Mailing List Archive: Cisco: NSP

How to monitor BGP sessions

Index | Next | Previous | View Threaded

chiel at gmx

Apr 17, 2007, 8:20 AM

Post #1 of 20 (6142 views)
Permalink

How to monitor BGP sessions

Hello,

I was wondering how you guys monitor your BGP sessions. Do you use snmp traps or do you poll the router with a snmp get (if thats posible)?
I ask this because I want don't want to get notified if one bgp goes down. But I would like to know if a important bgp session goes down/flapping.

So I would like to see something like this:
All bgp sessions: snmp-traps
Important bgp sessions: snmp-trap & snmp get

My questions is, what do you use for monitoring bgp? And is it posible to send a snmp get to a cisco device specifying only one bgp session to get the status for that? and what is the MIB for that?

thanks
chiel
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

robert at tellurian

Apr 17, 2007, 8:59 AM

Post #2 of 20 (6073 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

At 11:20 AM 4/17/2007, you wrote:
>Hello,
>
>I was wondering how you guys monitor your BGP sessions. Do you use
>snmp traps or do you poll the router with a snmp get (if thats posible)?
>I ask this because I want don't want to get notified if one bgp goes
>down. But I would like to know if a important bgp session goes down/flapping.
>
>So I would like to see something like this:
>All bgp sessions: snmp-traps
>Important bgp sessions: snmp-trap & snmp get
>
>My questions is, what do you use for monitoring bgp? And is it
>posible to send a snmp get to a cisco device specifying only one bgp
>session to get the status for that? and what is the MIB for that?

Yes. You can use any SNMP monitoring package. There are hundreds of
commercial and free SNMP management software programs out there.

The MIB is:

1.3.6.1.2.1.15.3.1.2.a.b.c.d

where a.b.c.d is the IP address of your BGP neighbor.

-Robert

Tellurian Networks - Global Hosting Solutions Since 1995
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

streiner at cluebyfour

Apr 17, 2007, 9:02 AM

Post #3 of 20 (6098 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

On Tue, 17 Apr 2007, chiel wrote:

> I was wondering how you guys monitor your BGP sessions. Do you use snmp
> traps or do you poll the router with a snmp get (if thats posible)?
> I ask this because I want don't want to get notified if one bgp goes
> down. But I would like to know if a important bgp session goes
> down/flapping.

The two main alert paths would be SNMP notifies/traps and syslog messages.
I believe you can poll for the status of a given BGP session on a router,
but it's better to have those alerts come from the router into your net
management / event handling / monitoring system and write rules for
determining if a BGP session is flapping, i.e. if $session on $router
sends more than some number of up/down messages within a specific period
of time, $session is to be considered unstable and take the appropriate
action (send an email, page an engineer, etc...). Many modern NMS
packages have the intelligence to do this already.

> So I would like to see something like this:
> All bgp sessions: snmp-traps
> Important bgp sessions: snmp-trap & snmp get

An external system (NMS, etc) would need to determine what "important",
"flap", etc mean, based on rules provided by you. If you use BGP flap
damping on your routers, ou may also want to keep a count on each router
of the number of damped prefixes.

> My questions is, what do you use for monitoring bgp? And is it posible
> to send a snmp get to a cisco device specifying only one bgp session to
> get the status for that? and what is the MIB for that?

I believe it is possible to get BGP session information from a router via
SNMP, but I don't have the MIBs in front of me at the moment to take a
look.

Depending on what you use for network management (if anything), many
packages include tools for browsing the MIBs you have loaded into the
system.

Cisco packages all of theirs in a set of compressed tar files. They
also provide schema files which are useful for finding the OID string
you may need to poll for a specific thing. If you use unix/linux,
unraveling those tar files into a set of directories grepping
for terms like "BGP" or "Bgp" (case is important). Cisco also has a MIB
browser tool on their website that might be useful for you.

jms
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

rdobbins at cisco

Apr 17, 2007, 9:14 AM

Post #4 of 20 (6057 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

On Apr 17, 2007, at 9:02 AM, Justin M. Streiner wrote:

> An external system (NMS, etc) would need to determine what
> "important",
> "flap", etc mean, based on rules provided by you.

