|
The BGP Attribute Checker is designed to verify the BGP attributes of specific routes on a Cisco router. This script will telnet to a list of routers and perform a “show ip bgp a.b.c.d” on a list of predefined routes. From this output, the BGP “best” path is extracted along with the attributes of the “best” path. These attributes are compared against the expected attributes, which are pre-defined in an input file. Each router in the list has its own unique routes and attributes to check. If the recorded attributes do not match the expected attributes, an error is logged in the “summary.log” file. This script can also accommodate MPLS VPNs where there are multiple routing tables (VRFs) on the router.
Program Name: check_bgp_routes
Script Argument
|
Description
|
-sf <filename>
|
Input variable file which tells the program which bgp routes to check on which routers. Along with the expected BGP attributes of the route. The sample template filename is check_bgp_routes_template.txt (REQUIRED)
|
-nhop
|
Check the BGP Next Hop attribute (OPTIONAL)
|
-metric
|
Check the Metric (MED) attribute (OPTIONAL)
|
-lpref
|
Check the BGP local preference attribute (OPTIONAL)
|
-otype
|
Check the BGP Origin Type attribute (OPTIONAL)
|
-aspath
|
Check the BGP AS Path attribute (OPTIONAL)
|
-ual (1 or 2)
|
User Access Level. Tells the script what access-level (1st or 2nd) to log into the router before sending the commands. By default the script will only go into 1st level access.
(OPTIONAL but most likely necessary)
|
-nokey
|
Don’t prompt user for encryption key when using encrypted password file. (OPTIONAL)
|
-ssh
|
Use Secure Shell when accessing routers. Do NOT use with -pw option. (OPTIONAL)
|
-pw <filename>
|
Login/Password File. (OPTIONAL)
|
-log <filename>
|
Save detailed trace file to a name other than the default file name. (OPTIONAL)
|
-ulog
|
Unique Log file. Save detailed trace log file to a Unique filename automatically created by script. Filename will be in format of scriptname_timestamp.log. (OPTIONAL)
|
By default, all of the BGP attributes for a given route will be checked. However, if any of the BGP attribute flags (e.g. –nhop, -lpref, etc) are explicitly defined on the command line (or option box for GUI) then ONLY those attributes defined on the command line will be checked. This is useful if you only want to verify one or some of the attributes and not all of them. Thus, your input file (containing expected attributes) only needs to be accurate for the attributes that you wish to verify which saves time when defining the input file.
This script can also be used in service provider type environments where there are BGP/MPLS VPNs and multiple routing tables (VRFs) in each router. When setting up the input file, there is a variable which tells the script whether to enter a VPN name when issuing the command “show ip bgp a.b.c.d”. If VRFs are present, then the actual command issued will be:
ch-per> show ip bgp vpnv4 vrf <vpn_name> <x.x.x.x> <mask>
The attributes of the routes/prefixes that will be checked are controlled by the variables in the input file (-sf <filename>). This file is in TCL format and contains TCL list variables. The list variable RTR_LIST defines the list of routers that the script will telnet to. It also includes another variable, PREFIX_LIST_x, that defines the BGP routes that will be checked while telneted into each router. The value of x, in PREFIX_LIST_x, is a numerical value that must be different for each router.
Below shows a sample entry for the RTR_LIST variable. The first item in the list “ny1”, is the router that the script will telnet to. This must be an IP Address or a name that can be resolved through DNS. If the -pw <password_file> option is used, then this IP Address/Name must also be defined in the password_file. (Note, they must match exactly [case sensitive]). The second argument must be either “yes” or “no” (case sensitive). This tells the script whether the routing database is a contained in a VRF. This is for environments where multiple routing tables exist on the router (BGP/MPLS VPNs). If there are multiple routing tables with VRFs, then this parameter should be “yes”. Otherwise for “typical” environments, this value should be “no”. The third argument is the “VPN Name”. This argument is only significant if the 2nd argument is “yes”. If you are not using BGP/MPLS VPNs, this value can be any string enclosed in double quotes; as it is not referenced. Note, it still must be defined!
lappend RTR_LIST [list "ny1" "no" "vpn_643" "$PREFIX_LIST_1"]
The fourth argument is another variable (PREFIX_LIST_x) that contains the associated list of BGP routes and attributes to check while in that router. Below shows a sample of PREFIX_LIST_x and below that is the actual corresponding values that you would see in the router. (Note, this should be on a single line in your input file. If your line becomes too long and you’d like to break it into two lines, you can put a “\” (backslash) at the end of the first line and continue the BGP attribute definitions on the second line. There CANNOT BE ANY spaces after the backslash character.)
lappend PREFIX_LIST_1 [list "150.140.0.0" "255.255.0.0" "yes" "175.16.20.5" "N/A" "100" "IGP" " 225 225 1005"]
lappend PREFIX_LIST_1 [list "150.140.0.0" "255.255.0.0" "BEST" "RU" "172.16.20.5" "yes" "172.16.20.5" "N/A" "100" "IGP" "N/A" "N/A" "225 225 1005"]
ny1#show ip bgp 150.140.0.0 255.255.0.0
BGP routing table entry for 150.140.0.0/16, version 1453
Paths: (1 available, best #1, table Default-IP-Routing-Table)
Not advertised to any peer
225 225 1005, (received & used)
175.16.20.5 from 175.16.20.5 (10.10.2.1)
Origin IGP, localpref 100, valid, external, best
ny1#
| • | The 1st item in the list, “150.140.0.0”, is the route the BGP attributes will be checked on. |
| • | The 2nd item, “255.255.0.0”, is the subnet mask for the route. |
| • | The 3rd item, "BEST", states whether this should be the "Best" bgp route or if you are looking for any of the other possible alternate bgp choices for a given prefix. Many time you want to know that the alternate selection is in the BGP table. If your are looking for the alternate route, then this value should be set to "ANY" |
| • | The 4th item, "RU" states whether the BGP entry is "received & used" or or "receive-only". Prefixes that are learned from other peers but are filtered by inbound route-lists or route-maps, will still show up when a "show ip bgp x.x.x." is performed. However, routes that are blocked by inbound prefix lists or route-maps will show up as "receive-only". Note, you must set "bgp soft-reconfiguration inbound" for a peer in order to see this information. |
| • | The 5th item,"172.16.20.5", is the BGP neighbor that the route was learned from, this is not always the same as the BGP next-hop attribute. |
| • | The 6th item, “yes”, can have a value of “yes” or “no” and tells the script whether this route should even be present in the BGP database. In some cases you may want to verify that routes are NOT in the BGP database. If you set this value to “no” and the route is present in the BGP database, an error will be logged. To check the attributes for a route, set this value to “yes”. |
| • | The 7th item, “175.16.20.5” is the BGP “next-hop” attribute. |
| • | The 8th item, “N/A”, is the BGP MED attribute. |
| • | The 9th item, “100”, is the BGP local preference attribute. |
| • | The 10th item, “IGP”, is the BGP “Origin-type”. |
| • | The 11th item, "N/A" is the BGP weight attribute |
| • | The 12th item, "N/A" is the BGP community attribute. |
| • | The 13th and last item, “ 225 225 1005”, is the “AS Path” attribute. Spaces or tabs can be used to separate the AS numbers when defining the path. In some cases, the AS Path will be “local”. See the sample template for more examples. |
If any of the attribute values are not present when issuing the command “show ip bgp x.x.x.x mask”, then put in the string “N/A” (case sensitive) in that field. This tells the script not to search for that attribute for a particular route. The sample above shows this scenario for the 5th item, the BGP MED attribute. Notice, the metric is not defined in the above sample output from the router.
Below shows the sample input file (check_bgp_routes_template.txt) that is provided with the program and should be used as a template when creating your own input files. If the end-user installation instructions were followed (Section 3.2.2), this sample template file should be in the same directory where you run the scripts from. (Note, for MS Windows, the installation utility automatically copies this template file to the C:\Program Files\net-sense\userdata directory.)
The template input file below instructs the script to do the following:
| 1. | Telnet into router “br1” and check the BGP attributes of the routes listed in PREFIX_LIST_1 (Note, the router br1 uses VRFs) |
| 2. | Telnet into router “sj2” and check the BGP attributes of the routes listed in PREFIX_LIST_2 (Note, the router sj2 uses VRFs) |
| 3. | Telnet into router “192.168.1.27” and check the BGP attributes of the routes listed in PREFIX_LIST_3 (Note, the router 192.168.1.27 does not use VRFs) |
###############################################################################################
