posted on Wednesday, March 04, 2009 10:34 AM
Welcome back for another episode of the ABC's of NSM. What's NSM you say? We'll go with Network and System Management, but you could throw Security in there as well. We'll work our way through the alphabet over the next several weeks looking at tools and concepts along the way for all the administrators out 
there. By the way, you can thank Joe for the format & Don for the title (I couldn't for the life of me come up with one.)
Today's letter L is for Looking Glass. A looking glass is a web front-end (or in some cases you are given direct access to a route server) for a provider's BGP routing table status. The ping and traceroute tools are are usually provided as well for diagnostic purposes. Take a look at the route information from a Qwest router in Atlanta for DevCentral.f5.com (65.61.115.213):
sh ip bgp 65.61.115.213
BGP routing table entry for 65.61.96.0/19, version 773024560
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Advertised to peer-groups:
RESOLVER
30340
205.171.202.87 (metric 6624) from 205.171.0.150 (205.171.0.150)
Origin IGP, metric 0, localpref 100, valid, internal
Community: 209:209 209:11110
Originator: 205.171.202.87, Cluster list: 205.171.0.149, 205.171.0.202, 205.171.200.55
30340
205.171.202.87 (metric 6624) from 205.171.0.149 (205.171.0.149)
Origin IGP, metric 0, localpref 100, valid, internal, best
Community: 209:209 209:11110
Originator: 205.171.202.87, Cluster list: 205.171.0.149, 205.171.0.202, 205.171.200.55
Many things of interest in here. You can see that the originator of the route is AS 30340, and that they must be peered with Qwest since there are no intermediary AS's. You can also see that the IP subnet that DevCentral is a part of is also part of a much larger CIDR block being advertised to Qwest, which is good netizen behavior if there is no good reason for smaller advertisements as it keeps the routing tables, well, I was going to say small, but have you seen the routing table lately? Back in '01 when I left the ISP arena, the routing table was around 95k routes, and now is just over 300k. Taking full routes now requires some pretty serious RAM in your routing table if you want to converge in a reasonable fashion. The communities present inthis route indicate that it belongs to a customer (209:209) and that the route is originating in the pacific standard timezone (209:11110). Not all ISP's publish their routing policy, but I did find Qwest's community assignments here. Also of interest in this output is that there are two paths within the Qwest network to the originating AS, the second chosen--with all other things being equal--because the IP address is lower. Another great source for this type of information as mentioned above is a route server such as telnet://route-views.oregon-ix.net. Servers such as these (most are actually routers) are peered with many providers so they have a full picture of many providers routing tables. Here's an example of the DevCentral.f5.com route advertisement from route-views:
route-views.oregon-ix.net>sho ip bgp 65.61.96.0
BGP routing table entry for 65.61.96.0/19, version 11071841
Paths: (32 available, best #??, table Default-IP-Routing-Table)
Not advertised to any peer
3277 3267 9002 30340
194.85.4.55 from 194.85.4.55 (194.85.4.16)
Origin IGP, localpref 100, valid, external
Community: 3277:3267 3277:65321 3277:65323
812 6453 7018 30340
64.71.255.61 from 64.71.255.61 (64.71.255.61)
Origin IGP, localpref 100, valid, external
6079 3356 7018 30340
207.172.6.20 from 207.172.6.20 (207.172.6.20)
Origin IGP, metric 0, localpref 100, valid, external
7500 2497 209 30340
202.249.2.86 from 202.249.2.86 (203.178.133.115)
Origin IGP, localpref 100, valid, external
6939 30340
216.218.252.164 from 216.218.252.164 (216.218.252.164)
Origin IGP, localpref 100, valid, external
8075 30340
207.46.32.34 from 207.46.32.34 (207.46.32.34)
