BMP In BGP

BMP is a standard protocol that is intended to monitor BGP RIB and sessions. It encapsulates BGP messages from one or more BGP peers into a single TCP stream that is sent to one or more collectors. BMP is standardized by RFC 7854 and the final version 3 is supported by the Virtual Service Router.

BGP information is received by the collector and can be visualized in a graphical frontend or in reports. Operators can perform various analyses that would normally require complex ‘show’ command parsing. Examples of BMP use cases are:

  • Knowing all the candidate routes for a given prefix with their BGP attributes (AS PATH, local preference, weight…)

  • Monitoring the session state changes within the topology

  • Providing a BGP looking glass

  • Performing security analysis to find out route leaking for example (prefixes with an unexpected AS-PATH list, prefixes originating from two different ASs).

BMP configuration

Collector setup

The BMP configuration is located under BGP router vrf <VRF> routing bgp bmp. A BMP targets group references a group of collectors and its options.

The BMP session established between a collector and the local device can be initiated by either side.

The connect option defines the collector to connect to. Multiple connect options are possible.

vsr running config# / vrf main interface loopback loop1 ipv4 address 1.1.1.1/32
vsr running config# / vrf main routing bgp as 65500
vsr running config# / vrf main routing bgp bmp targets GROUP1 connect 100.0.0.1 5000 source-interface loop1

Incoming BMP sessions from collectors are not accepted unless listener is defined. The 0.0.0.0 IP address means that the BMP service listens on all addresses. Multiple listener options are accepted on specific IP addresses.

vsr running config# / vrf main routing bgp bmp targets GROUP1 listener 0.0.0.0 5000

In case the listener option is used, it is recommended to use an access-list to control from which sources the connections from the collector are allowed.

vsr running config# / routing ipv4-access-list BMP-ACL seq 1 permit 100.0.0.0/24
vsr running config# / vrf main routing bgp bmp targets GROUP1 ipv4-access-list BMP-ACL

Note

  • The listener and connect options can be used simultaneously

  • The access lists that are defined in the BMP targets group protect the entire BMP service and apply to all the connections defined with the above options.

BMP options

By default, BMP only sends messages about the states of the BGP sessions present on the Virtual Service Router. Sending RIB information and statistics is optional.

RIB information

RIB information can be enabled per address family (e.g. ipv4 unicast). Three levels of RIB information can be selected:

  • pre-policy allows sending the information from an ADJ-RIB-IN, which contains all the routes received from the peers before the incoming policy filters are applied.

  • post-policy allows sending the RIB information after the incoming policy filters are applied.

  • loc-rib allows sending the RIB information after the decision process is applied. The RIB information is sent to the BMP collector, as specified in RFC 9069.

The following configuration permits sending the ADJ-RIB-IN information to the collector. soft-reconfiguration-inbound option must be enabled to benefit from the ADJ-RIB-IN availability from 10.125.0.2.

vsr running config# / vrf main routing bgp neighbor 10.125.0.2 remote-as 65500
vsr running config# / vrf main routing bgp neighbor 10.125.0.2 address-family ipv4-unicast soft-reconfiguration-inbound true
vsr running config# / vrf main routing bgp bmp targets GROUP1 monitor ipv4 unicast pre-policy

BGP updates are buffered before being sent to the collector. By default, redundant BGP updates, in case of prefix flapping, are summed up to unique messages, in order to save resources on the collector. The mirror option allows dumping all update messages to the collector. In this way, the collector has the full update history, which could be useful to detect update flappings or to debug update issues.

vsr running config# / vrf main routing bgp bmp targets GROUP1 mirror true

Note

BMP mirror options dump all BGP messages except Open messages.

Statistics

BMP can optionally transmit periodic statistics about BGP sessions. The supported counters are the following:

  • number of prefixes rejected

  • number of duplicate prefix withdrawals

  • number of prefixes received with a loop in cluster id.

  • number of prefixes received with a loop in the AS-PATH

  • number of prefixes received with a loop in the originator

  • number of “treat as withdrawal” updates, as per RFC 7606.

To enable the transmission of statistics to the collector every minute, use the following configuration command:

vsr running config# / vrf main routing bgp bmp targets GROUP1 stats-interval 60000

Configuration sample

The below configuration gives a full configuration example of a BMP configuration:

vsr running config# / vrf main interface physical eth1 port pci-b0s4
vsr running config# / vrf main interface physical eth1 ipv4 address 100.0.0.2/24
vsr running config# / vrf main interface physical eth2 port pci-b0s5
vsr running config# / vrf main interface physical eth2 ipv4 address 10.125.0.1/24
vsr running config# / vrf main interface loopback loop1 ipv4 address 1.1.1.1/32
vsr running config# / vrf main routing bgp as 65500
vsr running config# / vrf main routing bgp neighbor 10.125.0.2 remote-as 65500
vsr running config# / vrf main routing bgp neighbor 10.125.0.2 address-family ipv4-unicast soft-reconfiguration-inbound true
vsr running config# / vrf main routing bgp neighbor 10.125.0.2 address-family ipv4-vpn enabled true
vsr running config# / vrf main routing bgp neighbor 10.125.0.2 address-family ipv4-vpn soft-reconfiguration-inbound true
vsr running config# / vrf main routing bgp bmp targets GROUP1 connect 100.0.0.1 20000 source-interface loop1
vsr running config# / vrf main routing bgp bmp targets GROUP1 mirror true
vsr running config# / vrf main routing bgp bmp targets GROUP1 monitor ipv4 unicast post-policy
vsr running config# / vrf main routing bgp bmp targets GROUP1 monitor ipv4 unicast pre-policy
vsr running config# / vrf main routing bgp bmp targets GROUP1 monitor ipv4 vpn post-policy
vsr running config# / vrf main routing bgp bmp targets GROUP1 monitor ipv4 vpn pre-policy

Troubleshooting

To see the active collector connections and their statistics, use the show bgp bmp command.

vsr> show bgp bmp

Route mirroring          0 messages (0 bytes) pending
                         0 bytes maximum buffer used


Targets GROUP1:
  Connections state:
client          state timer    source-ip
======          ===== =====    =========
100.0.0.1:20000 up    00:00:02 1.1.1.1

  Clients statistics:
client          uptime   monitor sent mirror sent mirror lost byte sent byte queue byte kernel queue
======          ======   ============ =========== =========== ========= ========== =================
100.0.0.1:20000 00:00:02            0           0           0       310          0                 0