diff --git a/README.md b/README.md index 7e8cf50..e32d876 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ Self-configuring BGP monitoring tool, which allows you to monitor in **real-time * ROAs covering your prefixes are no longer reachable (e.g., TA malfunction); * a ROA involving any of your prefixes or ASes was deleted/added/edited; * your AS is announcing a new prefix that was never announced before; -* an unexpected upstream (left-side) AS appears in an AS path (possible path poisoning); +* an unexpected upstream (left-side) AS appears in an AS path; * an unexpected downstream (right-side) AS appears in an AS path; * one of the AS paths used to reach your prefix matches a specific condition defined by you. @@ -55,7 +55,7 @@ Read the documentation below for more options. - [Composition](docs/configuration.md#composition) - [Monitor for](docs/configuration.md#monitors) - [Hijacks](docs/configuration.md#monitorhijack) - - [Path poisoning](docs/path-poisoning.md) + - [Path neighbors](docs/path-neighbors.md) - [Visibility loss](docs/configuration.md#monitorvisibility) - [RPKI invalid announcements](docs/configuration.md#monitorrpki) - [RPKI ROAs diffs](docs/configuration.md#monitorroas) diff --git a/config.yml.example b/config.yml.example index 21ac3a5..e9050d1 100644 --- a/config.yml.example +++ b/config.yml.example @@ -54,9 +54,9 @@ monitors: channel: rpki name: rpki-diff - - file: monitorPathPoisoning + - file: monitorPathNeighbors channel: hijack - name: path-poisoning + name: path-neighbors params: thresholdMinPeers: 3 diff --git a/docs/configuration.md b/docs/configuration.md index 698bfe6..7cb6958 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -355,11 +355,11 @@ Example of alerts: > ROAs change detected: removed <1.2.3.4/24, 1234, 25, apnic> -#### monitorPathPoisoning +#### monitorPathNeighbors -The component `monitorPathPoisoning` allows to monitor for unexpected neighbor ASes in AS paths. The list of neighbors can be specified in `prefixes.yml` inside the `monitorASns` sections. +The component `monitorPathNeighbors` allows to monitor for unexpected neighbor ASes in AS paths. The list of neighbors can be specified in `prefixes.yml` inside the `monitorASns` sections. -Refer to the [documentation for this monitor](path-poisoning.md). +Refer to the [documentation for this monitor](path-neighbors.md). ### Reports diff --git a/docs/path-poisoning.md b/docs/path-neighbors.md similarity index 93% rename from docs/path-poisoning.md rename to docs/path-neighbors.md index c97a5fa..27bea68 100644 --- a/docs/path-poisoning.md +++ b/docs/path-neighbors.md @@ -1,6 +1,6 @@ -# Path poisoning / upstream and downstream AS monitoring +# Upstream and downstream AS monitoring -The component `monitorPathPoisoning` allows to monitor for unexpected neighbor ASes in AS paths. The list of neighbors can be specified in `prefixes.yml` inside the `monitorASns` sections. +The component `monitorPathNeighbors` allows to monitor for unexpected neighbor ASes in AS paths. The list of neighbors can be specified in `prefixes.yml` inside the `monitorASns` sections. > For example, imagine AS100 has two upstreams, AS99 and AS98, and one downstream, AS101. You can express the following rule in 'prefixes.yml' > @@ -27,7 +27,7 @@ According to the above configuration, * the AS path [10, 20, 99, 100, 104] will generate an alert since AS104 is not a downstream of AS100; * the AS path [100, 104] will generate an alert since AS104 is not a downstream of AS100. -You can disable the monitoring by removing the upstreams and downstreams lists or by commenting the `monitorPathPoisoning` block in `config.yml`. +You can disable the monitoring by removing the upstreams and downstreams lists or by commenting the `monitorPathNeighbors` block in `config.yml`. If you delete only one of the upstreams and downstreams lists, the monitoring will continue on the remaining one. diff --git a/docs/prefixes.md b/docs/prefixes.md index d2d89ab..0ec3f47 100644 --- a/docs/prefixes.md +++ b/docs/prefixes.md @@ -27,8 +27,8 @@ Below the list of possible parameters. **Remember to prepend them with a `--` in | -D | Enable debug mode. All queries executed in background will be shown. | Nothing | | No | | -H | Use historical visibility data for generating prefix list (prefixes visible in the last week). Useful in case the prefix generation process returns an empty dataset. | Nothing | | No | | -g | The name of the user group that will be assigned to all the generated rules. See [here](usergroups.md). | A string | noc | No | -| -u | Calculate all upstream ASes and enable path poisoning monitoring. See [here](path-poisoning.md). | Nothing | | No | -| -n | Calculate all downstream ASes and enable detection of new customer ASes. See [here](path-poisoning.md). | Nothing | | No | +| -u | Calculate all upstream ASes and enable detection of new left-side ASes. See [here](path-neighbors.md). | Nothing | | No | +| -n | Calculate all downstream ASes and enable detection of new right-side ASes. See [here](path-neighbors.md). | Nothing | | No | ## Prefixes list fields diff --git a/index.js b/index.js index 56c8415..fe3a625 100644 --- a/index.js +++ b/index.js @@ -116,11 +116,11 @@ const params = yargs .alias('u', 'upstreams') .nargs('u', 0) - .describe('u', 'Detect a list of allowed upstream ASes, useful to monitor for path poisoning.') + .describe('u', 'Detect a list of allowed upstream ASes and enable detection of new left-side ASes') .alias('n', 'downstreams') .nargs('n', 0) - .describe('n', 'Detect a list of allowed downstream ASes, useful to monitor for path poisoning.') + .describe('n', 'Detect a list of allowed downstream ASes and enable detection of new right-side ASes.') .demandOption(['o']); }) diff --git a/src/config/config.js b/src/config/config.js index 9fb53b8..9e875ad 100644 --- a/src/config/config.js +++ b/src/config/config.js @@ -80,9 +80,9 @@ export default class Config { params: {} }, { - file: "monitorPathPoisoning", + file: "monitorPathNeighbors", channel: "hijack", - name: "path-poisoning", + name: "path-neighbors", params: { thresholdMinPeers: 3 } diff --git a/src/connectors/connectorTest.js b/src/connectors/connectorTest.js index 817c4b3..7282260 100644 --- a/src/connectors/connectorTest.js +++ b/src/connectors/connectorTest.js @@ -446,7 +446,7 @@ export default class ConnectorTest extends Connector { ]; break; - case "path-poisoning": + case "path-neighbors": updates = [ { data: { diff --git a/src/monitors/monitorPathPoisoning.js b/src/monitors/monitorPathNeighbors.js similarity index 96% rename from src/monitors/monitorPathPoisoning.js rename to src/monitors/monitorPathNeighbors.js index 8fbc8be..1d6734e 100644 --- a/src/monitors/monitorPathPoisoning.js +++ b/src/monitors/monitorPathNeighbors.js @@ -32,7 +32,7 @@ import Monitor from "./monitor"; -export default class MonitorPathPoisoning extends Monitor { +export default class MonitorPathNeighbors extends Monitor { constructor(name, channel, params, env, input){ super(name, channel, params, env, input); diff --git a/tests/neighbor_tests/2_alerting_neighbor.js b/tests/neighbor_tests/2_alerting_neighbor.js index 52d76ec..9e5824e 100644 --- a/tests/neighbor_tests/2_alerting_neighbor.js +++ b/tests/neighbor_tests/2_alerting_neighbor.js @@ -57,13 +57,13 @@ const pubSub = worker.pubSub; describe("Alerting", function () { - it("path-poisoning monitoring reporting", function (done) { + it("path-neighbors monitoring reporting", function (done) { const expectedData = { "101-30": { "id": "101-30", "truncated": false, - "origin": "path-poisoning", + "origin": "path-neighbors", "affected": 101, "message": "A new upstream of AS101 has been detected: AS30", "data": [{ @@ -93,7 +93,7 @@ describe("Alerting", function () { "80-100": { "id": "80-100", "truncated": false, - "origin": "path-poisoning", + "origin": "path-neighbors", "affected": 80, "message": "A new downstream of AS80 has been detected: AS100", "data": [{ @@ -122,7 +122,7 @@ describe("Alerting", function () { "101-106": { "id": "101-106", "truncated": false, - "origin": "path-poisoning", + "origin": "path-neighbors", "affected": 101, "message": "A new downstream of AS101 has been detected: AS106", "data": [{ @@ -149,10 +149,10 @@ describe("Alerting", function () { } }; - let pathPoisoningTestcompleted = false; - pubSub.subscribe("path-poisoning", (message, type) => { + let pathNeighborsTestcompleted = false; + pubSub.subscribe("path-neighbors", (message, type) => { - if (!pathPoisoningTestcompleted) { + if (!pathNeighborsTestcompleted) { try { message = JSON.parse(JSON.stringify(message)); const id = message.id; @@ -169,17 +169,17 @@ describe("Alerting", function () { delete expectedData[id]; if (Object.keys(expectedData).length === 0) { setTimeout(() => { - pathPoisoningTestcompleted = true; + pathNeighborsTestcompleted = true; done(); }, 5000); } } catch (error) { - pathPoisoningTestcompleted = true; + pathNeighborsTestcompleted = true; done(error); } } }); - pubSub.publish("test-type", "path-poisoning"); + pubSub.publish("test-type", "path-neighbors"); }).timeout(asyncTimeout); diff --git a/tests/neighbor_tests/config.test.yml b/tests/neighbor_tests/config.test.yml index 17f2c08..2e91910 100644 --- a/tests/neighbor_tests/config.test.yml +++ b/tests/neighbor_tests/config.test.yml @@ -48,9 +48,9 @@ monitors: channel: rpki name: rpki-monitor - - file: monitorPathPoisoning - channel: path-poisoning - name: path-poisoning + - file: monitorPathNeighbors + channel: path-neighbors + name: path-neighbors params: thresholdMinPeers: 0