RPKI protocol is loop starting if the min version is not available
Hello, Following the 2.16 release with ASPA support, I tried to play with it. So I tried to connect a bird instance to a RTR server with version 2 as stated by https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.16
The same protocol, since version 2, also receives and maintains a set of ASPAs. You can then validate AS paths using function aspa_check() in (import) filters.
It seems that I misconfigured my routinator, but instead of an error with a timer, it tries to reconnect right away, which fail again, etc. Here are the logs: Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Connected Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.roa4: State changed to UP Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.roa6: State changed to UP Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.aspa: State changed to UP Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: State changed to up Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Changing from Connecting to Sync-Start state Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Sending Reset Query packet Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Received Error packet (Unsupported-Protocol-Version: 'only versions 0 up to and including MAX_VERSION supported', Reset Query packet: 02 02 00 00 00 00 00 08) Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Client uses unsupported protocol version Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Got UNSUPPORTED_PROTOCOL_VER error PDU with invalid values, current version: 2, PDU version: 1 Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Changing from Sync-Start to Fatal-Protocol-Error state Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.roa4: State changed to FLUSHING Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.roa6: State changed to FLUSHING Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.aspa: State changed to FLUSHING Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: State changed to flush Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.roa4: State changed to DOWN Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.roa6: State changed to DOWN Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.aspa: State changed to DOWN Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: State changed to down Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Starting Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Changing from Down to Connecting state Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Opening a connection Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: State changed to start Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Connected And here is the config I used: protocol rpki rpki_rr3 { debug all; roa4 { table r4; }; roa6 { table r6; }; aspa { table at; }; remote "rr3.swordarmor.fr"; min version 2; max version 2; disabled; } -- Alarig
On Mon, Dec 16, 2024 at 01:31:03PM +0100, Alarig Le Lay via Bird-users wrote:
Hello,
Following the 2.16 release with ASPA support, I tried to play with it. So I tried to connect a bird instance to a RTR server with version 2 as stated by https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.16
The same protocol, since version 2, also receives and maintains a set of ASPAs. You can then validate AS paths using function aspa_check() in (import) filters.
It seems that I misconfigured my routinator, but instead of an error with a timer, it tries to reconnect right away, which fail again, etc.
Hello So if i undestand it correctly, if you put both 'min version 2' and 'max version 2', it failed? (that is expected if the peer does not support version 2) If you remove that option or put lower number it worked? I see here two issues: 1) There should be some timeout between retries. 2) The RPKI protocol outline in documentation should not contain 'min version 2' but 'min version <num>' as it is just an outline of options, not an example. Is that what you mean? Also it is funny that Routinator answered with: 'only versions 0 up to and including MAX_VERSION supported' without stating what is the MAX_VERSION.
Here are the logs: Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Connected Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.roa4: State changed to UP Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.roa6: State changed to UP Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.aspa: State changed to UP Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: State changed to up Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Changing from Connecting to Sync-Start state Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Sending Reset Query packet Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Received Error packet (Unsupported-Protocol-Version: 'only versions 0 up to and including MAX_VERSION supported', Reset Query packet: 02 02 00 00 00 00 00 08) Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Client uses unsupported protocol version Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Got UNSUPPORTED_PROTOCOL_VER error PDU with invalid values, current version: 2, PDU version: 1 Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Changing from Sync-Start to Fatal-Protocol-Error state Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.roa4: State changed to FLUSHING Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.roa6: State changed to FLUSHING Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.aspa: State changed to FLUSHING Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: State changed to flush Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.roa4: State changed to DOWN Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.roa6: State changed to DOWN Dec 16 13:27:54 edge03-stolon bird: rpki_rr3.aspa: State changed to DOWN Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: State changed to down Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Starting Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Changing from Down to Connecting state Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Opening a connection Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: State changed to start Dec 16 13:27:54 edge03-stolon bird: rpki_rr3: Connected
And here is the config I used: protocol rpki rpki_rr3 { debug all; roa4 { table r4; }; roa6 { table r6; }; aspa { table at; };
remote "rr3.swordarmor.fr"; min version 2; max version 2; disabled; }
-- Alarig
-- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) "To err is human -- to blame it on a computer is even more so."
On Mon 16 Dec 2024 17:23:46 GMT, Ondrej Zajicek wrote:
Hello
So if i undestand it correctly, if you put both 'min version 2' and 'max version 2', it failed? (that is expected if the peer does not support version 2)
My original goal was to feed the ASPA table, but the protocol was negotiated on v1. So I tried to put the 'min version' option to try to force it, without success, then add the 'max version' as well, just to have the same thing than on the documentation.
If you remove that option or put lower number it worked?
Both 'min version' alone or with 'max version' have the same loop behaviour
I see here two issues:
1) There should be some timeout between retries.
Indeed
2) The RPKI protocol outline in documentation should not contain 'min version 2' but 'min version <num>' as it is just an outline of options, not an example.
For this part, I added the 'min version 2' just to try to force it. My first try was without it. And the initial issue is probably that I mis-configured the routinator.
Is that what you mean?
Also it is funny that Routinator answered with: 'only versions 0 up to and including MAX_VERSION supported' without stating what is the MAX_VERSION.
You tell me, that’s not a very useful error message :p -- Alarig
On Mon, Dec 16, 2024 at 10:59:06PM +0100, Alarig Le Lay via Bird-users wrote:
Also it is funny that Routinator answered with: 'only versions 0 up to and including MAX_VERSION supported' without stating what is the MAX_VERSION.
You tell me, that’s not a very useful error message :p
The code that produces the error is here: https://github.com/NLnetLabs/rpki-rs/blob/aa74957aa2965108ea18adb0c0b81861de... MAX_VERSION is defined here: https://github.com/NLnetLabs/rpki-rs/blob/aa74957aa2965108ea18adb0c0b81861de... Copy+pasting: """ //============ Constants ===================================================== /// The maximum protocol version we support. /// /// We support all protocol versions from 0 up to and including this value. /// /// While the server technically supports version 2 as well, the format of the /// ASPA PDU has not yet been agreed upon. Rather than possibly deploying /// broken servers, we only announce support for version 0 or 1 for now. const MAX_VERSION: u8 = 1; """ Indeed, I agree with the comment, the RTR protocol has not yet been agreed upon. So for similar reasons, I effectively disabled ASPA in the StayRTR implementation a few months ago: https://github.com/bgp/stayrtr/commit/cef0a53aadb4edf99db16679514e36fb0ff7d4... I very recently compiled a list of open todo items to move ASPA / RTR forward here: https://mailarchive.ietf.org/arch/msg/sidrops/fwPjecfnlU5JYi_hU-Sh3o7WRHQ/ Kind regards, Job
participants (3)
-
Alarig Le Lay -
Job Snijders -
Ondrej Zajicek