RPKI Archives - NETRAVNEN BLOGGING

LibreNMS Alerts

An overview of LibreNMS alerts used to monitor different anomalies.

RPKI Session down – JUNOS

Trigger alert if we logged a RPKI session has gone down within the last 1 hour. Match based on syslog events from device. (Device > log > syslog)

syslog.msg LIKE '%RPD_RV_SESSIONDOWN%'
AND syslog.timestamp >= macros.past_60m
AND macros.device_up = 1

Broadcast packets exceeds threshold – JUNOS

Trigger alert if more than 300 broadcast pkt/s on 10/25/100 GbE interfaces. ifAlias (interface description on the network device) needs to begin with “PEERING”.

ports_statistics.ifInBroadcastPkts_rate > 300
AND ports.ifAlias LIKE 'PEERING%'
AND macros.device_up = 1
AND (
  ports.ifName LIKE 'et-%'
  OR ports.ifName LIKE 'xe-%'
)

Tool: RPKI Origin Validation Checker

I wrote a small tool to help figure out the impact of deploying “RPKI invalid == reject” routing policies, since not all invalids are equally problematic. Enjoy! https://t.co/qtxs5Z46Yx pic.twitter.com/aw6CCNSLXf
— Job Snijders (@JobSnijders) February 6, 2020

RPKI: The path to secure Internet routing – DCD

As Internet traffic has increased and databases have become more outdated, the importance of routing validation has increased

Source: RPKI: The path to secure Internet routing – DCD