cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12821
Views
7
Helpful
12
Replies

Monitor BGP sessions on VRFs with XR 4.2 using SNMP

david.barroso
Level 1
Level 1

Hello,

I have an ASR 9006 running IOS XR 4.2 and I want to monitor some BGP sessions under VRFs using SNMP. However, when I poll the device using the OID 1.3.6.1.2.1.15.3.1.2 I only get the BGP sessions on the global VRF. I have read that I have to create 'SNMP contexts' in order to poll information about VRFs but I am not sure how to create them on XR 4.2. Do you know how to do it?

Thanks in advance.

David

12 Replies 12

xthuijs
Cisco Employee
Cisco Employee

hI david,

I am very sorry, but this functionality is currently not supported.

The BGP mib doesnt allow for vrf contexts and the draft has expired and revised a few times and there is no consensus on it.

I do know that IOS did do it anyway, in the standard bgp mib with a trick that is a little difficult to work with also.

If this is a biggy for you, I would recommend working with your account team and have them push DDTS:

CSCsk76539 for integration.

xander

Hello,

We are trying the same thing but with an IOSXR 6.0.2 ( ASR9001). Is there still no support for monitor BGP sessions in VRF with SNMP ? Is we have to use the workaround "snmp context" ?

Regards,

hi jerome,

yeah still not integrated. the workaround with the contexts is an option.

the standards didnt converge on this requirement and I think it might have even been dropped. however there is a need for this. if this requirement is important to you, I would connect with your account team to add your case to the ddts referenced so at some point it carries enough weight to implement.

cheers

xander

Hi Xander,

Thank you for your answer, so i will try the workaround with the "snmp context" feature.

Regards,

Jérôme.

Just to be clear...

As per IETF standard VRF, VLAN, Virtual Router context is address in SNMP (in the protocol intself), not in OID (Object ID). 

SNMPv2: what is called the "community-string" is indeed define to carry the context as per IETF RFC definition, even if most folks use it for authentication purpose, which has not be defined for.

SNMPv3: specific context field has been added to separate "authentication" from "context".

Main reason why MIB draft with VRF context has been depreciate is: was not compliant with SNMP guidance, which specifically mention the context should be in the protocol, not in the object...

And it make sense, this way all OID could be use per specific context bases.

Thus we do have ZERO plan to propose or implement something in opposite direction from the standard.

Today, a better option is to use Netconf/Yang Open Config BGP operational model, it is human readable and much easier to read for a machine. It has been added to IOS XR recently :-)

Bertrand

Hello @Bertrand Duvivier 

Could you pls expand little bit your reply?


@Bertrand Duvivier wrote:

Today, a better option is to use Netconf/Yang Open Config BGP operational model, it is human readable and much easier to read for a machine. It has been added to IOS XR recently :-)


Have you meant YANG/OC in relation to telemetry? Or is there any other way to monitor BGP peers?

thanks

david.barroso
Level 1
Level 1

Hello,

thanks to the collaboration of the engineers of Dimension Data I have managed to get it working. In case you are interested in the solution. This would be the configuration on the ASR:

; We create the snmp context

snmp-server context test-ctxt

; We associate the context with the VRF

snmp-server vrf vrfTest

context test-ctxt

; We create the community

snmp-server community test-com RO 1500

; We map the community with the context

snmp-server community-map test-com context test-ctxt

Now, when we poll the community associated with the context the peering sessions for that context are returned:

$ snmpwalk -v2c -c test-com 192.168.0.1 1.3.6.1.4.1.9.9.187.1.2.5.1.3

SNMPv2-SMI::enterprises.9.9.187.1.2.5.1.3.1.4.10.10.0.1 = INTEGER: 1

On the ASR:

#show bgp vrf vrfTest sum | b Neigh

Wed Jun  5 08:05:26.286 UTC

Neighbor        Spk    AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down  St/PfxRcd

10.10.0.1         1 65001       0       0        0    0    0 00:00:00 Idle

Regards

Nice to see that you found a workaround for this David, and thanks for sharing the solution.

My only concern is since this is not part of our testing it is officially not supported, this doesnt mean you cant use it, but it might break in a different release for whatever reason.

Let me bring this up with our BGP and sNMP development teams to see if they can insert it in their test case to address the DDTS I referenced for official support of this functionality.

xander

Hi,

 

when we are using context we can able to see the BGP state alarms in Network Monitoring System(NMS) but we are not able to co-relate with VRF name. I can able to see the alarms co-related with ip address but does not with the vrf or RD.

