Modified based on Acrolynx

sushantjrao · sushantjrao · commit 8718c61e8e51 · 2025-04-01T22:42:49.000+05:30
diff --git a/articles/operator-nexus/concepts-bmp-log-streaming.md b/articles/operator-nexus/concepts-bmp-log-streaming.md
@@ -9,7 +9,7 @@ ms.date: 04/01/2025
 ms.custom: template-concept
 ---
 
-## Introduction to BMP
+# Introduction to BMP
 
 The **BGP Monitoring Protocol (BMP)** is a protocol designed to monitor BGP sessions. It provides a standardized method for collecting information about BGP sessions, which can be used for analysis, troubleshooting, and ensuring the stability and security of the network.
 
@@ -86,4 +86,4 @@ Nexus NF shall not support excluding the monitoring of peer-address of neighbor
 Nexus shall support a maximum of four Network Monitors (BMP Stations).
 
 ## Next steps
-[How to enable \ disable BMP log streaming](./howto-enable-disable-log-streaming.md)
+[How to enable \ disable BMP log streaming](./howto-enable-log-streaming.md)
diff --git a/articles/operator-nexus/howto-configure-bgp-prefix-limit-on-CE-devices.md b/articles/operator-nexus/howto-configure-bgp-prefix-limit-on-CE-devices.md
@@ -17,19 +17,20 @@ BGP (Border Gateway Protocol) prefix limiting is an essential overload protectio
 
 BGP prefix limits can be configured using two primary parameters:
 
-- **max-routes (hard limits)**: This parameter sets the maximum number of prefixes a BGP router will accept from a neighbor. If the limit is exceeded, the BGP session with that neighbor is terminated to prevent overloading the router.
+- **max-routes (hard limits)**: This parameter sets the maximum number of prefixes a BGP router accepts from a neighbor. If the limit is exceeded, the BGP session with that neighbor is terminated to prevent overloading the router.
   
-- **warn-threshold (soft limits)**: The warn-threshold parameter sets a warning threshold below the max-routes limit. When the number of prefixes received from a neighbor exceeds this threshold, a warning is generated, but the BGP session is not terminated. This allows network administrators to take corrective action before the hard limit is reached.
+- **warn-threshold (soft limits)**: The warn-threshold parameter sets a warning threshold below the max-routes limit. When the number of prefixes received from a neighbor exceeds this threshold, a warning is generated, but the BGP session isn't terminated. This policy allows network administrators to take corrective action before the hard limit is reached.
 
 ### Hard limits (max-routes)
 
-The `max-routes` parameter specifies the maximum number of prefixes that a BGP router can accept from a neighbor. If the number exceeds this limit, the BGP session with that neighbor is terminated. This is a "hard" limit to protect the router from excessive load and to maintain network stability.
+The `max-routes` parameter specifies the maximum number of prefixes that a BGP router can accept from a neighbor. If the number exceeds this limit, the BGP session with that neighbor is terminated. This threshold is a "hard" limit to protect the router from excessive load and to maintain network stability.
 
 ### Soft limits (warn-threshold)
 
-The `warn-threshold` parameter is a "soft" limit. When the number of prefixes exceeds this threshold, a warning is triggered, but the BGP session remains active. This serves as a precautionary measure, allowing administrators to intervene before reaching the hard limit.
+The `warn-threshold` parameter is a "soft" limit. When the number of prefixes exceeds this threshold, a warning is triggered, but the BGP session remains active. This safeguard serves as a precautionary measure, allowing administrators to intervene before reaching the hard limit.
+
+To configure **BGP Prefix Limit** on **Customer Edge (CE)** devices for **Azure Operator Nexus**, follow the steps below. This configuration includes setting the prefix limits for BGP sessions to manage network stability and prevent the Nexus fabric from being overwhelmed when a tenant advertises excessive BGP routes.
 
-To configure **BGP Prefix Limit** on **Customer Edge (CE)** devices for **Azure Operator Nexus**, follow the steps below. This includes configuring the prefix limits for BGP sessions to manage network stability and prevent the Nexus fabric from being overwhelmed when a tenant advertises excessive BGP routes.
 
