MIB and BGP peer (BGP4-MIB::bgpPeerRemoteAddr)

Similar Messages

• BGP Peer down monitoring through SNMP Traps

  Hello,
  I'm trying to figure out how I can monitor with BGP peer went down using SNMP traps or any other methods that are out there. Basically I would like to get a trap that tells me the IP address of the peer that went down.
  Looking over the SNMP MIBs for BGP all i can find is snmp traps that tell me there was a change in states in BGP, but don't say which neighbor.
  Is there any way to get such information? Would I have to use EEM with some script? This seems like a very common thing that people would want to know.
  Thank you in advance,
  Tom

  SNMP notifications can be configured on the router and GET operations can be performed from an external management station only after BGP SNMP support is enabled.
  SUMMARY STEPS
  1. enable
  2. configure terminal
  3. snmp-server enable traps bgp [state-changes {[all] [backward-trans] [limited]}] | [threshold prefix]
  4. exit

• Prefix-list; clear bgp peer-group Test soft in; no file prompt quiet

  Hello everyone,
  I have a few simple questions. Hope someone will help me   Thank you in advance.
  1) We are using prefix-set into route-maps, but how I can use a prefix-list?
  2) In classic IOS we have the command:  clear bgp peer-group Test soft in
  I don't see it in IOS-XR (Cisco IOS XR Software, Version 4.0.1):
  RP/0/RSP0/CPU0:STH02#clear bgp ipv4 unicast ?
    *                  Clear all peers and all routes from the BGP table
    A.B.C.D or X:X::X  BGP neighbor address to clear
    as                 Clear peers in a specific AS
    dampening          Clear route flap dampening information
    external           Clear all external peers
    flap-statistics    Clear flap statistics
    nexthop            Clear nexthop
    self-originated    Clear redistributed, network and aggregate routes originated here
    shutdown           Clear all peers which were shut down due to low memory
  3) In classic IOS we have the command: no file prompt quiet
  I don't see it in IOS-XR.  What is the command for IOS-XR?
  I need it for the operation like this:
  copy ftp://**:***@216.*.*.*/CUST_AS-TEST-in.prefixlist compactflash:/PrefixFilters/CUST_AS-TEST-in.prefixlist
  Wed Apr 18 12:02:00.936 UTC
  Destination filename [/compactflash:/PrefixFilters/CUST_AS-TEST-in.prefixlist]?  !!!!   I don't need this question
  Copy : Destination exists, overwrite ?[confirm]                                                   !!!!   I don't need this question
  Accessing ftp://*:*@216.*.*.*/CUST_AS-TEST-in.prefixlist
  C
  584 bytes copied in      0 sec
  Have a nice day,
  Dimitry

  Thank you Alexander for your reply. It is the good RPL description and I've got the idea of REFRESH capable peer.
  BUT, I still don't find the answer on my 3-d question:
  In classic IOS we have the command: no file prompt quiet
  I don't see it in IOS-XR.  What is the command for IOS-XR?
  I need it for the operation like this:
  copy ftp://**:***@216.*.*.*/CUST_AS-TEST-in.prefixlist compactflash:/PrefixFilters/CUST_AS-TEST-in.prefixlist
  Wed Apr 18 12:02:00.936 UTC
  Destination filename [/compactflash:/PrefixFilters/CUST_AS-TEST-in.prefixlist]?  !!!!   I don't need this question
  Copy : Destination exists, overwrite ?[confirm]                                                   !!!!   I don't need this question
  Accessing ftp://*:*@216.*.*.*/CUST_AS-TEST-in.prefixlist
  C
  584 bytes copied in      0 sec
  How can I suppress confirmations like this?
  Destination filename [/compactflash:/PrefixFilters/CUST_AS-TEST-in.prefixlist]?
  Copy : Destination exists, overwrite ?[confirm]
  Dimitry

• Delay redistribution Based on BGP Peer Status change

  Is there a mechanism that will allow me to delay the redistribution of routese from BGP>OSPF and OSPF>BGP until the BGP Peer has been established for a set period of time, say 15 minutes?  this would also need to account for a "flapping" peer and reset the timer

  I don't know why you're using multiple events here.  I was thinking:
  event manager environment q "
  event manager applet bgp-up
  event system pattern "BGP.*neighbor 10.0.0.114 Up"
  action 001 cli command "enable"
  action 002 cli command "config t"
  action 003 cli command "event manager applet bgp-up-timer"
  action 004 cli command "event timer countdown time 900"
  action 005 cli command "action 1.0 cli command enable"
  action 006 cli command "action 2.0 cli command $q config t$q"
  action 007 cli command "action 3.0 cli command $q router bgp 1$q"
  action 008 cli command "action 4.0 cli command $q redistribute ospf 1$q"
  action 009 cli command "action 5.0 cli command end"
  action 010 cli command "end"
  event manager applet bgp-down
  event syslog pattern "BGP.*neighbor 10.0.0.114 Down"
  action 1.0 cli command "enable"
  action 2.0 cli command "config t"
  action 3.0 cli command "no event manager applet bgp-up-timer"
  action 4.0 cli command "router bgp 1"
  action 5.0 cli command "no redistribute ospf 1"
  action 6.0 cli command "end"

