Route table prefix monitoring
Fouant, Stefan
Stefan.Fouant at neustar.biz
Fri Sep 4 21:30:52 UTC 2009
> -----Original Message-----
> From: Christopher Morrow [mailto:morrowc.lists at gmail.com]
> Sent: Friday, September 04, 2009 5:07 PM
> To: Paul Ferguson
> Cc: nanog at nanog.org
> Subject: Re: Route table prefix monitoring
>
> On Fri, Sep 4, 2009 at 4:59 PM, Paul Ferguson<fergdawgster at gmail.com>
> wrote:
>
> > On Fri, Sep 4, 2009 at 1:48 PM, Matthew Walster<matthew at walster.org>
> wrote:
> >
> >> 2009/9/4 Olsen, Jason <jolsen at devry.com>:
> >>> Are there any tools
> >>> that people are using to track when/what prefixes are
> added/withdrawn
> >>> from their routing tables,
> >>
> >> Could you use something like BGPMon?
> >>
> >> http://bgpmon.com/
> >>
> >
> > There's also:
> >
> > MyASN:
> > http://www.ripe.net/info/faq/projects/myasn.html
> >
> > PHAS:
> > http://phas.netsec.colostate.edu/stat.html
>
> I think the OP wanted something for 'internal route monitoring' ...
> since he's from DeVry I suspect it's to monitor things on DeVry's
> internal WAN which probably don't show in the global table.
>
> That said, you COULD have rancid (or abuse rancid) pull rib-dumps each
> 'period' and index those into something that alerted on large diff's
> (or alerted if some critical bits were missing). Or have a quagga box
> peer with some number of internal devices, log update messages, alert
> on withdrawal of critical bits.
>
> -chris
> (I don't know of any COTS tools that do this, sorry)
Tools such as Arbor Peakflow SP have a lot of cool traffic and routing analysis bits for internal monitoring of this sort, but it might be a bit out of your price range. Having said that, I second Chris's approach above utilizing some quagga box/low-end router (make sure you have enough memory!) and simply reflect routes from your production routers in conjunction with update message logging.
If you're looking for tools that perform analysis from an exterior point-of-view, there is also BGPlay which has some cool widgetry to see particular prefixes within a user-specific time interval. Again it's using the operators route-servers so might not be of much value to you
http://bgplay.routeviews.org/bgplay/
Stefan Fouant
Neustar, Inc. / Principal Engineer
46000 Center Oak Plaza Sterling, VA 20166
Office: +1.571.434.5656 ▫ Mobile: +1.202.210.2075 ▫ GPG ID: 0xB5E3803D ▫ stefan.fouant at neustar.biz
More information about the NANOG
mailing list