Monitoring FRR BGP/OSPF peering status via SNMP



  • Hello fine Netgate folks. Long time lurker, first time poster.....

    I've deployed several pfSense boxes over the years, but always as just a firewall.

    I recently deployed pfSense and FRR, using both BGP and OSPF. We typically monitor our BGP and OSPF peering via Nagios and Observium, however this didn't work out of the box.

    i disabled bsnmpd and installed net-snmp, which is up and pollable, but that wasn't enough. I'm trying to understand what I need to troubleshoot this further.

    I see that net-snmp supports the AgentX protocol. I see that FRR supports the AgentX protocol (if compiled in). I also see FRR supports the BGP-4 and OSPF MIBs in their git repository.

    AgentX appears to already be enabled in net-snmp. I manually enabled it to the frr conf files and restarted zebrad, bgpd and snmpd just for good measure.

    [2.4.4-RELEASE][admin@pfSense.localdomain]/: cat /var/etc/netsnmpd.conf | grep agentx
    master agentx
    
    [2.4.4-RELEASE][admin@pfSense.localdomain]/var/etc/frr: grep agentx bgpd.conf zebra.conf 
    bgpd.conf:agentx
    zebra.conf:agentx
    

    I think this should be enough to have this work, but it doesn't. Per the FRR documentation, I should be seeing something like this in logging:

    012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected
    

    My questions are:

    • Has anyone else already done this on pfSense?
    • Is the frr package in pfSense compiled with snmp support?
    • Am I missing something else obvious?

    I'm running:

    • pfsense: 2.4.4-RELEASE-p2 (amd64)
    • frr net: 0.2_8, which depends on frr5-5.0.2
    • net-snmp: 0.1.5_2, which net-snmp-5.7.3_18

    Many thanks!



  • Upon further investigation, and finding this thread:

    https://github.com/FRRouting/frr/issues/1617

    I was able to confirm that the frr package in pfSense is not compiled with support for snmp:

    [2.4.4-RELEASE][admin@pfSense.localdomain]/var/agentx: vtysh
    
    Hello, this is FRRouting (version 5.0.2).
    Copyright 1996-2005 Kunihiro Ishiguro, et al.
    
    pfSense.localdomain# show modules
    Module information for zebra:
    Module Name  Version                   Description
    
    libfrr       5.0.2                     libfrr core module
    zebra        5.0.2                     zebra daemon
    
    Module information for bgpd:
    Module Name  Version                   Description
    
    libfrr       5.0.2                     libfrr core module
    bgpd         5.0.2                     bgpd daemon
    
    pfSense.localdomain#
    

    According to the ouput in the link, there should be a lines that look like this:

    zebra_snmp   5.0.2   zebra AgentX SNMP module
    bgpd_snmp    5.0.2   bgpd AgentX SNMP module
    

    It also appears net-snmpd is creating the Agent socket with permissions that wouldn't allow the frr user to connect, even if snmpd support was compiled in:

    [2.4.4-RELEASE][admin@pfSense.localdomain]/var/agentx: ps aux | grep frr
    frr    55620   0.0  0.6  12232   6496  -  Is   18:17       0:00.01 /usr/local/sbin/zebra -d -f /var/etc/frr/zebra.conf
    frr    56009   0.0  1.0  21588   9668  -  Is   18:17       0:00.01 /usr/local/sbin/bgpd -d -f /var/etc/frr/bgpd.conf
    
    [2.4.4-RELEASE][admin@pfSense.localdomain]/var/agentx: ls -l
    total 0
    srwxr-xr-x  1 root  wheel  0 May 10 15:17 master
    
    

    I chmod 777'ed it just an experiment, but still no joy.

    So where do I go from here? Two feature requests on Redmine? A feature request and a bug? I'd like to think that Netgate would be very interested in addressing these two issues, as it's highly desirable functionality (SNMP monitoring) of one of the core uses cases for pfSense (BGP/OSPF routing).

    Thanks again!


Log in to reply