Send netdisco-users mailing list submissions to
netdisco-users@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
netdisco-users-requ...@lists.sourceforge.net
You can reach the person managing the list at
netdisco-users-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."
Today's Topics:
1. Re: ARP matching for netdisco (Muris)
2. Re: ARP matching for netdisco (Christian Ramseyer)
--- Begin Message ---
Thanks heaps thats useful ill have look around those outputs and see what i
get.
When you say hacking around the stored arp procedures and finding what works,
do you have an example of one youve done?
Can you insert a section in there in the code for a specific platform to only
do that particular arp store control on that platform and not in the default
way?
If youve got examples that would useful so i can get an idea.
> On 27 Jul 2024, at 01:33, Christian Ramseyer <ramse...@netnea.com> wrote:
>
> Hi Muris
>
>> On 25.07.2024 06:27, Muris wrote:
>> Hey all,
>> Ive picked up another issue ive come across in relation to arpnip’s and
>> netdisco picking up for matching to mac addresses
>> * Ive found on ArubaOS controllers this does not work, and gets 0 arps
>> and ive seen it on a couple of Aruba switches or two. This is
>> running the netdisco-do arpnip function when I look at the output.
>> * Ive also noticed on Cisco SDWAN platform using Cisco ISR 1127/1131
>> which has VRF’s on a router it also doesn’t appear to match arps to
>> macs probably because it has VRFs? I tried to use the SSH script in this
>> instance but still didn’t work. The routers I have are running IOS XE, which
>> doesn’t seem to work with the SSH collector, as that only has IOS and IOSXR
>> 1) I wanted to ask, is there a troubleshooting method for arps retrieval,
>> and what part of code handles the arp matching?
> > 3) What part of the code in netdisco looks at arp retrieval and then
> > storing it into the db into particular method? Is there something that
> > can be tweaked how it interprets the data, say for a Aruba Controller,
> > or a Cisco router with vrfs etc
>
>
> For 1 + 3 I use something like this:
>
> Run netdisco-do arpnip on the commandline with debugging flags:
>
> -D (always, general debugging)
> -SI (snmp OIDs + snmp info layer)
> -Q (DB queries, ignore unless you suspect a db issue)
>
> e.g. "netdisco-do -DIS -d lab2-ce2 arpnip"
>
> To see whats going wrong it's very helpful to compare a device with the
> expected outcome to the one where stuff doesn't work.
>
> From the debugging you can tell which OIDs are used, whether they send back a
> response etc. I often also just forget about netdisco and try to get what I
> need with regular snmpwalk/get, then figure out where the mismatch is. Or
> conclude that the device does not have the data at all.
>
> If you grep around in the code for strings appearing in the debug output it's
> easy to find where stuff happens, e.g (shortened):
>
> $ shopt -s globstar
> $ egrep '(store_arp|processed.*ARP Cache)' **/* 2>/dev/null
>
> lib/App/Netdisco/Util/Node.pm:=head2 store_arp( \%host, $now?, $device_ip )
> lib/App/Netdisco/Util/Node.pm:sub store_arp {
> lib/App/Netdisco/Util/Node.pm: debug sprintf 'store_arp - device %s mac %s
> ip %s',
> lib/App/Netdisco/Worker/Plugin/Arpnip/Nodes.pm:use App::Netdisco::Util::Node
> qw/che
> lib/App/Netdisco/Worker/Plugin/Arpnip/Nodes.pm: store_arp(\%$_, $now,
> $device->ip)
>
>
> Then just start hacking around in there until it works :)
>
>
>
>
>> 2) What if I have a IOS XE router with vrf’s is it able to retrieve IP to
>> mac mappings? If I can do a “show arp vrf 2000” this shows the list, but how
>> do I make that available into netdisco?
