Internet2 Network Security SIG

[Brad Fleming <>]

I’ve not used the route monitoring part of Thousand Eyes for quite awhile nor do I know costs but their founder helped build and operate the Cyclops project at UCLA which was (is?) a useful tool for looking at BGP events. We ran a demo of Thousand Eyes roughly a year ago with thoughts of doing a standard contract for KanREN members. During that demo we peered with the TE environment and it displayed a fair amount of info. I don’t recall now whether it provided features to drop-in replace BGPMon though.

I’ll see if my TE contact is still good and can answer a few questions. If I get something useful back I’ll share with the group.

https://www.thousandeyes.com/solutions/bgp-and-route-monitoring

--
Brad Fleming
Assistant Director for Technology
Kansas Research and Education Network
Office: 785-856-9805
Mobile: 785-865-7231
NOC: 785-856-9820

On Feb 5, 2019, at 3:04 PM, Adair Thaxton <> wrote:

There have been a few messages on the netgurus list (which I missed, sadly - hadn't subscribed with my Internet2 email), but everyone else seems similarly frustrated with seeking out options.  Haven't found any easy answers yet.

We at Internet2 have been trialing a product from CAIDA called Artemis in conjunction with BGPMon, using BGPMon to validate Artemis's views of hijacks.  The CAIDA team has done a lot of work and been fantastic at taking feature requests.

Adair



On 2/5/19, 3:50 PM, " on behalf of Dale W. Carder" < on behalf of > wrote:

   Thus spake Adair Thaxton () on Tue, Feb 05, 2019 at 06:41:08PM +0000:

Happy February!  You have nine days to make dinner reservations and get your person a gift, if you're into that sort of thing.

BGPMon has announced an End-of-Life date of March 20, 2020.  Many of our members have reported using this service.  It is supposed to be being replaced by Cisco Crosswork.  More information is here: https://bgpmon.net/wp-content/uploads/2019/01/BGPMon.net-EOL-EOS-faq.pdf

   Has anyone played with Ciada's bgpstream?  I got bored during lunch
   and made an example.  I'd be curious if anyone else wants to give it a
   shot with their data.

   Dale



   #!/usr/bin/env python

   import time
   import pytricia
   from _pybgpstream import BGPStream, BGPRecord, BGPElem

   esnet_v6 = pytricia.PyTricia(128)
   # format {'prefix' = 'orgin_asn'}
   esnet_v6['2001:400::/32'] = '293'

   stream = BGPStream()
   rec = BGPRecord()

   stream.add_filter('record-type', 'updates')
   stream.add_interval_filter(int(time.time()),0)
   stream.set_live_mode()
   stream.start()

   while(stream.get_next_record(rec)):
       if rec.status == 'valid':
           elem = rec.get_next_elem()
           while(elem):
               if 'as-path' in elem.fields:
                   path = elem.fields['as-path'].split()
                   prefix = elem.fields['prefix']
                   if prefix in esnet_v6 and esnet_v6[prefix] != path[-1]:
                       print('prefix:', elem.fields['prefix'], 'AS-PATH:', elem.fields['as-path'], 'Project:', rec.project, 'collector:', rec.collector, 'type:', rec.type, 'time:', rec.time, 'status:', rec.status, 'Type:', elem.type, 'Peer:', elem.peer_address, 'AS', elem.peer_asn)

               elem = rec.get_next_elem()

Attachment: smime.p7s
Description: S/MIME cryptographic signature