Today, the Internet is synonymous with business outcomes. Your banking, healthcare, entertainment, shopping and much more all rely on the Internet. But did you know the Internet is fundamentally dependent on routing based on Border Gateway Protocol (BGP)?
BGP is mature and robust to support the routing of Internet traffic, but operations of network routing can be complex to maintain and exposed to numerous security threats. Without a steadfast focus to preserve healthy routing, Internet-based businesses could be disrupted. Simply search Google for "BGP hijacks," and you will find many cases that have impacted major businesses. Network operators are acutely aware of these threats, but the casual consumer or enterprise just expects service providers to keep the Internet working properly.
Imagine the area code on your phone, "858", but if you accidentally entered "859" where would your call get routed? On the Internet, BGP routing tables determine where data is routed, using prefixes as the equivalent of area codes, but a simple misconfiguration gone undetected could mistakenly route customer data to unintended destinations. In the same example, if attackers hijacked your prefix and replaced it, they could commandeer your traffic, resulting in business disruption or stolen data.
The challenge operators face
With all good intentions in mind, the network operators' challenge to maintain secure routing is complex and taxing. Networks are distributed globally and often in an unpredictable environment with internal and external changes.
With lack of effective tools and an IT staff without deep BGP knowledge, operations teams are overwhelmed by the sheer volume of data, interpreting that data (which can be very disorganized), and logically making deterministic decisions. Executed erroneously, your network can experience performance issues, service outages, or even fraud from malicious redirects. Whether caused by operational errors or malicious intent, the impact has long-lasting impressions on your brand and reputation with your customers.
Gaining an advantage
With customers depending on the Internet to be trustworthy and reliable from their service provider, what can your operations team do to protect them? One way is to take a proactive and cost-effective approach to monitor routing health with Cisco Crosswork Network Insights as a cloud delivered routing analytics service. This helps your operations team reduce the time to recognize and repair such incidents. Using machine learning, it accurately identifies anomalies by performing rich analysis of routing data collected from local and global sources.
Figure 1 - See immediate results by rapidly identifying anomalies of your network and IP address assets, a critical step in reducing the Mean Time To Resolution (MTTR) for control plane issues.
A closer look
Let's explore how the service works to help you improve network stability:
- Getting started is easy with express configuration of an Autonomous System Number (ASN) for all prefixes and default alarms.
- Data is collected at scale from local and global sources. The service will perform rich analysis of routing data to determine anomalies based on multiple routing databases. The operator can then use these insights to take deterministic actions.
- Further customize the settings for your needs and define flexible policies to see erroneous prefixes advertised from an unexpected origin ASN. The reason could be a configuration error or even a malicious BGP hijack attempting to deny service or misdirect traffic.
- Find problematic route leaks when longer than expected prefixes are seen. This violation leads to suboptimal routing, which causes poor service delivery or even worse - a complete blackhole of network traffic.
- Promptly catch bad actors when they advertise your ASN, spoof your network, and steal your IP assets to covertly impersonate you.
- Boost BGP security with route origin validation. Trigger alarms when announcements contain unauthorized origin ASN compared to resource public key infrastructure data. Stay one step ahead by monitoring for additional alarms.
- Receive immediate notification if a prefix is erroneously advertised from an unexpected origin ASN. The reason could be a configuration error, or a malicious BGP hijacker attempting to deny service or misdirect traffic.
- Use BGP Looking Glass, an easy-to-understand dashboard, to rapidly visualize global routing health. Forensic analysis of historical data can also help you determine who did what to whom.
- With notification endpoints, your operations team is immediately alerted in the way you want.
- Leverage APIs to integrate into your operational tools.
Cisco's Solution - Learn More
Cisco Crosswork Network Insights is designed for anyone who needs to understand how their networks are routed and how their prefixes are seen from hundreds of other networks worldwide. Even better, the service is operational in minutes and will continue to innovate with new techniques to keep your network agile and secure by helping to limit potentially damaging exposure through negative routing events.
For a more detailed review, download our whitepaper, Understanding the Risks of Traffic Hijacking.
– Martin Thygesen, Product Manager, Service Provider Network Automation and Analytics, Cisco
This content is sponsored by Cisco.