Login
Login

Extra alert information for the "Prefix is generating lots of updates" alert

This alert is triggered when bgp.tools receives a lot of BGP routing updates for a single prefix.

Large and long bursts of BGP updates typically also result in routing instability and prefix unreachability. The design of this alert is to detect reachability issues that do not surface as a lack of reachability in it self.

This is normally caused by “flapping”, either directly from your network (via a router or link going up and down constantly), or somewhere in the upstream chain is causing large volumes of route updates to be generated on your behalf.

You may want to check the Historical Monitoring Graphs and use the “Upstream Update Rate” option to see if there is one particular upstream that appears a lot.

Before these alerts are fired, they are compared against a “baseline” rate of routing updates, this baseline score is made up of the medium of 4 prefixes that are regarded to be typically stable. If a prefix exceeds the baseline rate by over 100 times, and for more than 20 mins, the alert is triggered. The long time is to ensure that normal routing changes do not trigger this.

It is worth keeping in mind that the alert could have little to do with you directly, and may either be a supplier (or the supplier to that supplier) having issues. However it still indicates a problem that you should investigate as it may be causing unreachability for some parts of the internet.

Right now bgp.tools does not have the facilities to record all BGP routing updates, however we hope in the future to have better debugging capabilities for these events. However the theoretical financial burden of recording all sessions right now is very high, and so it is not done right now.