Route-Views Bibliography

Route-Views Data

There are two data formats; those collected from the Cisco and those from the Zebra routing software. For those unfamiliar with these systems, a description of their formats follows.

The data file intervals are as follows:

Cisco - The Cisco format is collected on two hour intervals starting at 00:00. This process is relatively slow, so the actual timestamps will vary. Any missing or truncated data are likely due to the router crashing or local network maintenance.
Zebra - There Zebra files (RIBS and UPDATES) have different intervals. RIBS are snapshots and are collected every 2 hours. UPDATES are ongoing files that are rotated every 15 minutes. These intervals begin when the daemon is started, not from some specific time.

MRT RIB and UPDATE files have internal timestamps in the standard Unix format, however the file names are constructed based on the time zone setting of the collector. The collectors had their time zones set to Pacific Time prior to Feb 3, 2003 at approximately 19:00 UTC. At that time all but one of the existing collectors had their time zones reset to UTC. The one exception was routeviews.eqix which was not reset to UTC until Feb 1, 2006 at approximately 21:00 UTC.

Cisco -

The Cisco data is the output of the "show ip bgp" command, collected directly from it's CLI. The routes and their attributes appearing in the output are all post-routing policy, but the only policy applied by Route-Views sets the next hop to the peer IP address.

The output begins with a legend of the status codes that occupy the first two character positions of each line containing a route and indicate the status of the route. The origin code legend applies to the last character of the line and is the value of the well-known BGP ORIGIN attribute.

The remaining lines are routes described in five columns.

Network - the BGP prefix for this route, which will include a prefix length (or mask) unless it has a "classical" (pre-CIDR) length of 0, 8, 16, or 24 bits corresponding to a default route (0 bits) or a class A, B, or C.
In some cases the network field may exceeded it's allotted space and the line will split. In others, the field is blank indicating it is another route for the prefix that appeared last.

Next Hop - the well-known BGP NEXT_HOP attribute. The next hop is the address to which traffic for this prefix will be forwarded, ie: the next hop in the path to it's destination. Note that actual forwarding may be recursive through other routes which may not be BGP routes. The address may be 0.0.0.0, indicating that the next hop is directly connected.

Metric - the well-known BGP MULTI_EXIT_DESCRIMINATOR attribute. The is a simple non-transitive metric value or cost. When considered in the BGP route selection process, the lowest value is preferred. It's bounds are 2^32 - 1.
Many router vendors allow routing policy to set this value from the sum of the metrics in the recursive resolution of a route.

LocPrf - the well-known BGP LOCAL_PREFERENCE attribute. This is an administrative preference value. When considered in the BGP route selection process, the hight value is preferred.

Weight - an administrative preference particular to the Cisco. Most vendors have such a value. It is purely a local value, not exchanged between peers in BGP. When considered in the BGP route selection process, the highest value is preferred. It is often used to prefer routes for directly connected prefixes above any other route.

Path - the well-known BGP AS_PATH attribute. This records the autonomous systems (identified by an ASN or autonomous system number) though which a route has been exchanged before it was received by the router. If the field is empty, the route was generated by the local ASN. When considered in the BGP route selection process, a shorter (fewer number of ASNs) AS path is preferred.

Sample:

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*  3.0.0.0          207.126.96.1            20             0 6461 701 80 i
*                   204.42.253.253                         0 267 2914 701 80 i
*                   216.140.8.63             3             0 6395 701 80 i
*                   216.140.14.127        1596             0 6395 701 80 i
*                   203.181.248.233                        0 7660 1 701 80 i
*                   212.4.193.253                          0 8918 701 80 i
*                   134.24.127.30           58             0 1740 701 80 i
*                   216.140.2.63             6             0 6395 701 80 i
*                   198.32.162.18        19303             0 4513 701 80 i
*                   193.0.0.56                             0 3333 9057 3356 701 80 i
*                   207.172.6.173           31             0 6079 701 80 i
*                   4.0.0.2               2115             0 1 701 80 i
*>                  12.127.0.249                           0 7018 701 80 i
*                   204.70.4.89                            0 3561 701 80 i
*  4.0.0.0          207.126.96.1             0             0 6461 1 1 1 1 i
*                   203.62.248.4                           0 1221 16779 1 i
*                   203.62.252.21                          0 1221 16779 1 i
*                   204.42.253.253                         0 267 2914 1 i
*  4.25.52.128/26   203.62.248.4                           0 1221 16779 1 189 ?
*                   203.62.252.21                          0 1221 16779 1 189 ?
*                   198.32.162.18        51804             0 4513 1755 1 189 ?
*>                  4.0.0.2              18740             0 1 189 ?
*                   192.121.154.25                         0 1755 1 189 ?
	...

