Page MenuHomeVyOS Platform

SNMP Query for BGP Tunnels Returns IPv4 Tunnels Only
Open, LowPublicBUG

Description

Hello,

We are trying to monitor BGP sessions established on VyOS however response to queries returns only IPv4 BGP sessions and no IPv6 Sessions. I am running VyOS 999.201708220343.

/usr/bin/snmpbulkwalk -v2c -c 'XXXXXXXX' -Oq -m BGP4-MIB -M /mibs udp:1.2.3.4:161 bgpPeerState

BGP4-MIB::bgpPeerState.10.16.17.18 established

There are 3 other IPv6 BGP peers that are missing from this response.

Thank you,

Babak

Details

Difficulty level
Normal (likely a few hours)
Version
999.201708220343
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Event Timeline

@babak do you happen to know if this is workong on EdgeOS devices? Then I could extract their implementation.

Hi @c-po. Unfortunately I have no access to EdgeOS to offer guidance on this. I will however ask on the VyOS boards since a lot of folks seem to be using them, perhaps one of those folks can offer feedback.

Hi,

I'm also really intereseted to make it working, is there any chance to help?

Thanks

I think as not everybody has access to an IPv6 BGP router, a ro SNMP community for testing would be good. Even better would be a virtual instance to develop a fix for this problem.

Hi,

I have access to to these routers, is VyOS like below will be ok?
vyos@vyos:~$ show version
Version: VyOS 1.1.7
Description: VyOS 1.1.7 (helium)

Or you need a 1.2.x version?

Thanks,

Is it possible to do an strace of the snmp process?

Hi,

There is another problem. BGP4-MIB doen't cover IPv6 peers, the clue is implement a new MIB like https://iphostmonitor.com/mib/BGP4-V2-MIB-JUNIPER.html like Juniper did

Juniper query for IPv6 BGP peers state:
[root@fido ~]# snmpwalk -c public -v1 172.22.165.1 1.3.6.1.4.1.2636.5.1.1.2.1.1.1.2
SNMPv2-SMI::enterprises.2636.5.1.1.2.1.1.1.2.0.1.172.22.164.1.1.172.22.164.2 = INTEGER: 6
SNMPv2-SMI::enterprises.2636.5.1.1.2.1.1.1.2.0.2.32.1.6.124.33.236.255.255.255.255.255.255.255.255.255.255.2.32.1.6.124.33.236.255.255.174.22.165.255.254.33.16.8 = INTEGER: 6
SNMPv2-SMI::enterprises.2636.5.1.1.2.1.1.1.2.0.2.32.1.7.248.0.107.0.10.0.0.0.0.0.0.0.2.2.32.1.7.248.0.107.0.10.0.0.0.0.0.0.0.1 = INTEGER: 6
SNMPv2-SMI::enterprises.2636.5.1.1.2.1.1.1.2.0.2.32.1.22.32.16.0.0.0.0.0.0.0.0.0.0.62.2.32.1.22.32.16.0.0.0.0.0.0.0.0.0.0.61 = INTEGER: 6
VyOS:
[root@fido ~]# snmpwalk -c public -v1 172.22.164.2 1.3.6.1.4.1.2636.5.1.1.2.1.1.1.2
(blank)
[this need to be implemented, maybe in conjunction with quagga]

Standard BGP4-MIN query:
Juniper show only IPv4 peers - correct
[root@fido ~]# snmpwalk -c public -v1 172.22.164.2 1.3.6.1.2.1.15.3.1.2
SNMPv2-SMI::mib-2.15.3.1.2.172.20.253.20 = INTEGER: 6
SNMPv2-SMI::mib-2.15.3.1.2.172.22.164.1 = INTEGER: 6
SNMPv2-SMI::mib-2.15.3.1.2.172.22.164.190 = INTEGER: 6
SNMPv2-SMI::mib-2.15.3.1.2.172.23.169.33 = INTEGER: 6

VyOS shows only IPv4 peers - correct
[root@fido ~]# snmpwalk -c public -v1 172.22.165.1 1.3.6.1.2.1.15.3.1.2
SNMPv2-SMI::mib-2.15.3.1.2.0.0.0.0 = INTEGER: 6
SNMPv2-SMI::mib-2.15.3.1.2.172.22.164.2 = INTEGER: 6

Hope this helps.

