SNMP with OSPF/asynchronous routing

technikcst · June 25, 2015, 9:00am

Hello everyone,

I am trying to read SNMP values from a routerboard that is connected via two interfaces. One interface is for receiving and one for sending traffic. Therefore ospf is used. If one link fails, all traffic will be routed over the other interface. In this case (only one link is up) snmp is working as expected.

But if both interfaces are running the snmp request times out.

I have seen that there has been a simillar issue without solution here: http://forum.mikrotik.com/t/snmp-source-ip-ospf-multihomed/43278/4

Is there any solution for this problem?

Here is a small drawing of the network:
snmp_fail.PNG
Regards,
Christoph

ZeroByte · June 25, 2015, 3:18pm

Create a “loopback” /32 address for each router and use that to do SNMP polling. This address is independent of the up/down state of physical interfaces. It’s standard practice to use these on routers.

Basically, make a bridge interface, name it “loopback” or something like that, and put a /32 address on the interface.
All of your dynamic routing protocols (and MPLS ID if you’re using that) should refer to the loop address. Furthermore, I’ve read best practice guides which state that you should never aggregate your loopback addresses.

Make sure your OSPF router IDs are updated to use the loopback IP of the router, and do this for BGP, MPLS, and all other protocols which uniquely identify each router in your topology. Furthermore, make sure that iBGP uses the loopback interfaces to communicate with each other.

Also - make sure that any services which originate traffic (such as syslog) will use the loopback address as the source IP.

technikcst · June 25, 2015, 5:44pm

Thank you for your answer. I am already using a loopback bridge. The ip is the same as the ospf instance id.

But the problem still exists.

The routerboard is using ROS 6.29.1 (problem exists much longer though).

SNMP config:

/snmp community
add addresses=0.0.0.0/0 authentication-password=SECRET1 \
    authentication-protocol=SHA1 encryption-password=SECRET2 name=\
    netmonitor security=private
/snmp
set contact="HIDDEN" enabled=yes location=HIDDEN trap-community=\
    netmonitor trap-version=3

In the snmp log on the MT there are only a few get requests, nothing more.

Do you have such a scenario running?

Regards,
Christoph

technikcst · July 9, 2015, 8:58am

Hi,

I am still having trouble with this. Is there a way to bind SNMP to a specific interface?

Regards,
Christoph

elmorekevin · June 2, 2016, 8:25pm

We’re having this problem right now too. Any solution?

ZeroByte · June 3, 2016, 7:35pm

Have you used policy routing to force the asymmetry, or have you used routing metrics?

If you’ve used policy, then you need to make sure that the policy routing rules are properly being applied to the output path of the Mikrotik - i.e. make sure that the policy routing rules also appear in the output chain of the mangle table, as such traffic does not enter the prerouting chain.