BGPmon.net is looking for your feedback
A few months ago BGPmon.net became available for all network operators looking for a tool to monitor there BGP announcements and prefixes.
Now 3 month later I'm looking for feedback from you so that I can get a better understanding of how people are using this, what works and what doesn't.
Particularly I'm interested in:
1) Real life experiences.
I would like to hear some use cases of how BGPmon.net helped you solve or detect a particular issue?
Did you encounter any real hijacks and how did BGPmon.net help you with this? Or maybe you detected a configuration error in your BGP config, causing you to leak unwanted prefixes? Or any other use cases.
2) New features to improve functionality and user friendliness.
Would you like to see some new features, or checks? Or maybe improvements in the web interface? or additional notification mechanisms? Why and how would you use these?
It would be greatly appreciated if you can provide me any feedback or share your experiences. Just leave it on this Blog or send me an email.
Thanks for you support!
17 comments
I think it’s great. Although a bit more space for the AS path Regex field would be nice. Keep up the good work!
-Don
As we’ve been using it only for a few days, it did not uncover anything unusual this far. We are using RIPE’s myASN as well, and I see BGPmon as a second source of alerts.
I have used it for a couple of months and I have noticed it’s chatty. It’d be nice if I could say: Only send me alerts if the source ASN changes or 2 ASNs beyond that.
It is a nice tool. Thanks for your work! 🙂
scott
Hi Scott,
Thanks for your feedback!
Just to quickly react on this as what you want is probably already possible.
It looks like you have a good knowledge of how the ASpath should look like. In that case using the regex functionality probably offers what you need. This link faq entry might be useful: http://bgpmon.net/faq.php#23 (option 2).
In addition to that, remember that it’s possible to suppress more specifics. More specifics are triggering the majority of notification messages. Of course it’s best to add all valid more specifics to the system, the autodetect functionality can help you with that.
Cheers,
Andree
– I would like to see more selection features on the BGP updates page. Right now it records everything and I have 70+ pages to wade thru. I would like to see BGP updates for just a specific ASN or a specific prefix or on a time range.
– I would like the ability to delete older entries – not one at a time but as a range of entries.
Hi,
Indeed a nice tool, keep up the good work! I’ve used it for a couple of months, and this week it helped us to detect a problem with our ISP who upgraded their router software causing bgp problems, but sorry, no HiJacks detecetd 😉
Cheers,
Andre
One more thing: You list the Top 25 Origin AS numbers in the current routing table, by prefix count. It would be great if you could also rank them by number of IP adresses.
Well it works, 1 brief accidental hijack detected.
But the as-path regexp system is to static and triggers way too many false alarms, we get new path after new path. I guess we’re just too well peered everywhere 🙁
I wish the logic on the notifications was a bit better. instead of notification level x and below make it a bitmask so that i can pick and choose which notifications i’d like to get.
this is a great tool though i love it!
We only recently started using BGP but I read about this on the Tao of Security and signed up. Like the results so far and don’t have any suggestions on how to improve.
Thanks for the great work
@Steven
Hi Steven. Thanks for your feedback! You are referring to the “Auto detect regular expression” Functionality. You are right, it’s not always detecting all your peers correctly. This mainly has to do with the visibility of those prefixes via these specific peers. I just made some changes to the software in order to improve the learning system, that should make the auto detect regex functionality better.
Having said that, it’s important to realize that this (auto detect regex) is this a tool that helps you build a regular expression by guessing your peers. You can always define your own regular expression. Or use the detected regex as a starter and add all your peers to the regex.
A basic regex would look like this:
(^|\s)peer1|peer2|peer3|peer4) YOUR_AS$Just make a list of all your peers and use that to create the regex. It’s a one time job, after that you should not receive any (code 41, regex mismatch) false alarms any more.
Hope that helps,
Cheers,
Andree
Good work. I caught lots of hijack from my upstream. I never had checked before without any complaint.
Thanks for your service.
BGPmon has recently aided us in identifying a problem where our upstream traffic drastically changed to a less preferred provider. BGPmon identified the problem as an upstream advertising our prefixes as their origin AS and then notified me within about 15 minutes of the change. Unfortunately the upstream isn’t as quick in fixing their oops as BGPmon is in identifying =)
Nice work so far.
I used to use MyASN but will also try BGPMon in my work.
I noticed some of our prefixes currently announced are red marked. They have properly created route object and correct origin AS … but the AS is entered as “asXXXXX” instead of “ASXXXXX” – small letters instead of capital ones.
Would you take a look at this.
The blog is very useful.
Best~
Hi DBelev,
Can you give me an example prefix & originAS. Also which IRR did you register your prefix in?
If you can provide me with this info then I will take a look at it.
Thanks,
Andree
Hi DBelev,
I just went trough the code and found the issue you described. I fixed it and restarted the IRR scripts. The database should now also contain your route objects.
Please let me know if you experience any further problems.
Andree
HI Andree,
Sorry about may late replay …
I see everything is operational at the present moment.
Thank you for your prompt assistance!
Best~