Monitor ASNs

View all ASNs

You can view all ASNs as described in the following steps:

Procedure

Step 1

Choose External Routing Analytics > Monitor > ASNs.

Crosswork Cloud Network Insights displays information in the following columns:

  • ASN—The ASN.

  • Policy—The policy associated with the ASN.

  • Tags—List of tags associated with the ASN.

  • Active Alarms—Number of active alarms associated with the ASN.

  • Severity—The highest alarm level (High, Medium, or Low) associated with the ASN.

  • Last Active Alarm—The alarm type, day, and time of the last active alarm associated with the ASN.

Step 2

To view more details about a specific ASN, click the ASN. These tabs provide more ASN details:

  • Overview—Contains summary information about your ASN.

  • Alarms—Provides details about alarms associated with the ASN.

  • Traffic—If applicable, provides details about any traffic running on the ASN.

  • BGP Updates—Contains details about the BGP updates, as reported by peers, that triggered alarms.

  • Looking Glass—Contains looking glass information for the ASN

  • ROA—Contains details about all known ROAs associated with the ASN.

  • RPSL—Contains RPSL data that is associated with the ASN.

  • Reports—Lists the reports available for this ASN. To set up a report, click Configure. For more information, see Configure ASN Routing Reports.

Step 3

To add a new ASN, click Monitor ASNs. For more information, see Add an ASN to Monitor.

View ASN details

Procedure

Step 1

Choose External Routing Analytics > Monitor > ASNs.

Step 2

To view more details about a specific ASN, click the ASN name.

Step 3

Click one of the following tabs to display more details about the ASN:

  • Overview—Contains summary information about your ASN. See ASN Overview details for more details.

  • Alarms—Provides details about alarms associated with the ASN. See ASN Alarm details for more details.

  • Traffic—Provides details about any traffic running on the ASN.

  • BGP Updates—Contains details about the BGP updates, as reported by peers, that triggered alarms. See ASN BGP Update details for more details.

  • Looking Glass—Contains looking glass information for the ASN. See ASN Looking Glass details for more details.

  • ROA—Contains details about all known ROAs associated with the ASN. See ASN ROA details for more details.

  • RPSL—Contains RPSL data that is associated with the ASN. See ASN RPSL coverage for more details.

  • Reports—Lists the reports available for this ASN. To set up a report, click Configure. For more information, see Configure ASN Routing reports.

ASN Overview details

To view ASN overview details, choose External Routing Analytics > Monitor > ASNs, click the name of the ASN, and then click the Overview tab.

Crosswork Cloud Network Insights displays ASN overview details as described in the following table.

Table 1. ASN Overview Details Field Descriptions

Field

Description

Linked Policy

The policy associated with the ASN.

Tags

User-specified tags that are applied to the ASN.

Last Active Alarm

List of last active alarms associated with the ASN.

Originating Prefixes

Originating Prefixes refers to the specific number of IP address blocks (both IPv4 and IPv6) that an Autonomous System (AS) is currently advertising via BGP. This value is based on the latest snapshot of the Global Routing Table (GRT) and represents the prefixes actively advertised (not withdrawn) by the AS, which are still visible in the GRT.

Summary

Summary data including a map showing the geographical location and number of peers.

IRR/RPSL data

Provides the RPSL information for the ASN. Crosswork Cloud Network Insights displays the RPSL databases in which it found information for the ASN.

Crosswork Cloud Network Insights retrieves the list of observed prefixes originating from the ASN, compares this with the information in the RPSL records, and determines if the origin ASNs match. The Valid RPSL Prefix Coverage indicates the number of prefixes in which Crosswork Cloud Network Insights validated that the prefix originates from the same ASN as specified in the RPSL database. Click on the number to view more RPSL details. See ASN RPSL coverage for more information.

Peers

Number of peers and a map indicating the location of the peers. Click Table for a tabular view of peers.

Notes

Any user-configured notes associated with the ASN.

ASN Alarm details

To view ASN alarm details, choose External Routing Analytics > Monitor > ASNs > asn-name > Alarms.

Crosswork Cloud Network Insights displays ASN alarm details as described in the following table.

Table 2. ASN Alarm Details Field Descriptions

Field

Description

Alarm state

Click any of the following alarm states:

  • ActiveCrosswork Cloud Network Insights displays a list of all active alarms, which are sorted by priority.

