Support Support Downloads Knowledge Base Apex Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

SNMP response from firewall in ESTABLISHED BGP state is incorrect

0

0

Article ID: KB11499 KB Last Updated: 21 Jun 2010Version: 3.0
Summary:
SNMP response from firewall in ESTABLISHED BGP state is incorrect
Symptoms:
The response for a SNMP query for the BGP ESTABLISHED state of the firewall is incorrect.

The MIB variable for the query is "nsBgpPeerFsmEstablishedTime ", it's OID is 1.3.6.1.2.1.15.3.1.16, and its description is:
"This timer indicates how long (in seconds) this peer has been in the Established state or how long since this peer was last in the Established state.  It is set to zero when a new peer is configured or the router is booted."

The problem is that the firewall reports the "ESTABLISHED" time for the BGP neighbor based on the system up time, not based on the peer status. This conflicts with explanation of the MIB "nsBgpPeerFsmEstablishedTime ".

Seen below is the System reporting of the BGP state for a neighbor

SSG550-> get vr trust protocol bgp neighbor
Peer AS Remote IP       Local IP          Wt Status   State     ConnID Up/Down
--------------------------------------------------------------------------------
    100 192.168.2.1     192.168.2.10     100 Enabled  ESTABLISH     96 00:41:11

According to this output the the BGP state is in Establish state with neighbor 192.168.2.1 for about 41 minutes 11 seconds

SNMPWALK for the MIB "nsBgpPeerFsmEstablishedTime" shows 100 as the UP time.

C:\snmpwalk>snmpwalk 172.19.51.148 public .1.3.6.1.2.1.15.3.1.16
.iso.3.6.1.2.1.15.3.1.16.192.168.2.1 = Gauge: 100

This output reports the BGP state since bootup process on the firewall. This is contradicting what we have defined for the MIB itself.

Solution:
For the MIB variable, "nsBgpPeerFsmEstablishedTime",  ScreenOS should return the duration since the last peer status change, rather than the timestamp of the last peer status change.

The fix for this issue is in ScreenOS 5.4.0r9 and later.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search