https://github.com/kioubit/flapalerted

BGP Update based flap detection
https://github.com/kioubit/flapalerted

bgp

Last synced: about 1 month ago
JSON representation

BGP Update based flap detection

• Host: GitHub
• URL: https://github.com/kioubit/flapalerted
• Owner: Kioubit
• Created: 2022-05-03T13:44:43.000Z (over 2 years ago)
• Default Branch: master
• Last Pushed: 2024-11-12T00:32:17.000Z (2 months ago)
• Last Synced: 2024-11-12T01:24:03.773Z (2 months ago)
• Topics: bgp
• Language: Go
• Homepage:
• Size: 501 KB
• Stars: 10
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

        
# FlapAlerted

Receives BGP Update messages by peering with your BGP daemon. Detects path changes and BGP flapping events.


| Overview Page                                                                         | Event details page                                                                    |

|---------------------------------------------------------------------------------------|---------------------------------------------------------------------------------------|

| ![a](https://github.com/user-attachments/assets/303d9aca-b4e3-4613-91ad-891ae16bf49d) | ![b](https://github.com/user-attachments/assets/860615e2-4116-429d-ab27-f8e5e70b69a0) |

### Setup notes

The program will listen on port 1790 for incoming BGP sessions (passive mode - no outgoing connections).

It is recommended to adjust the `routeChangeCounter` and `minimumAge` parameters (see usage) to produce the desired result.

### Usage

```

Usage:

  -asn int

        Your ASN number

  -asnPosition int

        The position of the last static ASN (and for which to keep separate state for) in each path. Use of this parameter is required for special cases such as when connected to a route collector. (default -1)

  -debug

        Enable debug mode (produces a lot of output)

  -disableAddPath

        Disable BGP AddPath support. (Setting must be replicated in BGP daemon)

  -minimumAge int

        Minimum age in seconds a prefix must be active to be detected. Has no effect if the routeChangeCounter is set to zero (default 540)

  -noPathInfo

        Disable keeping path information. (only disable if memory usage is a concern)

  -pathInfoDetectedOnly

        Keep path information only for detected prefixes (decreases memory usage)

  -period int

        Interval in seconds within which the routeChangeCounter value is evaluated. Higher values increase memory consumption. (default 60)

  -routeChangeCounter int

        Number of times a route path needs to change to list a prefix. Use '0' to show all route changes. (default 700)

  -routerID string

        BGP Router ID for this program (default "0.0.0.51")

```

### Example BIRD bgp daemon configuration

```

protocol bgp FLAPALERTED {

    local fdcf:8538:9ad5:1111::3 as 4242423914; # This address cannot be ::1, it must be another address assigned to the host

    neighbor ::1 as 4242423914 port 1790;

    ipv4 {

        add paths on;

        export all;

        import none;

    };

    ipv6 {

        add paths on;

        export all;

        import none;

    };

}

```

### Module Documentation

The program supports additional modules that can be customized at build-time.

#### mod_httpAPI (Enabled by default)

Provides the following http API endpoints on port `8699`:

- `/capabilities`

- `/flaps/active/compact`

- `/flaps/prefix?prefix=`

- `/flaps/active/history?cidr=`

- `/flaps/metrics/json`

- `/flaps/metrics/prometheus`

- `/flaps/avgRouteChanges90`

It also provides a user interface (on the same port) at path:

- `/`

To disable this module, add the following tag to the `MODULES` variable in the `Makefile`: `disable_mod_httpAPI`

#### mod_log (Enabled by default)

Logs each time a prefix exceeds the defined `routeChangeCounter` within the defined `period` to STDOUT.

To disable this module, add the following tag to the `MODULES` variable in the `Makefile`: `disable_mod_log`

#### mod_roaFilter (Disabled by default)

Filters a ROA file in JSON format to remove flapping prefixes.

The filtered prefixes are to be re-added by the external program updating the ROA file at regular intervals.

See the command line help for required arguments.

To enable this module, add the following tag to the `MODULES` variable in the `Makefile`: `mod_roaFilter`

***

### Building

#### Manually

You will need to have GO installed on your system. Then run `make release` and find the binary in the `bin/` directory.

#### Docker

Clone this repository and run `docker build .` to generate a docker image.

Environment variables can be used to specify the configuration options by capitalizing the command line flags and adding a `FA_` prefix to them.

For instance, to set the ASN number, use the following environment variable: ``FA_ASN=``