[PATCH] bgp: Implement RFC 9234
Ondrej Zajicek
santiago at crfreenet.org
Tue Jun 14 14:00:48 CEST 2022
On Tue, Jun 14, 2022 at 01:35:36PM +0300, Eugene Bogomazov wrote:
> TL;DR: What are the best ways to include AFI/SAFI channel check during
> attribute creation?
Hi
> RFC 9234 specifically clarifies that it can only be applied on IPv4/IPv6
> unicast sessions. On all other sessions the OTC attribute should be decoded
> from and also transferred to such sessions without any change.
>
> The problem is how to include AFI/SAFI checks in the code:
> 1) If we have information about a channel (as in *bgp_update_attrs*), we
> can simply run the following check
> proto/bgp/attrs.c
> if (bgp_channel_is_role_applicable(c)) { ... }
> proto/bpg/bgpd.h
> static inline int bgp_channel_is_role_applicable(struct bgp_channel *c)
> { return (c->afi == BGP_AF_IPV4 || c->afi == BGP_AF_IPV6); }
>
> static inline int bgp_cc_is_role_applicable(struct bgp_channel_config *c)
> { return (c->afi == BGP_AF_IPV4 || c->afi == BGP_AF_IPV6); }
Yes. in bgp_update_attrs() it would make sense to add the check
directly in such way.
> 2) However, in *bgp_decode_attrs *the AFI/SAFI information is only
> available after NLRI decoding. There is also a side approach with using
> *bgp_find_update_afi,* a static function from proto/bgp/packets.c to
> extract AFI/SAFI from a packet payload. The question is - what is the best
> way to extract AFI/SAFI information: apply OTC rules after NLRI is decoded
> (but where?) or change and reuse static bgp_find_update_afi (if possible)
> to get AFI/SAFI information before processing the OTC attribute?
Technically, one can receive an update message that has IPv4-unicast
directly in ip_reach_nlri, and something different (e.g. VPNv4) in
mp_reach_nlri. Although such messages are deprecated, they should still
be accepted as valid. Therefore, one has to apply OTC rules to some NLRI
and not to others.
That is a similar issue like with bgp_next_hop, which may have different
value for these two sets of NLRI. So perhaps you could handled that
in bgp_finish_attrs() ?
> 3) But the biggest problem is with *bgp_preexport*. It uses bgp_proto,
> which doesn't use channel information when filtering routes with BGP
> specific rules. And I don't find a way to add this support to this filter.
> The question is - how to apply AFI/SAFI check for OTC attribute rules
> during bgp export and where is the best place to do so? Of course, if we
> want it to be like a predefined route-map.
We have a change in 3.0 branch to have channel argument in bgp_preexport(),
we will rebase this change to master branch soon. So you can assume it will
be there.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list