the most likely cause would be one of:
<items deleted for brevity>
(c) script used to configure router(s) adds a 'network' statement prior to trimming route-filters
Yeah, (c) seems most likely to me. Ratul, a script like this or some variant could cause what you are seeing: config-router# no neighbor <a> config-router# no neighbor <b> config-router# no neighbor <c> (script to rewrite filters executes) config-router# neighbor <a> remote-as <x> config-router# neighbor <a> remote-as <y> config-router# neighbor <a> remote-as <z> (sessions start coming up) config-router# neighbor <a> route-map <A> out config-router# neighbor <b> route-map <B> out config-router# neighbor <c> route-map <C> out config-router# Ctrl-Z # clear ip bgp external soft out Just guessing - you're seeing these events between midnight and 5 am?
At 01:10 PM 14/01/2002 -0800, Ratul Mahajan wrote:
to the best of my knowledge, here is what is happening.
1. router starts rebooting 2. there are routes in the routing table, some of which are not to be announce according to filters 3. bgp sessions comes up; the filters have not yet taken effect 4. start announcing routes 5. filters come up 6. the router realizes that it made a mistake and withdraws the routes not meant to be announced.
i should also point out that all such incident are not 1000 router. most of them are 20-50, but i have seen non-trivial number of ~100 prefixes, and a couple more than that.
-- ratul
On Mon, 14 Jan 2002, Ratul Mahajan wrote:
at university of washington, we are doing a measurement
misconfiguration (http://www.cs.washington.edu/homes/ratul/bgp/index.html).
one of the things we found is that there are a lot of announcements of more-specifics that come and go within a matter of 2-5 minutes.
by talking to the operators involved in these incidents, we found that most of these are caused when the router is rebooted (intentionally or not). while some operators were aware of this side effect, most were not, and were taken by surprise that they just injected anywhere from 1-1000 routes into BGP only to withdraw them a couple of minutes later.
i would like to understand this behavior better. is this behavior vendor-specific (cisco?) or pervasive? is there a configuration style that causes or avoids this "spill-over"?
my understanding is limited to this happens when the bgp session comes up too soon, before the filters have taken effect. could someone familiar with router internals shed some light on it?
the problem is limited to route origination only, or also
study of bgp propagation?
in other words, can a router propagate a route it should not while starting up because export filters are not yet in place?
never ever gotten my hands dirty into router configuration; your input would be invaluable.
thanks, -- ratul
Just guessing - you're seeing these events between midnight and 5 am?
Hm, couldn't reist this one: "which time zone"? Just hinting that even though it's that time interval in the US, local time is different in other places around the world, so if this is causing disturbance, others are probably being hit in their working hours. Besides, I was under the impression that to activate a new outbound roting policy on a Cisco, you could just modify / replace it, but that you would still have to do router#clear ip bgp xxx soft out to activate it. This means that the policy for an existing peer can be modified without having to remove the peering and reenable it shortly thereafter (something which would cause needless route flapping). Regards, - HÃ¥vard
participants (2)
-
Borchers, Mark
-
Havard Eidnes