Home page logo
/

nanog logo nanog mailing list archives

Re: BGP noob needs monitoring advice
From: Vinny Abello <vinny () abellohome net>
Date: Wed, 21 Dec 2011 08:17:36 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/20/2011 2:43 PM, Andree Toonk wrote:
Hi,

.-- My secret spy satellite informs me that at 11-12-20 11:16 AM  Bret Clark wrote:
Is http://cyclops.cs.ucla.edu/ still working? I don't seem to received
emails from them anymore when we stop announcing to one of our upstream
providers. On the other hand http://bgpmon.net/ does send me emails when
an announcement disappears from an upstream, although it's usually a day
later.

Just to clarify this:
For all alert types below BGPmon.net sends out an alert within minutes:
1) prefix withdrawal (prefix disappeared)
2) new upstream
3) new prefix
4) origin AS changes
5) ASpath regex failure
6) policy violation
7) RPKI validation failure

There's one other feature, the routing-report feature, that runs only once a day. It's similar as the cidr report, 
but specific to your AS. I like to refer to it as a rancid for your BGP announcements.

It's basically a diff between how your routes were visible today and yesterday. This specific feature will also 
notify the user if you lost / gained one or more upstreams per prefix.
Also see http://bgpmon.net/blog/?p=257 for more information about that specific feature.

Unless I'm misunderstanding something, I'm concerned regarding the IPv4 bogon list on 
http://bgpmon.net/showbogons.php?inet=4 . It clearly includes several /8's that should not be there. The data seems to 
be stale as if some job is no longer pulling the updated data. It states it's being pulled from 
http://www.cymru.com/Documents/bogon-bn-nonagg.txt , but that clearly does not contain 100/8, 5/8, 181/8, 49/8 and a 
few others... and hasn't for quite some time.

- -Vinny
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)

iEYEARECAAYFAk7x3G8ACgkQUyX7ywEAl3rMjACg87ma/guBPU8mmhy/jfxz6Dzx
s6wAnRGXMTU2P1tRE+Azm+eSMKW1YENL
=RyFn
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault