| Internet-Draft | BMP Stats Ext | July 2026 |
| Wang, et al. | Expires 6 January 2027 | [Page] |
The BGP Monitoring Protocol (BMP) defines mechanisms to monitor BGP running status and routing information bases (RIBs). [RFC9972] extended BMP statistics reporting by introducing advanced BGP RIB stat types. However, with the rapid deployment of path-level cryptographic security protocols (such as ASPA) and the complex interactions between control plane and hardware forwarding resources, network operators require granular, behavior-driven observability into why routes are discarded, invalidated, or restricted at both the ingress and egress boundaries. This document updates the registry established by [RFC7854] and extended by [RFC9972] by defining some fine-grained BGP RIB monitoring statistics types covering hardware resource exhaustion, next-hop resolution anomalies, structured route leaks ([RFC7908]), and ingress/egress ASPA verification states. Furthermore, it introduces a 4-bit control flag space within the Stat Type TLV to enable dynamic differential rate monitoring and proactive asynchronous trigger-driven telemetry.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 6 January 2027.¶
Copyright (c) 2026 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
.¶
The BGP Monitoring Protocol (BMP) [RFC7854] provides an operational interface to monitor BGP peer sessions and receive fine-grained updates. [RFC9972] enhanced BMP's diagnostic capabilities by defining advanced BGP RIB statistics, allowing routers to report global numbers of routes within multiple execution phases.¶
As global infrastructure transitions toward automated operations and cryptographic path validation—including Autonomous System Provider Authorization (ASPA)—coarse-grained statistics are no longer sufficient. When routing updates are dropped or become inactive, collectors must immediately differentiate between software policy rejects, underlying hardware forwarding path resource exhaustion (such as FIB or SID space limits), next-hop tunnel resolution failures, or specific types of route leaks.¶
The initial version of this work [draft-wang-grow-bmp-bgp-rib-stats- ext-00] specified 21 detailed fine-grained statistics types. This document maintains all 21 original statistics definitions to protect operational telemetry granularity, while updating the Stat Type TLV structure to incorporate behavioral flags. These flags enable native support for trigger-based telemetry and differential rate statistics.¶
To support real-time rate monitoring and event-driven asynchronous telemetry, the Value region of the Statistics Report (SR) Message Stat Type TLV defined in Section 4.11 of [RFC7854] is enhanced and structured as follows:¶
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Stat Type | Stat Len |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Flags | Reserved | AFI |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| SAFI | |
+-+-+-+-+-+-+-+-+ +
| Gauge Value (64-bit, Upper 32) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Gauge Value (64-bit, Lower 32) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
¶
Stat Type: 2 bytes. Identifies the specific fine-grained counter.¶
Stat Len: 2 bytes. Indicates the length of the value field.¶
Flags: 4 bits. Defined as follows:¶
Bit 0 (T-bit - Triggered Bit): If set to 1, indicates that the report is actively triggered by an anomalous boundary breach or threshold cross-over event rather than a regular periodic timer.¶
Bit 1 (D-bit - Differential Bit): If set to 1, indicates that the Gauge Value represents the first-order differential value (Delta rate of change, routes per second) over a sliding sampling window. If set to 0, it contains the standard absolute counter.¶
Bit 2-3: Reserved for future use. MUST be set to 0.¶
Reserved: 12 bits. MUST be set to 0. o AFI: 2 bytes. Address Family Identifier.¶
SAFI: 1 byte. Subsequent Address Family Identifier.¶
Gauge Value: 64 bits. Unsigned value representing the absolute count or differential velocity of the targeted routing state.¶
The following fine-grained statistics types are defined for the ingress routing stage (Adj-RIB-In):¶
Type = TBD1: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In rejected due to exceeding the received route threshold.¶
Type = TBD2: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In rejected due to insufficient memory.¶
Type = TBD3: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In that cannot be downloaded to the FIB module due to insufficient forwarding resources.¶
Type = TBD4: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In that cannot be downloaded to the FIB module due to insufficient label resources or SID resources.¶
Type = TBD5: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In rejected due to invalid next-hop.¶
Type = TBD6: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In rejected due to next-hop unreachable.¶
Type = TBD7: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In that are inactive due to the inability to resolve the next-hop tunnel.¶
Type = TBD8: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In rejected due to Type 1 Route Leak as defined in [RFC7908]: Hairpin Turn with Full Prefix.¶
Type = TBD9: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In rejected due to Type 2 Route Leak as defined in [RFC7908]: Lateral ISP-ISP-ISP Leak.¶
Type = TBD10: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In rejected due to Type 3 Route Leak as defined in [RFC7908]: Leak of Transit-Provider Prefixes to Peer.¶
Type = TBD11: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In rejected due to Type 4 Route Leak as defined in [RFC7908]: Leak of Peer Prefixes to Transit Provider.¶
Type = TBD12: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In rejected due to Type 5 Route Leak as defined in [RFC7908]: Prefix Re-origination with Data Path to Legitimate Origin.¶
