BGP peer(s) down-paloaltonetworks-panos

error
health-checks
panos
paloaltonetworks
BGP peer(s) down-paloaltonetworks-panos
0

#1

BGP peer(s) down-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Indeni will alert one or more BGP peers isn’t communicating well.

Remediation Steps:
Review the cause for the peers being down.
Consider starting at https://live.paloaltonetworks.com/t5/Configuration-Articles/BGP-Routes-are-not-Injected-into-the-Routing-Table/ta-p/54938 . You can also log into the device over SSH and run “less mp-log routed.log”.

How does this work?
This alert uses the Palo Alto Networks API to retrieve the current status of the BGP peers (the equivalent of running “show routing protocol bgp peer” in CLI).

Why is this important?
Once BGP is configured on a Palo Alto Networks firewall (using a guide such as https://live.paloaltonetworks.com/t5/Configuration-Articles/Tech-Note-How-to-Configure-BGP/ta-p/62581 ) it is important to track the health of each BGP connection. If a BGP peer is not responding, certain dynamic routes which were expected might not be available, resulting in service disruption.

Without Indeni how would you find this?
The status of BGP peers is accessible through the CLI. An administrator would normally review their status during a service outage.

panos-show-protocol-bgp-peer

#! META
name: panos-show-protocol-bgp-peer
description: Fetch the status of the BGP peers
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: paloaltonetworks
    os.name: panos
    product: firewall

#! COMMENTS
bgp-state:
    why: |
        Once BGP is configured on a Palo Alto Networks firewall (using a guide such as https://live.paloaltonetworks.com/t5/Configuration-Articles/Tech-Note-How-to-Configure-BGP/ta-p/62581 ) it is important to track the health of each BGP connection. If a BGP peer is not responding, certain dynamic routes which were expected might not be available, resulting in service disruption.
    how: |
        This alert uses the Palo Alto Networks API to retrieve the current status of the BGP peers (the equivalent of running "show routing protocol bgp peer" in CLI).
    without-indeni: |
        The status of BGP peers is accessible through the CLI. An administrator would normally review their status during a service outage.
    can-with-snmp: true
    can-with-syslog: true

#! REMOTE::HTTP
url: /api?type=op&cmd=<show><routing><protocol><bgp><peer><%2Fpeer><%2Fbgp><%2Fprotocol><%2Frouting><%2Fshow>&key=${api-key}
protocol: HTTPS

#! PARSER::XML
_vars:
    root: /response/result
_optional_metrics:
    -
        _groups:
            ${root}/entry:
                _tags:
                    "im.name":
                        _constant: "bgp-state"
                    "live-config":
                        _constant: "true"
                    "display-name":
                        _constant: "BGP Peers - State"
                    "im.dstype.displayType":
                        _constant: "state"
                    "name":
                        _text: "peer-group"
                    "im.identity-tags":
                        _constant: "name"
                _temp:
                    "status":
                        _text: "status"
        _transform:
            _value.double: |
                {
                    if (temp("status") == "Established") {
                        print "1.0"
                    } else {
                        print "0.0"
                    }
                }

cross_vendor_bgp_peer_down

package com.indeni.server.rules.library.templatebased.crossvendor

import com.indeni.server.rules.RuleContext
import com.indeni.server.rules.library.{ConditionalRemediationSteps, StateDownTemplateRule}

/**
  *
  */
case class cross_vendor_bgp_peer_down() extends StateDownTemplateRule(
  ruleName = "cross_vendor_bgp_peer_down",
  ruleFriendlyName = "All Devices: BGP peer(s) down",
  ruleDescription = "Indeni will alert one or more BGP peers isn't communicating well.",
  metricName = "bgp-state",
  applicableMetricTag = "name",
  alertItemsHeader = "Peers Affected",
  alertDescription = "One or more BGP peers are down.",
  baseRemediationText = "Review the cause for the peers being down.")(
  ConditionalRemediationSteps.VENDOR_CP -> "Consider reading Tobias Lachmann's blog on BGP: https://blog.lachmann.org/?p=1771",
  ConditionalRemediationSteps.VENDOR_PANOS -> "Consider starting at https://live.paloaltonetworks.com/t5/Configuration-Articles/BGP-Routes-are-not-Injected-into-the-Routing-Table/ta-p/54938 . You can also log into the device over SSH and run \"less mp-log routed.log\".",
  ConditionalRemediationSteps.OS_NXOS ->
    """|
      |1. Get information for all BGP neighbors by running the "show bgp vrf all sessions" NX-OS command
      |2. Get a summary list of BGP neighbors and statistics by executing the "show ip bgp vrf all summary" NX-OS command
      |3. Get detailed information from a BGP neighbor by running the "show ip bgp neighbors X.X.X.X" NX-OS command
      |4. Check global BGP process information with the "show bgp process" NX-OS command
      |5. Review the logs for relevant findings
      |6. For more information please review  following CISCO BGP troubleshooting flow chart:
      |https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/22166-bgp-trouble-main.html#anc6""".stripMargin
)
{
  override def deviceCondition(context: RuleContext) = generateDevicePassiveAndPassiveLinkStateCondition(context.tsDao)
}