Monitoring FRR BGP/OSPF peering status via SNMP
Hello fine Netgate folks. Long time lurker, first time poster.....
I've deployed several pfSense boxes over the years, but always as just a firewall.
I recently deployed pfSense and FRR, using both BGP and OSPF. We typically monitor our BGP and OSPF peering via Nagios and Observium, however this didn't work out of the box.
i disabled bsnmpd and installed net-snmp, which is up and pollable, but that wasn't enough. I'm trying to understand what I need to troubleshoot this further.
I see that net-snmp supports the AgentX protocol. I see that FRR supports the AgentX protocol (if compiled in). I also see FRR supports the BGP-4 and OSPF MIBs in their git repository.
AgentX appears to already be enabled in net-snmp. I manually enabled it to the frr conf files and restarted zebrad, bgpd and snmpd just for good measure.
[2.4.4-RELEASE][admin@pfSense.localdomain]/: cat /var/etc/netsnmpd.conf | grep agentx master agentx [2.4.4-RELEASE][admin@pfSense.localdomain]/var/etc/frr: grep agentx bgpd.conf zebra.conf bgpd.conf:agentx zebra.conf:agentx
I think this should be enough to have this work, but it doesn't. Per the FRR documentation, I should be seeing something like this in logging:
012/05/25 11:39:08 ZEBRA: snmp[info]: NET-SNMP version 5.4.3 AgentX subagent connected
My questions are:
- Has anyone else already done this on pfSense?
- Is the frr package in pfSense compiled with snmp support?
- Am I missing something else obvious?
- pfsense: 2.4.4-RELEASE-p2 (amd64)
- frr net: 0.2_8, which depends on frr5-5.0.2
- net-snmp: 0.1.5_2, which net-snmp-5.7.3_18
Upon further investigation, and finding this thread:
I was able to confirm that the frr package in pfSense is not compiled with support for snmp:
[2.4.4-RELEASE][admin@pfSense.localdomain]/var/agentx: vtysh Hello, this is FRRouting (version 5.0.2). Copyright 1996-2005 Kunihiro Ishiguro, et al. pfSense.localdomain# show modules Module information for zebra: Module Name Version Description libfrr 5.0.2 libfrr core module zebra 5.0.2 zebra daemon Module information for bgpd: Module Name Version Description libfrr 5.0.2 libfrr core module bgpd 5.0.2 bgpd daemon pfSense.localdomain#
According to the ouput in the link, there should be a lines that look like this:
zebra_snmp 5.0.2 zebra AgentX SNMP module bgpd_snmp 5.0.2 bgpd AgentX SNMP module
It also appears net-snmpd is creating the Agent socket with permissions that wouldn't allow the frr user to connect, even if snmpd support was compiled in:
[2.4.4-RELEASE][admin@pfSense.localdomain]/var/agentx: ps aux | grep frr frr 55620 0.0 0.6 12232 6496 - Is 18:17 0:00.01 /usr/local/sbin/zebra -d -f /var/etc/frr/zebra.conf frr 56009 0.0 1.0 21588 9668 - Is 18:17 0:00.01 /usr/local/sbin/bgpd -d -f /var/etc/frr/bgpd.conf [2.4.4-RELEASE][admin@pfSense.localdomain]/var/agentx: ls -l total 0 srwxr-xr-x 1 root wheel 0 May 10 15:17 master
I chmod 777'ed it just an experiment, but still no joy.
So where do I go from here? Two feature requests on Redmine? A feature request and a bug? I'd like to think that Netgate would be very interested in addressing these two issues, as it's highly desirable functionality (SNMP monitoring) of one of the core uses cases for pfSense (BGP/OSPF routing).