Suppressing Specific BGP peers

I worked around this issue by changing the alert logic. The original alert looks at if a Peer state is not established and Admin state is set to start. What I did was change it to alert only if a Peer state that is already established is changed to anything other then established. 

To do this, you simply need to add in a check for the prior result of Peer State. It would look like the following:  result(o_<Peer State>, enums={1:'idle', 2:'connect', 3:'active', 4:'opensent', 5:'openconfirm', 6:'established'}, label='o_<Remote IP Address>') != 6 and o_<Peer Admin Status> == 2 and prior(o_<Peer State>) == 6

So an alert will only fire if an already established Peer is no longer established. So old stale peers will no longer factor into this alert. 

I think there are no easy answers for this. We are struggling with same issues. If event policies could have white lists then there could be separate event policy for each device and there have regexes to filter stuff out. Suppressing makes this really difficult. One possibility could be to make RBA that checks those BGP events and have then a list of device/BGP pairs, and if find such event, then closes it.