Hi list, I've been using strict bind for bgp, but there might be a lack in my understanding or I have a proposal for a new feature. Strict bind seems to be a bit more restrictive than I'd like (and than I think it is necessary): I would like to use dynamic bgp (using a range for neighbour) with auto-configured LL IPv6 adresses. This doesn't work, of course, if I need to statically configure the source address, which I am forced to with the strict bind option. I am wondering, is this restriction really needed? There is only one IP address (the LL one) on the interface in question (and the interface is specified in config). I think this should mean that bird could just pick that IP address and use it for both source as well as to bind to. If that is true, could a "source address auto" option or so be added to allow such a configuration? In addition, it would be great if a strict bind option could be added for the babel protocol. Also let me say Thanks for bird, it's a pleasure to use! Cheers Sebastian
On Sun, Jan 14, 2024 at 10:50:18PM +0100, Sebastian Hahn wrote:
Hi list,
I've been using strict bind for bgp, but there might be a lack in my understanding or I have a proposal for a new feature. Strict bind seems to be a bit more restrictive than I'd like (and than I think it is necessary):
I would like to use dynamic bgp (using a range for neighbour) with auto-configured LL IPv6 adresses. This doesn't work, of course, if I need to statically configure the source address, which I am forced to with the strict bind option. I am wondering, is this restriction really needed?
Hi You are right, this is something that could be easily changed. Will look at it.
In addition, it would be great if a strict bind option could be added for the babel protocol.
Babel (and OSPF, RIP) already uses one socket per interface. Such socket is not bound to specific IP address using bind(), but is bound to the specific interface using setsockopt(SO_BINDTODEVICE), at least in Linux. We cannot use bind() with local IP address for multicast sockets, as they would reject multicast packets (as they have different dst address as one the socket is bound). Anyway, it should not be necessary. AFAIK, setups that require strict bind in BGP should work out of the box in Babel. Or what specific setup does not work for you?
Also let me say Thanks for bird, it's a pleasure to use!
Thanks! -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) "To err is human -- to blame it on a computer is even more so."
Hi Ondrej,
On 6. Feb 2024, at 19:33, Ondrej Zajicek <santiago@crfreenet.org> wrote:
I would like to use dynamic bgp (using a range for neighbour) with auto-configured LL IPv6 adresses. This doesn't work, of course, if I need to statically configure the source address, which I am forced to with the strict bind option. I am wondering, is this restriction really needed?
Hi
You are right, this is something that could be easily changed. Will look at it.
That would be awesome :)
In addition, it would be great if a strict bind option could be added for the babel protocol.
Babel (and OSPF, RIP) already uses one socket per interface. Such socket is not bound to specific IP address using bind(), but is bound to the specific interface using setsockopt(SO_BINDTODEVICE), at least in Linux.
We cannot use bind() with local IP address for multicast sockets, as they would reject multicast packets (as they have different dst address as one the socket is bound).
Anyway, it should not be necessary. AFAIK, setups that require strict bind in BGP should work out of the box in Babel. Or what specific setup does not work for you?
Oh, I think I was confused by the output of netstat. Using ss instead, I can see that bird correctly binds to just the devices specified in the configuration. I had previously assumed it was binding to all interfaces. Very sorry for this basic mistake. Thanks! Sebastian
On 7. Feb 2024, at 00:02, Sebastian Hahn <bird_users@sebastianhahn.net> wrote:
On 6. Feb 2024, at 19:33, Ondrej Zajicek <santiago@crfreenet.org> wrote:
I would like to use dynamic bgp (using a range for neighbour) with auto-configured LL IPv6 adresses. This doesn't work, of course, if I need to statically configure the source address, which I am forced to with the strict bind option. I am wondering, is this restriction really needed?
Hi
You are right, this is something that could be easily changed. Will look at it.
That would be awesome :)
Hi Ondrej, I didn't see the feature in the 2.15 release announcement so I tried to take a look myself. A simple config patch (attached) seems to be working for me, but I am not sure if it is correct in all circumstances. I don't have any expansive test setup to try it. As an aside, while using dynamic bgp, I think the ergonomics could be improved. When using birdc, the spawned dynamic protocol has a name like "dynbgp1" etc, completely unrelated to the original passive protocol that spawned it. Also, the passive protocol is shown with state down, regardless of whether a protocol was spawned from it or not. Should I look into trying to create a relationship between passive protocols and those it spawned and export it via birdc? Thanks Sebastian
participants (2)
-
Ondrej Zajicek -
Sebastian Hahn