  • AcknowledgedCrosswork Cloud Network Insights displays a list of all acknowledged alarms, which are sorted by priority.

Alarm Details

Details about the alarm.

# Peers

The number of peers that reported the violation.

Severity

The configured severity level of the alarm.

Activated

Date and time the alarm occurred.

Notes

Any user-entered notes about the alarm.

ASN BGP Update details

To view ASN BGP update details, choose External Routing Analytics > Monitor > ASNs, click the name of the ASN, and then click the BGP Updates tab.

Crosswork Cloud Network Insights displays ASN BGP update details as described in the following table.

Table 3. ASN BGP Update details field descriptions

Field

Description

BGP Updates Graph

Specify a specific timeframe by selecting a value from the Timeframe drop-down list.

The interactive dual-axis graph displays the BGP advertisements and withdrawals that occurred during that time range. The number of advertisements are represented on the left side of the graph. The number of withdrawals are represented on the right side of the graph.

Peer AS

The Peer AS from which the BGP update was received.

Prefix

The prefix IP address from which the BGP update was received.

AS Path

The AS routing path.

Communities

The communities path attribute, if applicable.

Update Type

The BGP update type.

Last Updated

Date and time of the last BGP update.

ASN Looking Glass details

To view ASN looking glass details, choose External Routing Analytics > Monitor > ASNs, click the name of the ASN, then click the Looking Glass tab.

Crosswork Cloud Network Insights displays ASN looking glass details as described in the following table.

Table 4. ASN Looking Glass Field Descriptions

Field

Description

Prefix

The prefix IP address from which the BGP update was received.

Reporting Peers

The number of reporting peers.

Valid

Indicates whether the prefix is valid.

Subscribed

Indicates whether you are subscribed to the specific prefix.

Valid RPSL

Indicates if Crosswork Cloud Network Insights validated that the prefix originates from the same ASN as specified in the RPSL database.

ASN ROA details

The ASN Route Origin Authorization (ROA) page (External Routing Analytics > Monitor > ASNs > asn-id > ROA) lists the ASN prefixes with active and expiring ROAs. To filter which prefixes are active or expiring within a given time range, select an option under the Expires Within field.

The following example shows two ROA prefixes that will expire within a year. You can find the details for the ROA prefixes listed in the table.

Figure 1. ASN ROA Page

ASN ROA Page

Note

There may be cases where a prefix is displayed with an expired ROA certificate. In these cases, the end date will be noted in red text. This can happen between updates where the certificate was valid at the time of the last update, but is now expired. The prefix entry will be removed in the next update.

Table 5. ASN ROA descriptions

Column/Field

Description

Last Updated

The last date and time that information was retrieved

ROA Prefix

The prefix that the ROA authorizes the ASN to advertise. The ROA can cover a range of subnets for the base prefix as determined by Max Length.

The total number of prefixes for the ASN that have an ROA with each status.

Max Length

The maximum prefix length of the most specific IP prefix that the ROA authorizes the ASN to advertise.

Source

The organization that published the ROA. Examples:

  • American Registry for Internet Numbers (ARIN)

  • Internet Numbers Registry for Africa (AFRINIC)

  • Asia-Pacific Network Information Centre (APNIC)

  • Latin American and Caribbean Internet Addresses Registry (LACNIC)

  • Réseaux IP Européens (RIPE NCC)

ROA ASN

The AS number that is authorized by the ROA to originate the prefix.

Start

The start date and time for which this ROA is considered valid.

End

The end date and time for which this ROA is considered expired.

ASN RPSL coverage

To view ASN RPSL details, choose External Routing Analytics > Monitor > ASNs, click the name of the ASN, then click the RPSL tab.

Crosswork Cloud Network Insights gathers the RPSL records for all the prefixes it observes originating from the ASN and displays the RPSL records as described in the table below. Crosswork Cloud Network Insights determines if the BGP prefix updates for an ASN matches the RPSL ASN record associated with that prefix.


Note

There could be more than one row in the table for a particular prefix. This is because Crosswork Cloud Network Insights displays all records for a given prefix. If there are two RPSL records in a database, and each specifies a different origin ASN for the prefix, Crosswork Cloud Network Insights displays both records.

Table 6. ASN RPSL Details Field Descriptions

Field

Description

View options

Select which RPSL records you want to view:

  • All—Display all RPSL records.

