BGP Routing Leak Detection SystemRouting Leak Detection System

We use a simple technique where we process RIB and BGP UPDATE snapshots to find either persistent or Transient routing leaks that exist. We have a series of "BIG" Networks that should not show up in a sequence. Example: UUNet (701) does not buy from Sprint (1239) to get to Globalcrossing (3549). This means if we see an as-path with all three of these in the path, it is flagged and stored. We do exclude a few business relationships in our processing. (Examples are that Telia 1299 is known to buy transit from UUNet). For a list of the major networks we match, follow the link.

Attempting to show the most recent 1000 detected by our system. We use two data sources, one a BGP feed located on puck, the second is processing the BGP Updates from the Route Views project. The source column either show puck, which is just a RIB snapshot or the file name from Route Views that we processed.

We also attempt to determine the asn responsible for accepting the routing leak. That is shown in the Contact column. We are using a modified version of the zebra-dump-parser.pl script. Copies are available upon request.

Networks that want to get automated notices when they are involved in one of these leaks, or responsible for a leak should contact Jared Mauch directly. He can add you for now and we may add an automated system soon enough.

Cisco customers should ask about CSCuq14541 to make IOS mimic the XR behavior of not sending routes without a configured policy.

General statistics are available from the system via the following link. We started collecting all the available data from route-views during 2007-09-06 and later, so this is why there is an increase.

Known major events: 2007-08-25 - AS3561 leaked a large number of peer routes to other peers

Search the data:
Prefix: eg: 127.0.0/8 or 35.42.1.0/24 are valid -- do not forget a netmask :)
AS_PATH: eg: "1668_3561"
Contact ASN: eg: 6461
Number of Recent: