Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Large BGP Communities support #543

Closed
pierky opened this issue Oct 11, 2016 · 7 comments
Closed

Large BGP Communities support #543

pierky opened this issue Oct 11, 2016 · 7 comments
Assignees
@fxlb
Labels
feature request

Comments

@pierky
Copy link
Contributor

pierky commented Oct 11, 2016

Can tcpdump add support for decoding https://tools.ietf.org/html/draft-ietf-idr-large-community?

    ...
          AS Path (2), length: 6, Flags [T]: 65538
          Next Hop (3), length: 4, Flags [T]: 192.0.2.4
          Unknown Attribute (30), length: 12, Flags [OT]:
            no Attribute 30 decoder
            0x0000:  0001 0002 0000 0001 0000 0001
          Updated routes:
            203.0.113.34/32
    ...

IANA has made an Early Allocation of the value 30 (LARGE_COMMUNITY) in the "BGP Path Attributes" registry under the "Border Gateway Protocol (BGP) Parameters" group and is now asked to make that Permanent.

Thanks
@fxlb
Copy link
Member

fxlb commented Oct 11, 2016
edited

We need, at a minimum, some pcap files with this option '30' in various sizes, e.g. 12, 24, 36 octets ("The attribute consists of one or more 12-octet values.")
GitHub allows now to attach ZIP files.

@fxlb fxlb self-assigned this Oct 11, 2016
@pierky
Copy link
Contributor Author

pierky commented Oct 11, 2016

Here it is.

203.0.113.11/32, 65536:1:1
203.0.113.12/32, 65536:1:1, 65536:1:2
203.0.113.13/32, 65536:1:1, 65536:1:2, 65536:1:3
203.0.113.15/32, 65536:0:1, 65536:1:0
203.0.113.16/32, 65535:1:1, 4294967295:4294967295:4294967295

exabgp.zip

pierky added a commit to pierky/bgp-large-communities-playground that referenced this issue Oct 11, 2016
@pierky
pcap used for the-tcpdump-group/tcpdump#543
b38b0f9
@fxlb
Copy link
Member

fxlb commented Oct 12, 2016

@pierky, Could you try this patch fxlb/tcpdump@bc700c4 ?

@pierky
Copy link
Contributor Author

pierky commented Oct 12, 2016

Nice!

      Large Community (30), length: 12, Flags [OT]:
        65537:1:1
      Large Community (30), length: 24, Flags [OT]:
        65537:1:1, 65537:1:2
      Large Community (30), length: 36, Flags [OT]:
        65537:1:1, 65537:1:2, 65537:1:3
      Large Community (30), length: 24, Flags [OT]:
        65537:1:1, 65537:1:1
      Large Community (30), length: 24, Flags [OT]:
        65537:0:1, 65537:1:0
      Large Community (30), length: 24, Flags [OT]:
        65535:1:1, 4294967295:4294967295:4294967295

Live traffic:

12:53:26.142836 IP (tos 0x0, ttl 1, id 2463, offset 0, flags [DF], proto TCP (6), length 115)
    192.0.2.3.179 > 192.0.2.2.35792: Flags [P.], cksum 0x846b (incorrect -> 0x6965), seq 19:82, ack 20, win 470, options [nop,nop,TS val 154867 ecr 152519], length 63: BGP
        Update Message (2), length: 63
          Origin (1), length: 1, Flags [T]: Incomplete
          AS Path (2), length: 6, Flags [T]: 65537
          Next Hop (3), length: 4, Flags [T]: 192.0.2.3
          Large Community (30), length: 12, Flags [OT]:
            65537:1:1
          Updated routes:
            203.0.113.21/32
12:53:26.169384 IP (tos 0x0, ttl 1, id 2464, offset 0, flags [DF], proto TCP (6), length 127)
    192.0.2.3.179 > 192.0.2.2.35792: Flags [P.], cksum 0x8477 (incorrect -> 0x5bf7), seq 82:157, ack 20, win 470, options [nop,nop,TS val 154873 ecr 152519], length 75: BGP
        Update Message (2), length: 75
          Origin (1), length: 1, Flags [T]: Incomplete
          AS Path (2), length: 6, Flags [T]: 65537
          Next Hop (3), length: 4, Flags [T]: 192.0.2.3
          Large Community (30), length: 24, Flags [OT]:
            65537:1:1, 65537:1:2
          Updated routes:
            203.0.113.22/32
12:53:26.202280 IP (tos 0x0, ttl 1, id 2466, offset 0, flags [DF], proto TCP (6), length 139)
    192.0.2.3.179 > 192.0.2.2.35792: Flags [P.], cksum 0x8483 (incorrect -> 0x4544), seq 157:244, ack 20, win 470, options [nop,nop,TS val 154882 ecr 154876], length 87: BGP
        Update Message (2), length: 87
          Origin (1), length: 1, Flags [T]: Incomplete
          AS Path (2), length: 6, Flags [T]: 65537
          Next Hop (3), length: 4, Flags [T]: 192.0.2.3
          Large Community (30), length: 36, Flags [OT]:
            65537:1:1, 65537:1:2, 65537:1:3
          Updated routes:
            203.0.113.23/32
12:53:26.231363 IP (tos 0x0, ttl 1, id 2467, offset 0, flags [DF], proto TCP (6), length 127)
    192.0.2.3.179 > 192.0.2.2.35792: Flags [P.], cksum 0x8477 (incorrect -> 0x500b), seq 244:319, ack 20, win 470, options [nop,nop,TS val 154889 ecr 154882], length 75: BGP
        Update Message (2), length: 75
          Origin (1), length: 1, Flags [T]: Incomplete
          AS Path (2), length: 6, Flags [T]: 65537
          Next Hop (3), length: 4, Flags [T]: 192.0.2.3
          Large Community (30), length: 24, Flags [OT]:
            65537:1:1, 65537:1:1
          Updated routes:
            203.0.113.24/32
12:53:26.258762 IP (tos 0x0, ttl 1, id 2468, offset 0, flags [DF], proto TCP (6), length 127)
    192.0.2.3.179 > 192.0.2.2.35792: Flags [P.], cksum 0x8477 (incorrect -> 0x4eb4), seq 319:394, ack 20, win 470, options [nop,nop,TS val 154896 ecr 154889], length 75: BGP
        Update Message (2), length: 75
          Origin (1), length: 1, Flags [T]: Incomplete
          AS Path (2), length: 6, Flags [T]: 65537
          Next Hop (3), length: 4, Flags [T]: 192.0.2.3
          Large Community (30), length: 24, Flags [OT]:
            65537:0:1, 65537:1:0
          Updated routes:
            203.0.113.25/32
12:53:26.289053 IP (tos 0x0, ttl 1, id 2469, offset 0, flags [DF], proto TCP (6), length 127)
    192.0.2.3.179 > 192.0.2.2.35792: Flags [P.], cksum 0x8477 (incorrect -> 0x4d5f), seq 394:469, ack 20, win 470, options [nop,nop,TS val 154903 ecr 154896], length 75: BGP
        Update Message (2), length: 75
          Origin (1), length: 1, Flags [T]: Incomplete
          AS Path (2), length: 6, Flags [T]: 65537
          Next Hop (3), length: 4, Flags [T]: 192.0.2.3
          Large Community (30), length: 24, Flags [OT]:
            65535:1:1, 4294967295:4294967295:4294967295
          Updated routes:
            203.0.113.26/32

Reading the file I attached to this issue:

