -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Scott Tuc Ellentuch at T-B-O-H Sent: Tuesday, April 18, 2006 4:13 PM To: nanog@merit.edu Subject: Determine difference between 2 BGP feeds Hi, We receive a BGP feed from different providers on two different routers. While one seems to be a reasonable amount of feeds after reviewing the CIDR report, the other is anywhere from 3K to 10K more routes. Is there a utility that I can use that will pull the routes off each router (Foundry preferred), and then compare them as best it can to see why there is such a difference? I can understand a handful of routes over what CIDR says, but a minimum of 3K more? Thanks, Tuc/TBOH -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
Re: Is your ISP Influenza-ready?
According to the wikipedia's quote of WHO the weighted average mortality rate, which would be across 50 human cases, is 66% in 2006, and 56% across all 194 cases reported since 2004. http://en.wikipedia.org/wiki/H5N1 is this different if you run is-is as opposed to ospf? as is-is is not over ip, perhaps virii at the ip layer are less of a worry to larger isps (who mostly run is-is)? randy
Re: Is your ISP Influenza-ready?
On Tue, 18 Apr 2006 14:55:11 -1000, Randy Bush [EMAIL PROTECTED] wrote: According to the wikipedia's quote of WHO the weighted average mortality rate, which would be across 50 human cases, is 66% in 2006, and 56% across all 194 cases reported since 2004. http://en.wikipedia.org/wiki/H5N1 is this different if you run is-is as opposed to ospf? as is-is is not over ip, perhaps virii at the ip layer are less of a worry to larger isps (who mostly run is-is)? IS-IS can carry retroviruses, which are RNA-based. This discussion did start out with operational content --Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Re: Determine difference between 2 BGP feeds
More than likely, one provider is feeding too many routes -- some that I have run across tend to feed more specific internal routes (read: redistributing IGP into BGP) to customer BGP sessions. The two I've run across, after I yelled, they fixed. I quickly took a look for anything less than a /24 (Not that you can't route /24s in IGP) and that accounts for 25% of the overage : /25 - 274 /26 - 178 /27 - 165 /28 - 123 /29 - 114 /30 - 116 /32 - 47 Continuing to see what I get... Tuc/TBOH