Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

BGPalerter: BGP prefix monitoring

91 vues

Publié le

BGPalerter: BGP prefix monitoring

Publié dans : Internet
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

BGPalerter: BGP prefix monitoring

  1. 1. BGPalerter Md. Zobair Khan MANRS Fellow (Training) kzobair@gmail.com Anirban Datta MANRS Ambassador (Training) engr.anirban@gmail.com
  2. 2. About BGPalerter is a self-configuring BGP prefix monitoring tool, which allows you to monitor in real-time if: • any of your prefixes loses visibility; • any of your prefixes is hijacked; • your AS is announcing RPKI invalid prefixes (e.g. not matching prefix length); • your AS is announcing prefixes not covered by a ROAs; • your AS is announcing a new prefix that was never announced before; • one of the AS path used to reach your prefix matches a specific condition defined by you. You just run it. You don't need to provide any data source or connect it to anything in your network since it connects to public repos. https://github.com/nttgin/BGPalerter
  3. 3. Composition 3 main components: connectors, monitors, and reports. Connectors retrieve/listen to the data from different sources and transform them to a common format. Monitors analyze the data flow and produce alerts. Different monitors try to detect different issues. Reports send/store the alerts, e.g. by email or to a file. Reports can also provide the data triggering such alerts. https://github.com/nttgin/BGPalerter
  4. 4. Installation Download the binary: wget https://github.com/nttgin/BGPalerter/releases/latest/download/bgpalerter-linux-x64 Download config.yml.example as config.yml (in the same directory of the binary) Make the binary executable (e.g. chmod +x bgpalerter-linux-x64) Auto-configure it: ./bgpalerter-linux-x64 generate -a _YOUR_ASN_ -o prefixes.yml -i -m Run it: ./bgpalerter-linux-x64 & to leave it running after you close the terminal https://github.com/nttgin/BGPalerter
  5. 5. Configuration For any kind of configuration, config.yml file is used. Basically nothing much to configure apart from reporting method. You can get notified by BGPalerter in case of any monitoring channel matches by various platform. You will get the notification logs at /logs/ Reporting platforms available now are : File, E-mail, Slack, Kafka, Syslog, Alerta dashboard, Webex, HTTP URL, Telegram, Mattermost, Pushover I will show Mail and Telegram configuration. https://github.com/nttgin/BGPalerter
  6. 6. Configuration Notification interval time is 14400 seconds by default. Considering BGP hold time, I’ve configured it to 600 seconds. For Mail reporting: - file: reportEmail channels: - hijack - newprefix - visibility - path - misconfiguration - rpki params: showPaths: 5 # Amount of AS_PATHs to report in the alert senderEmail: zzzzzzzzz@something.net smtp: host: HOST port: 25 ignoreTLS: true auth: user: USERNAME pass: PASSWORD type: login notifiedEmails: default: - reciepiant@something.net
  7. 7. Configuration For Telegram reporting: - file: reportTelegram channels: - hijack - newprefix - visibility - path - misconfiguration - rpki params: showPaths: 5 # Amount of AS_PATHs to report in the alert botUrl: https://api.telegram.org/bot13xxxxxxxxxxxxxxx:xxxxxxxxxxxxxxxxxxx8w/sendMessage chatIds: default: -40xxxxxxxxxxx7 For Telegram configuration, you will need HTTP API Token of your Telegram Bot and the Chat ID of the user or group where you want to send the notification. Next few slides will show how to get these.
  8. 8. Configuration Add ‘BotFather’ to your Telegram Account Go for /newbot and complete the configuration
  9. 9. Configuration Upon successful configuration You will get the Bot HTTP API Token
  10. 10. Configuration To activate your newly created Bot you need to use another Bot Named ‘Livegram Bot’. Add your newly created Bot in Livegram to activate it.
  11. 11. Configuration Upon successful completion, You will see the greeting Message.
  12. 12. Configuration To get the Chat ID, you need to use another Bot named ‘IDBot’. Use /getid from individual account Or /getgroupid from group account To get the chat id for individual or Groups.
  13. 13. Reporting
  14. 14. Reporting
  15. 15. Reporting
  16. 16. Reporting
  17. 17. Monitoring In config.yml file, configure the monitoring process. This API can be used for monitoring the uptime of BGPalerter. You can use UPTIMEROBOT like free services for monitoring. You can get the API response at http://[SERVER_IP]:8011/status processMonitors: - file: uptimeApi params: useStatusCodes: true host: localhost port: 8011 #allow port 8011 in your iptable/firewall
  18. 18. Monitoring
  19. 19. Monitoring
  20. 20. Monitoring
  21. 21. Thanks … Learn More and Join MANRS :