  • Valid—Display valid and partial-match RPSL records in which Crosswork Cloud Network Insights validated that the prefix originates from the same ASN as specified in the RPSL database.

  • Mismatch—Display RPSL records in which the prefix originated from a different ASN than specified in the RPSL database.

  • No RPSL—Display prefixes that have no RPSL records.

Last Scan

The date and time Crosswork Cloud Network Insights last scanned the RPSL databases. Crosswork Cloud Network Insights scans RPSL databases once per day.

To view the specific date and time Crosswork Cloud Network Insights scanned each RPSL database, click on the date. This helps you determine when Crosswork Cloud Network Insights last retrieved data from the RPSL databases.

Prefix

The prefix originating from this ASN, as observed by Crosswork Cloud Network Insights.

Source

The RPSL database source from which Crosswork Cloud Network Insights retrieved this record. Because prefixes can have records in multiple RPSL databases, Crosswork Cloud Network Insights displays each database source in a new row.

Origin ASN

The ASN that is specified in the origin attribute in the RPSL record.

Description

The descr attribute in the RPSL route/route6 record, which typically contains a description about the route record.

Member Of

The member-of attribute in the RPSL route/route6 record, which indicates the route-set with which the route/route6 record is associated.

Classification

Crosswork Cloud Network Insights determines if the BGP prefix updates for an ASN matches the RPSL ASN record associated with that prefix. When Crosswork Cloud Network Insights cannot find an RPSL record for an exact match of the prefix, it examines its parent's RPSL record to determine the classification. The classification values can be:

  • Mismatch—Indicates that Crosswork Cloud Network Insights has determined that the prefix has an origin ASN different from that specified in the RPSL database.

  • Exact Match—Indicates that Crosswork Cloud Network Insights validated that the prefix originates from the origin ASN specified in the RPSL record for that prefix.

  • Partial Match—Indicates that Crosswork Cloud Network Insights validated that the prefix originates from the ASN specified as the origin ASN in the RPSL record of the parent for that prefix (while not an exact prefix match, an RPSL record for the supernet was present).

  • No RPSL—Indicates that Crosswork Cloud Network Insights did not find any RPSL records for the prefix or its parent in any RPSL databases.

Last Updated

The date and time of the latest changed attribute in the RPSL record for the prefix or its parent.

View ASN Traffic Details


Note
This feature is for Crosswork Traffic Analysis only.

You can view traffic details for one or multiple ASNs.

Procedure

Step 1

In the main window, click Traffic Analysis > Monitor > ASNs.

Crosswork Cloud Traffic Analysis displays the traffic information for all ASNs.

Step 2

To view traffic details for a specific ASN, click on the ASN name or number in the first column.

Step 3

To compare traffic details for two or more ASNs, click the check box next to the ASNs, then click Traffic Comparison at the top of the table.

Crosswork Cloud Traffic Analysis displays traffic information for all selected ASNs.

View daily ASN changes (ASN Routing Report)

Each ASN Routing Report instance summarizes and identifies the differences in AS peerings (new, changed, inactive) and originated prefixes (new, changed, deleted) since the last time a report for the ASN was generated. This daily report can help you focus on potential problems or gaps in RIR/RPSL/ROA configuration that need to be addressed for the ASN and its associated prefixes. Each report instance is sent to the endpoint(s) you configured and contains direct links to the Crosswork Cloud Reports UI. This procedure describes how to navigate through the UI to see the contents of a report instance.

Before you begin

You must have an ASN Routing Report configured before viewing the daily reports. For more information, see Configure ASN Routing reports.

Procedure

Step 1

Choose External Routing Analytics > Monitor > ASNs.

Step 2

Click the name of the ASN and then then click Reports.

All reports that have been generated for this ASN are listed with high level details on this page.

Step 3

Click on a report instance name.

By default, the Summary page displays a high level count of AS peering and prefix changes.

Step 4

Click one of the following AS Peering Changes values:

  • New—The AS Peers page displays any new AS peerings since the last report instance.
  • Changed—The AS Peers page displays a list of AS peerings that have changed since the last report instance.
  • Inactive—The AS Peers page displays any AS peerings that have been marked inactive since the last report instance. An AS peering is marked inactive if there have been no prefix notifications that contain this ASN peering (ASN does not appear in any AS paths) with the selected ASN for at least 30 days. The Last Seen column displays the last time the AS peer was active.