• BGP Peer state on ASR1002

  Hi,
  Does anyone know what is the OID to check BGP peer state on ASR1002? I tried 1.3.6.1.2.1.15.3.1.2 but that doesn't work
  Thanks

  Hi Paul,
  I have 2 routers configured and directely connected with ISP using /29 address.
  ISP link -> switch -> vrrp address router (A/B)
  Master Router:
  interface GigabitEthernet0/1.A
   encapsulation dot1Q A
   ip address A.A.A.253 255.255.255.248
   ip nbar protocol-discovery
   ip flow ingress
   vrrp 200 ip A.A.A.250
   vrrp 200 timers advertise 1
   vrrp 200 preempt delay minimum 160
   vrrp 200 priority 150
   vrrp 200 authentication md5 key-string 7 **
  [ ]'s

• Question about network statement in OSPF and BGP

  The network statements in OSPF and BGP can be used to advertise networks. But I'm not clear under what circumstances would make more sense to use network statements to advertise a network than by using other methods to have the network learned by other routers.
  Here is an example: assume I'm running BGP on router A. I want to advertise network 10.1.1.0/24 to other BGP peers. I have a OSPF route for this network. I can do 2 things: one is to use "network 10.1.1.0 mask 255.255.255.0", the other is to do "redistribute OSPF ... route-map OSPF-INTO-BGP", and create a prefix list to permit 10.1.1.0/24.
  Both would work to have this network learned by other BGP peers. But which is better for what purpose?
  Thanks a lot
  Gary

  Hi Gary,
  There is one little difference between the use of the two approaches - the route injected into BGP by using a network statement will carry an Origin attribute of IGP, whereas the route injected using redistribution will have an Origin attribute of Incomplete. Now, that is not a huge issue since you can always change that whatever value you desire both with the use of the network statement and redistribution. The important thing, however, is that in the BGP best path selection process, the Origin attribute comparison is fairly high up and will prefer a route with the attribute of IGP.
  Apart from that, there is absolutely no difference between using the network statement and using redistribution with a route-map that matches exactly on the same route that you would have specified with the network statement.
  I guess one advantage of using the redistribute approach is that it does not clutter up the BGP config. If you wish to add more routes, you simply add them to the prefix list so that you don't really touch the BGP config portion at all..
  Hope that helps - pls do remember to rate posts that help.
  Paresh

• EIGRP and BGP

  when EIGRP and BGP is flapping.
  which portion should I check to find out
  if it is flapping because of high traffic or low quality access lines?
  which should config should I check?
  thanks a lot

  Following links may help you
  http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094613.shtml
  http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a008009478a.shtml

• Trying to shutdown GRE tunnels based on status of BGP peer

  has anyone tried to detect a eBGP peer failure and take action based on the failure? -I am trying to shutdown a couple of GRE tunnels on
  a router if it detects failure of a eBGP peer.... -thanks for any/all pointers....

  I don't know why you're using multiple events here.  I was thinking:
  event manager environment q "
  event manager applet bgp-up
  event system pattern "BGP.*neighbor 10.0.0.114 Up"
  action 001 cli command "enable"
  action 002 cli command "config t"
  action 003 cli command "event manager applet bgp-up-timer"
  action 004 cli command "event timer countdown time 900"
  action 005 cli command "action 1.0 cli command enable"
  action 006 cli command "action 2.0 cli command $q config t$q"
  action 007 cli command "action 3.0 cli command $q router bgp 1$q"
  action 008 cli command "action 4.0 cli command $q redistribute ospf 1$q"
  action 009 cli command "action 5.0 cli command end"
  action 010 cli command "end"
  event manager applet bgp-down
  event syslog pattern "BGP.*neighbor 10.0.0.114 Down"
  action 1.0 cli command "enable"
  action 2.0 cli command "config t"
  action 3.0 cli command "no event manager applet bgp-up-timer"
  action 4.0 cli command "router bgp 1"
  action 5.0 cli command "no redistribute ospf 1"
  action 6.0 cli command "end"

• 3850 and BGP

  This is a fairly general question, but I have a stack of two 3850 switches with the IP Services IOS (or whatever its called now in IOS 15, it's the license that removes EIGRP stub) for a new deployment with Two ISP's.  Both ISP's will hand us an Ethernet port, and we will peer with each ISP with BGP to advertise our address space (a single /22).  We will receive a default route from one ISP, and a default route and the ISP's local routes from the other.
  We originally planned to use two 2921 routers to peer with the ISP's, but I'm not sure thats necessary.  Does BGP work pretty well on the 3850's in others experiences?

