Drop in the number of BGP received routes-juniper-junos

discobot · November 22, 2018, 1:43pm

Drop in the number of BGP received routes-juniper-junos

Vendor: juniper

OS: junos

Description:
indeni will track the number of BGP connections to detect when the number of connections drops.

Remediation Steps:

    "Identify any network and server issues which may be causing this.

junos-show-bgp-neighbor

name: junos-show-bgp-neighbor
description: Retrieve BGP neighbor information
type: monitoring
monitoring_interval: 1 minute
requires:
  vendor: juniper
  os.name: junos
comments:
  bgp-received-routes:
    why: |
      Check if a BGP neighbor's received routes changed in a substantial way.
    how: |
      This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show bgp neighbor" command.
      The output includes the status of active/established/inactive BGP neighbors.
    can-with-snmp: false
    can-with-syslog: true
  bgp-state:
    why: |
      Due to the dynamic nature of BGP, it should be closely monitored to verify that it is working correctly.
      Since routing is a vital part of any network, a failure or issues in dynamic routing can cause large disruptions.
    how: |
      This script logs into the Juniper JUNOS-based device using SSH and retrieves the output of the "show bgp neighbor" command.
      The output includes the status of active/established/inactive BGP neighbors.
    can-with-snmp: false
    can-with-syslog: true
steps:
  -   run:
        type: SSH
        command: show bgp summary
      parse:
        type: AWK
        file: show-bgp-neighbor.parser.1.awk

cross_vendor_bgp_drop_detection

package com.indeni.server.rules.library.core
import com.indeni.ruleengine.expressions.OptionalExpression
import com.indeni.ruleengine.expressions.core.{ConstantExpression, StatusTreeExpression}
import com.indeni.ruleengine.expressions.data.{SelectTagsExpression, SelectTimeSeriesExpression, TimeSeriesExpression}
import com.indeni.ruleengine.expressions.tools.ChangeDetectionExpression
import com.indeni.ruleengine.expressions.utility.IsEmptyExpression.IsEmptyExpressionHelper
import com.indeni.server.common.data.conditions.True
import com.indeni.server.params.ParameterDefinition
import com.indeni.server.params.ParameterDefinition.UIType
import com.indeni.server.rules.library.{ConditionalRemediationSteps, PerDeviceRule, RuleHelper}
import com.indeni.server.rules.{DeviceCategory, DeviceKey, RuleCategory, RuleContext, RuleMetadata}
import com.indeni.server.sensor.models.managementprocess.alerts.dto.AlertSeverity


case class BgpDropDetectionRule() extends PerDeviceRule with RuleHelper {


  private[library] val confidenceLevelParameterName = "Confidence_Level_Threshold"
  private val confidenceLevelParameter = new ParameterDefinition(confidenceLevelParameterName,
    "",
    "Confidence Level (%)",
    "If the number of BGP received routes drops drastically, an issue will be triggered..",
    UIType.DOUBLE,
    95)


  override val metadata: RuleMetadata = RuleMetadata.builder(
    "cross_vendor_bgp_drop_detection",
    "Drop in the number of BGP received routes",
    "indeni will track the number of BGP connections to detect when the number of connections drops.",
    AlertSeverity.INFO,
    categories = Set(RuleCategory.HealthChecks),
    deviceCategory = DeviceCategory.AllDevices)
    .configParameters(confidenceLevelParameter).build()

  override def expressionTree(context: RuleContext): StatusTreeExpression = {
    val confidenceLevel: OptionalExpression[Double] = getParameterDouble(confidenceLevelParameter)
    val actualValue = TimeSeriesExpression[Double]("bgp-received-routes")
    val changeDetectionExp = ChangeDetectionExpression(actualValue, confidenceLevel).down().withLazy

    StatusTreeExpression(
      // Which objects to pull (normally, devices)
      SelectTagsExpression(context.metaDao, Set(DeviceKey), True),

      // What constitutes an issue
      StatusTreeExpression(
        // The additional tags we care about (we'll be including this in alert data)
        SelectTagsExpression(context.tsDao, Set("name"), withTagsCondition("bgp-received-routes")),

        StatusTreeExpression(
          // The time-series we check the test condition against:
          SelectTimeSeriesExpression[Double](context.tsDao, Set("bgp-received-routes"), denseOnly = true),

          // The condition which, if true, we have an issue. Checked against the time-series we've collected
          changeDetectionExp.nonEmpty
        ).withSecondaryInfo(
          scopableStringFormatExpression("${scope(\"name\")}"),
          scopableStringFormatExpression("Number of BGP received routes dropped by %.2f%%. From %.2f on average to %.2f on average", changeDetectionExp.changePercentage, changeDetectionExp.before, changeDetectionExp.after),
          title = "Drop in BGP routes"
        ).asCondition()
      ).withoutInfo().asCondition()
    ).withRootInfo(
      getHeadline(),
      ConstantExpression(
        "Number of BGP connections dropped drastically."),
      ConditionalRemediationSteps(
        "Identify any network and server issues which may be causing this.")
    )
  }
}