# Note, the yes/no field is whether or not the BGP best route should be present in the routing
# table. This is good for failure scenarios where you may want to confirm that a route is not
# reachable after a failure of some type.
###########################################################################################################################################################
# For router: br1 (Using VRF VPN_A)
# Variables subnet mask BEST/ANY RU/RO NBR yes/no next_hop metric pref origin weight community as_path
###########################################################################################################################################################
lappend PREFIX_LIST_1 [list "10.134.134.0" "255.255.255.240" "BEST" "RU" "0.0.0.0" "yes" "172.25.0.34" "0" "100" "incomplete" "N/A" "65020:1" "65020"]
lappend PREFIX_LIST_1 [list "10.25.25.1" "255.255.255.240" "ANY" "RU" "172.21.32.10" "yes" "172.21.32.10" "N/A" "100" "incomplete" "N/A" "65020:2" "65002 65002 65020"]
lappend PREFIX_LIST_1 [list "10.45.45.1" "255.255.255.240" "ANY" "RU" "172.24.32.10" "yes" "172.24.32.10" "N/A" "100" "incomplete" "N/A" "65020:2" "65002 65002 65020"]
lappend PREFIX_LIST_1 [list "10.3.3.1" "255.255.255.240" "BEST" "RU" "0.0.0.0" "yes" "172.21.32.6" "N/A" "100" "incomplete" "N/A" "65010:3" "65003 65010"]
###########################################################################################################################################################
# For router: sj2 (Using VRF VPN_A)
# Variables subnet mask BEST/ANY RU/RO NBR yes/no next_hop metric pref origin weight community as_path
###########################################################################################################################################################
lappend PREFIX_LIST_2 [list "2.2.2.0" "255.255.255.0" "BEST" "RU" "0.0.0.0" "yes" "172.25.0.34" "0" "100" "incomplete" "N/A" "65020:1" "65020"]
lappend PREFIX_LIST_2 [list "3.3.3.0" "255.255.255.0" "ANY" "RU" "172.21.32.10" "yes" "172.21.32.10" "N/A" "100" "incomplete" "N/A" "65020:2" "65002 65002 65020"]
lappend PREFIX_LIST_2 [list "4.4.4.0" "255.255.255.0" "ANY" "RU" "172.24.32.10" "yes" "172.24.32.10" "N/A" "100" "incomplete" "N/A" "65020:2" "65002 65002 65020"]
lappend PREFIX_LIST_2 [list "5.5.5.0" "255.255.255.0" "BEST" "RU" "0.0.0.0" "yes" "172.21.32.6" "N/A" "100" "incomplete" "N/A" "65010:3" "65003 65010"]
##########################################################################################################################################################
# For router: 192.168.1.27
# Variables subnet mask BEST/ANY RU/RO NBR yes/no next_hop metric pref origin weight community as_path
##########################################################################################################################################################
lappend PREFIX_LIST_3 [list "2.2.2.0" "255.255.255.240" "BEST" "RU" "0.0.0.0" "yes" "172.25.0.38" "0" "100" "incomplete" "N/A" "65020:1" "65020"]
lappend PREFIX_LIST_3 [list "3.3.3.0" "255.255.255.240" "ANY" "RU" "172.21.32.14" "yes" "172.21.32.14" "N/A" "100" "incomplete" "N/A" "65020:2" "65002 65002 65020"]
lappend PREFIX_LIST_3 [list "4.4.4.0" "255.255.255.240" "ANY" "RU" "172.24.32.14" "yes" "172.24.32.14" "N/A" "100" "incomplete" "N/A" "65020:2" "65002 65002 65020"]
lappend PREFIX_LIST_3 [list "5.5.5.0" "255.255.255.240" "BEST" "RU" "0.0.0.0" "yes" "172.21.32.10" "N/A" "100" "incomplete" "N/A" "65010:3" "65003 65010"]
################################################################################
# The list of routers to telnet to and confirm the BGP routes
# Field Definitions:
# 1. rtr: Router to telnet to and check bgp routes
# 2. Are the prefixes we are checking in VRFs?
# This basically states whether the script needs to enter
# "show ip bgp" or "show ip vpnv4 vrf vpn_name bgp"
# 3. VPN name on router. This is only relevant if the 2nd field is "yes"
# 4. The associated Prefixs to check on this router
# rtr vrf? vpn_name prefix list
################################################################################
lappend RTR_LIST [list "br1" "yes" "VPN_A" "$PREFIX_LIST_1"]
lappend RTR_LIST [list "sj2" "yes" "VPN_B" "$PREFIX_LIST_2"]
lappend RTR_LIST [list "192.168.1.27" "no" "NA" "$PREFIX_LIST_3"]
Sample Command: The following command will run the BGP attribute checker utility using the information contained in the file check_bgp_routes_east.txt. The script will not prompt the user for passwords because the passwords are being read in from the logins.txt file (-pw option).
check_bgp_routes -pw logins.txt –sf check_bgp_routes_east.txt -ual 2
|