>
> I actually just tried this on regular IOS-XE and I seem to get all VRFs from
> the regular SNMP method, e.g.:
>
>
> # show version
>
> Cisco IOS XE Software, Version 17.09.03a
> Cisco IOS Software [Cupertino], ISR Software
> (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.9.3a, RELEASE SOFTWARE (fc2)
> cisco ISR4331/K9
>
>
> lab2-CE2#show vrf
> Name Default RD Protocols Interfaces
> Mgmt-intf <not set> ipv4,ipv6 Gi0
> VPRN-KTV1 65126:20923 ipv4,ipv6 Lo1
> Gi0/0/0
> Gi0/0/2.3811
> lab2-CE2#show ip arp
> lab2-CE2#show ip arp
> Protocol Address Age (min) Hardware Addr Type Interface
> Internet 10.18.220.233 89 4055.82a1.xxxx ARPA
> GigabitEthernet0/0/2.3899
> Internet 10.18.220.234 94 147b.ac00.xxxx ARPA
> GigabitEthernet0/0/2.3899
> Internet 10.18.220.238 - 70d3.791a.xxxx ARPA
> GigabitEthernet0/0/2.3899
> lab2-CE2#
> lab2-CE2#show ip arp vrf VPRN-KTV1
> Protocol Address Age (min) Hardware Addr Type Interface
> Internet 10.18.199.129 89 4055.82a1.xxxx ARPA
> GigabitEthernet0/0/2.3811
> Internet 10.18.199.130 90 147b.ac00.xxxx ARPA
> GigabitEthernet0/0/2.3811
> Internet 10.18.199.134 - 70d3.791a.xxxx ARPA
> GigabitEthernet0/0/2.3811
> Internet 10.30.194.49 - 70d3.791a.xxxx ARPA GigabitEthernet0/0/0
> Internet 10.30.194.50 0 001c.7fa3.xxxx ARPA GigabitEthernet0/0/0
> lab2-CE2#
>
>
> netdisco-do -D -d lab2-ce2 arpnip
> ...
> [13904] 2024-07-26 15:24:42 debug => running workers for phase: store
> [13904] 2024-07-26 15:24:42 debug -> run worker store/0 "arpnip::nodes"
> [13904] 2024-07-26 15:24:42 debug resolving 8 ARP entries with max 50
> outstanding requests
> [13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
> 40:55:82:a1:xx:xx ip 10.18.220.233
> [13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
> 14:7b:ac:00:xx:xx ip 10.18.199.130
> [13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
> 70:d3:79:1a:xx:xx ip 10.30.194.49
> [13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
> 14:7b:ac:00:xx:xx ip 10.18.220.234
> [13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
> 40:55:82:a1:xx:xx ip 10.18.199.129
> [13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
> 00:1c:7f:a3:xx:xx ip 10.30.194.50
> [13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
> 70:d3:79:1a:xx:xx ip 10.18.220.238
> [13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
> 70:d3:79:1a:xx:xx ip 10.18.199.134
> [13904] 2024-07-26 15:24:42 debug [10.18.165.188] arpnip - processed 8 ARP
> Cache entries
> [13904] 2024-07-26 15:24:42 debug [10.18.165.188] arpnip - processed 0 IPv6
> Neighbor Cache entries
>
>
> So I suspect the trouble is related to the SDWAN features or a specific
> release?
>
> Generally the more virutalization and software defined doohickeys a platform
> has the less likely it is to cough up all arp entries via SNMP. If you need
> to make an SSH Collector for IOS-XE SDWAN, you best figure out first what
> commands are needed, then copy an existing one an make it work. Many already
> do something like enumerate all contexts/vrf/vdoms and then run commands for
> each, you can look at e.g. CPVSX, ASAContext or FortiOS.
>
>
>
> Good luck
> Christian
>
>> Sorry if its been asked before .. but im finding lately due to the
>> environment getting complex I wouldn’t mind how the whole arp storing works
>> and getting more things to work better .
>> Muris
>> _______________________________________________
>> Netdisco mailing list
>> netdisco-users@lists.sourceforge.net
>> https://sourceforge.net/p/netdisco/mailman/netdisco-users/
>
> --
> Christian Ramseyer, netnea ag
> Network Management. Security. OpenSource.
> https://www.netnea.com
> Phone: +41 79 644 77 64
--- End Message ---
--- Begin Message ---
On 26.07.2024 20:52, Muris wrote:
Thanks heaps thats useful ill have look around those outputs and see what i get.
When you say hacking around the stored arp procedures and finding what works,
do you have an example of one youve done?
