Homer: manage transit BGP sessions
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	ayounsi
	Apr 14 2020, 8:09 AM

Description

The current model is:

public/config/common.yaml

transit_providers:
  Name:  # [Unique]
   AS: 1234 # [Required] Peer AS number
   flowspec: true # [Optional] Adds flowspec address family
   import_policy: # true [Optional]  Generate the policy based on the peer ASN
   export_policy: # true [Optional]  Generate the policy based on the peer ASN

public/config/devices.yaml

transits:
  192.0.0.1:  # [Unique] (or v6) BGP peer IP
    provider: Name  # [Required] one of common.yaml transit_providers
    import_policy: true # [Optional] Generate the policy based on the peer ASN
    export_policy: true # [Optional] Generate the policy based on the peer ASN
    disabled: true # [Optional]

private/config/devices.yaml

bgp_keys:
  192.0.0.1: $9$abcdef123456789

Question: is it okay to make the data displayed above in public/ public?

I think that the answer is yes, as nothing here can't be figured out from traceroutes (IPs), files already public (import/export policies) and looking glass (disabled).
Only the flowspec flag couldn't. Which I don't think is a big deal.

Details

Project	Branch	Lines +/-	Subject
operations/homer/public	master	+0 -132	Remove unused or outdated esams AS-specific policy-statements
operations/homer/public	master	+200 -0	BGP: add transit links
operations/homer/mock-private	master	+10 -0	Add mock data for BGP keys

Customize query in gerrit

Related Objects

Mentioned In: rOHPU457137d97fc6: BGP: add transit links
rOHMP94ca664c558d: Add mock data for BGP keys

Event Timeline

ayounsi triaged this task as Medium priority.Apr 14 2020, 8:09 AM

ayounsi created this task.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 14 2020, 8:09 AM

ayounsi added a subscriber: CDanis.Apr 14 2020, 8:10 AM

faidon renamed this task from Homr: manage transit BGP sessions to Homer: manage transit BGP sessions.Apr 14 2020, 9:27 AM

faidon added a project: netops.

The structure looks good to me, we could optionally skip the duplicate import_policy and export_policy if we don't have cases of override, but it's fine.

LGTM

The changes/cleanup that will be applied with that CR:

everywhere

[edit protocols bgp group Transit4 family inet]
+       unicast;
-       any;

any includes unicast + multicast and we don't use multicast, our peers also only advertise the unicast NLRI. To be rolled out carefully and checked if it cause a session bounce.

remove esams transits specific policies, eg:

term classification {
    then {
        community add TRANSIT_ROUTE;
    }
}
term internal {
    from as-path AS38930;
    then {
        community add PEER_INTERNAL;
    }
}
then {
    local-preference 100;
}

Only configured for esams transits, community add TRANSIT_ROUTE is already done in BGP_transit_in.
community add PEER_INTERNAL is not used, and should be rolled everywhere if we decide someday we need it.
local-preference 100 is the default value.

Change 602290 had a related patch set uploaded (by Ayounsi; owner: Ayounsi):
[operations/homer/mock-private@master] Add mock data for BGP keys

https://gerrit.wikimedia.org/r/602290

gerritbot added a project: Patch-For-Review.Jun 4 2020, 8:43 AM

Change 602290 merged by jenkins-bot:
[operations/homer/mock-private@master] Add mock data for BGP keys

https://gerrit.wikimedia.org/r/602290

Maintenance_bot removed a project: Patch-For-Review.Jun 4 2020, 9:10 AM

ayounsi mentioned this in rOHMP94ca664c558d: Add mock data for BGP keys.Jun 4 2020, 9:51 AM

Change 602119 had a related patch set uploaded (by Ayounsi; owner: Ayounsi):
[operations/homer/public@master] BGP: add transit links

https://gerrit.wikimedia.org/r/602119

gerritbot added a project: Patch-For-Review.Jun 4 2020, 10:44 AM

Mentioned in SAL (#wikimedia-operations) [2020-06-08T07:39:17Z] <XioNoX> cr3-ulsfo protocols bgp group Transit4 family inet any -> unicast - T250136

Mentioned in SAL (#wikimedia-operations) [2020-06-08T07:42:38Z] <XioNoX> cr4-ulsfo protocols bgp group Transit4 family inet any -> unicast - T250136

Mentioned in SAL (#wikimedia-operations) [2020-06-08T07:46:43Z] <XioNoX> push T250136 to esams/knams - T250136

Mentioned in SAL (#wikimedia-operations) [2020-06-08T07:58:33Z] <XioNoX> push T250136 to eqord/eqdfw - T250136

Mentioned in SAL (#wikimedia-operations) [2020-06-08T08:02:15Z] <XioNoX> push T250136 to codfw - T250136

Mentioned in SAL (#wikimedia-operations) [2020-06-08T08:09:37Z] <XioNoX> push T250136 to eqiad - T250136

Mentioned in SAL (#wikimedia-operations) [2020-06-08T08:17:36Z] <XioNoX> push T250136 to eqsin - T250136

Change 602119 merged by Ayounsi:
[operations/homer/public@master] BGP: add transit links

https://gerrit.wikimedia.org/r/602119

Change 603363 had a related patch set uploaded (by Ayounsi; owner: Ayounsi):
[operations/homer/public@master] Remove unused or outdated esams AS-specific policy-statements

https://gerrit.wikimedia.org/r/603363

ayounsi mentioned this in rOHPU457137d97fc6: BGP: add transit links.Jun 8 2020, 8:33 AM

Change 603363 merged by jenkins-bot:
[operations/homer/public@master] Remove unused or outdated esams AS-specific policy-statements

https://gerrit.wikimedia.org/r/603363

Maintenance_bot removed a project: Patch-For-Review.Jun 8 2020, 9:10 AM

All done!

Homer: manage transit BGP sessionsClosed, ResolvedPublicActions

Description

Details

Related Objects

Event Timeline

Homer: manage transit BGP sessions
Closed, ResolvedPublic
Actions