   No NAT.  As I stated above, we are only getting default routes and maybe one ISP's local routes, so the routing table size won't be an issue.  If it does, I'll just accept default routes and that will be that.
  All BGP features we currently use appear to be supported by the 3850, or at least it accepted the commands.  Our config isn't anything special.  Just curious about peoples impressions of BGP on the 3850's.
  thanks!

• Best Practice Two ISPs and BGP

  Hello Experts.
  I was wanting to hear opinions for the best way to setup two ISR4431's with two 2960x's and two ASA firewalls.
  My current design is:
  ISP1 router -> ISR4431-A ->{2960x pair} -> ASA-A
  ISP2 router -> ISR4431-B ->{2960x pair} -> ASA-B
  Currently using public BGP and HSRP on the inside with an SLA monitor to a public IP.
  If HSRP is the best way to accomplish this, how do i solve these two problems or is there a better design? (The two 4431's are not connected to each other currently.)
  -Least Cost routing (i guess that is what its called) - I want to visit a website that is located on ISP2's network (or close to it), but HSRP currently has ISP1 as active. If i go out ISP1 it may go around the country or 10 hops before it hit a site that is 4 hops away on the other ISP.
  -Assymetric routing - i think that is where a reply comes in the non-active ISP - how do i prevent that.
  I am really just looking for design advice about the best way to use this hardware to create as much redundancy as possible and best performance possible. If you could just share your opinion of "I would use ____" or give me a stamp of reassurance on the above design and any opinion on the two problems.
  Thanks for the time!

  Hi,
  If you are running BGP with the service provides, you need an IBGP link between the 2 ISR-4431 routers.  If for example you want traffic to go out using sp-1 and come back using the same provider you need to us AS path prepending, so sp-2 sees a longer path to your network  and so traffic goes out and comes back through the same provider.  In this case you use sp-2 as backup link, if not you can be dealing with Asymmetric routing. In addition, for HSRP/VRRP to work both routers should be connecting to the set of  2960x switches. You can simply stack the 2960x switches so they logically look as one device. The same should go for the firewalls. They should connect to the switch stack.
  HTH

• The best solution? Hub-and-spoke, Peer-to-peer, Multi-cast?

  By the best solution, I mean in terms of price and quality (latency, minimum lag, etc)
  App type: Video conferencing
  Platforms: PC, Mobile (Android, iOS) [If mobile support would reduce performance or increase costs, I am willing to scrap it]
  Users: There will be 5 - 30 users logged into the service in the same room at a time. And a maximum of  5 - 7 users in that room will have their webcam's on at any given time.
  My main concern is performance, Since I might make it a paid service in the future, I don't think users would pay for something that has a lot of lag or trailing effects.
  So I was hoping to get some advice on how I should set it up and pros and cons in respect to LCCS

  Hi Sam,
  Let me add my two cents here, when speaking about MAN deployments the name of the game is MPLS, so I guess you are using the same on your Cat 6500s and connecting your customers on 3550s using Vlans.
  Regarding your questions:
  a) Upgrading Ethernet to L3 for traffic shaping: This is basically done at 3550, so I suppose that's what you intend to do, plus you will be letting Spokes talk to only Hub site, so inter Vlan, atleast between Hub and each spoke will be required, hence inter valn routing. Other way is to configure P2P circuits between Hub site with Vlan mapping (per spoke) and Spoke sites with Port mapping, in this scenario Inter Vlan routing is not a necessity.
  b) Security: This depends on what exact architecure you have deployed, in my case I have simply installed a Gateway router with BGP peering with PEs, a separate VRF alongwith redistribution does the trick.
  Hope I addresses the query correctly, let me know if that helped..
  Cheers
  ~sultan

• Direct Connect OSPF and BGP AWS failover setup

  Hi,
  We recently installed AWS Direct Connect which was successful but now we are looking at the best way to  automatically fail over if our Direct Connect fails to route via our back VPN.
  The setup
  Cisco 6500 distributes routes via OSPF internally to all production environments with one area set.
  A second Cisco 2901 was installed to support the AWS Direct Connect which uses BGP with a single ASN. This router is connected to the Cisco 6500 and now within the OSPF area.  Static routes exist to the Cisco 2901 currently which unless we physically detach from the network fail over wont work.
  What we want to achieve
  The Cisco 2901 Direct Connect to be the default AWS route until we have a link issue or alike and dynamically fail over to our VPN via the firewall to AWS.  What we are confused is do we advertise these BGP routes within OSPF or should we setup BGP on the Cisco 6500? 
  I appreciate your time.

