- Added the option "rs_asn" to the exchange configuration. "rs_asn" c…

…an prevent the auto discovery of fake route-servers from the peeringdb.
ipcjk · May 10, 2017 · 6bf4086 · 6bf4086
1 parent c0da58b
commit 6bf4086
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 2 deletions.
diff --git a/Readme.md b/Readme.md
@@ -196,9 +196,9 @@ _[options]_-subsection. Please avoid special characters or whitespaces/tabs insi
  - peer_group6=$peer_group6 (group used for ipv6-peering with neighbors for the _[peers]_-list)
  - routeserver_prefixes6=$number ($number is used to overwrite the maximum prefix limit from peeringdb)
 
-
 #### iv6 | ipv4 
  - routeserver=(0=disable, 1=auto-detect and configure neighbor statements for route-servers)
+ - rsn_asn=$rsn_asn (explicit set the as number value of the expected remote routeserver , this can protect you from rogue route-servers type from peeringdb )
 
 #### wildcard 
  - wildcard= (0=disable [default], 1=enable, 2=enableAll)

diff --git a/inireader/iniread.go b/inireader/iniread.go
@@ -25,6 +25,7 @@ var PossibleOptions = map[string]bool{
 	"exportpolicy":          true,
 	"routeserver_prefixes":  true,
 	"routeserver_prefixes6": true,
+	"rs_asn":                true,
 }
 
 const (

diff --git a/inireader_test.go b/inireader_test.go
@@ -53,6 +53,7 @@ func TestExchangeOption(t *testing.T) {
 	inireader.ParseOptionLine("exportpolicy=foo2", ixConfig, "testIX")
 	inireader.ParseOptionLine("routeserver_prefixes=10000", ixConfig, "testIX")
 	inireader.ParseOptionLine("routeserver_prefixes6=400", ixConfig, "testIX")
+	inireader.ParseOptionLine("rs_asn=6695", ixConfig, "testIX")
 
 	/* Check that we covered all cases from inireader */
 	for k := range inireader.PossibleOptions {
@@ -86,4 +87,8 @@ func TestExchangeOption(t *testing.T) {
 	if ixConfig["testIX"]["wildcard"] != "1" {
 		t.Error("Wildcard option is wrong")
 	}
+
+	if ixConfig["testIX"]["rs_asn"] != "6695" {
+		t.Error("Route-Server ASN number is wrong")
+	}
 }
diff --git a/ixworkers/ixworkers.go b/ixworkers/ixworkers.go
@@ -20,6 +20,7 @@ func WorkerMergePeerConfiguration(exchanges ixtypes.IXs, apiServiceURL string, e
 				return
 			}
 			_, rs_auto := exchanges[i].Options[exchanges[i].IxName]["routeserver"]
+			rsnASN, rsnOk := exchanges[i].Options[exchanges[i].IxName]["rs_asn"]
 
 			myPeers := peerDB.GetPeersOnIXByIxName(exchanges[i].IxName)
 			for _, peer := range myPeers.Data {
@@ -77,7 +78,9 @@ func WorkerMergePeerConfiguration(exchanges ixtypes.IXs, apiServiceURL string, e
 						rsPeer.InfoPrefixes6, _ = strconv.ParseInt(string(infoprefixes6), 10, 64)
 					}
 
-					if rs_auto {
+					if rs_auto && rsnOk && peerASN != string(rsnASN) {
+						log.Printf("Probably rogue route-server advertised in %s\n", peerASN)
+					} else if rs_auto {
 						exchanges[i].PeersReady = append(exchanges[i].PeersReady, rsPeer)
 					}
 					continue