PeerCortex

The AI-Powered Network Intelligence Platform

AI-powered network intelligence. Query PeeringDB, analyze BGP, monitor RPKI,
find peering partners — all from Claude Code or any MCP client. 100% local.

---

---

Table of Contents

• What is PeerCortex?
• The Problem
• Features
  • ASN Intelligence
  • Peering Partner Discovery
  • BGP Analysis & Anomaly Detection
  • RPKI Monitoring & Compliance
  • Network Comparison
  • Report Generation
• MCP Server Tools
• Claude Code Integration
• Data Sources
• Feature Comparison
• Architecture
• Quick Start
• Configuration
• Privacy & Security
• Roadmap
• Contributing
• FAQ
• Acknowledgments
• Ecosystem

---

What is PeerCortex?

PeerCortex is an MCP (Model Context Protocol) Server that unifies six major network intelligence data sources into a single, AI-queryable interface for network engineers, peering coordinators, and NOC operators.

Instead of switching between PeeringDB, RIPE Stat, bgp.he.net, Route Views, IRR databases, and RPKI validators — each with their own interfaces and query languages — PeerCortex lets you ask questions in plain English through Claude Code or any MCP-compatible client.

A local Ollama instance provides AI analysis: ranking peering partners, detecting BGP anomalies, generating compliance reports, and drafting peering request emails. All inference runs on your machine. No data leaves your network.

Who is this for?

• Network Engineers who want instant answers from multiple data sources
• Peering Coordinators who need to find and evaluate peering partners
• NOC Operators who monitor BGP health and detect anomalies
• Security Teams who track RPKI compliance and route hijacks
• Anyone who works with Internet routing data and wants AI assistance

---

The Problem

Network operators juggle fragmented tools. Every task requires a different interface:

Task	Without PeerCortex	With PeerCortex
ASN lookup	Open PeeringDB, RIPE Stat, bgp.he.net in separate tabs	"Give me the full picture for AS13335"
Find peering partners	Manual PeeringDB search, filter by IX, check policies	"Find peering partners at DE-CIX with open policy"
Detect route leaks	Check RIPE RIS, cross-reference AS paths, manual analysis	"Any BGP anomalies for 185.1.0.0/24?"
RPKI compliance	Query Routinator, match against announced prefixes, calculate coverage	"Generate an RPKI compliance report for AS13335"
Compare networks	Open both ASNs on PeeringDB, manually compare IX/facility lists	"Compare AS13335 and AS32934"
Peering request	Look up contacts, check common IXs, write email from scratch	"Draft a peering request to AS714 for DE-CIX Frankfurt"

PeerCortex collapses these multi-step workflows into single natural language queries, backed by real data from authoritative sources.

---

Features

1. ASN Intelligence

Unified ASN lookup that queries PeeringDB, RIPE Stat, bgp.he.net, IRR databases, and RPKI validators in parallel, returning a comprehensive network profile.

What you get:

• Network name, type, scope, and peering policy
• Announced prefix counts (IPv4 + IPv6)
• IX participation with connection speeds
• Facility/colocation presence
• IRR registration status (as-set, route objects)
• RPKI ROA coverage and validation summary
• Upstream providers and peer count
• Contact information for peering

Example:

You: Give me the full picture for AS13335

PeerCortex: Here's the comprehensive profile for AS13335 (Cloudflare, Inc.):

  Network Type: Content
  Peering Policy: Open
  Scope: Global
  Prefixes: 1,200+ IPv4, 200+ IPv6
  IXs: 290+ exchanges worldwide
  Facilities: 320+ data centers
  RPKI Coverage: 99.8% (all prefixes covered by ROAs)
  IRR: AS-CLOUDFLARE registered in RADB
  ...

2. Peering Partner Discovery

AI-ranked peering partner recommendations based on common IX presence, facility overlap, policy compatibility, and network type complementarity.

What you get:

• Ranked list of potential peering partners
• Match score with reasoning
• Common IXs and facilities
• Peering policy compatibility
• Contact information
• Draft peering request emails

Example:

You: Find peering partners for AS13335 at DE-CIX Frankfurt with open policy

PeerCortex: Found 47 networks at DE-CIX Frankfurt with open peering policy.
Top matches for AS13335:

  1. AS32934 (Facebook) — Score: 92/100
     Common IXs: DE-CIX Frankfurt, AMS-IX, LINX
     Common Facilities: Equinix FR5, Interxion FRA
     Policy: Open | Type: Content
     Why: Major content network, high traffic overlap potential

  2. AS15169 (Google) — Score: 88/100
     Common IXs: DE-CIX Frankfurt, AMS-IX, LINX, JPNAP
     ...

3. BGP Analysis & Anomaly Detection

Real-time BGP analysis using data from RIPE Stat RIS collectors, Route Views, and bgp.he.net. Detects route leaks, BGP hijacks, MOAS conflicts, and path anomalies.

What you get:

• AS path analysis and diversity metrics
• Route origin validation
• Anomaly detection with severity levels
• Route leak identification
• BGP hijack alerts
• MOAS (Multiple Origin AS) conflict detection
• Prefix visibility reports
• AI-generated routing assessment

Example:

You: Are there any BGP anomalies for 185.1.0.0/24 right now?

PeerCortex: BGP analysis for 185.1.0.0/24:

  Origin AS: AS47541
  Path Diversity: 12 unique paths from 24 collectors
  Visibility: 98.5% (seen by 394/400 RIS peers)
  RPKI Status: Valid (ROA match: 185.1.0.0/24, max /24, AS47541)

  Anomalies Detected: None
  No route leaks, hijacks, or MOAS conflicts detected.
  Routing appears stable and healthy.

You: Show me all route leaks involving my prefixes in the last 7 days

PeerCortex: Analyzing BGP updates for your prefixes over the last 7 days...

  ALERT: 2 route leak events detected

  1. [HIGH] 2026-03-22T14:32:00Z — 203.0.113.0/24
     Leaked by AS64496 via AS64497
     Expected path: AS64496 → AS64498 → origin
     Observed path: AS64496 → AS64497 → AS64499 → origin
     Duration: 23 minutes
     Impact: Partial traffic rerouting through unexpected path
     ...

4. RPKI Monitoring & Compliance

Comprehensive RPKI validation and compliance monitoring. Validates prefix-origin pairs, generates compliance reports, and identifies networks at IXs without RPKI coverage.

What you get:

• Prefix-origin RPKI validation (valid/invalid/not-found)
• ROA coverage percentage for an ASN
• Compliance reports with recommendations
• IX-level RPKI coverage analysis
• Comparison with industry benchmarks
• Step-by-step remediation guidance

Example:

You: Generate an RPKI compliance report for AS13335

PeerCortex: RPKI Compliance Report — AS13335 (Cloudflare, Inc.)

  Overall Coverage: 99.8%
  Total Announced Prefixes: 1,432
  RPKI Valid: 1,429 (99.8%)
  RPKI Invalid: 0 (0.0%)
  Not Covered: 3 (0.2%)

  Uncovered Prefixes:
    - 198.51.100.0/24 (recently announced, ROA pending)
    - 2001:db8:1::/48 (experimental prefix)
    - 2001:db8:2::/48 (experimental prefix)

  Recommendations:
    1. Create ROAs for the 3 uncovered prefixes
    2. All ROAs have appropriate max-length settings
    3. RPKI-invalid route filtering is recommended on all sessions
  ...

You: Which ASNs at AMS-IX don't have RPKI?

PeerCortex: RPKI Coverage Analysis — AMS-IX

  Total Participants: 932
  With RPKI Coverage: 714 (76.6%)
  Without RPKI: 218 (23.4%)

  Largest uncovered networks:
    - AS64496 (Example ISP) — 450 prefixes, 0% RPKI coverage
    - AS64497 (Example Transit) — 230 prefixes, 0% RPKI coverage
    ...

5. Network Comparison

Side-by-side comparison of two autonomous systems across all dimensions: size, IX presence, facility overlap, peering policy, RPKI deployment, and geographic coverage.

What you get:

• Side-by-side metrics table
• Common and unique IXs
• Common and unique facilities
• Peering potential score
• AI-generated comparison narrative
• Peering opportunity identification

Example:

You: Compare AS13335 and AS32934 — where do they peer?

PeerCortex: Network Comparison — AS13335 (Cloudflare) vs AS32934 (Facebook)

  Metric            | AS13335 (Cloudflare) | AS32934 (Facebook)
  ────────────────────────────────────────────────────────────
  Type              | Content              | Content
  Policy            | Open                 | Selective
  IPv4 Prefixes     | 1,200+               | 800+
  IPv6 Prefixes     | 200+                 | 150+
  IX Count          | 290+                 | 180+
  Facility Count    | 320+                 | 60+
  RPKI Coverage     | 99.8%                | 99.5%

  Common IXs (142):
    DE-CIX Frankfurt, AMS-IX, LINX, France-IX, JPNAP, Equinix IX,
    HKIX, SIX Seattle, Any2 Los Angeles, TorIX, ...

  Unique to Cloudflare (148):
    NIX.CZ, BKNIX, KINX, MIX-IT, ...

  Unique to Facebook (38):
    ...

  These networks peer extensively at 142 common IXs worldwide.

6. Report Generation

Generate presentation-ready reports suitable for NANOG, RIPE, DENOG, or internal meetings. Multiple report types in Markdown, JSON, or plain text.

Report types:

• Peering Readiness — Evaluates an ASN's readiness for peering
• RPKI Compliance — Full RPKI deployment status with remediation steps
• Network Comparison — Detailed two-network comparison
• BGP Health — Routing health assessment with anomaly history
• IX Analysis — Internet Exchange participation analysis

Example:

You: Generate a peering readiness report for AS13335

PeerCortex: # Peering Readiness Report — AS13335 (Cloudflare, Inc.)

  ## Executive Summary
  AS13335 demonstrates excellent peering readiness with global IX presence,
  open peering policy, and near-complete RPKI coverage...

  ## Key Findings
  - Present at 290+ IXs across 6 continents
  - Open peering policy with clear documentation
  - 99.8% RPKI coverage
  - Active PeeringDB profile with up-to-date contact info
  ...

---

MCP Server Tools

PeerCortex exposes six tools via the Model Context Protocol:

Tool	Description	Primary Data Sources
lookup	ASN, prefix, and IX lookups with unified results	PeeringDB, RIPE Stat, bgp.he.net, IRR, RPKI
peering	Peering partner discovery and match scoring	PeeringDB, Ollama
bgp	BGP path analysis and anomaly detection	RIPE Stat, Route Views, bgp.he.net
rpki	RPKI validation and compliance monitoring	Routinator, RIPE RPKI Validator
compare	Side-by-side network comparison	PeeringDB, RIPE Stat, RPKI
report	Generate comprehensive analysis reports	All sources + Ollama
measure_rtt	RTT measurement via RIPE Atlas probes	RIPE Atlas
traceroute	Traceroute with ASN annotation and IXP detection	RIPE Atlas, RIPE Stat
upstream_analysis	Identify and evaluate upstream transit providers	CAIDA, bgp.he.net, RIPE Stat
transit_diversity	Assess redundancy and single points of failure	CAIDA, Route Views
peering_vs_transit	Cost/latency comparison of peering vs. transit	PeeringDB, RIPE Stat
as_graph	AS-level topology graph with relationship types	CAIDA, bgproutes.io
submarine_cables	Submarine cable lookup by region or landing point	TeleGeography, PeeringDB
facility_analysis	Colocation presence and interconnection opportunities	PeeringDB
ix_traffic	IX traffic statistics and historical trends	DE-CIX, AMS-IX, LINX
ix_comparison	Side-by-side comparison of multiple IXes	DE-CIX, AMS-IX, LINX
port_utilization	Port utilization analysis with upgrade recommendations	PeeringDB, IX APIs
hijack_detection	Detect BGP hijacks via RPKI ROV and MOAS analysis	bgproutes.io, RIPE Stat
route_leak_detection_aspa	ASPA-based route leak detection	bgproutes.io
bogon_check	Bogon prefix and bogon ASN detection	RIPE Stat, IANA
blacklist_check	IP/prefix/ASN blacklist and reputation checks	Spamhaus, Team Cymru
reverse_dns	Batch reverse DNS with FCrDNS verification	Cloudflare DoH
delegation_check	DNS delegation and DNSSEC validation	Cloudflare DoH
whois_lookup	Structured WHOIS for IPs, ASNs, and domains	RIPE DB, WHOIS
atlas_create_measurement	Create RIPE Atlas measurements	RIPE Atlas
atlas_get_results	Retrieve and summarize measurement results	RIPE Atlas
atlas_search_probes	Search probes by ASN, country, prefix, or anchor	RIPE Atlas

Each tool accepts structured input validated by Zod schemas and returns typed JSON responses.