  Hi,
  We recently installed AWS Direct Connect which was successful but now we are looking at the best way to  automatically fail over if our Direct Connect fails to route via our back VPN.
  The setup
  Cisco 6500 distributes routes via OSPF internally to all production environments with one area set.
  A second Cisco 2901 was installed to support the AWS Direct Connect which uses BGP with a single ASN. This router is connected to the Cisco 6500 and now within the OSPF area.  Static routes exist to the Cisco 2901 currently which unless we physically detach from the network fail over wont work.
  What we want to achieve
  The Cisco 2901 Direct Connect to be the default AWS route until we have a link issue or alike and dynamically fail over to our VPN via the firewall to AWS.  What we are confused is do we advertise these BGP routes within OSPF or should we setup BGP on the Cisco 6500? 
  I appreciate your time.

• New ARIN Block Transition and BGP Setup

  Hello all,
  First post on the forum so I bear with me.  I am still young in my carrier and have not worked with BGP on a professional level.
  We received a new IP Address block from ARIN and need to transition to it.  The boss does not want to do a hard cut over but a phased migration instead.  I need to know if this is possible and any configuration guides that might be handy.
  Our current IP block is a /26 given to us by our ISP routing protocols are all handed by them we just use gateway of last resort/static routing.
  Is it possible to use the same physical link but use sub-interfaces in order to keep our current setup but allow for setup of BGP and the new ARIN block over the same physical interface up to the ISP?
  Has anyone transitioned this way before? Or know of any guides that might help me out in the configuration of something like this.  We are still in the planing phase and I just need to know if this is a viable solution or do we get another ISP (which is going to happen anyway eventually) and migrate over external services that way.
  Thank you,
  Jon

  Jon
  Am I correct in understanding that you have a single router connecting to a single ISP for Internet connectivity? And that the ISP handles routing to you and you have static routes pointing to the ISP? And that you now have been assigned your own block of addresses?
  If I have understood correctly then I will suggest to you that you may not need to use BGP as you implement the new address block. I would suggest that you could use this approach:
  - configure the new address block inside your network. Ask your ISP to route to these addresses over the existing connection (the ISP should be able to establish a static route for this block in their routing logic).
  - your ISP might ask you to advertise the address block to them. In that case you may need to run a dynamic routing protocol between your router and the ISP. Ask the ISP what routing protocol they support. BGP is probably one alternative but the ISP may have other routing protocols that they support for customer connections.
  HTH
  Rick

• VPN and BGP selection

  I have two routers connected to each other via an eBGP protocol. 
  They are also connected by IPSec/GRE ,
  I want that IPSec/GRE link to be only used when the eBGP link breaks down.
  So under normal circumstances only eBGP should be used.
  Thanks
  Can someone advice me please?

  Definitely need to see a topology on this one. Too many ways this could work or not work.
  @Colin_Clark, GRE/IPSec tunnel are not exclusive to eBGP. If the GRE tunnel destination is not known via the eBGP peer, there is no dependency. You can easily imagine how this is possible:
  Suppose Datacenter1 and Datacenter2 are connected via a L2 WAN service ( say VPLS)
  Say this is expensive so the OP doesn't want to get to of these. Instead, they have a 100Mbps internet link..they leverage IPSEC/GRE viat the Internet link as intra-datacenter back up link
  Then the two routers have an eBGP session. And the tunnel destinations for the GRE tunnel use the back internet link. If this is the OPs setup ( and the eBGP session is established using loopback addresses on the routers), then there is no problem--but I'm not going to bother guessing at what the OPs network is like.

• ASR Zones and BGP

  We're designing a second datacenter and are looking at routers for both our MPLS network and our Internet edge. In our current datacenter we have 4x3945e routers, two on the MPLS networks and two on the Internet edge networks. Since we're going to have a 1GB link between the two datacenters, I started looking at the ASR platform for it's impressive throughput compared to the 3945e.
  I noticed the Enterprise Applications feature supports zone-based policy firewall, which seems appealing. Given the raw power of the ASR and the ability to support zones, it seems one router could handle both the external Internet access and the MPLS traffic, each residing on it's own zone.
  Considering the ASR 1001x, my two questions are
  Is my assumption correct or would the above be a security concern?
  Can each zone support a different BGP AS number?
  Thank you,
  Denny

  From within the zone, you can see what pool you're bound to by simply using
  the -q argument to poolbind(1M) with a valid pid, such as "poolbind -q $$".
  Alternatively, you can use the pooladm(1M) command with no arguments.
  Note that if you don't have pools active, this will result in a "Facility is not active"
  message but otherwise you'll see the details about the pool this zone is bound
  to.
  From the global zone, you can see the actual pool the zone is currently bound
  by doing something like "zlogin myzone 'poolbind -q $$'". And you can see
  which pool the zone will attempt to bind to the next time it reboots by using
  the "zonecfg -z myzone info pool" command.
  Does this help?