Watching syslog for bgp log-neighbor-changes may be a good idea as well
though it would not have helped in this case either. You're right the
problem lies in intelligence for determining what is a sane number. A smart
tool/script for monitoring rate of change in updates with a variable
threshold would be quite handy.
It's kind of hard to complain that you're getting too few routes though - in
many instances this would be cause for celebration ;). In this case it was
TOO few.
-- steve
-----Original Message-----
From: Hank Nussbacher [mailto:hank@att.net.il]
Sent: Tuesday, July 03, 2001 1:33 AM
To: Stephen Gill; 'Philip Smith'; cisco-nsp@puck.nether.net
Subject: RE: [nsp] Monitoring BGP routes...
At 00:16 03/07/01 -0500, Stephen Gill wrote:
>Depending on the need this will certainly do the trick quite easily.
This doesn't help Alan who seems to have gone from getting 100K prefixes to
1 default prefix.
-Hank
>-- steve
>
>-----Original Message-----
>From: Philip Smith [mailto:pfs@cisco.com]
>Sent: Tuesday, July 03, 2001 12:05 AM
>To: cisco-nsp@puck.nether.net
>Subject: Re: [nsp] Monitoring BGP routes...
>
>
>bgp neighbor max-prefix makes this a lot easier to do now. As soon as you
>go over 75% of the threshold set, the router sends messages to syslog. And
>it will optionally tear the peering down once you hit the threshold you
>set. I know a lot of folks monitor syslog for strange events, so adding a
>monitor for the BGP threshold would be easy enough to do. Better than cron
>logging into the router every 5/15/60 minutes...
>
>philip
>--
>
>At 08:52 03/07/2001 +0530, R S Mani wrote:
> >Hi! Alan
> >
> >You can write a simple script to scan for "sh ip bgp summ".
> >and take out the number of prefixes sent by the per.. You can then apply
> >your filtering rules so that it generates an alarm..
> >
> >Iyer
> >----- Original Message -----
> >From: "Alan Halachmi" <alan@halachmi.net>
> >To: <cisco-nsp@puck.nether.net>
> >Sent: Tuesday, July 03, 2001 12:10 AM
> >Subject: [nsp] Monitoring BGP routes...
> >
> >
> > > Greetings!
> > >
> > > Can anyone recommend a program that checks to ensure that a BGP
> > > peer is sending a sane number of BGP routes? I use rtrmon to check
for
> >BGP
> > > sessions, just my ISP unintentionally change me from a full-route
> >connection
> > > to a default-route-only and it would have been nice to have gotten
> > > notification that I only had 1 route against that peer.
> > >
> > > TIA!
> > > Alan
> > >
> > > --
> > > Alan Halachmi
> > > Wide Area Network Specialist
> > > Ingram Entertainment Network Services
> > > mailto:alan@halachmi.net
> > > http://www.ingramentertainment.com
> > >
> > >
>
>_________________________________________________________
>Do You Yahoo!?
>Get your free @yahoo.com address at http://mail.yahoo.com
_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:43 EDT