paul at jakma
Jun 2, 2009, 10:07 AM
Post #2 of 4
(2993 views)
Permalink
|
Neat.
Is this the most recent version of the patch?
--paulj
On Tue, 11 Nov 2008, Nick Hilliard wrote:
> Hello,
>
> I've attached a patch set to implement RFC 5082 GTSM for quagga. This
> depends on the IP_MINTTL socket option which was implemented by Andre
> Oppermann:
>
> http://lists.quagga.net/pipermail/quagga-dev/2005-August/003607.html
>
> Implementation
> ==============
>
> The code is implemented using the "neighbor XXX ttl-security hops YYY"
> command in the BGP router context. The configuration is fully compatible
> with the equivalent Cisco IOS commands. Normally, YYY will be set to be the
> number of hops between the two bgp neighbors. The process works as follows:
>
> - all outgoing packets are set up with TTL of "MAXTTL + 1 - gtsm_hops"
> - all incoming packets are checked to ensure that the TTL falls within the
> hop limit specified in the configuration
>
> Internally, this is implemented by silently using the ebgp-multihop command
> when ttl-security hops is configured on a neighbor, and by configuring the
> master BGP listening socket to have a TTL of 255.
>
> The code prohibits ebgp-multihop and ttl-security from being configured
> together.
>
> I've fixed a very minor bug in peer_ebgp_multihop_set_vty() and
> peer_ebgp_multihop_unset_vty(). These commands should not return CMD_SUCCESS
> by default.
>
> If "ttl-security hops" is configured on an operating system which does not
> support the IP_MINTTL socket option, or if ttl security is enabled on an IPv6
> socket, then a warning will be logged on the system log. However, bgpd will
> accept the configuration.
>
> ttl-security hops is fully peer-group aware (including checking for conflicts
> with ebgp-multihop).
>
> Usage
> =====
>
> Usage is described in the cisco documentation:
>
> http://www.cisco.com/en/US/docs/ios/12_3t/12_3t7/feature/guide/gt_btsh.html
>
> Under normal circumstances the ttl-security hops parameter should be set to
> the exact number of hops between the two BGP peers. So, for directly
> connected peers, this will be "ttl-security hops 1".
>
> Cisco have also implemented GTSM for OSPF. I haven't attempted that with
> this patch, and don't have any plans to do so in future.
>
> Caveats
> =======
>
> - Right now, this socket option is supported in FreeBSD >= 5.x, OpenBSD
>> =4.1 and DragonflyBSD >= 2.0.0. There is a minor bug in all these
> implementations which is addressed here:
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=128790
>
> - as there is no equivalent IP6_MINTTL socket option, this only works for
> IPv4 sockets.
>
> Enjoy,
>
> Nick
>
--
Paul Jakma paul [at] clubi paul [at] jakma Key ID: 64A2FF6A
Fortune:
Hard reality has a way of cramping your style.
-- Daniel Dennett
_______________________________________________
Quagga-dev mailing list
Quagga-dev [at] lists
http://lists.quagga.net/mailman/listinfo/quagga-dev
|
quagga-bgpd-gtsm-0-99-11.diffs