---

Claude Code Integration

Add PeerCortex to your Claude Code configuration:

{
  "mcpServers": {
    "peercortex": {
      "command": "node",
      "args": ["/path/to/peercortex/dist/mcp-server/index.js"],
      "env": {
        "OLLAMA_BASE_URL": "http://localhost:11434",
        "OLLAMA_MODEL": "llama3.1"
      }
    }
  }
}

Example Conversations

Once configured, you can interact with PeerCortex naturally through Claude Code:

You: Give me the full picture for AS13335

Claude: I'll look up comprehensive information for AS13335 using PeerCortex...

[Calls lookup tool with asn=13335]

Here's the complete profile for AS13335 (Cloudflare, Inc.):

Network Overview:
  - Name: Cloudflare, Inc.
  - Type: Content
  - Peering Policy: Open
  - Scope: Global
  - Website: cloudflare.com
  ...

You: Find peering partners for AS13335 at DE-CIX with open policy

Claude: Let me search for networks at DE-CIX with open peering policy
that would be good matches for Cloudflare...

[Calls peering tool with asn=13335, ix="DE-CIX Frankfurt", policy="open"]

I found 47 potential peering partners at DE-CIX Frankfurt. Here are the
top matches ranked by compatibility...

You: Are there any BGP anomalies for 185.1.0.0/24 right now?

Claude: I'll analyze the current BGP routing state for that prefix...

[Calls bgp tool with resource="185.1.0.0/24", include_anomalies=true]

Good news — no anomalies detected for 185.1.0.0/24. The prefix is
currently announced by AS47541 with stable routing...

You: Compare AS13335 and AS32934 — where do they peer?

Claude: Let me pull up a side-by-side comparison of Cloudflare and Facebook...

[Calls compare tool with asn1=13335, asn2=32934]

Here's a detailed comparison of the two networks. They peer at
142 common Internet Exchanges worldwide...

You: Generate an RPKI compliance report for AS13335

Claude: I'll generate a comprehensive RPKI compliance report...

[Calls rpki tool with asn=13335, include_recommendations=true]

Here's the RPKI compliance report for Cloudflare. They have 99.8%
coverage with only 3 uncovered prefixes...

You: Which ASNs at AMS-IX don't have RPKI?

Claude: Let me analyze RPKI coverage across AMS-IX participants...

[Calls rpki tool for IX coverage analysis]

Out of 932 AMS-IX participants, 218 (23.4%) don't have RPKI
coverage for their announced prefixes...

You: Show me all route leaks involving my prefixes in the last 7 days

Claude: I'll scan BGP update data for route leak events...

[Calls bgp tool with anomaly detection]

I found 2 route leak events in the last 7 days affecting your prefixes...

You: Draft a peering request email to AS714 for DE-CIX Frankfurt

Claude: I'll draft a professional peering request to Apple...

[Calls peering tool to generate email draft]

Here's a ready-to-send peering request email to Apple's peering team
for establishing peering at DE-CIX Frankfurt...

You: Trace the path from AS32934 (Meta) to Cloudflare (AS13335) and show latency

Claude: I'll create a RIPE Atlas traceroute from Meta's network to Cloudflare...

[Calls traceroute tool with target="1.1.1.1", sourceAsn=32934]

The traceroute from AS32934 to AS13335 shows 8 hops with an average
RTT of 4.2ms. The path crosses DE-CIX Frankfurt at hop 4, where both
networks are present. No IXP-level congestion detected...

You: Detect route leaks using ASPA validation for prefixes of AS13335

Claude: I'll check all Cloudflare prefixes for ASPA validation failures...

[Calls route_leak_detection_aspa tool with asn=13335]

Checked 1,432 prefixes for AS13335 (Cloudflare). No active route leaks
detected via ASPA validation. AS13335 has ASPA objects registered for
all upstream providers. 2 historical leak events found from the past
90 days, both resolved within 15 minutes...

You: Show IX traffic trends at DE-CIX Frankfurt for the last 12 months

Claude: I'll fetch DE-CIX Frankfurt traffic statistics with monthly granularity...

[Calls ix_traffic tool with ix="de-cix-frankfurt", period="12m", granularity="monthly"]

DE-CIX Frankfurt traffic over the last 12 months:
  Current Peak: 14.2 Tbps
  Average: 8.7 Tbps
  Year-over-Year Growth: +18.4%
  Connected Networks: 1,100+
  Monthly trend shows consistent growth with seasonal peaks in Q4...

