Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Playing with bird
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3103

PostPosted: Sun Mar 19, 2023 11:40 am    Post subject: Playing with bird Reply with quote

Trying to get some new skills; I have a flock of birds caged in network namespaces, tied with veth pairs. Trying to route things with OSPF

Each namespace has a dummy interface with a unique IP
Each namespace is directly connected to 2 other namespaces (so it's a ring)

Things that work:
* OSPF over ipv6
* OSPF over links configured with ipv4 IPs

Things I want that don't work:
* ipv4 peer discovery over unnumbered interfaces. (1 IP is enough to name a router, I don't want to assign another address to every interface, but bird does not send its hello on interfaces without an IP address even though point2point type interface mode claims to support it)
* cross-stack communication, like sending ipv4 routes over ipv6 OSPF session (apparently supported in bird2)
* discovering ipv6 routes to ipv4 destinations. Linux can route packets this way, and bird is said to support that too, but I don't see how it's enabled

The official documentation simply sucks. So, I wonder, does anyone have any tips or resources I could use?
Back to top
View user's profile Send private message
pingtoo
l33t
l33t


Joined: 10 Sep 2021
Posts: 887
Location: Richmond Hill, Canada

PostPosted: Sun Mar 19, 2023 2:56 pm    Post subject: Reply with quote

szatox,

Have you try to use 'tcpdump' or 'wireshark' to analyze what actually transmitted?

szatox wrote:
* ipv4 peer discovery over unnumbered interfaces. (1 IP is enough to name a router, I don't want to assign another address to every interface, but bird does not send its hello on interfaces without an IP address even though point2point type interface mode claims to support it)
I imagine bird need to use "arp" to learn the other end of point2point, so without IP on source end, I think bird have no way to send out the message. This is just my guess.
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3103

PostPosted: Sun Mar 19, 2023 4:42 pm    Post subject: Reply with quote

Yes, tcpdump was the first thing I launched after seeing neighbors not talking to each other.
Quote:

I imagine bird need to use "arp" to learn the other end of point2point, so without IP on source end, I think bird have no way to send out the message. This is just my guess.
It doesn't.
ptp mode always talks to multicast address, it never attempts to resolve it. Giving an interface /32 address without any routes at all is enough to make bird start sending ospf hello. Only after both ends send they hello, they start synchronizing their databases.

You see, it's not like I'm completely unable to set it up, I just don't like the way I am able to set it right now and I want to figure out how to take advantage of those other, better options, which are supposedly supported, but also completely undocumented.
On top of that, it seems that bird2 has a very different architecture than the first line, making whatever worked for the old version obsolete. E.g. if you were to use both, ipv4 and ipv6, you'd have to run 2 bird daemons with different configs (which is no longer the case). But the definitions of protocols definitely are not intuitive, and the error messages are rather cryptic and pasting them into a search engine yields like 0 results. Let's just say it took a few attempts to figure out that I have to define "kernel" protocol twice, with different channels. It's not how config files _usually_ work.
Back to top
View user's profile Send private message
pingtoo
l33t
l33t


Joined: 10 Sep 2021
Posts: 887
Location: Richmond Hill, Canada

PostPosted: Sun Mar 19, 2023 5:59 pm    Post subject: Reply with quote

I guess I don't know network protocol enough to understand why point2point always talk to multicast address and why in multicast address scheme, you don't need to have a IP address that is in the multicast group in order to receive anything.

I don't do network configuration certainly never learn how network to network work. I only understand the basic principle of in order for a node in network A to find a node in network B, it will require node XA in network A need to learn how to get to next hop, manually by someone enter it to routing table or automatically by router that will learn from routing exchange protocol.

If bird have not describe a way how to do something I suspect it is intentional because it could be a immature implementation that could change later, So the developer do not want other to use to force their hand to design backward compatibility.
Back to top
View user's profile Send private message
GDH-gentoo
Veteran
Veteran


Joined: 20 Jul 2019
Posts: 1505
Location: South America

PostPosted: Sun Mar 19, 2023 8:16 pm    Post subject: Reply with quote

This BIRD?

pingtoo wrote:
I guess I don't know network protocol enough to understand why point2point always talk to multicast address and why in multicast address scheme, you don't need to have a IP address that is in the multicast group in order to receive anything.

Yes, OSPF can use any IP address the host has as the source IP address of the packets sent on unnumbered point-to-point links. And OSPF Hello packets have a fixed, well-known group address as the destination IP address (224.0.0.5), that every OSPF router listens to. And OSPF routers can learn a usable individual IP address of its peer in the remote end of a point-to-point link (e. g. for subsequent unicast control packets) from the source IP address of Hello packets. No other protocol needed.

How well this is supported (if at all) depends on the implementation.
_________________
NeddySeagoon wrote:
I'm not a witch, I'm a retired electronics engineer :)
Ionen wrote:
As a packager I just don't want things to get messier with weird build systems and multiple toolchains requirements though :)
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3103

PostPosted: Sun Mar 19, 2023 9:49 pm    Post subject: Reply with quote

Yes, this bird.
Quote:
I guess I don't know network protocol enough to understand why point2point [...] don't need to have a IP address that is in the multicast group in order to receive anything.
Well, setting ptp mode just tells bird that you and your peer are the only entities on the line. Whatever data you see coming your way was implicitly intended for you to receive.
Also, ptp, being a direct wire probably does not feature any smart switches, so there is no need to even subscribe to the multicast group, as there is nothing that would filter this traffic.
On brodcast-type network bird uses unicast addresses for updating database (not sure why, since ospf informs all neighbors about its own routes; perhaps for path poisoning).


As a side note, digging around this topic I actually looked into multicasts (both ipv4 and ipv6) and it's a really disappointing design. Multicast doesn't really offer any advantages over broadcast, it suffers from all its limitations (e.g. non-routable), and is more complicated across the board.
Yeah, yeah, it reduces the number of unwanted packets on a switched network, sure, that's MAYBE correct; I don't care. All the stuff that actually pushes the network's limits goes over unicast anyway, so flooding the local network segment is not a big enough argument. Also: VLANs


Now, going back to the main topic, any ideas how to achieve either of those 3 original points?
* ospf for ipv4 over interfaces without IP address. IPv6 doesn't need it, there is always at least link-local address.
* sharing routes for ipv4 and ipv6 over the same (in my case: ipv6) channel
* routing ipv4 destinations via ipv6 gateway. In particular: neighbor's link-local address. I mean, all the pieces are right there, I just have no idea how to handle the controls required to put them all together.
Back to top
View user's profile Send private message
GDH-gentoo
Veteran
Veteran


Joined: 20 Jul 2019
Posts: 1505
Location: South America

PostPosted: Mon Apr 24, 2023 3:52 pm    Post subject: Reply with quote

szatox wrote:
Now, going back to the main topic, any ideas how to achieve either of those 3 original points?
* ospf for ipv4 over interfaces without IP address. IPv6 doesn't need it, there is always at least link-local address.

Having looked at the code and done some minimal testing, the setup, using iproute2's ip address add command, would seem to be:

# ip address add local_address dev if_name peer peer_address/32

local_address is the IP address that you want to use as the source address of the OSPF packets. Yes, with one or more unnumbered interfaces, ip address show will show multiple interfaces with the same address, and the kernel doesn't care.

peer_address would be a usable IP address of the host in the remote end of the point-to-point link, but the code doesn't seem to actually care what the value is: the neighbor's real address will be learnt from Hello packets.

All that BIRD cares about to treat the interface as unnumbered is that local_address != peer_address, and that the specified peer's network mask is /32. The interface type will be automatically configured as point-to-point. However, birdc's show ospf interface command will not show local_address, only peer_address, so you might want to configure a meaningful value anyway.
_________________
NeddySeagoon wrote:
I'm not a witch, I'm a retired electronics engineer :)
Ionen wrote:
As a packager I just don't want things to get messier with weird build systems and multiple toolchains requirements though :)
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3103

PostPosted: Tue Apr 25, 2023 8:55 am    Post subject: Reply with quote

So, basically, to make bird use unnumbered interfaces, I have to number them.
Huh.... Well, I will check it out and see. Feels hackish AF, but if it works, it works. Thanks.

I wonder though: is there anything particular about the way kernel uses interfaces with peer address assigned? Iproute's man does show how to add peer, but I honestly have no idea what purpose does it serve, and a keyword search doesn't do a very good job on this case.
Back to top
View user's profile Send private message
GDH-gentoo
Veteran
Veteran


Joined: 20 Jul 2019
Posts: 1505
Location: South America

PostPosted: Tue Apr 25, 2023 10:48 am    Post subject: Reply with quote

szatox wrote:
So, basically, to make bird use unnumbered interfaces, I have to number them.

