The document discusses BGP routing management and troubleshooting, highlighting ThousandEyes' approach to providing network visibility for organizations. It outlines various BGP issues such as route hijacking, leaks, and configuration errors, and presents solutions for monitoring and alerting on critical BGP metrics. Additionally, it provides examples of BGP incidents involving packet loss and route leaks, showcasing the importance of monitoring BGP changes in real-time.

1. Visualizing and Troubleshooting
BGP Routing
Nick Kephart, Sr. Director of Product Marketing

2. 1
About ThousandEyes
Established and
backed by
network experts
Relied on for
critical operations by
leading enterprises
Recognized as
an innovative
new approach
ThousandEyes delivers visibility into every network your organization relies on.
24 of the Fortune 500

3. 2
• Policy changes
• Peering changes
• Maintenance
• Intentional handovers (DDoS)
Managing BGP
• Local misconfigurations
– Attribute confusion
• Upstream ISP issues
– Flapping
• Equipment failures
• Route hijacking and leaks
– Others broadcasting your
prefixes
– Or more specific prefixes
The Routine
And the Unexpected

4. 3
See inbound routing
to your prefixes
45 monitors on 30+ networks
Collecting BGP Data
See outbound routing
to key services and endpoints
Establish a BGP multi-hop session
with ThousandEyes
Public Monitors
Private Monitors
Your BGP
speaker
ThousandEyes
collector

5. 4
Visualizing BGP Routing
Destination AS (Comcast)
Public vantage
point
Upstream ISP (Level3)
Upstream ISP (NTT)
Github prefix

6. 5
Visualizing Routing Changes
Withdrawn routes to Level3
New routes via Comcast

7. 6
Inside à Out Visibility: Private BGP Monitors

8. 7
Tuning Your BGP Alerts
Scenario
Test Type
Threshold
Prefix Hijacking
BGP
Origin ASN not in ___
Covered Prefix exists
Peering Changes, Route Flaps
BGP
Path Changes > 1
Reachability < 100%
DDoS Mitigation Activation
BGP
Origin ASN in ___
Prefix not in ___
Prepending Errors
BGP
Next Hop ASN not in ___

9. 8
Demo

10. 9
Set Up a BGP Test
Or create a
BGP-only test
BGP included
in Network,
Web and
Voice tests
Select the prefix
Choose the monitors
Configure alerts

11. 10
Set Up a Range of BGP Alerts
Alert on reachability, ASNs,
prefixes and AS-Path changes
Make alerts contingent to
reduce false positives

12. 11
International Connectivity Issue
Packet loss spikes
SuccessFactors
But only from
international locations

13. 12
Issues with Tinet
Packet loss occurring
in Tinet
SuccessFactors

14. 13
Prior to Issue: 5 Upstream Providers
Hosted in
Internap
AboveNet
Tinet
Telia
Qwest
Cogent
Tokyo
London
Internap prefix

15. 14
During the Issue: Tinet Rerouted via Cogent
Tinet
Cogent
Withdrawn
Routes
Newly Advertised
Routes

16. 15
BGP Leak: Spotify Routes Leaked by Enzu
Visible for almost 3 hours
Leaked by Enzu
(AS18978)
Spotify (AS43650)
Propagated at
LAIX (AS40633
Seen by 5
monitors
New /23 route leaked

17. 16
BGP Prepending Error: Country Financial
Country Financial (AS10511)
Upstream Qwest
(AS209)
Routes include
AS15011, a
prepending error

18. 17
BGP Hijack: Normal Routes to PayPal
PayPal / Akamai prefix
Akamai AS
Comcast upstream

19. 18
BGP Hijack: Routes Advertised from Indosat
PayPal / Akamai prefix
Correct AS
Hijacked AS
Locations with completely
hijacked routes

20. 19
BGP Hijack: PCCW Has No Routes to PayPal
Only connected to Indosat

21. 20
BGP Hijack: Causing All Traffic to Drop
Traffic transiting
PCCW has no routes

22. See what you’re missing.
Watch the webinar
www.thousandeyes.com/webinars/bgp