Unexpected AS Prefix
This alarm detects unexpected changes for an AS where a new prefix was not previously there. Any prefix that originates from a monitored BGP AS is a violating prefix if it is not subscribed to by your organization (subject to peer thresholds).
Possible Problem Detected
This alarm can help identify an unexpected change or route leak scenario for an AS where a new prefix was not previously observed.
Relevant Alarm Rule Configurations
The following options must be configured when adding this alarm rule to an ASN policy configuration (External Routing Analysis > Configure > Policies > Add Policy > ASN Policy > Add Rule > Unexpected AS Prefix):
-
Thresholds (per advertised prefix)
Example
You create an ASN Policy with the Unexpected AS Prefix alarm rule and linked to a monitored AS 15169. You are also subscribed to all prefixes that are expected to originate from AS 15169. Due to a misconfiguration, prefix 8.8.0.0/24 is leaked from the AS. At the same time, prefix 9.9.0.0/24 is advertised correctly, but is not subscribed to. Subject to peer thresholds, both these events cause the alarm to trigger. You can then correct the configuration to withdraw prefix 8.8.0.0/24 and subscribe to prefix 9.9.0.0/24 which clears the alarm.
Feedback