Highlighted
Steinar Saugsta1 Super Contributor.
Super Contributor.
403 views

Cisco BGP traps not seen in NNMI 10.21.

Hi,
have a customer with Cisco devices. When change in the BGP occur, it seems that the device sends the trap with oid .1.3.6.1.4.1.9.9.187.0.2 which is for the cbgpBackwardTransition.

The MIB CISCO-BGP4-MIB and notifications are loaded into the NNMi, but still  ot any event definitions for this seen in the NNMi trap configuration. However, the trap definition with SNMP Object ID 1.3.6.1.2.1.15.0.2 which is the same trap  for the is   cbgpBackwardTransition is seen.

When running tcpdump we see that the  .1.3.6.1.4.1.9.9.187.0.2 is coming into the server and we also see it in the NNMi trace log, but says it's blocked.

So, the question is how we can get this definition into NNMi without configuring it manually?

Thanks for all help.

Br.
Steinar S. 

0 Likes
1 Reply
AndyKemp Acclaimed Contributor.
Acclaimed Contributor.

Re: Cisco BGP traps not seen in NNMI 10.21.

This trap "1.3.6.1.2.1.15.0.2" is the kiss of death literally.  Some iterations of IOS support some  for reason RFC 1657 for the BGP-4 MIB  which is flawed... it omitted the peer clasue so you get only the link state change, but not which link.

 

Abstract    This memo defines a portion of the Management Information Base (MIB)   for use with network management protocols in the Internet community   In particular, it describes managed objects used for managing the   Border Gateway Protocol Version 4 or lower.    The origin of this memo is from RFC 1269 "Definitions of Managed   Objects for the Border Gateway Protocol (Version 3)", which was   updated to support BGP-4 in RFC 1657.  This memo fixes errors   introduced when the MIB module was converted to use the SMIv2   language.  This memo also updates references to the current SNMP   framework documents.

 

 

 

 

Page 22 of the January 2006 RFC for BGP http://datatracker.ietf.org/doc/rfc4273/?include_text=1

 

 

 

-- Note that in RFC 1657, bgpTraps was incorrectly

        -- assigned a value of { bgp 7 } and each of the

        -- traps had the bgpPeerRemoteAddr object inappropriately

 

Haas & Hares                Standards Track                    [Page 23]

RFC 4273                        BGP4-MIB                    January 2006

 

        -- removed from their OBJECTS clause.  The following

        -- definitions restore the semantics of the traps as

        -- they were initially defined in RFC 1269.

 

        bgpNotification OBJECT IDENTIFIER ::= { bgp 0 }

 

        bgpEstablishedNotification NOTIFICATION-TYPE

            OBJECTS { bgpPeerRemoteAddr,

                      bgpPeerLastError,

                      bgpPeerState      }

            STATUS  current

            DESCRIPTION

                    "The bgpEstablishedNotification event is generated

                     when the BGP FSM enters the established state.

 

                     This Notification replaces the bgpEstablished

                     Notification."

            ::= { bgpNotification 1 }

 

        bgpBackwardTransNotification NOTIFICATION-TYPE

            OBJECTS { bgpPeerRemoteAddr,

                      bgpPeerLastError,

                      bgpPeerState      }

            STATUS  current

            DESCRIPTION

                    "The bgpBackwardTransNotification event is

                     generated when the BGP FSM moves from a higher

                     numbered state to a lower numbered state.

 

                     This Notification replaces the

                     bgpBackwardsTransition Notification."

            ::= { bgpNotification 2 }

 

        -- { bgp 7 } is deprecated.  Do not allocate new objects or

        --           notifications underneath this branch.

 

        bgpTraps        OBJECT IDENTIFIER ::= { bgp 7 } -- deprecated

 

        bgpEstablished NOTIFICATION-TYPE

            OBJECTS { bgpPeerLastError,

                      bgpPeerState      }

 

 

 

Compare that to RFC 1657   page 19 http://datatracker.ietf.org/doc/rfc1269/?include_text=1

 

 

 

-- Traps.

 

                bgpTraps                OBJECT IDENTIFIER ::= { bgp 7 }

 

                bgpEstablished NOTIFICATION-TYPE

                    OBJECTS { bgpPeerLastError,

                              bgpPeerState      }

                    STATUS  current

                    DESCRIPTION

                            "The BGP Established event is generated when

                            the BGP FSM enters the ESTABLISHED state."

                    ::= { bgpTraps 1 }

 

                bgpBackwardTransition NOTIFICATION-TYPE

                    OBJECTS { bgpPeerLastError,

                              bgpPeerState      }

                    STATUS  current

                    DESCRIPTION

                            "The BGPBackwardTransition Event is generated

                            when the BGP FSM moves from a higher numbered

                            state to a lower numbered state."

                    ::= { bgpTraps 2 }

 

And RFC 1269  (aka BGP3)

 

bgpEstablished TRAP-TYPE                    ENTERPRISE { bgp }                    VARIABLES  { bgpPeerRemoteAddr,                              bgpPeerLastError,                              bgpPeerState }                    DESCRIPTION                         "The BGP Established event is generated when                         the BGP FSM enters the ESTABLISHED state. "                    ::= 1 Willis & Burruss                                               [Page 10]RFC 1269                       BGP-3 MIB                    October 1991                bgpBackwardTransition TRAP-TYPE                    ENTERPRISE { bgp }                    VARIABLES  { bgpPeerRemoteAddr,                              bgpPeerLastError,                              bgpPeerState }                    DESCRIPTION                         "The BGPBackwardTransition Event is generated                         when the BGP FSM moves from a higher numbered                         state to a lower numbered state."                    ::= 2               END

Have a nice day 🙂

Andy Kemp
I've lasted longer in the technology industry than most certifications.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.