[c-nsp] Monitoring some minimal prefix count from specific eBGP neighbor

Bruce Pinsky bep at whack.org
Fri Aug 12 03:33:08 EDT 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Andris Zarins wrote:
> Hi,
> 
>  
> 
> I'm tryin to figure out a way how to monitore if some specific eBGP
> neighbor is announcing some minimal prefix count.
> 
>  
> 
> Generally - task is pretty obvious - we have several (3) upstream
> providers, and we run a full-BGP with each of them. For several times we
> have run into situation, when some of those peers, who should advertise
> us fullBGP, advertise only some small subset of prefixes
> (misconfiguration at upstream side etc), so even if eBGP session stays
> UP, we are receiving some or maybe even none prefixes, so in reality -
> no traffic is passing that way and we could say that peer is dead. 
> 
>  
> 
> If task would be to monitor if prefix count is not exceeded (maximum) -
> everything would be simple, configure max-prefix-count for some peer,
> and if its exceeded - SNMP trap is generated and we can monitor that.
> Same way we can monitor if some BGP peers lay down, there are also SNMP
> traps in that case. But I can't think of a way how to monitor if
> neighbor is advertising, for example, some 10000 prefixes (if number is
> less than 10k - this should be considered as violation of some kind and
> we should get some trap or something like that). 
> 
>  
> 
> Any ideas or solutions would be greatly appreciated :-)
> 

Have you looked at the CISCO-BGP4-MIB mib?  The cbgpPeerTable has the
following info in each cbgpPeerEntry:


    cbgpPeerPrefixAccepted Counter,
    cbgpPeerPrefixDenied Counter,
    cbgpPeerPrefixLimit Gauge,
    cbgpPeerPrefixAdvertised Counter,
    cbgpPeerPrefixSuppressed Counter,
    cbgpPeerPrefixWithdrawn Counter,
    cbgpPeerLastErrorTxt SnmpAdminString,
    cbgpPeerPrevState INTEGER

Based on the description, the cbgpPeerPrefixAccepted attribute is likely
what you want:

	"Number of Route prefixes received on this connnection,
         which are accepted after applying filters. Possible
         filters are route maps, prefix lists, distributed
         lists, etc."

Should be a simple TCL script to collect the info via SNMP and generate an
alert or syslog message if it is below a specific value.

- --
=========
bep

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFC/FC0E1XcgMgrtyYRAnruAJ9PTnYzTTTq8ZALJJ3/8yMInDxQeQCg2Nrb
Nn7qtd5L4XWdTZnCOHJBQfY=
=xPe1
-----END PGP SIGNATURE-----

More information about the cisco-nsp mailing list