Type = TBD13: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-In rejected due to Type 6 Route Leak as defined in [RFC7908]: Accidental Leak of Internal Prefixes and More-Specific Prefixes.¶
Type = TBD14: (64-bit Gauge) Current number of routes in per-AFI/SAFI post-policy Adj-RIB-In invalidated through the AS_PATH Verification [I-D.ietf-sidrops-aspa-verification]. This is total number of routes invalidated due to AS_PATH Verification.¶
Type = TBD15: (64-bit Gauge) Current number of routes in per-AFI/SAFI post-policy Adj-RIB-In validated through the AS_PATH Verification [I-D.ietf-sidrops-aspa-verification]. This is total number of routes validated due to AS_PATH Verification.¶
Type = TBD16: (64-bit Gauge) Current number of routes in per-AFI/SAFI post-policy Adj-RIB-In whose AS_PATH Verification state is Unknown due to the AS_PATH Verification [I-D.ietf-sidrops-aspa-verification].¶
The following fine-grained statistics types are defined for the egress routing stage (Adj-RIB-Out):¶
Type = TBD17: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-Out rejected due to exceeding the sent route threshold.¶
Type = TBD18: Number of routes currently in per-AFI/SAFI pre-policy Adj-RIB-Out that cannot be advertised to its peer due to insufficient label resources or SID resources.¶
Type = TBD19: (64-bit Gauge) Current number of routes in per-AFI/SAFI post-policy Adj-RIB-Out invalidated through the AS_PATH Verification [I-D.ietf-sidrops-aspa-verification] [I-D.zhang-sidrops-aspa-egress]. This is total number of routes invalidated due to AS_PATH Verification.¶
Type = TBD20: (64-bit Gauge) Current number of routes in per-AFI/SAFI post-policy Adj-RIB-Out validated through the AS_PATH Verification [I-D.ietf-sidrops-aspa-verification] [I-D.zhang-sidrops-aspa-egress]. This is total number of routes validated due to AS_PATH Verification.¶
Type = TBD21: (64-bit Gauge) Current number of routes in per-AFI/SAFI post-policy Adj-RIB-Out whose AS_PATH Verification state is Unknown due to the AS_PATH Verification [I-D.ietf-sidrops-aspa-verification] [I-D.zhang-sidrops-aspa-egress].¶
The granular counters defined in this specification map directly into the low-level pipeline execution stages of the BGP policy engine and the forwarding infrastructure (FIB/Label managers). These metrics MUST be implemented as atomic O(1) mathematical increments to guarantee zero line-rate performance penalty under high-scale BGP churn.¶
By deploying the newly structured T-bit and D-bit control flags, the operational cost of centralized network monitoring centers can be dramatically minimized. In nominal configurations, periodic BMP SR messages consume a flat, low volume of network bandwidth.¶
However, if a sudden resource exhaustion event occurs (e.g., FIB table space exhaustion matched by Type TBD3) or a high-velocity Route Leak anomaly happens (e.g., Type TBD10 spikes due to a transit leak), the monitored router can bypass the standard timer queue. It sets the T-bit to 1 and the D-bit to 1 to immediately inject an asynchronous, differential rate-of-change telemetry burst into the BMP channel. This allows telemetry collectors and automated controllers to respond within milliseconds to mitigate wide-scale network anomalies.¶
This document requests that IANA assign the following new parameters to the BMP parameters name space (https://www.iana.org/assignments/ bmp-parameters/bmp-parameters.xhtml).¶
+----------+-------------------------------------------+----------+ | Stat Type| Description | Reference| +----------+-------------------------------------------+----------+ | TBD1 | Adj-RIB-In Rx Limit Exceeded Prefixes | This doc | | TBD2 | Adj-RIB-In Insufficient Memory Prefixes | This doc | | TBD3 | Adj-RIB-In Ingress FIB Resource Exhausted | This doc | | TBD4 | Adj-RIB-In Ingress Label/SID Exhausted | This doc | | TBD5 | Adj-RIB-In Invalid Next-Hop Prefixes | This doc | | TBD6 | Adj-RIB-In Next-Hop Unreachable Prefixes | This doc | | TBD7 | Adj-RIB-In Next-Hop Tunnel Unresolved | This doc | | TBD8 | Adj-RIB-In RFC7908 Type 1 Route Leak Drop | This doc | | TBD9 | Adj-RIB-In RFC7908 Type 2 Route Leak Drop | This doc | | TBD10 | Adj-RIB-In RFC7908 Type 3 Route Leak Drop | This doc | | TBD11 | Adj-RIB-In RFC7908 Type 4 Route Leak Drop | This doc | | TBD12 | Adj-RIB-In RFC7908 Type 5 Route Leak Drop | This doc | | TBD13 | Adj-RIB-In RFC7908 Type 6 Route Leak Drop | This doc | | TBD14 | Adj-RIB-In Inbound ASPA Invalid Prefixes | This doc | | TBD15 | Adj-RIB-In Inbound ASPA Valid Prefixes | This doc | | TBD16 | Adj-RIB-In Inbound ASPA Unknown Prefixes | This doc | | TBD17 | Adj-RIB-Out Tx Limit Exceeded Prefixes | This doc | | TBD18 | Adj-RIB-Out Egress Label/SID Exhausted | This doc | | TBD19 | Adj-RIB-Out Outbound ASPA Invalid Prefixes| This doc | | TBD20 | Adj-RIB-Out Outbound ASPA Valid Prefixes | This doc | | TBD21 | Adj-RIB-Out Outbound ASPA Unknown Prefixes| This doc | +----------+-------------------------------------------+----------+¶
The enhancements detailed in this document do not modify the fundamental transport security architecture of the BGP Monitoring Protocol. However, exporting highly granular telemetry regarding hardware forwarding table space (FIB/Labels), specific Route Leak classifications, and detailed ASPA states provides clear insight into a network boundary's operational limits and security policy profile.¶
If malicious actors capture this stream, they could exploit known resource limitations or policy gaps to launch targeted Denial of Service (DoS) attacks or targeted routing exploits. Therefore, sessions handling these advanced telemetry extensions MUST leverage robust crypto encapsulation and authorization mechanisms, such as TLS or IPsec, as mandated in [RFC7854].¶
The following people made significant contributions to this document:¶
To be added.¶
The authors would like to acknowledge the review and inputs from xxx.¶