New alert options for DASH

By on 9 Dec 2022

Category: Tech matters

Tags: , , ,

Blog home

APNIC is pleased to announce the release of a new feature in the Dashboard for Autonomous System Health (DASH). Based on the alignment of Border Gateway Protocol (BGP) with Resource Public Key Infrastructure (RPKI) and Internet Routing Registry (IRR) objects, DASH now has alerts for when these three information systems fall out of agreement.

As previously noted on the blog, the routing status service in DASH is built on four sources of information:

  1. Delegation records that APNIC manages on your behalf. This is why DASH is a login service, linked to your personal Single Sign-On (SSO) account and your different APNIC memberships.
  2. A view of BGP from Singapore, to show the visibility of your resources in the APNIC region (this will be augmented with other views in the future).
  3. Our own validator collects the Virtual Routing and Forwarding (VRF) status from the worldwide RPKI system to compare Route Origin Authorizations (ROAs) covering your resources with APNIC’s view of your BGP alignment and the IRR systems.
  4. A Near Real Time Mirroring (NRTM) feed of the IRR data.

We compare these sources to understand the alignment of your BGP to the public declarations made about ‘you’ in RPKI and IRR (about you, because some resources such as the origin-AS may be stated by others; most RPKI and IRR will, of course, be your own declarations. And a hijack attempt in BGP will show up because it will be about you, but not originated by you!). The data is available as a summary of issues, and a list of affected prefixes and AS numbers (ASNs).

Screenshot of routing status in DASH.
Figure 1 — Routing status in DASH.

Previously, APNIC has released alerts for suspicious traffic in DASH, to let AS holders know when their routing system emits traffic captured at a honeypot that shows infection of the customers’ hosts inside their network. These alerts are currently sent as emails.

The new backend for routing alerts can still trigger an email, but there is now a selectable option to receive routing alerts by SMS or Slack (if you install the ‘APNIC Notifications’ Slack App to your workspace). We will be upgrading this system to support suspicious traffic alerts in 2023, so the same functionality is available across both DASH services.

Screenshot of configuring alerts in DASH.
Figure 2 — Configuring alerts in DASH.
Screenshot of defining filters for alerts in DASH.
Figure 3 — Defining filters for alerts in DASH.
Screenshot new notification options in DASH.
Figure 4 — New notification options in DASH.

More to come

APNIC is currently working on ‘webhooks’ that will allow you to customize this system, as well as new kinds of routing-related alerts.

One candidate is to provide an alert when an ASN is used by a third party to make a ROA. This would be consistent with the activity in route management when a route object in the IRR is made referring to your ASN by another address holder.

APNIC would love to hear any feedback you might have about DASH and the new alerts. Why not let us know via the APNIC User Feedback Group on Orbit.

Set up your alerts in DASH now.

Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *