[PATCH] Add bgp's allowas-in feature.
Sometimes its useful feature. So make it optional per bgp protocol. Based on hint http://permalink.gmane.org/gmane.network.bird.user/944 Signed-off-by: Milan Kocian <milon@wq.cz> --- proto/bgp/attrs.c | 5 +++-- proto/bgp/bgp.h | 1 + proto/bgp/config.Y | 4 +++- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c index c27a498..27a2694 100644 --- a/proto/bgp/attrs.c +++ b/proto/bgp/attrs.c @@ -1704,8 +1704,9 @@ bgp_decode_attrs(struct bgp_conn *conn, byte *attr, unsigned int len, struct lin bgp_remove_as4_attrs(bgp, a); /* If the AS path attribute contains our AS, reject the routes */ - if (bgp_as_path_loopy(bgp, a)) - goto withdraw; + if (!bgp->cf->allow_as_in) + if (bgp_as_path_loopy(bgp, a)) + goto withdraw; /* Two checks for IBGP loops caused by route reflection, RFC 4456 */ if (bgp_originator_id_loopy(bgp, a) || diff --git a/proto/bgp/bgp.h b/proto/bgp/bgp.h index 77a3671..f45c3aa 100644 --- a/proto/bgp/bgp.h +++ b/proto/bgp/bgp.h @@ -44,6 +44,7 @@ struct bgp_config { int passive; /* Do not initiate outgoing connection */ int interpret_communities; /* Hardwired handling of well-known communities */ int secondary; /* Accept also non-best routes (i.e. RA_ACCEPTED) */ + int allow_as_in; unsigned connect_retry_time; unsigned hold_time, initial_hold_time; unsigned keepalive_time; diff --git a/proto/bgp/config.Y b/proto/bgp/config.Y index d5e5aac..709f5dc 100644 --- a/proto/bgp/config.Y +++ b/proto/bgp/config.Y @@ -26,7 +26,7 @@ CF_KEYWORDS(BGP, LOCAL, NEIGHBOR, AS, HOLD, TIME, CONNECT, RETRY, PREFER, OLDER, MISSING, LLADDR, DROP, IGNORE, ROUTE, REFRESH, INTERPRET, COMMUNITIES, BGP_ORIGINATOR_ID, BGP_CLUSTER_LIST, IGP, TABLE, GATEWAY, DIRECT, RECURSIVE, MED, TTL, SECURITY, DETERMINISTIC, - SECONDARY) + SECONDARY, ALLOW, ALLOW_AS_IN) CF_GRAMMAR @@ -49,6 +49,7 @@ bgp_proto_start: proto_start BGP { BGP_CFG->advertise_ipv4 = 1; BGP_CFG->interpret_communities = 1; BGP_CFG->default_local_pref = 100; + BGP_CFG->allow_as_in = 0; } ; @@ -78,6 +79,7 @@ bgp_proto: | bgp_proto MULTIHOP expr ';' { BGP_CFG->multihop = $3; if (($3<1) || ($3>255)) cf_error("Multihop must be in range 1-255"); } | bgp_proto NEXT HOP SELF ';' { BGP_CFG->next_hop_self = 1; BGP_CFG->next_hop_keep = 0; } | bgp_proto NEXT HOP KEEP ';' { BGP_CFG->next_hop_keep = 1; BGP_CFG->next_hop_self = 0; } + | bgp_proto ALLOW AS IN ';' { BGP_CFG->allow_as_in = 1; } | bgp_proto MISSING LLADDR SELF ';' { BGP_CFG->missing_lladdr = MLL_SELF; } | bgp_proto MISSING LLADDR DROP ';' { BGP_CFG->missing_lladdr = MLL_DROP; } | bgp_proto MISSING LLADDR IGNORE ';' { BGP_CFG->missing_lladdr = MLL_IGNORE; } -- 1.8.4.rc3 -- Milan Kocian
On 18.10.2013 15:23, Milan Kocian wrote:
Sometimes its useful feature. So make it optional per bgp protocol. Based on hint http://permalink.gmane.org/gmane.network.bird.user/944
Signed-off-by: Milan Kocian <milon@wq.cz> --- proto/bgp/attrs.c | 5 +++-- proto/bgp/bgp.h | 1 + proto/bgp/config.Y | 4 +++- 3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c index c27a498..27a2694 100644 --- a/proto/bgp/attrs.c +++ b/proto/bgp/attrs.c @@ -1704,8 +1704,9 @@ bgp_decode_attrs(struct bgp_conn *conn, byte *attr, unsigned int len, struct lin bgp_remove_as4_attrs(bgp, a);
/* If the AS path attribute contains our AS, reject the routes */ - if (bgp_as_path_loopy(bgp, a)) - goto withdraw; + if (!bgp->cf->allow_as_in) + if (bgp_as_path_loopy(bgp, a)) + goto withdraw; Removing loop check at all is wrong (as it can lead to real loops). Typical implementation include configurable maximum number of local ASn that can be contained in path.
