Enrich network flows with BGP next-hop, AS path, communities, and routing
context received directly from routers. BMP (BGP Monitoring Protocol, RFC 7854)
lets a router push its BGP route updates to a passive collector. With this
integration enabled, Netdata is that collector – it listens for BMP TCP
connections from your routers, parses BGP UPDATE messages carried inside
RouteMonitoring frames, and builds an in-memory routing trie that flow enrichment
then reads from.
Every flow whose source or destination IP matches a learned prefix gains:
SRC_AS / DST_AS (when the routing provider in asn_providers reaches BGP
data), SRC_MASK / DST_MASK (when routing reaches BGP data in net_providers),
plus – for the destination side only – NEXT_HOP, DST_AS_PATH,
DST_COMMUNITIES, and DST_LARGE_COMMUNITIES (RFC 8092). Source-side AS path and
communities are not surfaced; BGP path attributes are most meaningful for the
destination of the traffic. AS names (*_AS_NAME) come from the GeoIP/ASN MMDB,
not from BMP – BMP gives you accurate AS numbers and path/communities.
AS path, communities, and large communities are written to the raw flow journal
only – the rollup tiers do not carry them. NEXT_HOP is carried in both raw and
rollup.
For the cross-cutting Enrichment concept (provider chains, shared trie with
BioRIS, withdrawal handling, restart convergence), see
Enrichment.
The plugin runs a TCP listener on 0.0.0.0:10179. This port is the Akvorado
convention – RFC 7854 does not register a port, and IANA does not assign one
for BMP. Each connecting router must first send an Initiation message; the plugin
then processes RouteMonitoring (carrying BGP UPDATE), PeerDownNotification, and
Termination frames. PeerUp, StatisticsReport, and RouteMirroring frames are
accepted but not acted on. Only BMP version 3 is processed; v1 and v2 frames
are silently dropped.
BMP and BioRIS share a single in-memory routing trie. A full IPv4+IPv6 BGP table
is roughly 1.2M prefixes per peer; each entry stores Vec<u32> AS-path,
Vec<u32> communities, Vec<(u32,u32,u32)> large communities, plus a route_key
string per path. Expect several hundred MB of resident memory per peer with a full
feed. The trie has no time-based eviction – routes leave only via explicit BGP
withdrawal (MP_UNREACH or withdraw_routes), PeerDown, or session disconnect
followed by the keep interval expiring (default 5 minutes).
This integration is only supported on the following platforms:
Linux
This integration runs as a single instance per Netdata Agent.
Default Behavior
Auto-Detection
Disabled by default. Set enrichment.routing_dynamic.bmp.enabled to true and configure your routers to dial in.
Limits
Memory and CPU scale with the number of BMP sessions, routing tables, prefixes, AS paths, and communities. Full-table router feeds can consume hundreds of MB per peer.
Performance Impact
Disabled until BMP is configured. Once active, BMP updates maintain an in-memory routing trie used for enrichment, so resource use scales with routing-table size and update rate.
Setup
Prerequisites
BMP-capable routers
Common vendor configuration patterns:
Cisco IOS-XR – bmp server N global block plus bmp-activate server N
under router bgp ... neighbor.
Cisco IOS-XE 3.12 / 15.4 or later – bmp server N nested inside
router bgp with activate.
Juniper JunOS (BMP support since 13.3, RFC 8671 Adj-RIB-In since 18.3R1)
– routing-options bmp ... with one or more named stations.
Arista EOS – router bgp ... bgp monitoring with one or more
monitoring station blocks (active connection).
Nokia SR OS (MD-CLI) – /configure bmp plus per-router bgp monitor.
FRR (bgpd) – bmp targets block under router bgp. Note the loadable
module: bgpd must be started with -M bmp or every BMP command silently
fails.
The plugin parses RFC 7854 BMP version 3 only. Older draft versions (v1,
v2) are silently dropped.
TCP reachability between routers and the agent
Routers initiate the connection – the plugin is a passive listener. Allow
inbound TCP on the configured port (default 10179) from each BMP-speaking
router to the agent. The plugin does not retry; it waits for the router to
reconnect.
No TLS, no authentication
The listener accepts plain TCP only. Restrict access at the firewall and use
a dedicated management network – never expose 10179 to the public internet.
BMP carries your full routing table; treat it as sensitive.
Configuration
Options
All BMP options live under enrichment.routing_dynamic.bmp in netflow.yaml.
Option
Description
Default
Required
enabled
Master switch. Set to true to start the listener.
false
no
listen
TCP bind address (host:port).
0.0.0.0:10179
no
keep
Grace window after a BMP disconnect before purging that session’s routes from the trie.
5m
no
max_consecutive_decode_errors
Close the session after N consecutive decode errors.
8
no
receive_buffer
Optional SO_RCVBUF per connection in bytes (0 = OS default).
