Page tree
Skip to end of metadata
Go to start of metadata

Border Gateway Protocol (BGP) is a standardized routing protocol designed to exchange routing and "reachability" information between autonomous systems (AS) on the Internet or within an organization. Peers (e.g., network devices that share computing resources) that have been manually configured to exchange routing information will form a TCP connection and begin speaking BGP. An important aspect of BGP is that routers will not import any routes that contain themselves in the AS-Path. The AS-Path therefore serves as an anti-loop mechanism. BGP is sometimes used to provide multi-homing for medium-sized networks. BGP is often used between subnets on internal company networks.

When you enable and configure BGP Discovery, Lumeta peers with your BGP infrastructure, "listens to" and reports on BGP traffic and routing updates. BGP Discovery pulls BGP routes from the BGP-configured router in each zone. It does this by leveraging the exchange of route information among BGP-configured peer routers. This means, therefore, that when you configure BGP, you must specify BGP peer routers in order to generate results. Without a peer, there will be no result. 

Lumeta collects the CIDR routes it gets from BGP, the ASN (Autonomous System Number) from which the route came, an indicator as to whether the route has been withdrawn, and the AS-Path.

Ask your system administrator for the IP Address and authentication information for a BGP Peer Router, of which there is typically one per zone. The admin will need to configure your system as a peer: You'll give them your IP address and the admin should provide you with an AS Number that you'll use when you configure your BGP peer.

The BGP discovery process does not inject routes into the BGP peer environment from which it collects information.

Only Lumeta users with Manager or Superuser permissions can input BGP Peer data.

Incompatibility between FIPS 140-2 mode and BGP authentication

BGP with authentication will not work on a FIPS 140-2 enabled system because the BGP authentication method involves the kernel using MD5, which is forbidden when it's running in FIPS 140-2 compliant mode.

Specific BGP-related findings are available in two reports:  BGP Routes and BGP Scanner History.

BGP Routes Report

BGP Scanner History

BGP results are folded into the Host and Path scanners (subject to Eligible / Avoid lists) and then into further scanners, producing more robust and comprehensive device details.

Question: What do we collect from BGP today?

Answer: Today Lumeta collects the CIDR routes it gets from BGP peers, the ASN (Autonomous System Number), whether the route has been withdrawn, and the AS-Path

Question:  What happens if I select Skip BGP Router in the SNMP Discovery tab, yet configure the BGP Discovery tab?

Answer:   The two items are completely independent and entirely different. By Skipping BGP Router in the SNMP tab, you will avoid collecting BGP routes to the Internet. By enabling BGP listening in the BGP tab, you will cause Lumeta to passively listen to BGP talk between subnets on your zone, thereby generating more comprehensive results. BGP Listening focuses on BGP listening to inter-network traffic, which is akin to OSPF listening. In the SNMP tab, however, the focus is on gathering BGP routes, which are ingested to the SNMP discovery process, amplifying results. 

The SNMP discovery agent can also collect or skip route tables from BGP routers. The field is labeled "Skip BGP" rather than "Collect BGP" because Border Gateway Protocol (BGP) routers are likely to be Internet-facing. These BGP routers often hold very large routing tables that are irrelevant to your network; collecting these routing tables is typically time consuming and does not provide useful information. 

The Maximum Route Table Size option is another mechanism that, like Skip BGP, stops Lumeta's discovery agent from wasting time collecting routing tables that do not provide useful information.

Identifying BGP Peers

Navigate to Settings > Support Tools > BGP Current Status for details on BGP Peers in all zones.

Configuring BGP Monitoring

To begin discovering devices on your network immediately, configure a collector to execute passive monitoring first. Passive discovery provides instantaneous network updates and broadens understanding of a network's core.

New expiration policy for stored route data
BGP and other route data expires by default two days after they were last updated. This ensures that Lumeta targets and reports on fresh data only. All other routes expire after twice the maximum rescan interval configured within their zone. Previously, route information discovered via SNMP, BGP, or OSPF stayed in the system and could be reported on and targeted indefinitely, even after the target destination ceased to exist. These intervals are configurable without restarting the application, but Lumeta cautions against making such changes because of the additional layer of complexity this brings to diagnosing issues.

The passive discovery types are Broadcast, OSPF, and BGP.

BGP and all passive discovery types are not impacted by a collector's rescan interval because passive discovery never sends out packets. The rescan interval only comes into play for active discovery methods  configured on a collector such as Host Discovery and Path Discovery.

Configuring BGP

To configure BGP from the Lumeta main menu, do the following:

  1. Browse to Settings > Zones > Zone Collectors > BGP > BGP Peers.
  2. Click Add. 
  3. Input the IP Address, Remote AS (this is the AS that your BGP peer expects Lumeta to have), and––if necessary––a Password for each BGP peer you add.
    The Password field is optional.

    Notice that the IP address can be either IPv4 or IPv6. 

  4. Click CreateConfiguration > Edit.

  5.  Click the Enable BGP Discovery > Create.
    BGP is enabled and begins listening immediately.

BGP Syntax in CLI

If you need to configure BGP from the command-line interface (CLI), use this syntax:

Enable BGP
collector bgp <collector name> enabled [ true | false ] 

Add Peer
collector bgp <collector name> peer new <ipaddr> <remote AS> <password> - where <password> field is optional

Delete Peer

collector bgp <collector name> peer delete <ipaddr

To see which protocols are the most responsive in your network, browse to Reports > Browse Real-Time
and check out these reports:

Discovery Statistics by Discovery TypeDiscovery Statistics by Protocol

  • No labels