Visualizing and Troubleshooting BGP Routing

Ricardo Oliveira, CTO Nick Kephart, Director of Product

Marketing

1

•  Radically simplify how organizations troubleshoot, monitor and analyze performance for modern networks

ThousandEyes Overview

•  15 in the Fortune 500, including 3 of top 5 firms •  4 of top 6 US financials; 6 of top 10 SaaS firms

Mission

Customers

•  Founding team with network research background Company

Recognition

2

How BGP Works

AS 100 1.1.1.0/24

AS 300 3.3.3.4/22

AS 400 4.4.0.0/16

AS 200 2.2.2.0/24

Border Router

Origin Dest.

Autonomous System

Internal Router

BGP Routing Table: 4.4.0.0/16 300 400 3.3.3.4/22 300 2.2.2.0/24 300 400 200

BGP peers exchange routes, within and among

ASes

Each AS can use BGP attributes and filtering to

affect how preferable each route is

BGP is… •  Defines

reachability between Autonomous Systems

•  Defined by AS Path vector with incremental updates

•  Applies policies to inter-networking

3

•  Policy changes •  Peering changes •  Maintenance •  Intentional handovers

(DDoS)

What Must Be Managed with BGP

•  Local misconfigurations –  Attribute confusion

•  Upstream ISP issues –  Flapping

•  Equipment failures •  Route hijacking and leaks –  Others broadcasting your

prefixes –  Or more specific prefixes

The Expected And Unexpected

4

•  See inbound routing to your prefixes

Collecting BGP Data

•  See outbound routing to key services and endpoints

Public Monitors Private Monitors

Your BGP speaker

ThousandEyes collector

5

Visualizing BGP Routing

Destination AS (Comcast)

Public vantage point

Upstream ISP (Level3)

Upstream ISP (NTT)

Github prefix

6

Visualizing BGP Routing: Route Changes

Withdrawn routes to Level3

7

Inside-Out Visibility: Private BGP Monitors

8

Scenario Test Type Threshold Prefix Hijacking BGP Origin ASN not in ___

Covered Prefix exists

Peering Changes, Route Flaps BGP Path Changes > 1 Reachability < 100%

DDoS Mitigation Activation BGP Origin ASN in ___ Prefix not in ___

Prepending Errors BGP Next Hop ASN not in ___

Tuning Your BGP Alerts

Demo

10

Set Up a BGP Test

Or create a BGP-only test

BGP included in Network, Web and

Voice tests

Select the prefix

Choose the monitors

Configure alerts

11

Set Up a Range of BGP Alerts

Alert on reachability, ASNs, prefixes and AS-Path changes

Make alerts contingent to reduce false positives

12

International Connectivity Issue

Packet loss spikes

SuccessFactors

But only from international locations

13

Issues with Tinet

Packet loss occurring in Tinet SuccessFactors

14

Prior to Issue: 5 Upstream Providers

Hosted in Internap

AboveNet

Tinet

Telia

Qwest

Cogent

Tokyo

London

Internap prefix

15

During the Issue: Tinet Rerouted via Cogent

Tinet

Cogent

Withdrawn Routes

Newly Advertised Routes

16

BGP Leak: Spotify Routes Leaked by Enzu

New /23 route leaked

Visible for almost 3 hours

Leaked by Enzu (AS18978)

Spotify (AS43650) Propagated at LAIX (AS40633

Seen by 5 monitors

17

BGP Prepending Error: Country Financial

Country Financial (AS10511)

Upstream Qwest (AS209)

Routes include AS15011, a

prepending error

18

BGP Hijack: Normal Routes to PayPal

PayPal / Akamai prefix

Akamai AS

Comcast upstream

19

BGP Hijack: Routes Advertised from Indosat

PayPal / Akamai prefix

Correct AS

Hijacked AS

Locations with completely hijacked routes

20

BGP Hijack: PCCW Has No Routes to PayPal

Only connected to Indosat

21

BGP Hijack: Causing All Traffic to Drop

Traffic transiting PCCW has no routes

It’s time to see the entire picture. It’s time to see the entire picture.