Page MenuHomePhabricator

Homer: manage transit BGP sessions
Closed, ResolvedPublic

Description

The current model is:

public/config/common.yaml
transit_providers:
  Name:  # [Unique]
   AS: 1234 # [Required] Peer AS number
   flowspec: true # [Optional] Adds flowspec address family
   import_policy: # true [Optional]  Generate the policy based on the peer ASN
   export_policy: # true [Optional]  Generate the policy based on the peer ASN
public/config/devices.yaml
transits:
  192.0.0.1:  # [Unique] (or v6) BGP peer IP
    provider: Name  # [Required] one of common.yaml transit_providers
    import_policy: true # [Optional] Generate the policy based on the peer ASN
    export_policy: true # [Optional] Generate the policy based on the peer ASN
    disabled: true # [Optional]
private/config/devices.yaml
bgp_keys:
  192.0.0.1: $9$abcdef123456789

Question: is it okay to make the data displayed above in public/ public?

I think that the answer is yes, as nothing here can't be figured out from traceroutes (IPs), files already public (import/export policies) and looking glass (disabled).
Only the flowspec flag couldn't. Which I don't think is a big deal.

Event Timeline

ayounsi triaged this task as Medium priority.Apr 14 2020, 8:09 AM
ayounsi created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 14 2020, 8:09 AM
ayounsi added a subscriber: CDanis.Apr 14 2020, 8:10 AM
faidon renamed this task from Homr: manage transit BGP sessions to Homer: manage transit BGP sessions.Apr 14 2020, 9:27 AM
faidon added a project: netops.

The structure looks good to me, we could optionally skip the duplicate import_policy and export_policy if we don't have cases of override, but it's fine.

ayounsi added a comment.EditedJun 4 2020, 7:29 AM

The changes/cleanup that will be applied with that CR:

everywhere
[edit protocols bgp group Transit4 family inet]
+       unicast;
-       any;

any includes unicast + multicast and we don't use multicast, our peers also only advertise the unicast NLRI. To be rolled out carefully and checked if it cause a session bounce.

remove esams transits specific policies, eg:

term classification {
    then {
        community add TRANSIT_ROUTE;
    }
}
term internal {
    from as-path AS38930;
    then {
        community add PEER_INTERNAL;
    }
}
then {
    local-preference 100;
}

Only configured for esams transits, community add TRANSIT_ROUTE is already done in BGP_transit_in.
community add PEER_INTERNAL is not used, and should be rolled everywhere if we decide someday we need it.
local-preference 100 is the default value.

Change 602290 had a related patch set uploaded (by Ayounsi; owner: Ayounsi):
[operations/homer/mock-private@master] Add mock data for BGP keys

https://gerrit.wikimedia.org/r/602290

Change 602290 merged by jenkins-bot:
[operations/homer/mock-private@master] Add mock data for BGP keys

https://gerrit.wikimedia.org/r/602290

Change 602119 had a related patch set uploaded (by Ayounsi; owner: Ayounsi):
[operations/homer/public@master] BGP: add transit links

https://gerrit.wikimedia.org/r/602119

Mentioned in SAL (#wikimedia-operations) [2020-06-08T07:39:17Z] <XioNoX> cr3-ulsfo protocols bgp group Transit4 family inet any -> unicast - T250136

Mentioned in SAL (#wikimedia-operations) [2020-06-08T07:42:38Z] <XioNoX> cr4-ulsfo protocols bgp group Transit4 family inet any -> unicast - T250136

Mentioned in SAL (#wikimedia-operations) [2020-06-08T07:46:43Z] <XioNoX> push T250136 to esams/knams - T250136

Mentioned in SAL (#wikimedia-operations) [2020-06-08T07:58:33Z] <XioNoX> push T250136 to eqord/eqdfw - T250136

Mentioned in SAL (#wikimedia-operations) [2020-06-08T08:02:15Z] <XioNoX> push T250136 to codfw - T250136

Mentioned in SAL (#wikimedia-operations) [2020-06-08T08:09:37Z] <XioNoX> push T250136 to eqiad - T250136

Mentioned in SAL (#wikimedia-operations) [2020-06-08T08:17:36Z] <XioNoX> push T250136 to eqsin - T250136

Change 602119 merged by Ayounsi:
[operations/homer/public@master] BGP: add transit links

https://gerrit.wikimedia.org/r/602119

Change 603363 had a related patch set uploaded (by Ayounsi; owner: Ayounsi):
[operations/homer/public@master] Remove unused or outdated esams AS-specific policy-statements

https://gerrit.wikimedia.org/r/603363

Change 603363 merged by jenkins-bot:
[operations/homer/public@master] Remove unused or outdated esams AS-specific policy-statements

https://gerrit.wikimedia.org/r/603363

ayounsi closed this task as Resolved.Wed, Jun 10, 5:07 PM

All done!