Visualizing and Troubleshooting BGP Routing Ricardo Oliveira, CTO Nick Kephart, Director of Product Marketing
Jun 19, 2015
Visualizing and Troubleshooting BGP Routing
Ricardo Oliveira, CTO Nick Kephart, Director of Product
Marketing
1
• Radically simplify how organizations troubleshoot, monitor and analyze performance for modern networks
ThousandEyes Overview
• 15 in the Fortune 500, including 3 of top 5 firms • 4 of top 6 US financials; 6 of top 10 SaaS firms
Mission
Customers
• Founding team with network research background Company
Recognition
2
How BGP Works
AS 100 1.1.1.0/24
AS 300 3.3.3.4/22
AS 400 4.4.0.0/16
AS 200 2.2.2.0/24
Border Router
Origin Dest.
Autonomous System
Internal Router
BGP Routing Table: 4.4.0.0/16 300 400 3.3.3.4/22 300 2.2.2.0/24 300 400 200
BGP peers exchange routes, within and among
ASes
Each AS can use BGP attributes and filtering to
affect how preferable each route is
BGP is… • Defines
reachability between Autonomous Systems
• Defined by AS Path vector with incremental updates
• Applies policies to inter-networking
3
• Policy changes • Peering changes • Maintenance • Intentional handovers
(DDoS)
What Must Be Managed with BGP
• Local misconfigurations – Attribute confusion
• Upstream ISP issues – Flapping
• Equipment failures • Route hijacking and leaks – Others broadcasting your
prefixes – Or more specific prefixes
The Expected And Unexpected
4
• See inbound routing to your prefixes
Collecting BGP Data
• See outbound routing to key services and endpoints
Public Monitors Private Monitors
Your BGP speaker
ThousandEyes collector
5
Visualizing BGP Routing
Destination AS (Comcast)
Public vantage point
Upstream ISP (Level3)
Upstream ISP (NTT)
Github prefix
6
Visualizing BGP Routing: Route Changes
Withdrawn routes to Level3
7
Inside-Out Visibility: Private BGP Monitors
8
Scenario Test Type Threshold Prefix Hijacking BGP Origin ASN not in ___
Covered Prefix exists
Peering Changes, Route Flaps BGP Path Changes > 1 Reachability < 100%
DDoS Mitigation Activation BGP Origin ASN in ___ Prefix not in ___
Prepending Errors BGP Next Hop ASN not in ___
Tuning Your BGP Alerts
Demo
10
Set Up a BGP Test
Or create a BGP-only test
BGP included in Network, Web and
Voice tests
Select the prefix
Choose the monitors
Configure alerts
11
Set Up a Range of BGP Alerts
Alert on reachability, ASNs, prefixes and AS-Path changes
Make alerts contingent to reduce false positives
12
International Connectivity Issue
Packet loss spikes
SuccessFactors
But only from international locations
13
Issues with Tinet
Packet loss occurring in Tinet SuccessFactors
14
Prior to Issue: 5 Upstream Providers
Hosted in Internap
AboveNet
Tinet
Telia
Qwest
Cogent
Tokyo
London
Internap prefix
15
During the Issue: Tinet Rerouted via Cogent
Tinet
Cogent
Withdrawn Routes
Newly Advertised Routes
16
BGP Leak: Spotify Routes Leaked by Enzu
New /23 route leaked
Visible for almost 3 hours
Leaked by Enzu (AS18978)
Spotify (AS43650) Propagated at LAIX (AS40633
Seen by 5 monitors
17
BGP Prepending Error: Country Financial
Country Financial (AS10511)
Upstream Qwest (AS209)
Routes include AS15011, a
prepending error
18
BGP Hijack: Normal Routes to PayPal
PayPal / Akamai prefix
Akamai AS
Comcast upstream
19
BGP Hijack: Routes Advertised from Indosat
PayPal / Akamai prefix
Correct AS
Hijacked AS
Locations with completely hijacked routes
20
BGP Hijack: PCCW Has No Routes to PayPal
Only connected to Indosat
21
BGP Hijack: Causing All Traffic to Drop
Traffic transiting PCCW has no routes
It’s time to see the entire picture. It’s time to see the entire picture.