Detecting Inconsistent BGP Advertisement
Nick Feamster highlighted the problem of inconsistent BGP advertisement [1] more than a decade ago at Nanog-32. I have not seen a good solution to this problem (apart from the one presented in the presentation). So, it turns out this is a great use case to analyze BGP Updates from peers and detect inconsistencies.
Problem Statement
Consider the scenario in figure 1. Suppose you manage ASN 65200 and peer with ASN 65100 at multiple sites. How do you know in (near) real-time that the prefixes advertised by all peering routers have same -
1. MED
2. AS-Path
3. Number of ASNs in AS-Path
4. Origin ASN
Figure 1: Peering between two ASNs
The answer is - you don't, unless you are capturing all BGP Updates and analyzing them in real-time. This is made possible by BGP Monitoring Protocol (BMP) [2]. Also, when any inconsistency is detected for a particular prefix, you want to be able to send an alert to a dashboard and (optionally) filter the prefix on all routers reporting receiving this prefix.
Data Pipeline
As seen in figure 2, the entire architecture of data pipeline includes following pieces:
1. OpenBMP - OpenBMP is an open source BMP collector [3]. OpenBMP supports current BMP draft and supports BMP messages from Cisco and Juniper network devices. It receives BMP messages and parses them, and forwards to Kafka.
2. Kafka - Kafka is an open source distributed, scalable and fault tolerant messaging system. The "Publishers" (in this case OpenBMP) can publish data to Kafka which are grouped in a queue called topic and "Consumers" can consume data by subscribing to these topics.
3. Spark - Spark is a fast, distributed and scalable data processing system. In this case, I am using Spark Streaming to analyze BMP messages in real time.
Further reading:
[1] Nick's presentation slides from Nanog-32 - https://www.nanog.org/meetings/nanog32/presentations/feamster.pdf
[2] BMP Draft version 17 - https://tools.ietf.org/html/draft-ietf-grow-bmp-17
[3] OpenBMP - www.openbmp.org