SNMP Query for BGP Tunnels Returns IPv4 Tunnels Only
Open, Needs TriagePublicBUG

Description

Hello,

We are trying to monitor BGP sessions established on VyOS however response to queries returns only IPv4 BGP sessions and no IPv6 Sessions. I am running VyOS 999.201708220343.

/usr/bin/snmpbulkwalk -v2c -c 'XXXXXXXX' -Oq -m BGP4-MIB -M /mibs udp:1.2.3.4:161 bgpPeerState

BGP4-MIB::bgpPeerState.10.16.17.18 established

There are 3 other IPv6 BGP peers that are missing from this response.

Thank you,

Babak

Details

Difficulty level
Unknown (require assessment)
Version
999.201708220343
Why the issue appeared?
Will be filled on close
babak created this task.Aug 25 2017, 4:08 PM
UnicronNL edited projects, added VyOS 1.2.x; removed VyOS 1.1.x.Aug 28 2017, 1:17 PM
c-po added a subscriber: c-po.Aug 29 2017, 9:52 AM

@babak do you happen to know if this is workong on EdgeOS devices? Then I could extract their implementation.

babak added a comment.EditedAug 29 2017, 1:17 PM

Hi @c-po. Unfortunately I have no access to EdgeOS to offer guidance on this. I will however ask on the VyOS boards since a lot of folks seem to be using them, perhaps one of those folks can offer feedback.

drixter added a subscriber: drixter.Sep 4 2017, 4:32 PM

Hi,

I'm also really intereseted to make it working, is there any chance to help?

Thanks

c-po added a comment.Sep 4 2017, 5:35 PM

I think as not everybody has access to an IPv6 BGP router, a ro SNMP community for testing would be good. Even better would be a virtual instance to develop a fix for this problem.

Hi,

I have access to to these routers, is VyOS like below will be ok?
vyos@vyos:~$ show version
Version: VyOS 1.1.7
Description: VyOS 1.1.7 (helium)

Or you need a 1.2.x version?

Thanks,

Is it possible to do an strace of the snmp process?

Hi,

There is another problem. BGP4-MIB doen't cover IPv6 peers, the clue is implement a new MIB like https://iphostmonitor.com/mib/BGP4-V2-MIB-JUNIPER.html like Juniper did

Juniper query for IPv6 BGP peers state:
[root@fido ~]# snmpwalk -c public -v1 172.22.165.1 1.3.6.1.4.1.2636.5.1.1.2.1.1.1.2
SNMPv2-SMI::enterprises.2636.5.1.1.2.1.1.1.2.0.1.172.22.164.1.1.172.22.164.2 = INTEGER: 6
SNMPv2-SMI::enterprises.2636.5.1.1.2.1.1.1.2.0.2.32.1.6.124.33.236.255.255.255.255.255.255.255.255.255.255.2.32.1.6.124.33.236.255.255.174.22.165.255.254.33.16.8 = INTEGER: 6
SNMPv2-SMI::enterprises.2636.5.1.1.2.1.1.1.2.0.2.32.1.7.248.0.107.0.10.0.0.0.0.0.0.0.2.2.32.1.7.248.0.107.0.10.0.0.0.0.0.0.0.1 = INTEGER: 6
SNMPv2-SMI::enterprises.2636.5.1.1.2.1.1.1.2.0.2.32.1.22.32.16.0.0.0.0.0.0.0.0.0.0.62.2.32.1.22.32.16.0.0.0.0.0.0.0.0.0.0.61 = INTEGER: 6
VyOS:
[root@fido ~]# snmpwalk -c public -v1 172.22.164.2 1.3.6.1.4.1.2636.5.1.1.2.1.1.1.2
(blank)
[this need to be implemented, maybe in conjunction with quagga]

Standard BGP4-MIN query:
Juniper show only IPv4 peers - correct
[root@fido ~]# snmpwalk -c public -v1 172.22.164.2 1.3.6.1.2.1.15.3.1.2
SNMPv2-SMI::mib-2.15.3.1.2.172.20.253.20 = INTEGER: 6
SNMPv2-SMI::mib-2.15.3.1.2.172.22.164.1 = INTEGER: 6
SNMPv2-SMI::mib-2.15.3.1.2.172.22.164.190 = INTEGER: 6
SNMPv2-SMI::mib-2.15.3.1.2.172.23.169.33 = INTEGER: 6

VyOS shows only IPv4 peers - correct
[root@fido ~]# snmpwalk -c public -v1 172.22.165.1 1.3.6.1.2.1.15.3.1.2
SNMPv2-SMI::mib-2.15.3.1.2.0.0.0.0 = INTEGER: 6
SNMPv2-SMI::mib-2.15.3.1.2.172.22.164.2 = INTEGER: 6

Hope this helps.

Hi,

I think that best way to implement it, will be use a "extends" in snmpd for BGP4-V2-MIB-JUNIPER and use a vtysh as backed.

Need a little code for script and parse result from vtysh :-/

Anyone ready to handle it? :-)

Thanks

babak added a comment.Sep 12 2017, 4:53 PM

I might be able to stand up a Vyos Instance with v6 BGP for you to test. Let me know when you are ready for it and I'll get it spun up.

c-po added a comment.Sep 12 2017, 5:33 PM

@babak that would be awesome as I do not have any IPv6 BGP connectivity. I created a temporary SSH key for this, could you please create a user cpo:

set system login user cpo authentication plaintext-password ''
set system login user cpo authentication public-keys vyos key 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDTNgd9OqWEHEsWVh/bSH77ZLJD4ZB9tQg2cSO+VxrON6hZtqoBaTDKYj2g15iQG0VVr/e7Z4BU4l+izWQ3ACifJLFwcp7h+4j2m7ACIxg5mS5u1QtNIE6xIaKkD5Jl9Z86VfSaVV5gJ23t/ihE5056fygSBbfvqI2H7I4pmPwrl6xGQ+2aAMUUxzVaxDb6rnG+pyg2se8TqLAms8y81k6jy4+XfVORRuqfMk3VQRDVnIoWW4RPmcQvF5wDB5cRAL+MIZrUmEyKjxHAFwX4NQTtwZUg5Rue9zVSMjJ9fiEmO84lWtlRm9FkHWhu/5fZfO4swNjhBeC6niljA2hFx4F0Q7usp0nYmJiSvcPv7aNLwKr4GIELDndTMKe5caRLT7XzAiUnmUc83rWB3v6wX3AHfak+8Qau1BYVexXYOhUHZBlNZcMEvX3cvGMJyv5XT6y/QEdUWfEQWvdfAW80VhZxCDjWGmU/GjF4gFInPkzvxoNp3fpmGm6BowHWZzs/E83jrYOGZTeWO+75zmOyxcfM5secrJ2hVGwXEtPdSHVsKMOWJfJN8i359JtCAGjp64l5MRf3dsE7kNI4u3TqR4oP0YHwSB2Y2Z13l9HpRaGRv+YPonChP3VXJzXcNclu6KYLnhjjnq5L3b2nNHDi83E2iJgXE48lR9MA6APfukOIJw=='
set system login user cpo authentication public-keys vyos type 'ssh-rsa'
set system login user cpo level 'admin'

No promises but I'll do my best!

Hi @babak and @c-po, have you tested snmp ipv6 bgp instance???
Please let me know any news about that.