Trying to monitor BGP peers under VRF in NXOS

Ivaylo Georgiev · ‎01-08-2025

I am trying to monitor BGP peers which are configured under separate VRFs on a Nexus switch, running software version 9.3;

I reviewed the workaround for IOS from this discussion: Monitor BGP sessions on VRFs with XR 4.2 using SNMP - Cisco Community. You would think it should not be that hard to adapt it for NXOS but I am getting nowhere after spending a few hours on it.

I am running NXOS software version 9.3;

I am using snmp v2c

I have also added this config to the nexus switch: snmp-server context example-context vrf example-vrf

I am using the OIDs from the image below.

Here are my snmp walks when I run them against the "example-context":

This snmpwalk does not return any results, so I wonder if my OID is incorrect? I expect it to return the BGP peers.

----------------------- New Test -----------------------
Paessler SNMP Tester - 24.4.102.648 Computername: MGUSINPCDC808 Interface: 10.25.100.232
1/8/2025 11:34:33 AM (7 ms) : Device: 10.10.10.21
1/8/2025 11:34:33 AM (9 ms) : SNMP v2c
1/8/2025 11:34:33 AM (11 ms) : Custom OID 1.3.6.1.2.1.15.3.1
1/8/2025 11:34:33 AM (45 ms) : SNMP Datatype: SNMP_EXCEPTION_NOSUCHOBJECT
1/8/2025 11:34:33 AM (48 ms) : -------
1/8/2025 11:34:33 AM (52 ms) : Value: #N SNMP_EXCEPTION_NOSUCHOBJECT222
1/8/2025 11:34:33 AM (55 ms) : Done

This one returns something, so I know I have SNMP connectivity and my snmp tool works:
----------------------- New Test -----------------------
Paessler SNMP Tester - 24.4.102.648 Computername: MGUSINPCDC808 Interface: 10.25.100.232
1/8/2025 11:34:51 AM (6 ms) : Device: 10.10.10.21
1/8/2025 11:34:51 AM (10 ms) : SNMP v2c
1/8/2025 11:34:51 AM (12 ms) : Custom OID 1.3.6.1.2.1.15.4.0
1/8/2025 11:34:51 AM (47 ms) : SNMP Datatype: ASN_IPADDRESS
1/8/2025 11:34:51 AM (50 ms) : -------
1/8/2025 11:34:51 AM (52 ms) : Value: 172.28.28.55
1/8/2025 11:34:51 AM (54 ms) : Done

AshSe · ‎01-15-2025

Hello @Ivaylo Georgiev

It seems like you're trying to monitor BGP peers in a VRF context on a Nexus switch using SNMP, but you're running into issues with the OIDs and the SNMP context configuration.

It seems like you're trying to monitor BGP peers in a VRF context on a Nexus switch using SNMP, but you're running into issues with the OIDs and the SNMP context configuration. Let's break this down and troubleshoot step by step.

Key Points to Consider:

SNMP Context for VRFs:
- On Nexus switches, when BGP is configured under a VRF, you need to use the snmp-server context command to associate the SNMP context with the VRF. You've already done this with:
```
snmp-server context example-context vrf example-vrf
```
  This is correct, and it ensures that SNMP queries using the example-context will retrieve data specific to the example-vrf.
OID for BGP Peers:
- The OID 1.3.6.1.2.1.15.3.1 corresponds to the bgpPeerTable in the BGP4-MIB. This table contains information about BGP peers.
- The fact that you're getting SNMP_EXCEPTION_NOSUCHOBJECT suggests that either:
  - The OID is not valid in the context of the VRF.
  - The BGP session is not active or not configured correctly in the VRF.
  - The SNMP context is not being applied correctly.
Successful SNMP Walk:
- Your second test with OID 1.3.6.1.2.1.15.4.0 (which corresponds to bgpIdentifier in the BGP4-MIB) works, indicating that SNMP is functioning and the context is being applied correctly.

Troubleshooting Steps:

Verify BGP Configuration in the VRF:
- Ensure that BGP is properly configured and that there are active BGP peers in the example-vrf. Use the following command on the Nexus switch to verify:
```
show ip bgp all summary vrf example-vrf
```
  This will show the BGP peers and their states within the VRF. If there are no active peers, the SNMP walk will not return any results.
Verify SNMP Context:
- Ensure that the SNMP context is correctly associated with the VRF. You can verify this with:
```
show running-config | include snmp-server context
```
  Confirm that the context name (example-context) matches what you're using in your SNMP tool.
Test the OID with the Context:
- Use an SNMP walk or get command with the -Cn option (to specify the context) to query the bgpPeerTable OID. For example:
```
snmpwalk -v2c -c <community> -Cn example-context <switch-ip> 1.3.6.1.2.1.15.3.1
```
  If this still returns SNMP_EXCEPTION_NOSUCHOBJECT, it could mean that the OID is not valid in the VRF context or that there are no active BGP peers.
Check for Nexus-Specific MIBs:
- Nexus switches may not fully support the standard BGP4-MIB, or they may use a different MIB for BGP monitoring. Check the Cisco documentation for your Nexus software version (9.3) to see if there are Nexus-specific MIBs or OIDs for BGP monitoring.
Test with a Different OID:
- Try walking the entire BGP4-MIB to see what data is available:
```
snmpwalk -v2c -c <community> -Cn example-context <switch-ip> 1.3.6.1.2.1.15
```
  This will give you an idea of what BGP-related data is accessible via SNMP in the VRF context.
Debug SNMP on the Nexus Switch:
- If the issue persists, enable SNMP debugging on the Nexus switch to see if the SNMP requests are being processed correctly:
```
debug snmp packets
```
  Monitor the logs to see if there are any errors or issues with the SNMP requests.

Additional Notes:

If the Nexus switch does not support the standard BGP4-MIB for VRFs, you may need to use a different approach, such as using NX-API or streaming telemetry to monitor BGP peers.
Ensure that your SNMP tool supports specifying contexts. If it doesn't, you may need to use a different tool or script your SNMP queries using a library like pysnmp.

By following these steps, you should be able to identify the root cause of the issue and retrieve the BGP peer information via SNMP. Let me know if you need further assistance!

Hope This Helps!!!

AshSe

Forum Tips:

Insert photos/images inline - don't attach.
Always mark helpful and correct answers, it helps others find what they need.
For a prompt reply, kindly tag @name. An email will be automatically sent to the member.