-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FRR] Enable SNMP support #2981
Conversation
which oid tree does frr support? is there is conflict with snmp subagent? |
This exposes though the standard sonic snmp subagent agentx. We've had this in production for almost a year now, for licensing reasons only recently with the move to FRR 6.0 and 7.0 it was safe to upstream ( vis-a-vis the community binaries). Please see the discussion in sonic-snmpagent PR 92 for a full explanation of the issues that prevented us to upstream this sooner for FRR 4.0 ( TLDR: prior to 6.0 SNMP support had to be specifically compiled-in, FRR 6.0 provided the frr-snmp.deb package by default ) #Closed |
Note that this PR only enables SNMP for BGPd and zebra |
you need to fix the sonic-cfggen unit test |
cf42990
to
2427794
Compare
@lguohan unit test corrected for frr.conf |
@@ -118,6 +118,7 @@ load 12 10 5 | |||
# | |||
# Run as an AgentX master agent | |||
master agentx | |||
agentxsocket tcp:localhost:3161 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
3161 [](start = 30, length = 4)
How did you choose this port? I see it also in snmp.conf. Suggest prevent magic numbers, or add comment for reference each other so we will not forget if we want to modify it. #Closed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
standard port is 705, chose 3000+ snmp port to not run into issues for daemons that re not launched as root.
We can make this a configurable option in rules/config?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rules/config is good! #Pending
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
actually talked to fast: this would require a nested template (dockers/docker-snmp-sv2/snmpd.conf.j2.j2 ) which would add complexity, the best thing I believe is to add it to our plan to integrate snmp config in config_db.json as per sonic-net/SONiC#231
we should start working on this in Q3 ( within a month ). what do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK to me. Then please check the alternative recommendation
add comment for reference each other so we will not forget if we want to modify it. #Closed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agreed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added references to both files
Is there a document listing all the supported OIDs added by this integration? In reply to: 500073690 [](ancestors = 500073690) |
@@ -118,6 +118,7 @@ load 12 10 5 | |||
# | |||
# Run as an AgentX master agent | |||
master agentx | |||
agentxsocket tcp:localhost:3161 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
agentxsocket [](start = 0, length = 12)
How to test this feature? Can you add a test case in sonic-mgmt? #Pending
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you need an agentx client to be able to test this feature: we can provide an end to end test by using the bgp daemon as agentx client and doing an snmp request to a RFC1657 OID
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure why we need an agentx client to test. I guess you can add some queries into existing sonic-mgmt snmp test. #Closed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes I'm looking into it right now, I'm checking to see if the ansible snmp_facts module queries the right OIDs which would make the test trivial.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
https://github.com/Azure/sonic-mgmt/blob/master/ansible/library/snmp_facts.py does not support RFC1657 at this time, we could patch it to add a subset of OIDs but its going to take some time. I suggest we add it to the issues backlog of sonic-mgmt and we can pick it up
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you could not provide a sonic-mgmt test case right now, please add some manual test instruction here (with steps and sample output). We could not accept feature without test.
In reply to: 293172354 [](ancestors = 293172354)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK will add a link to look at the docker-fpm-frr snmp.conf file and put the test protocol there
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added the info to both files
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As comments
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please see other reviewers requests
This is the domain of the FRR package, we have brought no modifications there, this patch exposes to sonic what FRR makes available |
This is a follow-up of sonic-snmpagent PR 92 Now that licensing issues have been solved FRR is distributed with SNMP support compiled-in. This PR adds the last bits of configuration to get the frr-snmp debian packages added to the docker container and the config bits to enable the snmp module in FRR This PR brings the functionality of being able to poll bgpd for routes and peer status. Signed-off-by: Michel Moriniaux <m.moriniaux@criteo.com>
2427794
to
aed8289
Compare
@@ -118,6 +118,10 @@ load 12 10 5 | |||
# | |||
# Run as an AgentX master agent | |||
master agentx | |||
# internal socket to allow extension to other docker containers | |||
# Currently the othe container using this is docker-fpm-frr |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
othe [](start = 16, length = 4)
typo #Closed
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
corrected
Please try keep commit history in a PR, so we could compare between them. Only force push on rebasing. #Closed |
This is a follow-up of sonic-snmpagent PR 92 Now that licensing issues have been solved FRR is distributed with SNMP support compiled-in. This PR adds the last bits of configuration to get the frr-snmp debian packages added to the docker container and the config bits to enable the snmp module in FRR This PR brings the functionality of being able to poll bgpd for routes and peer status. Signed-off-by: Michel Moriniaux <m.moriniaux@criteo.com>
Hi, Is there some test command or how to use? As I want to have a try of this feature. |
You can look at the comments in the code it gives test cases, if not enough
I will amend it to make them clearer
…On Mon, Aug 5, 2019, 21:13 Simon Jones ***@***.***> wrote:
Hi,
Is there some test command or how to use? As I want to have a try of this
feature.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#2981>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADBS7WXKPJCBRSMQBNZIWSLQDD27RANCNFSM4HV6TEKA>
.
