[HN Gopher] A Day in the Life: The Global BGP Table
___________________________________________________________________
A Day in the Life: The Global BGP Table
Author : gjf
Score : 176 points
Date : 2024-11-25 05:41 UTC (17 hours ago)
(HTM) web link (articles.foletta.org)
(TXT) w3m dump (articles.foletta.org)
| CJefferson wrote:
| I learnt quite a few things I didn't know about BGP from this
| article, probably most interesting how chaotic it is!
|
| I'd definitely be interested to read some follow-ups, diving into
| more details.
| throw0101a wrote:
| If anyone wants to learn about BGP (especially day-to-day stuff
| for peering scenarios), the Network Startup Resource Center out
| of U.Oregon has a good series of videos going through things:
|
| * https://learn.nsrc.org/bgp
| kortilla wrote:
| Nice article.
|
| That flapping from EpicUp 140.99.244.0/23 prefix should have been
| subject to route dampening. This is per peer or per prefix rate
| limiting typically enforced on all peers by ISPs to prevent this
| exact issue of a single prefix making up a significant portion of
| the global BGP churn.
|
| I'm unconvinced of the correlation between the updates that the
| author attributed to knock on effects. It would be pretty janky
| to have your advertisements be based on the path to other
| autonomous systems' prefixes, especially unstable ones.
|
| I don't think there is a 40 minute periodicity either (at least
| there wasn't 8 years ago when I was deep in the BGP world).
| Smells like what this dataset happened to show either by luck or
| because of the network the author was getting the BGP feed from.
|
| If you dig into the data and look at which AS's and prefixes are
| experiencing changes, you'll find it's all over the place and
| there isn't really any bigger pattern.
|
| On any given day there are usually a few noisy ISPs because of
| bad circuits or misconfigurations. Then there are new prefixes
| flapping in and out as a new thing is brought online for the
| first time, etc. Then sprinkle in path changes for regular
| draining maintenance, etc.
|
| It's simultaneously both fascinating and a little horrifying how
| a little ISP in Kansas experiencing a fiber consuming backhoe
| shows up on routers in Perth. Yet the frequency of updates is
| kept to <10hz globally through tons of hand tuned policies.
| benjojo12 wrote:
| Route dampening has mostly fallen out of fashion with networks
| these days.
|
| Most setups were horribly misconfigured and (most) routers are
| no longer extremely CPU starved as they once were, That doesn't
| mean that it does not still exist of course, when I did bgp
| battleships ( https://blog.benjojo.co.uk/post/bgp-battleships )
| I found that 3356 (at the time) was doing route dampening, so
| play had to be paused for a while.
| kortilla wrote:
| That seems crazy to me. What guardrails are there against a
| single hacked router pumping 10000 path changes/sec?
| gjf wrote:
| The direct peering to the router is likely going to have a
| bad time, but route advertisement interval I mention in the
| article is going to coalesce all of those updates together.
| Downstream peers would only see the one update every 30
| seconds (or so).
| nhggfu wrote:
| /me thinks to himself : real nice font on that page
| zokier wrote:
| What is the easiest way for average joe to get hands on BGP data?
| If I wanted to try do similar analysis and don't happen to have a
| friend at ISP.
| throw0101a wrote:
| * http://archive.routeviews.org
|
| * https://www.ripe.net/analyse/internet-
| measurements/routing-i...
|
| * https://lukasz.bromirski.net/post/bgp-w-labie-3/
| mike_d wrote:
| I have had a project on the back burner for about a year now to
| offer a BGP feed via a websocket to facilitate people playing
| around and doing research without allowing them to accidently
| spew crap into the DFZ. Shoot me an email if you are interested
| and I'll try to get it spun up this week.
| icedchai wrote:
| Generally, your upstream won't allow you to spew crap. Route
| filters are in place. I run a small AS for hobbyist purposes
| and all my upstreams are locked down.
| chriscjcj wrote:
| 25 years ago, I worked for a small ISP (back when there was such
| a thing.) When I started there, we had one upstream ISP. I was
| charged with getting us multihomed. I found some tutorials
| written by Avi Freedman (1). I don't know what I would have done
| without him. He made an intimidating topic approachable. Thanks
| to him, I got us a /20 from ARIN and advertised our routes to two
| different peers. It was fascinating to learn how it all worked.
| And the more I learned about it, the more amazed I was that it
| worked at all.
|
| (1) http://avi.freedman.net/
|
| Avi
| nickstinemates wrote:
| I used to work for Avi at Kentik. He is a smart, nice person
| and remembered writing these articles fondly to help people
| out!
| avifreedman wrote:
| Thanks!
|
| Like the human body the more you study the Internet the more
| amazing it is not that it sometimes breaks, but that it works
| at all. Especially for video/phone/etc.
|
| Glad the content was helpful, I have links to some of them at
| avi.net (tutorials and old Boardwatch articles).
|
| I swear my motive was pure (frustration with the content out
| there) but it was easy to see back then that helping people out
| with good content yields rewards ("Can I buy a T1?") or ("Come
| run my big global network"). So I still encourage everyone to
| write about what's confusing and frustrating...
| benjojo12 wrote:
| Based on some quick sleuthing, I would assume that the 0xff
| reserved BGP attribute is likely a huawei quirk. Almost all of
| the 0xff's visible to bgp.tools (hi) follow the same format as
| the one in the post, and some of those networks with them seem to
| be running huawei kit.
___________________________________________________________________
(page generated 2024-11-25 23:00 UTC)