BGP Security - Critical to your Business Gain visibility into how your networks are routed

By Wayne Cheung, Senior Manager Network Strategy, Cisco Systems Service Provider

Today, the internet is synonymous with business outcomes. Your banking, your healthcare, your entertainment, your shopping and much more all relies on the Internet. But did you know the Internet is fundamentally dependent on routing based on Border Gateway Protocol (BGP)?  BGP is mature and robust to support routing of Internet traffic, but operations of network routing can be complex to maintain and exposed to numerous security threats.  Without a steadfast focus to preserve healthy routing, the business that run across the Internet could be disrupted. Simply search for “BGP hijacks” on Google and you will find many cases that have impacted major businesses. Network operators are acutely aware, but the casual consumer or enterprise just expect service providers to keep the Internet working. 

Imagine the area code on your phone, “858”, but if you accidentally entered “859”, where would your call get routed?   On the Internet, BGP routing tables determine where data is routed, using prefixes as the equivalent to area codes, but a simple misconfiguration gone undetected could mistakenly route customer data to unintended destinations.  In the same example, if an attacker with malicious intent hijacked your prefix and replaced it, they could hijack your traffic which can result in business disruption or stolen data.

The challenge operators face

With all good intentions in mind, the network operators’ challenge to maintain secure routing is complex and challenging.  Networks are distributed globally and often in an unpredictable environment with internal and external changes.   With lack of effective tools and staffing with deep BGP knowledge, operation teams are overwhelmed by the large volumes of data, interpreting the data which can be very unorganized, and logically make deterministic decisions.  Performed erroneously, your network can experience performance issues, service outages or even worse, fraud from malicious redirects.  Whether caused by operational errors or malicious intent, the impact has lasting impressions on your brand and reputation with your customers.

Gaining an advantage

With customers depending on the Internet to be trustworthy and reliable from their service provider, what can your operations team do? Take a proactive and cost-effective approach to monitor routing health with Cisco Crosswork Network Insights as a cloud-delivered routing analytics service to help your operations team reduce the time to know and repair such incidents. Using machine learning, they can perform rich analysis of routing data collected from local and global sources to accurately identify anomalies. 

See immediate results by rapidly identifying anomalies of your network and IP address assets, a critical step in reducing the Mean Time To Resolution (MTTR) for control plane issues.

A deeper look

Let’s explore how the service works to help you improve network stability.

1. Getting started is easy with express configuration of an autonomous system number for all prefixes and default alarms.  
2. Data is collected at scale from local and global sources. The service will perform rich analysis of routing data to determine anomalies based on multiple routing databases. The operator can use these insights to take deterministic actions.
3. Further customize the settings for your needs, define flexible policies to see erroneous prefixes advertised from an unexpected origin ASN.  The reason could be a configuration error or even a malicious BGP hijack attempting to deny service or misdirect traffic.
4. Find problematic route leaks when longer than expected prefixes are seen.  This violation leads to suboptimal routing causing poor service delivery or worse, a complete blackhole of network traffic. 
5. Promptly catch bad actors when they advertise your ASN, spoof your network, and steal your IP assets to covertly impersonate you.
6. Boost BGP security with route origin validation.  Trigger alarms when announcements contain unauthorized origin ASN compared to resource public key infrastructure data.  Stay one step ahead by monitoring for additional alarms.
7. Immediately get notified if a prefix is erroneously advertised from an unexpected origin autonomous system number.  The reason could be a configuration error or worse, a malicious BGP hijack attempting to deny service or misdirect traffic.
8. Use looking glass, an easy-to-understand dashboard, to rapidly visualize global routing health. And forensic analysis of historical data can help you determine who did what to whom.
9. With notification endpoints, your operations team is immediately alerted in the way you want. 
10. Leverage APIs to integrate into your operational tools. 

Find Out More

Cisco Crosswork Network Insights is designed for anyone who needs to understand how their networks are routed and how their prefixes are seen from hundreds of other networks worldwide.  Even better, the service is operational in minutes and will continue to innovate with new techniques to keep your network agile and secure by helping to limit potentially damaging exposure through negative routing events.  

See a demonstration video and click to learn more about Crosswork Network Insights.