SNMP BGP 32 bit AS number fail
Open, NormalPublicBUG
Actions

Assigned To

None

Authored By

	aopdal
	Nov 23 2018, 12:31 PM

Description

Using "large" AS numbers in BGP configuration works. When using SNMP to monitor it doen not work.

Configuration:

set protocols bgp 4200000001 address-family ipv4-unicast network 10.230.231.0/24
set protocols bgp 4200000001 address-family ipv4-unicast network 10.230.232.0/24
set protocols bgp 4200000001 address-family ipv4-unicast network 10.230.233.0/24
set protocols bgp 4200000001 neighbor 10.230.230.1 address-family ipv4-unicast prefix-list export 'ipv4-out'
set protocols bgp 4200000001 neighbor 10.230.230.1 remote-as '65074'
set protocols bgp 4200000001 neighbor 10.230.230.5 address-family ipv4-unicast prefix-list export 'ipv4-out'
set protocols bgp 4200000001 neighbor 10.230.230.5 remote-as '65085'
set protocols bgp 4200000001 neighbor 10.230.231.2 address-family ipv4-unicast prefix-list export 'ipv4-out'
set protocols bgp 4200000001 neighbor 10.230.231.2 remote-as '4200000001'
set protocols bgp 4200000001 parameters graceful-restart stalepath-time '30'
set protocols bgp 4200000001 parameters router-id '10.230.230.253'

snmpwalk:

root@r1-bgp:~# snmpwalk -v3  -l authPriv -u XXXXXX -a SHA -A "XXXXX"  -x AES -X "XXXXX" localhost .1.3.6.1.2.1.15.2
SNMPv2-SMI::mib-2.15.2.0 = INTEGER: -94967295

Details

Difficulty level: Unknown (require assessment)
Version: VyOS 1.2.0-rc8
Why the issue appeared?: Will be filled on close
Is it a breaking change?: Unspecified (possibly destroys the router)
Issue type: Bug (incorrect behavior)

Event Timeline

aopdal created this task.Nov 23 2018, 12:31 PM

syncer assigned this task to c-po.Dec 1 2018, 6:06 PM

syncer triaged this task as High priority.

syncer added a project: VyOS 1.3 Equuleus.

pasik added a subscriber: pasik.Dec 20 2018, 12:25 PM

It is not a bug in VyOS self. If you look inside the description of this oid:

http://oidref.com/1.3.6.1.2.1.15.2

you see that it is defined as 16 bit int if you use SNMPv2-SMI the 32bit int is defined in BGP4-MIB see https://tools.ietf.org/html/rfc4273.
So VyOS must be delivered with BGP-4 mib this can be archived by:

https://wiki.debian.org/SNMP

We must include the right mibs and push them into the snmp config.

Seems duplicate with https://phabricator.vyos.net/T366
If we use the Cisco BGP MIBv2 we solve both issues.

Where to get those MIBs? should be simply to test before adding it to the iso

https://www.shrubbery.net/mibs/BGP4-MIB.txt
We can start with this like @rherold suggests since FRR supports BGP4 MIB.

@merjin @c-po please have a look to the debian wiki page especially to the mibs-downloader.

MrXermon added a subscriber: MrXermon.Jan 5 2019, 12:28 PM

Hmm the way I have understood SNMP this is not a VyOS issue. VyOS only deliveres the MIB tree to the SNMP poller. The MIBs database must be up2date on the client side to map the OIDs to their specific values.

e.g. SolarWinds releases a new MIB every friday.

Please proof me wrong if I'm misstaken.

@cpo the SNMP server has to support the MIB to export the OID. And afterwards the client has to have an up2data MIB to map it again. If the server does not export it the client can update the MIB but the OID won’t be there.

Update: http://docs.frrouting.org/en/latest/snmp.html
FRR pushes the OIDs / information with the AgentX connection to the SNMP server.

VyOS 1.2.3 has agentx enabled:

vyos@vyos:~$ vtysh -d bgpd -c "show run" | grep agentx
agentx

Ok so that would mean the BGP4 info is exposed to the SNMP server and someone has to check it on a client.

https://docs.cumulusnetworks.com/version/cumulus-linux-35/Monitoring-and-Troubleshooting/SNMP-Monitoring/
Shows which OID tree to export with the SNMP server. But Vyos probably exports everything?

Depending on your configuration, in SNMPv3 you can limit the scope, in SNMPv2 we export all.

Viacheslav added a subscriber: Viacheslav.Dec 23 2019, 7:07 PM

Max positive value for Integer32 = 2147483647
Max negative value = -2147483648

So 2147483647 - it max ASN which can snmp get correct.

sever@r-roll# run show version 
Version:          VyOS 1.3-rolling-202003100217

sever@r-roll# run show configuration commands | match bgp
set protocols bgp 2147483647 neighbor 10.0.0.1 remote-as '65001'

sever@r-roll# sudo snmpwalk -v 2c -c public localhost  .1.3.6.1.2.1.15.2
SNMPv2-SMI::mib-2.15.2.0 = INTEGER: 2147483647

The BGP-4 specification uses an unsigned 32 bit number (0 to 4294967295)

As far as I know, there is not a single manufacturer that would fully support the values of the bgp via snmp.

c-po removed c-po as the assignee of this task.Jun 14 2020, 3:36 PM

c-po set Is it a breaking change? to Unspecified (possibly destroys the router).

c-po added a subscriber: c-po.

dmbaturin added a project: test.Jul 29 2021, 9:06 AM

erkin set Issue type to Bug (incorrect behavior).Aug 31 2021, 7:20 PM

syncer edited projects, added VyOS 1.3 Equuleus (1.3.0-epa1); removed test, VyOS 1.3 Equuleus.Sep 5 2021, 7:06 AM

syncer edited projects, added VyOS 1.3 Equuleus (1.3.0); removed VyOS 1.3 Equuleus (1.3.0-epa1).Nov 1 2021, 10:09 PM

Viacheslav lowered the priority of this task from High to Normal.Dec 24 2021, 9:10 AM

syncer edited projects, added VyOS 1.3 Equuleus (1.3.3); removed VyOS 1.3 Equuleus (1.3.0).Aug 29 2022, 7:06 AM

syncer edited projects, added VyOS 1.3 Equuleus (1.3.4); removed VyOS 1.3 Equuleus (1.3.3).Jul 12 2023, 9:45 PM