You: What would change if AS32934 (Meta) peered directly with AS13335 (Cloudflare)
instead of using transit?

Claude: Let me analyze the current path and potential direct peering benefits...

[Calls peering_vs_transit tool with sourceAsn=32934, targetAsn=13335]

Current path: AS32934 → AS174 (Cogent) → AS13335 (3 hops, ~12ms RTT)
With direct peering at DE-CIX Frankfurt: AS32934 → AS13335 (1 hop, ~2ms RTT)

Both networks are present at 142 common IXes and 28 common facilities.
Estimated RTT reduction: 10ms. Direct peering is strongly recommended
given the extensive IX overlap and open peering policies...

---

Data Sources

Source	URL	Data Provided	Update Frequency
PeeringDB	peeringdb.com	Network info, IXs, facilities, contacts	User-maintained (near real-time)
RIPE Stat	stat.ripe.net	BGP state, prefixes, visibility, RPKI	Real-time (RIS collectors)
bgp.he.net	bgp.he.net	Peers, upstreams, downstreams, prefixes	Multiple times daily
Route Views	routeviews.org	Global routing table, path diversity	Real-time (via RIPE Stat)
IRR	rest.db.ripe.net	Route objects, as-sets, WHOIS	Near real-time
RPKI	Local Routinator / RIPE RPKI	ROA validation, VRP list	Every ~10 minutes
bgproutes.io	bgproutes.io	RIB entries, BGP updates, AS topology, RPKI ROV + ASPA validation	Real-time
RIPE Atlas	atlas.ripe.net	Ping, traceroute, DNS, SSL measurements from global probes	On-demand
CAIDA AS Rank	asrank.caida.org	AS relationships, customer cones, rankings	Periodic
IX Traffic	DE-CIX, AMS-IX, LINX public APIs	IX traffic statistics and trends	Near real-time
DNS-over-HTTPS	Cloudflare/Google DoH	rDNS, delegation, DNSSEC verification	Real-time

All data is fetched directly from authoritative sources. PeerCortex caches responses locally in SQLite to reduce API calls and improve response times.

---

Feature Comparison

How PeerCortex compares to existing tools:

Feature	PeerCortex	bgpq4	peeringdb-py	ripestat-cli	bgpstream
ASN Lookup (unified)	Yes	-	Partial	Partial	-
Peering Discovery	AI-ranked	-	Basic	-	-
BGP Analysis	Yes	-	-	Yes	Yes
Anomaly Detection	AI-powered	-	-	Partial	Yes
RPKI Monitoring	Yes	-	-	Partial	-
Network Comparison	Yes	-	-	-	-
Report Generation	AI-powered	-	-	-	-
MCP Integration	Native	-	-	-	-
Local AI	Ollama	-	-	-	-
Multi-source	6 sources	1 (IRR)	1 (PDB)	1 (RIPE)	1 (RIS)
Self-hosted	Yes	Yes	Yes	Yes	Yes
No cloud dependency	Yes	Yes	Yes	Yes	Yes

PeerCortex is not a replacement for these excellent tools — it complements them by providing a unified, AI-enhanced interface for the most common network intelligence tasks.

---

Architecture

┌──────────────────────────────────────────────────────────────────┐
│                     MCP Client (Claude Code)                      │
└──────────────────────────┬───────────────────────────────────────┘
                           │ stdio / SSE
┌──────────────────────────▼───────────────────────────────────────┐
│                     PeerCortex MCP Server                         │
│                                                                   │
│  ┌─────────┐ ┌─────────┐ ┌─────┐ ┌──────┐ ┌────────┐ ┌───────┐ │
│  │ lookup  │ │ peering │ │ bgp │ │ rpki │ │compare │ │report │ │
│  └────┬────┘ └────┬────┘ └──┬──┘ └──┬───┘ └───┬────┘ └───┬───┘ │
│       └───────────┴─────────┴───────┴──────────┴──────────┘     │
│                              │                                    │
│  ┌───────────────────────────▼──────────────────────────────────┐│
│  │                Source Aggregation Layer                       ││
│  │  PeeringDB · RIPE Stat · bgp.he.net · Route Views · IRR · RPKI  ││
│  └──────────────────────────────────────────────────────────────┘│
│                                                                   │
│  ┌─────────────────────┐  ┌──────────────────────────────────┐  │
│  │  SQLite Cache        │  │  Ollama (Local AI)               │  │
│  │  Response caching    │  │  Analysis & report generation    │  │
│  └─────────────────────┘  └──────────────────────────────────┘  │
└──────────────────────────────────────────────────────────────────┘

For detailed architecture documentation, see docs/architecture.md.

