[c-nsp] How to monitor BGP sessions

Justin M. Streiner streiner at cluebyfour.org
Tue Apr 17 12:02:54 EDT 2007 

On Tue, 17 Apr 2007, chiel wrote:

> I was wondering how you guys monitor your BGP sessions. Do you use snmp 
> traps or do you poll the router with a snmp get (if thats posible)?
> I ask this because I want don't want to get notified if one bgp goes 
> down. But I would like to know if a important bgp session goes 
> down/flapping.

The two main alert paths would be SNMP notifies/traps and syslog messages. 
I believe you can poll for the status of a given BGP session on a router, 
but it's better to have those alerts come from the router into your net 
management / event handling / monitoring system and write rules for 
determining if a BGP session is flapping, i.e. if $session on $router 
sends more than some number of up/down messages within a specific period 
of time, $session is to be considered unstable and take the appropriate 
action (send an email, page an engineer, etc...).  Many modern NMS 
packages have the intelligence to do this already.

> So I would like to see something like this:
> All bgp sessions: snmp-traps
> Important bgp sessions: snmp-trap & snmp get

An external system (NMS, etc) would need to determine what "important", 
"flap", etc mean, based on rules provided by you.  If you use BGP flap 
damping on your routers, ou may also want to keep a count on each router 
of the number of damped prefixes.

> My questions is, what do you use for monitoring bgp? And is it posible 
> to send a snmp get to a cisco device specifying only one bgp session to 
> get the status for that? and what is the MIB for that?

I believe it is possible to get BGP session information from a router via 
SNMP, but I don't have the MIBs in front of me at the moment to take a 
look.

Depending on what you use for network management (if anything), many 
packages include tools for browsing the MIBs you have loaded into the 
system.

Cisco packages all of theirs in a set of compressed tar files.  They 
also provide schema files which are useful for finding the OID string 
you may need to poll for a specific thing.  If you use unix/linux, 
unraveling those tar files into a set of directories grepping 
for terms like "BGP" or "Bgp" (case is important).  Cisco also has a MIB 
browser tool on their website that might be useful for you.

jms

More information about the cisco-nsp mailing list