|
Hi, why my test fails... Is there some log or debug method? I run FRR with snmp support
I run snmpwalk in snmp docker
|
Hi,
can you post the output to these commands:
vtysh -c "sh ip bgp summ"
vtysh -c "sh run" | grep agentx
cat /etc/sonic/snmp.yml
docker exec -it bgp cat /etc/snmp/frr.conf
docker exec -it snmp snmpwalk -v2c -c 210e9D65 127.0.0.1 .1.3.6.1.2.1.15.2.0
On Tue, Aug 6, 2019 at 10:31 PM Simon Jones <notifications@github.com>
wrote:
… You can look at the comments in the code it gives test cases, if not
enough I will amend it to make them clearer
… <#m_4654619428268829943_>
On Mon, Aug 5, 2019, 21:13 Simon Jones *@*.***> wrote: Hi, Is there some
test command or how to use? As I want to have a try of this feature. — You
are receiving this because you authored the thread. Reply to this email
directly, view it on GitHub <#2981
<#2981>,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADBS7WXKPJCBRSMQBNZIWSLQDD27RANCNFSM4HV6TEKA
.
Hi, why my test fails... Is there some log or debug method?
I run FRR with snmp support
***@***.***:~# docker exec -it bgp bash
***@***.***:/# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.5 0.2 58624 20884 ? Ss+ 04:57 0:00 /usr/bin/python /usr/bin/supervisord
root 27 0.0 0.0 250136 3028 ? Sl 04:57 0:00 /usr/sbin/rsyslogd -n
root 32 0.0 0.1 45560 14312 ? S 04:57 0:00 python /usr/bin/bgpcfgd
frr 35 0.1 0.1 560432 11564 ? Sl 04:57 0:00 /usr/lib/frr/zebra -A 127.0.0.1 -s 90000000
frr 38 0.0 0.0 93528 5992 ? S 04:57 0:00 /usr/lib/frr/staticd -A 127.0.0.1
frr 41 0.1 0.1 347672 14100 ? Sl 04:57 0:00 /usr/lib/frr/bgpd -A 127.0.0.1 -M snmp
root 47 0.0 0.0 101488 4428 ? Sl 04:57 0:00 fpmsyncd
root 49 0.0 0.0 18184 3424 ? Ss 04:58 0:00 bash
root 53 0.0 0.0 36632 2880 ? R+ 04:59 0:00 ps aux
I run snmpwalk in snmp docker
***@***.***:~# docker exec -it snmp bash
***@***.***:/# snmpwalk -v 2c -c public 172.18.8.212 1.3.6.1.2.1.15
Timeout: No Response from 172.18.8.212
***@***.***:/# snmpwalk -v 2c -c public 172.18.8.212 .1.3.6.1.2.1.15
Timeout: No Response from 172.18.8.212
***@***.***:/# ping 172.18.8.212
PING 172.18.8.212 (172.18.8.212) 56(84) bytes of data.
64 bytes from 172.18.8.212: icmp_seq=1 ttl=64 time=0.077 ms
64 bytes from 172.18.8.212: icmp_seq=2 ttl=64 time=0.102 ms
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#2981>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADBS7WRHN4IOKFKZEXTHXO3QDJM4HANCNFSM4HV6TEKA>
.
