mirror/nttgin-BGPalerter
1
0
Fork 0
mirror of https://github.com/nttgin/BGPalerter.git synced 2024-05-19 06:50:08 +00:00
Code Issues Releases Wiki Activity

monitorRPKI documentation

Browse Source
This commit is contained in:
Massimo Candela
2020-04-28 18:53:38 +02:00
parent 269d513bea
commit c214189312
1 changed files with 43 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

45
docs/configuration.md
View File

@@ -222,8 +222,11 @@ Parameters for this monitor module:
#### monitorAS #### monitorAS
This monitor will listen for all announcements produced by the monitored Autonomous Systems and will detect when a prefix, which is not in the monitored prefixes list, is announced. This monitor will listen for all announcements produced by the monitored Autonomous Systems and for all the announcements
This is useful if you want to be alerted in case your AS starts announcing something you didn't intend to announce (e.g. misconfiguration, typo). involving any of the monitored prefixes (independently from who is announcing them) and it will trigger an alert if any of the announcements is RPKI invalid or not covered by ROAs (optional).
This monitor is particularly useful while you are deploying RPKI since it will let you know if any of your announcements are
invalid, and after RPKI deployment, in order to be sure that all future BGP configuration will be covered by ROAs.
> Example: > Example:
@@ -256,6 +259,44 @@ Parameters for this monitor module:
|thresholdMinPeers| Minimum number of peers that need to see the BGP update before to trigger an alert. | |thresholdMinPeers| Minimum number of peers that need to see the BGP update before to trigger an alert. |
|maxDataSamples| Maximum number of collected BGP messages for each alert which doesn't reach yet the `thresholdMinPeers`. Default to 1000. As soon as the `thresholdMinPeers` is reached, the collected BGP messages are flushed, independently from the value of `maxDataSamples`.| |maxDataSamples| Maximum number of collected BGP messages for each alert which doesn't reach yet the `thresholdMinPeers`. Default to 1000. As soon as the `thresholdMinPeers` is reached, the collected BGP messages are flushed, independently from the value of `maxDataSamples`.|
#### monitorRPKI
This monitor will listen for all announcements produced by the monitored Autonomous Systems and will detect when a prefix, which is not in the monitored prefixes list, is announced.
This is useful if you want to be alerted in case your AS starts announcing something you didn't intend to announce (e.g. misconfiguration, typo).
> Example:
> The prefixes list of BGPalerter has an options.monitorASns list declared, such as:
> ```yaml
> 50.82.0.0/20:
> asn: 58302
> description: an example
> ignoreMorespecifics: false
>
> options:
> monitorASns:
> 58302:
> group: default
> ```
> If in config.yml monitorRPKI is enabled, you will receive alerts every time:
> * 50.82.0.0/20 is announced and it is not covered by ROAs or the announcement is RPKI invalid;
> * AS58302 announces something that is not covered by ROAs or the announcement is RPKI invalid;
Example of alert:
> The route 103.21.244.0/24 announced by AS13335 is not RPKI valid.
Parameters for this monitor module:
|Parameter| Description|
|---|---|
|thresholdMinPeers| Minimum number of peers that need to see the BGP update before to trigger an alert. |
|checkUncovered| If set to true, the monitor will alert also for prefixes not covered by ROAs in addition of RPKI invalid prefixes. |
|preCacheROAs| This parameter allows to download locally VRPs lists. This is suggested in the case you want to validate many BGP updates (e.g. for research purposes). For normal production monitoring do NOT set this parameter. |
|refreshVrpListMinutes| If `preCacheROAs` is set to true, this parameter allows to specify a refresh time for the VRPs lists (it has to be > 15 minutes) |
### Reports ### Reports
Possible reports are: Possible reports are: