Re: OpenBGPD communities, localpref on originating prefixes
On Thu, 28 Apr 2011 08:50:41 -0500
falz m...@falz.net wrote:
PREFIX_ORIGINATE= { 10.171.0.0/19, 101.192.144.0/24,
91.199.248.0/24 } COMMUNITY_TEST = 65000:666
network 10.171.0.0/19
network 101.192.144.0/24
network 91.199.248.0/22
# default allow/deny stuff from sample conf is here
match from any prefix $PREFIX_ORIGINATE set localpref 140
match from any prefix $PREFIX_ORIGINATE set community $COMMUNITY_TEST
match from any prefix $PREFIX_ORIGINATE set med 12
The filter you wrote will set the attributes on prefixes you receive
from other bgp speakers.
Try:
network 10.171.0.0/19 set { localpref 140 metric 12 community 65000:666 }
etc..
/Martin
Re: OpenBGPD communities, localpref on originating prefixes
Martin Hein wrote:
network 10.171.0.0/19 set { localpref 140 metric 12 community 65000:666 }
I did test this before but only with a bgpctl reload. I've retested
this above with fully stopping and starting bgpd and it does then
work. Is there no graceful way to do this? Seems odd that bgpd has to
completely stop to change settings on network statements. `bgpctl
network` doesn't seem to have any type of refresh, just add and flush.
Is there just some command that I'm missing?
Re: OpenBGPD communities, localpref on originating prefixes
* falz m...@falz.net [2011-04-28 16:57]:
PREFIX_ORIGINATE= { 10.171.0.0/19, 101.192.144.0/24, 91.199.248.0/24
}
COMMUNITY_TEST = 65000:666
network 10.171.0.0/19
network 101.192.144.0/24
network 91.199.248.0/22
# default allow/deny stuff from sample conf is here
match from any prefix $PREFIX_ORIGINATE set localpref 140
so this is matching inbound, aka routes you learn form any peer
# bgpctl show ip bgp
flags destination gateway lpref med aspath origin
AI* 10.171.0.0/190.0.0.0100 0 i
and here you are looking at outgoing announcements, prefixes that
originate on your box.
aka everything works as intended :)
The 'match' statements I'm using above do work if I'm receiving routes
from another peer so the syntax does appear to be valid. I've also
tried them in the 'neighbor' statement with no luck. Doing so there
also seems odd since I would have to have multiple neighbor statements
for each originating prefix.
match out to any prefix $foo set $bar
(note that this doesn't make sense for localpref, that is, as the name
sez, local to your router)
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
Re: OpenBGPD communities, localpref on originating prefixes
* falz m...@falz.net [2011-04-28 18:48]:
Martin Hein wrote:
network 10.171.0.0/19 set { localpref 140 metric 12 community 65000:666 }
I did test this before but only with a bgpctl reload. I've retested
this above with fully stopping and starting bgpd and it does then
work. Is there no graceful way to do this? Seems odd that bgpd has to
completely stop to change settings on network statements. `bgpctl
network` doesn't seem to have any type of refresh, just add and flush.
if this doesn't work with reload and clearing the session(s) in
question this would be a bug.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services, http://bsws.de
Full-Service ISP - Secure Hosting, Mail and DNS Services
Dedicated Servers, Rootservers, Application Hosting
Re: OpenBGPD communities, localpref on originating prefixes
On Thu, Apr 28, 2011 at 10:41 AM, falz m...@falz.net wrote:
Martin Hein wrote:
network 10.171.0.0/19 set { localpref 140 metric 12 community 65000:666 }
I did test this before but only with a bgpctl reload. I've retested
this above with fully stopping and starting bgpd and it does then
work. Is there no graceful way to do this? Seems odd that bgpd has to
completely stop to change settings on network statements. `bgpctl
network` doesn't seem to have any type of refresh, just add and flush.
Is there just some command that I'm missing?
Ok, I see that I can use `bgpctl network delete/add x.x.x.x/yy
localpref 140`.. and so on and it works. deleting and re-adding it
doesn't seem to read from the config. Doing this should work but may
get messy keeping the config in sync manually. Is there any other way?
Re: OpenBGPD communities, localpref on originating prefixes
On Thu, Apr 28, 2011 at 11:02:40AM -0500, falz wrote:
On Thu, Apr 28, 2011 at 10:41 AM, falz m...@falz.net wrote:
Martin Hein wrote:
network 10.171.0.0/19 set { localpref 140 metric 12 community 65000:666 }
I did test this before but only with a bgpctl reload. I've retested
this above with fully stopping and starting bgpd and it does then
work. Is there no graceful way to do this? Seems odd that bgpd has to
completely stop to change settings on network statements. `bgpctl
network` doesn't seem to have any type of refresh, just add and flush.
Is there just some command that I'm missing?
Ok, I see that I can use `bgpctl network delete/add x.x.x.x/yy
localpref 140`.. and so on and it works. deleting and re-adding it
doesn't seem to read from the config. Doing this should work but may
get messy keeping the config in sync manually. Is there any other way?
How about testing this diff instead. I think it should solve the missing
filter updates. It compiles but I did not have the time to test it myself
but I think it should work.