|
This is output:
|
On Tue, Aug 6, 2019 at 11:22 PM Simon Jones ***@***.***> wrote:
vtysh -c "sh ip bgp summ" vtysh -c "sh run" | grep agentx cat
/etc/sonic/snmp.yml docker exec -it bgp cat /etc/snmp/frr.conf docker exec
-it snmp snmpwalk -v2c -c 210e9D65 127.0.0.1 .1.3.6.1.2.1.15.2.0
This is output:
***@***.***:~# vtysh
Hello, this is FRRouting (version 7.0.1-sonic).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
NX-ZWYC-M1F202-A16-HW6865-A-INT-212# show ip bgp summary
% BGP instance not found
first clue is here: it won't work if there is nothing to poll, you need to
have a bgp instance running
…
NX-ZWYC-M1F202-A16-HW6865-A-INT-212#
***@***.***:~# vtysh -c "sh run" | grep agentx
agentx needs to be in the frr config for this to work
***@***.***:~# cat /etc/sonic/snmp.yml
snmp_rocommunity: ***@***.***
snmp_location: public
***@***.***:~# docker exec -it bgp cat /etc/snmp/frr.conf
# This line allows the FRR docker to speak with the snmp container
# Make sure this line matches the one in the snmp docker
# snmp:/etc/snmp/snmpd.conf
# To verify this works you need to have a valid bgp daemon running and configured
# Check that a snmpwalk to 1.3.6.1.2.1.15 gives an output
# Further verification: 1.3.6.1.2.1.15.2.0 = INTEGER: 65000 the returned value should be the confiugred ASN
agentXSocket tcp:localhost:3161
***@***.***:~# docker exec -it snmp snmpwalk -v2c -c 210e9D65 127.0.0.1 .1.3.6.1.2.1.15.2.0
Timeout: No Response from 127.0.0.1
-c ***@***.*** ( snmp_rocommunity from /etc/sonic/snmp.yml )
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#2981>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADBS7WTK7FFKNKD4Y7H5JMDQDJS25ANCNFSM4HV6TEKA>
.
|
Hello,
please re-read my email, you will find your solution in there ( you are
missing agentx in your FRR config and you are using my lab community and
not your own to poll the device)
and it would also be better if you actually had a working BGP neighbor and
some routes
best regards,
Michel Moriniaux
…On Thu, Aug 8, 2019 at 8:12 PM Simon Jones ***@***.***> wrote:
On Tue, Aug 6, 2019 at 11:22 PM Simon Jones *@*.
*> wrote: vtysh -c "sh ip bgp summ" vtysh -c "sh run" | grep agentx cat
/etc/sonic/snmp.yml docker exec -it bgp cat /etc/snmp/frr.conf docker exec
-it snmp snmpwalk -v2c -c 210e9D65 127.0.0.1 .1.3.6.1.2.1.15.2.0 This is
output: ***@***.***:# vtysh Hello, this is
FRRouting (version 7.0.1-sonic). Copyright 1996-2005 Kunihiro Ishiguro, et
al. NX-ZWYC-M1F202-A16-HW6865-A-INT-212# show ip bgp summary % BGP instance
not found first clue is here: it won't work if there is nothing to poll,
you need to have a bgp instance running … <#m_8754900356863153641_>
NX-ZWYC-M1F202-A16-HW6865-A-INT-212#
***@***.***:# vtysh -c "sh run" | grep agentx
agentx needs to be in the frr config for this to work
***@***.***:~# cat /etc/sonic/snmp.yml
snmp_rocommunity: @.* snmp_location: public
***@***.***:# docker exec -it bgp cat
/etc/snmp/frr.conf # This line allows the FRR docker to speak with the snmp
container # Make sure this line matches the one in the snmp docker #
snmp:/etc/snmp/snmpd.conf # To verify this works you need to have a valid
bgp daemon running and configured # Check that a snmpwalk to 1.3.6.1.2.1.15
gives an output # Further verification: 1.3.6.1.2.1.15.2.0 = INTEGER: 65000
the returned value should be the confiugred ASN agentXSocket
tcp:localhost:3161 ***@***.***:# docker exec
-it snmp snmpwalk -v2c -c 210e9D65 127.0.0.1 .1.3.6.1.2.1.15.2.0 Timeout:
No Response from 127.0.0.1 -c *@*.*** ( snmp_rocommunity from
/etc/sonic/snmp.yml ) — You are receiving this because you authored the
thread. Reply to this email directly, view it on GitHub <#2981
<#2981>,
or mute the thread
https://github.com/notifications/unsubscribe-auth/ADBS7WTK7FFKNKD4Y7H5JMDQDJS25ANCNFSM4HV6TEKA
.
