North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: community real-time BGP hijack notification service

  • From: Pekka Savola
  • Date: Sun Sep 14 11:58:18 2008

On Sun, 14 Sep 2008, Hank Nussbacher wrote:
I have used IAR, PHAS and MyASN and I can say I would not recommend myASN. It is a cumbersome system and very non-intuitive. It is based on an ASN-centric model, whereby each ASN is in its own realm. So if you manage *one* ASN, perhaps this system might work for you. But if you have about 10 ASNs you want to manage, in one central spot, you are out of luck here. Also, you would expect the system to "auto-learn" what prefixes exist under your ASN and then you would have perhaps check boxes to disable or enable monitoring for specific prefixes. With myASN you have to manually type in each and every prefix you have. The same holds true for the newer http://ripe.net/is/alarms/. They also differentiate between origin and transit ASN. Their summary view doesn't show which prefixes are being monitored. No help or FAQ available yet on the beta alarms system.

I think I'll need to chime in here, being a user of myASN. I have not tested other systems. To me it seems to work OK. Manual typing etc. is minimized because you can export and import XML; this is the way I entered our prefix information in the database (though if the prefixes change often, maybe updates would be a chore). The database itself AFAIR does not have any restriction on what it's monitoring when you use the advanced interface -- you can insert any AS-path regexes you want, and that way we're managing prefixes from some ~5-10 ASNs. AFAICS, the ASN in login form is only used for identification purposes and in some shortcuts in the basic interface.


I agree that to kickstart monitoring, an auto-learning feature could be used. And that documentation is somewhat sparse :-).

I've gotten a couple of alarms which may or may have been bogus. One academic site was purpotedly advertising one of our prefixes duing one day for a couple of 1-2 hour periods. Upon asking they said they had not done anything special, and said that their upstreams wouldn't accept that kind of prefix from them anyway. Not sure if that was true, but I didn't purse this further.

--
Pekka Savola                 "You each name yourselves king, yet the
Netcore Oy                    kingdom bleeds."
Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings