Lib.rs

网络编程
#bgp #peer #networking #routes #tcp-connection #peering #session

已删除 bgpd

BGP 对等连接工具

Mat Wood 编写

0.2.0 2021 年 10 月 4 日

#4#peering

MITGPL-3.0 许可证

175KB
4K SLoC

BGPd-rs

BGP 服务守护进程,使用 Rust 构建 Actions 状态

PCAP

功能

  • 监听传入的 BGP 会话
  • 指定的对等方可以是 IP 地址或网络+掩码
  • 主动与空闲对等方建立 TCP 连接
  • 将根据配置的轮询间隔尝试连接
  • 协商 OPEN 能力
  • 接收并响应保活(基于保持时间间隔)
  • 处理 UPDATE 消息,存储在 RIB 中
  • Peer 状态配置的重载(启用、被动等)
    • 会话中更新静态路由通告
  • CLI 接口,用于查看对等方状态、路由等
  • 向对等方通告路由(从 API 和/或 配置中指定)
  • API/CLI 接口用于与 BGPd 交互
  • 支持 Flowspec
  • 路由刷新
  • 邻居 MD5 认证
  • 路由策略用于过滤学习的 & 通告的路由

Peer 配置

Peer 及其配置以 TOML 格式定义;请参阅此处示例 此处

配置值详细信息

router_id = "1.1.1.1"         # Default Router ID for the service
default_as = 65000            # Used as the local-as if `local_as` is not defined for a peer
bgp_socket = "127.0.0.1:1179" # BGP address & port
api_socket = "0.0.0.0:8080"   # API address & port [Listen on all interfaces (IPv4 & IPv6)]

[[peers]]
remote_ip = "127.0.0.2"       # This can also be an IPv6 address, see next peer
# remote_ip = "10.0.0.0/24"   # Network+Mask will accept inbound connections from any source in the subnet
remote_as = 65000
passive = true                # If passive, bgpd won't attempt outbound connections
router_id = "127.0.0.1"       # Can override local Router ID for this peer
hold_timer = 90               # Set the hold timer for the peer, defaults to 180 seconds
families = [                  # Define the families this session should support
  "ipv4 unicast",
  "ipv6 unicast",
]
[[peers.static_routes]]       # Add static routes (advertised at session start)
  prefix = "9.9.9.0/24"
  next_hop = "127.0.0.1"
[[peers.static_routes]]
  prefix = "3001:100::/64"
  next_hop = "3001:1::1"
[[peers.static_flows]]        # Add static Flowspec rules too!
afi = 2
action = "traffic-rate 24000"
matches= [
    "source 3001:100::/56",
    "destination-port >8000 <=8080",
    "packet-length >100",
]
as_path = ["65000", "500"]
communities = ["101", "202", "65000:99"]


[[peers]]
remote_ip = "::2"
enabled = false               # Peer is essentially de-configured
remote_as = 100
local_as = 200
families = [
  "ipv6 unicast",
]

您可以通过发送 SIGHUP [例如 pkill -HUP bgpd$] 给 BGPd 进程来重新加载并更新 peer 配置。以下项目可以更新:

Peer

  • 添加 & 删除
  • 启用/禁用
  • 对空闲对等方的主动/被动轮询
  • *保持计时器
  • *支持的族
  • 只有在非活动会话中,因为这些是在 OPEN 中协商的

查看 BGPd 信息

BGPd 提供了一个 JSON RCP API,可以通过查询来查看操作信息,如邻居和路由

邻居上线时间 & 接收到的前缀

$ curl localhost:8080 -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"show_peers","params":null,"id":0}' | jq '.result[] | {peer: .peer, uptime: .uptime, prefixes_received: .prefixes_received}'
{
  "peer": "127.0.0.2",
  "uptime": "00:31:13",
  "prefixes_received": 4
}
{
  "peer": "127.0.0.3",
  "uptime": null,
  "prefixes_received": null
}
{
  "peer": "172.16.20.2",
  "uptime": "00:31:20",
  "prefixes_received": 2
}

学习到的路由(带有属性)

$ curl localhost:8080 -X POST -H "Content-Type: application/json" -d '{"jsonrpc":"2.0","method":"show_routes_learned","params": {"from_peer": "172.16.20.2"},"id":0}' | jq '.result[]'
{
  "afi": "IPv6",
  "age": "00:00:38",
  "as_path": "",
  "communities": [],
  "local_pref": 100,
  "multi_exit_disc": null,
  "next_hop": "::ffff:172.16.20.2",
  "origin": "IGP",
  "prefix": "3001:172:16:20::/64",
  "received_at": 1572898659,
  "safi": "Unicast",
  "source": "172.16.20.2"
}
{
  "afi": "IPv4",
  "age": "00:00:38",
  "as_path": "",
  "communities": [],
  "local_pref": 100,
  "multi_exit_disc": null,
  "next_hop": "172.16.20.2",
  "origin": "IGP",
  "prefix": "172.16.20.0/24",
  "received_at": 1572898659,
  "safi": "Unicast",
  "source": "172.16.20.2"
}

通过 BGPd API(并且可以宣布路由!)查看 peer & 路由信息的 bgpd CLI 也可以使用

开发

我目前使用 ExaBGP(Python)作为我的 BGP 对等方进行测试。

  • 这是一篇关于安装 & 开始使用 ExaBGP 的 入门文章

测试环境设置

对于ExaBGP,我在以下文件中(在examples/exabgp目录下)

conf_127.0.0.2.ini

neighbor 127.0.0.1 {
    router-id 2.2.2.2;
    local-address 127.0.0.2;          # Our local update-source
    local-as 65000;                    # Our local AS
    peer-as 65000;                    # Peer's AS

    announce {
        ipv4 {
            unicast 2.100.0.0/24 next-hop self med 500 extended-community [ target:65000:1.1.1.1 ];
            unicast 2.200.0.0/24 next-hop self as-path [ 100 200 ];
            unicast 2.10.0.0/24 next-hop self med 10 community [404 65000:10];
        }
    }
}

使用以下命令运行exabgp服务

$ env exabgp.tcp.port=1179 exabgp.tcp.bind="127.0.0.2" exabgp ./conf_127.0.0.2.ini --once

--once 仅尝试一次连接,会话结束时自动退出

然后按照以下方式运行 bgpd

使用IPv6

$ cargo run -- --address "::1" --port 1179 ./examples/config.toml -vv

或IPv4(默认为127.0.0.1)

$ cargo run -- --port 1179 ./examples/config.toml -vv

你可能注意到我在测试时使用TCP端口1179,如果你想要/需要与不能更改端口的对等方进行测试(咳嗽Cisco咳嗽),你需要以sudo权限运行bgpd

$ cargo build --release
$ sudo ./targets/release/bgpd ./examples/config.toml -vv

感谢

依赖项

~28–42MB
~756K SLoC