Networking

Build Your Skills: Use IP and BGP to troubleshoot Internet connectivity

Trace the IP path of your Internet traffic with BGP.


You may not be too interested in the path that network traffic takes through the Internet—that is, until connection problems bring a call from the CFO, who can’t communicate with a partner company's Web site he's used every day for the last year. The CFO needs to access the site today, and you are charged with troubleshooting the problem. You try it yourself and can't access the site. You contact the company that operates the site (you were lucky; this isn't always possible), and it says that everything is fine on that end. Now you are much more interested in how your data gets from your location to this Web site, the path that it takes, and where the problem may lie on the Internet.

Of course, you can call your ISP and get the standard "We’ll look into it" response. But you still don't have an explanation for the CFO about the cause of the problem or who is to blame. The last thing you want to do is to simply say, “Our ISP is looking into it. Since we seem to be the only ones who are having the problem, it could take a long time, and I don’t know when the ISP will get back to us.”

So how does the traffic get from point A to point B? There are two ways to look at this path: from the IP perspective and from the BGP perspective.

Author's note
If you already administer your own BGP AS, this article is probably not for you. However, if you have basic or intermediate TCP/IP knowledge and are interested in learning more about Internet routing, read on.

IP perspective
The IP perspective is straightforward compared to BGP. There are tons of tools to trace your IP traffic. You can do a standard traceroute from the command line in Windows and Linux/UNIX. You can also use a tool such as AnologX's free HyperTrace utility to perform a trace that's a little bit faster and more flexible. Another option is Visualware’s VisualRoute, software that can graphically display the IP path your traffic takes through the Internet. You can use its Live Demo to trace the Internet route to and from a number of locations around the globe.

For another perspective, you can go to Traceroute.org and trace the IP path from hundreds of locations on the Internet back to the IP address or Web site in question. The combination of this service and a standard Traceroute from your location can be very useful in troubleshooting.

BGP perspective
From the BGP perspective, tracing traffic is a little more complex. First, you should understand thatBGP is the routing protocol of the Internet. BGP is a path-vector routing protocol. Just as a standard routing protocol such as RIP selects the best route based on hop count, BGP selects the best path based on the shortest autonomous system (AS) path. BGP routing domains are identified by an autonomous system number (ASN). The American Registry for Internet Numbers (ARIN), which regulates IP addresses, also regulates ASNs.

For more on BGP
If you are unfamiliar with BGP, I recommend reading Internet Routing Architectures, a book many consider the definitive reference on BGP.

So you can use the IP tools to see, possibly, where your traffic is failing. But what if it is simply an IP address that is failing? What if you want to identify the ISP that is causing the problem? What if you want to know whether Internet routing is the problem or whether the return traffic to your Web request is being sent somewhere else (not back to you) due to routing table issues? Insight into BGP can help answer these questions.

To start, you will need to know your public Internet IP address. You should be able to get this from a variety of sources. If you know your AS number, that is helpful, too. If not, you’ll soon find out. If you are at a larger site, you may have your own AS number. Or, like me, you could have a DSL connection from an ISP. In that case, your IP address would end at your provider's AS number. With your public Internet IP address, go toTraceroute.org. You can get a ton of great BGP information here from two types of sources.

First, there are Looking Glass servers. These are Web servers that are running software that can perform commands for you on BGP routers. Although some will let you run only ping and traceroute commands, others will let you do BGP commands. Hundreds of these Looking Glass servers are available at Traceroute.org. Using these servers is simplified because the service is Web based and limited to only a few commands. Figure A shows a Looking Glass server provided by the BBC.

Figure A


Note that I clicked on BGP and typed in my IP address. When I clicked Submit, I got the output shown in Figure B.

Figure B


If you have never seen BGP output info before, the data in Figure B may appear a bit daunting, but you just have to know what to look for. Take a look at the second line down. In this case, it says that there is one available path from this network (the BBC) to mine. That is important because there may often be multiple paths from one network to another. Then it shows the paths this router would take to get to your AS (which leads to your network). The fifth line down reads "6461 23215."

What do these numbers mean? BGP paths are listed starting from the source to the destination. So, the start (in this case, the BBC network, AS number not shown) first goes to AS 6461 and then to AS 23215, which is the AS where my IP address (the IP address I entered at the beginning) is located.

Who are the providers running these autonomous systems? Let’s look it up at ARIN. At the ARIN Web site, enter 6461 in the Search box on the home page. You will find that the BBC network first goes through Abovenet Communications in White Plains, NY. From there it goes to AS 23215. If we, again, do a whois lookup on ARIN, we see that AS 23215 is Megapath Networks, the ISP where my DSL line is located. So traffic from BBC goes to Abovenet and then to Megapath. This is a simple example, but you can use the same approach for Internet traffic from any network to any other network.

The second type of source, which you can check out if you want to go a little further and are interested in BGP, is Telnet-accessible BGP route servers on the Internet. These are real BGP routers, with full Internet routes, which you can log in to and do a limited set of BGP commands. Again, go to Traceroute.org and click on Route Servers. You’ll get a list of about 20 route servers, each a Telnet link.

The best route server listed is the Oregon-ix.net Route Server, which is freely accessible to perform BGP commands. It has about 36 BGP peers, more than 800,000 BGP paths, and entries for more than 129,000 Internet networks. Using my example information on this route server, I can issue this command
show ip bgp 64.32.205.237

and get the output shown in Listing A.

As you can see, this router has 52 paths to get to the BGP AS where my IP address is located. It says that path #26 is the best route (based on BGP metrics). You can also do a BGP regular expression, with AS numbers, like this one:
show ip bgp regexp 23215$

This regular expression asks for every IP network in BGP that terminates at AS 23215. I won’t include the full output since it is hundreds of lines long, but Listing B is a truncated look at the output.

Basically, this router has hundreds of networks that terminate at the AS number given. This command may be useful for troubleshooting BGP paths, especially if your AS is advertising fewer routes. For explanations of what each command does, refer to Configuring BGP and the Command Reference for BGP on Cisco’s Web site. For more information on how BGP works, configuring BGP, and doing BGP show commands, check out these links:

Lower the frustration level
Because the Internet is the most complex network in the world and is run by thousands of providers, getting problems resolved can be frustrating and time consuming. The next time you need some Internet troubleshooting tools, you may be able to use these examples and tips to pinpoint the problem and get it resolved faster. Or perhaps tell your ISP where the problem is so that it can be resolved faster.

Editor's Picks