--
:wq Claudio
Index: bgpd.h
===
RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v
retrieving revision 1.263
diff -u -p -r1.263 bgpd.h
--- bgpd.h 24 Oct 2010 17:20:08 - 1.263
+++ bgpd.h 28 Apr 2011 17:56:52 -
@@ -931,6 +931,8 @@ void pftable_ref(u_int16_t);
/* rde_filter.c */
voidfilterset_free(struct filter_set_head *);
int filterset_cmp(struct filter_set *, struct filter_set *);
+voidfilterset_move(struct filter_set_head *,
+ struct filter_set_head *);
const char *filterset_name(enum action_types);
/* util.c */
Index: kroute.c
===
RCS file: /cvs/src/usr.sbin/bgpd/kroute.c,v
retrieving revision 1.187
diff -u -p -r1.187 kroute.c
--- kroute.c7 Mar 2011 07:43:02 - 1.187
+++ kroute.c28 Apr 2011 17:57:16 -
@@ -1155,6 +1155,8 @@ kr_net_reload(u_int rtableid, struct net
xn = kr_net_find(kt, n);
if (xn) {
xn-net.old = 0;
+ filterset_free(xn-net.attrset);
+ filterset_move(n-net.attrset, xn-net.attrset);
kr_net_delete(n);
} else
TAILQ_INSERT_TAIL(kt-krn, n, entry);
Index: parse.y
===
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.258
diff -u -p -r1.258 parse.y
--- parse.y 2 Sep 2010 14:03:21 - 1.258
+++ parse.y 28 Apr 2011 17:58:22 -
@@ -126,8 +126,6 @@ int neighbor_consistent(struct peer *)
int merge_filterset(struct filter_set_head *, struct filter_set *);
voidcopy_filterset(struct filter_set_head *,
struct filter_set_head *);
-voidmove_filterset(struct filter_set_head *,
- struct filter_set_head *);
struct filter_rule *get_rule(enum action_types);
int getcommunity(char *);
@@ -608,7 +606,7 @@ network : NETWORK prefix filter_set {
memcpy(n-net.prefix, $2.prefix,
sizeof(n-net.prefix));
n-net.prefixlen = $2.len;
- move_filterset($3, n-net.attrset);
+ filterset_move($3, n-net.attrset);
free($3);
TAILQ_INSERT_TAIL(netconf, n, entry);
@@ -626,7 +624,7 @@ network : NETWORK prefix filter_set {
YYERROR;
}
n-net.type = $3 ? NETWORK_STATIC : NETWORK_CONNECTED;
- move_filterset($4, n-net.attrset);
+ filterset_move($4, n-net.attrset);
free($4);
TAILQ_INSERT_TAIL(netconf, n, entry);
@@ -3462,22 +3460,6 @@ copy_filterset(struct filter_set_head *s
fatal(NULL);
memcpy(t, s, sizeof(struct filter_set));
TAILQ_INSERT_TAIL(dest, t, entry);
- }
-}
-
-void
-move_filterset(struct filter_set_head *source, struct filter_set_head *dest)
-{
- struct filter_set *s;
-
- TAILQ_INIT(dest);
-
- if (source == NULL)
- return;
-
- while ((s = TAILQ_FIRST(source)) != NULL) {
- TAILQ_REMOVE(source, s, entry);
- TAILQ_INSERT_TAIL(dest, s, entry);
}
}
Index: rde_filter.c
===
RCS file: /cvs/src/usr.sbin/bgpd/rde_filter.c,v
retrieving revision 1.65
diff -u -p -r1.65 rde_filter.c
--- rde_filter.c29 Nov 2010 17:02:41 - 1.65
+++ rde_filter.c28 Apr 2011 17:58:05 -
@@ -516,6 +516,22 @@
Re: OpenBGPD communities, localpref on originating prefixes
Henning Brauer Wrote:
if this doesn't work with reload and clearing the session(s) in
question this would be a bug.
I'd like to confirm if it is or not This is a fresh install of i386 4.8.
My current workaround is to replicate what's in my config:
network 10.171.0.0/19 set { localpref 140 metric 12 community 65000:666 }
by issuing:
bgpctl network add 10.171.0.0/19 localpref 140 metric 12 community 65000:666
If you use 'network add' and don't specify all settings concurrently
it overrides the items that were NOT set with their defaults. If I
issued these commands seperately:
bgpctl network 10.171.0.0/19 localpref 140
bgpctl network 10.171.0.0/19 metric 12
bgpctl network 10.171.0.0/19 community 65000:666
You'd be left with 10.171.0.0/19 having metric 0, localpref 100,
community 65000:666. This is possibly desired behavior but is good to
know for anyone using bgpd.
Re: OpenBGPD communities, localpref on originating prefixes
Henning Brauer wrote: so this is matching inbound, aka routes you learn form any peer (note that this doesn't make sense for localpref, that is, as the name sez, local to your router) Thanks, I didn't realize that the match/allow/deny rules apply only to prefixes passing between neighbors, it's easier to think about this way. Localpref is local to your IBGP, not just one router. Claudio Jeker wrote: How about testing this diff instead. I think it should solve the missing filter updates. It compiles but I did not have the time to test it myself but I think it should work. Just tested it and indeed it does indeed work, thanks for this, much appreciated! We've only been using this in a lab environment for a few days and it's great to see support like this, very promising and should help to make the case to use this in production. I've been putting my filter syntax examples on this page if anyone comes across this thread and is curious: http://falz.net/tech/openbgpd --falz
