netdisco-users Digest, Vol 215, Issue 18

[netdisco-users-request]

Send netdisco-users mailing list submissions to
        netdisco-users@lists.sourceforge.net

To subscribe or unsubscribe via the World Wide Web, visit
        https://lists.sourceforge.net/lists/listinfo/netdisco-users
or, via email, send a message with subject or body 'help' to
        netdisco-users-requ...@lists.sourceforge.net

You can reach the person managing the list at
        netdisco-users-ow...@lists.sourceforge.net

When replying, please edit your Subject line so it is more specific
than "Re: Contents of netdisco-users digest..."

Today's Topics:

   1. Re: ARP matching for netdisco (Jethro Binks)

--- Begin Message ---

And to now answer another point from Christian (apols for mangling these 
messages):

Christian Ramseyer <ramse...@netnea.com> wrote:
> ?On 27.07.2024 03:10, Muris wrote:

> Alright thanks if there is already a modification for Aruba.pm but that 
> modification doesnt work for ArubaOS Controllers, what then?
>
> Is it possible to put in that sub routine a second one if it detects a 
> controller using sysDescr AurbaOs, to go to a different routine in Aruba.pm?
> And if you have an example how that might look?

Yes this is common, there is a very long function in Info.pm that tries
to find the best matching class based on SNMP oids, sysDescr regex etc.
Check around the Cisco identification, there is a lot of specific
subclasses for that brand:

https://github.com/netdisco/snmp-info/blob/master/lib/SNMP/Info.pm#L1900

         $objtype = 'SNMP::Info::Layer3::C3550' if $desc =~ /(C3550|C3560)/;
         $objtype = 'SNMP::Info::Layer3::C4000' if $desc =~ /Catalyst
4[05]00/;
         ... etc..


If it turned out that ArubaOS v10 needed something else doing to obtain the Arp 
table now, you could use sysDescr within SNMP::Info::Layer3::Aruba:

SNMP::Info::device_type() layers:00000111 id:14823 sysDescr:"ArubaOS (MODEL: 
Aruba7240XM), Version 8.10.0.12 LSR (89862)"

and test this in the function at_paddr to see if this is version 10, and do 
something different instead (look at another MIB maybe if the data is 
elsewhere).

Normally, at_paddr uses ipNetToMediaPhysAddress, but as 
https://github.com/netdisco/snmp-info/issues/452 discusses this isn't populated 
on the separate ArubaOS-CX platform, and perhaps this is the case for ArubaOS 
v10 too[*]

Alternatively you might use sysDescr in Info.pm to select a new module 
SNMP::Info::Layer3::ArubaSomethingElse that does the right thing, but there's a 
danger there of a lot of duplication with the current SNMP::Info::Layer3::Aruba.


[*] does anyone know if ArubaOS 10 for wireless is based on ArubaOSCX, as they 
move to this cloud management paradigm?

Don't get me started on my regular pontifications about the confusion of Aruba 
(and HP) operating systems and further confusion of the naming of modules 
within SNMP-Info:

https://github.com/netdisco/snmp-info/issues/469

https://github.com/netdisco/snmp-info/issues/527

Jethro.


.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .

Jethro R Binks, Network Manager,

Information Services Directorate, University Of Strathclyde, Glasgow, UK


The University of Strathclyde is a charitable body, registered in Scotland, 
number SC015263.

________________________________
From: Jethro Binks <jethro.bi...@strath.ac.uk>
Sent: 30 July 2024 16:22
To: neil--- <netdisco-users@lists.sourceforge.net>
Subject: Re: [Netdisco] ARP matching for netdisco

A bit late sorry, but this is a good point from Neil.

If it helps, my Aruba wireless is running 8.10, identifies as 
SNMP::Info::Layer3::Aruba, and I get plenty of arpnips (but almost all APs and 
few end stations in my case, since the wireless controllers aren't the routing 
interface for moclient vlans).

[8045] 2024-07-30 15:13:14 debug   arpnip - processed 1135 ARP Cache entries

No idea what happens in 10-land, and no recollection about 6.4.

