05-30-2024 11:37 PM
How to monitor eBGP between Cisco ISR4431/K9 and ISP PE (Indirect Monitoring )
05-30-2024 11:46 PM
what you meaning monitor ? can you elaborate
MHM
05-31-2024 12:13 AM
I being a customer, only have access to CPE router and want to setup a mechanism to monitor the ISP link down status (BGP peer down) without making any config change to the ISP CPE & ISP PE.
NOTE: ISP CPE router that you can see in attached diagram is at the customer premises only (with no access to me ) and establish eBGP with CPE router .
Although i have access to DC gateway router where ISP link terminates.
05-31-2024 12:17 AM
05-31-2024 12:56 AM
Below without need ot eem' ip sla status send as log to syslog
snmp-server enable traps rtr
snmp-server enable traps syslog
ip sla monitor logging traps
05-31-2024 12:01 AM
You can do different ways - if you looking to see is the eBGP session up and down ?
1. you can generate SNMP Trap to syslog server
2. you can use EEM Script to generate Trap and email
Above mentioned steps (if you have access to the routers and you able to get BGP information.
If you do not have any control and you have only end device access where the routers are populated, then you need to Monitor routing table using EEM Script if the routes are with draw then send alerts.
you have access to DC Router - what IGP/EGP you running between ISP and Your Router ?
05-31-2024 12:32 AM
we don't have access to the ISP CPE and PE routers .
you have access to DC Router - what IGP/EGP you running between ISP and Your Router ? Ans : eBGP
Can you share EEM Script sample for this solution and how we can send this log to monitoring tool like Splunk.
05-31-2024 12:18 PM - edited 05-31-2024 12:20 PM
Can you share EEM Script sample for this solution and how we can send this log to monitoring tool like Splunk.
happy to help you, if you can send me confguration bit, what you know eBGP between you and provider, and also when it go down what Logs you see (anytime before ?)
we can provide example to test it (may be you can not simulate, but when it occurs the script will trigger.
Note : when we asked configuration remove any confidential information before posting.
some of the example EEM applet like to pursue :
example EEM : (you can look h
router bgp 555555
bgp log-neighbor-changes
event manager environment _email_to user.bb.com
event manager environment _email_server smtp.bb.com
event manager environment _email_from Router@bb.com
event manager applet BGP-Alert
event syslog pattern "%BGP-5-ADJCHANGE:*"
action 1.0 mail server "$_email_server" to "$_email_to" from "$_email_from" subject "$_event_pub_time:" body "$_syslog_msg"
action 1.5 syslog priority notifications msg "BGP Message - Mail Sent"
If the Router is reachable to Splunk:
logging host x.x.x.x (splunk IP) - so splunk can alert you also from splunk alerting system when the BGP go down.
SNMP Trap :
snmp-server enable traps bgp [state-changes {[all] [backward-trans] [limited]}] | [threshold prefix]
05-31-2024 07:46 PM
Hi Balaji,
As you know we don't have access to ISP CPE and ISP PE .
only option is to run EEM script on our ISR4331 CPE that when ever it see BGP prefix count is getting less ( due to BGP down between ISP CPE &PE)
our router generate syslog that prefix count are reduced .
can you please correct my below script
Wool(config )# event manager trap prefix_down
event community SNMP
event manager applet prefix_down_applet
!
event manager applet prefix_down_applet
event prefix down 1>>>>>GNS software not taking this command
action syslog msg "BGP prefix down detected!"
event syslog pattern "BGP prefix down detected!"
06-01-2024 12:51 AM
you have access to DC Router - what IGP/EGP you running between ISP and Your Router ? Ans : eBGP
how is your configuration looks like, and what prefix you are able to see on the router, if the provider offering only default route, then you need to rely on different method.
what is the use case here - based on this drill ?
05-31-2024 07:53 PM
We use SNMP to monitor the amount of BGP advertisements.
If the BGP advertisements fall to a certain threshold, the SNMP service will send relevant parties an email.
The SNMP service can be configured to either send an email or send a message into whatever instant messaging (IM) software we choose.
05-31-2024 07:56 PM
Hi Leo,
do ne need some script for SNMP or just some commands ?
please share with me , thanks in advance .
05-31-2024 08:25 PM
No, our SNMP will ping-n-poll the relevant OID for the BGP prefixes.
All we have to do is configure the thresholds (whether it is dropping or rising) and then configure the action (email, chat, mute, etc).
(And I do not provide assistance to DMs!)
05-31-2024 08:30 PM
but we don't have access to ISP CE to PE hence above solution will not work .
our router is making EBGP with ISP CPE(in our server room)
05-31-2024 11:27 PM
I think it is not possible to monitor the BGP advertisements from ISP CE to ISP PE without the explicit approval of the ISP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide