🗺️ BGP & Internet Routing
9 min read
Looking Glass & BGP Diagnostic Tools
Learn to use BGP looking glass servers, route collectors, and diagnostic tools to troubleshoot routing issues and verify prefix announcements.
What Is a Looking Glass?
A BGP Looking Glass (LG) is a public web interface that lets you query a network's BGP routing table from their perspective. It is invaluable for troubleshooting reachability issues.
Common queries available on looking glass servers:
- BGP route — Show the BGP table entry for a prefix.
- Traceroute — Trace the path from the LG server to a destination.
- Ping — Test reachability from the LG server's location.
Essential BGP Tools
| Tool | URL | Purpose |
|---|---|---|
| bgp.tools | bgp.tools | AS info, prefix visibility, hijack detection |
| RIPE RIS | ris.ripe.net | Global BGP routing data from 25+ collectors |
| RouteViews | routeviews.org | University of Oregon route collectors |
| Hurricane Electric BGP | bgp.he.net | AS/prefix lookup, peering info |
| RPKI Validator | rpki-validator.ripe.net | RPKI ROA validation status |
| PeeringDB | peeringdb.com | IX and peering information |
Checking Your Prefix Announcements
# Verify your prefix is visible globally
# Using RIPE RIS Looking Glass API
curl -s "https://stat.ripe.net/data/looking-glass/data.json?resource=203.0.113.0/24" | \
jq '.data.rrcs[].peers[] | {asn_origin: .asn_origin, prefix: .prefix}'
# Check origin AS and path via bgp.tools
curl -s "https://bgp.tools/prefix/203.0.113.0/24" | head -50
Troubleshooting Common Issues
Prefix Not Visible
- Check if BGP session is established:
show bgp summary - Verify the prefix is in your outbound policy.
- Check if upstream is filtering (ask them to check their prefix list).
- Look for RPKI Invalid status — create a ROA if missing.
Suboptimal Path Selection
- Query multiple looking glasses to see paths from different vantage points.
- Check BGP communities — your upstream may be applying traffic engineering.
- Verify AS-path prepending is not unintentionally lengthening your path.
Detecting Route Hijacks
Monitor your prefixes for unauthorized origins:
# RIPE RIPEstat: Check who is originating your prefix
curl -s "https://stat.ripe.net/data/routing-status/data.json?resource=203.0.113.0/24" | \
jq '.data.last_seen.origin'
# If the origin AS is not yours, you may be hijacked
BGP Stream Monitoring
For real-time alerts on routing changes affecting your prefixes:
- Cloudflare Radar — Route leak and hijack detection.
- BGPStream — Open-source BGP monitoring from CAIDA.
- RIPE RIS Live — WebSocket stream of BGP updates.
Set up alerts for any new origin AS or unexpected more-specific announcements of your prefixes.