Cisco BGP Toolkit - Examples


These examples were prepared using data captured on 14-Mar-2001 as indicated.  At that time, AS5089 was announcing the following aggregates:
62.252.0.0/14 151.212.0.0/16 163.164.0.0/16 194.168.0.0/16 212.3.160.0/19 212.21.0.0/19 212.82.0.0/19 212.91.0.0/19 212.121.0.0/19 212.129.64.0/24 212.250.0.0/16 213.104.0.0/14 217.22.0.1/32
It was also announcing the following subnets:
62.252.0.0/16 62.252.0.0/17 62.252.128.0/17 62.253.0.0/16 62.253.0.0/17 62.254.0.0/16 62.254.0.0/17 62.255.0.0/16 62.255.0.0/17 213.106.0.0/17
It's customers were:
5500: 192.153.153.0/24 195.206.192.0/19 195.206.192.0/24 195.206.193.0/24 195.206.194.0/24 195.206.195.0/24 195.206.196.0/24 195.206.197.0/24
9011: 212.100.0.0/19
12323: 195.182.160.0/19 212.43.160.0/19 212.59.96.0/19
15727: 217.22.0.0/20
15926: 217.12.32.0/20
15952: 217.67.128.0/20
16032: 212.108.64.0/19
and in turn, AS12323 had it's own customer:
12616: 212.67.192.0/19

This example shows the 'Standard Access-list' tool.  The access-list number defaults to 99 unless the 'List Number' field is defined and consists of 'deny' statements unless the 'ACL-Permits' option is selected.

Note: One or both of the 'Include-Self' and 'Customer-Recursive' options are necessary to generate any useful output.

Cisco BGP Toolkit
This tool generates fragments of BGP configuration using data from Internet routing tables captured on 14-Mar-2001 AS:
Tool
Options
Include-ThisAS Include-Subnets
ACL-Permits Customer-Recursive
List Number  Ranking-Filter
For suggested Martians use AS 0(zero)
Statics to Null0 Network Statements
Standard Access-list Extended Access-list
Prefix-list AS-Path list
You can edit the panel below before copying & pasting
If the 'ACL-Permits' option was selected, the output would be a list of 'permit' statements.
Options
Include-ThisAS Include-Subnets
ACL-Permits Customer-Recursive
List Number  Ranking-Filter
If the 'Include-Subnets' option was selected, the output would also include any subnets being announced by AS5089.
Options
Include-ThisAS Include-Subnets
ACL-Permits Customer-Recursive
List Number  Ranking-Filter
If the 'Customer-Recursive' option was selected, the output would contain all the aggregates of AS5089 and their customer networks.  The 'Ranking Filter' option ensures that as each customer is recursively expanded, they are only expanded if their connectivity ranking is equal or worst that the network being expanded.  This option allows the toolkit to handle network mis-configurations where customers network are incorrectly providing transit routing to one or more of their transit providers.  Further explanation of this feature is provided at the foot of this page.
Options
Include-ThisAS Include-Subnets
ACL-Permits Customer-Recursive
List Number  Ranking-Filter
If only the 'Customer-Recursive' option is selected, the list would consist only of customer aggregates:
Options
Include-ThisAS Include-Subnets
ACL-Permits Customer-Recursive
List Number  Ranking-Filter
If the 'Statics-to-Null0' tool is used with only the 'Include-ThisAS' option selected, the output would consist of static routes for each of AS5089's aggregates.  The 'ACL-Permits' option has no effect on the output of this tool, but the other options would affect the output in much the same way as described for the 'Standard Access-list' tool.
If the 'Network Statements' tool is used with only the 'Include-ThisAS' option selected, the output would consist of network statements for each of AS5089's aggregates.  The 'ACL-Permits' option has no effect on the output of this tool, but the other options would affect the output in much the same way as described for the 'Standard Access-list' tool.
If the 'Extended Access-list' tool is used with only the 'Include-ThisAS' option selected, the output would consist of filter statements for each of AS5089's aggregates.  All options would affect the output in much the same way as described for the 'Standard Access-list' tool and the access-list number defaults to 199 unless the 'List Number' field is defined.
If the 'Prefix-list' tool is used with only the 'Include-ThisAS' option selected, the output would consist of filter statements for each of AS5089's aggregates.  All options would affect the output in much the same way as described for the 'Standard Access-list' tool and the access-list number defaults to 199 unless the 'List Number' field is defined.
If the 'AS-Path list' tool is used with only the 'Include-ThisAS' option selected, the output would consist of filter statements for each of AS5089's aggregates.  All options would affect the output in much the same way as described for the 'Standard Access-list' tool and the access-list number defaults to 199 unless the 'List Number' field is defined.

It is unlikely that both line 2 & 3 would be pasted into the same router.  Line 2 would most likely be used on the router in AS5089, while line 3 would most likely be used on the router with a peering connection to AS5089.

A more likely use of the 'AS-Path list' tool would use both the 'Include-ThisAS' and 'Customer-Recursive' options.

 

Rank Filtering

While working with the routing data that we collect, we have encountered many situations where network mis-configuration results in incorrect transit routing.

For any given network, it's various peering relationships usually fall into one of the three categories: Transit, Free-Peering or Customer.

Transit relationships usually provide a path to every corner of the Internet, so if a customer network receives routes from one transit and forwards them to another transit this could result in major traffic flow between the transits across the customer network.

Free-Peering relationships usually provide a shortcut paths to between each other's own and customer networks only.  If a network received routes from  one free-peer and forwards them to another free-peer, the network could find itself being loaded with large chunks of it's neighboring networks traffic.

Customer relationships usually provide paths to the customers network and to any customers of the customer.  The routes received from one customer should be shared with other customers, free-peers and transits since that is what the customer relationship usually demands.  However, if a customer gives you routes received from another of it's transits, you could find yourself pushing large amount of your network traffic across his potentially small capacity.

When you configure your routing filters purely on the basis of what you can see through a network, you can find yourself suffering from mis-configurations which lead to the above.

In collecting the large amounts of raw routing information required by the various tools on this site, we have the means to calculate a connectivity index for each and every network on the Internet.  This allows to compare any two networks and assess which of the two is better connected to the rest of the Internet, and to make an calculated guess at the direction of each transit/customer relationship.  We can then use this to limit the customer recursion to those with worse connected networks.

When this 'Ranking-Filter' option is selected, all customer relationships are considered for expansion, even it they also appear to provide transit routing.  Without this option, all customer relationships are expanded except where they also provide transit routing.

If you haven't understood this explanation, we recommend that you set it the same as the 'Customer-Recursive' option.