Tools to troubleshoot routing issues, monitor for BGP Hijacking, and alert when there are major routing issues are critical for any organization who connects to the Internet. This is a guide to help organizations pick tools that are useful.
BGP Stream by BGPMON
BGP Stream is a free resource for receiving alerts about hijacks, leaks, and outages in the Border Gateway Protocol. BGP is both a backbone protocol to the Internet and the cause behind hundreds if not thousands of daily outages. Because of its antiquated design, and a lack of adoption of encryption or automatic verification methods, there is a lack of control to prevent these outages. In addition, regular BGP change notifications do not provide context around the nature of the change or the motivation behind them. As such, real-time monitoring for BGP changes and ASN announcement updates is a very important method to find indicators of a problem.
With BGP Stream, we use an automated process to cull the largest and most important outages, what type of outage it is, and which ASNs are involved and publish those updates for free to a Twitter feed and this site. It is important to us to provide this information free, in a real-time format, providing contextual information so network engineers and owners can respond to outages as quickly as possible.
BGP Stream is an open-source software framework for live and historical BGP data analysis, supporting scientific research, operational monitoring, and post-event analysis. This is a project supported by the work at CAIDA.
tabi: BGP Hijack Detection Tool
Developed since 2011 for the needs of the French Internet Resilience Observatory, TaBi is a framework that eases the detection of BGP IP prefixes conflicts, and their classification into BGP hijacking events. The term prefix hijacking refers to an event when an AS, called a hijacking AS advertises illegitimately a prefix equal to or more specific to a prefix delegated to another AS, called the hijacked AS.
Usually, TaBi processes BGP messages that are archived in MRT files. Then, in order to use it, you will then need to install an MRT parser. Its companion is MaBo, but it is also compatible with CAIDA’s bgpreader. Internally, TaBi translates BGP messages into its own representation. Therefore, it is possible to implement new inputs depending on your needs.
Do Son work a TaBi introduction here – tabi: BGP Hijack Detection Tool
Back to the main guide BGP Route Hijacks & Routing Mistakes – What can be done Today?
These BGP security materials are provided to help people around the Internet understand how do their part to deploy a more resilient BGP infrastructure. Seek out more information on www.senki.org.