As the routing protocol that runs the Internet, BGP is a key piece of the puzzle that helps you understand how your customers get to you, which means that BGP visibility is very important if you intend to have operational insights for any business-critical app or service that you are either offering or consuming over the Internet.
But visibility and monitoring as terms can be a bit vague. And there are varying claims to BGP visibility or monitoring out there. But it’s important to understand what types of ‘BGP monitoring’ exist out in the wild and how to distinguish them, key capabilities you should look for in BGP monitoring, and a little hack on telling the difference between serious BGP visibility and the poseurs.
The shortest BGP overview ever
For those network operators who are deeply knowledgeable about routing, forgive the drastic simplification of a complicated process for the Internet’s control plane. The BGP (Border Gateway Protocol) is a path vector routing protocol that essentially concerns itself with two major functions:
- Establishing routed peerings (communication sessions) between Autonomous Systems or ASes (networks that have registered to participate in the BGP fabric of the Internet) so they can exchange routing information (how to get across the Internet to various prefixes (network addresses). There are currently over 63,000 ASNs.
- Propagating routes to IP prefixes (network addresses) across all those AS. Routes are defined not as paths through individual routers, but as paths through Autonomous Systems. So, when you look at a BGP routing update message, you’ll see a sequence of AS Numbers (ASNs) which forms an AS-PATH, corresponding to a specific prefix.
A BGP routing update can contain multiple AS-PATHS for a prefix, along with multiple AS-Path attributes. Currently, the IPv4 BGP routing table for the Internet currently contains 768,385 prefixes.
Routing data hinges on perspective
In the Internet, unless there is some type of filtering happening, such as China’s Great Firewall, the assumption is that you can reach anywhere in the Internet from anywhere. However, the path your traffic takes to a given location will differ based on where you’re coming from.
Furthermore, with the vastness of the Internet, it’s possible for a single routing vantage point to introduce spurious routes. That’s why if you want to understand Internet routing you need to get and intelligently process a lot of different perspectives from different ISPs for global visibility to get close to ground truth on Internet routing behavior.
BGP monitoring is getting more popular—thank goodness
One of the things that’s been interesting but ultimately great to see is the rising awareness that understanding Internet performance is critical for sound network performance monitoring (NPM) and digital experience monitoring (DEM). I say rising because if you go back a couple of years you’d see some NPM vendors positively bashing BGP monitoring, and most other studiously ignoring it. But with so many organizations using the cloud to build apps and services, offering customer digital experiences, consuming SaaS, and modernizing your WAN, the influence of the Internet has become too big to ignore. The most competitive digital organizations have built or are building expertise in global connectivity, interdomain routing and its complex interactions with their internal routing policies, BGP policies, managing ISPs. All this expertise goes towards tuning operations to get the best performance. As a result, even skeptical vendors are becoming BGP visibility converts.
Five implementation types for BGP monitoring
Sadly, while BGP has a clear definition as a protocol, the meaning of the term “BGP monitoring” can be highly variable depending on who’s claiming it. So it might be helpful to outline five different implementations by which BGP routing data is offered as “visibility.”
1. Light integration of BGP routing attribute data into network-layer paths. Some monitoring products essentially take a feed of BGP attribute data, then enhance network-layer path information. Now, this is where we get into semantics. It’s possible to simply label various nodes in a Layer 3 path with the names of the ASN they’re in by doing prefix lookups against a single BGP routing feed. But this is a real stretch to call “BGP monitoring,” or “BGP visualization.” After all, you can’t say that you’re monitoring BGP routing or visualizing it when you can’t look at prefixes or AS-PATHS.
2. Third-party open source tool linking. Some monitoring products provide a link to external, open source tools such as RIPEStat BGPlay. The upside to this approach is that you get to use a cool tool where you can do some BGP prefix analysis. The downside is that it’s not meant for ongoing monitoring so much as snapshot views, isn’t integrated with the rest of the product workflow, and isn’t really meant for business use.
3. BGP traffic analysis. This is an interesting concept, whereby traffic flow data is enhanced by prefix matching the source and destination IPs then mapping to BGP attributes for those prefixes, such that you can see traffic volumetrics from a source AS to destination AS, and even via transit AS. That’s definitely interesting and useful if you’re moving large volumes of service traffic to the Internet. However, the focus of this capability is traffic analytics rather than monitoring or visualizing how BGP routing itself is working.
4. Standalone BGP visibility toolkits. There are some open source and commercial tools that perform BGP prefix monitoring on a standalone basis. These tools are used by some large organizations, but generally, they are difficult for IT teams to use for troubleshooting application and service issues because they typically are offered as data feeds. That means the IT organization needs to integrate that data and perform its own correlation against other tools in the stack. Furthermore, these data feeds can be filled with routing issues from the most unstable fringes of the Internet, creating a ton of useless noise. This is legit BGP monitoring, but it’s just not very useful for business purposes by the average IT team.
5. Integrated BGP route monitoring. Integrated BGP route monitoring means directly pulling collected global routing tables and updates on a frequent basis and integrating BGP prefix monitoring, reachability information and visualization of ASes, AS paths, path lengths, etc. with other aspects of digital experience monitoring (DEM) so that it delivers contextually useful insights in real-time for app and service operations visibility. As mentioned above, you need that BGP routing data from many points on the Internet and to use intelligent algorithms to create a sufficiently accurate perspective.