Merge pull request #6071 from ton31337/feature/rfc6286

bgpd: Add support for Autonomous-System-Wide Unique BGP Identifier

bgpd/bgp_packet.c

@@ -974,14 +974,21 @@ static int bgp_collision_detect(struct peer *new, struct in_addr remote_id)
 			return -1;
 		} else if ((peer->status == OpenConfirm)
 			   || (peer->status == OpenSent)) {
-			/* 1. The BGP Identifier of the local system is compared
+			/* 1. The BGP Identifier of the local system is
-			   to
+			 * compared to the BGP Identifier of the remote
-			   the BGP Identifier of the remote system (as specified
+			 * system (as specified in the OPEN message).
-			   in
+			 *
-			   the OPEN message). */
+			 * If the BGP Identifiers of the peers
-
+			 * involved in the connection collision
+			 * are identical, then the connection
+			 * initiated by the BGP speaker with the
+			 * larger AS number is preserved.
+			 */
 			if (ntohl(peer->local_id.s_addr)
-			    < ntohl(remote_id.s_addr))
+				    < ntohl(remote_id.s_addr)
+			    || (ntohl(peer->local_id.s_addr)
+					       == ntohl(remote_id.s_addr)
+				       && peer->local_as < peer->as))
 				if (!CHECK_FLAG(peer->sflags,
 						PEER_STATUS_ACCEPT_PEER)) {
 					/* 2. If the value of the local BGP
@@ -1005,10 +1012,13 @@ static int bgp_collision_detect(struct peer *new, struct in_addr remote_id)
 					return -1;
 				}
 			else {
-				if (ntohl(peer->local_id.s_addr) ==
+				if (ntohl(peer->local_id.s_addr)
-				    ntohl(remote_id.s_addr))
+					    == ntohl(remote_id.s_addr)
-					flog_err(EC_BGP_ROUTER_ID_SAME, "Peer's router-id %s is the same as ours",
+				    && peer->local_as == peer->as)
-						 inet_ntoa(remote_id));
+					flog_err(
+						EC_BGP_ROUTER_ID_SAME,
+						"Peer's router-id %s is the same as ours",
+						inet_ntoa(remote_id));
 
 				/* 3. Otherwise, the local system closes newly
 				   created
@@ -1197,10 +1207,17 @@ static int bgp_open_receive(struct peer *peer, bgp_size_t size)
 		}
 	}
 
-	/* remote router-id check. */
+	/* rfc6286:
+	 * If the BGP Identifier field of the OPEN message
+	 * is zero, or if it is the same as the BGP Identifier
+	 * of the local BGP speaker and the message is from an
+	 * internal peer, then the Error Subcode is set to
+	 * "Bad BGP Identifier".
+	 */
 	if (remote_id.s_addr == INADDR_ANY
 	    || IPV4_CLASS_DE(ntohl(remote_id.s_addr))
-	    || ntohl(peer->local_id.s_addr) == ntohl(remote_id.s_addr)) {
+	    || (peer->sort == BGP_PEER_IBGP
+		&& ntohl(peer->local_id.s_addr) == ntohl(remote_id.s_addr))) {
 		if (bgp_debug_neighbor_events(peer))
 			zlog_debug("%s bad OPEN, wrong router identifier %s",
 				   peer->host, inet_ntoa(remote_id));

doc/user/overview.rst

@@ -300,6 +300,8 @@ BGP
   :t:`The Generalized TTL Security Mechanism (GTSM). V. Gill, J. Heasley, D. Meyer, P. Savola, C. Pingnataro. October 2007.`
 - :rfc:`5575`
   :t:`Dissemination of Flow Specification Rules. P. Marques, N. Sheth, R. Raszuk, B. Greene, J. Mauch, D. McPherson. August 2009`
+- :rfc:`6286`
+  :t:`Autonomous-System-Wide Unique BGP Identifier for BGP-4. E. Chen, J. Yuan, June 2011.`
 - :rfc:`6608`
   :t:`Subcodes for BGP Finite State Machine Error. J. Dong, M. Chen, Huawei Technologies, A. Suryanarayana, Cisco Systems. May 2012.`
 - :rfc:`6810`

tests/topotests/bgp_as_wide_bgp_identifier/r1/bgpd.conf

@@ -0,0 +1,5 @@
+! exit1
+router bgp 65001
+  bgp router-id 10.10.10.10
+  neighbor 192.168.255.1 remote-as 65002
+!

tests/topotests/bgp_as_wide_bgp_identifier/r1/zebra.conf

@@ -0,0 +1,6 @@
+! exit1
+interface r1-eth0
+ ip address 192.168.255.2/24
+!
+ip forwarding
+!

tests/topotests/bgp_as_wide_bgp_identifier/r2/bgpd.conf

@@ -0,0 +1,6 @@
+! spine
+router bgp 65002
+  bgp router-id 10.10.10.10
+  neighbor 192.168.255.2 remote-as 65001
+  neighbor 192.168.255.3 remote-as 65002
+!

tests/topotests/bgp_as_wide_bgp_identifier/r2/zebra.conf

@@ -0,0 +1,6 @@
+! spine
+interface r2-eth0
+ ip address 192.168.255.1/24
+!
+ip forwarding
+!

tests/topotests/bgp_as_wide_bgp_identifier/r3/bgpd.conf

@@ -0,0 +1,5 @@
+! exit2
+router bgp 65002
+  bgp router-id 10.10.10.10
+  neighbor 192.168.255.1 remote-as 65002
+!

tests/topotests/bgp_as_wide_bgp_identifier/r3/zebra.conf

@@ -0,0 +1,6 @@
+! exit2
+interface r3-eth0
+ ip address 192.168.255.3/24
+!
+ip forwarding
+!

tests/topotests/bgp_as_wide_bgp_identifier/test_bgp_as_wide_bgp_identifier.py

@@ -0,0 +1,118 @@
+#!/usr/bin/env python
+
+#
+# test_bgp_as_wide_bgp_identifier.py
+# Part of NetDEF Topology Tests
+#
+# Copyright (c) 2020 by
+# Donatas Abraitis <donatas.abraitis@gmail.com>
+#
+# Permission to use, copy, modify, and/or distribute this software
+# for any purpose with or without fee is hereby granted, provided
+# that the above copyright notice and this permission notice appear
+# in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND NETDEF DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NETDEF BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
+# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+# WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
+# OF THIS SOFTWARE.
+#
+
+"""
+rfc6286: Autonomous-System-Wide Unique BGP Identifier for BGP-4
+Test if 'Bad BGP Identifier' notification is sent only to
+internal peers (autonomous-system-wide). eBGP peers are not
+affected and should work.
+"""
+
+import os
+import sys
+import json
+import time
+import pytest
+import functools
+
+CWD = os.path.dirname(os.path.realpath(__file__))
+sys.path.append(os.path.join(CWD, '../'))
+
+# pylint: disable=C0413
+from lib import topotest
+from lib.topogen import Topogen, TopoRouter, get_topogen
+from lib.topolog import logger
+from mininet.topo import Topo
+
+class TemplateTopo(Topo):
+    def build(self, *_args, **_opts):
+        tgen = get_topogen(self)
+
+        for routern in range(1, 4):
+            tgen.add_router('r{}'.format(routern))
+
+        switch = tgen.add_switch('s1')
+        switch.add_link(tgen.gears['r1'])
+        switch.add_link(tgen.gears['r2'])
+        switch.add_link(tgen.gears['r3'])
+
+def setup_module(mod):
+    tgen = Topogen(TemplateTopo, mod.__name__)
+    tgen.start_topology()
+
+    router_list = tgen.routers()
+
+    for i, (rname, router) in enumerate(router_list.iteritems(), 1):
+        router.load_config(
+            TopoRouter.RD_ZEBRA,
+            os.path.join(CWD, '{}/zebra.conf'.format(rname))
+        )
+        router.load_config(
+            TopoRouter.RD_BGP,
+            os.path.join(CWD, '{}/bgpd.conf'.format(rname))
+        )
+
+    tgen.start_router()
+
+def teardown_module(mod):
+    tgen = get_topogen()
+    tgen.stop_topology()
+
+def test_bgp_as_wide_bgp_identifier():
+    tgen = get_topogen()
+
+    if tgen.routers_have_failure():
+        pytest.skip(tgen.errors)
+
+    def _bgp_converge(router):
+        output = json.loads(router.vtysh_cmd("show ip bgp neighbor 192.168.255.1 json"))
+        expected = {
+            '192.168.255.1': {
+                'bgpState': 'Established'
+            }
+        }
+        return topotest.json_cmp(output, expected)
+
+    def _bgp_failed(router):
+        output = json.loads(router.vtysh_cmd("show ip bgp neighbor 192.168.255.1 json"))
+        expected = {
+            '192.168.255.1': {
+                'lastNotificationReason': 'OPEN Message Error/Bad BGP Identifier'
+            }
+        }
+        return topotest.json_cmp(output, expected)
+
+    test_func = functools.partial(_bgp_converge, tgen.gears['r1'])
+    success, result = topotest.run_and_expect(test_func, None, count=60, wait=0.5)
+
+    assert result is None, 'Failed to converge: "{}"'.format(tgen.gears['r1'])
+
+    test_func = functools.partial(_bgp_failed, tgen.gears['r3'])
+    success, result = topotest.run_and_expect(test_func, None, count=60, wait=0.5)
+
+    assert result is None, 'Bad BGP Identifier notification not sent: "{}"'.format(tgen.gears['r3'])
+
+if __name__ == '__main__':
+    args = ["-s"] + sys.argv[1:]
+    sys.exit(pytest.main(args))