picobgp

● non-compliant-bgp● routing advertising● tolopogy update● tiny and easy to use

for picobgp v0.2

CC-BY: Claudio Mignanti (2012)

picobgp - Take over of your vpn

picobgp was written to automatically setup routing inside a vpn, but can be used also in a generic net.

Suppose that you have some vpn peers, serverA and your laptop. Now serverA is also part of a local lan, say 10.0.8.0/24 and you want that your laptop can reach all the serverA-lan with minimus effort.

picobgp can help you!

192.168.6.1

192.168.6.2

10.0.8.9

vpn0: 192.168.6.1

vpn0:192.168.6.2

eth0: 10.0.8.9

vpn0: 192.168.6.1

vpn0:192.168.6.2

eth0: 10.0.8.9

# pbgp -i vpn0

# pbgp -i vpn0 -s 10.0.8.0/24

picobgp - command args

picobgp DOESN'T support configuration with files but only by cmdline args.

Supported args in v0.1 are: -i <interface> Specify the outgoing interface -s x.x.x.x/y Specify the subnet (option can be repeated for each subnet)

Supported args in v0.2 are:

-1 one-shot advertising (useful inside script) -c cascade annunce the subnet received. This option can lead to routing loop!KEEP your network in tree forms!!!

and don't forgot to...

.. enable routing on your servers

echo 1 | sudo tee /proc/sys/net/ipv4/ip_forward

A more complex example

eth1: 10.1.1.1 # pbgp -i eth1 -s 192.168.1.0/24

# pbgp -i eth0 -s 10.1.1.0/29eth0: 192.168.1.2

# pbgp -i eth0

# pbgp -i eth0 -s 10.1.1.9/29

NetbookB cannot access 10.1.1.9/29

On v0.1+ the -c option allow the propagation of subnets

eth1: 10.1.1.1 # pbgp -i eth1 -s 192.168.1.0/24

# pbgp -c -i eth0 -s 10.1.1.0/29eth0: 192.168.1.2

# pbgp -i eth0

# pbgp -i eth0 -s 10.1.1.9/29

ServerB announce also ServerA subnet

picobgp as daemon

Daemon mode un-supported for choice.

# ./pbgp -cs 1.1.1.0/24 & >/dev/null 2>&1

is what you are looking for...

Do you like to know why this choice?

picobgp inside scripts

We want to annouce a given subnet if a host inside the subnet reply to ping

#!/bin/bash

while 1; do ping -c 1 192.168.1.9 && pbgp -1s 192.168.1.0/24 sleep 5done

-1 option is one-shot and die mode (thanks Clauz for the idea)

Behind the scene

The bgpmsg struct is inizialized with the program args and than spammed on iface broadcast address every 3 seconds.

typedef struct sbgpmsg {struct in_addr addr;struct in_addr netmask;struct in_addr loc_addr;time_t l_update;

} bgpmsg;

In update_rt() function this structure is used to inizialize a struct rtentry and then passed to a ioctl that manipolate the kernel route table.ioctl (sd, SIOCADDRT, &rtentry);

If a subnet is not spammed for more that 10 secs the route entry is deleted.

what's next?!?!??!

KNOW ISSUE for v0.1:* msg are broadcast using 255.255.255.255 and is not using the effective broadcast address of the passed interface* DELRT show be bogus

TODO: ideas?

Use picobgp for redundant gateway

HostA has 10.0.1.9 inside it LAN 10.0.1.0/24 and the gws are 10.0.1.1 and 10.0.1.2

We want to setup the route