Open in app

Sign in

Write

Sign in

BGP path tracer for AWS direct connect

Vivek Dasgupta
3 min readApr 23, 2017

Direct connect to cloud usually involves two separate physical connections, which lead to two layer 2 connects. At network layer BGP is used to keep track of both the available paths and if one path fails, then the backup connection is used.

AWS Direct Connect Topology

Sometimes it requires that the network device used for layer 3 peering needs to undergo maintenance. This can result in bringing down the primary path and switching over to secondary path. Sometimes there can also be a downtime of a few seconds when BGP re-converges. There could also be a larger downtime if there is a faulty firmware and/or the process is not followed properly.

Network monitoring can help out in keeping track of the situation. However is it possible to achieve this without access to network devices or network monitoring information ?

In this blog I will discuss how this can be achieved. This is specific to monitoring connectivity between two separate AWS accounts which are connected via a data center direct connect. However this can be applied to almost any other situation.

Tool Design

I wrote a golang program which will monitor the BGP path used by the direct connect. First we setup our DC maps which map the Direct Connect peer IP addresses used for both AWS accounts. The we co-relate that to the IP map which will be used to monitor the network path used. This program uses nmap to obtain the traceroute information.

The program will post to slack, as well as generate a summary and detailed log file. This is quite useful in continuous monitoring during network device maintenance.

Source Code

Full source code is available at :

https://github.com/vivekdasgupta/bgptracer

Usage

This can be used to troubleshoot BGP connections and/or as a monitoring tool during equipment upgrades and planned downtime.

Instructions

  • Modify the code to setup your IP address map
  • Setup your slack webhook and update the URL in the code. (This is optional. If slack post is not needed this can be removed)
  • go build bgptracer.go
  • Run bgptracer in your on-prem network and use a target host/port in the AWS cloud which is reachable :

$ ./bgptracer <detailed_log_file_path> <summary_log_file_path> <delay_in_seconds>

Output

The tool provide realtime information about the status of network connectivity between the two AWS accounts and also if/when the BGP path change is detected

bgptracer-bot APP [1:02 AM] 
Network UP : From -> AWS-Account-1 to AWS-Account-2 Using: AWS-Account-2-DX2 AWS Peer IP IP: 169.254.xxx.xxbgptracer-bot APP [1:07 AM] 
Network connectivity down: From -> AWS-Account-1 to AWS-Account-2bgptracer-bot APP [1:12 AM] 
Network connectivity down: From -> AWS-Account-1 to AWS-Account-2bgptracer-bot APP [1:17 AM] 
Network UP : From -> AWS-Account-1 to AWS-Account-2 Using: AWS-Account-2-DX1 AWS Peer IP IP: 169.254.xxx.xx[1:17] 
BGP path change detected…bgptracer-bot APP [1:22 AM] 
Network UP : From -> AWS-Account-1 to AWS-Account-2 Using: AWS-Account-2-DX1 AWS Peer IP IP: 169.254.xxx.xx
AWS
Cloud Computing
Technology
Networking
DevOps

--

--

Vivek Dasgupta

Written by Vivek Dasgupta

19 Followers

Technology Enthusiast, Gopher, DevOps, AWS, Cloud Architect : https://github.com/vivekdasgupta

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams