Re: bgpd local-address improvement

[Claudio Jeker]

On Thu, Apr 23, 2020 at 06:08:02PM +0100, Stuart Henderson wrote:
> We could use it in the sample config too. OK?

OK. Lets burn down the bad v4 vs v6 groups :)
 
> Index: bgpd.conf
> ===
> RCS file: /cvs/src/etc/examples/bgpd.conf,v
> retrieving revision 1.18
> diff -u -p -r1.18 bgpd.conf
> --- bgpd.conf 16 Feb 2020 20:02:21 -  1.18
> +++ bgpd.conf 23 Apr 2020 17:07:12 -
> @@ -51,18 +51,15 @@ prefix-set bogons {
>  network prefix-set mynetworks set large-community $ASN:1:1
>  
>  # assume simple network with 3 routers in IBGP full mesh
> -group "ibgp mesh v4" {
> +group "ibgp mesh" {
>   remote-as $ASN
> - # use loopback for IBGP sessions, assume its distributed in OSPF
> + # use loopback for IBGP sessions, assume it's distributed in OSPF
>   local-address 192.0.2.1
> - neighbor 192.0.2.2  # router 2 ipv4
> - neighbor 192.0.2.3  # router 3 ipv4
> -}
> -# define the IPv6 IBGP sessions
> -group "ibgp mesh v6" {
> - remote-as $ASN
>   local-address 2001:db8:abcd::1
> +
> + neighbor 192.0.2.2  # router 2 ipv4
>   neighbor 2001:db8:abcd::2   # router 2 ipv6
> + neighbor 192.0.2.3  # router 3 ipv4
>   neighbor 2001:db8:abcd::3   # router 3 ipv6
>  }
>  
> 

-- 
:wq Claudio

Re: bgpd local-address improvement

[Stuart Henderson]

We could use it in the sample config too. OK?

Index: bgpd.conf
===
RCS file: /cvs/src/etc/examples/bgpd.conf,v
retrieving revision 1.18
diff -u -p -r1.18 bgpd.conf
--- bgpd.conf   16 Feb 2020 20:02:21 -  1.18
+++ bgpd.conf   23 Apr 2020 17:07:12 -
@@ -51,18 +51,15 @@ prefix-set bogons {
 network prefix-set mynetworks set large-community $ASN:1:1
 
 # assume simple network with 3 routers in IBGP full mesh
-group "ibgp mesh v4" {
+group "ibgp mesh" {
remote-as $ASN
-   # use loopback for IBGP sessions, assume its distributed in OSPF
+   # use loopback for IBGP sessions, assume it's distributed in OSPF
local-address 192.0.2.1
-   neighbor 192.0.2.2  # router 2 ipv4
-   neighbor 192.0.2.3  # router 3 ipv4
-}
-# define the IPv6 IBGP sessions
-group "ibgp mesh v6" {
-   remote-as $ASN
local-address 2001:db8:abcd::1
+
+   neighbor 192.0.2.2  # router 2 ipv4
neighbor 2001:db8:abcd::2   # router 2 ipv6
+   neighbor 192.0.2.3  # router 3 ipv4
neighbor 2001:db8:abcd::3   # router 3 ipv6
 }
 

Re: bgpd local-address improvement

[Sebastian Benoit]

reads ok

Claudio Jeker(cje...@diehard.n-r-g.com) on 2020.04.23 10:04:15 +0200:
> local-address is one of those values that need to be set in some cases but
> is not very flexible to use. This diff tries to change this a bit.
> 
> It allows to set the local-address for both IPv4 and IPv6 at the same time
> and also allows to unset a previously set local-address. For example:
> 
> group IBGP {
> local-address 192.0.2.1
> local-address 2001:db8:abcd::1
> 
>   neighbor 192.0.2.2 { remote-as $AS }
>   neighbor 2001:db8:abcd::2 { remote-as $AS }
> 
>   # reset the local-address for whatever reason
>   neighbor 192.0.2.3 {
>   no local-address
>   remote-as $AS
>   }
> }
> 
> As usual setting a local-address on the neighbor will override the group
> config. I think for IBGP and multihop sessions this can simplify the
> config a fair bit. In my case this will collaps IPv4 and IPv6 specific
> groups back together since the only reason they are split is because of
> local-address.
> 
> What do other bgpd user think?
> -- 
> :wq Claudio
> 
> Index: bgpd.h
> ===
> RCS file: /cvs/src/usr.sbin/bgpd/bgpd.h,v
> retrieving revision 1.401
> diff -u -p -r1.401 bgpd.h
> --- bgpd.h14 Feb 2020 13:54:31 -  1.401
> +++ bgpd.h22 Apr 2020 15:50:46 -
> @@ -365,7 +365,8 @@ struct capabilities {
>  
>  struct peer_config {
>   struct bgpd_addr remote_addr;
> - struct bgpd_addr local_addr;
> + struct bgpd_addr local_addr_v4;
> + struct bgpd_addr local_addr_v6;
>   struct peer_auth auth;
>   struct capabilities  capabilities;
>   char group[PEER_DESCR_LEN];
> Index: parse.y
> ===
> RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
> retrieving revision 1.405
> diff -u -p -r1.405 parse.y
> --- parse.y   16 Mar 2020 14:47:30 -  1.405
> +++ parse.y   23 Apr 2020 07:51:25 -
> @@ -1260,8 +1260,27 @@ peeropts   : REMOTEAS as4number{
>   free($2);
>   }
>   | LOCALADDR address {
> - memcpy(>conf.local_addr, &$2,
> - sizeof(curpeer->conf.local_addr));
> + if ($2.aid == AID_INET)
> + memcpy(>conf.local_addr_v4, &$2,
> + sizeof(curpeer->conf.local_addr_v4));
> + else if ($2.aid == AID_INET6)
> + memcpy(>conf.local_addr_v6, &$2,
> + sizeof(curpeer->conf.local_addr_v6));
> + else {
> + yyerror("Unsupported address family %s for "
> + "local-addr", aid2str($2.aid));
> + YYERROR;
> + }
> + }
> + | yesno LOCALADDR   {
> + if ($1) {
> + yyerror("bad local-address definition");
> + YYERROR;
> + }
> + memset(>conf.local_addr_v4, 0,
> + sizeof(curpeer->conf.local_addr_v4));
> + memset(>conf.local_addr_v6, 0,
> + sizeof(curpeer->conf.local_addr_v6));
>   }
>   | MULTIHOP NUMBER   {
>   if ($2 < 2 || $2 > 255) {
> @@ -4176,11 +4195,17 @@ str2key(char *s, char *dest, size_t max_
>  int
>  neighbor_consistent(struct peer *p)
>  {
> - /* local-address and peer's address: same address family */
> - if (p->conf.local_addr.aid &&
> - p->conf.local_addr.aid != p->conf.remote_addr.aid) {
> - yyerror("local-address and neighbor address "
> - "must be of the same address family");
> + struct bgpd_addr *local_addr;
> +
> + switch (p->conf.remote_addr.aid) {
> + case AID_INET:
> + local_addr = >conf.local_addr_v4;
> + break;
> + case AID_INET6:
> + local_addr = >conf.local_addr_v6;
> + break;
> + default:
> + yyerror("Bad address family for remote-addr");
>   return (-1);
>   }
>  
> @@ -4189,7 +4214,7 @@ neighbor_consistent(struct peer *p)
>   p->conf.auth.method == AUTH_IPSEC_IKE_AH ||
>   p->conf.auth.method == AUTH_IPSEC_MANUAL_ESP ||
>   p->conf.auth.method == AUTH_IPSEC_MANUAL_AH) &&
> - !p->conf.local_addr.aid) {
> + local_addr->aid == AID_UNSPEC) {
>   yyerror("neighbors with any form of IPsec configured "
>   "need local-address to be specified");
>   return (-1);
> Index: pfkey.c
> ===
> RCS file: /cvs/src/usr.sbin/bgpd/pfkey.c,v
> retrieving