cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

BGP Neighbor FSM state monitoring

BGP Neighbor FSM state monitoring

Frank
Contributor
How do I log/monitor my BGP neighbor's FSM states?

If I do a "show bgp neighbor x.x.x.x", I can see the FSM state (up since, down since, etc), but a change in states doesn't make it to the logs - or at least not by default.

I just found out that that's somewhat important for me to know - we lost one of our provider's Internet connection, but the port was still up, and other than the "zero traffic" there was no indication that they were down - and of course the FSM state from "sh bgp neigh".

It would be great if I could log those (for "documentation reasons", i.e. leverage in talks with the providers), and awesome if I could SNMP query them or send traps for monitoring.

Thanks for all the help!
5 REPLIES 5

Frank
Contributor
Ah, I see! The second one I came up with as well, the first one I didn't know about and will add šŸ™‚

Took me a while to understand the difference between "sh log" and what I get in my syslog. Implicit log targets/filters only visible with "sh conf ems DETAIL" (and PDF user guide links to non-existent sections)

Thanks for the help - now on to seeing if there's an SNMP query or trap I can send to or check from our monitoring platform!

McClane
Extreme Employee
Frank, I've added the following to my EMS config:

configure log filter DefaultFilter add events BGP.NeighborMgr.PeerEstTrans
configure log filter DefaultFilter add events BGP.NeighborMgr.PeerFSMDegrade

These gives me peer state change info in the logs which I think is what you're looking for...

Hernandez__Josh
Extreme Employee
Frank,

Check the BGP log events that are included by using the following command

show log counters bgp

This will show bgp events and if they are included. Look through them and if you see any you would like to add to the existing filter use the following command:

configure log filter "DefaultFilter" add events severity

Frank
Contributor
I do seem to get some BGP warnings, like:
04/30/2015 19:54:14.49 [VR 0x00000002] The number of prefixes from a peer has reached the warning threshold.

(which yes, it's a relatively low default threshold of 375,000)

This is what I have:

# sh log configuration filter "DefaultFilter"
Log Filter Name: DefaultFilter
I/ Severity
E Component SubComponent Condition CEWNISVD
- ----------- ------------ ----------------------- --------
I All ********

Include/Exclude: I - Include, E - Exclude
Component Unreg: * - Component/SubComponent is not currently registered
Severity Values: C - Critical, E - Error, W - Warning, N - Notice, I - Info
* - Pre-assigned severities in effect for specified component
Debug Severity : S - Debug-Summary, V - Debug-Verbose, D - Debug-Data
+ - Debug Severities, but log debug-mode not enabled
If Match parameters present:
Parameter Flags: S - Source, D - Destination, (as applicable)
I - Ingress, E - Egress, B - BGP
Parameter Types: Port - Physical Port list, Slot - Physical Slot #
MAC - MAC address, IP - IP Address/netmask, Mask - Netmask
VID - Virtual LAN ID (tag), VLAN - Virtual LAN name
VR - Virtual Router Name, VRID - VR Identifier
VRF - Virtual Routing and Forwarding Name
L4 - Layer-4 Port #, Num - Number, Str - String
Nbr - Neighbor, Rtr - Routerid, EAPS - EAPS Domain
Proc - Process Name
Strict Match : Y - every match parameter entered must be present in the event
N - match parameters need not be present in the event
GTM-P2G8KFN