Hi @nv-anssi ,
I have analysed the results of detection tool with our older RIB files and I suspect there false positives.
{"timestamp": 1489445634.0, "collector": "rrc01", "peer_as": 4755, "peer_ip": "121.244.206.224", "announce": {"type": "F", "prefix": "1.12.0.0/16", "asn": 4847, "as_path": "4755 6453 4134 4847"}, "conflict_with": {"prefix": "1.12.0.0/14", "asn": 18245}, "asn": 18245, "type": "ABNORMAL"}
Here prefix -"1.12.0.0/16" is said to be Abnormal for "asn": 4847, "as_path": "4755 6453 4134 4847
But the history of the RIB files shows that the ASN 4847 has been consistently advertising the prefix 1.12.0.0/16 and seems to be maintaining its stability.
So according to some papers/algoithms they are not abnormal. How are you trying to deal with such false posivities.
Please help me to understand If I am wrong here
Hi @nv-anssi ,
I have analysed the results of detection tool with our older RIB files and I suspect there false positives.
Here prefix -
"1.12.0.0/16"is said to be Abnormal for"asn": 4847, "as_path": "4755 6453 4134 4847But the history of the RIB files shows that the ASN 4847 has been consistently advertising the prefix 1.12.0.0/16 and seems to be maintaining its stability.
So according to some papers/algoithms they are not abnormal. How are you trying to deal with such false posivities.
Please help me to understand If I am wrong here