BMP (BGP Monitoring Protocol)
Plugin: netflow-plugin Module: bmp
Overview
Enrich network flows with BGP next-hop, AS path, communities, and routing context received directly from routers. BMP (BGP Monitoring Protocol, RFC 7854) lets a router push its BGP route updates to a passive collector. With this integration enabled, Netdata is that collector -- it listens for BMP TCP connections from your routers, parses BGP UPDATE messages carried inside RouteMonitoring frames, and builds an in-memory routing trie that flow enrichment then reads from.
Every flow whose source or destination IP matches a learned prefix gains:
SRC_AS / DST_AS (when the routing provider in asn_providers reaches BGP
data), SRC_MASK / DST_MASK (when routing reaches BGP data in net_providers),
plus -- for the destination side only -- NEXT_HOP, DST_AS_PATH,
DST_COMMUNITIES, and DST_LARGE_COMMUNITIES (RFC 8092). Source-side AS path and
communities are not surfaced; BGP path attributes are most meaningful for the
destination of the traffic. AS names (*_AS_NAME) come from the GeoIP/ASN MMDB,
not from BMP -- BMP gives you accurate AS numbers and path/communities.
AS path, communities, and large communities are written to the raw flow journal
only -- the rollup tiers do not carry them. NEXT_HOP is carried in both raw and
rollup.
For the cross-cutting Enrichment concept (provider chains, shared trie with BioRIS, withdrawal handling, restart convergence), see Enrichment.
The plugin runs a TCP listener on 0.0.0.0:10179. This port is the Akvorado
convention -- RFC 7854 does not register a port, and IANA does not assign one
for BMP. Each connecting router must first send an Initiation message; the plugin
then processes RouteMonitoring (carrying BGP UPDATE), PeerDownNotification, and
Termination frames. PeerUp, StatisticsReport, and RouteMirroring frames are
accepted but not acted on. Only BMP version 3 is processed; v1 and v2 frames
are silently dropped.
NLRI families parsed: IPv4/IPv6 unicast, IPv4/IPv6 MPLS-labelled, VPNv4, VPNv6, and EVPN IP-prefix routes.
BMP and BioRIS share a single in-memory routing trie. A full IPv4+IPv6 BGP table
is roughly 1.2M prefixes per peer; each entry stores Vec<u32> AS-path,
Vec<u32> communities, Vec<(u32,u32,u32)> large communities, plus a route_key
string per path. Expect several hundred MB of resident memory per peer with a full
feed. The trie has no time-based eviction -- routes leave only via explicit BGP
withdrawal (MP_UNREACH or withdraw_routes), PeerDown, or session disconnect
followed by the keep interval expiring (default 5 minutes).
This integration is only supported on the following platforms:
- Linux
This integration runs as a single instance per Netdata Agent.
Default Behavior
Auto-Detection
Disabled by default. Set enrichment.routing_dynamic.bmp.enabled to true and configure your routers to dial in.
Limits
Memory and CPU scale with the number of BMP sessions, routing tables, prefixes, AS paths, and communities. Full-table router feeds can consume hundreds of MB per peer.
Performance Impact
Disabled until BMP is configured. Once active, BMP updates maintain an in-memory routing trie used for enrichment, so resource use scales with routing-table size and update rate.
Setup
Prerequisites
BMP-capable routers
Common vendor configuration patterns:
- Cisco IOS-XR --
bmp server Nglobal block plusbmp-activate server Nunderrouter bgp ... neighbor. - Cisco IOS-XE 3.12 / 15.4 or later --
bmp server Nnested insiderouter bgpwithactivate. - Juniper JunOS (BMP support since 13.3, RFC 8671 Adj-RIB-In since 18.3R1)
--
routing-options bmp ...with one or more named stations. - Arista EOS --
router bgp ... bgp monitoringwith one or moremonitoring stationblocks (active connection). - Nokia SR OS (MD-CLI) --
/configure bmpplus per-routerbgp monitor. - FRR (bgpd) --
bmp targetsblock underrouter bgp. Note the loadable module:bgpdmust be started with-M bmpor every BMP command silently fails.
