Skip to main content

Alerts

Quick summary

Active/Ongoing or Resolved Alerts, based on the Alert Rules you have setup.

Active Alerts are triggered in real-time based on the configuration of the matching Alert Rule in the Setup | Alert Rules section and the incoming routing state data (Routes).

Resolved Alerts were originally triggered based on the configuration of a matching Alert Rule in the Setup | Alert Rules section. These Alerts are now marked as resolved, either because the Routes that triggered them have been withdrawn, or because the Alert Rule was adjusted by the user to encompass the aforementioned Routes.

Active Alerts are displayed in the Active tab; Resolved Alerts are displayed in the Resolved tab.

Each card represents an Active or Resolved Alert, and includes the Custom Alert Name, Type, Timestamp and Severity. Click on each card’s arrow to expand the view and reveal the event’s details.

Use the filters to narrow down Alerts based on all available fields.

Click on Sort By to sort the data based on all available fields.

Click on Download CSV to export the data in CSV format.

Click on Share to copy a URL of the current Alerts view.

Details

Using our powerful BGPQL API we can subscribe to alertable BGP data and trigger alerts on demand when corresponding state data is detected via regexes, within seconds. Rules are setup to generate alerts according to user preferences; see Alert Rules for more information. The data pipeline we employ for this is: Persistent State --> GraphQL --> Custom Alerts Provider --> Alertmanager|Persistent State --> Notification channel(s). Note that when the state data stops being alertable (i.e., the regex matches stop firing), alerts are automatically resolved.

Alerts have the following fields, corresponding also to the alert rules that trigger them:

  • Name, i.e., the name of the alert, e.g., C-Root Cogent Exact Prefix Hijack.
  • Type, i.e., the type of the alert, e.g., Exact Prefix Hijack.
  • Started, i.e., the starting timestamp of the alert, both for active and resolved alerts, e.g., Jun 23, 2023, 19:50:18.
  • Ended, i.e., the ending/resolution timestamp of the alert, only for resolved alerts, e.g., Jun 23, 2023, 19:52:20.
  • Severity, i.e., the severity of the alert, e.g., Critical|Warning.
  • Event, i.e., what actually happened, e.g., AS132337 has hijacked prefixes: 192.33.4.0/24..

Alert information can be filtered based on all these fields. The filtered table can be exported to CSV. It can also be shared in a URL form with other Code BGP Platform users.

Finally, each Alert row is expandable and exhibits an inner table with the following fields:

  • Event, i.e., an expandable description of what happened, e.g., AS132337 has hijacked prefixes: 192.33.4.0/24..
  • Configured Resources, i.e., the configuration of the corresponding alert rule that was violated, e.g., AS2149 are configured to originate prefixes: 192.33.4.0/24, 2001:500:2::/48..
  • Description, i.e., the description of the alert (and corresponding rule), e.g., Illegal origin ASes that announce configured prefixes.

Screenshots

The feature is already live in production. Documentation screenshots coming soon!