server: ignore routes when local AS is in AS_PATH

RFC4271 9.1.2 Phase 2: Route Selection If the AS_PATH attribute of a BGP route contains an AS loop, the BGP route should be excluded from the Phase 2 decision function. AS loop detection is done by scanning the full AS path (as specified in the AS_PATH attribute), and checking that the autonomous system number of the local system does not appear in the AS path. Operations of a BGP speaker that is configured to accept routes with its own autonomous system number in the AS path are outside the scope of this document. Also this commit adds support for allow-own-as option to relax this. Signed-off-by: ISHIDA Wataru <ishida.wataru@lab.ntt.co.jp>
author: ISHIDA Wataru <ishida.wataru@lab.ntt.co.jp> 2017-05-09 07:47:09 +0000
committer: Wataru Ishida <ishida.wataru@lab.ntt.co.jp> 2017-05-09 11:10:45 -0400
commit: 0f62519cd77f1cf38dee5b58377d0c347fe619bc (patch)
tree: 836c0fc65d09a6129c4edc16f04267ccd584075a /server
parent: 485b88244076b76a4bc1cef7b0630b3e70703fda (diff)
3 files changed, 91 insertions, 28 deletions
diff --git a/server/fsm.go b/server/fsm.go
index f623f399..e1b85cd0 100644
--- a/server/fsm.go
+++ b/server/fsm.go
@@ -600,6 +600,30 @@ func readAll(conn net.Conn, length int) ([]byte, error) {
 	return buf, nil
 }
 
+func getPathAttrFromBGPUpdate(m *bgp.BGPUpdate, typ bgp.BGPAttrType) bgp.PathAttributeInterface {
+	for _, a := range m.PathAttributes {
+		if a.GetType() == typ {
+			return a
+		}
+	}
+	return nil
+}
+
+func hasOwnASLoop(ownAS uint32, limit int, aspath *bgp.PathAttributeAsPath) bool {
+	cnt := 0
+	for _, i := range aspath.Value {
+		for _, as := range i.(*bgp.As4PathParam).AS {
+			if as == ownAS {
+				cnt++
+				if cnt > limit {
+					return true
+				}
+			}
+		}
+	}
+	return false
+}
+
 func (h *FSMHandler) recvMessageWithError() (*FsmMsg, error) {
 	sendToErrorCh := func(reason FsmStateReason) {
 		// probably doesn't happen but be cautious
@@ -671,6 +695,11 @@ func (h *FSMHandler) recvMessageWithError() (*FsmMsg, error) {
 			case bgp.BGP_MSG_UPDATE:
 				body := m.Body.(*bgp.BGPUpdate)
 				confedCheck := !config.IsConfederationMember(h.fsm.gConf, h.fsm.pConf) && config.IsEBGPPeer(h.fsm.gConf, h.fsm.pConf)
+
+				fmsg.payload = make([]byte, len(headerBuf)+len(bodyBuf))
+				copy(fmsg.payload, headerBuf)
+				copy(fmsg.payload[len(headerBuf):], bodyBuf)
+
 				_, err = bgp.ValidateUpdateMsg(body, h.fsm.rfMap, confedCheck)
 				if err != nil {
 					log.WithFields(log.Fields{
@@ -680,28 +709,34 @@ func (h *FSMHandler) recvMessageWithError() (*FsmMsg, error) {
 						"error": err,
 					}).Warn("malformed BGP update message")
 					fmsg.MsgData = err
-				} else {
-					// FIXME: we should use the original message for bmp/mrt
-					table.UpdatePathAttrs4ByteAs(body)
-					err = table.UpdatePathAggregator4ByteAs(body)
-					if err == nil {
-						fmsg.PathList = table.ProcessMessage(m, h.fsm.peerInfo, fmsg.timestamp)
-						id := h.fsm.pConf.Config.NeighborAddress
-						for _, path := range fmsg.PathList {
-							if path.IsEOR() {
-								continue
-							}
-							if h.fsm.policy.ApplyPolicy(id, table.POLICY_DIRECTION_IN, path, nil) == nil {
-								path.Filter(id, table.POLICY_DIRECTION_IN)
-							}
-						}
-					} else {
-						fmsg.MsgData = err
+					return fmsg, err
+				}
+
+				table.UpdatePathAttrs4ByteAs(body)
+				if err = table.UpdatePathAggregator4ByteAs(body); err != nil {
+					fmsg.MsgData = err
+					return fmsg, err
+				}
+
+				// RFC4271 9.1.2 Phase 2: Route Selection
+				//
+				// If the AS_PATH attribute of a BGP route contains an AS loop, the BGP
+				// route should be excluded from the Phase 2 decision function.
+				var asLoop bool
+				if attr := getPathAttrFromBGPUpdate(body, bgp.BGP_ATTR_TYPE_AS_PATH); attr != nil {
+					asLoop = hasOwnASLoop(h.fsm.peerInfo.LocalAS, int(h.fsm.pConf.AsPathOptions.Config.AllowOwnAs), attr.(*bgp.PathAttributeAsPath))
+				}
+
+				fmsg.PathList = table.ProcessMessage(m, h.fsm.peerInfo, fmsg.timestamp)
+				id := h.fsm.pConf.Config.NeighborAddress
+				for _, path := range fmsg.PathList {
+					if path.IsEOR() {
+						continue
+					}
+					if asLoop || (h.fsm.policy.ApplyPolicy(id, table.POLICY_DIRECTION_IN, path, nil) == nil) {
+						path.Filter(id, table.POLICY_DIRECTION_IN)
 					}
 				}
-				fmsg.payload = make([]byte, len(headerBuf)+len(bodyBuf))
-				copy(fmsg.payload, headerBuf)
-				copy(fmsg.payload[len(headerBuf):], bodyBuf)
 				fallthrough
 			case bgp.BGP_MSG_KEEPALIVE:
 				// if the length of h.holdTimerResetCh
diff --git a/server/fsm_test.go b/server/fsm_test.go
index 0fb67f98..aea6700b 100644
--- a/server/fsm_test.go
+++ b/server/fsm_test.go
@@ -287,6 +287,15 @@ func TestFSMHandlerEstablished_HoldtimeZero(t *testing.T) {
 	assert.Equal(0, len(m.sendBuf))
 }
 
+func TestCheckOwnASLoop(t *testing.T) {
+	assert := assert.New(t)
+	aspathParam := []bgp.AsPathParamInterface{bgp.NewAs4PathParam(2, []uint32{65100})}
+	aspath := bgp.NewPathAttributeAsPath(aspathParam)
+	assert.False(hasOwnASLoop(65100, 10, aspath))
+	assert.True(hasOwnASLoop(65100, 0, aspath))
+	assert.False(hasOwnASLoop(65200, 0, aspath))
+}
+
 func makePeerAndHandler() (*Peer, *FSMHandler) {
 	p := &Peer{
 		fsm:      NewFSM(&config.Global{}, &config.Neighbor{}, table.NewRoutingPolicy()),
diff --git a/server/server.go b/server/server.go
index f3861de3..6e20979b 100644
--- a/server/server.go
+++ b/server/server.go
@@ -1317,7 +1317,17 @@ func (s *BgpServer) softResetIn(addr string, family bgp.RouteFamily) error {
 		for _, path := range peer.adjRibIn.PathList(families, false) {
 			exResult := path.Filtered(peer.ID())
 			path.Filter(peer.ID(), table.POLICY_DIRECTION_NONE)
-			if s.policy.ApplyPolicy(peer.ID(), table.POLICY_DIRECTION_IN, path, nil) != nil {
+
+			// RFC4271 9.1.2 Phase 2: Route Selection
+			//
+			// If the AS_PATH attribute of a BGP route contains an AS loop, the BGP
+			// route should be excluded from the Phase 2 decision function.
+			var asLoop bool
+			if aspath := path.GetAsPath(); aspath != nil {
+				asLoop = hasOwnASLoop(peer.fsm.peerInfo.LocalAS, int(peer.fsm.pConf.AsPathOptions.Config.AllowOwnAs), aspath)
+			}
+
+			if !asLoop && s.policy.ApplyPolicy(peer.ID(), table.POLICY_DIRECTION_IN, path, nil) != nil {
 				pathList = append(pathList, path.Clone(false))
 				// this path still in rib's
 				// knownPathList. We can't
@@ -1482,13 +1492,13 @@ func (s *BgpServer) GetAdjRib(addr string, family bgp.RouteFamily, in bool, pref
 		if !ok {
 			return fmt.Errorf("Neighbor that has %v doesn't exist.", addr)
 		}
-		id := peer.TableID()
+		id := peer.ID()
 
 		var adjRib *table.AdjRib
 		if in {
 			adjRib = peer.adjRibIn
 		} else {
-			adjRib = table.NewAdjRib(peer.ID(), peer.configuredRFlist())
+			adjRib = table.NewAdjRib(id, peer.configuredRFlist())
 			accepted, _ := peer.getBestFromLocal(peer.configuredRFlist())
 			adjRib.Update(accepted)
 		}
@@ -1707,7 +1717,7 @@ func (s *BgpServer) DeleteNeighbor(c *config.Neighbor) error {
 	}, true)
 }
 
-func (s *BgpServer) UpdateNeighbor(c *config.Neighbor) (policyUpdated bool, err error) {
+func (s *BgpServer) UpdateNeighbor(c *config.Neighbor) (needsSoftResetIn bool, err error) {
 	err = s.mgmtOperation(func() error {
 		addr := c.Config.NeighborAddress
 		peer, ok := s.neighborMap[addr]
@@ -1722,10 +1732,19 @@ func (s *BgpServer) UpdateNeighbor(c *config.Neighbor) (policyUpdated bool, err
 			}).Info("Update ApplyPolicy")
 			s.policy.Reset(nil, map[string]config.ApplyPolicy{peer.ID(): c.ApplyPolicy})
 			peer.fsm.pConf.ApplyPolicy = c.ApplyPolicy
-			policyUpdated = true
+			needsSoftResetIn = true
 		}
 		original := peer.fsm.pConf
 
+		if !original.AsPathOptions.Config.Equal(&c.AsPathOptions.Config) {
+			log.WithFields(log.Fields{
+				"Topic": "Peer",
+				"Key":   peer.ID(),
+			}).Info("Update aspath options")
+			peer.fsm.pConf.AsPathOptions = c.AsPathOptions
+			needsSoftResetIn = true
+		}
+
 		if !original.Config.Equal(&c.Config) || !original.Transport.Config.Equal(&c.Transport.Config) || config.CheckAfiSafisChange(original.AfiSafis, c.AfiSafis) {
 			sub := uint8(bgp.BGP_ERROR_SUB_OTHER_CONFIGURATION_CHANGE)
 			if original.Config.AdminDown != c.Config.AdminDown {
@@ -1738,7 +1757,7 @@ func (s *BgpServer) UpdateNeighbor(c *config.Neighbor) (policyUpdated bool, err
 					"Topic": "Peer",
 					"Key":   peer.ID(),
 					"State": state,
-				}).Info("update admin-state configuration")
+				}).Info("Update admin-state configuration")
 			} else if original.Config.PeerAs != c.Config.PeerAs {
 				sub = bgp.BGP_ERROR_SUB_PEER_DECONFIGURED
 			}
@@ -1763,7 +1782,7 @@ func (s *BgpServer) UpdateNeighbor(c *config.Neighbor) (policyUpdated bool, err
 			log.WithFields(log.Fields{
 				"Topic": "Peer",
 				"Key":   peer.ID(),
-			}).Info("update timer configuration")
+			}).Info("Update timer configuration")
 			peer.fsm.pConf.Timers.Config = c.Timers.Config
 		}
 
@@ -1778,7 +1797,7 @@ func (s *BgpServer) UpdateNeighbor(c *config.Neighbor) (policyUpdated bool, err
 		}
 		return err
 	}, true)
-	return policyUpdated, err
+	return needsSoftResetIn, err
 }
 
 func (s *BgpServer) addrToPeers(addr string) (l []*Peer, err error) {
author	ISHIDA Wataru <ishida.wataru@lab.ntt.co.jp>	2017-05-09 07:47:09 +0000
committer	Wataru Ishida <ishida.wataru@lab.ntt.co.jp>	2017-05-09 11:10:45 -0400
commit	0f62519cd77f1cf38dee5b58377d0c347fe619bc (patch)
tree	836c0fc65d09a6129c4edc16f04267ccd584075a /server
parent	485b88244076b76a4bc1cef7b0630b3e70703fda (diff)