All scripts
fault
Expert
3–10 min

Route Leak Detector

BGP route leak detection: unexpected prefix origins, AS-path manipulation, unexpected route sources in VRF/global table, RPKI ROA violation detection, and route leak blast radius assessment.

Cisco IOS/XE/XR
Juniper
Arista
Open in GeneratorOpen in Platform
You're viewing a preview

The full script, parameters, and execution console are available with a free account.

Already have access? Sign in →

Capabilities

  • Unexpected origin AS detection
  • AS-path length anomaly
  • RPKI ROA validation
  • VRF route leak check
  • Prefix hijack scoring
  • Baseline drift comparison
  • IRR prefix-list audit

Required inputs

Parameters the script accepts. Defaults shown; some are vendor- or context-gated.

ParameterTypeDefaultNotes
Allowed origin ASNs (CSV)
allowed_origins
string65001,65002
Max expected AS-path length
max_as_path
number6
Validate against RPKI ROAs
check_rpki
booltrue
Authorised prefixes file
prefixes_file
stringallowed.txt

Hint 1Name your vendors and OS versions

Mention the exact platforms you run (Cisco IOS/XE/XR, Juniper, Arista) so the generated fault logic uses the right CLI/NETCONF syntax.

Hint 2State your real thresholds

Provide concrete values for Allowed origin ASNs (CSV), Max expected AS-path length, Validate against RPKI ROAs instead of the defaults — they shape what counts as a fault.

Hint 3Prioritize the checks you need

This tool can unexpected origin AS detection and aS-path length anomaly. Ask for the subset relevant to your incident to keep output focused.

Hint 4Describe your inventory format

Tell the assistant whether your device list is CSV, YAML, or JSON and which columns it has, so parsing matches your data.

Sample inventory schema

Authoritative shape of the device/policy data this script consumes.

edge_pe.csv
csv
Edge + PE routers carrying customer/upstream sessions
terminal
hostname,mgmt_ip,site,role,vendor,os,asn,customer_count,upstream_count
edge-rtr-01,10.30.0.11,LON1,edge,cisco,iosxr-7.9.2,65000,42,3
edge-rtr-02,10.30.0.12,FRA1,edge,cisco,iosxr-7.9.2,65000,38,3
edge-rtr-03,10.30.0.13,NYC1,edge,juniper,junos-22.4R3,65000,27,2
policy.yaml
yaml
Per-customer accept lists, max-prefix, RPKI validator URL, forbidden communities
yaml
# Per-customer expected announce / accept policy (RPKI-validated)
customers:
  - asn: 64512
    name: ACME-CORP

Expected output

Reference terminal output the script should produce — used as a stylistic and structural target.

terminal
ROUTE LEAK DETECTION — 5 BGP routers
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━

UNEXPECTED ORIGIN AS:
  192.0.2.0/24   announced by AS64512  (expected: AS65001) ← LEAK
  198.51.100.0/24 announced by AS64999 (expected: AS65002) ← LEAK

AS-PATH ANOMALIES:
  10.0.0.0/8     AS-path length 9 (threshold: 6) ← PREPENDING suspected
    Path: 65001 64512 64513 64514 64512 64512 64512 64514 64999