iAchieved.it

Software Development Tips and Tricks

By

OpenWrt SNMP Interface Descriptions

If you’re familiar with configuring network gear, you know that a very useful best practice is providing “plain English” descriptions of your device’s ports. For example, on my Cisco SF500-48MP switch port 24 is the “uplink port” to the gateway router. I make this clear in the port’s description:

sw01#show interfaces description fa1/2/24
Port      Description
-------   -----------
fa1/2/24  Uplink to Internet Gateway

By doing so, the ifAlias OID for this interface is set:

snmpget -c public -v2c sw01.iachieved.it IF-MIB::ifAlias.24 
IF-MIB::ifAlias.24 = STRING: Uplink to Internet Gateway

What is particularly nice about this is that a network monitoring tool such as Observium will display the ifAlias string as a part of the description of the port. Like I said, this becomes very useful, particularly when trying to track down where ports lead to.

In the previous post we installed SNMP on an OpenWrt router and surfaced it in Observium. By default the snmpd package doesn’t present any information for ifAlias, but we can fix that with snmpset.

Permitting snmpset Access

snmpset will make use of the SNMP private community on our OpenWrt (note: if you were working in a production environment you might consider using SNMP v3 with authentication or at the very least changing your community strings). By default the OpenWrt SNMP configuration only permits use of the private community from localhost (i.e., the router itself). We’ll change that to permit access from our private subnet:

Find this section in your /etc/config/snmpd file

config com2sec private
    option secname rw
    option source localhost
    option community private

and change the option source like this:

option source 192.168.77.0/24

Obviously you’ll use the appropriate subnet in your configuration.

Restart snmpd on the router with /etc/init.d/snmpd restart.

Updating ifAlias

To update the appropriate ifAlias entries we need to see the ifDescr list. This can be obtained by walking ifDescr with snmpwalk:

snmpwalk  -c public -v2c gw.gw01.chcgil01.iachieved.it ifDescr
IF-MIB::ifDescr.1 = STRING: lo
IF-MIB::ifDescr.2 = STRING: eth1
IF-MIB::ifDescr.3 = STRING: eth0
IF-MIB::ifDescr.5 = STRING: wlan0
IF-MIB::ifDescr.6 = STRING: wlan1
IF-MIB::ifDescr.7 = STRING: br-lan
IF-MIB::ifDescr.8 = STRING: eth0.1
IF-MIB::ifDescr.9 = STRING: eth1.2
IF-MIB::ifDescr.10 = STRING: eth0.100
IF-MIB::ifDescr.11 = STRING: eth1.3
IF-MIB::ifDescr.12 = STRING: eth1.4

In our Chicago router example let’s label the three interfaces that are OSPF links to other routers:

  • eth1.2 is a link to gw01.dnvrco01
  • eth1.3 is a link to gw01.atlaga01
  • eth1.4 is a link to gw01.dllstx01

From the output of ifDescr we can see that

  • eth1.2 will map to ifAlias.9
  • eth1.3 will map to ifAlias.11
  • eth1.4 will map to ifAlias.12

So let’s set those ifAlias strings!

# snmpset -c private -v2c gw.gw01.chcgil01.iachieved.it ifAlias.9 string "OSPF Link to gw01.dnvrco01"
IF-MIB::ifAlias.9 = STRING: OSPF Link to gw01.dnvrco01
# snmpset -c private -v2c gw.gw01.chcgil01.iachieved.it ifAlias.11 string "OSPF Link to gw01.atlaga01"
IF-MIB::ifAlias.11 = STRING: OSPF Link to gw01.atlaga01
# snmpset -c private -v2c gw.gw01.chcgil01.iachieved.it ifAlias.12 string "OSPF Link to gw01.dllstx01"
IF-MIB::ifAlias.12 = STRING: OSPF Link to gw01.dllstx01

The Catch

The problem with this approach is its persistence – reboot your router and watch those interface descriptions bite the dust. But no worries, the fix is simple.

Go back to /etc/config/snmpd and change your private community to accept interaction from localhost (in other words, what it was originally!):

config com2sec private
    option secname rw
    option source localhost
    option community private

Restart snmpd with /etc/init.d/snmpd restart.

