BGP Session Monitoring tool

This BGP security monitor checks if a BGP-Session to a peering partner (peer-ip) is functional. To monitor the BGP-Session the RFC1269 SNMP MIB that contains the following OIDs is used:

  BGP_PEER_STATE_OID = .1.3.6.1.2.1.15.3.1.2.<peer-ip>
  BGP_PEER_ADMIN_STATE_OID = .1.3.6.1.2.1.15.3.1.3.<peer-ip>
  BGP_PEER_REMOTEAS_OID = .1.3.6.1.2.1.15.3.1.9.<peer-ip>
  BGP_PEER_LAST_ERROR_OID = .1.3.6.1.2.1.15.3.1.14.<peer-ip>
  BGP_PEER_FSM_EST_TIME_OID = .1.3.6.1.2.1.15.3.1.16.<peer-ip>

A SNMP get request for BGP_PEER_STATE_OID returns a result between 1 to 6. The servicestates for OpenNMS are mapped as follows:

  1 --> "Idle"        --> Servicestate DOWN
  2 --> "Connect"     --> Servicestate DOWN
  3 --> "Active"      --> Servicestate DOWN
  4 --> "OpenSent"    --> Servicestate DOWN
  5 --> "OpenConfirm" --> Servicestate DOWN
  6 --> "Established" --> Servicestate UP

To define the mapping I used the description from RFC1771 BGP Finite State Machine .

Detecting with Capsd

To detect the service you include a BgpSessionPlugin in your capsd configuration ( $OPENNMS_HOME/capsd-configuration.xml), for example:

  <protocol-plugin protocol="BGP-Peer-99.99.99.99-AS65423" class-
          name="org.opennms.netmgt.capsd.plugins.BgpSessionPlugin" scan="on">
      <property key="timeout" value="2000" />
      <property key="retry" value="1" />
      <property key="bgpPeerIp" value="99.99.99.99" />
  </protocol-plugin>

The service will be discovered for every router which returns a value between 1 and 6 for the BGP_PEER_STATE_OID. You can rename the service as desired, its just an example. Be sure your capsd-protocol and your poller-monitor have the same name and your name has not more then 32 characters.

Monitoring with Pollerd

To monitor the session state "Established" it is necessary to add a service to your poller configuration in $OPENNMS_HOME/etc/poller-configuration.xml, for example:

  <!-- Example configuration poller-configuration.xml -->
  <service name="BGP-Peer-99.99.99.99-AS65423" interval="300000"
          user-defined="false" status="on">
      <parameter key="retry" value="2" />
      <parameter key="timeout" value="3000" />
      <parameter key="port" value="161" />
      <parameter key="bgpPeerIp" value="99.99.99.99" />
  </service>
  <monitor service="BGP-Peer-99.99.99.99-AS65423" class-name="org.opennms.netmgt.poller.monitors.BgpSessionMonitor" />

Errorcode Mapping

The BGP_PEER_LAST_ERROR_OID gives an HEX-Errorcode. To make it human readable I have implemented the following codemapping table:

  0100 --> Message Header Error
  0101 --> Message Header Error - Connection Not Synchronized
  0102 --> Message Header Error - Bad Message Length
  0103 --> Message Header Error - Bad Message Type
  0200 --> OPEN Message Error
  0201 --> OPEN Message Error - Unsupported Version Number
  0202 --> OPEN Message Error - Bad Peer AS
  0203 --> OPEN Message Error - Bad BGP Identifier
  0204 --> OPEN Message Error - Unsupported Optional Parameter
  0205 --> OPEN Message Error (deprecated)
  0206 --> OPEN Message Error - Unacceptable Hold Time
  0300 --> UPDATE Message Error
  0301 --> UPDATE Message Error - Malformed Attribute List
  0302 --> UPDATE Message Error - Unrecognized Well-known Attribute
  0303 --> UPDATE Message Error - Missing Well-known Attribute
  0304 --> UPDATE Message Error - Attribute Flags Error
  0305 --> UPDATE Message Error - Attribute Length Error
  0306 --> UPDATE Message Error - Invalid ORIGIN Attribute
  0307 --> UPDATE Message Error (deprecated)
  0308 --> UPDATE Message Error - Invalid NEXT_HOP Attribute
  0309 --> UPDATE Message Error - Optional Attribute Error
  030A --> UPDATE Message Error - Invalid Network Field
  030B --> UPDATE Message Error - Malformed AS_PATH
  0400 --> Hold Timer Expired
  0500 --> Finite State Machine Error
  0600 --> Cease
  0601 --> Cease - Maximum Number of Prefixes Reached
  0602 --> Cease - Administrative Shutdown
  0603 --> Cease - Peer De-configured
  0604 --> Cease - Administrative Reset
  0605 --> Cease - Connection Rejected
  0606 --> Cease - Other Configuration Change
  0607 --> Cease - Connection Collision Resolution
  0608 --> Cease - Out of Resources

Instead of HEX-Code the errormessage will be displayed in the servicedown logmessage.To give some additional informations the logmessage contains also

  • BGP-Peer Adminstate
  • BGP-Peer Remote AS
  • BGP-Peer established time in seconds

Debugging

If you have problems to detect or monitor the BGP Session you can use the following command to figure out where the problem come from.

snmpwalk -v 2c -c <myCommunity> <myRouter2Monitor> .1.3.6.1.2.1.15.3.1.2.99.99.99.99

Replace 99.99.99.99 with your BGP-Peer IP. The result should be an Integer between 1 and 6

ToDo

Create JUnit tests for the BgpSessionPlugin and BgpSessionMonitor.