ThousandEyes, profile picture
Uploaded byThousandEyes
PDF, PPTX897 views

Monitoring Route Changes

The document discusses ThousandEyes' network intelligence platform, focusing on monitoring BGP route changes and their impact on network performance. It highlights key metrics for analyzing routing behaviors, common reasons for route changes, and methods for improving BGP alert tuning. Additionally, it outlines best practices for managing DDoS mitigation and addressing equipment failures and routing misconfigurations.

Embed presentation

Download as PDF, PPTX
1© 2017 ThousandEyes Inc. All Rights Reserved.Confidential © 2017 ThousandEyes Inc. All Rights Reserved. Monitoring Route Changes Nick Kephart, Sr. Director of Product Marketing
2© 2017 ThousandEyes Inc. All Rights Reserved. About ThousandEyes Network Intelligence platform that gives you a complete picture from users to internal and cloud-based applications Routing User App End-to-End Performance Data App Performance User Experience Network Topology Routing Topology Enterprise, Endpoint and Cloud Agents Network Connectivity And Route Monitors! Surface insights from a global data set Lightweight, flexible data collection Unified view of diverse performance data Solve issues across shared infrastructure See any network like it’s your own
3© 2017 ThousandEyes Inc. All Rights Reserved. 40 monitors on 30+ networks See inbound routing to your prefixes Establish a BGP multi-hop session with ThousandEyes See outbound routing to key services and endpoints Public Monitors Private Monitors Collecting BGP data Your BGP speaker ThousandEyes collector
4© 2017 ThousandEyes Inc. All Rights Reserved. Visualizing BGP routes for ingress traffic Origin AS (Comcast) Public vantage points Upstream ISP (Level3) Upstream ISP (NTT) Github prefix
5© 2017 ThousandEyes Inc. All Rights Reserved. Using Private Monitors for egress traffic routes Amazon
6© 2017 ThousandEyes Inc. All Rights Reserved. Visualizing route changes Withdrawn routes to Level3 New or updated routes via Comcast
7© 2017 ThousandEyes Inc. All Rights Reserved. Key routing metrics • Proportion of 15- min period that the prefix was reachable from the monitor • Number of path changes • Number of BGP updates, including ones that don’t result in a path change Reachability Path Changes Updates
8© 2017 ThousandEyes Inc. All Rights Reserved. How routes change 1. AS Path vector changes • Doesn’t change the destination prefix • Can change with new routes, withdrawn routes or updated route preferences 2. A more specific prefix appears or disappears • Changes the destination prefix • Covered and covering prefixes can be used to maintain multiple routing policies in the routing table • Routes can be quickly changed as needed
9© 2017 ThousandEyes Inc. All Rights Reserved. Why routes change • Commercial relationships • DDoS mitigation • Equipment failures • Maintenance • Attribute confusion (e.g. prepending errors) • Route flapping • Others advertising your prefix • Or a more specific prefix Peers & policies Misconfigurations Hijacks & leaks
10© 2017 ThousandEyes Inc. All Rights Reserved. Policy and peering changes • Options to influence inbound routing to your network include: – Introducing new routes • Advertising new routes • Introducing a more specific prefix with a different route – Withdrawing routes – Changing BGP attributes in route advertisements • AS path prepending • Multi-exit discriminator (MED) • Communities (e.g. NO-EXPORT); BGP conditional advertisements • Both the origin AS and upstream ISPs can make peering changes – Monitor reachability and make sure that new routes are correct and propagated • Look for: One-time AS path change, new providers or prefixes – Example: First Horizon changed ISPs by introducing a covered prefix
11© 2017 ThousandEyes Inc. All Rights Reserved. DDoS mitigation • BGP is commonly used to shift traffic to scrubbing centers of DDoS mitigation providers during an attack • Look for: Mitigation provider’s AS either appearing directly upstream from Origin AS or becoming Origin AS – Example: Discover changed their upstream providers from AT&T and Sprint to Prolexic
12© 2017 ThousandEyes Inc. All Rights Reserved. DDoS mitigation: Discover Sprint AT&T Withdrawn routes to AT&T, Sprint New routes through Prolexic Prolexic
13© 2017 ThousandEyes Inc. All Rights Reserved. Equipment failures • Failures can occur on links or interfaces in upstream providers – May re-route on its own or may require intervention • Look for: Issues isolated within specific ISPs and subsequent routing changes – Example: When upstream ISP Verizon experienced severe issues, First Data made a BGP change and dropped Verizon
14© 2017 ThousandEyes Inc. All Rights Reserved. Equipment failures: First Data New routes through AT&T Withdrawn routes to Verizon
15© 2017 ThousandEyes Inc. All Rights Reserved. Routing misconfigurations • Common misconfigurations include: – BGP attribute confusion • AS path prepending errors – Route flapping – Route leaks • Look for: Unexpected ASes, routes or route changes – Example: Country Financial mistyped an AS when prepending the AS path
16© 2017 ThousandEyes Inc. All Rights Reserved. Route flapping • When routes alternate or are advertised and withdrawn in rapid sequence – Usually from equipment or configuration errors – Often causes packet loss and performance degradation • Look for: Repeating spikes or elevated levels of route changes over time – Example: Ancestry’s upstream ISP XO Communications experienced a route flap
17© 2017 ThousandEyes Inc. All Rights Reserved. Tuning your BGP alerts Scenario Threshold Peering Changes, Route Flaps Path Changes > 1 Reachability < 100% DDoS Mitigation Activation Origin ASN in ___ Prefix not in ___ Next Hop ASN in ___ Prepending Errors Next Hop ASN not in ___ Prefix Hijacking, Leaks Origin ASN not in ___ Covered Prefix exists
18© 2017 ThousandEyes Inc. All Rights Reserved. Easy to get started Do more Helpful resources so you can do more Sign up Get going in seconds 1 2 Expert intelligence Customer success and collaboration built into everything we do 3
19© 2017 ThousandEyes Inc. All Rights Reserved.© 2017 ThousandEyes Inc. All Rights Reserved. Watch the webinar: www.thousandeyes.com/webinars/monitoring-route-changes

More Related Content

PDF
Detecting Hijacks and Leaks
byThousandEyes
 
PDF
Visualizing and Troubleshooting BGP Routing
byThousandEyes
 
PDF
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
byThousandEyes
 
PDF
Optimizing AS Paths
byThousandEyes
 
PDF
Diagnosing Internet Outages
byThousandEyes
 
PDF
Discover Network Insights with Reports
byThousandEyes
 
PDF
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
byThousandEyes
 
PDF
Service Provider Architectures for Tomorrow by Chow Khay Kid
byMyNOG
 
Detecting Hijacks and Leaks
byThousandEyes
 
Visualizing and Troubleshooting BGP Routing
byThousandEyes
 
Monitoring for Network Security: BGP Hijacks, DDoS Attacks and DNS Poisoning
byThousandEyes
 
Optimizing AS Paths
byThousandEyes
 
Diagnosing Internet Outages
byThousandEyes
 
Discover Network Insights with Reports
byThousandEyes
 
NANOG 68: Decoding Performance Data from Large-Scale Internet Outages
byThousandEyes
 
Service Provider Architectures for Tomorrow by Chow Khay Kid
byMyNOG
 

What's hot

PDF
SD-WAN Economics 101 - VeloCloud
byVeloCloud Networks, Inc.
 
PDF
Next-gen Network Telemetry is Within Your Packets: In-band OAM
byOpen Networking Summit
 
PDF
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™
byMultapplied Networks
 
PDF
Whitepaper: Peplink Hybrid WAN Best Practices
byEric Wong
 
PDF
Introduction to RPKI - MyNOG
bySiena Perry
 
PDF
Monitoring Network Performance in China
byThousandEyes
 
PDF
MyIX Updates by Raja Mohan
byMyNOG
 
PDF
Next Generation DDoS Services – can we do this with NFV? - CF Chui
byMyNOG
 
PDF
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
byIndonesia Network Operators Group
 
PPTX
Broad Sky March 2018 SD-WAN presentation
byMaureen Donovan
 
PPTX
Using Bonded Internet™ to Replace and Enhance Customer MPLS Networks
byMultapplied Networks
 
PDF
Digital Transformation through Open Software Defined Infrastructure
byOpen Networking Summit
 
PDF
ElasticISP
byKHNOG
 
PDF
PhNOG 2020: Securing your resources with RPKI and IRT
byAPNIC
 
PDF
SD-WAN for Construction - Solution Brief
byVeloCloud Networks, Inc.
 
PDF
Measuring latency from the browser
byAPNIC
 
PDF
06 (IDNOG02) IPv4 Address Transfer by Wita Laksono
byIndonesia Network Operators Group
 
PDF
APNIC Updates
byMyNOG
 
PDF
Bandwidth Management on Linux
bynirate
 
PDF
APNIC Services by Anna Mulingbayan
byMyNOG
 
SD-WAN Economics 101 - VeloCloud
byVeloCloud Networks, Inc.
 
Next-gen Network Telemetry is Within Your Packets: In-band OAM
byOpen Networking Summit
 
Multapplied Networks - Bonding and Load Balancing together in Bonded Internet™
byMultapplied Networks
 
Whitepaper: Peplink Hybrid WAN Best Practices
byEric Wong
 
Introduction to RPKI - MyNOG
bySiena Perry
 
Monitoring Network Performance in China
byThousandEyes
 
MyIX Updates by Raja Mohan
byMyNOG
 
Next Generation DDoS Services – can we do this with NFV? - CF Chui
byMyNOG
 
01 (IDNOG02) ASN distribution and interconnection in Indonesia by Sanjaya
byIndonesia Network Operators Group
 
Broad Sky March 2018 SD-WAN presentation
byMaureen Donovan
 
Using Bonded Internet™ to Replace and Enhance Customer MPLS Networks
byMultapplied Networks
 
Digital Transformation through Open Software Defined Infrastructure
byOpen Networking Summit
 
ElasticISP
byKHNOG
 
PhNOG 2020: Securing your resources with RPKI and IRT
byAPNIC
 
SD-WAN for Construction - Solution Brief
byVeloCloud Networks, Inc.
 
Measuring latency from the browser
byAPNIC
 
06 (IDNOG02) IPv4 Address Transfer by Wita Laksono
byIndonesia Network Operators Group
 
APNIC Updates
byMyNOG
 
Bandwidth Management on Linux
bynirate
 
APNIC Services by Anna Mulingbayan
byMyNOG
 

Viewers also liked

PDF
Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊
byChibi Wu
 
PDF
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
byThousandEyes
 
PDF
Optimizing Network Connectivity to your Data Center
byThousandEyes
 
PDF
Reverse Path Visibility with Agent-to-Agent Tests
byThousandEyes
 
PDF
Visualizing the Path of InteropNet and Beyond
byThousandEyes
 
PPTX
OBSTACLES TO AFRICAN INTELLECTUALS IN PUBLIC POLICY MAKING
byTANKO AHMED fwc
 
PPT
SC Heerenveen: How do we use digital media in "Heerenveen" (Jelmar Helmut)
byResultSportsUkraine
 
PPT
Receta croquetas "buen provecho"
byMaría Luisa Buenaga
 
PPTX
Rivalries of History
bynerdrealms
 
PDF
Youth technology program
bySaad-ul- Umam
 
DOC
¿cómo me alimento?
byMaría Luisa Buenaga
 
DOCX
Nando evento infantiles- empresa infatil
byFernando Thiago Reymundo Samaniego
 
PPTX
Using Data to Determine Where to Build a New Data Center at Shutterstock from...
byThousandEyes
 
PPTX
Журнал «Спорт Бизнес Консалтинг»/Россия: Спонсорство в спортивном маркетинге....
byResultSportsUkraine
 
PPT
Game
bydangraham822
 
PPTX
NBA Employees slideshare
byNeera Desai
 
PDF
Catalogue
byChristos Ioannides
 
Emile Noel 法國艾米爾諾耶有機植物油2013-A5手冊
byChibi Wu
 
FS-ISAC 2014 Troubleshooting Network Threats: DDoS Attacks, DNS Poisoning and...
byThousandEyes
 
Optimizing Network Connectivity to your Data Center
byThousandEyes
 
Reverse Path Visibility with Agent-to-Agent Tests
byThousandEyes
 
Visualizing the Path of InteropNet and Beyond
byThousandEyes
 
OBSTACLES TO AFRICAN INTELLECTUALS IN PUBLIC POLICY MAKING
byTANKO AHMED fwc
 
SC Heerenveen: How do we use digital media in "Heerenveen" (Jelmar Helmut)
byResultSportsUkraine
 
Receta croquetas "buen provecho"
byMaría Luisa Buenaga
 
Rivalries of History
bynerdrealms
 
Youth technology program
bySaad-ul- Umam
 
¿cómo me alimento?
byMaría Luisa Buenaga
 
Nando evento infantiles- empresa infatil
byFernando Thiago Reymundo Samaniego
 
Using Data to Determine Where to Build a New Data Center at Shutterstock from...
byThousandEyes
 
Журнал «Спорт Бизнес Консалтинг»/Россия: Спонсорство в спортивном маркетинге....
byResultSportsUkraine
 
Game
bydangraham822
 
NBA Employees slideshare
byNeera Desai
 
Catalogue
byChristos Ioannides
 

Similar to Monitoring Route Changes

PPTX
Implementing Internet and MPLS BGP
byPrivate
 
PDF
How BGP Works
byThousandEyes
 
PDF
MANRS for Network Operators - bdNOG12
byBangladesh Network Operators Group
 
PDF
MANRS for Network Operators
byBangladesh Network Operators Group
 
PDF
LKNOG3-Keynote
byLKNOG
 
PPT
B G P Part2
bycisconetworker
 
PDF
LkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
byAPNIC
 
PDF
PLNOG15: BGP New Advanced Features - Piotr Wojciechowski
byPROIDEA
 
PDF
Policies
bygobed
 
DOCX
BGP Protocol Makes the Internet Work
byIT Tech
 
PPT
Bigbgp
bytushar sharda
 
PPT
Bigbgp (1)
byacharyanirali
 
PDF
NZNOG 2019: The State of Routing (In)Security
byAPNIC
 
PDF
Routing Security - its importance and status in South Asia
byBangladesh Network Operators Group
 
PDF
Improving routing security through concerted action
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
Routing Security in 2017 – We can do better!
byAPNIC
 
PDF
Tutorial: Network State Awareness Troubleshooting
byAPNIC
 
PDF
BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit
byAPNIC
 
PDF
Routing is at Risk - Let’s secure it together
byAPNIC
 
PDF
Peering Asia 2.0: Security in Peering
byTom Paseka
 
Implementing Internet and MPLS BGP
byPrivate
 
How BGP Works
byThousandEyes
 
MANRS for Network Operators - bdNOG12
byBangladesh Network Operators Group
 
MANRS for Network Operators
byBangladesh Network Operators Group
 
LKNOG3-Keynote
byLKNOG
 
B G P Part2
bycisconetworker
 
LkNOG 3: Strengthening the Internet infrastructure in Sri Lanka
byAPNIC
 
PLNOG15: BGP New Advanced Features - Piotr Wojciechowski
byPROIDEA
 
Policies
bygobed
 
BGP Protocol Makes the Internet Work
byIT Tech
 
Bigbgp
bytushar sharda
 
Bigbgp (1)
byacharyanirali
 
NZNOG 2019: The State of Routing (In)Security
byAPNIC
 
Routing Security - its importance and status in South Asia
byBangladesh Network Operators Group
 
Improving routing security through concerted action
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Routing Security in 2017 – We can do better!
byAPNIC
 
Tutorial: Network State Awareness Troubleshooting
byAPNIC
 
BGP Bugs, Hiccups and weird stuff: Issues seen by RT-BGP Toolkit
byAPNIC
 
Routing is at Risk - Let’s secure it together
byAPNIC
 
Peering Asia 2.0: Security in Peering
byTom Paseka
 

More from ThousandEyes

PPTX
How to Make Network Refresh Projects a Success in the AI Era
byThousandEyes
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
byThousandEyes
 
PPTX
How to Optimize Your AWS Environment for Improved Cloud Performance
byThousandEyes
 
PPTX
How to Optimize Your AWS Environment for Improved Cloud Performance
byThousandEyes
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
byThousandEyes
 
PPTX
How to Make Network Refresh Projects a Success in the AI Era
byThousandEyes
 
PDF
2025-07-15 EMEA Volledig Inzicht Dutch Webinar
byThousandEyes
 
PPTX
Assuring Your SD-WAN to Deliver Unparalleled Digital Experiences
byThousandEyes
 
PPTX
Assuring Your SD-WAN to Deliver Unparalleled Digital Experiences
byThousandEyes
 
PPTX
End-to-end Assurance for SD-WAN & SASE with ThousandEyes
byThousandEyes
 
PPTX
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
byThousandEyes
 
PPTX
How To Make Network Refresh Projects a Success in the AI Era
byThousandEyes
 
PPTX
How To Make Network Refresh Projects a Success in the AI Era
byThousandEyes
 
PDF
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
PPTX
ThousandEyes Partner Innovation Updates for May 2025
byThousandEyes
 
PPTX
New ThousandEyes Product Innovations: Cisco Live June 2025
byThousandEyes
 
PPTX
How to Optimize Your AWS Environment for Improved Cloud Performance
byThousandEyes
 
PPTX
Assurance Best Practices: Unlocking Proactive Network Operations
byThousandEyes
 
PPTX
IT Runs Better with ThousandEyes AI-driven Assurance
byThousandEyes
 
PDF
AI Demands More: Help Ensure Network Readiness With ThousandEyes
byThousandEyes
 
How to Make Network Refresh Projects a Success in the AI Era
byThousandEyes
 
New ThousandEyes Product Innovations: Cisco Live June 2025
byThousandEyes
 
How to Optimize Your AWS Environment for Improved Cloud Performance
byThousandEyes
 
How to Optimize Your AWS Environment for Improved Cloud Performance
byThousandEyes
 
New ThousandEyes Product Innovations: Cisco Live June 2025
byThousandEyes
 
How to Make Network Refresh Projects a Success in the AI Era
byThousandEyes
 
2025-07-15 EMEA Volledig Inzicht Dutch Webinar
byThousandEyes
 
Assuring Your SD-WAN to Deliver Unparalleled Digital Experiences
byThousandEyes
 
Assuring Your SD-WAN to Deliver Unparalleled Digital Experiences
byThousandEyes
 
End-to-end Assurance for SD-WAN & SASE with ThousandEyes
byThousandEyes
 
AI-driven Assurance Across Your End-to-end Network With ThousandEyes
byThousandEyes
 
How To Make Network Refresh Projects a Success in the AI Era
byThousandEyes
 
How To Make Network Refresh Projects a Success in the AI Era
byThousandEyes
 
What's New? ThousandEyes Features and Highlights: October 2025
byThousandEyes
 
ThousandEyes Partner Innovation Updates for May 2025
byThousandEyes
 
New ThousandEyes Product Innovations: Cisco Live June 2025
byThousandEyes
 
How to Optimize Your AWS Environment for Improved Cloud Performance
byThousandEyes
 
Assurance Best Practices: Unlocking Proactive Network Operations
byThousandEyes
 
IT Runs Better with ThousandEyes AI-driven Assurance
byThousandEyes
 
AI Demands More: Help Ensure Network Readiness With ThousandEyes
byThousandEyes
 

Recently uploaded

PPT
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
PDF
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
PDF
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
PDF
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
PPTX
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
PDF
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
PDF
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PDF
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
PDF
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PDF
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
PPTX
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
PDF
Global Asset Tokenization Platforms – Summary (2026) - Garima Singh
byGarima Singh
 
PDF
Introduction to Linux and Basic Commands
byiDev Semarang
 
PDF
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
DOCX
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
PPTX
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
Database Management Systems: Basics, History, Data Models, etc.
byParithi Thamizh
 
Safer’s Picks: Recent FME Enhancements with Big Everyday Impact
bySafe Software
 
Peculiar Findings Around CEX Activity and ETH Price
bytobbymnbvcxz
 
5G Explained! A High Level Overview [Introduction]
byLuciano Motta
 
API Gateway Architecture - Technical Report 2026
byPowersoft2026
 
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
Azure DevOps Managed Services: Driving Speed, Security, and Business Growth
byjohncarterjn
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
Skills to Pass the UiPath Agentic Automation Associate (UiAAA) Certification
byUiPathCommunity
 
Web3 - Applications and Architectures - History and Horizons
byGokul Alex
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
apidays Australia 2025 | User Brainpower vs. AI Blind Spots in API Docs
byapidays
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
SOFTWARE DEVELOPMENT PROCESS - INTRODUCTION
byParithi Thamizh
 
Global Asset Tokenization Platforms – Summary (2026) - Garima Singh
byGarima Singh
 
Introduction to Linux and Basic Commands
byiDev Semarang
 
How to Build a Crypto Wallet that Excels in 2026.pdf
byimoliviabennett
 
Best Web to Learn About Buying Verified Skrill Accounts (Los Angeles).docx
byhttps://topsellerit.com/product/buy-verified-binance-accounts/
 
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 

Monitoring Route Changes

  • 1.
    1© 2017 ThousandEyesInc. All Rights Reserved.Confidential © 2017 ThousandEyes Inc. All Rights Reserved. Monitoring Route Changes Nick Kephart, Sr. Director of Product Marketing
  • 2.
    2© 2017 ThousandEyesInc. All Rights Reserved. About ThousandEyes Network Intelligence platform that gives you a complete picture from users to internal and cloud-based applications Routing User App End-to-End Performance Data App Performance User Experience Network Topology Routing Topology Enterprise, Endpoint and Cloud Agents Network Connectivity And Route Monitors! Surface insights from a global data set Lightweight, flexible data collection Unified view of diverse performance data Solve issues across shared infrastructure See any network like it’s your own
  • 3.
    3© 2017 ThousandEyesInc. All Rights Reserved. 40 monitors on 30+ networks See inbound routing to your prefixes Establish a BGP multi-hop session with ThousandEyes See outbound routing to key services and endpoints Public Monitors Private Monitors Collecting BGP data Your BGP speaker ThousandEyes collector
  • 4.
    4© 2017 ThousandEyesInc. All Rights Reserved. Visualizing BGP routes for ingress traffic Origin AS (Comcast) Public vantage points Upstream ISP (Level3) Upstream ISP (NTT) Github prefix
  • 5.
    5© 2017 ThousandEyesInc. All Rights Reserved. Using Private Monitors for egress traffic routes Amazon
  • 6.
    6© 2017 ThousandEyesInc. All Rights Reserved. Visualizing route changes Withdrawn routes to Level3 New or updated routes via Comcast
  • 7.
    7© 2017 ThousandEyesInc. All Rights Reserved. Key routing metrics • Proportion of 15- min period that the prefix was reachable from the monitor • Number of path changes • Number of BGP updates, including ones that don’t result in a path change Reachability Path Changes Updates
  • 8.
    8© 2017 ThousandEyesInc. All Rights Reserved. How routes change 1. AS Path vector changes • Doesn’t change the destination prefix • Can change with new routes, withdrawn routes or updated route preferences 2. A more specific prefix appears or disappears • Changes the destination prefix • Covered and covering prefixes can be used to maintain multiple routing policies in the routing table • Routes can be quickly changed as needed
  • 9.
    9© 2017 ThousandEyesInc. All Rights Reserved. Why routes change • Commercial relationships • DDoS mitigation • Equipment failures • Maintenance • Attribute confusion (e.g. prepending errors) • Route flapping • Others advertising your prefix • Or a more specific prefix Peers & policies Misconfigurations Hijacks & leaks
  • 10.
    10© 2017 ThousandEyesInc. All Rights Reserved. Policy and peering changes • Options to influence inbound routing to your network include: – Introducing new routes • Advertising new routes • Introducing a more specific prefix with a different route – Withdrawing routes – Changing BGP attributes in route advertisements • AS path prepending • Multi-exit discriminator (MED) • Communities (e.g. NO-EXPORT); BGP conditional advertisements • Both the origin AS and upstream ISPs can make peering changes – Monitor reachability and make sure that new routes are correct and propagated • Look for: One-time AS path change, new providers or prefixes – Example: First Horizon changed ISPs by introducing a covered prefix
  • 11.
    11© 2017 ThousandEyesInc. All Rights Reserved. DDoS mitigation • BGP is commonly used to shift traffic to scrubbing centers of DDoS mitigation providers during an attack • Look for: Mitigation provider’s AS either appearing directly upstream from Origin AS or becoming Origin AS – Example: Discover changed their upstream providers from AT&T and Sprint to Prolexic
  • 12.
    12© 2017 ThousandEyesInc. All Rights Reserved. DDoS mitigation: Discover Sprint AT&T Withdrawn routes to AT&T, Sprint New routes through Prolexic Prolexic
  • 13.
    13© 2017 ThousandEyesInc. All Rights Reserved. Equipment failures • Failures can occur on links or interfaces in upstream providers – May re-route on its own or may require intervention • Look for: Issues isolated within specific ISPs and subsequent routing changes – Example: When upstream ISP Verizon experienced severe issues, First Data made a BGP change and dropped Verizon
  • 14.
    14© 2017 ThousandEyesInc. All Rights Reserved. Equipment failures: First Data New routes through AT&T Withdrawn routes to Verizon
  • 15.
    15© 2017 ThousandEyesInc. All Rights Reserved. Routing misconfigurations • Common misconfigurations include: – BGP attribute confusion • AS path prepending errors – Route flapping – Route leaks • Look for: Unexpected ASes, routes or route changes – Example: Country Financial mistyped an AS when prepending the AS path
  • 16.
    16© 2017 ThousandEyesInc. All Rights Reserved. Route flapping • When routes alternate or are advertised and withdrawn in rapid sequence – Usually from equipment or configuration errors – Often causes packet loss and performance degradation • Look for: Repeating spikes or elevated levels of route changes over time – Example: Ancestry’s upstream ISP XO Communications experienced a route flap
  • 17.
    17© 2017 ThousandEyesInc. All Rights Reserved. Tuning your BGP alerts Scenario Threshold Peering Changes, Route Flaps Path Changes > 1 Reachability < 100% DDoS Mitigation Activation Origin ASN in ___ Prefix not in ___ Next Hop ASN in ___ Prepending Errors Next Hop ASN not in ___ Prefix Hijacking, Leaks Origin ASN not in ___ Covered Prefix exists
  • 18.
    18© 2017 ThousandEyesInc. All Rights Reserved. Easy to get started Do more Helpful resources so you can do more Sign up Get going in seconds 1 2 Expert intelligence Customer success and collaboration built into everything we do 3
  • 19.
    19© 2017 ThousandEyesInc. All Rights Reserved.© 2017 ThousandEyes Inc. All Rights Reserved. Watch the webinar: www.thousandeyes.com/webinars/monitoring-route-changes