The Internet Mechanic
The Internet Mechanic
by
theinternetmechanic.dev
The internet is a collection connected networks, at the heart of it lies BGP. as such, monitoring your BGP network is an important task to ensure no configuration or malicious attacks are present at your network. BGPAlerter is a tool developed by NTT that monitors eBGP in real-time with the ability to send alerts to multiple notification channels. with BGPAlerter you can monitor you network for any of the following scenarios:
BGPAlerter can be installed either by using the per-compiled binaries, compiling from source, or using Docker. for simplicity We’ll be using the Binary version running on Linux Ubuntu 18.04.
First we are going to download the binary release from here.
mkdir /opt/bgpalerter
cd /opt/bgpalerter
wget <https://github.com/nttgin/BGPalerter/releases/download/v1.29.0/bgpalerter-linux-x64>
Next, simply change the permission to make it executable and run the binary
chmod +x bgpalerter-linux-x64
mv bgpalerter-linux-x64 bgpalerter
./bgpalerter
First time running bgrpalerter you will be with a configuration wizard that will walk you through the configuration, you will be asked to:
?The file prefixes.yml cannot be loaded. Do you want to auto-configure BGPalerter? Yes
?Which Autonomous System(s) you want to monitor? (comma-separated, e.g., 2914,3333) 15706
? Do you want to be notified when your AS is announcing a new prefix? Yes
? Do you want to be notified when a new upstream AS appears in a BGP path? Yes
? Do you want to be notified when a new downstream AS appears in a BGP path? Yes
After completing the wizard, BGPAlerter will create the config file “config.yml” and “prefixes.yml”
the prefixes.yml file will contains all the prefixes belonging to the ASNs you are monitoring with additional attributes
10.0.0.0/24:
description: Customer1
asn:
- 65536
ignoreMorespecifics: false
ignore: false
group: group1
192.168.0.0/24:
description: No description provided (No ROA available)
asn:
- 65536
ignoreMorespecifics: false
ignore: false
group: group2
All of BGPalerter configuration is stored in config.yml, the main sections you will be configuring are:
by default alerts will appear on logs/report.log, alternatively additional methods of notification can be configured such as email, slack, telegram, alerta, kafka, …etc.
below sample shows configuring email alerts.
- file: reportEmail
channels:
- hijack
- newprefix
- visibility
- path
- misconfiguration
- rpki
- roa
params:
showPaths: 5 # Amount of AS_PATHs to report in the alert
senderEmail: bgpalerter@thenetmechanic.com
# BGPalerter uses nodemailer.
# The smtp section can be configured with all the parameters available at <https://nodemailer.com/smtp/>
# the following are just the most useful one
smtp:
host: mail.thenetmechanic.com
port: 25
secure: false # If true the connection will use TLS when connecting to server. If false it will be still possible doing connection upgrade via STARTTLS
ignoreTLS: true # If true TLS will be completely disabled, including STARTTLS. Set this to true if you see certificate errors in the logs.
auth:
user: samir@thenetmechanic.com
pass: <email_password>
type: login
tls:
rejectUnauthorized: true # Reject unauthorized certificates
notifiedEmails:
default:
- samir@thenetmechanic.com
the email you will receive will look like
type:announcement timestamp:1643956781131 prefix:2a00:5884::/32 peer:124.0.0.3 path:[1,2,3,204092] nextHop:124.0.0.3 aggregator:null
DETAILS:
------------------------------------------------------
Monitored prefix: 10.0.0.0/24
Prefix Description: Customer1
Usually announced by: 65536
Event type: monitor-passthrough
Now announced by: 65538
Now announced with: 2a00:5884::/32
When event started: 2022-02-04 06:39:41 UTC
Last event: 2022-02-04 06:39:41 UTC
Detected by peers: 1
See in BGPlay: <https://bgplay.massimocandela.com/?resource=0.0.0.0/0&ignoreReannouncements=true&starttime=1643956481&endtime=1643956781&rrcs=0,1,2,5,6,7,10,11,13,14,15,16,18,20&type=bgp>
Top 1 most used AS paths:
2,3,204092
You can monitor your BGPAlerter process to make sure the service is always up using the “uptimeAPI”. this enables retrieving the current status of BGPAlerter through API.
To configure uptimeAPI in the config.yml
processMonitors:
- file: uptimeApi
params:
useStatusCodes: true
The API is reachable at http://localhost:8011/status and provides a summary of the status of various components of BGPalerter. If any of the components is having a problem, the attribute warning is set to true.
Below is example of of the API output:
samir@tnm01:~$ curl -s <http://localhost:8011/status> | jq
{
"warning": false,
"connectors": [
{
"name": "ConnectorRIS",
"connected": true
}
],
"rpki": {
"data": true,
"stale": false,
"provider": "rpkiclient"
}
}
samir@tnm01:~$
You can change the port or the IP address from the localhost in the config.yml
Get our most valuable tips right inside your inbox, once per month!
I once had a situation that underscored the importance of communication. I was working on a project with a team of brilliant engineers. We had
The internet is a collection connected networks, at the heart of it lies BGP. as such, monitoring your BGP network is an important task to
As a certified digital hoarder, I’ve lost more files in my life than I can count. One day, after losing a particular file that contained
