BGP Monitoring with Catchpoint: Finding and Fixing BGP Issues – FAST
BGP is effectively the postal service of the Internet. Without BGP, traffic doesn't move. So, when there's a configuration issue, or worse, malicious activity – the repercussions can be huge. That's why constant monitoring of BGP traffic is crucial. In this ten-minute video, Solutions Engineer Zach Henderson explains why BGP issues can damage your bottom line and then shows how to quickly detect, analyze and resolve them with Catchpoint's market-leading BGP Monitoring solution.
TRANSCRIPT
Zach Henderson, Solutions Engineer, Catchpoint:
Hi, my name is Zach Henderson, and I'm here to talk to you about how Catchpoint can help you find and fix your BGP issues fast. BGP is a rather important protocol as it can directly cost you money. If users can't reach you on the Internet and take a poor route to get to you, all of which BGP controls, you are losing revenue.
Ultimately this is a hard thing to optimize. It's hard to optimize how traffic travels around the globe through all the different networks of the Internet. And also, if your Internet traffic isn't going to the networks you designed, that's a massive security concern you need to know about and identify fast. The only way you can do this is to monitor and fix these BGP issues before they impact your revenue and security posture.
What BGP events should you look out for?
You want to look out for BGP hijacks, someone taking over your network. You want to look out for route flaps: where traffic is flip-flopping between different networks, causing connectivity and performance issues. And you also want to identify route leaks, where your network space is being advertised and leaked out to other networks around the globe where it shouldn't be. You also want to ensure that you have systems in place, like RPKI, security measures to help secure the BGP traffic and ensure it is properly set up and correctly used in that infrastructure to support your BGP security. You also want to ensure you're not relying on inadequate, misleading, or flawed BGP data.
How to view BGP issues in the Catchpoint portal
It really does depend on having the right data at the right time to fix BGP issues fast. So let's hop into the Catchpoint portal to see a quick demonstration of how Catchpoint helps you visualize and view various BGP issues. On the screen now, I have the Catchpoint BGP overview dashboard. This dashboard is built to help you understand your overall network reachability, your overall hijacks from global vantage points, the number of neighboring peers to your network, and the number of prefixes being announced and withdrawn at any given time from different neighboring peers on the globe.
Catchpoint's BGP overview dashboard features
This BGP overview dashboard is designed for you to see things at a glance. You'll see here we're looking at the RPKI status for any of the prefixes we're analyzing for your network. You can see the overall reachability as determined by Catchpoint's private BGP collectors, ripe and route views public collectors, as well as hijack counts, neighboring peer counts, and prefixes withdrawn – all at a glance and with the ability to view at a 10 minute, 15 minute, 1 hour, and 3-hour frequency.
A quick note regarding the Catchpoint data set: our private peer collectors update in real-time as opposed to the public data sources from RIPE or route views, which update in five or fifteen-minute increments.
How to see all of your BGP origins
A key thing here is that with large Internet networks, you may have one or multiple autonomous systems you want to see and analyze at any given point. The Catchpoint BGP overview dashboard allows you to see all of your origins, ones that you own or ones being hijacked, as determined by this red color here on our dashboard. And see at any given point all the different neighbors assigned to that origin. So whether you have specific networks or specific network carriers that you partner with, you'll be able to see at a glance the prefixes and networks out there that have a certain neighbor, a particular ISP carrier partner, and understand how many network peers across the Internet see that network and see if there are any changes in reachability or peer counts towards the individual provider.
Analyzing a hijack
This type of analytics highlights a very simple use case of a hijack. Here, a new network has been seen announcing prefixes that you've asked us to monitor. We can analyze this and say these two networks have captured a single prefix, and they're acting as a hijack. We can diagnose and see one hijack in this data set. Now, this can be visualized here in a very simple table, or we can quickly go down to a map view highlighting not only region-by-region reachability issues but also hijack counts to understand if a network peer in a particular market around the globe is hijacking your traffic. In this one example, we have multiple different peers from all of our global vantage points seeing that their network is announcing a prefix that doesn't belong to your origin, therefore, a hijack on a global scale.
