BGP

 Most network engineers don’t realize BGP has a secret monitoring protocol...

This protocol streams your routes to a central server, giving you full visibility into the BGP control plane across your network.

It's called BGP Monitoring Protocol (BMP).

(I wrote a full blog post on BMP for the sponsor of today's post, FastNetMon - check the link in the comments. FastNetMon is a comprehensive software solution that makes DDoS detection and mitigation easy!)

How it works:

You add a single line to your BGP configuration specifying the BMP server's address and port, and then activate the BMP server per neighbor.

The router establishes a TCP connection to the server and immediately starts sending data.

The BMP server only listens to the router, it does not send any messages back.

Types of BMP messages:
✅ Initiation – When the session is established, the router reports vendor, software version, etc.
✅ Termination – Sent when the session closes, including the reason for closure.
✅ Route Monitoring (RM) – Initial dump of all routes received from a peer, plus ongoing updates of advertised and withdrawn routes.
✅ Peer Up Notification – Sent when a peer or the BMP session itself comes up; includes TCP session info and details found in the BGP OPEN messages.
✅ Peer Down Notification – Sent when a BGP peering session goes down, including the reason for the disconnect.
✅ Stats Reports (SR) – Sends statistics such as prefixes sent and received.
✅ Route Mirroring – Sends verbatim duplicates of messages as received; can mirror a BGP session exactly.

💡 Pro Tip: Route Monitoring messages can include pre-policy (Adj-RIB-In) and/or post-policy (Loc-RIB) routes. This lets you see exactly how your policy filters are affecting routing.

For the full BMP specification, see RFC 7854.

Example config:

router bgp 65000

 bmp server 1 address [server ip] port 5000

 neighbor [neighbor ip] remote-as 65001
 neighbor [neighbor ip] bmp-activate server 1