And repeat IP addresses on several network interfaces. Totally unintuitive e.g. if you are used to network devices' command-line interface, but I saw this and tested it.

szatox wrote:
I wonder though: is there anything particular about the way kernel uses interfaces with peer address assigned? Iproute's man does show how to add peer, but I honestly have no idea what purpose does it serve, and a keyword search doesn't do a very good job on this case.

The interface that Linux offers to user space for network interface and IPv4 routing table configuration are Netlink sockets. The Netlink messages for configuring network interface addresses (RTM_NEWADDR, RTM_DELADDR and RTM_GETADDR) apparently always contain two "routing attributes" with IP addresses, IFA_ADDRESS and IFA_LOCAL, according to what BIRD's code expects, and seemingly this form of the ip address add command allows them to be independently set. I guess their use depends on what the user space program that reads these messages decides to do with them.

BIRD always takes the address in IFA_LOCAL as the interface's, and ignores IFA_ADDRESS except when the prefix length specified in the message is 32. And even then, it only uses the address for comparing it to the one in IFA_LOCAL. And for composing the output of the show ospf interface command.

There is a man page available that superficially describes these Netlink messages, it's man 7 rtnetlink.
_________________
NeddySeagoon wrote:
I'm not a witch, I'm a retired electronics engineer :)
Ionen wrote:
As a packager I just don't want things to get messier with weird build systems and multiple toolchains requirements though :)
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3103

PostPosted: Tue Apr 25, 2023 12:03 pm    Post subject: Reply with quote

Yeah, but is a route created with
ip address add 1.2.3.4 peer 5.6.7.8
any different than one created with
ip route add 5.6.7.8 src 1.2.3.4 ?

I mean in the kernel itself; I doubt this option has been put there only to let bird decide how to use it, which makes me wonder why the peer parameter even exists.
While man rtnetlink does explain how to talk to kernel about routes, which is great for programmers, it doesn't say anything about why or what is kernel going to do with this conversation, which is the imporant part for sysadmins.

The first case is reported differently by ip address (it lists peer when read), but both commands add the same route. How do I know when to use one format over the other? Other than: if you don't know you need a peer, you don't need it. I know the default, just trying to expand my toolkit :)
Back to top
View user's profile Send private message
GDH-gentoo
Veteran
Veteran


Joined: 20 Jul 2019
Posts: 1505
Location: South America

PostPosted: Tue Apr 25, 2023 3:08 pm    Post subject: Reply with quote

szatox wrote:
Yeah, but is a route created with
ip address add 1.2.3.4 peer 5.6.7.8
any different than one created with
ip route add 5.6.7.8 src 1.2.3.4 ?

The first one actually doesn't create a route (and is missing the dev parameter specifying an interface). Only the second one does. If you don't have a daemon taking care (bird, dhcpcd, NetworkManager, etc.) you can have all interfaces configured and an empty routing table (as shown by ip route show).

szatox wrote:
I mean in the kernel itself; I doubt this option has been put there only to let bird decide how to use it, which makes me wonder why the peer parameter even exists.

I guess it depends on interface type. It's been a long time since I have seen e. g. PPP interfaces. If I remember correctly, those allowed the IP addresses of both endpoints not to share a common prefix, and to be learnt by one endpoint using the PPP IP Control Protocol (IPCP). I can see the software managing such a connection using (the underlying Netlink equivalent of) the "peer" form of that command.

When only dealing with wired Ethernet connections, I would expect to never use the "peer" form in general, except in special cases like this one, where an Ethernet connection is being effectively used as a point-to-point link.
_________________
NeddySeagoon wrote:
I'm not a witch, I'm a retired electronics engineer :)
Ionen wrote:
As a packager I just don't want things to get messier with weird build systems and multiple toolchains requirements though :)
Back to top
View user's profile Send private message
szatox
Advocate
Advocate


Joined: 27 Aug 2013
Posts: 3103

PostPosted: Tue Apr 25, 2023 5:52 pm    Post subject: Reply with quote

Quote:
The first one actually doesn't create a route (and is missing the dev parameter specifying an interface)
Yeah, it was missing dev, but that wasn't the point. It does add the route on my machine though.
Code:
 ~ # ip address add 1.2.3.4 peer 5.6.7.8  dev eth0
 ~ # ip r | grep eth0
5.6.7.8 dev eth0 proto kernel scope link src 1.2.3.4 linkdown


Quote:

It's been a long time since I have seen e. g. PPP interfaces. If I remember correctly, those allowed the IP addresses of both endpoints not to share a common prefix, and to be learnt by one endpoint
Fair point about ppp, there was some kind of autodiscovery. However, there's nothing stopping us from adding a direct route to different network and it will work as long the wire is plugged in.

