rcc: Routing Configuration Checker

BGP Configuration Tests as of October 2005

Basic parse errors
- undefined community-lists, as-path lists, etc.
- undefined route maps
- undefined prefix-lists
- undefined distribute-lists
Tests that concern validity (i.e., could cause bogus routes to be advertised).
- AS path prepending: is the local AS prepended? if it's a remote AS, the AS path is technically invalid.
- Next-hop reachability: Is the next-hop of an iBGP-learned route reachable via the IGP? That is, if next-hop-self is not used on eBGP sessions, is the address of the external session in the IGP?
- Prefix Filtering: Do any eBGP sessions refer to distribute/prefix lists that are not defined? Does each eBGP session have a prefix ACL in either a distribute/prefix list or a route map? Are these filters up-to-date with the list of bogon prefixes?
- AS Path Filtering: For eBGP sessions that actively exchange routes to a privately numbered AS, is the private AS number removed? (either with remove-private-as or as-override?
Tests that concern visibility (i.e., could cause a route to not be advertised, even when a valid path exists)
- Is no synchronization enabled?
- Are there any iBGP-related partitions?
  - If there is no hierarchy, is iBGP full-mesh?
  - If route reflection is used, is the relationship of route reflectors to clients acyclic?
  - Are route reflectors configured such that a partition will exist?
  - If there is >1 route reflector in a cluster, do all of the clients for that cluster have a session with _every_ route reflector?
  - Are there any sessions with duplicate router-ids or loopback IP addresses?
- Are iBGP sessions between router _loopback_ addresses (as opposed to interface addresses)?
- Are there "dangling" iBGP sessions? i.e., iBGP sessions to nonexistent IP addresses?
- Are there attempts to originate a prefix with no corresponding route in the routing table? (i.e., network statements without route statements or appropriate redistribution.
Tests that concern determinism.
- Is "deterministic-med" enabled?
- Is "best path compared-routerid" enabled?
- Is next-hop-self used?
Tests that concern information-flow control.
- Are there "inconsistent" peering export policies? (ideally, an AS should export routes that look "equally good" at all peering points with a particular peer.)
- Are there inconsistent peering import policies? (less important than the previous question, but good to figure out, since an AS may inadvertently be doing "cold potato" routing when it doesn't want to)
- Is network inadvertently advertising prefixes between two peers?

IS-IS Configuration Tests as of October 2005

Basic parse errors
Technical errors
- MTU Mismatch
Tests that concern validity (i.e., could cause bogus routes to be advertised).
- Mesh Group Connectivity: Are all routers in the same mesh group fully connected?
- Routing Level Mismatch: Are routers connected by an adjacency configured for the same routing levels?
- Inter-Area Routing: Are routers in different areas connected by an adjacency configured for Level 2 routing?
Tests that concern visibility (i.e., could cause a route to not be advertised, even when a valid path exists)
- Do all routers use the same type of authentication?
- Do all routers use the same auth key, if any?
- Are there any sessions with duplicate router-ids or loopback IP addresses?
- Are IS-IS sessions between router _loopback_ addresses (as opposed to interface addresses)?
- Are there "dangling" IS-IS sessions? i.e., IS-IS sessions to nonexistent IP addresses?

Additional Configuration Tests for OSPF as of October 2005

Basic parse errors
Technical errors
- Area Checks
  - Existence of backbone area
  - Non-backbone areas are connected to backbone
  - Stub areas properly configured
  - All routers in a given area are properly configured with correct address
- No dangling OSPF links

Send us suggestions for other constraints you need checked!