bgpd: add [no]neighbor capability fqdn #15192

fdumontet6WIND · 2024-01-22T14:02:52Z

bgpd: add [no]neighbor dont-capability-negotiate hostname command

cisco routers are not dealing fairly whith unsupported capabilities.
When a cisco router receive an unsupported capabilities it reset the
negociation without notifying the unmatching capability as described in
RFC2842.
Cisco suggest the use of
neighbor x.x.x.x dont-capability-negociate capability-type
to avoid the use of "capability-type" in open message.
Our case is about the hostname capability.

this new command is to remove the use of hostname capability in the
open message with the peer "x.x.x.x".

Link: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/116189-problemsolution-technology-00.pdf

Signed-off-by: Francois Dumontet [email protected]

ton31337

Can you switch to no neighbor <A.B.C.D|X:X::X:X|WORD> capability fqdn format?

fdumontet6WIND · 2024-01-22T14:45:22Z

Hi Donatas,

the draft defining that capabilty is using hostname:
https://datatracker.ietf.org/doc/html/draft-walton-bgp-hostname-capability-02

what do you prefer?

ton31337 · 2024-01-22T14:58:36Z

I meant that CLI change should be using neighbor ... capability ..., and not dont-capability-negotiate. Keep the format as others (software-version, orf, dynamic, extended-nexthop).

fdumontet6WIND · 2024-01-22T15:13:44Z

what do you think about
[no] neighbor <A.B.C.D|X:X::X:X|WORD> capability hostname dont-negotiate

ton31337 · 2024-01-22T15:57:00Z

Why can't it be without the last dont-negotiate?

fdumontet6WIND · 2024-01-22T16:12:03Z

the default will bee hostname capability advertising

fdumontet6WIND · 2024-01-22T16:17:24Z

ok i will do it

ton31337 · 2024-01-23T07:36:04Z

And it should be fqdn, not hostname. The draft defines it as FQDN capability, even more: this is hostname + domainname, which means fqdn eventually.

pguibert6WIND · 2024-01-23T09:47:24Z

And it should be fqdn, not hostname. The draft defines it as FQDN capability, even more: this is hostname + domainname, which means fqdn eventually.

The draft title is named "hostname", not "fqdn".
"Eventually" is a suggestion, and I think it is preferrable to stick with draft title instead.

ton31337 · 2024-01-23T09:54:55Z

Disagree, the capability is named FQDN, not hostname.

fdumontet6WIND · 2024-01-23T10:12:36Z

conforming with https://www.iana.org/assignments/capability-codes/capability-codes.xhtml
you are right

fdumontet6WIND · 2024-01-24T09:03:35Z

ci:rerun

ton31337

Some comments to address, sorry.

ton31337 · 2024-01-24T20:52:34Z

bgpd/bgp_open.c

-		if (cmd_domainname_get()) {
-			len = strlen(cmd_domainname_get());
+	/* FQDN capability */
+	if (CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_FQDN))


Can we combine cmd_hostname_get() and CHECK_FLAG()? This keeps the same nesting level.

taken into account

ton31337 · 2024-01-24T20:53:14Z

bgpd/bgp_vty.c

+/* neighbor capability fqdn */
+DEFPY (neighbor_capability_fqdn,
+       neighbor_capability_fqdn_cmd,
+       "[no$no]neighbor <A.B.C.D|X:X::X:X|WORD>$neighbor capability fqdn",


missing whitespace after no.

taken into account

ton31337 · 2024-01-24T20:53:32Z

bgpd/bgp_vty.c

@@ -18189,6 +18207,12 @@ static void bgp_config_write_peer_global(struct vty *vty, struct bgp *bgp,
 	if (peergroup_flag_check(peer, PEER_FLAG_DONT_CAPABILITY))
 		vty_out(vty, " neighbor %s dont-capability-negotiate\n", addr);

+	/* capability fqdn*/


/* capability fqdn */

taken into account

bgpd/bgp_vty.c

ton31337 · 2024-01-24T20:55:49Z

bgpd/bgp_vty.c

@@ -20525,6 +20549,9 @@ void bgp_vty_init(void)
 	install_element(BGP_NODE, &neighbor_dont_capability_negotiate_cmd);
 	install_element(BGP_NODE, &no_neighbor_dont_capability_negotiate_cmd);

+	/* "neighbor capability fqdn" command.*/


/* "neighbor capability fqdn" command. */

taken into account

ton31337 · 2024-01-24T20:59:16Z

doc/user/bgp.rst

+   use of peer's name and domain name.
+
+   This capability is activated by default. The ''no neighbor PEER capability
+   fqdn'' avoid negotiation of that capability. This is usefull for peer that


This is useful for peers who are not supporting this capability or supporting BGP Capabilities Negotiation RFC 2842.

taken into account

doc/user/bgp.rst

ton31337 · 2024-01-24T21:00:58Z

bgpd/bgp_vty.c

@@ -18189,6 +18207,12 @@ static void bgp_config_write_peer_global(struct vty *vty, struct bgp *bgp,
 	if (peergroup_flag_check(peer, PEER_FLAG_DONT_CAPABILITY))
 		vty_out(vty, " neighbor %s dont-capability-negotiate\n", addr);

