Border Gateway Protocol Resources Mentioned in Matthews Book

I was pleased to see WAN protocols like Border Gateway Protocol (BGP) covered in Computer Networking: Internet Protocols in Action, especially since BGP traces appear on the book's CD. In conjunction with her BGP discussion, author Jeanna Matthews mentions BGP resources like traceroute.org, the University of Oregon Route Views Project, Merit Network's Routing Assets Database, and Looking Glass sites. I also found a Router Server Wiki and a Looking Glass Wiki.

A route server is a router which peers with BGP routers for the purpose of letting researchers and others look at routing tables. For example, if one connects to a route server, you may be able to get a BGP summary like this:

route-server>sh ip bgp summary
BGP router identifier 12.129.193.235, local AS number 1838
BGP table version is 4152117, main routing table version 4152117
153391 network entries and 306780 paths using 28990811 bytes of memory
56813 BGP path attribute entries using 3182032 bytes of memory
28694 BGP AS-PATH entries using 820436 bytes of memory
21 BGP community entries using 520 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP activity 370101/893167614 prefixes, 830387/523607 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
12.129.192.1 4 17233 1504269 122790 4152117 0 0 6w0d 153390
12.129.192.2 4 17233 1599161 122790 4152117 0 0 6w0d 153390
134.24.13.2 4 64512 36971 443590 0 0 0 4w1d Active

A Looking Glass is an interface that allows a researcher or others to see advertised routes to reach a specified IP. For example, visit the Qwest Looking Glass and see how to reach 207.46.250.252 (origin2.microsoft.com). Here are the results:

Route info for 207.46.250.252 from Atlanta

sh ip bgp 207.46.250.252
BGP routing table entry for 207.46.192.0/18, version 95828332
Paths: (3 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
8075 8070
205.171.3.177 (metric 8163) from 205.171.0.149 (205.171.0.149)
Origin IGP, metric 601, localpref 80, valid, internal, best
Community: 209:888 209:889
Originator: 205.171.3.177, Cluster list: 205.171.0.149, 205.171.200.41
8075 8070
205.171.3.177 (metric 8163) from 205.171.0.151 (205.171.0.151)
Origin IGP, metric 601, localpref 80, valid, internal
Community: 209:888 209:889
Originator: 205.171.3.177, Cluster list: 205.171.0.149, 205.171.200.41
8075 8070
205.171.3.177 (metric 8163) from 205.171.0.150 (205.171.0.150)
Origin IGP, metric 601, localpref 80, valid, internal
Community: 209:888 209:889
Originator: 205.171.3.177, Cluster list: 205.171.0.149, 205.171.200.41

Using the route server we queried earlier, we get that system's perspective on reaching 207.46.250.252:

route-server>sh ip bgp 207.46.250.252
BGP routing table entry for 207.46.192.0/18, version 110936
Paths: (2 available, best #2, table Default-IP-Routing-Table)
Not advertised to any peer
17233 7018 8075 8070, (received & used)
12.129.192.2 from 12.129.192.2 (12.129.192.2)
Origin IGP, localpref 100, valid, external
Community: 7018:5000 17233:666 17233:1002 17233:7018
17233 7018 8075 8070, (received & used)
12.129.192.1 from 12.129.192.1 (12.129.192.1)
Origin IGP, localpref 100, valid, external, best
Community: 7018:5000 17233:666 17233:1001 17233:7018

Possibly one of the coolest sites I've seen is BGPlay. As the site describes itself, "BGPlay is a Java application which displays animated graphs of the routing activity of a certain prefix within a specified time interval. Its graphical nature makes it much easier to understand how BGP updates affect the routing of a specific prefix than by analyzing the updates themselves." If you want to see how BGP and the "Big Internet" works, try out this Java applet in a Java-enabled browser.

Ref: Who owns an autonomous system number.

Comments

Anonymous said…
Richard,
You can play with OpenBGPD too, :)

OpenBGPD
www.openbgpd.org

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics