rpsltool templates for BIRD route servers
I released a new version of rpsltool[1] which contains an example configuration file and template for generating the complete configuration of a BIRD route server. (There is an OpenBGPd template as well, does anybody want to contribute one for quagga?) It has been used in production at MINAP[2] for more than one month, and at least by another IX as well. rpsltool is a program which can be used to generate the complete BGP configuration of a router using a template, a configuration file containing the list of peers (in YAML, a simple and human-readable serialization format) and IRR data. It is usually used to generate the BGP configuration and filters of IX peerings sessions, but it can used for customer sessions or a route server as well. Just like irrtoolset, except that it is made of 1500 lines of perl instead of tens of thousands of C++. [1] http://www.linux.it/~md/software/rpsltool-1.5.tgz [2] http://www.minap.it/ the other IX in Milano -- ciao, Marco
On Fri, May 21, 2010 at 03:23:43PM +0200, Marco d'Itri wrote:
I released a new version of rpsltool[1] which contains an example configuration file and template for generating the complete configuration of a BIRD route server.
Could you send me an example of input and output? I can give you some hints with regard to BIRD config. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On May 22, Ondrej Zajicek <santiago@crfreenet.org> wrote:
I released a new version of rpsltool[1] which contains an example configuration file and template for generating the complete configuration of a BIRD route server. Could you send me an example of input and output? I can give you some hints with regard to BIRD config. What do you mean? The examples provided in the package are fully working: you run one of the scripts and you get a complete BIRD or OpenBGPd configuration file.
-- ciao, Marco
On 22.05.2010 16:42 Marco d'Itri wrote
On May 22, Ondrej Zajicek <santiago@crfreenet.org> wrote:
I released a new version of rpsltool[1] which contains an example configuration file and template for generating the complete configuration of a BIRD route server. Could you send me an example of input and output? I can give you some hints with regard to BIRD config. What do you mean? The examples provided in the package are fully working: you run one of the scripts and you get a complete BIRD or OpenBGPd configuration file.
Imho there are zillions of ways to do a configuration. Maybe that's why Ondrej is asking for an example of input and output. Arnold -- Arnold Nipper / nIPper consulting, Sandhausen, Germany email: arnold@nipper.de phone: +49 6224 9259 299 mobile: +49 172 2650958 fax: +49 6224 9259 333
On May 22, Arnold Nipper <arnold@nipper.de> wrote:
Imho there are zillions of ways to do a configuration. Maybe that's why Ondrej is asking for an example of input and output.
I choose the multiple RIB+pipe approach, so something like this is generated for each peer. Then there are the common functions invalid_prefix() (for filtering bogons), bgp_in() ("bgp enforce-first-as"-like check) and bgp_out() (for filtering community-controlled selective announcements). The output format is defined by a template, so if anybody likes a different configuration approach (why?) it can be modified to taste. function bgp_seeweb_in(int peeras) prefix set seeweb_in; { seeweb_in = [ 14.128.0.0/24, 14.191.0.0/22, 14.255.0.0/16, 31.0.0.0/16, 31.1.0.0/21, ... ]; if !(bgp_in(peeras)) then return false; if !(net ~ seeweb_in) then return false; return true; } table T_SEEWEB; protocol pipe P_SEEWEB { table master; mode transparent; peer table T_SEEWEB; /* routes from the global table to seeweb */ export where bgp_out(12637) = true; /* routes from seeweb to the global table */ import where bgp_seeweb_in(12637) = true; } protocol bgp SEEWEB { description "Seeweb"; neighbor 92.60.70.5 as 12637; local as 64725; table T_SEEWEB; rs client; interpret communities no; route limit 1000; # hold time 24; # keepalive time 7; connect retry time 3600; passive; import all; export all; } The input is a series of entries (formally a list of associative arrays) like this one: - as: 12637 description: Seeweb import: AS12637:AS-CUSTOMERS ip: 92.60.70.5 YAML is a serialization format supported by many languages, so the neighbors database can be trivially generated from e.g. a web-driven SQL database. I am interested in implementing new features in rpsltool, so please everybody let me know if you would like to do something which is currently not supported. -- ciao, Marco
On Sat, May 22, 2010 at 04:42:41PM +0200, Marco d'Itri wrote:
On May 22, Ondrej Zajicek <santiago@crfreenet.org> wrote:
I released a new version of rpsltool[1] which contains an example configuration file and template for generating the complete configuration of a BIRD route server. Could you send me an example of input and output? I can give you some hints with regard to BIRD config. What do you mean? The examples provided in the package are fully working: you run one of the scripts and you get a complete BIRD or OpenBGPd configuration file.
Thanks. Although i cannot run the rpsltool (Debian packages libyaml-perl and libyaml-syck-perl does not contain YAML::Any, probably the script needs newer version), the example script is clear and readable enough. The generated config is fine, i have just one note: 1) why use 'scan time 604800' in device protocol section? Device protocol is a part of core functionality of BIRD (i consider it slightly misleading that it has a protocol section, like normal protocols) so it is needed for proper working of BIRD. I would suggest keeping default value of 'scan time' or using something like 10 or 20. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On May 24, Ondrej Zajicek <santiago@crfreenet.org> wrote:
Thanks. Although i cannot run the rpsltool (Debian packages libyaml-perl and libyaml-syck-perl does not contain YAML::Any, probably the script You can either install libyaml-perl from testing or s/YAML::Any/YAML/.
1) why use 'scan time 604800' in device protocol section? Because the route server is not expected to get new IP addresses or interfaces while BIRD is running. Do you believe this could cause troubles?
-- ciao, Marco
On Mon, May 24, 2010 at 11:25:24AM +0200, Marco d'Itri wrote:
1) why use 'scan time 604800' in device protocol section? Because the route server is not expected to get new IP addresses or interfaces while BIRD is running. Do you believe this could cause troubles?
Probably not. The interface appear/disappear events are handled as a asynchronous events and this scan is here only to clean up discrepancies if some of these asynchronous events are missed. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (3)
-
Arnold Nipper -
md@Linux.IT -
Ondrej Zajicek