As the routing protocol that runs the Internet, Border Gateway Protocol (BGP) is a key piece of the puzzle that helps you understand how your customers get to you. If you want to understand digital experience delivery, then you have to understand the Internet, and BGP visibility is very important if you intend to have operational insights for any business-critical app or service that you are either offering or consuming over the Internet.
There are a range of varying claims to BGP visibility or monitoring out there, terms which are themselves quite vague. Consequently, it’s important to understand what types of BGP monitoring exist and how to distinguish them, as well as what key capabilities you need to look for.
A (very) short introduction to BGP
The BGP is a path vector routing protocol that (put very simply) concerns itself with two major functions:
- Establishing routed peerings (communication sessions) between Autonomous Systems (or AS, networks that have registered to participate in the BGP fabric of the Internet), so they can exchange routing information to various prefixes (network addresses). There are currently over 63,000 AS Numbers (ASNs).
- Propagating routes to IP prefixes across all those AS. Routes are defined not as paths through individual routers, but as paths through AS. So, when you look at a BGP routing update message, you’ll see a sequence of ASNs which forms an AS-PATH, corresponding to a specific prefix.
A BGP routing update can contain multiple AS-PATHS for a prefix, along with multiple AS-Path attributes. Currently, the IPv4 BGP routing table for the Internet contains 768,385 prefixes.
The importance of perspective
There is an assumption about the Internet that, bar instances of filtering like China’s Great Firewall, you can reach anywhere from anywhere. But in fact the path Internet traffic takes will differ based on where it’s coming from, and a single routing vantage point can introduce inauthentic routes.
If you want to get a clear picture of Internet routing it’s necessary to process a lot of different perspectives from different ISPs for global visibility.
The growing popularity of BGP monitoring
Understanding Internet performance is critical for effective network performance monitoring (NPM) and digital experience monitoring (DEM), and, in stark contrast to a few years ago, BGP monitoring is growing in popularity.
Previously many NPM vendors would either actively advise against it or else ignore its existence. But with the rapidly growing prevalence of the cloud, being used to build apps and services, offering customer digital experiences, consuming SaaS, and modernizing your WAN, the necessity of BGP monitoring has become impossible to ignore. Global connectivity is a goal for any self-respecting competitive digital organization, meaning these businesses must also build expertise in interdomain routing, the resulting complex interactions with internal routing policies, BGP policies, and managing ISPs. Even the most skeptical of vendors have been turned around on BGP visibility.
Key capabilities
Before diving in to the different types of BGP monitoring products available, all of which offer varying degrees of insight into Internet routing behavior, it is helpful to know the key capabilities to look for to support DEM use-cases. Below are some metrics and visualizations that are needed on a time-series, historical basis:
1) Independent AS-PATH visualizations, for example, linked to higher level monitoring against an app or service URL
- All prefixes related to monitoring test connectivity to that URL are automatically detected
2) Metrics:
- Prefix path changes
- Prefix reachability
- Prefix updates
3) Cross-layer correlation
- BGP routing data should be time-series correlated to other layers of data including network layer paths, end-to-end network performance metrics (packet loss, latency, jitter), and app-layer metrics (response time, and page load)
BGP monitoring: Five execution types
But despite the fact that BGP has a clear definition as a protocol, the meaning of the term “BGP monitoring” can vary, depending on who’s making the claim. Here are five ways that BGP routing data is offered as “visibility.”
- BGP visibility toolkits: Some large organizations will use open source and commercial tools that perform BGP prefix monitoring on a standalone basis. However, these can be difficult for IT teams to use for troubleshooting application and service issues, as they are typically offered as data feeds. For meaningful troubleshooting capabilities the IT team would need to integrate that data and perform its own correlation against other tools in the stack. It can also be hard to sift through the data from these toolkits as the feeds can be filled with routing issues from the most unstable fringes of the Internet, creating a lot of useless noise. While this is technically legitimate BGP monitoring, it’s not hugely useful to the average IT team.
- Light integration: This option involves integrating a feed of BGP routing attribute data into network-layer paths to enhance the path information. What follows can become an issue of semantics: it’s possible to simply label various nodes in a Layer 3 path with the names of the ASN they’re in by doing prefix lookups against a single BGP routing feed. But this barely qualifies as “BGP monitoring,” or “BGP visualization,” since it doesn’t enable you to visualize prefixes or AS-PATHS.
- BGP traffic analysis: This approach enhances traffic flow data by prefix matching the source and destination IPs then mapping to BGP attributes for those prefixes, resulting in oversight of traffic volume metrics from a source AS to destination AS, and even via transit AS. This is without a doubt an interesting option and very useful if you’re moving large volumes of service traffic to the Internet. But rather than monitoring or visualizing how BGP routing is working its focused on traffic analytics.
- Third-party open source tools: There are a range of external, open source tools, such as RIPEStat BGPlay, that some monitoring products link to. The upside of these is that they have BGP prefix analysis capability. But the downside is rather than allowing for ongoing monitoring, these tools mainly provide a snapshot view, which isn’t integrated with the rest of the product workflow, and therefore not very useful for businesses.
- Integrated BGP route monitoring: This option means directly pulling collected global routing tables and updates on a frequent basis and integrating BGP prefix monitoring, reachability information and visualization of ASes, AS paths, path lengths and so forth, with other aspects of DEM so that it delivers insights in real-time for app and service operations visibility. This is the approach which will give you the most accurate perspective – providing as it does BGP routing data from many points on the Internet and utilizing intelligent algorithms.
So, is your BGP monitoring for real?
A quick hack to determine whether you’re looking at real BGP monitoring or a less than useful copy version is to search the product or vendor name, plus “BGP” and “prefix” and compare the results. This will quickly reveal who is up to speed and writing about real-world BGP issues relating to digital experience delivery; and who can provide useful insights into BGP routing and the Internet to help you as a business understand your digital experience delivery.