On Mon, Oct 16, 2023 at 09:23:12AM +0200, Claudio Jeker wrote:
> This diff fixes a few more things when establishing connections with
> link-local IPv6 addresses. In get_alternate_addr() the interface scope
> of the connection is recovered and then passed to the RDE. The RDE can
> then use this scope id to insert link-local addresses with the correct
> scope.
>
> I built a regress test for this which passes with this diff.
> Now probably more is needed because IPv6 link-local addresses are a gift
> that keep on giving. One thing to implement on top of this is template
> matching for link local -- which allows to auto-configure sessions more
> easily. This will probably follow soon.
>
Here is the regress test I made.
--
:wq Claudio
Index: Makefile
===================================================================
RCS file: /cvs/src/regress/usr.sbin/bgpd/integrationtests/Makefile,v
retrieving revision 1.22
diff -u -p -r1.22 Makefile
--- Makefile 12 Oct 2023 09:18:56 -0000 1.22
+++ Makefile 13 Oct 2023 07:43:57 -0000
@@ -1,8 +1,9 @@
# $OpenBSD: Makefile,v 1.22 2023/10/12 09:18:56 claudio Exp $
-REGRESS_TARGETS = network_statement md5 ovs mrt pftable \
- maxprefix maxprefixout maxcomm \
- as0 med eval_all policy l3vpn attr ixp
+REGRESS_TARGETS = network_statement md5 ovs policy pftable \
+ mrt maxprefix maxprefixout maxcomm l3vpn \
+ ixp lladdr \
+ as0 med eval_all attr
BGPD ?= /usr/sbin/bgpd
@@ -42,6 +43,9 @@ l3vpn:
${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12 13
14
ixp:
+ ${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12
+
+lladdr:
${SUDO} ksh ${.CURDIR}/$@.sh ${BGPD} ${.CURDIR} 11 12 pair11 pair12
.if ! exists(/usr/local/bin/exabgp)
Index: bgpd.lladdr.rdomain1.conf
===================================================================
RCS file: bgpd.lladdr.rdomain1.conf
diff -N bgpd.lladdr.rdomain1.conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ bgpd.lladdr.rdomain1.conf 16 Oct 2023 07:07:08 -0000
@@ -0,0 +1,23 @@
+AS 4200000001
+router-id 42.0.0.1
+fib-update yes
+
+network 2001:db8:1::/48 set community 0:1
+network 2001:db8:11::/48 set community 0:11
+
+neighbor fe80::c0fe:2%pair11 {
+ descr "RDOMAIN2"
+ remote-as 4200000002
+ local-address fe80::c0fe:1%pair11
+}
+neighbor fe80::beef:2%gif11 {
+ descr "RDOMAIN2_2"
+ remote-as 4200000002
+ local-address fe80::beef:1%gif11
+}
+
+
+allow from any
+deny to any
+allow to fe80::c0fe:2%pair11 community 0:1
+allow to fe80::beef:2%gif11 community 0:11
Index: bgpd.lladdr.rdomain2.conf
===================================================================
RCS file: bgpd.lladdr.rdomain2.conf
diff -N bgpd.lladdr.rdomain2.conf
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ bgpd.lladdr.rdomain2.conf 16 Oct 2023 07:07:24 -0000
@@ -0,0 +1,23 @@
+AS 4200000002
+router-id 42.0.0.2
+fib-update yes
+
+network 2001:db8:2::/48 set community 0:1
+network 2001:db8:12::/48 set community 0:11
+
+neighbor fe80::c0fe:1%pair12 {
+ descr "RDOMAIN1"
+ remote-as 4200000001
+ local-address fe80::c0fe:2%pair12
+}
+
+neighbor fe80::beef:1%gif12 {
+ descr "RDOMAIN1_2"
+ remote-as 4200000001
+ local-address fe80::beef:2%gif12
