Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Alisson_Lima
Contributor
Jump to solution

How can I monitor BGP state using SNMP?

Hi all,

 

Somebody know anyway how can I monitor BGP state using SNMP? I've several VPN site-to-site between my on-premisses gateway and AWS cloud.


Att,

Alisson Lima

 

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

There's no predefined OID for that but you can create a script that gathers the data you're interested in and probe it via SNMP. See section IV-6 of the SK I previously linked to.

View solution in original post

0 Kudos
11 Replies
PhoneBoy
Admin
Admin
0 Kudos
Alisson_Lima
Contributor

Hi PhoneBoy,

Thank you for your response, but I wouldn't to monitor only routing table. Is there any way to monitor only BGP state (Estabilished, Active, Connect or Idle)?

Thank you.

Alisson Lima

 

0 Kudos
PhoneBoy
Admin
Admin

There's no predefined OID for that but you can create a script that gathers the data you're interested in and probe it via SNMP. See section IV-6 of the SK I previously linked to.

0 Kudos
Hugo_Romero
Explorer

Hi  @PhoneBoy , Can you share the Number for SK?

0 Kudos
_Val_
Admin
Admin

@Hugo_Romero The link is above in one of the @PhoneBoy 's replies, but here is the SK number: sk90860

0 Kudos
Dan_Moesch
Contributor

It looks like Checkpoint now supports the BGP OID - 

.1.3.6.1.2.1.15.3.1.3

I opened a TAC case and this is what they referred me too.   Running 81.20, so its possible its part of the 81.20 GAIA update

0 Kudos
Chris_Atkinson
Employee Employee
Employee

I'm not sure that's going to do what you hope it might.

bgpPeerFsmEstablishedTime, OID - ".1.3.6.1.2.1.15.3.1.16" may be an alternative depending on your objective.

CCSM R77/R80/ELITE
0 Kudos
Dan_Moesch
Contributor

Yes, that is nice for established time.  The point of my post is CP doesn't have this documented anywhere and suggested creating a script etc, when its not needed anymore.

0 Kudos
Chris_Atkinson
Employee Employee
Employee

Have you confirmed this by testing, my understand of the OID you referenced differs 

CCSM R77/R80/ELITE
0 Kudos
Dan_Moesch
Contributor

It works very well, in addition I have a nice little to add our SNMP monitoring Dashboard showing peer state, established time etc.  Makes it easier for support to look at this dashboard then remoting in to each firewall and running "show bgp peers"

 

In addition, I created a custom email alert should the BGP Peer state numerical values change from "established" so we get an email alert if a BGP peer session goes down.   Since CP only peers with the active, I had to add another SNMP check for "haidentifier" OID so the alert only looks for the state on the active member.

0 Kudos
Northy
Contributor

Whilst it has been a while since this post has received any update, using the link @PhoneBoy  provided I was able to successfully set up monitoring for BGP state via a custom SNMP OID. 

At a high level 

Stopped the SNMP agent 

Created a small shell script that basically ran a clish command and grep'd out my desired information, similar to below

echo ''
clish -c "show bgp peers" | egrep -o 'Established|OpenConfirm|OpenSent|Active|Connect|Idle'
echo ''

then I added this as an SNMP extend line to "/etc/snmp/userDefinedSettings.conf", similar to below

extend BGP_Status /bin/sh /var/log/my_script/BGP_Status.sh

restarted the SNMP agent. 

tested using the SNMP walk command (you need to have 127.0.0.1 under agent interfaces in order to use localhost)

snmpwalk -t 10 -v 2c -c netw0rks localhost NET-SNMP-AGENT-MIB::nsExtensions

from here i used the translate command 

snmptranslate -On NET-SNMP-EXTEND-MIB::nsExtendOutLine.\"BGP_Status\"

The value you get back should allow you to monitor via SNMP 

 

I hope it helps someone to get started at least, it is not the prettiest way to get the state and it wouldn't really work for multiple neighbours but for my scenario, it worked.

(1)

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events