mirror/nttgin-BGPalerter
1
0
Fork 0
mirror of https://github.com/nttgin/BGPalerter.git synced 2024-05-19 06:50:08 +00:00
Code Issues Releases Wiki Activity

feature renamed

Browse Source
This commit is contained in:
Massimo Candela
2021-05-05 21:32:56 +02:00
parent cf480f9906
commit 70cd97a7e4
11 changed files with 31 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@@ -11,7 +11,7 @@ Self-configuring BGP monitoring tool, which allows you to monitor in **real-time
* ROAs covering your prefixes are no longer reachable (e.g., TA malfunction); * ROAs covering your prefixes are no longer reachable (e.g., TA malfunction);
* a ROA involving any of your prefixes or ASes was deleted/added/edited; * a ROA involving any of your prefixes or ASes was deleted/added/edited;
* your AS is announcing a new prefix that was never announced before; * your AS is announcing a new prefix that was never announced before;
* an unexpected upstream (left-side) AS appears in an AS path (possible path poisoning); * an unexpected upstream (left-side) AS appears in an AS path;
* an unexpected downstream (right-side) AS appears in an AS path; * an unexpected downstream (right-side) AS appears in an AS path;
* one of the AS paths used to reach your prefix matches a specific condition defined by you. * one of the AS paths used to reach your prefix matches a specific condition defined by you.
@@ -55,7 +55,7 @@ Read the documentation below for more options.
- [Composition](docs/configuration.md#composition) - [Composition](docs/configuration.md#composition)
- [Monitor for](docs/configuration.md#monitors) - [Monitor for](docs/configuration.md#monitors)
- [Hijacks](docs/configuration.md#monitorhijack) - [Hijacks](docs/configuration.md#monitorhijack)
- [Path poisoning](docs/path-poisoning.md) - [Path neighbors](docs/path-neighbors.md)
- [Visibility loss](docs/configuration.md#monitorvisibility) - [Visibility loss](docs/configuration.md#monitorvisibility)
- [RPKI invalid announcements](docs/configuration.md#monitorrpki) - [RPKI invalid announcements](docs/configuration.md#monitorrpki)
- [RPKI ROAs diffs](docs/configuration.md#monitorroas) - [RPKI ROAs diffs](docs/configuration.md#monitorroas)

4
config.yml.example
View File

@@ -54,9 +54,9 @@ monitors:
channel: rpki channel: rpki
name: rpki-diff name: rpki-diff
- file: monitorPathPoisoning - file: monitorPathNeighbors
channel: hijack channel: hijack
name: path-poisoning name: path-neighbors
params: params:
thresholdMinPeers: 3 thresholdMinPeers: 3

6
docs/configuration.md
View File

@@ -355,11 +355,11 @@ Example of alerts:
> ROAs change detected: removed <1.2.3.4/24, 1234, 25, apnic> > ROAs change detected: removed <1.2.3.4/24, 1234, 25, apnic>
#### monitorPathPoisoning #### monitorPathNeighbors
The component `monitorPathPoisoning` allows to monitor for unexpected neighbor ASes in AS paths. The list of neighbors can be specified in `prefixes.yml` inside the `monitorASns` sections. The component `monitorPathNeighbors` allows to monitor for unexpected neighbor ASes in AS paths. The list of neighbors can be specified in `prefixes.yml` inside the `monitorASns` sections.
Refer to the [documentation for this monitor](path-poisoning.md). Refer to the [documentation for this monitor](path-neighbors.md).
### Reports ### Reports

6
docs/path-poisoning.md → docs/path-neighbors.md
View File

@@ -1,6 +1,6 @@
# Path poisoning / upstream and downstream AS monitoring # Upstream and downstream AS monitoring
The component `monitorPathPoisoning` allows to monitor for unexpected neighbor ASes in AS paths. The list of neighbors can be specified in `prefixes.yml` inside the `monitorASns` sections. The component `monitorPathNeighbors` allows to monitor for unexpected neighbor ASes in AS paths. The list of neighbors can be specified in `prefixes.yml` inside the `monitorASns` sections.
> For example, imagine AS100 has two upstreams, AS99 and AS98, and one downstream, AS101. You can express the following rule in 'prefixes.yml' > For example, imagine AS100 has two upstreams, AS99 and AS98, and one downstream, AS101. You can express the following rule in 'prefixes.yml'
> >
@@ -27,7 +27,7 @@ According to the above configuration,
* the AS path [10, 20, 99, 100, 104] will generate an alert since AS104 is not a downstream of AS100; * the AS path [10, 20, 99, 100, 104] will generate an alert since AS104 is not a downstream of AS100;
* the AS path [100, 104] will generate an alert since AS104 is not a downstream of AS100. * the AS path [100, 104] will generate an alert since AS104 is not a downstream of AS100.
You can disable the monitoring by removing the upstreams and downstreams lists or by commenting the `monitorPathPoisoning` block in `config.yml`. You can disable the monitoring by removing the upstreams and downstreams lists or by commenting the `monitorPathNeighbors` block in `config.yml`.
If you delete only one of the upstreams and downstreams lists, the monitoring will continue on the remaining one. If you delete only one of the upstreams and downstreams lists, the monitoring will continue on the remaining one.

4
docs/prefixes.md
View File

@@ -27,8 +27,8 @@ Below the list of possible parameters. **Remember to prepend them with a `--` in
| -D | Enable debug mode. All queries executed in background will be shown. | Nothing | | No | | -D | Enable debug mode. All queries executed in background will be shown. | Nothing | | No |
| -H | Use historical visibility data for generating prefix list (prefixes visible in the last week). Useful in case the prefix generation process returns an empty dataset. | Nothing | | No | | -H | Use historical visibility data for generating prefix list (prefixes visible in the last week). Useful in case the prefix generation process returns an empty dataset. | Nothing | | No |
| -g | The name of the user group that will be assigned to all the generated rules. See [here](usergroups.md). | A string | noc | No | | -g | The name of the user group that will be assigned to all the generated rules. See [here](usergroups.md). | A string | noc | No |
| -u | Calculate all upstream ASes and enable path poisoning monitoring. See [here](path-poisoning.md). | Nothing | | No | | -u | Calculate all upstream ASes and enable detection of new left-side ASes. See [here](path-neighbors.md). | Nothing | | No |
| -n | Calculate all downstream ASes and enable detection of new customer ASes. See [here](path-poisoning.md). | Nothing | | No | | -n | Calculate all downstream ASes and enable detection of new right-side ASes. See [here](path-neighbors.md). | Nothing | | No |
## <a name="prefixes-fields"></a>Prefixes list fields ## <a name="prefixes-fields"></a>Prefixes list fields

4
index.js
View File

@@ -116,11 +116,11 @@ const params = yargs
.alias('u', 'upstreams') .alias('u', 'upstreams')
.nargs('u', 0) .nargs('u', 0)
.describe('u', 'Detect a list of allowed upstream ASes, useful to monitor for path poisoning.') .describe('u', 'Detect a list of allowed upstream ASes and enable detection of new left-side ASes')
.alias('n', 'downstreams') .alias('n', 'downstreams')
.nargs('n', 0) .nargs('n', 0)
.describe('n', 'Detect a list of allowed downstream ASes, useful to monitor for path poisoning.') .describe('n', 'Detect a list of allowed downstream ASes and enable detection of new right-side ASes.')
.demandOption(['o']); .demandOption(['o']);
}) })

4
src/config/config.js
View File

@@ -80,9 +80,9 @@ export default class Config {
params: {} params: {}
}, },
{ {
file: "monitorPathPoisoning", file: "monitorPathNeighbors",
channel: "hijack", channel: "hijack",
name: "path-poisoning", name: "path-neighbors",
params: { params: {
thresholdMinPeers: 3 thresholdMinPeers: 3
} }

2
src/connectors/connectorTest.js
View File

@@ -446,7 +446,7 @@ export default class ConnectorTest extends Connector {
]; ];
break; break;
case "path-poisoning": case "path-neighbors":
updates = [ updates = [
{ {
data: { data: {

2
src/monitors/monitorPathPoisoning.js → src/monitors/monitorPathNeighbors.js
View File

@@ -32,7 +32,7 @@
import Monitor from "./monitor"; import Monitor from "./monitor";
export default class MonitorPathPoisoning extends Monitor { export default class MonitorPathNeighbors extends Monitor {
constructor(name, channel, params, env, input){ constructor(name, channel, params, env, input){
super(name, channel, params, env, input); super(name, channel, params, env, input);

20
tests/neighbor_tests/2_alerting_neighbor.js
View File

@@ -57,13 +57,13 @@ const pubSub = worker.pubSub;
describe("Alerting", function () { describe("Alerting", function () {
it("path-poisoning monitoring reporting", function (done) { it("path-neighbors monitoring reporting", function (done) {
const expectedData = { const expectedData = {
"101-30": { "101-30": {
"id": "101-30", "id": "101-30",
"truncated": false, "truncated": false,
"origin": "path-poisoning", "origin": "path-neighbors",
"affected": 101, "affected": 101,
"message": "A new upstream of AS101 has been detected: AS30", "message": "A new upstream of AS101 has been detected: AS30",
"data": [{ "data": [{
@@ -93,7 +93,7 @@ describe("Alerting", function () {
"80-100": { "80-100": {
"id": "80-100", "id": "80-100",
"truncated": false, "truncated": false,
"origin": "path-poisoning", "origin": "path-neighbors",
"affected": 80, "affected": 80,
"message": "A new downstream of AS80 has been detected: AS100", "message": "A new downstream of AS80 has been detected: AS100",
"data": [{ "data": [{
@@ -122,7 +122,7 @@ describe("Alerting", function () {
"101-106": { "101-106": {
"id": "101-106", "id": "101-106",
"truncated": false, "truncated": false,
"origin": "path-poisoning", "origin": "path-neighbors",
"affected": 101, "affected": 101,
"message": "A new downstream of AS101 has been detected: AS106", "message": "A new downstream of AS101 has been detected: AS106",
"data": [{ "data": [{
@@ -149,10 +149,10 @@ describe("Alerting", function () {
} }
}; };
let pathPoisoningTestcompleted = false; let pathNeighborsTestcompleted = false;
pubSub.subscribe("path-poisoning", (message, type) => { pubSub.subscribe("path-neighbors", (message, type) => {
if (!pathPoisoningTestcompleted) { if (!pathNeighborsTestcompleted) {
try { try {
message = JSON.parse(JSON.stringify(message)); message = JSON.parse(JSON.stringify(message));
const id = message.id; const id = message.id;
@@ -169,17 +169,17 @@ describe("Alerting", function () {
delete expectedData[id]; delete expectedData[id];
if (Object.keys(expectedData).length === 0) { if (Object.keys(expectedData).length === 0) {
setTimeout(() => { setTimeout(() => {
pathPoisoningTestcompleted = true; pathNeighborsTestcompleted = true;
done(); done();
}, 5000); }, 5000);
} }
} catch (error) { } catch (error) {
pathPoisoningTestcompleted = true; pathNeighborsTestcompleted = true;
done(error); done(error);
} }
} }
}); });
pubSub.publish("test-type", "path-poisoning"); pubSub.publish("test-type", "path-neighbors");
}).timeout(asyncTimeout); }).timeout(asyncTimeout);

6
tests/neighbor_tests/config.test.yml
View File

@@ -48,9 +48,9 @@ monitors:
channel: rpki channel: rpki
name: rpki-monitor name: rpki-monitor
- file: monitorPathPoisoning - file: monitorPathNeighbors
channel: path-poisoning channel: path-neighbors
name: path-poisoning name: path-neighbors
params: params:
thresholdMinPeers: 0 thresholdMinPeers: 0