FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
fgilloteau_FTNT
Article Id 191552
Description
This article describes how to retrieve BGP status with SNMP.

Solution
With FortiOS 5.4.x, it is possible to retrieve BGP neighbor states with SNMP.

This is based on BGP4-MIB.

This example is for an Active peering with remote neighbor 10.129.1.226:

[root@server]# snmpwalk -v 2c -c public -m /usr/share/mibs/ietf/BGP4-MIB 10.129.1.227 1.3.6.1.2.1.15
BGP4-MIB::bgpVersion.0 = Hex-STRING: 10
BGP4-MIB::bgpLocalAs.0 = INTEGER: 65002
BGP4-MIB::bgpPeerIdentifier.10.129.1.226 = IpAddress: 0.0.0.0
BGP4-MIB::bgpPeerState.10.129.1.226 = INTEGER: active(3)
BGP4-MIB::bgpPeerAdminStatus.10.129.1.226 = INTEGER: start(2)
BGP4-MIB::bgpPeerNegotiatedVersion.10.129.1.226 = INTEGER: 0
BGP4-MIB::bgpPeerLocalAddr.10.129.1.226 = IpAddress: 0.0.0.0
BGP4-MIB::bgpPeerLocalPort.10.129.1.226 = INTEGER: 179
BGP4-MIB::bgpPeerRemoteAddr.10.129.1.226 = IpAddress: 10.129.1.226
BGP4-MIB::bgpPeerRemotePort.10.129.1.226 = INTEGER: 0
BGP4-MIB::bgpPeerRemoteAs.10.129.1.226 = INTEGER: 65001
BGP4-MIB::bgpPeerInUpdates.10.129.1.226 = Wrong Type (should be Counter32): INTEGER: 0
BGP4-MIB::bgpPeerOutUpdates.10.129.1.226 = Wrong Type (should be Counter32): INTEGER: 0
BGP4-MIB::bgpPeerInTotalMessages.10.129.1.226 = Wrong Type (should be Counter32): INTEGER: 894
BGP4-MIB::bgpPeerOutTotalMessages.10.129.1.226 = Wrong Type (should be Counter32): INTEGER: 899
BGP4-MIB::bgpPeerLastError.10.129.1.226 = Hex-STRING: 06 00
BGP4-MIB::bgpPeerFsmEstablishedTransitions.10.129.1.226 = Wrong Type (should be Counter32): INTEGER: 1
BGP4-MIB::bgpPeerFsmEstablishedTime.10.129.1.226 = Gauge32: 0 seconds
BGP4-MIB::bgpPeerConnectRetryInterval.10.129.1.226 = INTEGER: 120 seconds
BGP4-MIB::bgpPeerHoldTime.10.129.1.226 = INTEGER: 0 seconds
BGP4-MIB::bgpPeerKeepAlive.10.129.1.226 = INTEGER: 0 seconds
BGP4-MIB::bgpPeerHoldTimeConfigured.10.129.1.226 = INTEGER: 180 seconds
BGP4-MIB::bgpPeerKeepAliveConfigured.10.129.1.226 = INTEGER: 60 seconds
BGP4-MIB::bgpPeerMinASOriginationInterval.10.129.1.226 = INTEGER: 0 seconds
BGP4-MIB::bgpPeerMinRouteAdvertisementInterval.10.129.1.226 = INTEGER: 30 seconds
BGP4-MIB::bgpPeerInUpdateElapsedTime.10.129.1.226 = Gauge32: 873759 seconds
BGP4-MIB::bgpIdentifier.0 = IpAddress: 10.129.1.227

Looking at BGP status directly on the FortiGate with CLI, the equivalent is seen:

FWLOMONV2IBBL201_LAB (root) # get router info bgp summary
BGP router identifier 10.129.1.227, local AS number 65002
BGP table version is 1
0 BGP AS-PATH entries
0 BGP community entries

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.129.1.226    4      65001     894     899        0    0    0    never Active

Total number of neighbors 1

Here is another example for ‘Established’ BGP peering:

[root@server]# snmpwalk -v 2c -c public -m /usr/share/mibs/ietf/BGP4-MIB 10.129.1.227 1.3.6.1.2.1.15
BGP4-MIB::bgpVersion.0 = Hex-STRING: 10
BGP4-MIB::bgpLocalAs.0 = INTEGER: 65002
BGP4-MIB::bgpPeerIdentifier.10.129.1.226 = IpAddress: 10.129.1.226
BGP4-MIB::bgpPeerState.10.129.1.226 = INTEGER: established(6)
BGP4-MIB::bgpPeerAdminStatus.10.129.1.226 = INTEGER: start(2)
BGP4-MIB::bgpPeerNegotiatedVersion.10.129.1.226 = INTEGER: 4
BGP4-MIB::bgpPeerLocalAddr.10.129.1.226 = IpAddress: 10.129.1.227
BGP4-MIB::bgpPeerLocalPort.10.129.1.226 = INTEGER: 179
BGP4-MIB::bgpPeerRemoteAddr.10.129.1.226 = IpAddress: 10.129.1.226
BGP4-MIB::bgpPeerRemotePort.10.129.1.226 = INTEGER: 1040
BGP4-MIB::bgpPeerRemoteAs.10.129.1.226 = INTEGER: 65001
BGP4-MIB::bgpPeerInUpdates.10.129.1.226 = Wrong Type (should be Counter32): INTEGER: 0
BGP4-MIB::bgpPeerOutUpdates.10.129.1.226 = Wrong Type (should be Counter32): INTEGER: 0
BGP4-MIB::bgpPeerInTotalMessages.10.129.1.226 = Wrong Type (should be Counter32): INTEGER: 896
BGP4-MIB::bgpPeerOutTotalMessages.10.129.1.226 = Wrong Type (should be Counter32): INTEGER: 901
BGP4-MIB::bgpPeerLastError.10.129.1.226 = Hex-STRING: 06 00
BGP4-MIB::bgpPeerFsmEstablishedTransitions.10.129.1.226 = Wrong Type (should be Counter32): INTEGER: 2
BGP4-MIB::bgpPeerFsmEstablishedTime.10.129.1.226 = Gauge32: 22 seconds
BGP4-MIB::bgpPeerConnectRetryInterval.10.129.1.226 = INTEGER: 120 seconds
BGP4-MIB::bgpPeerHoldTime.10.129.1.226 = INTEGER: 180 seconds
BGP4-MIB::bgpPeerKeepAlive.10.129.1.226 = INTEGER: 60 seconds
BGP4-MIB::bgpPeerHoldTimeConfigured.10.129.1.226 = INTEGER: 180 seconds
BGP4-MIB::bgpPeerKeepAliveConfigured.10.129.1.226 = INTEGER: 60 seconds
BGP4-MIB::bgpPeerMinASOriginationInterval.10.129.1.226 = INTEGER: 0 seconds
BGP4-MIB::bgpPeerMinRouteAdvertisementInterval.10.129.1.226 = INTEGER: 30 seconds
BGP4-MIB::bgpPeerInUpdateElapsedTime.10.129.1.226 = Gauge32: 874704 seconds
BGP4-MIB::bgpIdentifier.0 = IpAddress: 10.129.1.227

The corresponding CLI status is seen as:

FWLOMONV2IBBL201_LAB (root) # get router info bgp sum
BGP router identifier 10.129.1.227, local AS number 65002
BGP table version is 1
0 BGP AS-PATH entries
0 BGP community entries

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.129.1.226    4      65001     898     904        0    0    0 00:02:37        0

Total number of neighbors 1

Contributors