Re: [Ryu-devel] IP addresses in BMP messages

[Fujimoto Satoshi]

Hi, Tsuboi-san

Thank you for your confirmation!


Hi, Henk

You may need to reinstall Ryu after applying the patch.
Please take the following steps:

$ cd ryu
$ pip uninstall Ryu
$ pip install -r tools/pip-requires
$ python setup.py install


Thanks,
Fujimoto

On 2017年08月17日 08:42, Toshiki Tsuboi wrote:

Hi, Fujimoto-san

I’ve confirmed this issue in Ryu BMP.

After applying patches, local_address and peer_address can report properly.

(0) applying patch content

*diff --git a/ryu/lib/packet/bmp.py b/ryu/lib/packet/bmp.py*
*index 9d1cda3..bdf99e7 100644*
*--- a/ryu/lib/packet/bmp.py*
*+++ b/ryu/lib/packet/bmp.py*
@@ -208,7 +208,7 @@class BMPPeerMessage(BMPMessage):
      if peer_flags & (1 << 7):
          peer_address = addrconv.ipv6.bin_to_text(peer_address)
      else:
-            peer_address = addrconv.ipv4.bin_to_text(peer_address[:4])
+            peer_address = addrconv.ipv4.bin_to_text(peer_address[-4:])


      peer_bgp_id = addrconv.ipv4.bin_to_text(peer_bgp_id)


@@ -562,7 +562,7 @@class BMPPeerUpNotification(BMPPeerMessage):

remote_port) = struct.unpack_from(cls._PACK_STR, six.binary_type(rest))

      if '.' in kwargs['peer_address']:
-            local_address = addrconv.ipv4.bin_to_text(local_address[:4])
+            local_address = addrconv.ipv4.bin_to_text(local_address[-4:])
      elif ':' in kwargs['peer_address']:
          local_address = addrconv.ipv6.bin_to_text(local_address)
      else:
Sorry for my avoid of applying patch to serialize_tail method.
I don’t have RyuBGPSpeaker w/BMP Environment.

(1) Before applying patches
$ ryu-manager --verbose bmpstation.py
Registered VCS backend: git
Registered VCS backend: hg
Registered VCS backend: svn
Registered VCS backend: bzr
loading app bmpstation.py
instantiating app bmpstation.py of BMPStation
BRICK bmpstation
listening on 0.0.0.0:11019
BMP client connected, ip=192.168.100.3, port=42625

2017 Aug 17 08:09:59 | 192.168.100.3 | BMPInitiation(info=[],len=6,type=4,version=3)

2017 Aug 17 08:10:29 | 192.168.100.3 | BMPPeerUpNotification(is_post_policy=False,len=182,local_address='0.0.0.0',local_port=23780,peer_address='0.0.0.0',peer_as=65004,peer_bgp_id='10.10.10.3',peer_distinguisher=279172874240001,peer_type=1,received_open_message=BGPOpen(bgp_identifier='10.10.10.3',hold_time=180,len=57,my_as=65004,opt_param=[BGPOptParamCapabilityMultiprotocol(afi=1,cap_code=1,cap_length=4,length=6,reserved=0,safi=1,type=2), BGPOptParamCapabilityRouteRefresh(cap_code=2,cap_length=0,length=2,type=2), BGPOptParamCapabilityCiscoRouteRefresh(cap_code=128,cap_length=0,length=2,type=2), BGPOptParamCapabilityEnhancedRouteRefresh(cap_code=70,cap_length=0,length=2,type=2), BGPOptParamCapabilityFourOctetAsNumber(as_number=65004,cap_code=65,cap_length=4,length=6,type=2)],opt_param_len=28,type=1,version=4),remote_port=179,sent_open_message=BGPOpen(bgp_identifier='10.0.1.2',hold_time=180,len=57,my_as=65000,opt_param=[BGPOptParamCapabilityMultiprotocol(afi=1,cap_code=1,cap_length=4,length=6,reserved=0,safi=1,type=2), BGPOptParamCapabilityCiscoRouteRefresh(cap_code=128,cap_length=0,length=2,type=2), BGPOptParamCapabilityRouteRefresh(cap_code=2,cap_length=0,length=2,type=2), BGPOptParamCapabilityEnhancedRouteRefresh(cap_code=70,cap_length=0,length=2,type=2), BGPOptParamCapabilityFourOctetAsNumber(as_number=65000,cap_code=65,cap_length=4,length=6,type=2)],opt_param_len=28,type=1,version=4),timestamp=0.0,type=3,version=3)

(1) After applying patches
$ ryu-manager --verbose bmpstation.py
Registered VCS backend: git
Registered VCS backend: hg
Registered VCS backend: svn
Registered VCS backend: bzr
loading app bmpstation.py
instantiating app bmpstation.py of BMPStation
BRICK bmpstation
listening on 0.0.0.0:11019
BMP client connected, ip=192.168.100.3, port=16413

2017 Aug 17 08:16:05 | 192.168.100.3 | BMPInitiation(info=[],len=6,type=4,version=3)

2017 Aug 17 08:16:31 | 192.168.100.3 | BMPPeerUpNotification(is_post_policy=False,len=182,local_address='192.168.103.1',local_port=179,peer_address='192.168.103.2',peer_as=65004,peer_bgp_id='10.10.10.3',peer_distinguisher=279172874240001,peer_type=1,received_open_message=BGPOpen(bgp_identifier='10.10.10.3',hold_time=180,len=57,my_as=65004,opt_param=[BGPOptParamCapabilityMultiprotocol(afi=1,cap_code=1,cap_length=4,length=6,reserved=0,safi=1,type=2), BGPOptParamCapabilityRouteRefresh(cap_code=2,cap_length=0,length=2,type=2), BGPOptParamCapabilityCiscoRouteRefresh(cap_code=128,cap_length=0,length=2,type=2), BGPOptParamCapabilityEnhancedRouteRefresh(cap_code=70,cap_length=0,length=2,type=2), BGPOptParamCapabilityFourOctetAsNumber(as_number=65004,cap_code=65,cap_length=4,length=6,type=2)],opt_param_len=28,type=1,version=4),remote_port=63736,sent_open_message=BGPOpen(bgp_identifier='10.0.1.2',hold_time=180,len=57,my_as=65000,opt_param=[BGPOptParamCapabilityMultiprotocol(afi=1,cap_code=1,cap_length=4,length=6,reserved=0,safi=1,type=2), BGPOptParamCapabilityCiscoRouteRefresh(cap_code=128,cap_length=0,length=2,type=2), BGPOptParamCapabilityRouteRefresh(cap_code=2,cap_length=0,length=2,type=2), BGPOptParamCapabilityEnhancedRouteRefresh(cap_code=70,cap_length=0,length=2,type=2), BGPOptParamCapabilityFourOctetAsNumber(as_number=65000,cap_code=65,cap_length=4,length=6,type=2)],opt_param_len=28,type=1,version=4),timestamp=0.0,type=3,version=3)

It looks fine in Ryu BMP Environment as you can see.
Thanks.

Toshiki Tsuboi

2017/08/16 14:54、Fujimoto Satoshi <satoshi.fujimo...@gmail.com <mailto:satoshi.fujimo...@gmail.com>>のメール:

Hi, Henk

Thank you for your report!

As you said, now Ryu expects Peer address starts with IPv4 address, not 12 bytes of padding:

https://github.com/osrg/ryu/blob/master/ryu/lib/packet/bmp.py#L211

This quick fix should fix your problem. Could you try this?

diff --git a/ryu/lib/packet/bmp.py b/ryu/lib/packet/bmp.py
index 9d1cda3..3e20647 100644
--- a/ryu/lib/packet/bmp.py
+++ b/ryu/lib/packet/bmp.py
@@ -208,7 +208,7 @@ class BMPPeerMessage(BMPMessage):
        if peer_flags & (1 << 7):
            peer_address = addrconv.ipv6.bin_to_text(peer_address)
        else:
-            peer_address = addrconv.ipv4.bin_to_text(peer_address[:4])
+            peer_address = addrconv.ipv4.bin_to_text(peer_address[-4:])

        peer_bgp_id = addrconv.ipv4.bin_to_text(peer_bgp_id)

@@ -234,7 +234,7 @@ class BMPPeerMessage(BMPMessage):
            flags |= (1 << 7)
            peer_address = addrconv.ipv6.text_to_bin(self.peer_address)
        else:
-            peer_address = addrconv.ipv4.text_to_bin(self.peer_address)

+ peer_address = b'\x00' * 12 + addrconv.ipv4.text_to_bin(self.peer_address)

        peer_bgp_id = addrconv.ipv4.text_to_bin(self.peer_bgp_id)

Thanks,
Fujimoto


On 2017年08月15日 23:52, Henk Smit wrote:

Hello,

I noticed a bug in your BMP collector implementation.

See RFC 7854:
https://tools.ietf.org/html/rfc7854#section-4.2

  o  Peer Address: The remote IP address associated with the TCP
     session over which the encapsulated PDU was received.  It is 4
     bytes long if an IPv4 address is carried in this field (with the
     12 most significant bytes zero-filled) and 16 bytes long if an
     IPv6 address is carried in this field.

If the peer-address is an IPv4 address, the format should be:
12 bytes with value zero, followed by 4 bytes with the IPv4 address
It seems your BMP implementation expects:
4 bytes with the IPv4 address, followed by 12 bytes with value zero

That's wrong.
See the RFC.

As a result, your BMP collector will always report IPv4-peers as 0.0.0.0. The same problem happens with the local-address in the peer-up message. Also always wrongly reported as 0.0.0.0.

I checked, and existing implementations of BMP in routers follow the RFC.

I suggest your fix the problem on Ryu's end.

The fix should be easy, but I am not working on Ryu, so I am not going to fix this myself.

Is there still ongoing development of the BMP part of Ryu ?

An obvious bug like this would seem to indicate that very few people are using Ryu's BMP ? Or else maybe everybody is using IPv6 ? With IPv6 all 16 bytes in the address are used, so in that case, there is no confusion and no bug.

Thanks in advance,

henk.

------------------------------------------------------------------------------

Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot


_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Ryu-devel mailing list
Ryu-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ryu-devel