Can you insert a section in there in the code for a specific platform to only
do that particular arp store control on that platform and not in the default
way?
If youve got examples that would useful so i can get an idea.
When SNMP Arpnip is used, all device-specific stuff is handled through
snmp-info. So in the Netdisco code you just see
lib/App/Netdisco/Worker/Plugin/Arpnip/Nodes.pm:
get_arps_snmp($device, $snmp->at_paddr, $snmp->at_netaddr);
where $snmp is an SNMP::Info object initialized for the device in
questions. at_netaddr etc. are methods which by default use the IP-MIB
ipNetToMediaNetAddress etc. The default definition is here:
https://github.com/netdisco/snmp-info/blob/master/lib/SNMP/Info/Layer3.pm#L111
# IP-MIB IP Net to Media Table (ARP Cache)
'at_index' => 'ipNetToMediaIfIndex',
'at_paddr' => 'ipNetToMediaPhysAddress',
'at_netaddr' => 'ipNetToMediaNetAddress',
Specific device classes can then override this behavior, some that
currently do are:
$ grep "sub at_netaddr" **/*.pm
...
lib/SNMP/Info/Layer3/Aruba.pm:sub at_netaddr {
lib/SNMP/Info/Layer3/CiscoFWSM.pm:sub at_netaddr {
lib/SNMP/Info/Layer3/Netscreen.pm:sub at_netaddr {
The Aruba implementation might be relevant here :) You can use the -I
option to print out what SNMP::Info is doing.
Cheers
Christian
On 27 Jul 2024, at 01:33, Christian Ramseyer <ramse...@netnea.com> wrote:
Hi Muris
On 25.07.2024 06:27, Muris wrote:
Hey all,
Ive picked up another issue ive come across in relation to arpnip’s and
netdisco picking up for matching to mac addresses
* Ive found on ArubaOS controllers this does not work, and gets 0 arps
and ive seen it on a couple of Aruba switches or two. This is
running the netdisco-do arpnip function when I look at the output.
* Ive also noticed on Cisco SDWAN platform using Cisco ISR 1127/1131
which has VRF’s on a router it also doesn’t appear to match arps to
macs probably because it has VRFs? I tried to use the SSH script in this
instance but still didn’t work. The routers I have are running IOS XE, which
doesn’t seem to work with the SSH collector, as that only has IOS and IOSXR
1) I wanted to ask, is there a troubleshooting method for arps retrieval, and
what part of code handles the arp matching?
3) What part of the code in netdisco looks at arp retrieval and then
storing it into the db into particular method? Is there something that
can be tweaked how it interprets the data, say for a Aruba Controller,
or a Cisco router with vrfs etc
For 1 + 3 I use something like this:
Run netdisco-do arpnip on the commandline with debugging flags:
-D (always, general debugging)
-SI (snmp OIDs + snmp info layer)
-Q (DB queries, ignore unless you suspect a db issue)
e.g. "netdisco-do -DIS -d lab2-ce2 arpnip"
To see whats going wrong it's very helpful to compare a device with the
expected outcome to the one where stuff doesn't work.
From the debugging you can tell which OIDs are used, whether they send back a
response etc. I often also just forget about netdisco and try to get what I
need with regular snmpwalk/get, then figure out where the mismatch is. Or
conclude that the device does not have the data at all.
If you grep around in the code for strings appearing in the debug output it's
easy to find where stuff happens, e.g (shortened):
$ shopt -s globstar
$ egrep '(store_arp|processed.*ARP Cache)' **/* 2>/dev/null
lib/App/Netdisco/Util/Node.pm:=head2 store_arp( \%host, $now?, $device_ip )
lib/App/Netdisco/Util/Node.pm:sub store_arp {
lib/App/Netdisco/Util/Node.pm: debug sprintf 'store_arp - device %s mac %s ip
%s',
lib/App/Netdisco/Worker/Plugin/Arpnip/Nodes.pm:use App::Netdisco::Util::Node
qw/che
lib/App/Netdisco/Worker/Plugin/Arpnip/Nodes.pm: store_arp(\%$_, $now,
$device->ip)
Then just start hacking around in there until it works :)
2) What if I have a IOS XE router with vrf’s is it able to retrieve IP to mac
mappings? If I can do a “show arp vrf 2000” this shows the list, but how do I
make that available into netdisco?