Jethro.


.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .

Jethro R Binks, Network Manager,

Information Services Directorate, University Of Strathclyde, Glasgow, UK


The University of Strathclyde is a charitable body, registered in Scotland, 
number SC015263.

________________________________
From: neil--- via netdisco-users <netdisco-users@lists.sourceforge.net>
Sent: 26 July 2024 18:34
To: Christian Ramseyer <ramse...@netnea.com>; Muris <alcat...@gmail.com>; 
neil--- <netdisco-users@lists.sourceforge.net>
Subject: Re: [Netdisco] ARP matching for netdisco

I don’t the Aruba stuff has been updated since ArubaOS 6.X (Aruba is currently 
pushing customers from version 8 to 10 which has the control plane in the cloud 
).

Neil

On Fri, Jul 26, 2024, at 11:03 AM, Christian Ramseyer wrote:
Hi Muris

On 25.07.2024 06:27, Muris wrote:
> Hey all,
>
> Ive picked up another issue ive come across in relation to arpnip’s and
> netdisco picking up for matching to mac addresses
>
>   * Ive found on ArubaOS controllers this does not work, and gets 0 arps
>     and ive seen it on a couple of Aruba switches or two. This is
>     running the netdisco-do arpnip function when I look at the output.
>   * Ive also noticed on Cisco SDWAN platform using Cisco ISR 1127/1131
>     which has VRF’s on a router it also doesn’t appear to match arps to
>     macs probably because it has VRFs?
>
> I tried to use the SSH script in this instance but still didn’t work.
> The routers I have are running IOS XE, which doesn’t seem to work with
> the SSH collector, as that only has IOS and IOSXR
>
> 1) I wanted to ask, is there a troubleshooting method for arps
> retrieval, and what part of code handles the arp matching?
> 3) What part of the code in netdisco looks at arp retrieval and then
> storing it into the db into particular method? Is there something that
> can be tweaked how it interprets the data, say for a Aruba Controller,
> or a Cisco router with vrfs etc


For 1 + 3 I use something like this:

Run netdisco-do arpnip on the commandline with debugging flags:

-D (always, general debugging)
-SI (snmp OIDs + snmp info layer)
-Q (DB queries, ignore unless you suspect a db issue)

e.g. "netdisco-do -DIS -d lab2-ce2 arpnip"

To see whats going wrong it's very helpful to compare a device with the
expected outcome to the one where stuff doesn't work.

>From the debugging you can tell which OIDs are used, whether they send
back a response etc. I often also just forget about netdisco and try to
get what I need with regular snmpwalk/get, then figure out where the
mismatch is. Or conclude that the device does not have the data at all.

If you grep around in the code for strings appearing in the debug output
it's easy to find where stuff happens, e.g (shortened):

  $ shopt -s globstar
  $ egrep '(store_arp|processed.*ARP Cache)' **/* 2>/dev/null

lib/App/Netdisco/Util/Node.pm:=head2 store_arp( \%host, $now?, $device_ip )
lib/App/Netdisco/Util/Node.pm:sub store_arp {
lib/App/Netdisco/Util/Node.pm:  debug sprintf 'store_arp - device %s mac
%s ip %s',
lib/App/Netdisco/Worker/Plugin/Arpnip/Nodes.pm:use
App::Netdisco::Util::Node qw/che
lib/App/Netdisco/Worker/Plugin/Arpnip/Nodes.pm:  store_arp(\%$_, $now,
$device->ip)


Then just start hacking around in there until it works :)




>
> 2) What if I have a IOS XE router with vrf’s is it able to retrieve IP
> to mac mappings? If I can do a “show arp vrf 2000” this shows the list,
> but how do I make that available into netdisco?
>

I actually just tried this on regular IOS-XE and I seem to get all VRFs
from the regular SNMP method, e.g.:


# show version

Cisco IOS XE Software, Version 17.09.03a
Cisco IOS Software [Cupertino], ISR Software
(X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 17.9.3a, RELEASE SOFTWARE (fc2)
cisco ISR4331/K9


lab2-CE2#show vrf
   Name                             Default RD            Protocols
Interfaces
   Mgmt-intf                        <not set>             ipv4,ipv6   Gi0
   VPRN-KTV1                        65126:20923           ipv4,ipv6   Lo1

Gi0/0/0

Gi0/0/2.3811
lab2-CE2#show ip arp
lab2-CE2#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.18.220.233         89   4055.82a1.xxxx  ARPA
GigabitEthernet0/0/2.3899
Internet  10.18.220.234         94   147b.ac00.xxxx  ARPA
GigabitEthernet0/0/2.3899
Internet  10.18.220.238          -   70d3.791a.xxxx  ARPA
GigabitEthernet0/0/2.3899
lab2-CE2#
lab2-CE2#show ip arp vrf VPRN-KTV1
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.18.199.129         89   4055.82a1.xxxx  ARPA
GigabitEthernet0/0/2.3811
Internet  10.18.199.130         90   147b.ac00.xxxx  ARPA
GigabitEthernet0/0/2.3811
Internet  10.18.199.134          -   70d3.791a.xxxx  ARPA
GigabitEthernet0/0/2.3811
Internet  10.30.194.49           -   70d3.791a.xxxx  ARPA
GigabitEthernet0/0/0
Internet  10.30.194.50           0   001c.7fa3.xxxx  ARPA
GigabitEthernet0/0/0
lab2-CE2#


netdisco-do -D -d lab2-ce2 arpnip
...
[13904] 2024-07-26 15:24:42 debug => running workers for phase: store
[13904] 2024-07-26 15:24:42 debug -> run worker store/0 "arpnip::nodes"
[13904] 2024-07-26 15:24:42 debug  resolving 8 ARP entries with max 50
outstanding requests
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
40:55:82:a1:xx:xx ip 10.18.220.233
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
14:7b:ac:00:xx:xx ip 10.18.199.130
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
70:d3:79:1a:xx:xx ip 10.30.194.49
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
14:7b:ac:00:xx:xx ip 10.18.220.234
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
40:55:82:a1:xx:xx ip 10.18.199.129
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
00:1c:7f:a3:xx:xx ip 10.30.194.50
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
70:d3:79:1a:xx:xx ip 10.18.220.238
[13904] 2024-07-26 15:24:42 debug store_arp - device 10.18.165.188 mac
70:d3:79:1a:xx:xx ip 10.18.199.134
[13904] 2024-07-26 15:24:42 debug  [10.18.165.188] arpnip - processed 8
ARP Cache entries
[13904] 2024-07-26 15:24:42 debug  [10.18.165.188] arpnip - processed 0
IPv6 Neighbor Cache entries


So I suspect the trouble is related to the SDWAN features or a specific
release?

Generally the more virutalization and software defined doohickeys a
platform has the less likely it is to cough up all arp entries via SNMP.
If you need to make an SSH Collector for IOS-XE SDWAN, you best figure
out first what commands are needed, then copy an existing one an make it
work. Many already do something like enumerate all contexts/vrf/vdoms
and then run commands for each, you can look at e.g. CPVSX, ASAContext
or FortiOS.



Good luck
Christian

>
> Sorry if its been asked before .. but im finding lately due to the
> environment getting complex I wouldn’t mind how the whole arp storing
> works and getting more things to work better .
>
> Muris
>
>
>
> _______________________________________________
> Netdisco mailing list
> netdisco-users@lists.sourceforge.net<mailto:netdisco-users@lists.sourceforge.net>
> https://sourceforge.net/p/netdisco/mailman/netdisco-users/

--
Christian Ramseyer, netnea ag
Network Management. Security. OpenSource.
https://www.netnea.com
Phone: +41 79 644 77 64


_______________________________________________
Netdisco mailing list
netdisco-users@lists.sourceforge.net<mailto:netdisco-users@lists.sourceforge.net>
https://sourceforge.net/p/netdisco/mailman/netdisco-users/

--- End Message ---

_______________________________________________
Netdisco mailing list - Digest Mode
netdisco-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/netdisco-users