Welcome back for another episode of the ABC's of NSM.  What's NSM you say?  We'll go with Network and System Management, but you could throw Security in there as well.  We'll work our way through the alphabet over the next several weeks looking at tools and concepts along the way for all the administrators out abc_2_4 there.   By the way, you can thank Joe for the format & Don for the title (I  couldn't for the life of me come up with one.)   

Today's letter L is for Looking Glass.  A looking glass is a web front-end (or in some cases you are given direct access to a route server) for a provider's BGP routing table status.  The ping and traceroute tools are are usually provided as well for diagnostic purposes.  Take a look at the route information from a Qwest router in Atlanta for DevCentral.f5.com (65.61.115.213):

sh ip bgp 65.61.115.213
BGP routing table entry for 65.61.96.0/19, version 773024560
Paths: (2 available, best #2, table Default-IP-Routing-Table)
  Advertised to peer-groups:
     RESOLVER
  30340
    205.171.202.87 (metric 6624) from 205.171.0.150 (205.171.0.150)
      Origin IGP, metric 0, localpref 100, valid, internal
      Community: 209:209 209:11110
      Originator: 205.171.202.87, Cluster list: 205.171.0.149, 205.171.0.202, 205.171.200.55
  30340
    205.171.202.87 (metric 6624) from 205.171.0.149 (205.171.0.149)
      Origin IGP, metric 0, localpref 100, valid, internal, best
      Community: 209:209 209:11110
      Originator: 205.171.202.87, Cluster list: 205.171.0.149, 205.171.0.202, 205.171.200.55

 

Many things of interest in here.  You can see that the originator of the route is AS 30340, and that they must be peered with Qwest since there are no intermediary AS's.  You can also see that the IP subnet that DevCentral is a part of is also part of a much larger CIDR block being advertised to Qwest, which is good netizen behavior if there is no good reason for smaller advertisements as it keeps the routing tables, well, I was going to say small, but have you seen the routing table lately?  Back in '01 when I left the ISP arena, the routing table was around 95k routes, and now is just over 300k.  Taking full routes now requires some pretty serious RAM in your routing table if you want to converge in a reasonable fashion.  The communities present inthis route indicate that it belongs to a customer (209:209) and that the route is originating in the pacific standard timezone (209:11110).  Not all ISP's publish their routing policy, but I did find Qwest's community assignments here.  Also of interest in this output is that there are two paths within the Qwest network to the originating AS, the second chosen--with all other things being equal--because the IP address is lower.  Another great source for this type of information as mentioned above is a route server such as telnet://route-views.oregon-ix.net.   Servers such as these (most are actually routers) are peered with many providers so they have a full picture of many providers routing tables.  Here's an example of the DevCentral.f5.com route advertisement from route-views:

