bgpalerter

BGPalerter

Self-configuring BGP monitoring tool, which allows you to monitor in real-time if:

• any of your prefixes loses visibility;
• any of your prefixes is hijacked;
• your AS is announcing RPKI invalid prefixes (e.g., not matching prefix length);
• your AS is announcing prefixes not covered by ROAs;
• any of your ROAs is expiring;
• ROAs covering your prefixes are no longer reachable;
• RPKI Trust Anchors malfunctions;
• a ROA involving any of your prefixes or ASes was deleted/added/edited;
• your AS is announcing a new prefix that was never announced before;
• an unexpected upstream (left-side) AS appears in an AS path;
• an unexpected downstream (right-side) AS appears in an AS path;
• one of the AS paths used to reach your prefix matches a specific condition defined by you.

You just run it. You don't need to provide any data source or connect it to anything in your network since it connects to public repos.

It can deliver alerts on files, email, kafka, slack, and more.

BGPalerter connects to public BGP data repos (not managed by NTT), and the entire monitoring is done directly in the application (there are no NTT servers involved).

TL;DR (1 minute setup)

This section is useful if you don't care about the source code, but you just want to start monitoring. Instead, if you want to run the source code or develop, skip to the documentation below.

1. Download the binary here (be sure to select the one for your OS)

2. Execute the binary (e.g., chmod +x bgpalerter-linux-x64 && ./bgpalerter-linux-x64)
   The first time you run it, the auto-configuration will start.

If something happens (e.g., a hijack) you will see the alerts in logs/reports.log. In config.yml you can find other reporting mechanisms (e.g., email, Slack, Kafka) in addition to logging on files. Uncomment the related section and configure according to your needs.

If the installation doesn't go smoothly, read here. Read the documentation below for more options.

If you are looking for a BGP and RPKI monitoring service based on BGPalerter, try PacketVis

Documentation

• Installation
  • Requirements
  • Run from binary
  • Run from source code
  • Build Debian Package
  • Run in Docker
  • Run as a Linux service
  • Command line options
• Monitored prefixes list
  • Generate prefix list
  • Prefix attributes description
• Configuration
  • Composition
  • Monitor for
    • Hijacks
    • Path neighbors (downstream/upstream peers)
    • Visibility loss
    • RPKI invalid announcements
    • RPKI ROAs diffs, ROAs expirations, and TA malfunctions
    • Announcements of more specifics
    • Announcements of new prefixes
    • Path matching
  • Send alerts to
    • File
    • E-mail
    • Slack
    • Kafka
    • Syslog
    • Alerta dashboard
    • Webex
    • Telegram
    • Mattermost
    • Pushover
    • Microsoft Teams
    • Matrix
    • HTTP URL (push)
    • REST API (pull)
  • Test report configuration
  • Process/Uptime monitoring
  • Notification user groups
  • RPKI configuration
    • Staging/testing ROAs
  • HTTP/HTTPS proxy
• Update to latest version
• More information for developers
  • All npm commands
  • Reports/alerts templates
  • Release process and Git flow
• BGPalerter for researchers

If you are using BGPalerter, feel free to sign here: Who is using BGPalerter