+}
+
+allow from any
+deny to any
+allow to fe80::c0fe:1%pair12 community 0:1
+allow to fe80::beef:1%gif12 community 0:11
Index: lladdr.rdomain1.ok
===================================================================
RCS file: lladdr.rdomain1.ok
diff -N lladdr.rdomain1.ok
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lladdr.rdomain1.ok 16 Oct 2023 07:09:31 -0000
@@ -0,0 +1,36 @@
+flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
+ S = Stale, E = Error
+origin validation state: N = not-found, V = valid, ! = invalid
+aspa validation state: ? = unknown, V = valid, ! = invalid
+origin: i = IGP, e = EGP, ? = Incomplete
+
+flags vs destination gateway lpref med aspath origin
+AI*> N-? 2001:db8:1::/48 :: 100 0 i
+*> N-? 2001:db8:2::/48 fe80::c0fe:2%pair11 100 0 4200000002 i
+AI*> N-? 2001:db8:11::/48 :: 100 0 i
+*> N-? 2001:db8:12::/48 fe80::beef:2%gif11 100 0 4200000002 i
+flags: B = BGP, C = Connected, S = Static
+ N = BGP Nexthop reachable via this route
+ r = reject route, b = blackhole route
+
+flags prio destination gateway
+B 48 2001:db8:2::/48 fe80::c0fe:2%pair11
+B 48 2001:db8:12::/48 fe80::beef:2%gif11
+ route to: 2001:db8:2::
+destination: 2001:db8:2::
+ mask: ffff:ffff:ffff::
+ gateway: fe80::c0fe:2%pair11
+ interface: pair11
+ priority: 48 (bgp)
+ flags: <UP,GATEWAY,DONE>
+ use mtu expire
+ 0 0 0
+ route to: 2001:db8:12::
+destination: 2001:db8:12::
+ mask: ffff:ffff:ffff::
+ gateway: fe80::beef:2%gif11
+ interface: gif11
+ priority: 48 (bgp)
+ flags: <UP,GATEWAY,DONE>
+ use mtu expire
+ 0 0 0
Index: lladdr.rdomain2.ok
===================================================================
RCS file: lladdr.rdomain2.ok
diff -N lladdr.rdomain2.ok
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lladdr.rdomain2.ok 16 Oct 2023 07:10:31 -0000
@@ -0,0 +1,36 @@
+flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
+ S = Stale, E = Error
+origin validation state: N = not-found, V = valid, ! = invalid
+aspa validation state: ? = unknown, V = valid, ! = invalid
+origin: i = IGP, e = EGP, ? = Incomplete
+
+flags vs destination gateway lpref med aspath origin
+*> N-? 2001:db8:1::/48 fe80::c0fe:1%pair12 100 0 4200000001 i
+AI*> N-? 2001:db8:2::/48 :: 100 0 i
+*> N-? 2001:db8:11::/48 fe80::beef:1%gif12 100 0 4200000001 i
+AI*> N-? 2001:db8:12::/48 :: 100 0 i
+flags: B = BGP, C = Connected, S = Static
+ N = BGP Nexthop reachable via this route
+ r = reject route, b = blackhole route
+
+flags prio destination gateway
+B 48 2001:db8:1::/48 fe80::c0fe:1%pair12
+B 48 2001:db8:11::/48 fe80::beef:1%gif12
+ route to: 2001:db8:1::
+destination: 2001:db8:1::
+ mask: ffff:ffff:ffff::
+ gateway: fe80::c0fe:1%pair12
+ interface: pair12
+ priority: 48 (bgp)
+ flags: <UP,GATEWAY,DONE>
+ use mtu expire
+ 0 0 0
+ route to: 2001:db8:11::
+destination: 2001:db8:11::
+ mask: ffff:ffff:ffff::
+ gateway: fe80::beef:1%gif12
+ interface: gif12
+ priority: 48 (bgp)
+ flags: <UP,GATEWAY,DONE>
+ use mtu expire
+ 0 0 0
Index: lladdr.sh
===================================================================
RCS file: lladdr.sh
diff -N lladdr.sh
