community real-time BGP hijack notification service

Pekka Savola pekkas at netcore.fi
Sun Sep 14 15:55:46 UTC 2008


On Sun, 14 Sep 2008, Hank Nussbacher wrote:
> I have used IAR, PHAS and MyASN and I can say I would not recommend myASN. 
> It is a cumbersome system and very non-intuitive.  It is based on an 
> ASN-centric model, whereby each ASN is in its own realm.  So if you manage 
> *one* ASN, perhaps this system might work for you.  But if you have about 10 
> ASNs you want to manage, in one central spot, you are out of luck here. 
> Also, you would expect the system to "auto-learn" what prefixes exist under 
> your ASN and then you would have perhaps check boxes to disable or enable 
> monitoring for specific prefixes.  With myASN you have to manually type in 
> each and every prefix you have.  The same holds true for the newer 
> http://ripe.net/is/alarms/.  They also differentiate between origin and 
> transit ASN.  Their summary view doesn't show which prefixes are being 
> monitored.  No help or FAQ available yet on the beta alarms system.

I think I'll need to chime in here, being a user of myASN.  I have not 
tested other systems.  To me it seems to work OK.  Manual typing etc. 
is minimized because you can export and import XML; this is the way I 
entered our prefix information in the database (though if the prefixes 
change often, maybe updates would be a chore).  The database itself 
AFAIR does not have any restriction on what it's monitoring when you 
use the advanced interface -- you can insert any AS-path regexes you 
want, and that way we're managing prefixes from some ~5-10 ASNs. 
AFAICS, the ASN in login form is only used for identification purposes 
and in some shortcuts in the basic interface.

I agree that to kickstart monitoring, an auto-learning feature could 
be used.  And that documentation is somewhat sparse :-).

I've gotten a couple of alarms which may or may have been bogus.  One 
academic site was purpotedly advertising one of our prefixes duing one 
day for a couple of 1-2 hour periods.  Upon asking they said they had 
not done anything special, and said that their upstreams wouldn't 
accept that kind of prefix from them anyway.  Not sure if that was 
true, but I didn't purse this further.

-- 
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings




More information about the NANOG mailing list