Sorry for waking you all before breakfast, but is anyone else seeing ~5000 more routes than normal this morning ? Just a sample of some unusually long ASPaths I'm seeing here Jun 11 10:03:41 BGP RECV flags 0x40 code ASPath(2): 174 2041 3789 1323 1323 1323 1323 1323 1323 1673 1239 1792 2907 2498 Jun 11 10:03:41 BGP RECV flags 0x40 code ASPath(2): 174 2041 3789 5646 1793 1239 3561 4574 Jun 11 10:05:45 BGP RECV flags 0x40 code ASPath(2): 174 2041 3789 1323 1323 1323 1323 1323 1323 1673 3561 577 549 Jun 11 09:57:59 BGP RECV flags 0x40 code ASPath(2): 174 2041 3789 1323 1323 1323 1323 1323 1323 1673 5378 5459 (and it isn't just PSI we're seeing these from, just that that was the log I looked in. 2041 3789 seems a common factor though. ) GateD-beech.router.demon.net> show ip routes 100 IP radix tree: 97679 nodes, 50773 routes GateD-beech.router.demon.net> This is looking horribly familiar. Regards, Andrew -- Andrew Bangs, Senior Systems Administrator, Demon Internet Ltd andrewb@demon.net http://www.demon.net/ http://www.demon.nl/
Yes, I'm seeing about 49.000 routes, when I used to see 44.000. No idea where they come from :-0 On Wed, 11 Jun 1997, Andrew Bangs wrote:
Sorry for waking you all before breakfast, but is anyone else seeing ~5000 more routes than normal this morning ?
Just a sample of some unusually long ASPaths I'm seeing here
Jun 11 10:03:41 BGP RECV flags 0x40 code ASPath(2): 174 2041 3789 1323 1323 1323 1323 1323 1323 1673 1239 1792 2907 2498
Jun 11 10:03:41 BGP RECV flags 0x40 code ASPath(2): 174 2041 3789 5646 1793 1239 3561 4574
Jun 11 10:05:45 BGP RECV flags 0x40 code ASPath(2): 174 2041 3789 1323 1323 1323 1323 1323 1323 1673 3561 577 549
Jun 11 09:57:59 BGP RECV flags 0x40 code ASPath(2): 174 2041 3789 1323 1323 1323 1323 1323 1323 1673 5378 5459
(and it isn't just PSI we're seeing these from, just that that was the log I looked in. 2041 3789 seems a common factor though. )
GateD-beech.router.demon.net> show ip routes 100 IP radix tree: 97679 nodes, 50773 routes GateD-beech.router.demon.net>
This is looking horribly familiar.
Regards, Andrew -- Andrew Bangs, Senior Systems Administrator, Demon Internet Ltd andrewb@demon.net http://www.demon.net/ http://www.demon.nl/
----------------------------------------------------------------------------- Nombre/Name: Javier Gonzalez Vela. Empresa/Company: Telefonica Transmision de Datos // IBERNET E-mail: jgonz@ibernet.es Telefono/Phone: + 34 1 584 08 18 Fax: + 34 1 523 44 99 -----------------------------------------------------------------------------
Sorry for waking you all before breakfast, but is anyone else seeing ~5000 more routes than normal this morning ?