 ### Prerequisites
 
@@ -45,9 +46,9 @@ To configure **BGP Prefix Limit** on **Customer Edge (CE)** devices for **Azure
 
 You need to configure the BGP prefix limits using the parameters `maximumRoutes` and `threshold`.
 
-- **`maximumRoutes`**: This defines the maximum number of BGP prefixes the router will accept from a BGP peer.
+- **`maximumRoutes`**: This parameter defines the maximum number of BGP prefixes the router accepts from a BGP peer.
 
-- **`threshold`**: This defines the warning threshold as a percentage of the `maximumRoutes`. When the number of prefixes exceeds this threshold, a warning is generated.
+- **`threshold`**: This parameter defines the warning threshold as a percentage of the `maximumRoutes`. When the number of prefixes exceeds this threshold, a warning is generated.
 
 #### Step 2: Configure on the CE device
 
@@ -67,15 +68,15 @@ This configuration will automatically restart the session after a defined idle t
 
 - **Explanation**:
 
-  - **maximumRoutes**: 5000 routes is the limit for the BGP session.
+  - **maximumRoutes**: 5,000 routes are the limit for the BGP session.
 
-  - **threshold**: A warning is triggered when the prefix count reaches 80% (4000 routes).
+  - **threshold**: A warning is triggered when the prefix count reaches 80% (4,000 routes).
 
   - **idleTimeExpiry**: If the session is shut down, it will restart automatically after 100 seconds of idle time.
 
 ##### Example 2: BGP prefix limit without automatic restart
 
-This configuration will shut down the session when the maximum prefix limit is reached, but manual intervention is required to restart the session.
+This configuration shuts down the session when the maximum prefix limit is reached, but manual intervention is required to restart the session.
 
 ```json
 {
@@ -88,15 +89,15 @@ This configuration will shut down the session when the maximum prefix limit is r
 
 - **Explanation**:
 
-  - **maximumRoutes**: 5000 routes is the limit for the BGP session.
+  - **maximumRoutes**: 5,000 routes are the limit for the BGP session.
 
-  - **threshold**: A warning is triggered when the prefix count reaches 80% (4000 routes).
+  - **threshold**: A warning is triggered when the prefix count reaches 80% (4,000 routes).
 
   - No automatic restart; manual intervention is required to restart the session.
 
 ##### Example 3: Hard-Limit drop BGP sessions
 
-This configuration will drop additional routes if the prefix limit is exceeded without maintaining a cache of the dropped routes.
+This configuration drops extra routes if the prefix limit is exceeded without maintaining a cache of the dropped routes.
 
 ```json
 {
@@ -108,13 +109,13 @@ This configuration will drop additional routes if the prefix limit is exceeded w
 
 - **Explanation**:
 
-  - **maximumRoutes**: 5000 routes is the limit for the BGP session.
+  - **maximumRoutes**: 5,000 routes are the limit for the BGP session.
 
-  - Once the limit is reached, the CE device will drop any additional prefixes received from the BGP peer.
+  - Once the limit is reached, the CE device drops any extra prefixes received from the BGP peer.
 