The plugin parses RFC 7854 BMP version 3 only. Older draft versions (v1, v2) are silently dropped.
TCP reachability between routers and the agent
Routers initiate the connection -- the plugin is a passive listener. Allow inbound TCP on the configured port (default 10179) from each BMP-speaking router to the agent. The plugin does not retry; it waits for the router to reconnect.
No TLS, no authentication
The listener accepts plain TCP only. Restrict access at the firewall and use a dedicated management network -- never expose 10179 to the public internet. BMP carries your full routing table; treat it as sensitive.
Configuration
Options
All BMP options live under enrichment.routing_dynamic.bmp in netflow.yaml.
Config options
| Option | Description | Default | Required |
|---|---|---|---|
| enabled | Master switch. Set to true to start the listener. | false | no |
| listen | TCP bind address (host:port). | 0.0.0.0:10179 | no |
| keep | Grace window after a BMP disconnect before purging that session's routes from the trie. | 5m | no |
| max_consecutive_decode_errors | Close the session after N consecutive decode errors. | 8 | no |
| receive_buffer | Optional SO_RCVBUF per connection in bytes (0 = OS default). | 0 | no |
| collect_asns | When false, AS numbers from BMP are forced to 0 before storage. | true | no |
| collect_as_paths | When false, AS paths are dropped before storage. | true | no |
| collect_communities | When false, communities and large communities are dropped before storage. | true | no |
| rds | Whitelist of accepted Route Distinguishers for L3VPN peers. Empty list accepts everything. Formats: numeric 0, "ASN:idx", "IPv4:idx", or full text RD. | [] | no |
via File
The configuration file name for this integration is netflow.yaml.
You can edit the configuration file using the edit-config script from the
Netdata config directory.
cd /etc/netdata 2>/dev/null || cd /opt/netdata/etc/netdata
sudo ./edit-config netflow.yaml
Examples
Enable BMP listener
Start the listener on the default port.
enrichment:
routing_dynamic:
bmp:
enabled: true
listen: "0.0.0.0:10179"
keep: 5m
Cisco IOS-XR router config
Vendor-side config to send BMP to Netdata. The bmp server block is
global, not under router bgp. Each neighbor that should be exported
needs bmp-activate server N. IOS-XR's default route monitoring is
pre-policy (Adj-RIB-In before inbound policy). Set
route-monitoring policy post inbound if you prefer post-policy.
Config
bmp server 1
host 10.0.0.10 port 10179
description "Netdata BMP collector"
update-source Loopback0
initial-delay 5
stats-reporting-period 60
initial-refresh delay 30 spread 2
!
router bgp 65000
neighbor 192.0.2.1
bmp-activate server 1
Cisco IOS-XE router config
IOS-XE 3.12 / 15.4 or later. The bmp server N block lives inside
router bgp, unlike IOS-XR.
Config
router bgp 65000
bmp server 1
address 10.0.0.10 port-number 10179
description "Netdata BMP collector"
initial-delay 10
stats-reporting-period 60
update-source GigabitEthernet1
activate
exit-bmp-server-mode
!
neighbor 192.0.2.1 bmp-activate all
Juniper JunOS router config
Named station form. JunOS supports both pre-policy (RFC 7854) and post-policy / Adj-RIB-In (RFC 8671, JunOS 18.3R1+).
Config
set routing-options bmp station netdata station-address 10.0.0.10
set routing-options bmp station netdata station-port 10179
set routing-options bmp station netdata connection-mode active
set routing-options bmp station netdata local-address 10.0.0.1
set routing-options bmp station netdata statistics-timeout 60
set routing-options bmp station netdata route-monitoring pre-policy
set routing-options bmp station netdata monitor enable
Arista EOS router config
EOS uses bgp monitoring plus one or more monitoring station blocks
inside router bgp. Active connection mode is the equivalent of all
other vendors (router dials Netdata).
