Advertised Prefix Count
This alarm monitors the size of the RIB of a monitored peer. Crosswork Cloud Network Insights collects statistics that relate to all monitored peers (including the number of prefixes advertised by each peer to Crosswork Cloud Network Insights) at regular intervals. You must configure at least one IPv4/IPv6 address family range for the number of prefixes expected to be advertised to Crosswork Cloud Network Insights from the monitored Peer. If the number of advertised prefixes falls below the minimum number that is expected, it indicates a problem with the peering session between the monitored peer and Crosswork Cloud Network Insights or any of its other peers. It can also be caused by a more restrictive inbound policy configured on the monitored peer applied to its peers other than Crosswork Cloud Network Insights or a more restrictive outbound policy applied to the Crosswork Cloud Network Insights peer. Conversely, if the number of advertised prefixes exceeds the maximum number that is expected, it can indicate less restrictive policies configured or a malicious attempt to overwhelm the peer with prefix advertisements.
Possible Problem Detected
This alarm can help identify problems with peering (because of software, hardware, or misconfiguration issues) or DoS attacks on the peer.
Relevant Alarm Rule Configurations
The following options must be configured when adding this alarm rule to an ASN policy configuration (External Routing Analysis > Configure > Policies > Add Policy > Peer Policy > Add Rule > Advertised Prefix Count):
-
Expected prefix count range (per IPv4/IPv6 address family)
Example
You create a Peer Policy with the Advertised Prefix Count alarm rule with an expected IPv4 prefix range [1000, 800000] and linked to Peer RTR1. The alarm activates at every data collection event if the number of IPv4 prefixes advertised from RTR1 to Crosswork Cloud Network Insights is outside this range, and different than what was previously recorded.
Feedback