Arbor Peakflow SP watches BGP and can provide some correlation
between BGP events and traffic events observed via NetFlow;
PacketDesign's RouteExplorer does a lot of sophisticated BGP
monitoring and alerting, in addition to the various IGPs and MPLS, FWIW.

-----------------------------------------------------------------------
Roland Dobbins <rdobbins [at] cisco> // 408.527.6376 voice

Words that come from a machine have no soul.

-- Duong Van Ngo

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

eravin at panix

Apr 17, 2007, 9:27 AM

Post #5 of 20 (6056 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

On Tue, Apr 17, 2007 at 05:20:08PM +0200, chiel wrote:
> I was wondering how you guys monitor your BGP sessions. Do you
> use snmp traps or do you poll the router with a snmp get

As already posted by others, you can use either method.

Here's a script that uses SNMP to get the router status, and complains
if any of your BGP sessions are down:

http://mon.cvs.sourceforge.net/mon/mon-contrib/monitors/bgp/bgp/

It's part of the Mon monitoring system but the script will operate
freestanding.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

tony at lava

Apr 17, 2007, 2:46 PM

Post #6 of 20 (6063 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

On Tue, 17 Apr 2007, Robert Boyle wrote:

> The MIB is:
>
> 1.3.6.1.2.1.15.3.1.2.a.b.c.d
>
> where a.b.c.d is the IP address of your BGP neighbor.

Anyone know how the 'a.b.c.d' is mapped for an IPv6 BGP neighbor? I've
got a bunch of such neighbors but doing an snmpwalk through that OID
subtree returns only entries that resemble IPv4 octets - some of which
aren't even configured as actual IPv4 neighbors.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

liviu.pislaru at gmail

Apr 17, 2007, 11:50 PM

Post #7 of 20 (6086 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

hello robert,

you can try to obtain automatically (with the same monitoring script)
neighbors ip adresses (ipv4 or ipv6);

EXAMPLE (perl):

- you have router X with the ip adress $iprouter:

$comm="xxxxxxxx"; # put here your own password
$oid="1.3.6.1.2.1.15.3.1.7";

($session,$error) = Net::SNMP->session(
-timeout => 2,
-retries => 1,
-hostname => "$iprouter",
-community => "$comm",

if (!defined($session)) {
print "Error fetching informations from $iprouter: $error\n";
exit(-1);
}
$result = $session->get_table(-baseoid => $oid);
%all = %{$result};
@ktmp=keys %all;
foreach (@ktmp) {
$remote_peer=$result->{$_};
print "$remote_peer\n";
}

even if you have IPV6 neighbors on the router, $remote_peer will be printed
IPV4 style and you can combine it later with others OIDs:
(for example)
$oid_as="1.3.6.1.2.1.15.3.1.9.$remote_peer"
$oid_lpeer="1.3.6.1.2.1.15.3.1.5.$remote_peer"
$oid_state="1.3.6.1.2.1.15.3.1.2.$remote_peer"
1 -> Idle
2 -> Connect
3 -> Active
4 -> OpenSent
5 -> OpenConfirm
6 -> Established

etc.

OUTPUT EXAMPLE:
Router X has 3 BGP neighbors:
1. 213.154.97.240
2. 213.154.97.241
3. 2001:1518:0:3000::2

the script above will return 3 values for $remote_peer:
1. 213.154.97.240
2. 213.154.97.241
3. 32.1.21.24

you can see that even if the third neighbor is IPV6, the $remote_peer is
printed IPV4 style and you can use it later with the next OIDs.

--
liviu.

On Wednesday 18 April 2007 00:46, Antonio Querubin wrote:
> On Tue, 17 Apr 2007, Robert Boyle wrote:
> > The MIB is:
> >
> > 1.3.6.1.2.1.15.3.1.2.a.b.c.d
> >
> > where a.b.c.d is the IP address of your BGP neighbor.
>
> Anyone know how the 'a.b.c.d' is mapped for an IPv6 BGP neighbor? I've
> got a bunch of such neighbors but doing an snmpwalk through that OID
> subtree returns only entries that resemble IPv4 octets - some of which
> aren't even configured as actual IPv4 neighbors.
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

lathiat at bur

Apr 18, 2007, 12:05 AM

Post #8 of 20 (6051 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

Howdy,

liviu.pislaru [at] gmail wrote:

<snip>
> OUTPUT EXAMPLE:
> Router X has 3 BGP neighbors:
> 1. 213.154.97.240
> 2. 213.154.97.241
> 3. 2001:1518:0:3000::2
>
> the script above will return 3 values for $remote_peer:
> 1. 213.154.97.240
> 2. 213.154.97.241
> 3. 32.1.21.24
>
> you can see that even if the third neighbor is IPV6, the $remote_peer is
> printed IPV4 style and you can use it later with the next OIDs.
>
Right so it is taking the first 32bits of the IPv6 address as an IPv4
address, wonder what happens if you have more than 1 session to an IP in
the same /32...

Cheers,
Trent

<snip>
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

mailinglists at unix-scripts

Apr 18, 2007, 1:33 AM

Post #9 of 20 (6058 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

I use nagios and wrote my own pluggin to poll the device via snmp. If you
want a copy email me and i'll send you the script.

~Shaun

"chiel" <chiel [at] gmx> wrote in message
news:030c01c78103$e2fbb460$760010ac [at] michiel
> Hello,
>
> I was wondering how you guys monitor your BGP sessions. Do you use snmp
> traps or do you poll the router with a snmp get (if thats posible)?
> I ask this because I want don't want to get notified if one bgp goes down.
> But I would like to know if a important bgp session goes down/flapping.
>
> So I would like to see something like this:
> All bgp sessions: snmp-traps
> Important bgp sessions: snmp-trap & snmp get
>
> My questions is, what do you use for monitoring bgp? And is it posible to
> send a snmp get to a cisco device specifying only one bgp session to get
> the status for that? and what is the MIB for that?
>
> thanks
> chiel
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

gert at greenie

Apr 18, 2007, 1:41 AM

Post #10 of 20 (6054 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

Hi,

On Wed, Apr 18, 2007 at 09:50:06AM +0300, liviu.pislaru [at] gmail wrote:
> OUTPUT EXAMPLE:
> Router X has 3 BGP neighbors:
> 1. 213.154.97.240
> 2. 213.154.97.241
> 3. 2001:1518:0:3000::2
>
> the script above will return 3 values for $remote_peer:
> 1. 213.154.97.240
> 2. 213.154.97.241
> 3. 32.1.21.24

I wonder how this looks like if you have multiple IPv6 neighbours starting
with the same 32 bits - 32.1.21.24 is just decimal for 2001:1518: - so
what happens if you have another neighbor, 2001:1518:0:3001::2 (or so)?

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert [at] greenie
fax: +49-89-35655025 gert [at] net
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

p.caci at seabone

Apr 18, 2007, 2:00 AM

Post #11 of 20 (6054 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

:-> "liviu" == liviu pislaru <liviu.pislaru [at] gmail> writes:

> hello robert,
> you can try to obtain automatically (with the same monitoring script)
> neighbors ip adresses (ipv4 or ipv6);

> EXAMPLE (perl):

> - you have router X with the ip adress $iprouter:

> $comm="xxxxxxxx"; # put here your own password
> $oid="1.3.6.1.2.1.15.3.1.7";

Polling this MIB on a GSR running 12.0(32)S5 only returns me IPv4
neighbors. What router/IOS are you using that gives you ipv6 too?

--

-------------------------------------------------------------------------------
Pierfrancesco Caci | Network & System Administrator - INOC-DBA: 6762*PFC
p.caci [at] seabone | Telecom Italia Sparkle - http://etabeta.noc.seabone.net/
Linux clarabella 2.6.12-10-686-smp #1 SMP Fri Sep 15 16:47:57 UTC 2006 i686 GNU/Linux

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

david.freedman at uk

Apr 18, 2007, 4:29 AM

Post #12 of 20 (6058 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

Also, whilst on the subject, have cisco come up with a way to detect
Idle as a result of maxprefix via SNMP yet?

Dave.

Shaun R. wrote:
> I use nagios and wrote my own pluggin to poll the device via snmp. If you
> want a copy email me and i'll send you the script.
>
> ~Shaun
>
>
> "chiel" <chiel [at] gmx> wrote in message
> news:030c01c78103$e2fbb460$760010ac [at] michiel
>> Hello,
>>
>> I was wondering how you guys monitor your BGP sessions. Do you use snmp
>> traps or do you poll the router with a snmp get (if thats posible)?
>> I ask this because I want don't want to get notified if one bgp goes down.
>> But I would like to know if a important bgp session goes down/flapping.
>>
>> So I would like to see something like this:
>> All bgp sessions: snmp-traps
>> Important bgp sessions: snmp-trap & snmp get
>>
>> My questions is, what do you use for monitoring bgp? And is it posible to
>> send a snmp get to a cisco device specifying only one bgp session to get
>> the status for that? and what is the MIB for that?
>>
>> thanks
>> chiel
>> _______________________________________________
>> cisco-nsp mailing list cisco-nsp [at] puck
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

tony at lava

Apr 18, 2007, 1:51 PM

Post #13 of 20 (6050 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

On Wed, 18 Apr 2007, liviu.pislaru [at] gmail wrote:

> OUTPUT EXAMPLE:
> Router X has 3 BGP neighbors:
> 1. 213.154.97.240
> 2. 213.154.97.241
> 3. 2001:1518:0:3000::2
>
> the script above will return 3 values for $remote_peer:
> 1. 213.154.97.240
> 2. 213.154.97.241
> 3. 32.1.21.24
>
> you can see that even if the third neighbor is IPV6, the $remote_peer is
> printed IPV4 style and you can use it later with the next OIDs.

Unfortunately, this isn't useful when most of the IPv6 neighbor links are
assigned out of the same /32.

Antonio Querubin
whois: AQ7-ARIN
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

tony at lava

Apr 18, 2007, 2:02 PM

Post #14 of 20 (6049 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

On Wed, 18 Apr 2007, Gert Doering wrote:

> I wonder how this looks like if you have multiple IPv6 neighbours starting
> with the same 32 bits - 32.1.21.24 is just decimal for 2001:1518: - so
> what happens if you have another neighbor, 2001:1518:0:3001::2 (or so)?

Only one neighbor entry shows up. Eg, one of our routers shows the
following from snmpwalk:

15.3.1.7.32.1.8.56 = IpAddress: 32.1.8.56
15.3.1.7.32.1.14.0 = IpAddress: 32.1.14.0
15.3.1.7.32.1.24.136 = IpAddress: 32.1.24.136
15.3.1.7.32.1.72.48 = IpAddress: 32.1.72.48

However, there are actually 17 IPv6 BGP peers on that router - 12 of which
are apparently overlapping on the 32.1.24.136 entry above.

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

mailinglists at unix-scripts

Apr 18, 2007, 3:07 PM

Post #15 of 20 (6084 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

Wow, i got about 10 requests for my script! Figured i would post it here
too. http://unix-scripts.com/

There are a few other check scripts i wrote for nagios on that url also.

In order to use the script you'll need the following perl modules installed

Net::SNMP
Getopt::Long

Any questions let me know.

~Shaun

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

chiel at gmx

Apr 19, 2007, 2:14 AM

Post #16 of 20 (6045 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

Thanks for al the reply's, and Shaun your script works great! thanks
But maybe back to the questions. If I would go for the methode to poll my
BGP router for a BGP state, let say every minute, There is the change that I
would mis a flapping state that is taking place with that session. Wouldn't
it be better to only go with do snmp traps?

But is there some software (for linux) that can priorities from wich
sessions a bgp trap is sent?

Btw, is there a MIB where you specify the AS number rather than the ip
number, like in "1.3.6.1.2.1.15.3.1.2.a.b.c.d" ?

chiel

----- Original Message -----
From: "Antonio Querubin" <tony [at] lava>
To: "Gert Doering" <gert [at] greenie>
Cc: <cisco-nsp [at] puck>
Sent: Wednesday, April 18, 2007 11:02 PM
Subject: Re: [c-nsp] How to monitor BGP sessions

> On Wed, 18 Apr 2007, Gert Doering wrote:
>
>> I wonder how this looks like if you have multiple IPv6 neighbours
>> starting
>> with the same 32 bits - 32.1.21.24 is just decimal for 2001:1518: - so
>> what happens if you have another neighbor, 2001:1518:0:3001::2 (or so)?
>
> Only one neighbor entry shows up. Eg, one of our routers shows the
> following from snmpwalk:
>
> 15.3.1.7.32.1.8.56 = IpAddress: 32.1.8.56
> 15.3.1.7.32.1.14.0 = IpAddress: 32.1.14.0
> 15.3.1.7.32.1.24.136 = IpAddress: 32.1.24.136
> 15.3.1.7.32.1.72.48 = IpAddress: 32.1.72.48
>
> However, there are actually 17 IPv6 BGP peers on that router - 12 of which
> are apparently overlapping on the 32.1.24.136 entry above.
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

simon at limmat

Apr 19, 2007, 2:16 AM

Post #17 of 20 (6100 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

Gert Doering writes:
> I wonder how this looks like if you have multiple IPv6 neighbours
> starting with the same 32 bits - 32.1.21.24 is just decimal for
> 2001:1518: - so what happens if you have another neighbor,
> 2001:1518:0:3001::2 (or so)?

Does nobody here run iBGP over IPv6? Multiple IPv6 neighbors in the
same /32 are mangled into one MIB row. An example follows. Note that
the first row in the output corresponds to 38 iBGP peerings with
neighbor addresses from the same /32 (2001:620::/32).

: leinen [at] smirno[super_opt]; snmptable -v 2c -c hctiws -Ci -Cb ce2 cbgpPeerAddrFamilyPrefixTable
SNMP table: CISCO-BGP4-MIB::cbgpPeerAddrFamilyPrefixTable

index [...] AdvertisedPrefixes [...]
32.1.6.32.ipv6.unicast [...] 10140 [...]
32.1.7.152.ipv6.unicast [...] 121 [...]
32.1.7.248.ipv6.unicast [...] 40697 [...]
[...]

I have no idea how the counters in this row are synthesized - maybe
the counters from the last peering in the mangle-bundle overwrite all
others.

Cisco implements a variant of a subset of the draft BGP-4 "v2" MIB
that the IDR (Inter-Domain Routing) working group in the IETF has
tried to standardize for a couple of years. The IETF proposal as it
currently stands includes decent multi-protocol support - Cisco just
did a half-assed variant of that which truncates IPv6 peer addresses
to IPv4 addresses (why didn't they at least use the BOTTOM 32 bits? :-)

If you find SNMP monitoring of BGP peerings important, please send
your input to the IETF IDR mailing list:

https://www1.ietf.org/mailman/listinfo/idr

The discussion so far can be found in the archive:

http://www1.ietf.org/mail-archive/web/idr/current/threads.html#02341

It has stalled a few weeks ago, but I would say there is latent
interest in getting the BGP-4 "v2" MIB effort off the ground again, so
your participation could have a big effort.

Tell us what you want to see in this MIB!

Otherwise we'll remain stuck with the old ("v1") MIB in RFC 4273,
which is almost unchanged from RFC 1657. Since that MIB is from 1994,
it doesn't know about things like IPv6, multicast, or "address
families" in general.
--
Simon.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

gert at greenie

Apr 19, 2007, 2:42 AM

Post #18 of 20 (6065 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

Hi,

On Thu, Apr 19, 2007 at 11:16:01AM +0200, Simon Leinen wrote:
> Gert Doering writes:
> > I wonder how this looks like if you have multiple IPv6 neighbours
> > starting with the same 32 bits - 32.1.21.24 is just decimal for
> > 2001:1518: - so what happens if you have another neighbor,
> > 2001:1518:0:3001::2 (or so)?
>
> Does nobody here run iBGP over IPv6?

We do...

> Multiple IPv6 neighbors in the
> same /32 are mangled into one MIB row.

... but we don't use SNMP to monitore BGP session state (but some crude
scripts that do "show ip bgp su" on the router's CLI).

gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert [at] greenie
fax: +49-89-35655025 gert [at] net
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

simon at limmat

Apr 19, 2007, 3:26 AM

Post #19 of 20 (6066 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

David Freedman writes:
> Also, whilst on the subject, have cisco come up with a way to detect
> Idle as a result of maxprefix via SNMP yet?

None that I knew of.

>From my reading of the BGP MIB (RFC 4273), this could/should be
reflected in bgpLastError (1.3.6.1.2.1.15.3.1.14), at least on one end
of the peering. bgpLastError, which dates back to 1994, is a
two-octet string containing the BGP error code and subcode. Code 6
would correspond to "cease", and according to RFC 4486, the subcode
for tripping max-prefixes is 1 (one). So if you have a peering that
is down because of max-prefixes, check out whether its bgpLastError
consists of the octets 0x06 0x01.

Unfortunately, my tests between two Ciscos running 12.2(33)SRA/SRB
seem to indicate that it doesn't work this way. When I deliberately
kill a peering by configuring a too-small maximum-prefix, the session
is closed and transitions to "idle" on both sides, but bgpLastError
isn't updated on either end.

Even if Cisco implemented this correctly according to my reading of
the MIB, I'm not sure it would do what you want. Do you want to see
this on the router where the "maximum-prefix" is configured, or on the
other router (the "victim" of the prefix limit)? I think bgpLastError
only provides the latter.

Again, this would be useful input to the discussion of the
next-generation BGP-4 MIB in the IDR working group of the IETF:

https://www1.ietf.org/mailman/listinfo/idr
http://www1.ietf.org/mail-archive/web/idr/current/threads.html#02341
--
Simon.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

ian.mackinnon at lumison

Apr 24, 2007, 5:47 AM

Post #20 of 20 (6021 views)
Permalink

Re: How to monitor BGP sessions [In reply to]

thanks for the script, we are now using it to check our transit connections.

Thanks again.

Shaun R. wrote:
> Wow, i got about 10 requests for my script! Figured i would post it here
> too. http://unix-scripts.com/
>
> There are a few other check scripts i wrote for nagios on that url also.
>
> In order to use the script you'll need the following perl modules installed
>
> Net::SNMP
> Getopt::Long
>
> Any questions let me know.
>
> ~Shaun
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

--

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify the sender. Any
offers or quotation of service are subject to formal specification.
Errors and omissions excepted. Please note that any views or opinions
presented in this email are solely those of the author and do not
necessarily represent those of Lumison, nplusone or lightershade ltd.
Finally, the recipient should check this email and any attachments for the
presence of viruses. Lumison, nplusone and lightershade ltd accepts no
liability for any damage caused by any virus transmitted by this email.

--
--
Virus scanned by Lumison.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact Gossamer Threads