Re: bgpd local-address improvement
On Thu, Apr 23, 2020 at 06:08:02PM +0100, Stuart Henderson wrote: > We could use it in the sample config too. OK? OK. Lets burn down the bad v4 vs v6 groups :) > Index: bgpd.conf > === > RCS file: /cvs/src/etc/examples/bgpd.conf,v > retrieving revision 1.18 > diff -u -p -r1.18 bgpd.conf > --- bgpd.conf 16 Feb 2020 20:02:21 - 1.18 > +++ bgpd.conf 23 Apr 2020 17:07:12 - > @@ -51,18 +51,15 @@ prefix-set bogons { > network prefix-set mynetworks set large-community $ASN:1:1 > > # assume simple network with 3 routers in IBGP full mesh > -group "ibgp mesh v4" { > +group "ibgp mesh" { > remote-as $ASN > - # use loopback for IBGP sessions, assume its distributed in OSPF > + # use loopback for IBGP sessions, assume it's distributed in OSPF > local-address 192.0.2.1 > - neighbor 192.0.2.2 # router 2 ipv4 > - neighbor 192.0.2.3 # router 3 ipv4 > -} > -# define the IPv6 IBGP sessions > -group "ibgp mesh v6" { > - remote-as $ASN > local-address 2001:db8:abcd::1 > + > + neighbor 192.0.2.2 # router 2 ipv4 > neighbor 2001:db8:abcd::2 # router 2 ipv6 > + neighbor 192.0.2.3 # router 3 ipv4 > neighbor 2001:db8:abcd::3 # router 3 ipv6 > } > > -- :wq Claudio
Re: bgpd local-address improvement
We could use it in the sample config too. OK? Index: bgpd.conf === RCS file: /cvs/src/etc/examples/bgpd.conf,v retrieving revision 1.18 diff -u -p -r1.18 bgpd.conf --- bgpd.conf 16 Feb 2020 20:02:21 - 1.18 +++ bgpd.conf 23 Apr 2020 17:07:12 - @@ -51,18 +51,15 @@ prefix-set bogons { network prefix-set mynetworks set large-community $ASN:1:1 # assume simple network with 3 routers in IBGP full mesh -group "ibgp mesh v4" { +group "ibgp mesh" { remote-as $ASN - # use loopback for IBGP sessions, assume its distributed in OSPF + # use loopback for IBGP sessions, assume it's distributed in OSPF local-address 192.0.2.1 - neighbor 192.0.2.2 # router 2 ipv4 - neighbor 192.0.2.3 # router 3 ipv4 -} -# define the IPv6 IBGP sessions -group "ibgp mesh v6" { - remote-as $ASN local-address 2001:db8:abcd::1 + + neighbor 192.0.2.2 # router 2 ipv4 neighbor 2001:db8:abcd::2 # router 2 ipv6 + neighbor 192.0.2.3 # router 3 ipv4 neighbor 2001:db8:abcd::3 # router 3 ipv6 }
Re: bgpd local-address improvement
reads ok Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.04.23 10:04:15 +0200: > local-address is one of those values that need to be set in some cases but > is not very flexible to use. This diff tries to change this a bit. > > It allows to set the local-address for both IPv4 and IPv6 at the same time > and also allows to unset a previously set local-address. For example: > > group IBGP { > local-address 192.0.2.1 > local-address 2001:db8:abcd::1 > > neighbor 192.0.2.2 { remote-as $AS } > neighbor 2001:db8:abcd::2 { remote-as $AS } > > # reset the local-address for whatever reason > neighbor 192.0.2.3 { > no local-address > remote-as $AS > } > } > > As usual setting a local-address on the neighbor will override the group > config. I think for IBGP and multihop sessions this can simplify the > config a fair bit. In my case this will collaps IPv4 and IPv6 specific > groups back together since the only reason they are split is because of > local-address. > > What do other bgpd user think? > -- > :wq Claudio > > Index: bgpd.h > === > RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v > retrieving revision 1.401 > diff -u -p -r1.401 bgpd.h > --- bgpd.h14 Feb 2020 13:54:31 - 1.401 > +++ bgpd.h22 Apr 2020 15:50:46 - > @@ -365,7 +365,8 @@ struct capabilities { > > struct peer_config { > struct bgpd_addr remote_addr; > - struct bgpd_addr local_addr; > + struct bgpd_addr local_addr_v4; > + struct bgpd_addr local_addr_v6; > struct peer_auth auth; > struct capabilities capabilities; > char group[PEER_DESCR_LEN]; > Index: parse.y > === > RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v > retrieving revision 1.405 > diff -u -p -r1.405 parse.y > --- parse.y 16 Mar 2020 14:47:30 - 1.405 > +++ parse.y 23 Apr 2020 07:51:25 - > @@ -1260,8 +1260,27 @@ peeropts : REMOTEAS as4number{ > free($2); > } > | LOCALADDR address { > - memcpy(&curpeer->conf.local_addr, &$2, > - sizeof(curpeer->conf.local_addr)); > + if ($2.aid == AID_INET) > + memcpy(&curpeer->conf.local_addr_v4, &$2, > + sizeof(curpeer->conf.local_addr_v4)); > + else if ($2.aid == AID_INET6) > + memcpy(&curpeer->conf.local_addr_v6, &$2, > + sizeof(curpeer->conf.local_addr_v6)); > + else { > + yyerror("Unsupported address family %s for " > + "local-addr", aid2str($2.aid)); > + YYERROR; > + } > + } > + | yesno LOCALADDR { > + if ($1) { > + yyerror("bad local-address definition"); > + YYERROR; > + } > + memset(&curpeer->conf.local_addr_v4, 0, > + sizeof(curpeer->conf.local_addr_v4)); > + memset(&curpeer->conf.local_addr_v6, 0, > + sizeof(curpeer->conf.local_addr_v6)); > } > | MULTIHOP NUMBER { > if ($2 < 2 || $2 > 255) { > @@ -4176,11 +4195,17 @@ str2key(char *s, char *dest, size_t max_ > int > neighbor_consistent(struct peer *p) > { > - /* local-address and peer's address: same address family */ > - if (p->conf.local_addr.aid && > - p->conf.local_addr.aid != p->conf.remote_addr.aid) { > - yyerror("local-address and neighbor address " > - "must be of the same address family"); > + struct bgpd_addr *local_addr; > + > + switch (p->conf.remote_addr.aid) { > + case AID_INET: > + local_addr = &p->conf.local_addr_v4; > + break; > + case AID_INET6: > + local_addr = &p->conf.local_addr_v6; > + break; > + default: > + yyerror("Bad address family for remote-addr"); > return (-1); > } > > @@ -4189,7 +4214,7 @@ neighbor_consistent(struct peer *p) > p->conf.auth.method == AUTH_IPSEC_IKE_AH || > p->conf.auth.method == AUTH_IPSEC_MANUAL_ESP || > p->conf.auth.method == AUTH_IPSEC_MANUAL_AH) && > - !p->conf.local_addr.aid) { > + local_addr->aid == AID_UNSPEC) { > yyerror("neighbors with any form of IPsec configured " > "need local-address to be specified"); > return (-1); > Index: pfkey.c > === > RCS fil
bgpd local-address improvement
local-address is one of those values that need to be set in some cases but is not very flexible to use. This diff tries to change this a bit. It allows to set the local-address for both IPv4 and IPv6 at the same time and also allows to unset a previously set local-address. For example: group IBGP { local-address 192.0.2.1 local-address 2001:db8:abcd::1 neighbor 192.0.2.2 { remote-as $AS } neighbor 2001:db8:abcd::2 { remote-as $AS } # reset the local-address for whatever reason neighbor 192.0.2.3 { no local-address remote-as $AS } } As usual setting a local-address on the neighbor will override the group config. I think for IBGP and multihop sessions this can simplify the config a fair bit. In my case this will collaps IPv4 and IPv6 specific groups back together since the only reason they are split is because of local-address. What do other bgpd user think? -- :wq Claudio Index: bgpd.h === RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v retrieving revision 1.401 diff -u -p -r1.401 bgpd.h --- bgpd.h 14 Feb 2020 13:54:31 - 1.401 +++ bgpd.h 22 Apr 2020 15:50:46 - @@ -365,7 +365,8 @@ struct capabilities { struct peer_config { struct bgpd_addr remote_addr; - struct bgpd_addr local_addr; + struct bgpd_addr local_addr_v4; + struct bgpd_addr local_addr_v6; struct peer_auth auth; struct capabilities capabilities; char group[PEER_DESCR_LEN]; Index: parse.y === RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v retrieving revision 1.405 diff -u -p -r1.405 parse.y --- parse.y 16 Mar 2020 14:47:30 - 1.405 +++ parse.y 23 Apr 2020 07:51:25 - @@ -1260,8 +1260,27 @@ peeropts : REMOTEAS as4number{ free($2); } | LOCALADDR address { - memcpy(&curpeer->conf.local_addr, &$2, - sizeof(curpeer->conf.local_addr)); + if ($2.aid == AID_INET) + memcpy(&curpeer->conf.local_addr_v4, &$2, + sizeof(curpeer->conf.local_addr_v4)); + else if ($2.aid == AID_INET6) + memcpy(&curpeer->conf.local_addr_v6, &$2, + sizeof(curpeer->conf.local_addr_v6)); + else { + yyerror("Unsupported address family %s for " + "local-addr", aid2str($2.aid)); + YYERROR; + } + } + | yesno LOCALADDR { + if ($1) { + yyerror("bad local-address definition"); + YYERROR; + } + memset(&curpeer->conf.local_addr_v4, 0, + sizeof(curpeer->conf.local_addr_v4)); + memset(&curpeer->conf.local_addr_v6, 0, + sizeof(curpeer->conf.local_addr_v6)); } | MULTIHOP NUMBER { if ($2 < 2 || $2 > 255) { @@ -4176,11 +4195,17 @@ str2key(char *s, char *dest, size_t max_ int neighbor_consistent(struct peer *p) { - /* local-address and peer's address: same address family */ - if (p->conf.local_addr.aid && - p->conf.local_addr.aid != p->conf.remote_addr.aid) { - yyerror("local-address and neighbor address " - "must be of the same address family"); + struct bgpd_addr *local_addr; + + switch (p->conf.remote_addr.aid) { + case AID_INET: + local_addr = &p->conf.local_addr_v4; + break; + case AID_INET6: + local_addr = &p->conf.local_addr_v6; + break; + default: + yyerror("Bad address family for remote-addr"); return (-1); } @@ -4189,7 +4214,7 @@ neighbor_consistent(struct peer *p) p->conf.auth.method == AUTH_IPSEC_IKE_AH || p->conf.auth.method == AUTH_IPSEC_MANUAL_ESP || p->conf.auth.method == AUTH_IPSEC_MANUAL_AH) && - !p->conf.local_addr.aid) { + local_addr->aid == AID_UNSPEC) { yyerror("neighbors with any form of IPsec configured " "need local-address to be specified"); return (-1); Index: pfkey.c === RCS file: /cvs/src/usr.sbin/bgpd/pfkey.c,v retrieving revision 1.60 diff -u -p -r1.60 pfkey.c --- pfkey.c 1 Oct 2019 11:05:30 - 1.60 +++ pfkey.c 22 Apr 2020 16:08:33 -00