Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BGP flowspec IPv6 redirect #1004

Closed
rzalamena opened this issue Nov 9, 2020 · 2 comments
Closed

BGP flowspec IPv6 redirect #1004

rzalamena opened this issue Nov 9, 2020 · 2 comments
Assignees
@thomas-mangin
Labels
bug need-backport

Comments

@rzalamena
Copy link
Contributor

Bug Report

Describe the bug

ExaBGP 3.4.17 works with the following configuration file:

neighbor 10.0.1.1 {
router-id 10.0.1.101;
local-address 10.0.1.101;
local-as 100;
peer-as 100;
flow {
route {
match {
source 1.1.1.2/32;
destination 3.3.3.3/32;
packet-length <200;
}
then {
redirect 50.0.0.2;
rate-limit 55;
}
}
#end route 1
route {
match {
source 1::2/128/0;
destination 3::3/128/0;
packet-length <200;
}
then {
redirect 50::2;
rate-limit 55;
}
}
#end route 2
}
}

(
A bit more of context:

origin: https://github.com/FRRouting/frr/blob/master/tests/topotests/bgp_flowspec/peer1/exabgp.cfg

This is part of the FRR test framework and I'm working on migrating from ExaBGP 3.4 to 4.x.
)

However ExaBGP 4.x has problem parsing that line. I've managed to get it running with the following patch:

--- /usr/local/lib/python3.8/dist-packages/exabgp/configuration/flow/parser.py  2020-11-09 13:23:47.452170848 +0000
+++ /home/rzalamena/exabgp-fixed/configuration/flow/parser.py   2020-11-09 13:20:24.863148297 +0000
@@ -299,8 +299,17 @@
         return NoNextHop, ExtendedCommunities().add(TrafficRedirect(asn, route_target))
     else:
         elements = data.split(':')
-        ip = ':'.join(elements[:-1])
-        asn = int(elements[-1])
+        if count == 2:
+            ip = data
+            return IP.create(ip), ExtendedCommunities().add(TrafficNextHopSimpson(False))
+        else:
+            ip = ':'.join(elements[:-1])
+            asn = int(elements[-1])
+            return IP.create(ip), ExtendedCommunities().add(TrafficRedirectIPv6(ip, asn))

The patch makes FRR's configuration test work, but it is not correct because it assumes IPv6 addresses will only have two ::. I think the more correct fix is to enclose the IPv6 address with something (e.g. [1:2:3:4]:5000) so there is no confusion when using plain IPv6 or when using redirect with ASN/community.

(don't forget to use that patch with these PRs to get it working: #1002 and #1003)

Please let me know what should be the solution here (if there is any). I'm no expert in this so that is why I'm opening this issue.

To Reproduce

Just run exabgp --validate on the configuration above.

Expected behavior

It should work like in ExaBGP 3.4.17.

Environment

  • OS: Ubuntu 20.04
  • Version: any ExaBGP 4.x
@rzalamena rzalamena added the bug label Nov 9, 2020
@thomas-mangin
Copy link
Member

Yes, I see the point. I will need to patch this on master and the 4.2 branch.

This was referenced Nov 9, 2020
Merged
Closed
thomas-mangin added a commit that referenced this issue Mar 20, 2021
@thomas-mangin
adaptation of the patch provided with #1004
135d4b6
thomas-mangin added a commit that referenced this issue Mar 20, 2021
@thomas-mangin
backport #1004
5bbba84
@thomas-mangin
Copy link
Member

Thank you - sorry for the time it took me to do this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@thomas-mangin thomas-mangin

Labels
bug need-backport
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rzalamena @thomas-mangin