+	/* capability fqdn*/
+	if (!peergroup_flag_check(peer, PEER_FLAG_CAPABILITY_FQDN))


Does this flag work with peer groups? I think we need to add that to peer_group2peer_config_copy().

yes it works, unitary tests are ok

ton31337 · 2024-01-24T21:03:46Z

tests/topotests/bgp_dont_capability_negotiate/test_bgp_dont_capability_negotiate.py

@@ -150,6 +151,47 @@ def _bgp_check_fqdn(fqdn=None):
    _, result = topotest.run_and_expect(test_func, None, count=60, wait=0.5)
    assert result is None, "FQDN capability disabled, but we still have a hostname"

+    step("re enable sending any capability from r2")


nit: Re-enable

taken into account

tests/topotests/bgp_dont_capability_negotiate/test_bgp_dont_capability_negotiate.py

bgpd/bgp_open.c

bgpd/bgp_vty.c

doc/user/bgp.rst

tests/bgpd/test_peer_attr.c

ton31337 · 2024-01-29T08:12:46Z

@fdumontet6WIND not everything is addressed yet, please look at the comments again.

bgpd/bgpd.c

ton31337 · 2024-02-01T07:29:10Z

@fdumontet6WIND could you fix all the pending comments before merging?

fdumontet6WIND · 2024-02-02T08:53:25Z

ci:rerun

bgpd/bgp_vty.c

bgpd/bgpd.c

cisco routers are not dealing fairly whith unsupported capabilities. When a cisco router receive an unsupported capabilities it reset the negociation without notifying the unmatching capability as described in RFC2842. Cisco suggest the use of neighbor x.x.x.x capability fqdn to avoid the use of fqdn in open message. this new command is to remove the use of fqdn capability in the open message with the peer "x.x.x.x". Link: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/116189-problemsolution-technology-00.pdf Signed-off-by: Francois Dumontet <[email protected]>

add some steps for testing of add [no]neighbor capability fqdn command support. Signed-off-by: Francois Dumontet <[email protected]>

improve bgp doc Signed-off-by: Francois Dumontet <[email protected]>

frrbot bot added bgp documentation tests Topotests, make check, etc labels Jan 22, 2024

github-actions bot added master size/L labels Jan 22, 2024

fdumontet6WIND force-pushed the capa_nego branch from 6220fc6 to 52c277e Compare January 22, 2024 14:10

ton31337 requested changes Jan 22, 2024

View reviewed changes

fdumontet6WIND requested a review from ton31337 January 22, 2024 14:52

fdumontet6WIND force-pushed the capa_nego branch from 52c277e to f7084f7 Compare January 22, 2024 20:28

github-actions bot added the rebase PR needs rebase label Jan 22, 2024

ton31337 added this to the 10.0 milestone Jan 23, 2024

pguibert6WIND mentioned this pull request Jan 23, 2024

bgpd: add 'default hostname-capability' #15129

Closed

fdumontet6WIND force-pushed the capa_nego branch from f7084f7 to d42f8ad Compare January 23, 2024 20:44

fdumontet6WIND force-pushed the capa_nego branch from d42f8ad to 429263d Compare January 24, 2024 09:31

ton31337 requested changes Jan 24, 2024

View reviewed changes

fdumontet6WIND force-pushed the capa_nego branch from 429263d to 8d64bc9 Compare January 26, 2024 12:21

ton31337 requested changes Jan 26, 2024

View reviewed changes

bgpd/bgp_open.c Outdated Show resolved Hide resolved

bgpd/bgp_open.c Outdated Show resolved Hide resolved

bgpd/bgp_vty.c Outdated Show resolved Hide resolved

doc/user/bgp.rst Outdated Show resolved Hide resolved

tests/bgpd/test_peer_attr.c Outdated Show resolved Hide resolved

fdumontet6WIND force-pushed the capa_nego branch 2 times, most recently from 7efdf5d to 7570b36 Compare January 26, 2024 22:17

fdumontet6WIND force-pushed the capa_nego branch from 7570b36 to d18957a Compare January 26, 2024 22:52

Jafaral changed the title ~~Capa nego~~ bgpd: add [no]neighbor dont-capability-negotiate hostname command Jan 29, 2024

ton31337 reviewed Jan 30, 2024

View reviewed changes

bgpd/bgpd.c Show resolved Hide resolved

riw777 self-requested a review January 30, 2024 15:21

fdumontet6WIND changed the title ~~bgpd: add [no]neighbor dont-capability-negotiate hostname command~~ bgpd: add [no]neighbor capability FQDN Jan 31, 2024

fdumontet6WIND changed the title ~~bgpd: add [no]neighbor capability FQDN~~ bgpd: add [no]neighbor capability fqdn Jan 31, 2024

fdumontet6WIND force-pushed the capa_nego branch from d18957a to 5277fd7 Compare February 1, 2024 16:55