Hi,

I think that best way to implement it, will be use a "extends" in snmpd for BGP4-V2-MIB-JUNIPER and use a vtysh as backed.

Need a little code for script and parse result from vtysh :-/

Anyone ready to handle it? :-)

Thanks

I might be able to stand up a Vyos Instance with v6 BGP for you to test. Let me know when you are ready for it and I'll get it spun up.

@babak that would be awesome as I do not have any IPv6 BGP connectivity. I created a temporary SSH key for this, could you please create a user cpo:

set system login user cpo authentication plaintext-password ''
set system login user cpo authentication public-keys vyos key 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDTNgd9OqWEHEsWVh/bSH77ZLJD4ZB9tQg2cSO+VxrON6hZtqoBaTDKYj2g15iQG0VVr/e7Z4BU4l+izWQ3ACifJLFwcp7h+4j2m7ACIxg5mS5u1QtNIE6xIaKkD5Jl9Z86VfSaVV5gJ23t/ihE5056fygSBbfvqI2H7I4pmPwrl6xGQ+2aAMUUxzVaxDb6rnG+pyg2se8TqLAms8y81k6jy4+XfVORRuqfMk3VQRDVnIoWW4RPmcQvF5wDB5cRAL+MIZrUmEyKjxHAFwX4NQTtwZUg5Rue9zVSMjJ9fiEmO84lWtlRm9FkHWhu/5fZfO4swNjhBeC6niljA2hFx4F0Q7usp0nYmJiSvcPv7aNLwKr4GIELDndTMKe5caRLT7XzAiUnmUc83rWB3v6wX3AHfak+8Qau1BYVexXYOhUHZBlNZcMEvX3cvGMJyv5XT6y/QEdUWfEQWvdfAW80VhZxCDjWGmU/GjF4gFInPkzvxoNp3fpmGm6BowHWZzs/E83jrYOGZTeWO+75zmOyxcfM5secrJ2hVGwXEtPdSHVsKMOWJfJN8i359JtCAGjp64l5MRf3dsE7kNI4u3TqR4oP0YHwSB2Y2Z13l9HpRaGRv+YPonChP3VXJzXcNclu6KYLnhjjnq5L3b2nNHDi83E2iJgXE48lR9MA6APfukOIJw=='
set system login user cpo authentication public-keys vyos type 'ssh-rsa'
set system login user cpo level 'admin'

No promises but I'll do my best!

Hi @babak and @c-po, have you tested snmp ipv6 bgp instance???
Please let me know any news about that.

syncer triaged this task as Normal priority.Dec 21 2017, 9:57 PM
syncer added a subscriber: syncer.

@c-po i should get router with v6 and snmp
will ping you once it up

syncer raised the priority of this task from Normal to High.

@c-po We've several servers with VyOS 1.2.x and IPv6 BGP session. We've long wanted to control the BGP IPv6 sessions via SNMP, but now only IPv4 is possible. Write me to Slack if I can somehow help with writing this functionality.

@oliko unfortunately I did not getting it to work buw it seems that it's due to lacking support in FRR (https://github.com/FRRouting/frr/issues/2350) and it is on the feature request page - we should get it with newer FRR releases.

BGP reference OIDs http://www.oidview.com/mibs/0/BGP4-MIB.html

syncer lowered the priority of this task from High to Low.Nov 9 2018, 8:55 PM
Dmitry added a subscriber: Dmitry.

Did anything ever come of this? I have a handful of IPv6 BGP sessions as well as LibreNMS to test...

@owensresearch it is still not supported by net-snmp

dmbaturin changed Difficulty level from Unknown (require assessment) to Normal (likely a few hours).Jan 27 2021, 6:35 PM
dmbaturin set Is it a breaking change? to Perfectly compatible.
Viacheslav added a subscriber: ronie.
dmbaturin set Issue type to Bug (incorrect behavior).Sep 3 2021, 7:22 AM