How to drill down into specific views
These datasets allow you to drill down into a specific view per prefix with the different systems. So by highlighting and clicking any of these results, you can see BGP issues at a quick glance. You want to understand the full routing table as seen by all of the 500 Catchpoint collectors in this data set. In this one example, we're looking at the reachability percentage for a /24 and the Internet. We're also analyzing and understanding the origin of that network, the prefix we're looking at, the reachability, and also the announcements and withdrawal counts at any given time.
Now at the bottom here, we can zoom in on very specific time stamps to understand, at any given point, what type of announcement or withdrawal we're seeing from the BGP collectors that we have information from. We can very quickly highlight changes in network path where, perhaps for this /24, a certain peer on the Internet started to see a change in routes getting to this network here. Instead of going through ViewQwest through Hurricane, a new route was announced through Telex, through Singtel and then through Signet to reach the intended network. You can compare and contrast your network routes and performance at any given point across this timeframe.
Why is this useful?
This is useful because you'll be able to identify and see the AS paths graphically and visually to see how they're changing over time. You'll be able to go into different visuals of this information very quickly to understand, for example, for a certain network peer, what origin do they see for your traffic? What neighbor do they see? And how many announcements or withdrawals is that peer seeing for your network?
Download our white paper, The Comprehensive Guide to BGP to learn the fundamentals of BGP and smart ways to protect against BGP route leaks, flaps and hijacks.
BGP event analysis
One of the most powerful options when it comes to analyzing reachability and how BGP routes are learned on the Internet is going into Catchpoint’s BGP events. For any of the announcements or withdrawals that we see, we will give you the exact time stamp that it occurred, the prefix that we saw, the hop address of the BGP router seeing this address, the full AS path information seen by that router, as well as the full set of BGP community strings, which allow you to understand different carriers learned on this route. You'll be able to answer questions like, is this a regional route? Is this route being aggregated at certain points? Or is this a route picked up from certain parts of their network? You'll have all the key information you need to understand when trying to figure out how a route is being announced, propagated, and aggregated over the Internet.
Understanding the big picture
So when it comes to understanding hijacks, availability, and reachability concerns, this data set allows you to look at your network at a global scale from all the public providers that Catchpoint has a peering table from and very quickly isolate down to individual peers, individual time frames within those peers to see how they learned their routes, and how routes on the Internet get to your network.
This BGP information fully complements the Catchpoint synthetic network and web performance testing information. So you can correlate and compare any of this BGP telemetry to the actual performance of the networks of your infrastructure that are powering your web APIs and SaaS-based applications, for example.
Choosing the correct BGP Monitoring solution
After my brief demonstration of the Catchpoint BGP overview dashboard and BGP deep dive analytics, I want to make sure you understand this is something Catchpoint takes very seriously. We understand that for a complete BGP Monitoring system, you must have more data sources, more networks and more real time visibility. BGP hijacks and BGP reachability events can happen in an instant. And if you don't know about them, you may be left wondering how your traffic is being handed out on the Internet.
And finally, you also need to make sure this is a service independent of your networks and your infrastructure, and that it's built by experts and for experts. BGP data has to be actionable, it has to be timely, and it has to be understood in a way that you don't spend time trying to figure out what's going on. You simply use the platform to generate the active alerts and alarms, so you know whether you're reachable, if your traffic is being hijacked, or if you're having any issues with your public BGP routes on the Internet.
I hope you enjoyed this walkthrough of how to find and fix BGP issues fast with Catchpoint. Thank you for your time.
Detect complex BGP problems at a glance
When it comes to BGP, Catchpoint has unrivaled coverage and unique functionality, allowing you to detect complex problems at a glance.