Drill down into the actual routing events in your network for diagnosis orforensics

Many routing instabilities are caused by interactionsbetween multiple routers and are very difficult to isolate because routers donot keep an event history. Diagnosis of the outage may require logging in to multiple routers andexecuting multiple “show ip bgp…” commands – a very tedious and time consumingtask. 

In the previous section we saw a routing instability.  Route Explorer’s RIB analysis alertedus to the possibility of a MED oscillation and Route Explorer’s Event Analysisidentified the exact prefix and the peers involved in the oscillation.  Let us now look at how you can confirmthe exact cause by looking at the event list.  Figure 1shows all events associated with the selected prefix during the selected timeperiod.

Figure 1

Note the following:

• The MED values are oscillating between 25, 50, and 100, confirming earlier summary analysis using Route Explorer’s Event Analysis (see above).
• The event types are oscillating between announcements and withdrawals.
• The routers generating the events are three of the BGP peers we suspected earlier to be involved in this MED oscillation.
• The timestamps of the events shows a very rapid succession of events.  This high frequency of route updates may be creating a high CPU load on all the BGP routers in this network.

HOW TO:

1. Select the “DemoTier1ISPJun02” topology and open History Navigator (see above)
2. Perform “Event Analysis” on desired time period (see above)
3. Perform the drill down analysis to isolate the prefix oscillating (as described above).
4. To see all events associated with the selected table entry: Right-Click on the entry to show the “Would you like to see details?” popup.
5. Select “Show Details” to list all events associated with the selection.

http://www.packetdesign.com