On the router we’re going to edit /etc/rc.local and before exit 0 put:

# Wait for snmpd to accept connections
/bin/sleep 5

/usr/bin/snmpset -c private -v2c localhost ifAlias.9 string "OSPF Link to gw01.dnvrco01" > /tmp/snmpset.log
/usr/bin/snmpset -c private -v2c localhost ifAlias.11 string "OSPF Link to gw01.atlaga01" >> /tmp/snmpset.log
/usr/bin/snmpset -c private -v2c localhost ifAlias.12 string "OSPF Link to gw01.dllstx01" >> /tmp/snmpset.log

I have not optimized the /bin/sleep at this point, but without it snmpset will be talking to an snmpd daemon that isn’t ready. Trust me.

You can now reboot the router and the custom interface descriptions will survive.

Wrapping Up

Why did we go to all the trouble of creating descriptions (aliases) for our OpenWrt interfaces? Again, monitoring tools such as Observium will take those descriptions and apply them to your UI.

At a glance I can quickly see, for example, that eth1.2 is the interface being used for OSPF with gw01.dnvrco01. That information is incredibly useful when working with dozens (or more) links.

By

Recognizing OpenWrt as an OS in Observium

Observium is a great application for monitoring network equipment, regardless of type (e.g., routers, switches, firewalls, etc.) What makes it so powerful is due in large part to the amount of information exposed by SNMP for network gear and its ability to intelligently parse the returned data and display it.

This intelligence can only go so far, however, when a given piece of gear has either an incomplete implementation of SNMP or the values returned aren’t indicative of the equipment. Take, for example, OpenWrt. It is, in a word, an awesome piece of software, capable of turning a $250 Linksys home router into a participant in an OSPF area. Pretty nift.

Due to its open nature there are a number of SNMP options for OpenWrt:

Only one of these will give you a suitable view in Observium, and that is the snmpd package. Let’s install it (note that I’m using the OpenWrt shell vs. LUCI):

# opkg update
# opkg install snmpd

Unfortunately if you add your device now Observium will recognize it as a generic Linux machine. That’s due to the fact that, by default, the OpenWrt snmpd package will not return suitable information in the sysDescr OID for Observium’s OS detection routines.

For reference, here is what you can expect Observium to display with snmpd not configured properly:

Let’s take a look directly at the sysDescr OID with snmpget, which is available by installing snmp on your Observium host (if you’re using a Debian variant). There is a little dance to be done to get snmpget to work properly:

# apt-get install snmp snmp-mibs-downloader
# printf "[snmp]\nmibs +ALL\n" > /etc/snmp/snmp.conf 
# download-mibs
# snmpget -v2c -c public <HOSTNAME> sysDescr.0

For our router:

snmpget -v2c -c public gw.gw01.chcgil01.iachieved.it sysDescr.0
.1.3.6.1.2.1.1.1.0 = STRING: Linux chcgil 4.14.131 #0 SMP Thu Jun 27 12:18:52 2019 armv7l

sysDescr as is will cause Observium to detect the router as a basic Linux OS. We want more. Here’s how to do it! Go to the /etc/config/snmpd file in OpenWrt and find this block:

config system                   
        option sysLocation      'office'
        option sysContact       'bofh@example.com'
        option sysName          'HeartOfGold'     
#       option sysServices      72                
#       option sysDescr         'adult playground'
#       option sysObjectID      '1.2.3.4'

sysLocation can be set to a locale name and Observium will automatically map it properly. Since this router is in Chicago we’ll put Chicago there. Likewise, sysName will be changed to gw01.chcgil01 as this router is Gateway #1 in Chicago Site #1. What we’re particularly interested in changing here is sysDescr. Uncomment the line and change it to OpenWrt. Here’s what our final config system block looks like:

config system                   
        option sysLocation      'Chicago'
        option sysContact       'admin@iachieved.it'
        option sysName          'gw01.chcgil01'     
        option sysDescr         'OpenWrt'

Restart snmpd:

# /etc/init.d/snmpd restart

And check snmpget again:

# snmpget -v2c -c public gw.gw01.chcgil01.iachieved.it sysDescr.0
SNMPv2-MIB::sysDescr.0 = STRING: OpenWrt

Perfect. Add the device to Observium and watch it fill in the rest.

Notice that the Tux logo has been replaced with the OpenWrt logo as Observium correctly identifies this device as running OpenWrt.