search

FRRouting / frr

The FRRouting Protocol Suite
https://frrouting.org/
Other
3.35k stars 1.25k forks source link

SNMP with integrated configuration #4994

Open guidov22 opened 5 years ago

guidov22 commented 5 years ago

Hello, agentx is not working.

FRR version is: FRRouting 7.1 (frr-test-a). Copyright 1996-2005 Kunihiro Ishiguro, et al. configured with: '--enable-systemd' '--enable-sharpd' '--enable-snmp' '--enable-multipath=8' '--enable-config-rollbacks' '--enable-exampledir=/usr/share/doc/frr/examples/' '--localstatedir=/var/opt/frr' '--sbindir=/usr/lib/frr' '--sysconfdir=/etc/frr' '--enable-multipath=64' '--enable-user=frr' '--enable-group=frr' '--enable-vty-group=frrvty' '--enable-configfile-mask=0640' '--enable-logfile-mask=0640' '--enable-fpm' '--with-moduledir=/usr/lib/frr/modules'

We are using integrated configuration.

The command is suggested by configuration: frr-test-a(config)# a? access-list Add an access list entry agentx SNMP AgentX protocol settings allow-external-route-update Allow FRR routes to be overwritten by external processes

but not recognised by zebra:

frr-test-a# conf t frr-test-a(config)# agentx % [ZEBRA] Unknown command: agentx frr-test-a(config)#

Thanks and regards

donaldsharp commented 5 years ago

can you show us the contents of our /etc/frr/daemons file?

guidov22 commented 5 years ago

here the contents:

zebra=yes bgpd=yes ospfd=yes ospf6d=yes ripd=yes ripngd=yes isisd=yes pimd=yes ldpd=yes nhrpd=yes eigrpd=yes babeld=yes sharpd=yes staticd=yes pbrd=yes bfdd=yes fabricd=yes

#

If this option is set the /etc/init.d/frr script automatically loads

the config via "vtysh -b" when the servers are started.

Check /etc/pam.d/frr if you intend to use "vtysh"!

# vtysh_enable=yes zebra_options=" -s 90000000 --daemon -A 127.0.0.1" bgpd_options=" --daemon -A 127.0.0.1" ospfd_options=" --daemon -A 127.0.0.1" ospf6d_options=" --daemon -A ::1" ripd_options=" --daemon -A 127.0.0.1" ripngd_options=" --daemon -A ::1" isisd_options=" --daemon -A 127.0.0.1" pimd_options=" --daemon -A 127.0.0.1" ldpd_options=" --daemon -A 127.0.0.1" nhrpd_options=" --daemon -A 127.0.0.1" eigrpd_options=" --daemon -A 127.0.0.1" babeld_options=" --daemon -A 127.0.0.1" sharpd_options=" --daemon -A 127.0.0.1" staticd_options=" --daemon -A 127.0.0.1" pbrd_options=" --daemon -A 127.0.0.1" bfdd_options=" --daemon -A 127.0.0.1" fabricd_options=" --daemon -A 127.0.0.1"

MAX_FDS=1024

The list of daemons to watch is automatically generated by the init script.

watchfrr_options=""

for debugging purposes, you can specify a "wrap" command to start instead

of starting the daemon directly, e.g. to use valgrind on ospfd:

ospfd_wrap="/usr/bin/valgrind"

or you can use "all_wrap" for all daemons, e.g. to use perf record:

all_wrap="/usr/bin/perf record --call-graph -"

the normal daemon command is added to this at the end.

Il giorno 17 set 2019, alle ore 14:39, Donald Sharp notifications@github.com ha scritto:

can you show us the contents of our /etc/frr/daemons file?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/FRRouting/frr/issues/4994?email_source=notifications&email_token=AC42QGCMC7OM2TUQQ5SEMYDQKDFYVA5CNFSM4IXPLWS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD64MF2Q#issuecomment-532202218, or mute the thread https://github.com/notifications/unsubscribe-auth/AC42QGAZRJVJSOAI3PVUMW3QKDFYVANCNFSM4IXPLWSQ.

donaldsharp commented 5 years ago

Add -M snmp to your daemon_options line for the daemons you want snmp working on.

guidov22 commented 5 years ago

Can all the daemons be snmp enabled or only zebra, bgp ospf and rip ?

Thanks and regards

Il giorno 17 set 2019, alle ore 14:59, Donald Sharp notifications@github.com ha scritto:

Add -M snmp to your daemon_options line for the daemons you want snmp working on.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/FRRouting/frr/issues/4994?email_source=notifications&email_token=AC42QGF74LDFBV4SGPEGLA3QKDIETA5CNFSM4IXPLWS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD64N6SQ#issuecomment-532209482, or mute the thread https://github.com/notifications/unsubscribe-auth/AC42QGGATDWNVZFFXPIBKADQKDIETANCNFSM4IXPLWSQ.

guidov22 commented 5 years ago

Hello, done … it seems to work now …

but doing r00t@frr-test-a:~$ snmpwalk -c %nast1a%0 -v2c localhost .1.3.6.1.2.1.14.1.1 iso.3.6.1.2.1.14.1.1 = No Such Object available on this agent at this OID r00t@frr-test-a:~$

is there a mib tree ? I cannot find it … I only find ospf tree on example to enable snmp

thanks and regards

Il giorno 17 set 2019, alle ore 14:59, Donald Sharp notifications@github.com ha scritto:

Add -M snmp to your daemon_options line for the daemons you want snmp working on.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/FRRouting/frr/issues/4994?email_source=notifications&email_token=AC42QGF74LDFBV4SGPEGLA3QKDIETA5CNFSM4IXPLWS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD64N6SQ#issuecomment-532209482, or mute the thread https://github.com/notifications/unsubscribe-auth/AC42QGGATDWNVZFFXPIBKADQKDIETANCNFSM4IXPLWSQ.

yswery-reconz commented 3 years ago

I am having the same issue where I can find this returning at all via SNMP. I have FRR with snmp support installed (Pfsesne 2.5)

[2.5.0-RELEASE][admin@pfSense.localdomain]/root: ps aux | grep frr
frr     17902   0.0  0.6  72184 25492  -  Ss   11:55     0:00.03 /usr/local/sbin/zebra -M snmp -d
frr     38591   0.0  0.2  20348  7256  -  Ss   11:46     0:00.06 /usr/local/sbin/staticd -d
frr     39927   0.0  0.6  53560 26736  -  Ss   11:46     0:00.11 /usr/local/sbin/bgpd -M snmp -d
Module information for bgpd:
Module Name  Version                   Description

libfrr       7.5                       libfrr core module
bgpd         7.5                       bgpd daemon
bgpd_snmp    7.5                       bgpd AgentX SNMP module
    from: /usr/local/lib/frr/modules/bgpd_snmp.so
pid: 19886

On the snmpd i also have agentx of course, but snmp walk doesnt show anything BGP related.

Does anyone know what I could try to do?

sabik commented 3 years ago

Per https://redmine.pfsense.org/issues/11610 it looks like the "Unknown command: agentx" error occurs when agentxperms in the SNMP config are too restrictive; if that's the case, it looks like a misleading error message - it should give some variant of "permission denied" or "could not contact AgentX", not "unknown command".

(It would also mean that SNMP must be configured before FRR, which is an odd requirement; it should probably be either relaxed or at least documented.)

manomugdha commented 10 months ago

Hello, done … it seems to work now … but doing r00t@frr-test-a:~$ snmpwalk -c %nast1a%0 -v2c localhost .1.3.6.1.2.1.14.1.1 iso.3.6.1.2.1.14.1.1 = No Such Object available on this agent at this OID r00t@frr-test-a:~$ is there a mib tree ? I cannot find it … I only find ospf tree on example to enable snmp thanks and regards Il giorno 17 set 2019, alle ore 14:59, Donald Sharp @.***> ha scritto: Add -M snmp to your daemon_options line for the daemons you want snmp working on. — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#4994?email_source=notifications&email_token=AC42QGF74LDFBV4SGPEGLA3QKDIETA5CNFSM4IXPLWS2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD64N6SQ#issuecomment-532209482>, or mute the thread https://github.com/notifications/unsubscribe-auth/AC42QGGATDWNVZFFXPIBKADQKDIETANCNFSM4IXPLWSQ.

Hi @guidov22 , I am facing issue to connect to snmpd from frr-snmp-agent. frr can recognize agentx but it can not connecto snmpd. it throws following warning:

2024/01/02 13:34:29 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:34:44 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:34:59 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:35:14 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:35:29 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:35:44 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:35:59 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):
2024/01/02 13:36:14 BGP: [RZ3YY-GPH41][EC 100663310] snmp[warning]: Warning: Failed to connect to the agentx master agent ([NIL]):

I ran snmpd in foreground and following is the output:

frr@frr_1:/$ sudo /usr/sbin/snmpd -f -L -Dagentx
registered debug token agentx, 1
agentx_register_app_config_handler: registering .conf token for "agentxsocket"
agentx_register_app_config_handler: registering .conf token for "agentxperms"
agentx_register_app_config_handler: registering .conf token for "agentxRetries"
agentx_register_app_config_handler: registering .conf token for "agentxTimeout"
Turning on AgentX master support.
agentx/master: initializing...
agentx/master: initializing...   DONE
NET-SNMP version 5.8

I have doubt about the /etc/snmp/snmpd.conf file. following is my snmpd.conf file. 

sysLocation    Sitting on the Dock of the Bay
sysContact     Me <me@example.org>
sysServices    72

master  agentx
agentaddress  127.0.0.1,[::1]

view   systemonly  included   .1.3.6.1.2.1.1
view   systemonly  included   .1.3.6.1.2.1.25.1

rocommunity  public default -V systemonly
rocommunity6 public default -V systemonly
rouser authPrivUser authpriv -V systemonly

i see udp is listening on the correct port:

frr@frr_1:/$ netstat -anu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
udp        0      0 127.0.0.1:161           0.0.0.0:*
udp        0      0 127.0.0.11:38421        0.0.0.0:*
udp6       0      0 ::1:161                 :::*
frr@frr_1:/$

can you please share the content of your working snmpd.conf file?

zappiehost commented 10 months ago

@manomugdha this is what we added for the correct agentx permissions a few years back and left it as is since:

master agentx
agentxperms 777 777

That being said though, right now it seems that FRR is broken on FreeBSD with the way SNMP is implemented, see some of the latest tickets about this here:

https://github.com/FRRouting/frr/issues/14875

It might be your issue isnt an agentx thing but more of a general FRR + snmp thing. To test this easiest way I can see will be to try to run run frr with -M snmp like so: $ bgpd -M snmp

If you find anything useful or a nice solution for the above do post your findings here or in the other linked ticket

manomugdha commented 10 months ago

I updated snmpd.conf to the following and everything is working for me till now. I can trigger snmpwalk from different host as well.

frr@frr_1:/$ sudo cat /etc/snmp/snmpd.conf
sysServices    72
master  agentx
agentaddress  0.0.0.0,[::1]
agentxperms 777 777

rocommunity  public default
frr@frr_1:/$
e.g.
root@host_1:/# snmpwalk -c public -v2c -On -Ln 1.1.1.2 1.3.6.1.2.1.31.1.1.1.1.1
.1.3.6.1.2.1.31.1.1.1.1.1 = STRING: "lo"
root@host_1:/#