route-views.oregon-ix.net>sho ip bgp 65.61.96.0
BGP routing table entry for 65.61.96.0/19, version 11071841
Paths: (32 available, best #??, table Default-IP-Routing-Table)
  Not advertised to any peer
  3277 3267 9002 30340
    194.85.4.55 from 194.85.4.55 (194.85.4.16)
      Origin IGP, localpref 100, valid, external
      Community: 3277:3267 3277:65321 3277:65323
  812 6453 7018 30340
    64.71.255.61 from 64.71.255.61 (64.71.255.61)
      Origin IGP, localpref 100, valid, external
  6079 3356 7018 30340
    207.172.6.20 from 207.172.6.20 (207.172.6.20)
      Origin IGP, metric 0, localpref 100, valid, external
  7500 2497 209 30340
    202.249.2.86 from 202.249.2.86 (203.178.133.115)
      Origin IGP, localpref 100, valid, external
  6939 30340
    216.218.252.164 from 216.218.252.164 (216.218.252.164)
      Origin IGP, localpref 100, valid, external
  8075 30340
    207.46.32.34 from 207.46.32.34 (207.46.32.34)
      Origin IGP, localpref 100, valid, external
  3333 3356 7018 30340
    193.0.0.56 from 193.0.0.56 (193.0.0.56)
      Origin IGP, localpref 100, valid, external
  3257 209 30340
    89.149.178.10 from 89.149.178.10 (213.200.87.91)
      Origin IGP, metric 10, localpref 100, valid, external
      Community: 3257:8040 3257:30146 3257:50002 3257:51100 3257:51102
  2914 7018 30340
    129.250.0.171 from 129.250.0.171 (129.250.0.79)
      Origin IGP, metric 1, localpref 100, valid, external
      Community: 2914:420 2914:2000 2914:3000 65504:7018
  2905 701 7018 30340
    196.7.106.245 from 196.7.106.245 (196.7.106.245)
      Origin IGP, metric 0, localpref 100, valid, external
  1668 7018 30340
    66.185.128.48 from 66.185.128.48 (66.185.128.50)
      Origin IGP, metric 511, localpref 100, valid, external
  701 7018 30340
    157.130.10.233 from 157.130.10.233 (137.39.3.60)
      Origin IGP, localpref 100, valid, external
  12956 7018 30340
    213.140.32.146 from 213.140.32.146 (213.140.32.146)
      Origin IGP, localpref 100, valid, external
      Community: 12956:321 12956:4003 12956:4030 12956:4300 12956:18500 12956:28450 12956:28451
  852 209 30340
    154.11.98.225 from 154.11.98.225 (154.11.98.225)
      Origin IGP, metric 0, localpref 100, valid, external
      Community: 852:180
  852 209 30340
    154.11.11.113 from 154.11.11.113 (154.11.11.113)
      Origin IGP, metric 0, localpref 100, valid, external
      Community: 852:180
  6079 3356 7018 30340
    207.172.6.1 from 207.172.6.1 (207.172.6.1)
      Origin IGP, metric 0, localpref 100, valid, external
  6539 30340
    66.59.190.221 from 66.59.190.221 (66.59.190.221)
      Origin IGP, localpref 100, valid, external
  3356 7018 30340
    4.69.184.193 from 4.69.184.193 (4.68.3.50)
      Origin IGP, metric 0, localpref 100, valid, external
      Community: 3356:3 3356:22 3356:86 3356:575 3356:666 3356:2012
  2914 7018 30340
    129.250.0.11 from 129.250.0.11 (129.250.0.51)
      Origin IGP, metric 3, localpref 100, valid, external
      Community: 2914:420 2914:2000 2914:3000 65504:7018
  2828 30340 30340 30340 30340
    65.106.7.139 from 65.106.7.139 (66.239.189.139)
      Origin IGP, metric 3, localpref 100, valid, external
  16150 1239 209 30340
    217.75.96.60 from 217.75.96.60 (217.75.96.60)
      Origin IGP, metric 0, localpref 100, valid, external
      Community: 16150:290 16150:63392 16150:65321 16150:65326 16150:65422
  7660 2516 3549 30340 30340 30340 30340
    203.181.248.168 from 203.181.248.168 (203.181.248.168)
      Origin IGP, localpref 100, valid, external
      Community: 2516:1030
  3303 209 30340
    164.128.32.11 from 164.128.32.11 (164.128.32.11)
      Origin IGP, localpref 100, valid, external
      Community: 3303:1004 3303:1005
  286 209 30340
    134.222.87.1 from 134.222.87.1 (134.222.86.1)
      Origin IGP, localpref 100, valid, external
      Community: 286:18 286:19 286:28 286:29 286:49 286:800 286:888 286:3001
  6453 7018 30340
    195.219.96.239 from 195.219.96.239 (195.219.96.239)
      Origin IGP, localpref 100, valid, external
  1221 4637 209 30340
    203.62.252.186 from 203.62.252.186 (203.62.252.186)
      Origin IGP, localpref 100, valid, external
  3561 30340 30340 30340 30340
    206.24.210.100 from 206.24.210.100 (206.24.210.100)
      Origin IGP, localpref 100, valid, external
  2497 209 30340
    202.232.0.2 from 202.232.0.2 (202.232.0.2)
      Origin IGP, localpref 100, valid, external
  5459 2828 30340 30340 30340 30340
    195.66.232.239 from 195.66.232.239 (195.66.232.239)
      Origin IGP, localpref 100, valid, external
      Community: 5459:3 5459:60
  6453 209 30340
    207.45.223.244 from 207.45.223.244 (66.110.0.124)
      Origin IGP, localpref 100, valid, external
  3549 30340 30340 30340 30340
    208.51.134.254 from 208.51.134.254 (67.17.81.162)
      Origin IGP, metric 238, localpref 100, valid, external
      Community: 3549:4175 3549:8012 3549:8172 3549:8222 3549:8262 3549:30840
  7018 30340
    12.0.1.63 from 12.0.1.63 (12.0.1.63)
      Origin IGP, localpref 100, valid, external
      Community: 7018:2000

I removed the best path information from the output above, the first user to correctly identify the path and provide the explanation as to why will get a shout out in tomorrow's podcast!  Happy routing...

 

Follow me on Twitter Follow me on LinkedIn Follow me on Facebook