Hi, I add a BGP instance like this, but still could not work
***@***.***:~$ vtysh -c "sh ip bgp summ"
IPv4 Unicast Summary:
BGP router identifier 10.131.5.224, local AS number 5000 vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 21 KiB of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1/24 4 0 0 0 0 0 0 never Idle
Total number of neighbors 1
***@***.***:~$ vtysh -c "sh run" | grep agentx
***@***.***:~$ cat /etc/sonic/snmp.yml
snmp_rocommunity: ***@***.***
snmp_location: public
***@***.***:~$ docker exec -it bgp cat /etc/snmp/frr.conf
# This line allows the FRR docker to speak with the snmp container
# Make sure this line matches the one in the snmp docker
# snmp:/etc/snmp/snmpd.conf
# To verify this works you need to have a valid bgp daemon running and configured
# Check that a snmpwalk to 1.3.6.1.2.1.15 gives an output
# Further verification: 1.3.6.1.2.1.15.2.0 = INTEGER: 65000 the returned value should be the confiugred ASN
agentXSocket tcp:localhost:3161
***@***.***:~$ docker exec -it snmp snmpwalk -v2c -c 210e9D65 127.0.0.1 .1.3.6.1.2.1.15.2.0
Timeout: No Response from 127.0.0.1
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#2981>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADBS7WR7IXVBZVRLASULYFTQDTOBTANCNFSM4HV6TEKA>
.
|
Hi, I'm now test this feature. As http://docs.frrouting.org/en/latest/snmp.html said, if there are BGP peer up/down event, I should got log like below in LOG
So I up/down BGP peer manually, but I could NOT found BGP trap log in /var/log/syslog. So what's this reason?
Thank you~ |
snmp traps are not supported and there is no plan ATM to support them
if you need that feature you need to add the config in your specific
/etc/snmp/snmpd.conf in the snmp container.
I'd suggest you look into https://github.com/Azure/sonic-telemetry instead
as this is the way of the future.
best regards,
Michel Moriniaux
…On Tue, Aug 13, 2019 at 11:40 PM Simon Jones ***@***.***> wrote:
Hi,
I'm now test this feature.
As http://docs.frrouting.org/en/latest/snmp.html said, if there are BGP
peer up/down event, I should got log like below in LOG
snmpd[13733]: Got trap from peer on fd 14
So I up/down BGP peer manually, but I could NOT found BGP trap log in
/var/log/syslog. So what's this reason?
1. snmpd has no log in /var/log/syslog?
2. Or log level reason? But I use INFO log level in snmpd like this: /usr/sbin/snmpd
-f -LS6d -u Debian-snmp -g Debian-snmp -I -smux mte...
3. No snmp trap support now? If it is, how to support snmp trap?
Thank you~
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#2981>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ADBS7WVOEH3RYEUVFBIBQSLQEOSHBANCNFSM4HV6TEKA>
.
|
Merge to 201811 with FRR 4.0
@MichelMoriniaux Is it true this MIB is for IPv4? Are you aware of similar implementation for IPv6 BGP neighbors? |
…lly (#17501) #### Why I did it src/sonic-swss ``` * ff524e6d - (HEAD -> master, origin/master, origin/HEAD) [dash] add a retry for an ACL rule creation if a tag is not created yet (#2972) (7 hours ago) [Yakiv Huryk] * 620db3da - [ci] Allow partially success build artifact in PR checker pipeline. #2986 (3 days ago) [Liu Shilong] * d357e6f1 - [copporch] Add safeguard during policer attribute update (#2977) (4 days ago) [Vivek] * cb460394 - [fpmsyncd][WR] Relax the static schema constraint for ROUTE_TABLE (#2981) (5 days ago) [Vivek] * a1ce21f6 - Change base directory referenced in coverage.xml (#2976) (6 days ago) [Lawrence Lee] * 920959cf - [Dash] [UT] Add ZMQ test case for dash (#2967) (6 days ago) [Hua Liu] ``` #### How I did it #### How to verify it #### Description for the changelog
This is a follow-up of sonic-net/sonic-snmpagent#92
Now that licensing issues have been solved FRR is distributed with SNMP
support compiled-in. This PR adds the last bits of configuration to get
the frr-snmp debian packages added to the docker container and the
config bits to enable the snmp module in FRR
This PR brings the functionality of being able to poll bgpd for routes
and peer status.
Signed-off-by: Michel Moriniaux m.moriniaux@criteo.com