The second Cisco format collection is of BGP dampening data (the oix-route-views-damp directory of the archive). Route-Views uses the default dampening timers. This data is best explained by Cisco's documentation. IOS 12.0 documentation describes the dampening parameters as follows:

bgp dampening [half-life reuse suppress max-suppress-time] [route-map map]

half-life (Optional) Time (in minutes) after which a penalty is decreased. Once the route has been assigned a penalty, the penalty is decreased by half after the half-life period (which is 15 minutes by default). The process of reducing the penalty happens every 5 seconds. The range of the half-life period is 1 to 45 minutes. The default is 15 minutes.
reuse (Optional) If the penalty for a flapping route decreases enough to fall below this value, the route is unsuppressed. The process of unsuppressing routes occurs at 10-second increments. The range of the reuse value is 1 to 20000; the default is 750.
suppress (Optional) A route is suppressed when its penalty exceeds this limit. The range is 1 to 20000; the default is 2000.
max-suppress-time (Optional) Maximum time (in minutes) a route can be suppressed. The range is 1 to 20000; the default is 4 times the half-life. If the half-life value is allowed to default, the maximum suppress time defaults to 60 minutes.

Zebra -

Zebra has a mechanism to dump BGP data built-in. It can dump it's BGP RIB, the full BGP data stream of each peer, and various state information. The format of these is called MRT format.

The default format, often call human readable, displays a paragraph for each MRT record. All records include the time it was recorded and it's type. The remaining fields vary depending upon the type of record.

In the example below, the remaining fields are the attributes from a single BGP update message.

TIME: 05/09/03 04:01:59
TYPE: BGP4MP/MESSAGE/Update
FROM: 198.58.5.254 AS3727
TO: 198.58.5.34 AS3936
ORIGIN: IGP
ASPATH: 3727 2914 6730 8640
NEXT_HOP: 198.58.5.254
ATOMIC_AGGREGATE
AGGREGATOR: AS8640 195.141.213.58
COMMUNITY: 2914:420 2914:2000 2914:3000 3727:380
ANNOUNCE
  195.28.224.0/19


The second format is called machine readable.  The same fields are present,
but they are separated by a "|" (bar or pipe character), abbreviated in some
cases, and occupy a single line.  Since BGP update messages can carry
multiple withdrawn ("unfeasible") and announced (NLRIs), a single message may
produce to multiple lines.

All records include the fields:
  BGP protocol|unix time in seconds|Withdraw or Announce|PeerIP|PeerAS|Prefix|

For withdrawn routes, the fields are:
  BGP protocol|unix time in seconds|Withdraw or Announce|PeerIP|PeerAS|Prefix

For announcements, the fields are:
  BGP protocol|unix time in seconds|Withdraw or Announce|PeerIP|PeerAS|Prefix|AS_PATH|Origin|Next_Hop|Local_Pref|MED|Community|AtomicAGG|AGGREGATOR|

BGP4MP|1052452930|W|198.58.5.254|3727|194.127.245.0/24
BGP4MP|1052452919|A|198.58.5.254|3727|195.28.224.0/19|3727 2914 6730 8640|IGP|198.58.5.254|0|0|2914:420 2914:2000 2914:3000 3727:380|AG|195.141.213.58|



12 Nov 2003
help@routeviews.org

half-life	(Optional) Time (in minutes) after which a penalty is decreased. Once the route has been assigned a penalty, the penalty is decreased by half after the half-life period (which is 15 minutes by default). The process of reducing the penalty happens every 5 seconds. The range of the half-life period is 1 to 45 minutes. The default is 15 minutes.
reuse	(Optional) If the penalty for a flapping route decreases enough to fall below this value, the route is unsuppressed. The process of unsuppressing routes occurs at 10-second increments. The range of the reuse value is 1 to 20000; the default is 750.
suppress	(Optional) A route is suppressed when its penalty exceeds this limit. The range is 1 to 20000; the default is 2000.
max-suppress-time	(Optional) Maximum time (in minutes) a route can be suppressed. The range is 1 to 20000; the default is 4 times the half-life. If the half-life value is allowed to default, the maximum suppress time defaults to 60 minutes.