 ##### Example 4: Hard-Limit warning only
 
-This configuration will generate a warning once the prefix count reaches a certain percentage of the maximum limit but will not shut down the session.
+This configuration generates a warning once the prefix count reaches a certain percentage of the maximum limit but does not shut down the session.
 
 ```json
 {
@@ -128,11 +129,11 @@ This configuration will generate a warning once the prefix count reaches a certa
 
 - **Explanation**:
 
-  - **maximumRoutes**: 8000 routes is the limit for the BGP session.
+  - **maximumRoutes**: 8,000 routes are the limit for the BGP session.
 
-  - **threshold**: A warning is generated when the prefix count reaches 75% (6000 routes).
+  - **threshold**: A warning is generated when the prefix count reaches 75% (6,000 routes).
 
-  - The session is not shut down. This configuration is used to only generate a warning without taking any session-terminating action.
+  - The session isn't shut down. This configuration is used to only generate a warning without taking any session-terminating action.
 
 #### Step 3: Apply Configuration Using Azure CLI
 
@@ -190,6 +191,6 @@ For external network configuration, only the **hard-limit warning-only** option
 
 ### NNI Option A:
 
-For NNI Option A, only a single peer group is allowed. IPv4 over IPv6 and vice versa are not supported. Warning-only mode is available for handling prefix limits.
+For NNI Option A, only a single peer group is allowed. IPv4 over IPv6 and vice versa aren't supported. Warning-only mode is available for handling prefix limits.
 
 By following this guide, you can configure BGP prefix limits effectively to protect your network from overload and ensure that BGP sessions are properly managed for both internal and external networks.
diff --git a/articles/operator-nexus/howto-enable-log-streaming.md b/articles/operator-nexus/howto-enable-log-streaming.md
@@ -1,30 +1,34 @@
 ---
-title: Enable/Disable BMP log streaming Azure Operator Nexus
+title: Enable \ Disable BMP log streaming Azure Operator Nexus
 description: instructions on enabling \ disabling BMP log streaming various Network Fabric resource.
 ms.service: azure-operator-nexus
 ms.custom: template-how-to, devx-track-azurecli
 ms.topic: how-to
 ms.date: 11/14/2024
-author: susantjrao
+author: sushantjrao
 ms.author: sushrao
 ---
 
 # BMP log streaming
+
 This guide provides you with instructions on enabling \ disabling BMP log streaming various Network Fabric resources. 
 
-## Enabling BMP Log Streaming for the New Deployment
+## Enabling BMP log streaming for the new deployment
 
 - **Create Network Fabric resource:** Begin by creating Network Fabric (NF) resource. This will serve as the foundation for your deployment.
 
 - **Create Network Monitor resource:** Next, create a Network Monitor resource and associate the Scope ID with the NF Resource ID. This step ensures that the monitoring is correctly linked to the network fabric.
 
-- **Create NNI with BMP Configuration:** Create a Network-to-Network Interface (NNI) by associating it with the NF Resource ID. *(Please refer to the below detailed ARM API payload guide for more information)*
+- **Create NNI with BMP configuration:** Create a Network-to-Network Interface (NNI) by associating it with the NF Resource ID. 
+
+> [!Note]
+> Refer to the below detailed ARM API payload guide for more information
 
 - **Provision Network Fabric:** Provision the Network Fabric to apply the configurations and make the network operational.
 
-- **Generate BMP Stations Configuration** The Nexus NF will generate the BMP stations configuration on the Customer Edge (CE) devices only.
+- **Generate BMP stations configuration** The Nexus NF will generate the BMP stations configuration on the Customer Edge (CE) devices only.
 
-## Enabling BMP Log Streaming for the Existing Deployment
+## Enabling BMP log streaming for the existing deployment
 
 This case involves enabling BMP log streaming on NF, which has already been deployed using the supported NF Version. Since this is based on an ARM API user-driven input, the supported NF Version will also support BMP Log Streaming through the NF Patch Update workflow.
 
@@ -33,7 +37,10 @@ This case involves enabling BMP log streaming on NF, which has already been depl
 - **Create Network Monitor resource:**
 Create a Network Monitor resource and link the Scope ID to the NF Resource ID to ensure proper monitoring.
 
-- **Perform Patch on NNI:** Update the Network-to-Network Interface (NNI) by applying a patch. Select `bmpConfiguration` under `OptionBLayerConfiguration` and set `configurationState` to "Enabled" for BMP logging of the NNI peer-group neighbor address. *(Please refer to the below detailed ARM API payload guide for more information)*
+- **Perform Patch on NNI:** Update the Network-to-Network Interface (NNI) by applying a patch. Select `bmpConfiguration` under `OptionBLayerConfiguration` and set `configurationState` to "Enabled" for BMP logging of the NNI peer-group neighbor address.
+
+> [!Note]
+> Refer to the below detailed ARM API payload guide for more information
 
 - **Perform `Fabric Commit` operation:** Execute the "Fabric Commit" operation to apply configurations and activate the network.
 
@@ -46,7 +53,28 @@ This section provides a detailed guide on how to perform CRUD (Create, Read, Upd
 The following property is defined under ARM API version `2024-06-15-preview` 
 
