Login | Register For Free | Help	Search this list this category for: (Advanced)

Mailing List Archive: Quagga: Dev RFC 5082 GTSM for quagga bgpd   Index | Next | Previous | View Flat

nick at inex Nov 11, 2008, 8:10 AM Views: 4141 Permalink RFC 5082 GTSM for quagga bgpd Hello, I've attached a patch set to implement RFC 5082 GTSM for quagga. This depends on the IP_MINTTL socket option which was implemented by Andre Oppermann: http://lists.quagga.net/pipermail/quagga-dev/2005-August/003607.html Implementation ============== The code is implemented using the "neighbor XXX ttl-security hops YYY" command in the BGP router context. The configuration is fully compatible with the equivalent Cisco IOS commands. Normally, YYY will be set to be the number of hops between the two bgp neighbors. The process works as follows: - all outgoing packets are set up with TTL of "MAXTTL + 1 - gtsm_hops" - all incoming packets are checked to ensure that the TTL falls within the hop limit specified in the configuration Internally, this is implemented by silently using the ebgp-multihop command when ttl-security hops is configured on a neighbor, and by configuring the master BGP listening socket to have a TTL of 255. The code prohibits ebgp-multihop and ttl-security from being configured together. I've fixed a very minor bug in peer_ebgp_multihop_set_vty() and peer_ebgp_multihop_unset_vty(). These commands should not return CMD_SUCCESS by default. If "ttl-security hops" is configured on an operating system which does not support the IP_MINTTL socket option, or if ttl security is enabled on an IPv6 socket, then a warning will be logged on the system log. However, bgpd will accept the configuration. ttl-security hops is fully peer-group aware (including checking for conflicts with ebgp-multihop). Usage ===== Usage is described in the cisco documentation: http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_btsh.html Under normal circumstances the ttl-security hops parameter should be set to the exact number of hops between the two BGP peers. So, for directly connected peers, this will be "ttl-security hops 1". Cisco have also implemented GTSM for OSPF. I haven't attempted that with this patch, and don't have any plans to do so in future. Caveats ======= - Right now, this socket option is supported in FreeBSD >= 5.x, OpenBSD >=4.1 and DragonflyBSD >= 2.0.0. There is a minor bug in all these implementations which is addressed here: http://www.freebsd.org/cgi/query-pr.cgi?pr=128790 - as there is no equivalent IP6_MINTTL socket option, this only works for IPv4 sockets. Enjoy, Nick Attachments: quagga-bgpd-gtsm-0-99-11.diffs (13.6 KB)

Subject User Time RFC 5082 GTSM for quagga bgpd nick at inex Nov 11, 2008, 8:10 AM     Re: RFC 5082 GTSM for quagga bgpd paul at jakma Jun 2, 2009, 10:07 AM     Re: RFC 5082 GTSM for quagga bgpd nick at inex Jun 2, 2009, 10:10 AM         Re: RFC 5082 GTSM for quagga bgpd shemminger at vyatta Jan 12, 2010, 4:33 PM

Index | Next | Previous | View Flat   Quagga     Users     Dev     Bugs     Znog

Interested in having your list archived? Contact Gossamer Threads
 

Web Applications & Managed Hosting Powered by Gossamer Threads Inc.