Origin IGP, localpref 100, valid, external
3333 3356 7018 30340
193.0.0.56 from 193.0.0.56 (193.0.0.56)
Origin IGP, localpref 100, valid, external
3257 209 30340
89.149.178.10 from 89.149.178.10 (213.200.87.91)
Origin IGP, metric 10, localpref 100, valid, external
Community: 3257:8040 3257:30146 3257:50002 3257:51100 3257:51102
2914 7018 30340
129.250.0.171 from 129.250.0.171 (129.250.0.79)
Origin IGP, metric 1, localpref 100, valid, external
Community: 2914:420 2914:2000 2914:3000 65504:7018
2905 701 7018 30340
196.7.106.245 from 196.7.106.245 (196.7.106.245)
Origin IGP, metric 0, localpref 100, valid, external
1668 7018 30340
66.185.128.48 from 66.185.128.48 (66.185.128.50)
Origin IGP, metric 511, localpref 100, valid, external
701 7018 30340
157.130.10.233 from 157.130.10.233 (137.39.3.60)
Origin IGP, localpref 100, valid, external
12956 7018 30340
213.140.32.146 from 213.140.32.146 (213.140.32.146)
Origin IGP, localpref 100, valid, external
Community: 12956:321 12956:4003 12956:4030 12956:4300 12956:18500 12956:28450 12956:28451
852 209 30340
154.11.98.225 from 154.11.98.225 (154.11.98.225)
Origin IGP, metric 0, localpref 100, valid, external
Community: 852:180
852 209 30340
154.11.11.113 from 154.11.11.113 (154.11.11.113)
Origin IGP, metric 0, localpref 100, valid, external
Community: 852:180
6079 3356 7018 30340
207.172.6.1 from 207.172.6.1 (207.172.6.1)
Origin IGP, metric 0, localpref 100, valid, external
6539 30340
66.59.190.221 from 66.59.190.221 (66.59.190.221)
Origin IGP, localpref 100, valid, external
3356 7018 30340
4.69.184.193 from 4.69.184.193 (4.68.3.50)
Origin IGP, metric 0, localpref 100, valid, external
Community: 3356:3 3356:22 3356:86 3356:575 3356:666 3356:2012
2914 7018 30340
129.250.0.11 from 129.250.0.11 (129.250.0.51)
Origin IGP, metric 3, localpref 100, valid, external
Community: 2914:420 2914:2000 2914:3000 65504:7018
2828 30340 30340 30340 30340
65.106.7.139 from 65.106.7.139 (66.239.189.139)
Origin IGP, metric 3, localpref 100, valid, external
16150 1239 209 30340
217.75.96.60 from 217.75.96.60 (217.75.96.60)
Origin IGP, metric 0, localpref 100, valid, external
Community: 16150:290 16150:63392 16150:65321 16150:65326 16150:65422
7660 2516 3549 30340 30340 30340 30340
203.181.248.168 from 203.181.248.168 (203.181.248.168)
Origin IGP, localpref 100, valid, external
Community: 2516:1030
3303 209 30340
164.128.32.11 from 164.128.32.11 (164.128.32.11)
Origin IGP, localpref 100, valid, external
Community: 3303:1004 3303:1005
286 209 30340
134.222.87.1 from 134.222.87.1 (134.222.86.1)
Origin IGP, localpref 100, valid, external
Community: 286:18 286:19 286:28 286:29 286:49 286:800 286:888 286:3001
6453 7018 30340
195.219.96.239 from 195.219.96.239 (195.219.96.239)
Origin IGP, localpref 100, valid, external
1221 4637 209 30340
203.62.252.186 from 203.62.252.186 (203.62.252.186)
Origin IGP, localpref 100, valid, external
3561 30340 30340 30340 30340
206.24.210.100 from 206.24.210.100 (206.24.210.100)
Origin IGP, localpref 100, valid, external
2497 209 30340
202.232.0.2 from 202.232.0.2 (202.232.0.2)
Origin IGP, localpref 100, valid, external
5459 2828 30340 30340 30340 30340
195.66.232.239 from 195.66.232.239 (195.66.232.239)
Origin IGP, localpref 100, valid, external
Community: 5459:3 5459:60
6453 209 30340
207.45.223.244 from 207.45.223.244 (66.110.0.124)
Origin IGP, localpref 100, valid, external
3549 30340 30340 30340 30340
208.51.134.254 from 208.51.134.254 (67.17.81.162)
Origin IGP, metric 238, localpref 100, valid, external
Community: 3549:4175 3549:8012 3549:8172 3549:8222 3549:8262 3549:30840
7018 30340
12.0.1.63 from 12.0.1.63 (12.0.1.63)
Origin IGP, localpref 100, valid, external
Community: 7018:2000
I removed the best path information from the output above, the first user to correctly identify the path and provide the explanation as to why will get a shout out in tomorrow's podcast! Happy routing...
