NTT has built a cool piece of infrastructure monitoring software called BGPalerter. BGPalerter is software to monitor streams of BGP data to provide real-time detection of visibility loss, RPKI invalid announcements, hijacks, and more.
I will be setting up this tool to monitor my BGP announcements for loss of visibility in the global routing table, RPKI invalid announcements, and hijacks.
Getting Started
Here’s the repo -> https://github.com/nttgin/BGPalerter
I will be installing this on a Vultr instance in a location I’m not currently in. It’s helpful to put this in a different location that you don’t have any infrastructure in so that it can report if a different location goes down. I don’t want to risk missing the email if the service provider has an outage in a single location.
- Set up a VM. I’m using the most basic VPS as this doesn’t require a lot of resources. I am using Debian for my server.
- Download the correct binary for your platform -> https://github.com/nttgin/BGPalerter/releases
- Launch BGPalerter and run through the auto configuration -> chmod +x /bgpalerter-linux-x64 && ./bgpalerter-linux-x64
- Configure reporting by editing the config.yml file
# Config.yml
reports:
- file: reportEmail
channels:
- hijack
- newprefix
- visibility
- path
- misconfiguration
- rpki
params:
showPaths: 5 # Amount of AS_PATHs to report in the alert
senderEmail: bgpalerter@domain
# BGPalerter uses nodemailer.
# The smtp section can be configured with all the parameters available at https://nodemailer.com/smtp/
# the following are just the most useful one
smtp:
host: SMTPSERVER.DOMAIN.TLD
port: 587
secure: true # If true the connection will use TLS when connecting to server. If false it will be still possible doing connection upgrade via STARTTLS
ignoreTLS: false # If true TLS will be completely disabled, including STARTTLS. Set this to true if you see certificate errors in the logs.
auth:
user: username
pass: password
type: login
tls:
rejectUnauthorized: true # Reject unauthorized certificates
notifiedEmails:
default:
- [email protected]
noc:
- [email protected]
The last thing to do is test our setup. You can do that by running
./bgpalerter-linux-x64 -tAfter doing that you should get an email alert that looks like this!
Now we need to create a service to automatically launch this at boot.
I followed the guide here to set up the BGPalerter Linux service -> https://github.com/nttgin/BGPalerter/blob/main/docs/linux-service.md
It’s all set up, you can now make changes to the prefixes.yml file, I changed the YML file to have the correct upstreams, descriptions on each of the prefixes, and made sure that all of the correct prefixes were listed.