 ```Azure CLI
-az networkfabric networkmonitor create --resource-group "example-rg" --fabric "example-fabric" --resource-name "example-network-monitor" --bmp-configuration "{ stationConfigurationState: `Enabled`, stationName:`<example-station>`,stationIp:'<example-ip>', stationPort:<example-port>, stationConnectionMode:`Active`, stationConnectionProperties:{ keepaliveIdleTime:180, probeInterval:60, probeCount:3 }}" –monitored-networks “[`<example-arm-reference-id-1>`, `<example-arm-reference-id-2>`, `<example-arm-reference-id-3>`]” 
+az networkfabric networkmonitor create \
+  --resource-group "example-rg" \
+  --fabric "example-fabric" \
+  --resource-name "example-network-monitor" \
+  --bmp-configuration "{\
+    stationConfigurationState: 'Enabled',\
+    stationName: '<example-station>',\
+    stationIp: '<example-ip>',\
+    stationPort: <example-port>,\
+    stationConnectionMode: 'Active',\
+    stationConnectionProperties: {\
+      keepaliveIdleTime: 180,\
+      probeInterval: 60,\
+      probeCount: 3\
+    }\
+  }" \
+  --monitored-networks "[\
+    '<example-arm-reference-id-1>',\
+    '<example-arm-reference-id-2>',\
+    '<example-arm-reference-id-3>'\
+  ]"
+
 ```
 
 > [!Note]
@@ -69,26 +97,37 @@ router bgp 65050
       connection mode active port <example-port>  >>> Example for BMP Monitoring station with connection mode active 
 ```
 
-## How to Enable/Disable BMP Log Streaming under NNI
+## How to Enable/Disable BMP log streaming under NNI
+
+### Enabling BMP log streaming for NNI
 
-### Enabling BMP Log Streaming for NNI
 To enable BMP Log streaming under NNI, run the following Azure CLI command. This example enables BMP Log streaming for **infra-vpn** (vrf **INFRA-MGMT**), **workload-vpn** (vrf **WORKLOAD-MGMT**) with **OptionB**, and **L3ISD External Network OptionB**.
 
-```bash
+```Azure CLI
 az networkfabric nni create --resource-group "example-rg" --fabric "example-fabric" --resource-name "example-nniwithACL" --nni-type "CE" --is-management-type "True" --use-option-b "True" --layer2-configuration "{interfaces:['/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/networkDevices/example-networkDevice/networkInterfaces/example-interface'],mtu:1500}" --option-b-layer3-configuration "{peerASN:28,vlanId:501,primaryIpv4Prefix:'10.18.0.xxx/30',secondaryIpv4Prefix:'10.18.0.xxx/30',primaryIpv6Prefix:'10:2:0:xxx::400/127',secondaryIpv6Prefix:'10:2:0:xxx::402/127', bmpConfiguration:`{configurationState:`Enabled`}`}" --ingress-acl-id "/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/accesscontrollists/example-Ipv4ingressACL" --egress-acl-id "/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/Microsoft.ManagedNetworkFabric/accesscontrollists/example-Ipv4egressACL"
 ```
 
-### Disabling BMP Log Streaming for NNI
+### Disabling BMP log streaming for NNI
+
 To disable BMP Log streaming for NNI, modify the `bmpConfiguration` parameter to `Disabled`. Example:
 
-```bash
-az networkfabric nni update --resource-group "example-rg" --fabric "example-fabric" --resource-name "example-nniwithACL" --option-b-layer3-configuration "{bmpConfiguration:`{configurationState:`Disabled`}`}"
+```Azure CLI
+az networkfabric nni update \
+  --resource-group "example-rg" \
+  --fabric "example-fabric" \
+  --resource-name "example-nniwithACL" \
+  --option-b-layer3-configuration "{\
+    bmpConfiguration: {\
+      configurationState: 'Disabled'\
+    }\
+  }"
 ```
 
-### Example CLI Output
+### Example CLI output
+
 When BMP Log streaming is enabled, the CLI output will look like this:
 
-```bash
+```Output
 Router bgp <fabric-asn-value>
    neighbor CE_PE_VPN monitoring
    neighbor CE_PE_VPN peer group
@@ -104,10 +143,37 @@ Router bgp <fabric-asn-value>
 ## How to Enable/Disable BMP Log Streaming for L3ISD External Network OptionA
 
 ### Enabling BMP Log Streaming for L3ISD External Network OptionA
+
 To enable BMP Log streaming for L3ISD External Network OptionA, run the following Azure CLI command. This example enables BMP Log streaming for the specified external network.
 
-```bash
-az networkfabric externalnetwork create --resource-group "example-rg" --l3domain "example-l3domain" --resource-name "example-externalNetwork" --peering-option "OptionA" --option-a-properties "{peerASN:65234,vlanId:501,mtu:1500,primaryIpv4Prefix:'172.23.1.xxx/31',secondaryIpv4Prefix:'172.23.1.xxx/31',bfdConfiguration:{multiplier:5,intervalInMilliSeconds:300},bmpConfiguration:`{configurationState:`Enabled`}`}" --import-route-policy "{importIpv4RoutePolicyId:'/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/microsoft.managednetworkfabric/routePolicies/example-routepolicy',importIpv6RoutePolicyId:'/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/microsoft.managednetworkfabric/routePolicies/example-routepolicy'}" --export-route-policy "{exportIpv4RoutePolicyId:'/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/microsoft.managednetworkfabric/routePolicies/example-routepolicy',exportIpv6RoutePolicyId:'/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/microsoft.managednetworkfabric/routePolicies/example-routepolicy'}"
+```Azure CLI
+az networkfabric externalnetwork create \
+  --resource-group "example-rg" \
+  --l3domain "example-l3domain" \
+  --resource-name "example-externalNetwork" \
+  --peering-option "OptionA" \
+  --option-a-properties "{\
+    peerASN: 65234,\
+    vlanId: 501,\
+    mtu: 1500,\
+    primaryIpv4Prefix: '172.23.1.xxx/31',\
+    secondaryIpv4Prefix: '172.23.1.xxx/31',\
+    bfdConfiguration: {\
+      multiplier: 5,\
+      intervalInMilliSeconds: 300\
+    },\
+    bmpConfiguration: {\
+      configurationState: 'Enabled'\
+    }\
+  }" \
+  --import-route-policy "{\
+    importIpv4RoutePolicyId: '/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/microsoft.managednetworkfabric/routePolicies/example-routepolicy',\
+    importIpv6RoutePolicyId: '/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/microsoft.managednetworkfabric/routePolicies/example-routepolicy'\
+  }" \
+  --export-route-policy "{\
+    exportIpv4RoutePolicyId: '/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/microsoft.managednetworkfabric/routePolicies/example-routepolicy',\
+    exportIpv6RoutePolicyId: '/subscriptions/xxxxx-xxxx-xxxx-xxxx-xxxxx/resourceGroups/example-rg/providers/microsoft.managednetworkfabric/routePolicies/example-routepolicy'\
+  }"
 ```
 
 ### Disabling BMP Log Streaming for L3ISD External Network OptionA
@@ -117,7 +183,8 @@ To disable BMP Log streaming for L3ISD External Network OptionA, modify the `bmp
 az networkfabric externalnetwork update --resource-group "example-rg" --l3domain "example-l3domain" --resource-name "example-externalNetwork" --option-a-properties "{bmpConfiguration:`{configurationState:`Disabled`}`}"
 ```
 
-### Example CLI Output
+### Example CLI output
+
 When BMP Log streaming is enabled, the CLI output will appear as follows:
 
 ```bash
