Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
False posative: A new downstream .... has been detected
See original GitHub issueDescribe the bug We have configured bgpalerter using mostly the generated example configuration. After leaving the daemon runing over night i notice the following reports which to me seem like false positives:
2022-01-11T22:00:05+00:00 verbose: A new downstream of AS14907 has been detected: AS1299
2022-01-11T22:00:05+00:00 verbose: A new downstream of AS14907 has been detected: AS6939
2022-01-11T22:00:13+00:00 verbose: A new downstream of AS14907 has been detected: AS2914
2022-01-11T22:00:13+00:00 verbose: A new downstream of AS14907 has been detected: AS3356
AS14907 is not a transit provider so this looks quite strange, however we do peer with rrc00, rrc03 and rrc23 and send them our full routing table and wonder if this could be the reason we are seeing theses alerts and if so is there a simple way to exclude our announcements to ris from the monitors?
Provide an example full configure available https://gist.github.com/b4ldr/8a6ab36e981ff9e85bdd2f465e892519 output from pullapi: https://gist.github.com/b4ldr/22e4c36dcfa34d3abaa42d2a2a335739
Expected behavior I did not expect any alerts for additional downstream
Are you using the binary or the source code? binary
Your information John Bond, Wikimedia Foundation (AS14907)
p.s. will send a comment to #397 once in production and thanks for al the work 😃
Issue Analytics
- State:
- Created 2 years ago
- Reactions:1
- Comments:6 (3 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Hi John,
Thanks for the proper bug reporting. I gave a look at the RIS data. The prefixes involved are RIS beacons announced by AS12654 (RIS). It looks like the beacons pass through other ASes, reach 14907, and are sent back into RIS (e.g., AS-path 14907, 1299, 2914, 42473, 12654).
I’m going to patch it right now and exclude all RIS beacons prefixes. It looks like this case can happen only in the PathNeighbors monitor, the other monitors are not affected. What you can do in the meanwhile is: if the warnings are a few and always about the same downstream ASes, you can temporarily add those ASes as downstreams in prefixes.yaml. Alternatively, you can remove the entire downstream list (including the “downstream:” part) to disable the downstream monitoring leaving the rest intact).
We have had this running for about 24 hours now and not seen any additional alerts so i will tentatively close this, thanks for the speedy response