BMP In BGP

BMP is a standard protocol that is intended to monitor BGP RIB and sessions. It encapsulates BGP messages from one or more BGP peers into a single TCP stream that is sent to one or more collectors. BMP is standardized by RFC 7854 and the final version 3 is supported by the Virtual Service Router.

BGP information is received by the collector and can be visualized in a graphical frontend or in reports. Operators can perform various analyses that would normally require complex ‘show’ command parsing. Examples of BMP use cases are:

  • Knowing all the candidate routes for a given prefix with their BGP attributes (AS PATH, local preference, weight…)

  • Monitoring the session state changes within the topology

  • Providing a BGP looking glass

  • Performing security analysis to find out route leaking for example (prefixes with an unexpected AS-PATH list, prefixes originating from two different ASs).

BMP configuration

Collector setup

The BMP configuration is located under BGP router vrf <VRF> routing bgp bmp. A BMP targets group references a group of collectors and its options.

The BMP session established between a collector and the local device can be initiated by either side.

The connect option defines the collector to connect to. Multiple connect options are possible.

vsr running config# vrf main
vsr running vrf main# interface loopback loop1 ipv4 address 1.1.1.1/32
vsr running vrf main# routing bgp
vsr running bgp#! as 65500
vsr running bgp# bmp
vsr running bgp# targets group1
vsr running targets group1# connect 100.0.0.1 5000 source-interface loop1
vsr running targets group1#

Incoming BMP sessions from collectors are not accepted unless listener is defined. The 0.0.0.0 IP address means that the BMP service listens on all addresses. Multiple listener options are accepted on specific IP addresses.

vsr running config# vrf main
vsr running vrf main# routing bgp
vsr running bgp# bmp targets group1
vsr running targets group1# listener 0.0.0.0 5000
vsr running targets group1#

In case the listener option is used, it is recommended to use an access-list to control from which sources the connections from the collector are allowed.

vsr running config# routing ipv4-access-list acl1 seq 1 permit 100.0.0.0/24
vsr running config# vrf main
vsr running vrf main# routing bgp
vsr running bgp# bmp targets group1
vsr running targets group1# ipv4-access-list acl1
vsr running targets group1#

Note

  • The listener and connect options can be used simultaneously

  • The access lists that are defined in the BMP targets group protect the entire BMP service and apply to all the connections defined with the above options.

BMP options

By default, BMP only sends messages about the states of the BGP sessions present on the Virtual Service Router. Sending RIB information and statistics is optional.

RIB information

RIB information can be enabled per address family (e.g. ipv4 unicast). Two levels of RIB information can be selected:

  • pre-policy allows sending the information from an ADJ-RIB-IN, which contains all the routes received from the peers before the incoming policy filters are applied.

  • post-policy allows sending the RIB information after the incoming policy filters are applied.

The following configuration permits sending the ADJ-RIB-IN information to the collector. soft-reconfiguration-inbound option must be enabled to benefit from the ADJ-RIB-IN availability from 10.125.0.2.

vsr running config# vrf main
vsr running vrf main# routing bgp
vsr running bgp# neighbor 10.125.0.2 remote-as 65500
vsr running bgp# neighbor 10.125.0.2 address-family ipv4-unicast soft-reconfiguration-inbound true
vsr running bgp# bmp targets group1
vsr running targets group1# monitor ipv4 unicast pre-policy
vsr running targets group1#

BGP updates are buffered before being sent to the collector. By default, redundant BGP updates, in case of prefix flapping, are summed up to unique messages, in order to save resources on the collector. The mirror option allows dumping all update messages to the collector. In this way, the collector has the full update history, which could be useful to detect update flappings or to debug update issues.

vsr running config# vrf main
vsr running vrf main# routing bgp
vsr running bgp# bmp targets group1
vsr running targets group1# mirror true

Note

BMP mirror options dump all BGP messages except Open messages.

Statistics

BMP can optionally transmit periodic statistics about BGP sessions. The supported counters are the following:

  • number of prefixes rejected

  • number of duplicate prefix withdrawals

  • number of prefixes received with a loop in cluster id.

  • number of prefixes received with a loop in the AS-PATH

  • number of prefixes received with a loop in the originator

  • number of “treat as withdrawal” updates, as per RFC 7606.

To enable the transmission of statistics to the collector every minute, use the following configuration command:

vsr running config# vrf main
vsr running vrf main# routing bgp
vsr running bgp# bmp targets group1
vsr running targets group1# stats-interval 60000
vsr running targets group1#

Configuration sample

The below configuration gives a full configuration example of a BMP configuration:

vsr running config# vrf main
vsr running vrf main# interface loopback loop1 ipv4 address 1.1.1.1/32
vsr running vrf main# routing bgp
vsr running vrf main#! as 65500
vsr running bgp# neighbor 10.125.0.2 remote-as 65500
vsr running bgp# neighbor 10.125.0.2 address-family ipv4-unicast soft-reconfiguration-inbound true
vsr running bgp# neighbor 10.125.0.2 address-family ipv4-vpn enabled true
vsr running bgp# neighbor 10.125.0.2 address-family ipv4-vpn soft-reconfiguration-inbound true
vsr running bgp# bmp targets group1
vsr running targets group1# connect 100.0.0.1 20000 source-interface loop1
vsr running targets group1# connect 110.0.0.1 20000 min-retry 20000 max-retry 300000
vsr running targets group1# mirror true
vsr running targets group1# monitor ipv4 unicast post-policy
vsr running targets group1# monitor ipv4 unicast pre-policy
vsr running targets group1# monitor ipv4 vpn post-policy
vsr running targets group1# monitor ipv4 vpn pre-policy
vsr running targets group1#

Troubleshooting

To see the active collector connections and their statistics, use the show bgp bmp command.

vsr running config# show bgp bmp
Route mirroring          0 messages (0 bytes) pending
                       130 bytes maximum buffer used


Targets router:
  Connections state:
client          state      timer    source-ip
======          =====      =====    =========
100.0.0.1:20000 up         00:04:54 1.1.1.1
110.0.0.1:20000 retry-wait 00:00:30

  Clients statistics:
client          uptime   monitor sent mirror sent mirror lost byte sent byte queue byte kernel queue
======          ======   ============ =========== =========== ========= ========== =================
100.0.0.1:20000 00:04:54            6           5           0      1187          0                 0