WIP net/frr: Add BGP password support#2645
Closed
mimugmail wants to merge 15 commits intoopnsense:masterfrom
Closed
WIP net/frr: Add BGP password support#2645mimugmail wants to merge 15 commits intoopnsense:masterfrom
mimugmail wants to merge 15 commits intoopnsense:masterfrom
Conversation
Member
|
@mimugmail if you have the time and spirit to provide a test setup or an easy to install test config, that would be practical. As discussed I do want to dig into the |
Member
Author
|
@AdSchellevis I finished my lab, shall we arrange a teams via IRC the next days as discussed last month (time flies ...)? |
Member
|
@mimugmail sure, just ping me on irc. |
|
Any update on this? |
AdSchellevis
added a commit
that referenced
this pull request
Feb 2, 2022
refactor security association handling. Try to figure out which entries belong to FRR before removing them, so neighbor changes won't be left on the machine after apply. Flush our desired configuration into /usr/local/etc/frr/sa_policies.conf for easy reading and testing. Since we don't know if passwords have changed, we will have to drop SA's first. When this is a bit bumpy, we may also try to alter the existing SA's, this shouldn't be too hard to add later on.
Member
|
refactored setkey in #2800 |
AdSchellevis
added a commit
that referenced
this pull request
Feb 3, 2022
refactor security association handling. Try to figure out which entries belong to FRR before removing them, so neighbor changes won't be left on the machine after apply. Flush our desired configuration into /usr/local/etc/frr/sa_policies.conf for easy reading and testing. Since we don't know if passwords have changed, we will have to drop SA's first. When this is a bit bumpy, we may also try to alter the existing SA's, this shouldn't be too hard to add later on.
AdSchellevis
added a commit
that referenced
this pull request
Feb 3, 2022
Add BGP password support [#2645] Try to figure out which entries belong to FRR before removing them, so neighbour changes won't be left on the machine after apply. Flush our desired configuration into /usr/local/etc/frr/sa_policies.conf for easy reading and testing. Since we don't know if passwords have changed, we will have to drop SA's first. When this is a bit bumpy, we may also try to alter the existing SA's, this shouldn't be too hard to add later on. Co-authored-by: Michael <m.muenz@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Currently only supports v4 as it is a base for discussion first.
As discusses with @AdSchellevis we should do this right from the beginning as it interacts with setkey/SPD and IPsec.
The current approach only adds and deletes the line without any flushing. To me this looks ok so far.
Also adding @g-a-c for feedback if interested.