BGP peer(s) down-paloaltonetworks-panos

BGP peer(s) down-paloaltonetworks-panos
0

BGP peer(s) down-paloaltonetworks-panos

Vendor: paloaltonetworks

OS: panos

Description:
Indeni will alert one or more BGP peers isn’t communicating well.

Remediation Steps:
Review the cause for the peers being down.
Consider starting at https://live.paloaltonetworks.com/t5/Configuration-Articles/BGP-Routes-are-not-Injected-into-the-Routing-Table/ta-p/54938 . You can also log into the device over SSH and run "less mp-log routed.log\

How does this work?
This alert uses the Palo Alto Networks API to retrieve the current status of the BGP peers (the equivalent of running “show routing protocol bgp peer” in CLI).

Why is this important?
Once BGP is configured on a Palo Alto Networks firewall (using a guide such as https://live.paloaltonetworks.com/t5/Configuration-Articles/Tech-Note-How-to-Configure-BGP/ta-p/62581 ) it is important to track the health of each BGP connection. If a BGP peer is not responding, certain dynamic routes which were expected might not be available, resulting in service disruption.

Without Indeni how would you find this?
The status of BGP peers is accessible through the CLI. An administrator would normally review their status during a service outage.

panos-show-protocol-bgp-peer

name: panos-show-protocol-bgp-peer
description: Fetch the status of the BGP peers
type: monitoring
monitoring_interval: 1 minute
requires:
    vendor: paloaltonetworks
    os.name: panos
    product: firewall
comments:
    bgp-state:
        why: |
            Once BGP is configured on a Palo Alto Networks firewall (using a guide such as https://live.paloaltonetworks.com/t5/Configuration-Articles/Tech-Note-How-to-Configure-BGP/ta-p/62581 ) it is important to track the health of each BGP connection. If a BGP peer is not responding, certain dynamic routes which were expected might not be available, resulting in service disruption.
        how: |
            This alert uses the Palo Alto Networks API to retrieve the current status of the BGP peers (the equivalent of running "show routing protocol bgp peer" in CLI).
        without-indeni: |
            The status of BGP peers is accessible through the CLI. An administrator would normally review their status during a service outage.
        can-with-snmp: true
        can-with-syslog: true
steps:
-   run:
        type: HTTP
        command: /api?type=op&cmd=<show><routing><protocol><bgp><peer><%2Fpeer><%2Fbgp><%2Fprotocol><%2Frouting><%2Fshow>&key=${api-key}
    parse:
        type: XML
        file: show-routing-protocol-bgp-peer.parser.1.xml.yaml

cross_vendor_bgp_peer_down

Failed to fetch the data: https://bitbucket.org/indeni/indeni-knowledge/src/master/rules/templatebased/crossvendor/cross_vendor_bgp_peer_down.scala

very cool. i think this is very useful for monitoring platforms.