So it looks to me like we had 2 separate mechanisms doing the same thing and I have a hard time justifying this design decision.
It is NOT very important though, so don't sweat it. Also, maybe I'll find some corner case during tests.
Back to top
View user's profile Send private message
GDH-gentoo
Veteran
Veteran


Joined: 20 Jul 2019
Posts: 1505
Location: South America

PostPosted: Tue Apr 25, 2023 10:28 pm    Post subject: Reply with quote

GDH-gentoo wrote:
szatox wrote:
Yeah, but is a route created with
ip address add 1.2.3.4 peer 5.6.7.8
any different than one created with
ip route add 5.6.7.8 src 1.2.3.4 ?

The first one actually doesn't create a route (and is missing the dev parameter specifying an interface). Only the second one does.
szatox wrote:
It does add the route on my machine though.
Code:
 ~ # ip address add 1.2.3.4 peer 5.6.7.8  dev eth0
 ~ # ip r | grep eth0
5.6.7.8 dev eth0 proto kernel scope link src 1.2.3.4 linkdown

You are right, I don't know why I got an empty table when I tried before.

Code:
# ip address add 1.2.3.4 peer 5.6.7.8 dev eth0
This works, configures interface eth0 and adds a route for prefix 5.6.7.8/32.

Code:
# ip route add 5.6.7.8 src 1.2.3.4
RTNETLINK answers: No such device
This doesn't work.
_________________
NeddySeagoon wrote:
I'm not a witch, I'm a retired electronics engineer :)
Ionen wrote:
As a packager I just don't want things to get messier with weird build systems and multiple toolchains requirements though :)
Back to top
View user's profile Send private message
GDH-gentoo
Veteran
Veteran


Joined: 20 Jul 2019
Posts: 1505
Location: South America

PostPosted: Wed Apr 26, 2023 10:33 pm    Post subject: Reply with quote

szatox wrote:
Now, going back to the main topic, any ideas how to achieve either of those 3 original points?
[...]
* sharing routes for ipv4 and ipv6 over the same (in my case: ipv6) channel
* routing ipv4 destinations via ipv6 gateway. In particular: neighbor's link-local address. I mean, all the pieces are right there, I just have no idea how to handle the controls required to put them all together.

OSPFv3 can create both IPv4 routes and IPv6 routes, and yes, BIRD's implementation claims to support that. It's the reference to RFC 5838 in the documentation.

BIRD 2.13 User's Guide wrote:
OSPFv3 needs either one IPv6 channel, or one IPv4 channel (RFC 5838). Therefore, it is possible to use OSPFv3 for both IPv4 and Pv6 routing, but it is necessary to have two protocol instances anyway.

I believe that this would translate to:

bird.conf
Code:
# Instance for the IPv4 routing table
protocol ospf v3 name1 {
        ipv4 {
                export all;
                # Other channel configuration
        };
        # OSPF-specific configuration
}

# Instance for the IPv6 routing table
protocol ospf v3 name2 {
        ipv6 {
                export all;
                # Other channel configuration
        };
        # OSPF-specific configuration
}

However, apparently you might need an IPv4 address that can be mapped to a MAC address through ARP, in addition to the IPv6 link local address, at least in every router in a route to an IPv4 prefix, that is connected to links (explicitly or implicitly) configured as broadcast networks (type broadcast), for next hop resolution:

RFC 5838 wrote:
2.5. Next-Hop Calculation for IPv4 Unicast and Multicast AFs

OSPFv3 runs on top of IPv6 and uses IPv6 link local addresses for OSPFv3 control packets and next-hop calculations. Although IPv6 link local addresses could be used as next hops for IPv4 address families, it is desirable to have IPv4 next-hop addresses. For example, in the IPv4 multicast AF, the Protocol Independent Multicast (PIM) [PIM] neighbor address and the next-hop address should both be IPv4 addresses in order for the Reverse Path Forwarding (RPF) lookup to work correctly. Troubleshooting is also easier when the prefix address and next-hop address are in the same AF.

You'd have to experiment with this.
_________________
NeddySeagoon wrote:
I'm not a witch, I'm a retired electronics engineer :)
Ionen wrote:
As a packager I just don't want things to get messier with weird build systems and multiple toolchains requirements though :)
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum