BMP In BGP¶
BMP is a standard protocol that is intended to monitor BGP RIB and sessions. It encapsulates BGP messages from one or more BGP peers into a single TCP stream that is sent to one or more collectors. BMP is standardized by RFC 7854 and the final version 3 is supported by the Virtual Service Router.
BGP information is received by the collector and can be visualized in a graphical frontend or in reports. Operators can perform various analyses that would normally require complex ‘show’ command parsing. Examples of BMP use cases are:
Knowing all the candidate routes for a given prefix with their BGP attributes (AS PATH, local preference, weight…)
Monitoring the session state changes within the topology
Providing a BGP looking glass
Performing security analysis to find out route leaking for example (prefixes with an unexpected AS-PATH list, prefixes originating from two different ASs).
BMP configuration¶
Collector setup¶
The BMP configuration is located under BGP router vrf <VRF> routing bgp
bmp
. A BMP targets group
references a group of collectors and its options.
The BMP session established between a collector and the local device can be initiated by either side.
The connect
option defines the collector to connect to. Multiple connect
options are possible.
vsr running config# / vrf main interface loopback loop1 ipv4 address 1.1.1.1/32
vsr running config# / vrf main routing bgp as 65500
vsr running config# / vrf main routing bgp bmp targets GROUP1 connect 100.0.0.1 5000 source-interface loop1
Incoming BMP sessions from collectors are not accepted unless listener
is defined. The 0.0.0.0
IP address means that the BMP service listens
on all addresses. Multiple listener
options are accepted on specific IP
addresses.
vsr running config# / vrf main routing bgp bmp targets GROUP1 listener 0.0.0.0 5000
In case the listener
option is used, it is recommended to use an
access-list to control from which sources the connections from the collector
are allowed.
vsr running config# / routing ipv4-access-list BMP-ACL seq 1 permit 100.0.0.0/24
vsr running config# / vrf main routing bgp bmp targets GROUP1 ipv4-access-list BMP-ACL
Note
The
listener
andconnect
options can be used simultaneouslyThe access lists that are defined in the BMP
targets group
protect the entire BMP service and apply to all the connections defined with the above options.
BMP options¶
By default, BMP only sends messages about the states of the BGP sessions present on the Virtual Service Router. Sending RIB information and statistics is optional.
RIB information¶
RIB information can be enabled per address family (e.g. ipv4 unicast
). Three
levels of RIB information can be selected:
pre-policy
allows sending the information from an ADJ-RIB-IN, which contains all the routes received from the peers before the incoming policy filters are applied.post-policy
allows sending the RIB information after the incoming policy filters are applied.loc-rib
allows sending the RIB information after the decision process is applied. The RIB information is sent to the BMP collector, as specified in RFC 9069.
The following configuration permits sending the ADJ-RIB-IN information to the
collector. soft-reconfiguration-inbound
option must be enabled to benefit from
the ADJ-RIB-IN availability from 10.125.0.2
.
vsr running config# / vrf main routing bgp neighbor 10.125.0.2 remote-as 65500
vsr running config# / vrf main routing bgp neighbor 10.125.0.2 address-family ipv4-unicast soft-reconfiguration-inbound true
vsr running config# / vrf main routing bgp bmp targets GROUP1 monitor ipv4 unicast pre-policy
BGP updates are buffered before being sent to the collector. By default,
redundant BGP updates, in case of prefix flapping, are summed up to unique
messages, in order to save resources on the collector. The mirror
option
allows dumping all update
messages to the collector. In this way, the
collector has the full update history, which could be useful to detect
update flappings or to debug update issues.
vsr running config# / vrf main routing bgp bmp targets GROUP1 mirror true
Note
BMP mirror options dump all BGP messages except Open messages.
Statistics¶
BMP can optionally transmit periodic statistics about BGP sessions. The supported counters are the following:
number of prefixes rejected
number of duplicate prefix withdrawals
number of prefixes received with a loop in cluster id.
number of prefixes received with a loop in the AS-PATH
number of prefixes received with a loop in the originator
number of “treat as withdrawal” updates, as per RFC 7606.
To enable the transmission of statistics to the collector every minute, use the following configuration command:
vsr running config# / vrf main routing bgp bmp targets GROUP1 stats-interval 60000
Configuration sample¶
The below configuration gives a full configuration example of a BMP configuration:
vsr running config# / vrf main interface physical eth1 port pci-b0s4
vsr running config# / vrf main interface physical eth1 ipv4 address 100.0.0.2/24
vsr running config# / vrf main interface physical eth2 port pci-b0s5
vsr running config# / vrf main interface physical eth2 ipv4 address 10.125.0.1/24
vsr running config# / vrf main interface loopback loop1 ipv4 address 1.1.1.1/32
vsr running config# / vrf main routing bgp as 65500
vsr running config# / vrf main routing bgp neighbor 10.125.0.2 remote-as 65500
vsr running config# / vrf main routing bgp neighbor 10.125.0.2 address-family ipv4-unicast soft-reconfiguration-inbound true
vsr running config# / vrf main routing bgp neighbor 10.125.0.2 address-family ipv4-vpn enabled true
vsr running config# / vrf main routing bgp neighbor 10.125.0.2 address-family ipv4-vpn soft-reconfiguration-inbound true
vsr running config# / vrf main routing bgp bmp targets GROUP1 connect 100.0.0.1 20000 source-interface loop1
vsr running config# / vrf main routing bgp bmp targets GROUP1 mirror true
vsr running config# / vrf main routing bgp bmp targets GROUP1 monitor ipv4 unicast post-policy
vsr running config# / vrf main routing bgp bmp targets GROUP1 monitor ipv4 unicast pre-policy
vsr running config# / vrf main routing bgp bmp targets GROUP1 monitor ipv4 vpn post-policy
vsr running config# / vrf main routing bgp bmp targets GROUP1 monitor ipv4 vpn pre-policy
Troubleshooting¶
To see the active collector connections and their statistics, use the show bgp bmp
command.
vsr> show bgp bmp
Route mirroring 0 messages (0 bytes) pending
0 bytes maximum buffer used
Targets GROUP1:
Connections state:
client state timer source-ip
====== ===== ===== =========
100.0.0.1:20000 up 00:00:02 1.1.1.1
Clients statistics:
client uptime monitor sent mirror sent mirror lost byte sent byte queue byte kernel queue
====== ====== ============ =========== =========== ========= ========== =================
100.0.0.1:20000 00:00:02 0 0 0 310 0 0