Peering with the Internet Alert Registry


Some of you are aware of the site for network operators: which has running for two years now. The purpose of the site is to detect and distribute network anomaly information to the network operators that need to know. The flip side of our proposed security system, Pretty Good BGP (PGBGP), lowers the local preference of anomalous routes on BGP routers for 24 hours, giving operators time to respond to anomalous routes before they can fully propagate.

Now, PGBGP is in actual routing software (Quagga), which we soon hope to distribute. As an initial means of test, we will switch the IAR to it (instead of scraping RIPE/RouteViews with a script). This means that we will need peers to provide the IAR with BGP updates (we will not propagate any route updates to your routers). Currently we have three BGP streams, more would be appreciated.

If you would like to contribute to our research project, please reply directly to me. More information about the project can be found here:



does pgbgp toss out alerts/snmp-traps/log-messages when these
anomalous announcements arrive? if not, how does one know they are
inside the 24hr window?


That’s a good question. IAR peers that also wish to run PGBGP will transmit their anomalous routes out of band to the IAR. This will likely be done via logs and a simple forwarding script.