I actually just tried this on regular IOS-XE and I seem to get all VRFs from
the regular SNMP method, e.g.:
# show version
Cisco IOS XE Software, Version 17.09.03a
Cisco IOS Software [Cupertino], ISR Software (X86_64_LINUX_IOSD-UNIVERSALK9-M),
Version 17.9.3a, RELEASE SOFTWARE (fc2)
cisco ISR4331/K9
lab2-CE2#show vrf
Name Default RD Protocols Interfaces
Mgmt-intf <not set> ipv4,ipv6 Gi0
VPRN-KTV1 65126:20923 ipv4,ipv6 Lo1
Gi0/0/0
Gi0/0/2.3811
lab2-CE2#show ip arp
lab2-CE2#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.18.220.233 89 4055.82a1.xxxx ARPA
GigabitEthernet0/0/2.3899
Internet 10.18.220.234 94 147b.ac00.xxxx ARPA
GigabitEthernet0/0/2.3899
Internet 10.18.220.238 - 70d3.791a.xxxx ARPA
GigabitEthernet0/0/2.3899
lab2-CE2#
lab2-CE2#show ip arp vrf VPRN-KTV1
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.18.199.129 89 4055.82a1.xxxx ARPA
GigabitEthernet0/0/2.3811
Internet 10.18.199.130 90 147b.ac00.xxxx ARPA
GigabitEthernet0/0/2.3811
Internet 10.18.199.134 - 70d3.791a.xxxx ARPA
GigabitEthernet0/0/2.3811
Internet 10.30.194.49 - 70d3.791a.xxxx ARPA GigabitEthernet0/0/0
Internet 10.30.194.50 0 001c.7fa3.xxxx ARPA GigabitEthernet0/0/0
lab2-CE2#
netdisco-do -D -d lab2-ce2 arpnip
...
[13904] 2024-07-26 15:24:42 debug => running workers for phase: store
[13904] 2024-07-26 15:24:42 debug -> run worker store/0 "arpnip::nodes"
[13904] 2024-07-26 15:24:42 debug resolving 8 ARP entries with max 50
outstanding requests
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
40:55:82:a1:xx:xx ip 10.18.220.233
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
14:7b:ac:00:xx:xx ip 10.18.199.130
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
70:d3:79:1a:xx:xx ip 10.30.194.49
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
14:7b:ac:00:xx:xx ip 10.18.220.234
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
40:55:82:a1:xx:xx ip 10.18.199.129
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
00:1c:7f:a3:xx:xx ip 10.30.194.50
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
70:d3:79:1a:xx:xx ip 10.18.220.238
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
70:d3:79:1a:xx:xx ip 10.18.199.134
[13904] 2024-07-26 15:24:42 debug [10.18.165.188] arpnip - processed 8 ARP
Cache entries
[13904] 2024-07-26 15:24:42 debug [10.18.165.188] arpnip - processed 0 IPv6
Neighbor Cache entries
So I suspect the trouble is related to the SDWAN features or a specific release?
Generally the more virutalization and software defined doohickeys a platform
has the less likely it is to cough up all arp entries via SNMP. If you need to
make an SSH Collector for IOS-XE SDWAN, you best figure out first what commands
are needed, then copy an existing one an make it work. Many already do
something like enumerate all contexts/vrf/vdoms and then run commands for each,
you can look at e.g. CPVSX, ASAContext or FortiOS.
Good luck
Christian
Sorry if its been asked before .. but im finding lately due to the environment
getting complex I wouldn’t mind how the whole arp storing works and getting
more things to work better .
Muris
_______________________________________________
Netdisco mailing list
netdisco-users@lists.sourceforge.net
https://sourceforge.net/p/netdisco/mailman/netdisco-users/
--
Christian Ramseyer, netnea ag
Network Management. Security. OpenSource.
https://www.netnea.com
Phone: +41 79 644 77 64
--
Christian Ramseyer, netnea ag
Network Management. Security. OpenSource.
https://www.netnea.com
Phone: +41 79 644 77 64
--- End Message ---
_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users