---

Quick Start

Option 1: Docker (Recommended)

# Clone the repository
git clone https://github.com/peercortex/peercortex.git
cd peercortex

# Copy environment configuration
cp .env.example .env

# Start PeerCortex + Ollama
docker compose up -d

# Pull the AI model
docker exec peercortex-ollama ollama pull llama3.1

# Verify it's running
docker logs peercortex

Option 2: Local Installation

# Prerequisites: Node.js 20+, Ollama installed

# Clone and install
git clone https://github.com/peercortex/peercortex.git
cd peercortex
npm install

# Configure
cp .env.example .env
# Edit .env with your settings

# Build and start
npm run build
npm start

Option 3: npx (One-liner)

# Run directly without installing
OLLAMA_BASE_URL=http://localhost:11434 npx peercortex

Configure Claude Code

Add to your Claude Code MCP configuration (~/.claude.json or project .claude.json):

{
  "mcpServers": {
    "peercortex": {
      "command": "node",
      "args": ["/path/to/peercortex/dist/mcp-server/index.js"],
      "env": {
        "OLLAMA_BASE_URL": "http://localhost:11434",
        "OLLAMA_MODEL": "llama3.1"
      }
    }
  }
}

For detailed setup instructions, see docs/setup.md.

---

Configuration

All configuration is done via environment variables. Copy .env.example to .env and customize:

Variable	Default	Description
OLLAMA_BASE_URL	http://localhost:11434	Ollama API endpoint
OLLAMA_MODEL	llama3.1	LLM model for AI analysis
PEERINGDB_API_KEY	(empty)	Optional PeeringDB API key for higher rate limits
RIPE_STAT_SOURCE_APP	peercortex	RIPE Stat source app identifier
ROUTINATOR_URL	http://localhost:8323	Local RPKI validator URL
RIPE_RPKI_VALIDATOR_URL	https://rpki-validator.ripe.net/api/v1	RIPE RPKI fallback
CACHE_DB_PATH	./peercortex-cache.db	SQLite cache file location
CACHE_TTL_SECONDS	3600	Cache time-to-live (1 hour)
MCP_TRANSPORT	stdio	MCP transport: stdio or sse
MCP_PORT	3100	Port for SSE transport
LOG_LEVEL	info	Log level: debug, info, warn, error

Recommended Ollama Models

Model	Size	Best For
llama3.1	8B	General analysis (recommended default)
llama3.1:70b	70B	Deep analysis (requires 40GB+ RAM)
mistral	7B	Fast analysis, good quality
codellama	7B	Technical report generation
mixtral	8x7B	Complex multi-source analysis

---

Privacy & Security

PeerCortex is designed for privacy-conscious network operators:

• 100% Local AI: All inference runs on your machine via Ollama. No data is sent to OpenAI, Anthropic, Google, or any other cloud AI service.
• No Telemetry: PeerCortex does not collect or transmit any usage data.
• No Account Required: Works without any API keys (PeeringDB key is optional for higher rate limits).
• Local Cache: All cached data is stored in a local SQLite database on your machine.
• Open Source: Full source code available for audit. MIT license.

Data flow:

1. Your query goes from Claude Code to the local PeerCortex MCP server
2. PeerCortex queries public APIs (PeeringDB, RIPE Stat, etc.) for factual data
3. Ollama (running locally) analyzes the data
4. Results are returned to Claude Code

At no point does your query content, network topology, or analysis results leave your machine for AI processing.

---

ASPA Intelligence

What is ASPA?

Autonomous System Provider Authorization (ASPA) is an RPKI-based mechanism defined in RFC 9582 that enables detection and prevention of route leaks. While RPKI ROA (Route Origin Authorization) validates who is authorized to originate a prefix, ASPA validates the path a route takes through the Internet.

Each AS publishes an ASPA object declaring its authorized upstream providers. When a BGP router receives a route, it can walk the AS path and verify that each customer-to-provider hop is authorized. Unauthorized hops indicate a route leak — a common and damaging class of BGP incidents.