Just a sample of some unusually long ASPaths I'm seeing here
There appear to be two leaks going on, one of which has cleared up in the most part. The first is AS3789 leaking full routing to CRL, who are passing it on. The next is AS3352 & AS4495 leaking a full UUnet table through AS3262 into GSL (AS4000). If you try really hard, you can find a prefered route which has both these routes in. For instance I pity the owner of the following class B (Olivetti): *>i129.211.0.0 194.68.130.50 100 0 4000 3262 4495 701 1280 2041 3789 1323 1323 1323 1323 1323 1323 1673 4200 5672 i Who are transitted through GSL, some of Europe, UUnet, Sprint, CRL, Internet Access, ANS, AGIS all in sequence. European leak people copied - I've already mailed the CRL lot. Alex Bligh Xara Networks
Howdy, Does anyone know of any good IP monitoring tools that can log/monitor the TYPES of IP traffic going across your netowork (ie: one that logs tcp/udp and esp port numbers/types of traffic)? Something that could query a router would be nice, although I am unaware of any routers that support such a feature. Even something that you could put on a box on the same ethernet subnet would do the job. I'm curious as to the types of traffic our customers are pushing as I am attempting to better analyze our usage. Thanks. ----------------------------------------------------------------- Bruce Potter Internet Alaska, Inc. gdead@alaska.net Grateful Admin InterNIC Handle: BGP4 ;-) PGP Public Key: http://www.alaska.net/~gdead/gdead.asc Key ID: 1024/F12AC0B1 -----------------------------------------------------------------
A Network General sniffer will do this for you, and it's a really nice (read expensive) piece of equipment to have. They go for around $26,000 (someone correct me if I'm wrong... I've never bought one myself). If that's out of your price range, there's always sniffer software for your platform/os. Also, there's a piece of software for sys V/solaris (forget which one) that will show you the types of network connections between machines on your network that runs in X/openwin. I didn't work with the program directly, but it laid everything out in a nice chart, and showed the whole range of traffic types (udp/tcp/etc.)... I'm sure someone on the list knows the name of it... Joe Shaw - jshaw@insync.net NetAdmin - Insync Internet Services On Tue, 24 Jun 1997, Bruce Potter wrote:
Howdy, Does anyone know of any good IP monitoring tools that can log/monitor the TYPES of IP traffic going across your netowork (ie: one that logs tcp/udp and esp port numbers/types of traffic)? Something that could query a router would be nice, although I am unaware of any routers that support such a feature. Even something that you could put on a box on the same ethernet subnet would do the job. I'm curious as to the types of traffic our customers are pushing as I am attempting to better analyze our usage.
Thanks.
----------------------------------------------------------------- Bruce Potter Internet Alaska, Inc. gdead@alaska.net Grateful Admin InterNIC Handle: BGP4 ;-) PGP Public Key: http://www.alaska.net/~gdead/gdead.asc Key ID: 1024/F12AC0B1 -----------------------------------------------------------------
Joe Shaw writes:
A Network General sniffer will do this for you, and it's a really nice (read expensive) piece of equipment to have. They go for around $26,000 (someone correct me if I'm wrong... I've never bought one myself).
tcpdump on a cheap NetBSD/FreeBSD/BSDI box (even an old 486 will do just fine) will easily keep up with all of your ethernet traffic, and its free, not $26,000. Its also VERY flexible -- I've never needed anything else. Best to do this on a box that does native BPF, though (asn an example SunOS does not do BPF and NIT can't handle the traffic without dropping most stuff). Perry
anything else. Best to do this on a box that does native BPF, though (asn an example SunOS does not do BPF and NIT can't handle the traffic without dropping most stuff).
BPF support for SunOS has been avaialable for years. At the present time, it is distributed as part of the ipmulti distribution (ftp://ftp.parc.xerox.com:/pub/net-research/ipmulti), and I believe that the LBL bpf distribution includes SunOS kernel .o files (ftp://ftp.ee.lbl.gov:/bpf.tar.Z). --jhawk
John Hawkinson writes:
anything else. Best to do this on a box that does native BPF, though (asn an example SunOS does not do BPF and NIT can't handle the traffic without dropping most stuff).
BPF support for SunOS has been avaialable for years.
At the present time, it is distributed as part of the ipmulti distribution (ftp://ftp.parc.xerox.com:/pub/net-research/ipmulti), and I believe that the LBL bpf distribution includes SunOS kernel .o files (ftp://ftp.ee.lbl.gov:/bpf.tar.Z).
Yes, I know, but it doesn't ship with SunOS. You are, of course, correct that you can add it with a little help from the net. It is very important to use BPF instead of NIT and its Solaris replacement (the name escapes me) if you expect to be able to keep up while monitoring the network. I've been able to record all the traffic on ethernets using even ancient slow PCs without dropping more than a trivial number of packets with BPF -- I've been unable to get even fast Suns to keep up with an ethernet. Perry
Cisco's Netflow will do the trick. sh ip cache flow (once you've enabled netflow on your interface desired) rob
Howdy, Does anyone know of any good IP monitoring tools that can log/monitor the TYPES of IP traffic going across your netowork (ie: one that logs tcp/udp and esp port numbers/types of traffic)? Something that could query a router would be nice, although I am unaware of any routers that support such a feature. Even something that you could put on a box on the same ethernet subnet would do the job. I'm curious as to the types of traffic our customers are pushing as I am attempting to better analyze our usage.
Thanks.
----------------------------------------------------------------- Bruce Potter Internet Alaska, Inc. gdead@alaska.net Grateful Admin InterNIC Handle: BGP4 ;-) PGP Public Key: http://www.alaska.net/~gdead/gdead.asc Key ID: 1024/F12AC0B1 -----------------------------------------------------------------
Howdy, Does anyone know of any good IP monitoring tools that can log/monitor the TYPES of IP traffic going across your netowork (ie: one that logs tcp/udp and esp port numbers/types of traffic)? Something that could query a router
The "etherman" tool suite out of Curtin University in Austalia is a free start.
would be nice, although I am unaware of any routers that support such a feature.
I just recently snagged MRTG, a freeware SMNP package that will poll a router allowing snmp access. It seems like a simple traffic monitoring/averaging/history program that is too simple to use, but provides easy to understand information in a visual context. Cisco's are really easy to configure for snmp polling by MRTG. I'm sorry I can't post the ftp sites. Can't think of them off the top of my head and too late to search. Apologies. Maybe someone else knows firsthand? Regards, -- Martin Hannigan (hannigan@firefly.net) Voice: 617.528.1099 Firefly Network, Inc. - Network Operations Network Engineer www.firefly.net Semper Cabalis
On Wed, 25 Jun 1997, Martin J. Hannigan wrote:
I just recently snagged MRTG, a freeware SMNP package that will poll a router allowing snmp access. It seems like a simple traffic monitoring/averaging/history program that is too simple to use, but provides easy to understand information in a visual context. Cisco's are really easy to configure for snmp polling by MRTG.
I'm sorry I can't post the ftp sites. Can't think of them off the top of my head and too late to search. Apologies. Maybe someone else knows firsthand?
http://www.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html -- John-David Childs (JC612) @denver.net/Internet-Coach System Administrator Enterprise Internet Solutions & Network Engineer 901 E 17th Ave, Denver 80218 "I used up all my sick days... so I'm calling in dead!"
On Wed, 25 Jun 1997, Martin J. Hannigan wrote:
I'm sorry I can't post the ftp sites. Can't think of them off the top of my head and too late to search. Apologies. Maybe someone else knows firsthand?
MRTG is available at: http://www.ee.ethz.ch/~oetiker/webtools/mrtg/mrtg.html. MRTG requires perl5 and the GD Graphics Library which can be found at http://www.boutell.com/gd. Very easy to use, and quite a lot you can get out of it, although it really only shows the amount of traffic on a network, not the specific types of traffic that are going through link. MRTG also has a mailing list, which can be subscribed to by sending mail to mrtg-request@list.ee.ethz.ch with "subscribe" as the subject. Also, if it's still on the shelves, Linux Journal did a great story on Network monitoring tools in the June 1997 issue.
Martin Hannigan (hannigan@firefly.net) Voice: 617.528.1099
Joe Shaw - jshaw@insync.net NetAdmin - Insync Internet Services
MRTG requires perl5 and the GD Graphics Library which can be found at http://www.boutell.com/gd. Very easy to use, and quite a lot you can get out of it, although it really only shows the amount of traffic on a network, not the specific types of traffic that are going through link.
MRTG has its limitations but it is not so bad and is definitely easy to use. It is set up to graph two variables on the same axis, being designed just for traffic monitoring; but of course you can do single-variable graphs by setting them both the same, or one to zero. SNMP queries are done internally and it has hooks to query other things as well. You'll probably want to set `WithPeak' and `Options: bits'. It's also a good idea to write some m4 macros to generate the mrtg.cfg once you decide how you want the output to look. It's not the ultimate graphing program but it's free and easy and you'll have it up fast until when and if you can get the ultimate graphing program running. Works well enough. -- Shields, CrossLink.
participants (11)
-
Alex.Bligh
-
Andrew Bangs
-
Bruce Potter
-
Javier Gonzalez
-
Joe Shaw
-
John Hawkinson
-
John-David Childs
-
Martin J. Hannigan
-
Perry E. Metzger
-
Robert Bowman
-
shields@crosslink.net