The Border Gateway Protocol (BGP) is a fundamental part of sending data over the internet. That’s why the team here at Kentik just introduced BGP monitoring. BGP exchanges routing and reachability information for connecting autonomous systems. Without it, there would be no way to scale the internet or even make it work at all.
Monitoring BGP to ensure proper operation is critical for any organization. At Kentik, we’ve been helping our customers monitor flows in BGP networks for years. We’ve also helped customers understand the origination and destination of BGP flows that cross their networks. We help enterprises and service providers see the relationship between traffic flows and applications, originating ASNs and CDNs. We provide workflows that help improve the costs, performance and plan capacity for BGP networks. We’ve also helped our customers secure their networks with RPKI. Now, we’re moving to proactive measures to keep you ahead of the game. Our first capability in this area, of many to come, is something we call BGP monitoring.
But before we share what we released, let’s first look at why BGP monitoring is important.
Before we go into what can go wrong, it is good to monitor BGP to verify route changes that you make in the ordinary course of network operations. For example, you may have changed a service provider relationship. In this case, you want to be sure that your routes are correctly advertised and reachable following the change.
There are many entities and devices that participate in BGP networks, so there are numerous potential points of failure or problems. It is well-known that BGP has weaknesses around authentication and verification of routing claims. Here are some of the most common issues.
BGP Route Misconfigurations
Advertising routes that cannot deliver traffic is known as “blackholing.” If you advertise some part of the IP space owned by someone else, and that advertisement is more specific than the one made by the owner of that IP space, then all of the data on the internet destined for that space will flow to your border router. This will effectively disconnect that black-holed address space from the rest of the internet.
Route hijacking is using another network’s valid prefix as your own. This can cause severe problems across the entire network. The majority of the route hijacking on the internet is due to unintentional misconfiguration. That doesn’t mean that someone couldn’t be attempting to disrupt service or intercept packets, but a common cause is simply a typo in the config file.
Route flapping occurs when a router advertises a destination network via one route, then changes to another (or as “unavailable,” and then “available” again) quickly. This can cause other routers to recalculate routes, consuming processing power and potentially disrupting service.
Route flapping and other problems can be caused by hardware errors, software errors, configuration mistakes, and failures in communications links such as unreliable connections. These can cause reachability information to be repeatedly advertised and withdrawn. A common failure occurs when an interface on a router has a hardware problem that will cause the router to announce it alternately as “up” and “down.”
BGP hijacking can be used to launch a DDoS attack where the attacker poses as a legitimate network by using another network’s valid prefix as their own. If successful, traffic can be redirected to the attacker’s network, thus denying service to the user.
To help customers proactively monitor BGP and avoid these common problems with BGP networks, Kentik has introduced BGP monitoring. In response to customer requests and feedback, we have developed a comprehensive roadmap for BGP monitoring, and we believe our solution will have significant performance advantages over alternative solutions.
The first part of Kentik’s solution is BGP Route Viewer. BGP Router Viewer appears as a tab along with the existing SaaS and Cloud Performance tabs. For customers who have entered prefixes in their Network Classification settings, we will automatically load BGP update data for those prefixes in this tab. For customers who have not entered any prefixes in their Network Classification settings, we will show an interface that allows you to do so and give you the option to save the entered prefixes to the Network Classifications page.
Users will see all BGP announcements and withdrawals observed by Vantage Points (VPs) over the most recent 12-hour period presented as bar charts as well as a table. Each bar represents five minutes of data. Clicking over a specific bar filters updates to that specific five minute time window. For each event in the table, we indicate the type (announcement vs withdrawal), the origin AS (the one that the prefix belongs to), the prefix, the AS path (from the VPs AS to the origin AS), the length of the path (number of hops) and the data set (RouteViews data or Kentik private peer data).
Kentik’s architecture delivers frequent updates, as often as each minute, giving users the most up-to-date information quickly and minimizing the delay needed to identify and respond to issues.
Kentik uses hundreds of BGP feeds to ensure better network coverage, accuracy and performance. Kentik users will automatically get a 3x to 5x advantage over other solutions in terms of coverage and performance. Kentik’s BGP Route Viewer is easy to use, using the ASes / prefixes you already report or can easily add. Kentik’s BGP Route Viewer is available today and is free to use for all Kentik customers and trials.
BGP Route Viewer is just the start. We have many additional features coming soon on the product roadmap, including the ability to get immediate notifications for hijacks, data to help you better understand BGP performance, visualizations, and the ability to monitor reachability from your choice of vantage points.
If you own ASes and advertise routes to the internet directly or via a service provider, BGP is one of the most crucial components of your network infrastructure. Yet, as we have described, many things can go wrong. Kentik’s unique approach provides essential coverage and performance advantages, not available in other solutions. And, we have a complete roadmap with many more features coming soon.
BGP monitoring is essential and is an integral part of network observability — the ability to answer any questions about your network. Start monitoring BGP with Kentik today!