Real-time BGP monitoring

Qrator.Radar from Qrator Labs is a platform analyzing routing information and networking connectivity changes in real-time. Internet monitoring system Qrator.Radar makes it possible to detect networking anomalies that could significantly affect the accessibility and quality of the services on a level of global routing.

The crucial role in networks reachability and normal functioning on international and national levels is reserved to the Border Gateway Protocol. It makes possible the information exchange about IP address availability between networks of internet service providers (autonomous systems), allowing to choose a route that traffic will follow until it reaches the destination. However, each ISP selects the route from all the alternatives on its own. Since within the specifications for Border Gateway Protocol, there is no limitation in what the operator could do with the traffic. There is no authentication or verification of incoming routes to networks, preventing traffic management issues between ISPs (routing incidents).

Such incidents' consequences - disruptions in traffic routing and increased delays (up to complete network unavailability, DoS) can affect any ISP. Usually, it's a result of an error in a network equipment configuration. Yet, cases of malicious interception of network traffic are also known.

With the help of Qrator.Radar it is possible to monitor changes in the connectivity and security incidents for both ingress and egress traffic, such as:

  • Route Leaks - redirection or concentration of traffic within an intermediary network that should, under normal circumstances, be present in the route. Smaller operators could incidentally redirect onto themselves traffic flows from the backbone networks or entire continents. Consequences of a route leak include increased latency, traffic loss and substantial degradation of connection quality. As a result of such leak suffer both transit operators and service end-users.
  • Hijacks - illegitimate network prefixes announcement into BGP, allowing to hijack the traffic. Malfunctor, with the help of phishing sites, could attain the traffic of a target, analyze it and search for passwords, financial and personal data.
  • Bogons - announcement of prefixes and autonomous system numbers into BGP reserved for other purposed and not supposed to be in the routing tables. Such an event outcome varies from the local network becoming available to an outside user to the entire network's unavailability.

It is almost impossible to detect network incidents from inside a customer's network. Usually, ISPs monitor only their traffic and cannot observe the routes between other ISPs globally. For these purposes of global traffic monitoring and anomaly detection, one needs a specialized tool that works at a level of interdomain routing.

Qrator.Radar is one of the largest BGP collectors in the world (counting the number of sessions and routing tables). Hundreds of ISPs worldwide provide Qrator Labs with data on all the available within routing tables networks.

Qrator Labs' in-house developed algorithms process received information and searches for any anomalies that could lead to the incidents. The essential part of this is supported by a mathematical model defining the relationship between autonomous systems.

Qrator.Radar detects thousands of routing incidents globally every day.

Information regarding the events connected to an anomalous change in the routing data is available to the customer in real-time. Opportunity to get notices on BGP anomalies in real-time allows immediate reaction on the incident, mitigating possible adverse outcomes for business and ensuring better networking overall.

Registration is available at the Qrator.Radar website.