the most likely cause would be one of:
<items deleted for brevity>
(c) script used to configure router(s) adds a 'network' statement prior to trimming route-filters
Yeah, (c) seems most likely to me. Ratul, a script like this or some variant could cause what you are seeing: config-router# no neighbor <a> config-router# no neighbor <b> config-router# no neighbor <c> (script to rewrite filters executes) config-router# neighbor <a> remote-as <x> config-router# neighbor <a> remote-as <y> config-router# neighbor <a> remote-as <z> (sessions start coming up) config-router# neighbor <a> route-map <A> out config-router# neighbor <b> route-map <B> out config-router# neighbor <c> route-map <C> out config-router# Ctrl-Z # clear ip bgp external soft out Just guessing - you're seeing these events between midnight and 5 am?
At 01:10 PM 14/01/2002 -0800, Ratul Mahajan wrote:
to the best of my knowledge, here is what is happening.
1. router starts rebooting 2. there are routes in the routing table, some of which are not to be announce according to filters 3. bgp sessions comes up; the filters have not yet taken effect 4. start announcing routes 5. filters come up 6. the router realizes that it made a mistake and withdraws the routes not meant to be announced.
i should also point out that all such incident are not 1000 router. most of them are 20-50, but i have seen non-trivial number of ~100 prefixes, and a couple more than that.
-- ratul
On Mon, 14 Jan 2002, Ratul Mahajan wrote:
at university of washington, we are doing a measurement
misconfiguration (http://www.cs.washington.edu/homes/ratul/bgp/index.html).
one of the things we found is that there are a lot of announcements of more-specifics that come and go within a matter of 2-5 minutes.
by talking to the operators involved in these incidents, we found that most of these are caused when the router is rebooted (intentionally or not). while some operators were aware of this side effect, most were not, and were taken by surprise that they just injected anywhere from 1-1000 routes into BGP only to withdraw them a couple of minutes later.
i would like to understand this behavior better. is this behavior vendor-specific (cisco?) or pervasive? is there a configuration style that causes or avoids this "spill-over"?
my understanding is limited to this happens when the bgp session comes up too soon, before the filters have taken effect. could someone familiar with router internals shed some light on it?
the problem is limited to route origination only, or also
study of bgp propagation?
in other words, can a router propagate a route it should not while starting up because export filters are not yet in place?
never ever gotten my hands dirty into router configuration; your input would be invaluable.
thanks, -- ratul