Determine difference between 2 BGP feeds

Hi,

	Thanks for all the replies! I've consolidated them here
hoping to save 
some noise....

> From: Bill Nash <billnodyssey.billn.net>

>Were I faced with this reporting equirement on an
on-going basis, I'd 
>suggest establishing a read-only BGP peer with both
devices and comparing 
>directly. I've got a perl BGP peering daemon that feeds
and maintains a 
>mirror of the BGP routing table into SQL, applying
updates and withdrawals 
>as they come in. Setting up something similar, and
adding some additional 
>metrics to keep entries unique by peer source would
facilitate your end 
>goal with simple SQL grouping mechanics.

	This is an idea, thank you. I was hoping for something that
would
be a bit more "smarter" than BGP . What I was
looking for would be something
that could say :

	Router A has route 216.231.96.0/24, 216.231.97.0/24, (etc)
while
Router B has 216.231.96.0/19
	Router B has the following /30's :
		A.B.C.D, E.F.G.H, I.J.K.L
	Router A has 216.231.96.0/24, 216.231.97.0/24, but Router B
has
a route of 216.231.96.0/19 but none of the other /24's.


> From: Richard A Steenbergen <rase-gerbil.net>

>This is actually fairly common. There are a lot of folks
out there who 
>announce more specifics to one network but not another,
or who apply no 
>export or limited export community tags in various
places. Also, every 
>network has a different filter policy of what they will
and won't accept.
>
	I understood that this happened, but didn't think it could
account
for 3K to 10K routes. Guess it can. 

>FWIW my "exported to bgp speaking customers"
count at this moment is 
>182525.

	Thats in line with the CIDR report, and I wouldn't mind.

>I wouldn't get concerned about it unless the network
with more 
>prefixes is doing something absurdly stupid like sending
you internal /30s 
>and such (which, well, a lot of people do :P). It could
also be something 
>like peers agreeing to traffic engineer by sending each
other more 
>specifics w/meds, though if they were smart they would
be doing that with 
>no-export so as to not make your TE job more difficult.

	Thats what I'm hoping to find out. 
>
>If you really want 
>to compare the differences, try something like:
>
>telnet yourrouter | tee outputfile
>term length 0
>sh ip bgp nei x.x.x.x received-routes
>quit
>
>Followed by 30 secs with awk(1), cut(1), diff(1), etc.
For floundry, 
>something dirt simple like "grep / | awk '{ print
$2 }'" should do the 
>trick.
>

	(See above what I was looking for the output, but again,
something
to start with, thanks!)

> From: mdLinux.IT (Marco d'Itri)

>On Apr 18, Scott Tuc Ellentuch at T-B-O-H <mlt-b-o-h.net> wrote:
>
>> 	Is there a utility that I can use that will pull
the
>> routes off each router (Foundry preferred), and
then compare 
>> them as best it can to see why there is such a
difference? 
>I have one, but it's cisco-specific:
>
>h
ttp://www.bofh.it/~md/software/cisco-tools-0.2.tgz (the
dumppeers script)
>

himinbjorg# fetch h
ttp://www.bofh.it/~md/software/cisco-tools-0.2.tgz
fetch: ultradns.net>

>On Tue, 18 Apr 2006 16:13:12 -0400 (EDT)
>Scott "Tuc" Ellentuch at T-B-O-H <mlt-b-o-h.net> wrote:
>
>> 	Is there a utility that I can use that will pull
the
>> routes off each router (Foundry preferred), and
then compare 
>> them as best it can to see why there is such a
difference? 
>
>I don't know anything about foundry, but if you can
simply display
>the routing table from a terminal, you can go the hacky
unix cli
>tool way.  For example, use 'script' to log your
terminal session
>to a file, then presuming you can show the route table
and each
>route includes a 'via upstream-address-line' line for
each route
>(completely untested and I'm sure someone could come up
with
>something much simpler and better):
>
>  grep 'via upstream?' script > upstream?
>  perl -ne 'print "$1\n" if
/(\d{1,3}(?:\.\d{1,3})\/\d{1,3})/' upstream? |
>     sort > upstream?.sored
>  comm -23 upstream1.txt upstream2.txt
>  comm -13 upstream1.txt upstream2.txt
>

	Thanks!


> From: Warren krishnai <warrenkrishnai.net>

>On Apr 18, 2006, at 1:19 PM, Mike Walter wrote:
>
>>
>> Sounds to me like one of your providers is not
feeding you the full
>> internet routing table.  Have you checked with them
to see if they are
>> providing you that?
>
>Sounds to me like a: you are only looking at best routes
or b: one of  
>the providers is sending you more specific customer
routes (that they  
>summarize before sending to non-customers).
>
>Personally I would just slurp one set of routes into an
array in perl  
>and then delete them if they appear in the other set.
Any left over  
>in either set are unique....
>
	It wouldn't take aggregate differences into account.

> From: "Majdi S. Abbas" <msalatt.net>

>> 	We receive a BGP feed from different providers on
two 
>> different routers. While one seems to be a
reasonable amount
>> of feeds after reviewing the CIDR report, the other
is anywhere
>> from 3K to 10K more routes. 
>> 
>> 		Thanks, Tuc/TBOH
>-snip-
>
>	I refer both of you to the following message that I
posted a 
>few years ago, rather than restate it all:
>
>	http://www.merit.edu/mail.archives/nanog/2001-02/m
sg00347.html
>
>	Hope this helps.
>
>	--msa

	No, I agree, I don't think I'm MISSING, just want to know
what
the differences are to see why there is such a disparity.
Maybe I need
to get the provider to filter or change communities, etc.

------------------------------------------------------------
----------

	Thanks everyone!

			Tuc/TBOH