13:08:47.107935 IP (tos 0x0, ttl 64, id 40592, offset 0, flags [DF], proto TCP (6), length 427)
    192.0.2.2.34270 > 192.0.2.3.179: Flags [P.], cksum 0x85a3 (incorrect -> 0x648a), seq 177:552, ack 65, win 457, options [nop,nop,TS val 3914332 ecr 3914332], length 375: BGP
        Update Message (2), length: 75
          Origin (1), length: 1, Flags [T]: IGP
          AS Path (2), length: 6, Flags [T]: 65536
          Next Hop (3), length: 4, Flags [T]: 192.0.2.2
          Large Community (30), length: 24, Flags [OT]:
            65535:1:1, 4294967295:4294967295:4294967295
          Updated routes:
            203.0.113.16/32
        Update Message (2), length: 75
          Origin (1), length: 1, Flags [T]: IGP
          AS Path (2), length: 6, Flags [T]: 65536
          Next Hop (3), length: 4, Flags [T]: 192.0.2.2
          Large Community (30), length: 24, Flags [OT]:
            65536:1:1, 65536:1:2
          Updated routes:
            203.0.113.12/32
        Update Message (2), length: 63
          Origin (1), length: 1, Flags [T]: IGP
          AS Path (2), length: 6, Flags [T]: 65536
          Next Hop (3), length: 4, Flags [T]: 192.0.2.2
          Large Community (30), length: 12, Flags [OT]:
            65536:1:1
          Updated routes:
            203.0.113.11/32
        Update Message (2), length: 75
          Origin (1), length: 1, Flags [T]: IGP
          AS Path (2), length: 6, Flags [T]: 65536
          Next Hop (3), length: 4, Flags [T]: 192.0.2.2
          Large Community (30), length: 24, Flags [OT]:
            65536:0:1, 65536:1:0
          Updated routes:
            203.0.113.15/32
        Update Message (2), length: 87
          Origin (1), length: 1, Flags [T]: IGP
          AS Path (2), length: 6, Flags [T]: 65536
          Next Hop (3), length: 4, Flags [T]: 192.0.2.2
          Large Community (30), length: 36, Flags [OT]:
            65536:1:1, 65536:1:2, 65536:1:3
          Updated routes:
            203.0.113.13/32

@job
Copy link
Contributor

job commented Oct 12, 2016

I tested this on the Large BGP Communities beacon (described here: http://mailman.nanog.org/pipermail/nanog/2016-October/088537.html - Debian Sid, tcpdump 4.9.0-PRE-GIT_2016_10_12)

Looks good to me!

13:18:17.649648 IP (tos 0xc0, ttl 1, id 48914, offset 0, flags [DF], proto TCP (6), length 1464)
    83.231.213.230.43643 > 83.231.213.229.179: Flags [.], cksum 0x5945 (incorrect -> 0x3b1b), seq 345979:347403, ack 1830, win 2477, length 1424: BGP [|BGP]
    Update Message (2), length: 62
      Origin (1), length: 1, Flags [T]: IGP
        0x0000:  00
      AS Path (2), length: 6, Flags [T]: 15562
        0x0000:  0201 0000 3cca
      Next Hop (3), length: 4, Flags [T]: 83.231.213.230
        0x0000:  53e7 d5e6
      Large Community (30), length: 12, Flags [OT]:
        15562:1:1
      Updated routes:
        192.147.168.0/24
    Update Message (2), length: 1037
      Withdrawn routes: 1014 bytes

@fxlb
Copy link
Member

fxlb commented Oct 12, 2016

Thanks, merged in master.
Test file to come.

pierky added a commit to pierky/bgp-large-communities-playground that referenced this issue Oct 13, 2016
@pierky
tcpdump support the-tcpdump-group/tcpdump#543
8f931e1
@fxlb
Copy link
Member

fxlb commented Oct 13, 2016

Test file added. Closing.

@fxlb fxlb closed this as completed Oct 13, 2016
@job job mentioned this issue Oct 26, 2016
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fxlb fxlb

Labels
feature request
Milestone
No milestone
Development

No branches or pull requests
3 participants
@job @fxlb @pierky