BGP troubleshooting for the network operator

I recently wrote an article called “The Mess we call BGP. I received several questions about how I go about monitoring BGP and knowing how traffic flows. More importantly, to know when it goes wrong and how to deal with it. In this post, I will go over some of the philosophies, tools, and methods I use for BGP health and troubleshooting.

Knowledge is power, they say. One of the first things you need to know is with whom your transit providers are peered and buy their upstream from. You can learn this in several ways. The easiest way is to go to https://bgp.he.net and type in your peer or upstream ASN. You will then see a tab that says “peers v4” and “peers v6”. This will show who they are peered with.

Ask your providers for maps of your circuit and their network.

Now that you are armed with the knowledge above, you can implement some tools.

Simple monitoring of your BGP sessions and the amount of routes you receive is a great start. If you are pulling in full route tables and you lose 10,000 routes, that may be an indication of something going on with the global Internet.

Traffic flow using Netflow (or sFlow) is a great way to see where your traffic is going. Some popular tools for analyzing flow traffic are:
•SolarWindws
•Ntop

Knowing what is going on inside your network is also critical. Do you have nodes participating in botnets causing an entire /24 of Ip space to be blacklisted?

These are some topics to get you started. BGP is simple complexity.

j2networks family of sites
https://j2sw.com
https://startawisp.info
https://indycolo.net
#packetsdownrange #routethelight