 

is their anyway to co-relate the alarms with VRF Name or RD/RT.

@david.barroso Thanks for the share! It was useful for me. Just had the same case with SNMPv3. I post the working configs (I had to search replace data I hope they still work just fine):

 

IOS XR configs:
=================================================
snmp-server ifindex persist
snmp-server mibs rfmib entphyindex

snmp-server user V3_RO_USER GrpMonitor v3 auth sha clear AUTHPWD priv aes 128 clear PRIVPWD
snmp-server group GrpMonitor v3 priv

snmp-server context SNMP_CONTEXT_VRF_WAN
snmp-server vrf VRF_WAN
context SNMP_CONTEXT_VRF_WAN



Linux snmpwalks:
=================================================

Default VRF BGP Peerings:

[devops@linux-dev-vm-albert ~]$snmpwalk -v3 -1 authPriv -u V3_RO_USER -a SHA -A AUTHPWD -x AES -X PRIVPWD A.B.190.69 1.3.6.1.4.1.9.9.187.1.2.5.1.3 -n ""
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.1.4.A.B.190.1 = INTEGER: 6
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.1.4.A.B.190.3 = INTEGER: 6
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.2.16.A.B.C.D.E.F..17.49.0.0.0.0.0.0.0.0 = INTEGER: 6
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.2.16.A.B.C.D.E.F..17.51.0.0.0.0.0.0.0.0 = INTEGER: 6
[devops@linux-dev-vm-albert ~]$




WAN VRF BGP Peerings:

[devops@linux-dev-vm-albert ~]$snmpwalk -v3 -1 authPriv -u V3_RO_USER -a SHA -A AUTHPWD -x AES -X PRIVPWD A.B.190.69 1.3.6.1.4.1.9.9.187.1.2.5.1.3 -n "SNMP_CONTEXT_VRF_WAN"
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.1.4.A.B.117.132 = INTEGER: 6
SNMPV2-SMI: :enterprises.9.9.187.1.2.5.1.3.1.4.A.B.117.134 = INTEGER: 6
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.1.4.A.B.214.132 = INTEGER: 3
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.1.4.A.B.214.134 = INTEGER: 3
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.1.4.A.B.230.132 = INTEGER: 1
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.1.4.A.B.230.134 = INTEGER: 1
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.1.4.A.B.230.140 = INTEGER: 1
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.1.4.A.B.230.142 = INTEGER: 1
SNMPvV2-SMI: :enterprises.9.9.187.1.2.5.1.3.2.16.A.B.C.D.EB.F.32.217.0.0.0.0.0.0.0.0 = INTEGER: 6
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.2.16.A.B.C.D.EB.F.32.218.0.0.0.0.0.0.0.0 = INTEGER: 6
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.2.16.A.B.C.D.E.F.33.9.0.0.0.0.0.0.0.0 = INTEGER: 3
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.2.16.A.B.C.D.E.F.33.10.0.0.0.0.0.0.0.0 = INTEGER: 3
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.2.16.A.B.C.D.E.F.34.9.0.0.0.0.0.0.0.0 = INTEGER: 1
SNMPv2-SMI: :enterprises.9.9.187.1.2.5.1.3.2.16.A.B.C.D.E.F.34.10.0.0.0.0.0.0.0.0 = INTEGER: 1
SNMPV2-SMI: :enterprises.9.9.187.1.2.5.1.3.2.16.A.B.C.D.E.F.34.13.0.0.0.0.0.0.0.0 = INTEGER: 1
SNMPvV2-SMI: :enterprises.9.9.187.1.2.5.1.3.2.16.A.B.C.D.E.F.34.14.0.0.0.0.0.0.0.0 = INTEGER: 1
[devops@linux-dev-vm-albert ~]$

 

Jeremy Baldwin
Level 1
Level 1

I just wanted to say, thank you David for sharing your solution.  I worked through your steps, and was able to get exactly what I was looking to get.

 

Thanks for saving me time that I would have spent (re-inventing) the wheel!

Bertrand Duvivier
Cisco Employee
Cisco Employee

This is correct, all context (VRF, Vlan, subinterface,...) as per IETF RFC2271 (SNMPv2) is included in the community_string, CIsco IOS-XR implementation was enhanced in XR 4.x to includes per VRF snmp_context.

Bertrand.