BGP Neighbor FSM state monitoring


Userlevel 5
How do I log/monitor my BGP neighbor's FSM states?

If I do a "show bgp neighbor x.x.x.x", I can see the FSM state (up since, down since, etc), but a change in states doesn't make it to the logs - or at least not by default.

I just found out that that's somewhat important for me to know - we lost one of our provider's Internet connection, but the port was still up, and other than the "zero traffic" there was no indication that they were down - and of course the FSM state from "sh bgp neigh".

It would be great if I could log those (for "documentation reasons", i.e. leverage in talks with the providers), and awesome if I could SNMP query them or send traps for monitoring.

Thanks for all the help!

6 replies

Userlevel 5
Ah, I see! The second one I came up with as well, the first one I didn't know about and will add 🙂

Took me a while to understand the difference between "sh log" and what I get in my syslog. Implicit log targets/filters only visible with "sh conf ems DETAIL" (and PDF user guide links to non-existent sections)

Thanks for the help - now on to seeing if there's an SNMP query or trap I can send to or check from our monitoring platform!
Userlevel 2
Frank, I've added the following to my EMS config:

configure log filter DefaultFilter add events BGP.NeighborMgr.PeerEstTrans
configure log filter DefaultFilter add events BGP.NeighborMgr.PeerFSMDegrade

These gives me peer state change info in the logs which I think is what you're looking for...
Userlevel 4
Frank,

Check the BGP log events that are included by using the following command

show log counters bgp

This will show bgp events and if they are included. Look through them and if you see any you would like to add to the existing filter use the following command:

configure log filter "DefaultFilter" add events [b] severity
Userlevel 5
I do seem to get some BGP warnings, like:
04/30/2015 19:54:14.49 [VR 0x00000002] The number of prefixes from a peer has reached the warning threshold.

(which yes, it's a relatively low default threshold of 375,000)

This is what I have:

# sh log configuration filter "DefaultFilter"
Log Filter Name: DefaultFilter
I/ Severity
E Component SubComponent Condition CEWNISVD
- ----------- ------------ ----------------------- --------
I All ********

Include/Exclude: I - Include, E - Exclude
Component Unreg: * - Component/SubComponent is not currently registered
Severity Values: C - Critical, E - Error, W - Warning, N - Notice, I - Info
* - Pre-assigned severities in effect for specified component
Debug Severity : S - Debug-Summary, V - Debug-Verbose, D - Debug-Data
+ - Debug Severities, but log debug-mode not enabled
If Match parameters present:
Parameter Flags: S - Source, D - Destination, (as applicable)
I - Ingress, E - Egress, B - BGP
Parameter Types: Port - Physical Port list, Slot - Physical Slot #
MAC - MAC address, IP - IP Address/netmask, Mask - Netmask
VID - Virtual LAN ID (tag), VLAN - Virtual LAN name
VR - Virtual Router Name, VRID - VR Identifier
VRF - Virtual Routing and Forwarding Name
L4 - Layer-4 Port #, Num - Number, Str - String
Nbr - Neighbor, Rtr - Routerid, EAPS - EAPS Domain
Proc - Process Name
Strict Match : Y - every match parameter entered must be present in the event
N - match parameters need not be present in the event[/code]
Userlevel 5
Hmm - this is what I have:

sh log configuration filter "DefaultFilter" [/code]
Log Filter Name: DefaultFilter[/code]I/ Severity[/code]E Component SubComponent Condition CEWNISVD[/code]- ----------- ------------ ----------------------- --------[/code]I All ********[/code]
Include/Exclude: I - Include, E - Exclude[/code]Component Unreg: * - Component/SubComponent is not currently registered[/code]Severity Values: C - Critical, E - Error, W - Warning, N - Notice, I - Info[/code] * - Pre-assigned severities in effect for specified component[/code]Debug Severity : S - Debug-Summary, V - Debug-Verbose, D - Debug-Data[/code] + - Debug Severities, but log debug-mode not enabled[/code]If Match parameters present:[/code]Parameter Flags: S - Source, D - Destination, (as applicable)[/code] I - Ingress, E - Egress, B - BGP[/code]Parameter Types: Port - Physical Port list, Slot - Physical Slot #[/code] MAC - MAC address, IP - IP Address/netmask, Mask - Netmask[/code] VID - Virtual LAN ID (tag), VLAN - Virtual LAN name[/code] VR - Virtual Router Name, VRID - VR Identifier[/code] VRF - Virtual Routing and Forwarding Name[/code] L4 - Layer-4 Port #, Num - Number, Str - String[/code] Nbr - Neighbor, Rtr - Routerid, EAPS - EAPS Domain[/code] Proc - Process Name[/code]Strict Match : Y - every match parameter entered must be present in the event[/code] N - match parameters need not be present in the event[/code]
Userlevel 4
Frank,

If you are not getting any log messages relating to bgp can you run the following command and see if there is a filter dismissing these messages:

show log configuration filter

The filter name is usually "DefaultFilter" if it has not been changed. This will show any filters that have been setup and if all messages are included in the log display.

Reply