/* Two checks for IBGP loops caused by route reflection, RFC 4456 */ if (bgp_originator_id_loopy(bgp, a) || diff --git a/proto/bgp/bgp.h b/proto/bgp/bgp.h index 77a3671..f45c3aa 100644 --- a/proto/bgp/bgp.h +++ b/proto/bgp/bgp.h @@ -44,6 +44,7 @@ struct bgp_config { int passive; /* Do not initiate outgoing connection */ int interpret_communities; /* Hardwired handling of well-known communities */ int secondary; /* Accept also non-best routes (i.e. RA_ACCEPTED) */ + int allow_as_in; unsigned connect_retry_time; unsigned hold_time, initial_hold_time; unsigned keepalive_time; diff --git a/proto/bgp/config.Y b/proto/bgp/config.Y index d5e5aac..709f5dc 100644 --- a/proto/bgp/config.Y +++ b/proto/bgp/config.Y @@ -26,7 +26,7 @@ CF_KEYWORDS(BGP, LOCAL, NEIGHBOR, AS, HOLD, TIME, CONNECT, RETRY, PREFER, OLDER, MISSING, LLADDR, DROP, IGNORE, ROUTE, REFRESH, INTERPRET, COMMUNITIES, BGP_ORIGINATOR_ID, BGP_CLUSTER_LIST, IGP, TABLE, GATEWAY, DIRECT, RECURSIVE, MED, TTL, SECURITY, DETERMINISTIC, - SECONDARY) + SECONDARY, ALLOW, ALLOW_AS_IN)
CF_GRAMMAR
@@ -49,6 +49,7 @@ bgp_proto_start: proto_start BGP { BGP_CFG->advertise_ipv4 = 1; BGP_CFG->interpret_communities = 1; BGP_CFG->default_local_pref = 100; + BGP_CFG->allow_as_in = 0; } ;
@@ -78,6 +79,7 @@ bgp_proto: | bgp_proto MULTIHOP expr ';' { BGP_CFG->multihop = $3; if (($3<1) || ($3>255)) cf_error("Multihop must be in range 1-255"); } | bgp_proto NEXT HOP SELF ';' { BGP_CFG->next_hop_self = 1; BGP_CFG->next_hop_keep = 0; } | bgp_proto NEXT HOP KEEP ';' { BGP_CFG->next_hop_keep = 1; BGP_CFG->next_hop_self = 0; } + | bgp_proto ALLOW AS IN ';' { BGP_CFG->allow_as_in = 1; } | bgp_proto MISSING LLADDR SELF ';' { BGP_CFG->missing_lladdr = MLL_SELF; } | bgp_proto MISSING LLADDR DROP ';' { BGP_CFG->missing_lladdr = MLL_DROP; } | bgp_proto MISSING LLADDR IGNORE ';' { BGP_CFG->missing_lladdr = MLL_IGNORE; }
On Fri, Oct 18, 2013 at 03:33:45PM +0400, Alexander V. Chernikov wrote:
On 18.10.2013 15:23, Milan Kocian wrote:
Sometimes its useful feature. So make it optional per bgp protocol. Based on hint http://permalink.gmane.org/gmane.network.bird.user/944
Signed-off-by: Milan Kocian <milon@wq.cz> --- proto/bgp/attrs.c | 5 +++-- proto/bgp/bgp.h | 1 + proto/bgp/config.Y | 4 +++- 3 files changed, 7 insertions(+), 3 deletions(-)
diff --git a/proto/bgp/attrs.c b/proto/bgp/attrs.c index c27a498..27a2694 100644 --- a/proto/bgp/attrs.c +++ b/proto/bgp/attrs.c @@ -1704,8 +1704,9 @@ bgp_decode_attrs(struct bgp_conn *conn, byte *attr, unsigned int len, struct lin bgp_remove_as4_attrs(bgp, a); /* If the AS path attribute contains our AS, reject the routes */ - if (bgp_as_path_loopy(bgp, a)) - goto withdraw; + if (!bgp->cf->allow_as_in) + if (bgp_as_path_loopy(bgp, a)) + goto withdraw; Removing loop check at all is wrong (as it can lead to real loops). Typical implementation include configurable maximum number of local ASn that can be contained in path.
Sorry for late reply (I lost bird's emails in wrong folder). I am happy with santiago's solution. Many thanks. -- Milan Kocian
On Fri, Oct 18, 2013 at 01:23:01PM +0200, Milan Kocian wrote:
Sometimes its useful feature. So make it optional per bgp protocol. Based on hint http://permalink.gmane.org/gmane.network.bird.user/944
I updated that based on the Alexander Chernikov's suggestion and under the name 'allow local as'. It allows both limited and unlimited number of local ASN in received routes: https://gitlab.labs.nic.cz/labs/bird/commit/a15dab76f93337b07b4b03a64ac3bac2... -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (3)
-
Alexander V. Chernikov -
Milan Kocian -
Ondrej Zajicek