Why it matters:

• Route leaks caused by misconfigured BGP sessions are responsible for major Internet outages every year
• ASPA provides cryptographic proof of provider relationships, complementing ROA validation
• Together, ROA + ASPA cover the two most important BGP security gaps: origin validation and path validation
• ASPA is particularly effective against lateral ISS-ISS leaks and customer-to-provider leaks (RFC 7908)

ASPA Tools

PeerCortex provides 6 ASPA-focused tools:

Tool	Description
peercortex_aspa_validate	Validate an AS path against ASPA objects (RFC 9582 Section 6 algorithm)
peercortex_aspa_analyze	Full ASPA readiness analysis — existing objects, detected providers, recommendations
peercortex_aspa_generate	Auto-generate a RIPE DB ASPA object template from BGP data
peercortex_aspa_simulate	"What-if" simulation: how many incidents would ASPA have prevented?
peercortex_aspa_coverage	ASPA adoption statistics per IXP or geographic region
peercortex_aspa_leaks	Real-time route leak detection using ASPA validation

Example Conversations

Analyze ASPA readiness:

You: Analyze ASPA readiness for AS13335
Claude: AS13335 (Cloudflare) currently has no registered ASPA object. Based on BGP path
        analysis, the detected upstream providers are AS174 (Cogent) and AS3356 (Lumen).
        Recommendation: Register an ASPA object listing these providers via the RIPE DB.

Generate an ASPA object:

You: Generate an ASPA object for AS13335
Claude: Here is a RIPE DB-ready ASPA template for AS13335:

        aut-num:      AS13335
        upstream:     AS174    # Cogent (confidence: 95%)
        upstream:     AS3356   # Lumen (confidence: 90%)
        mnt-by:       MNT-CLOUDFLARE
        source:       RIPE

        Submit at: https://apps.db.ripe.net/db-web-ui/webupdates

What-if simulation:

You: What would ASPA have prevented in the last 30 days?
Claude: Analyzing 15 BGP incidents from the last 30 days...
        ASPA would have prevented 11 of 15 incidents (73% prevention rate).
        - Route leaks: 8/10 prevented
        - Hijacks: 2/3 prevented
        - Misconfigurations: 1/2 prevented

IXP adoption:

You: Show ASPA adoption at DE-CIX Frankfurt
Claude: DE-CIX Frankfurt ASPA Coverage:
        - Total participants: 950
        - With ASPA objects: 85 (8.9%)
        - Top adopters: AS13335 (Cloudflare), AS32934 (Meta), AS15169 (Google)

Leak detection:

You: Detect route leaks using ASPA for 1.1.1.0/24
Claude: Analyzing last 24 hours of BGP updates for 1.1.1.0/24...
        Found 3 route leak events:
        - CRITICAL: AS64501 leaked 1.1.1.0/24 to AS3356 (17:42 UTC)
        - HIGH: AS64502 re-originated 1.1.1.0/24 (03:15 UTC)
        - MEDIUM: AS64503 lateral leak to AS6939 (21:08 UTC)

Deployment simulation:

You: Simulate: what if all DE-CIX members deployed ASPA?
Claude: If all 950 DE-CIX Frankfurt members deployed ASPA:
        - Route leak prevention rate would increase from 8.9% to ~92%
        - An estimated 340 route leak incidents per year would be prevented
        - Critical incidents (affecting /8 or larger) would drop by 95%

---

Roadmap

v0.1 — Foundation (Current)

• Project structure and type definitions
• MCP server with 6 tool definitions
• PeeringDB API client
• RIPE Stat API client
• bgp.he.net scraper skeleton
• Route Views / RIPE RIS client
• IRR / WHOIS client
• RPKI validator client
• Ollama AI integration
• SQLite cache layer
• Complete tool implementations
• Unit and integration tests

v0.2 — Core Features

• Full ASN lookup with all sources
• Peering partner scoring algorithm
• BGP anomaly detection engine
• RPKI compliance reporting
• Network comparison logic
• Report templates (Markdown, JSON)

v0.3 — Intelligence

• AI-powered anomaly classification
• Peering request email generation
• Historical trend analysis
• Route leak correlation
• RPKI deployment tracking over time

v0.4 — Production

• SSE transport support
• Webhook alerts for anomalies
• Prometheus metrics endpoint
• Comprehensive test suite (80%+ coverage)
• Performance optimization
• npm package publishing

Future

• bgproutes.io integration (ASPA validation support)
• BGP community analysis
• Traffic estimation from prefix visibility
• Peering ROI calculator
• Multi-language report generation
• Web dashboard (optional)
• Slack/Discord bot integration
• PeeringDB write API (submit peering requests)

---

Contributing

Contributions are welcome! PeerCortex is built by network engineers, for network engineers.

Getting Started

# Fork and clone
git clone https://github.com/YOUR_USERNAME/peercortex.git
cd peercortex

# Install dependencies
npm install

# Run in development mode (auto-reload)
npm run dev

# Run tests
npm test

# Type checking
npm run typecheck

# Linting
npm run lint

Contribution Guidelines

1. Fork the repository
2. Create a feature branch (git checkout -b feat/amazing-feature)
3. Write tests for your changes
4. Ensure all tests pass and types check
5. Commit using conventional commits (feat:, fix:, docs:, etc.)
6. Push your branch and open a Pull Request

Areas Where Help is Needed

• bgp.he.net scraper: Improve HTML parsing for all data tabs
• Anomaly detection: Implement route leak and hijack detection algorithms
• RPKI compliance: Complete the compliance reporting logic
• Test coverage: Unit and integration tests for all modules
• Documentation: Examples, tutorials, and API documentation
• Performance: Optimize parallel data source queries

---

FAQ

Q: Do I need an Ollama instance to use PeerCortex? A: Ollama is recommended for AI-powered features (analysis, ranking, report generation) but not strictly required. The data lookup tools (lookup, bgp, rpki) work without AI — they return raw structured data that Claude Code can interpret directly.

Q: Which Ollama model should I use? A: llama3.1 (8B) is the recommended default. It provides excellent analysis quality while running on most hardware. For deeper analysis, try llama3.1:70b if you have 40GB+ RAM.

Q: Does PeerCortex send my data to the cloud? A: No. All AI inference runs locally via Ollama. PeerCortex queries public APIs (PeeringDB, RIPE Stat, etc.) for factual network data, but your queries and analysis results never leave your machine.

Q: Can I use this without Claude Code? A: Yes! PeerCortex is a standard MCP server. It works with any MCP-compatible client, including Claude Desktop, custom MCP clients, or direct stdio interaction.

Q: How accurate is the BGP anomaly detection? A: PeerCortex uses data from RIPE RIS collectors and Route Views, which are the same data sources used by academic BGP monitoring systems. AI analysis adds context but all findings are based on real routing data.

Q: Can I use this for production monitoring? A: PeerCortex v0.x is designed for interactive querying and analysis. Production monitoring with alerting is planned for v0.4+. For now, it complements (not replaces) production monitoring tools like BGPalerter.

Q: What about IPv6? A: Full IPv6 support. All tools handle both IPv4 and IPv6 prefixes, and PeeringDB data includes IPv6 IX addresses.

Q: How do I get a PeeringDB API key? A: Create an account at peeringdb.com, go to your profile settings, and generate an API key. It's free and gives you higher rate limits.

Q: Can I run PeerCortex behind a firewall? A: Yes, with some considerations. PeerCortex needs outbound HTTP access to PeeringDB, RIPE Stat, bgp.he.net, and optionally RIPE RPKI. If you run Routinator locally, RPKI validation works fully offline. Ollama runs entirely local.

---

Acknowledgments

PeerCortex is built on the shoulders of these incredible projects and organizations:

• PeeringDB — The freely available, user-maintained database of networks. Thank you to PeeringDB Inc. and all contributors who keep peering data open and accessible.
• RIPE NCC — For RIPE Stat, RIPE RIS, and the RIPE Database. Essential infrastructure for Internet measurement and analysis.
• Route Views — University of Oregon's Route Views project for global routing table collection.
• Ollama — Making local AI accessible and easy to run.
• NLnet Labs — For Routinator and advancing RPKI deployment.
• Hurricane Electric — For bgp.he.net, an invaluable BGP toolkit.
• Model Context Protocol — Anthropic's MCP specification enabling AI tool integration.

---

Ecosystem

Part of the Cortex Family

PeerCortex is part of a growing ecosystem of AI-powered MCP tools:

Project	Description
PaperCortex	AI-powered academic paper management and research assistant
PeerCortex	AI-powered network intelligence platform (you are here)

Each Cortex project follows the same philosophy: local AI, open source, privacy-first, MCP-native.

---

PeerCortex — Network intelligence, unified.
_{Built with care for the network engineering community.}