Config
router bgp 65000
bgp monitoring
monitoring station netdata
update-source Management1
connection address 10.0.0.10
connection mode active port 10179
export-policy received routes post-policy
export-policy bgp rib bestpaths
FRR (bgpd) router config
Critical -- BMP is a runtime module in FRR. Without -M bmp in
/etc/frr/daemons (bgpd_options), every BMP command silently fails.
Config
# /etc/frr/daemons:
# bgpd_options=" -A 127.0.0.1 -M bmp"
router bgp 65000
bmp targets netdata
bmp connect 10.0.0.10 port 10179 min-retry 5000 max-retry 60000
bmp stats interval 60000
bmp monitor ipv4 unicast pre-policy
bmp monitor ipv6 unicast pre-policy
exit
Nokia SR OS (MD-CLI) router config
Active connection from one or more BGP routing instances to a named station.
Config
/configure bmp admin-state enable
/configure bmp station "netdata" admin-state enable
/configure bmp station "netdata" connection local-address 10.0.0.1
/configure bmp station "netdata" connection station-address ip-address 10.0.0.10
/configure bmp station "netdata" connection station-address port 10179
/configure bmp station "netdata" family ipv4 true
/configure bmp station "netdata" family ipv6 true
/configure router "Base" bgp monitor admin-state enable
/configure router "Base" bgp monitor route-monitoring post-policy true
/configure router "Base" bgp monitor station "netdata" { }
Drop AS path and communities
Useful if you only care about the AS number for traffic attribution and want to keep the journal small.
Config
enrichment:
routing_dynamic:
bmp:
enabled: true
collect_asns: true
collect_as_paths: false
collect_communities: false
Restrict to specific Route Distinguishers
For L3VPN peers, only accept routes whose RD matches the whitelist. Other peer types are unaffected.
Config
enrichment:
routing_dynamic:
bmp:
enabled: true
rds:
- "65000:100"
- "65000:200"
Listener not receiving BMP sessions
The plugin is a passive listener -- it never dials. Check the router side:
show bmp (Cisco), show bmp connections / show bgp monitoring station
(Juniper, Arista), show bmp targets (FRR). Confirm the firewall allows
inbound TCP on port 10179. For FRR specifically, verify bgpd was started
with -M bmp -- without it, every BMP command is silently accepted but
no connection is ever opened.
Convergence takes minutes after restart
The trie is not persisted. After a plugin restart, routers re-send
Initiation followed by their Adj-RIB-In as RouteMonitoring updates. FRR
re-emits everything in seconds. Cisco IOS-XR's initial-refresh is
configurably spread (defaults to a per-peer delay) so a full re-feed can
take minutes. Juniper varies between seconds and minutes depending on
station options. Schedule restarts off-peak when BGP attribution matters.
Memory growth without bound
A full BGP feed adds ~1.2M prefixes per peer permanently -- there is no
time-based eviction in the trie. Routes are removed only by explicit BGP
withdrawal, PeerDown, or session disconnect followed by the keep
interval. Plan capacity before connecting full-table peers.
AS path inconsistent with the exporter's view
The exporter and the BMP-feeding router are usually different boxes with
different routing tables. Different vantage points see different AS paths;
this is normal. The routing provider in the asn_providers chain decides
which source wins (default order is flow, routing, geoip -- exporter first).
Empty BGP enrichment after enabling
Confirm the router actually established the BMP session (vendor-side show
command above). Confirm enrichment.asn_providers includes routing (or
the bmp alias) -- if routing is removed from both asn_providers and
net_providers, the trie is built but never read.
Validate BGP enrichment after enabling
BGP-derived enrichment depends on router export policy, peer state, and route visibility. Validate against your specific router firmware before depending on this for capacity or security decisions.
Do you have any feedback for this page? If so, you can open a new issue on our netdata/learn repository.