Re: [nsp] Monitoring BGP routes...

From: R.P. Aditya (lists@lists.grot.org)
Date: Mon Jul 02 2001 - 15:24:14 EDT


Unfortunately, there isn't a RFC specified SNMP OID nor a Cisco specific one
(that I know of) which you can query for a simple count of currently heard
prefixes from a particular peer.

The only "clean" SNMP way I can think of to get a current count of prefixes
from a peer is to count while iterating through all the bgp4 prefixes.
Needless to say, you don't want to do that.

You can monitor "unusual" activity on a per peer basis by monitoring the
following counters:

    bgpPeerInUpdates
    bgpPeerOutUpdates
    bgpPeerInTotalMessages
    bgpPeerOutTotalMessages

and trigger an alarm if you see activity higher than some threshold of
updates.

The easiest way (that I can think of) of monitoring the number of BGP prefixes
from a Cisco is to periodically dump and parse the output of the last column
of "sh ip bgp sum".

Adi
 

On Mon, Jul 02, 2001 at 02:51:30PM -0400, Jared Mauch wrote:
> I believe there is a snmp-oid that one can query to get
> the number of prefixes that you are getting from a bgp peer.
>
> if one uses that you can generate a snmp query that validates
> that it is a sane number of prefixes. you could also use that to
> validate that they're not leaking you a lot more routes than
> the previous day. (ie: let them be within 5 or 10% but e-mail/page
> you if it goes outside this, too low or too high).
>
> If someone has this oid can you please post it? Thanks.
>
> - Jared
>
> On Mon, Jul 02, 2001 at 02:40:35PM -0400, Alan Halachmi wrote:
> > Greetings!
> >
> > Can anyone recommend a program that checks to ensure that a BGP
> > peer is sending a sane number of BGP routes? I use rtrmon to check for BGP
> > sessions, just my ISP unintentionally change me from a full-route connection
> > to a default-route-only and it would have been nice to have gotten
> > notification that I only had 1 route against that peer.
> >
> > TIA!
> > Alan
> >
> > --
> > Alan Halachmi
> > Wide Area Network Specialist
> > Ingram Entertainment Network Services
> > mailto:alan@halachmi.net
> > http://www.ingramentertainment.com
> >
>
> --
> Jared Mauch | pgp key available via finger from jared@puck.nether.net
> clue++; | http://puck.nether.net/~jared/ My statements are only mine.
>



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:43 EDT