0
no
collect_asns
When false, AS numbers from BMP are forced to 0 before storage.
true
no
collect_as_paths
When false, AS paths are dropped before storage.
true
no
collect_communities
When false, communities and large communities are dropped before storage.
true
no
rds
Whitelist of accepted Route Distinguishers for L3VPN peers. Empty list accepts everything. Formats: numeric 0, "ASN:idx", "IPv4:idx", or full text RD.
[]
no
via File
The configuration file name for this integration is netflow.yaml.
Vendor-side config to send BMP to Netdata. The bmp server block is
global, not under router bgp. Each neighbor that should be exported
needs bmp-activate server N. IOS-XR’s default route monitoring is
pre-policy (Adj-RIB-In before inbound policy). Set
route-monitoring policy post inbound if you prefer post-policy.
bmp server 1host 10.0.0.10 port 10179description "Netdata BMP collector"update-source Loopback0initial-delay 5stats-reporting-period 60initial-refresh delay 30 spread 2!
router bgp 65000neighbor 192.0.2.1bmp-activate server 1
Cisco IOS-XE router config
IOS-XE 3.12 / 15.4 or later. The bmp server N block lives inside
router bgp, unlike IOS-XR.
router bgp 65000bmp server 1address 10.0.0.10 port-number 10179description "Netdata BMP collector"initial-delay 10stats-reporting-period 60update-source GigabitEthernet1activateexit-bmp-server-mode !
neighbor 192.0.2.1 bmp-activate all
Juniper JunOS router config
Named station form. JunOS supports both pre-policy (RFC 7854) and
post-policy / Adj-RIB-In (RFC 8671, JunOS 18.3R1+).
set routing-options bmp station netdata station-address 10.0.0.10set routing-options bmp station netdata station-port 10179set routing-options bmp station netdata connection-mode activeset routing-options bmp station netdata local-address 10.0.0.1set routing-options bmp station netdata statistics-timeout 60set routing-options bmp station netdata route-monitoring pre-policyset routing-options bmp station netdata monitor enable
Arista EOS router config
EOS uses bgp monitoring plus one or more monitoring station blocks
inside router bgp. Active connection mode is the equivalent of all
other vendors (router dials Netdata).
router bgp 65000bgp monitoringmonitoring station netdataupdate-source Management1connection address 10.0.0.10connection mode active port 10179export-policy received routes post-policyexport-policy bgp rib bestpaths
FRR (bgpd) router config
Critical – BMP is a runtime module in FRR. Without -M bmp in
/etc/frr/daemons (bgpd_options), every BMP command silently fails.
Enriches flow records with SRC_AS / DST_AS (when the routing provider in
asn_providers reaches BGP), SRC_MASK / DST_MASK (via net_providers),
NEXT_HOP, DST_AS_PATH, DST_COMMUNITIES, DST_LARGE_COMMUNITIES. Source-side
AS path and communities are not surfaced. AS names come from the GeoIP/ASN MMDB,
not from BMP. AS path, communities, and large communities are RAW-tier-only –
rollups carry only NEXT_HOP. Verify in the Network Flows view by querying the
AS-path and communities columns.
Alerts
There are no alerts configured by default for this integration.
Listener not receiving BMP sessions
The plugin is a passive listener – it never dials. Check the router side:
show bmp (Cisco), show bmp connections / show bgp monitoring station
(Juniper, Arista), show bmp targets (FRR). Confirm the firewall allows
inbound TCP on port 10179. For FRR specifically, verify bgpd was started
with -M bmp – without it, every BMP command is silently accepted but
no connection is ever opened.
Convergence takes minutes after restart
The trie is not persisted. After a plugin restart, routers re-send
Initiation followed by their Adj-RIB-In as RouteMonitoring updates. FRR
re-emits everything in seconds. Cisco IOS-XR’s initial-refresh is
configurably spread (defaults to a per-peer delay) so a full re-feed can
take minutes. Juniper varies between seconds and minutes depending on
station options. Schedule restarts off-peak when BGP attribution matters.
Memory growth without bound
A full BGP feed adds ~1.2M prefixes per peer permanently – there is no
time-based eviction in the trie. Routes are removed only by explicit BGP
withdrawal, PeerDown, or session disconnect followed by the keep
interval. Plan capacity before connecting full-table peers.
AS path inconsistent with the exporter’s view
The exporter and the BMP-feeding router are usually different boxes with
different routing tables. Different vantage points see different AS paths;
this is normal. The routing provider in the asn_providers chain decides
which source wins (default order is flow, routing, geoip – exporter first).
Empty BGP enrichment after enabling
Confirm the router actually established the BMP session (vendor-side show
command above). Confirm enrichment.asn_providers includes routing (or
the bmp alias) – if routing is removed from both asn_providers and
net_providers, the trie is built but never read.
Validate BGP enrichment after enabling
BGP-derived enrichment depends on router export policy, peer state, and
route visibility. Validate against your specific router firmware before
depending on this for capacity or security decisions.
The observability platform companies need to succeed
