| Age | Commit message (Collapse) | Author |
|---|
|
the session engine to actually stop logging.
Found the hard way by benno@.
with & ok benno@
input & ok claudio@
|
|
- on config reload also adjust the cloned neighbors so that they get the
config changes as well.
- clean up sessions that are 1h idle but in state active (instead of down)
- add bits to allow bgpctl to destroy cloned neighbors
Tested by sthen@ some time ago, OK phessler@
|
|
This implements only the "Restarting Client" bits of the RFC -- in other
words bgpd will keep the FIB when the client restarts but it will not do GR
when restarting itself. The capability is still off by default (you need
"announce restart yes" to enable it).
Tested by Anders Berggren. OK sthen@
|
|
OK henning@ sthen@
|
|
mrt.h. Now mrt.h includes only protocol specific defines.
|
|
time to consume broadcasted messages or the socket gets full and own
messages that are needed are lost. This fixes an infinit loop in
pfkey_reply that happens when bgpd tcp md5sum is used on a system that
also runs a larger IPsec setup.
OK henning, lot of patience, debuging and testing by Thomas Boernert
|
|
help to figure out the cause of flapping session faster.
OK henning@ sthen@
|
|
should help identifying FSM errors since the state is know known.
OK henning@ sthen@
|
|
in bgpd.conf. This allows to add/modify restricted control sockets on runtime.
Feature request by a few people how often forgot to add -r path when restarting
bgpd (including myself).
NOTE: this removes the -s and -r arguments from bgpd so pay attention when
updateing.
jajaja sthen@, OK henning@
|
|
ibuf, buf_read to ibuf_read, READ_BUF_SIZE to IBUF_READ_SIZE.
ok henning gilles claudio jacekm deraadt
|
|
This adds a bit of new config to specify the mapping between an rdomain and
the BGP MPLS VPN instance, example:
rdomain 1 {
descr "CUSTOMER1"
rd 65003:1
import-target rt 65003:3
export-target rt 65003:1
depend on mpe0
network 192.168.224/24
}
The "depend on mpe0" is a but ugly but for now this is the quickest way to
figure out which interface bgp should use to insert the MPLS routes.
A big side-effect of this diff is that networks are now internally
distributed through kroute.c.
This needs some kernel changes that will follow hopefully soon.
OK henning@
|
|
those for alternate RIBs. This allows to use "rde rib TESTIT rtable 1".
NOTE: nexthop verification has changed for alternate tables. For now
nexthop will only be verified against the main routing table (id 0).
Because of this "nexthop qualify via bgp" may now compare the nexthops
against bgpd routes from a different RIB.
Tested by sthen@, OK to move on by henning@
|
|
a config reload as first step in bootup. This allows childs to start with
an empty config and a lot of special cleanup code can bite the dust.
Testing by myself and sthen@ with a few configs (more testing welcome).
Seems like a good idea henning@ & sthen@
|
|
flags. This makes a lot of code much easier since the comparison is now
trivial. Additionally calculate the negotiated capabilities for a session
in the SE and pass that and only that to the RDE. This makes the decisions
in the RDE a lot easier. OK henning@
|
|
The other side should now see why a session was dropped. e.g:
bgpd: ... received notification: Cease, administratively down
OK henning
|
|
|
|
Still a bit hackish, reload is missing and printconf as well. Looks good h@
|
|
a while, we can now just use a timer (since i rewrote the timer code)
|
|
|
|
timer, just get the first off the queue and check wether it is due
|
|
so that the timer that will expire first is always the first element,
and so on). will make the checking a bit faster and moreelegant and more
conveniant. ok claudio
|
|
next timer expires.
use that in the session engine's mainloop, which simplifies it and
removes the last bits of timer internals knowledge from anywhere outside
timer.c.
|
|
the peer data. makes bgpctl display code independent from timer
implementation internals. only running timers are displayed now, stopped
ones are skipped.
|
|
stop changing tienmr values directly, always use new
timer_(get/set/stop/running) functions. preparation for more to come :)
ok claudio
|
|
are now 4-byte instead of the old 2-byte numbers. The only exception are
communities because they can not be switched. The RDE will inflate and deflate
the ASPATH and AGGREGATOR attributes on demand and create the NEW_ASPATH and
NEW_AGGREGATOR field whenever needed. Both old and new stile sessions are
supported and can be mixed. Currently new stile sessions with the 4-byte AS
number capability turned on are only enabled if one of the AS numbers involved
is a 4-byte one.
This is based on an initial diff by Geoff Huston gih (at) apnic (dot) net
Cleanup, testing and bug-fixes by myself (via AS 3.10).
Currently mrt table dumps are producing incompatible output this will be fixed
afterwards -- this diff is already big enough.
"get it in if you think it is ready" henning@
|
|
Discussed with henning@
|
|
- dedicated pipe between the SE and the RDE for control messages
- restartable RB tree dumps in the RDE
- queuing limits both in the SE and RDE
The result is a dramatic decrease of memory consumption on operations like
bgpctl show rib. Previously all messages where first stored in the RDE
then passed to the SE where they got queued in case bgpctl was not fast enough.
Now only a small number of messages is generated and passed to the SE and
the SE has an additional limit instead of acting like an infinite buffer.
Without this the bgpd on bgpd.networx.ch would not survive a single minute.
looks good henning@
|
|
On some of my systems rde_shutdown() takes more than 3min doing nothing more
than calling free(3) over and over again.
|
|
* remove SAs and flows later again, even if the
* configuration info changed due to reload.
* We need: SPIs, method, local_addr, remote_addr.
* remote_addr cannot change, so no copy.
with this, I have just migrated a session from tcp md5sig to ipsec esp ike,
just with bgpctl reload (both sides) followed by bgpctl neighbor $foo clear
(just one side)!
claudio ok
|
|
is not such a good idea - it gets nulled on config reloads, and thus
we fail to clear the old SAs when the session is restarted after a config
reload occured. obvious solution: store the SPIs outside the config area.
ok claudio
|
|
draft-ietf-idr-restart. Do not announce actual restart capabilities,
so that this only serves as indicator that we are capable of sending
and receiving the End-of-RIB marker.
leave disabled for now, since the code to actually send the EoR-marker
is currently ifdef'd out (to be fixed soon) and we wanna play safe for
4.0. and juniper doesn't support that capability (which is not a problem
per se) and at the same time has its capability negotiation code completely
fucked up, if a capability is rejected they don't indicate WHICH capability
they reject (which makes that a problem, tho still a small one and we cope).
claudio ok
|
|
|
|
sessions can be configured to modify the carp demotion counter for a
given interface group (usually, "carp", which has all carp interfaces)
when the session is not established. once the session is established for
60 seconds, the demotion is cleared.
this, used correctly, can prevent a bgpd-box which lost all sessions (and
thus has no routes) to be carp master, while the backup has sessions.
thought through and partially hacked on a drive from calgary to vancouver
with ryan, ok claudio
|
|
control_accept should also return a unsigned int. Remove old prototype.
|
|
announced route refresh capabilities
|
|
nameley the show ones. needed for looking glass style applications,
monitoring etc. claudio ok
|
|
link between bgpctl and bgpd mostly because of rde_attr.c.
|
|
followed by a START event. Instead of sending START immediately, start the
IdleHoldTimer with a very low value (5 seconds) so that we restart the
session these seconds later. some other implementations deal poorly with
our previously superfast reconnects, namely, that commercial one from
san jose, claudio ok
|
|
when a peer drops to IDLE, we have to force him in IDLE for some time to
prevent fast flapping. however, the forced idle time is annoying when the
connection could be re-established immediately, i. e. bgpctl nei $peer clear
or similar.
implement an error counter per peer, increased every time we receive a
notification. when we are in state IDLE and get a connection from the peer
in question, check if the error counter is 1 or smaller. if so, change state
to active and accept the connection, otherwise keep the current behaviour
and reject the connection.
the error counter gets scaled back by the IdleHoldResetTimer that scales the
IdleHoldTime back as well
|
|
the peer stats struct, and clear them as soon as the session leaves IDLE
|
|
|
|
|
|
|
|
|
|
peer->capa.ann from this
|
|
by two instances of the new struct capabilities, one for announcements
and one for the received capabilities
|
|
individual capability flags where needed
|
|
|
|
disabled for now, claudio ok
|
|
writing to a member of a const struct is no good, so un-const struct peer
for log_statechange()
|
