Forum Discussion

KBrinkerhoff's avatar
KBrinkerhoff
Icon for Contributor II rankContributor II
30 days ago

Suppressing Specific BGP peers

There's been a number of times where we have come across customers who have BGP peers that are not in use or sporadically in use, but they do not wish to remove it from their configs.  As a result we get perpetual alerts, but we cannot suppress them as the event suppressed would prevent all bgp peers from alerting.  Anyone have thoughts on some ways to single out peers that can be ignored on a per device level?  

Side note: We are using Powerflow and ServiceNow so we can possibly do something in the path as well.  ServiceNow could take care of it, but doesn't help with the peers that flap.

event_management
  • AbelLeyva's avatar
    AbelLeyva
    Icon for Employee rankEmployee
    20 days ago

    I worked around this issue by changing the alert logic. The original alert looks at if a Peer state is not established and Admin state is set to start. What I did was change it to alert only if a Peer state that is already established is changed to anything other then established. 

    To do this, you simply need to add in a check for the prior result of Peer State. It would look like the following:  result(o_<Peer State>, enums={1:'idle', 2:'connect', 3:'active', 4:'opensent', 5:'openconfirm', 6:'established'}, label='o_<Remote IP Address>') != 6 and o_<Peer Admin Status> == 2 and prior(o_<Peer State>) == 6

    So an alert will only fire if an already established Peer is no longer established. So old stale peers will no longer factor into this alert. 

  • teppotahkapaa's avatar
    teppotahkapaa
    Icon for Expert rankExpert
    28 days ago

    I think there are no easy answers for this. We are struggling with same issues. If event policies could have white lists then there could be separate event policy for each device and there have regexes to filter stuff out. Suppressing makes this really difficult. One possibility could be to make RBA that checks those BGP events and have then a list of device/BGP pairs, and if find such event, then closes it.