In recent years, the concepts of Artificial Intelligence (AI) and Machine Learning (ML)...
BGP Monitoring Protocol and the BMP collectors implementation open-source project
BMP represents an automated approach to this challenge. BMP client (monitored router) typically peers with several BGP speaking routers (BGP peers). The BMP client establishes a monitoring session to one or more BMP collectors (monitoring stations). The client encapsulates BGP messages from one or more BGP peers into a single TCP stream to one or more BMP collectors. BMP collectors store data in a database thus automated programs or scripts can access the database and process this data.
BMP provides an ongoing access to the Adjacent Routing Information Base – Incoming (Adj-RIBs-In) of the BMP client. The Adj-RIBs-In stores unprocessed routing information received from BGP peers. Network operator then has the unedited access to the routing information sent from BGP peers to the BMP client. BMP also provides a periodic dump of statistics that can be used for further analysis.
As previously mentioned, BMP operates over TCP. When a TCP connection is established, BMP messages are being sent from the BMP client to a BMP collector. No BMP message is ever sent from the collector to the client. BMP uses several types of messages. First, a BMP client sends an Initiation message to the collector. This message informs the collector about the hostname and the system software info of the BMP client. Subsequently the client sends a Peer Up message over the BMP session for each of monitored BGP peers that is in the Established state. The contents of its Adj-RIBs-In is sent via Route Monitoring message. Once all routes for a particular peer are sent, the client sends End-of-RIB message. When the client sends End-of-RIB for all of its BGP peers, the initial dump of the table is completed.
The client sends Route Monitoring message for every update received from a BGP peer. However, the Route Monitoring message now contains only incremental updates, the initial dump of Adj-RIBs-In is done only once.
The BMP client sends periodic Stats Reports (SR) messages to the collector or sending can be triggered by a particular event. The example of the SR message (Type 0) is the counter – number of prefixes rejected by the inbound policy. If any of the new monitored BGP peers transits out of the Established state, the client sends the Peer Down message indicating that a peer session was terminated. When the client wants to close a TCP session, it may send Termination message to the monitoring station prior to closing a session.
There are several open-source projects for the implementation of BMP collectors. The most known open-source project is OpenBMP. It is a BMP collector that makes parsed and RAW BMP data available for other application. Data is forwarded to Apache Kafka that is a producer of BMP parsed data for customers (e.g. MySQL or MongoDB) . For the purpose of demonstration we have installed OpenBMP package, Kafka and MySQL database on Linux Ubuntu 14.04 Server. The OpenBMP is connected to a single topology consisting of routers ISP1 and ISP2. The ISP1 router is a BGP peer with ISP2. Our goal is to monitor both routers with ISP2 configured as BMP client.
Picture 1 – Network Topology With Two Cisco Routers and OpenBMP
The BMP server 1 is configured under BGP configuration of the router ISP2. There might be up to eight BMP servers configured. Each BMP server is specified by the IP address and the port number. Our OpenBMP collector is listening on the IP address 198.51.100.3, TCP port 5000. To initiate connection to the BMP server, the command activate must be issued. The last command in the output activates BMP monitoring for a BGP peer 198.51.100.1 (ISP1 router).
router bgp 64502
bmp server 1
address 198.51.100.3 port-number 5000
update-source GigabitEthernet1
activate
exit-bmp-server-mode
!
bmp buffer-size 100
bgp log-neighbor-changes
neighbor 198.51.100.1 remote-as 64501
neighbor 198.51.100.1 bmp-activate server 1
For the sake of completeness we also provide BGP configuration of the ISP1 router.
router bgp 64501
bgp log-neighbor-changes
network 8.8.8.0 mask 255.255.255.0
network 9.9.9.0 mask 255.255.255.0
neighbor 198.51.100.2 remote-as 64502
neighbor 198.51.100.2 fall-over bfd
Verifying BGP Monitoring Protocol on Cisco Router with Show Commands
To show BGP BMP server summary information issue the command below. The status of connection to BMP server is down because we have not yet started Ubuntu with the OpenBMP collector.
Number of BMP servers configured: 1
Number of BMP neighbors configured: 1
Number of neighbors on TransitionQ: 0, MonitoringQ: 0, ConfigQ: 1
Number of BMP servers on StatsQ: 0
BMP Refresh not in progress, refresh not scheduled
Initial Refresh Delay not configured
BMP buffer size configured, buffer size 100 MB, buffer size bytes used 0 MB
ID Host/Net Port TCB Status Uptime MsgSent LastStat
1 198.51.100.3 5000 0x0 Down 0
Once the Ubuntu boots up, connection to BMP server comes up and the notification message BGP-5-BMP_ADJCHANGE is displayed on the router console. The status is changed to UP state.
To show summary of BGP BMP neighbor status, issue the command below. The neighbor 198.51.100.1 is monitored by the configured BMP server 1 and the server is active.
Number of BMP neighbors configured: 1
BMP Refresh not in progress, refresh not scheduled
Initial Refresh Delay not configured
BMP buffer size configured, buffer size 100 MB, buffer size bytes used 0 MB
Neighbor PriQ MsgQ CfgSvr# ActSvr# RM Sent
198.51.100.1 0 0 1 1 3
Queering MySQL Database Using CLI MySQL Client
To connect to the MySQL server we need to provide a MySQL username, the password and the name of the database (openBMP).
mysql>
To check the available tables of the openBMP database, issue the command below.
mysql> show tables;
+------------------------------+
| Tables_in_openBMP |
+------------------------------+
| as_path_analysis |
| bgp_nexthop |
| bgp_peers |
| collectors |
| community_analysis |
| gen_asn_stats |
| gen_prefix_validation |
| gen_whois_asn |
| gen_whois_route |
| geo_ip |
| geo_location |
| l3vpn_log |
| l3vpn_rib |
| ls_links |
| ls_nodes |
| ls_prefixes |
| path_attr_log |
| path_attrs |
| peer_down_events |
| peer_up_events |
| prefix_aspath |
| rib |
| routers |
| rpki_validator |
| stat_reports |
| unicast_rib_lookup |
| users |
| v_all_routes |
| v_geo_ip |
| v_l3vpn_routes |
| v_ls_links |
| v_ls_nodes |
| v_ls_prefixes |
| v_peer_prefix_report |
| v_peer_prefix_report_last |
| v_peer_prefix_report_last_id |
| v_peers |
| v_routes |
| v_routes_history |
| v_routes_withdraws |
| withdrawn_log |
+------------------------------+
To gather information about BMP clients we query the routers table.
mysql> select hash_id,ip_address,timestamp,isConnected from routers;
+----------------------------------+--------------+----------------------------+-------------+
| hash_id | ip_address | timestamp | isConnected |
+----------------------------------+--------------+----------------------------+-------------+
| bef88069464a5c04534932d666a41fa7 | 198.51.100.2 | 2017-07-05 21:45:13.259510 | 1 |
+----------------------------------+--------------+----------------------------+-------------+
To gather information about prefixes we query the rib table. Prefixes 9.9.9.0/24 and 8.8.8.0/24 are configured using a network command under BGP configuration on the router ISP1.
mysql> select hash_id,origin_as,prefix,prefix_len,isWithdrawn,isAdjRibIn,isPrePolicy from rib;
+----------------------------------+-----------+---------+------------+-------------+------------+-------------+
| hash_id | origin_as | prefix | prefix_len | isWithdrawn | isAdjRibIn | isPrePolicy |
+----------------------------------+-----------+---------+------------+-------------+------------+-------------+
| 2a12a2bff63264368ec390b8646a9442 | 64501 | 9.9.9.0 | 24 | | 1 | 1 |
| 357a7fc58df350f1bb5f3cf4f250394a | 64501 | 8.8.8.0 | 24 | | 1 | 1 |
+----------------------------------+-----------+---------+------------+-------------+------------+-------------+
Lets’s stop announcing the prefix 8.8.8.0/24 on the router ISP1 issuing no network 8.8.8.0 mask 255.255.255.0 command and query the withdrawn_log table. Notice that the prefix 8.8.8.0/24 was withdrawned 3 times in total.
mysql> select peer_hash_id,prefix,prefix_len,timestamp,id from withdrawn_log where prefix = ‘8.8.8.0’;
+----------------------------------+---------+------------+----------------------------+----+
| peer_hash_id | prefix | prefix_len | timestamp | id |
+----------------------------------+---------+------------+----------------------------+----+
| 0b15f6b72ea484e37ffdb713ceefc895 | 8.8.8.0 | 24 | 2017-07-04 07:55:20.390314 | 1 |
| 0b15f6b72ea484e37ffdb713ceefc895 | 8.8.8.0 | 24 | 2017-07-06 01:21:49.838500 | 2 |
| 0b15f6b72ea484e37ffdb713ceefc895 | 8.8.8.0 | 24 | 2017-07-06 01:26:43.109571 | 3 |
+----------------------------------+---------+------------+----------------------------+----+
Conclusion
BGP Monitoring Protocol offers an excellent view on data received from BGP peers before they are processed. A monitoring station has no need of peering with BGP speaking routers as is the case with using Looking Glasses servers. Also, the configuration is fairly simple on the client side. OpenBMP seems to be a mature project licensed under the business-friendly Eclipse Public License. All these factors create good conditions for massive use of BMP in the near future.
Boost BGP Performance
Automate BGP Routing optimization with Noction IRP
SUBSCRIBE TO NEWSLETTER
You May Also Like
When Critical Infrastructure is Vulnerable: Rethinking Network Resilience
Recent disruptions to two undersea internet cables in the Baltic Sea have yet again highlighted a pressing issue for...
From Idle to Established: BGP states, BGP ports and TCP interactions
Understanding BGP states is essential to grasp how BGP operates. Similar to interior gateway protocols (IGPs) like...
ACK and NACK in Networking
In networking, communication between devices relies on the efficient exchange of data packets. Among the essential...