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ lladdr.sh 16 Oct 2023 07:09:27 -0000
@@ -0,0 +1,109 @@
+#!/bin/ksh
+# $OpenBSD: l3vpn.sh,v 1.4 2023/02/15 14:19:08 claudio Exp $
+
+set -e
+
+BGPD=$1
+BGPDCONFIGDIR=$2
+RDOMAIN1=$3
+RDOMAIN2=$4
+PAIR1=$5
+PAIR2=$6
+GIF1=gif${RDOMAIN1}
+GIF2=gif${RDOMAIN2}
+
+RDOMAINS="${RDOMAIN1} ${RDOMAIN2}"
+IFACES="${PAIR1} ${PAIR2} ${GIF1} ${GIF2}"
+PAIR1IP6=fe80::c0fe:1
+PAIR2IP6=fe80::c0fe:2
+GIF1IP6=fe80::beef:1
+GIF2IP6=fe80::beef:2
+
+error_notify() {
+ set -x
+ echo cleanup
+ pfctl -q -t bgpd_integ_test -T kill
+ pkill -T ${RDOMAIN1} bgpd || true
+ pkill -T ${RDOMAIN2} bgpd || true
+ sleep 1
+ ifconfig ${GIF1} destroy || true
+ ifconfig ${GIF2} destroy || true
+ ifconfig ${PAIR1} destroy || true
+ ifconfig ${PAIR2} destroy || true
+ route -qn -T ${RDOMAIN1} flush || true
+ route -qn -T ${RDOMAIN2} flush || true
+ ifconfig lo${RDOMAIN1} destroy || true
+ ifconfig lo${RDOMAIN2} destroy || true
+ if [ $1 -ne 0 ]; then
+ echo FAILED
+ exit 1
+ else
+ echo SUCCESS
+ fi
+}
+
+if [ "$(id -u)" -ne 0 ]; then
+ echo need root privileges >&2
+ exit 1
+fi
+
+trap 'error_notify $?' EXIT
+
+echo check if rdomains are busy
+for n in ${RDOMAINS}; do
+ if /sbin/ifconfig | grep -v "^lo${n}:" | grep " rdomain ${n} "; then
+ echo routing domain ${n} is already used >&2
+ exit 1
+ fi
+done
+
+echo check if interfaces are busy
+for n in ${IFACES}; do
+ /sbin/ifconfig "${n}" >/dev/null 2>&1 && \
+ ( echo interface ${n} is already used >&2; exit 1 )
+done
+
+set -x
+
+echo setup
+ifconfig ${PAIR1} rdomain ${RDOMAIN1} up
+ifconfig ${PAIR2} rdomain ${RDOMAIN2} up
+ifconfig ${PAIR1} inet6 ${PAIR1IP6}/64
+ifconfig ${PAIR2} inet6 ${PAIR2IP6}/64
+ifconfig ${PAIR1} patch ${PAIR2}
+ifconfig ${GIF1} rdomain ${RDOMAIN1} tunneldomain ${RDOMAIN1}
+ifconfig ${GIF2} rdomain ${RDOMAIN2} tunneldomain ${RDOMAIN2}
+ifconfig ${GIF1} tunnel ${PAIR1IP6}%${PAIR1} ${PAIR2IP6}%${PAIR1}
+ifconfig ${GIF2} tunnel ${PAIR2IP6}%${PAIR2} ${PAIR1IP6}%${PAIR2}
+ifconfig ${GIF1} inet6 ${GIF1IP6}/128 ${GIF2IP6}
+ifconfig ${GIF2} inet6 ${GIF2IP6}/128 ${GIF1IP6}
+
+echo run bgpds
+route -T ${RDOMAIN1} exec ${BGPD} \
+ -v -f ${BGPDCONFIGDIR}/bgpd.lladdr.rdomain1.conf
+route -T ${RDOMAIN2} exec ${BGPD} \
+ -v -f ${BGPDCONFIGDIR}/bgpd.lladdr.rdomain2.conf
+
+sleep 1
+
+route -T11 exec bgpctl nei RDOMAIN2 up
+route -T11 exec bgpctl nei RDOMAIN2_2 up
+
+sleep 2
+
+route -T11 exec bgpctl show rib | tee lladdr.rdomain1.out
+route -T11 exec bgpctl show fib | grep -v 'link#' | tee -a lladdr.rdomain1.out
+route -T11 get 2001:db8:2::/48 | grep -v "if address" | tee -a
lladdr.rdomain1.out
+route -T11 get 2001:db8:12::/48 | grep -v "if address" | tee -a
lladdr.rdomain1.out
+
+route -T12 exec bgpctl show rib | tee lladdr.rdomain2.out
+route -T12 exec bgpctl show fib | grep -v 'link#' | tee -a lladdr.rdomain2.out
+route -T12 get 2001:db8:1::/48 | grep -v "if address" | tee -a
lladdr.rdomain2.out
+route -T12 get 2001:db8:11::/48 | grep -v "if address" | tee -a
lladdr.rdomain2.out
+
+sleep .2
+diff -u ${BGPDCONFIGDIR}/lladdr.rdomain1.ok lladdr.rdomain1.out
+diff -u ${BGPDCONFIGDIR}/lladdr.rdomain2.ok lladdr.rdomain2.out
+echo OK
+
+exit 0