Note

 

For more information, see AS Peers Report.

Step 5

Click any IPv4/IPv6 Prefix Changes values:

  • New—The IPv4/IPv6 Prefix page displays any new prefixes observed originating from this ASN since the last report instance.
  • Changed—The IPv4/IPv6 Prefix page a list of prefixes observed originating from this ASN and have changed since the last report instance.
  • Deleted—The IPv4/IPv6 Prefix page displays a list of prefixes that have been withdrawn since the last report instance.

Note

 

For more information, see IPv4 and IPv6 prefix report.

AS Peers Report

The AS Peers page displays the ASNs that the selected ASN is peering with, along with details that have changed since the last generated report instance.


Note

By default, the page only shows AS peerings with New, Active Changed, or Inactive states. To view all AS peerings and states, include Active in the filter, or reset the filter to view the complete set of AS peerings that also includes the Active (but unchanged) AS Peerings.

  • Peer ASN—The ASN peering with the ASN of interest.

  • Peering Type—The peering type indicates whether the peer ASN is immediately upstream or downstream of the ASN of interest.

  • Peering State—Displays the ASN Peering state at the time the report instance was generated. The following list shows the possible states for the ASN Peering:

    • Active: The peering between the two ASNs has been observed. This is either the first report instance generated or nothing has changed about this peering since the last report instance.

    • Active Changed: The peering has been active, but has changed since the last report instance.

    • New: This is a new ASN peering. This peering was not in the previous report instance.

    • Inactive: An inactive state means that the peering between the two ASNs has not appeared in any AS paths for at least 30 days.

  • Prefix Count—Indicates the number of prefixes whose advertisements contain the AS peering in the AS path.

  • New Prefix Count—Indicates the number of new prefixes being advertised.

  • First Seen/Last Seen—Displays the first or last time the ASN peering appeared in the AS path of a prefix notification.

IPv4 and IPv6 prefix report

The IPv4 and IPv6 Prefix pages displays the prefix status and details at the time the report instance was generated.


Note

By default, the page only shows prefixes with New, Active Changed, or Inactive states. To view all AS peerings and states, include Active in the filter, or reset the filter to view the complete set of prefixes that also includes the Active (but unchanged) prefixes.

The following details are displayed:

  • Prefix—Lists all the prefixes of the selected ASN.

  • Subscribed—Displays the subscription status at the time the report was generated.

  • RIR Information—Displays the Whois information if it is available for IPv4 prefixes. This column currently does not apply to IPv6 prefixes.

  • Health—An IPv4 prefix Needs Attention if either the RIR information or ROA records are unavailable or not associated with it. An IPv6 prefix Needs Attention if there are no ROE records associated with it.

  • Prefix State—Displays the prefix status at the time the report instance was generated. When the prefix has been active, but has changed since the day before, the state is Active Changed.

    • Active: The prefix has been observed originating from the ASN. This is either the first report instance generated or nothing has changed about this prefix since the last report instance.

    • Active Changed: The prefix has been active, but has changed since the last report instance.

    • New: This is a new ASN prefix. This prefix was not in the previous report instance.

    • Deleted: The prefix has been withdrawn since the last report instance.

  • RPSL Status—Displays the RPSL information at the time the report instance was generated. If the RPSL information has been found and the origin ASN matches the ASN it is observed to be originating from, the RPSL status is Valid. If an RPSL record is found, but the origin ASN in the record does not match the origin ASN observed, the RPSL status is Mismatch. If there are no RPSL records associated with the prefix, the status is Not Found.

  • ROA StatusExpiring Soon indicates that ROA records associated with the prefix will expire within a day. You may want to filter the column with the Expiring Soon status so that you can update the record if necessary. View the ROA Expiring ROA Count column to see the number of records associated with the selected status.

  • RIR State—Displays the state of the RIR information for the prefix at the time the report instance was generated. If the RIR information has been found and the origin ASN matches the ASN it is observed to be originating from, the RIR status is Valid. If RIR information is found, but the origin ASN in the record does not match the origin ASN observed, RIR status is Mismatch. If RIR information is not found for the prefix, the status is Not Found.

  • Valid RPSL —Indicates the number of valid RPSL records for the prefix.

  • Expiring ROA —Indicates the number of ROA records that are expiring for that prefix within a day.

  • Peer Count —Indicates the number of peers that are advertising that prefix.