METHOD AND SYSTEM FOR MONITORING BORDER GATEWAY PROTOCOL (BGP) DATA IN A DISTRIBUTED COMPUTER NETWORK

摘要

A Border Gateway Protocol (BGP) monitoring service is described. The monitoring service receives as input(s) configuration data input from one or more site(s) that desire to obtain the service, as well as BGP feed data received from a set of data collectors (308) positioned at or adjacent BGP peering points. For every origin (IP space) being monitored, a monitoring application monitors a set of allowed or permitted originating Autonomous System (AS) numbers for that space. Thus, for every IF address space being watched (i.e., for each routable block that contains an origin server IP address of interest), the monitoring application continually monitors the set of transit Autonomous Systems for that CIDR block. Using the real-time BGP feeds (and/or the daily updates), the monitoring application looks for updates coming from the routers that impact the CIDR blocks of interest for that particular site(s). When a variance occurs, the monitoring application sends a message to an alerts system, which then issues a notification to the affected user or takes some other control action. Thus, for example, when a route to a network IP range being tracked is advertised from within some other network, the service identifies where the advertisement originates. This enables the site to detect potential BGP-based attacks and to respond accordingly.