Monitor violations of routing policy

By design of dynamic IP routing protocols, all networks --enterprise and service provider alike -- have a routing policy.  It may not always be explicit anddocumented.  Here are some issuesthat can arise in the area of policy.

• IGP links (routing adjacencies) have metrics assigned to them.  Vendors recommend values to assign to them based upon the link speed and delay characteristics. By and large, network designers follow these recommendations.  But temporary changes are often made to affect a particular tactical result in traffic flow.  And sometimes these changes are forgotten.

• IGP prefixes also have metrics associated with them.  These are often more arbitrarily assigned.  But they affect traffic nonetheless.
• BGP prefixes have metrics in the form of attributes.  The most common are Local-Pref and MED.  Communities are often used to set these metrics.  The misconfiguration of BGP prefix metrics can be even more damaging to your network because it can disrupt the flow of traffic between your internal ASes (such as business units) and between you and your extranet business partners, customers and the Internet.

Route Explorer can help you discover the implicit orexplicit routing policy in your network, and monitor it on an on-going basis tomake sure there are no violations of it. The following example (Figure1)shows the use of the BGP metric Local-Pref in two enterprise networks.

Figure 1

Route Explorer’s RIB Browser shows the complete breakdown ofall Local-Pref values announced in the network now at any time. Figure1,at left shows 8 separate Local-Prefs in use and the number of routes carryingeach.  The network engineer canimmediately tell if any unauthorized metric values are in use.  For example, are the 16 routes withLocal-Pref 101 meant to be distinguished from the 981 routes carrying the value100?  Or is that a configurationerror?  Figure1,at right shows another network with only three round numbered values forLocal-Pref.  This network seems tobe conformant with an explicit policy.

Figure 2

The example in Figure2shows the use of the MED attribute in a multi-domain network.  This also looks like a networkconforming to an explicit policy. Note the reuse of the same MED value in different ASes --internal aswell as service provider ASes, of this network.

The next example shows the use of policy in the IGP. Figure3shows Route Explorer’s display of links in an OSPF network. Note that mostmetric values are round numbers except for two links in the center, whose metricis 222.  Is this a temporary changethat was forgotten?

Figure 3

Route Explorer’s IGP report “Change Metrics” can be used tomonitor any changes to IGP link and prefix metrics.  The example in Figure4,at left shows all metrics that changed in a 24-hour period.  Were all of the metric changes to thisroute and its final value intentional or was it experimentation that should nowbe made to conform to the routing policy? The example at right shows a metricthat was changed from 1 to 20 to 2. What was the purpose of this set of changes?

Figure 4

HOW TO:

1. Open the Route Explorer UI
2. Open an online and recording network topology
3. To access the RIB Browser, open Tools-> History Navigator
4. In the History Navigator window, click “Analysis” drop down menu and select “RIB Browser”
5. The current RIB will be analyses and summarized in a window.
6. To see a summary of the Local-Prefs advertised in your network, click the “LocalPref” tab at the left.
7. To see a summary of the MEDs advertised in your network, click the “MED” tab.
8. To see the IGP Changed Metrics report, go to the Route Explorer’s reports web page.  See the appendix to this chapter, and the Route Explorer User’s Guide.
9. Select the Changed Metrics report and click “Configure Report”
10. Configure the report by selecting the administrative domain of your online and recording network topology
11. Select the Last 24 Hours as the report interval and press Create Report
12. If there were no metric changes in the last 24 hours, your network has been stable in that time period.  You may expand the interval to the last week or to a specific time period in the history recorded by Route Explorer.

http://www.packetdesign.com