-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
path selection in bgp is not updated accordingly to rpki updates #16474
Comments
Would you be able to test this patch #16483? |
Hi Donatas,
sorry for the late reply, they've been some busy days.
I'm currently trying to test the patch you provided. I'm trying to build the patch in order to use in on a docker image for Kathara, bur I'm having trouble adding the rtrlib.
In particular, I added the option `-enable-rpki` after the command "./configure" before building it, but it show the error message
" 16.79 configure: error: rtrlib was not found on your system or is too old. "
What should I do? Should I download the source code for rtrlib and put it somewhere? I can't understand it by looking at the error and at the documentation
Thanks,
Samuele
…________________________________
Da: Donatas Abraitis ***@***.***>
Inviato: sabato 27 luglio 2024 16:14
A: FRRouting/frr ***@***.***>
Cc: Samuele Quinzi ***@***.***>; Author ***@***.***>
Oggetto: Re: [FRRouting/frr] path selection in bgp is not updated accordingly to rpki updates (Issue #16474)
Would you be able to test this patch #16483<#16483>?
—
Reply to this email directly, view it on GitHub<#16474 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANZG3AKBU2Z77D3CXHXGONDZOOTLVAVCNFSM6AAAAABLOVRFBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJUGE3DAOJRGQ>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
You can get the rpm/deb from here https://ci1.netdef.org/browse/FRR-PULLREQ3-4323/artifact. |
When trying to install from the .deb file i get an error due to dependency version mismatch:
the built version of frr is 9.0.1 but the package require version 10.2. The output is the following:
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
E: Unable to locate package frr-rpki-rtrlib.deb
E: Couldn't find any package by glob 'frr-rpki-rtrlib.deb'
***@***.***:/# apt install /frr-rpki-rtrlib.deb
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
You might want to run 'apt --fix-broken install' to correct these.
The following packages have unmet dependencies:
frr-rpki-rtrlib : Depends: frr (= 10.2-dev-PR16483-gb1d2d52-20240727.135427-1~deb12u1) but it is not installed
Depends: librtr0 but it is not installed
E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution).
I'm sorry for the problems, but it is the first time I'm trying to build someone library from source
…________________________________
Da: Donatas Abraitis ***@***.***>
Inviato: martedì 30 luglio 2024 14:02
A: FRRouting/frr ***@***.***>
Cc: Samuele Quinzi ***@***.***>; Author ***@***.***>
Oggetto: Re: [FRRouting/frr] path selection in bgp is not updated accordingly to rpki updates (Issue #16474)
You can get the rpm/deb from here https://ci1.netdef.org/browse/FRR-PULLREQ3-4323/artifact.
—
Reply to this email directly, view it on GitHub<#16474 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANZG3AK7MXELRLWENZOMCUDZO56E3AVCNFSM6AAAAABLOVRFBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJYGE4DENBVGI>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Take librtr from here: https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-149. |
I downloaded the package .deb file at https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-149/Debian-11-x86_64-Packages/librtr-dev_0.8.0_amd64.deb but I get the same version error.
…________________________________
Da: Donatas Abraitis ***@***.***>
Inviato: martedì 30 luglio 2024 14:50
A: FRRouting/frr ***@***.***>
Cc: Samuele Quinzi ***@***.***>; Author ***@***.***>
Oggetto: Re: [FRRouting/frr] path selection in bgp is not updated accordingly to rpki updates (Issue #16474)
Take librtr from here: https://ci1.netdef.org/artifact/RPKI-RTRLIB/shared/build-149.
—
Reply to this email directly, view it on GitHub<#16474 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANZG3APQY6PAXNUMNOPBPLLZO6D27AVCNFSM6AAAAABLOVRFBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJYGI3TKMZWHE>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
You don't need to compile. Just download librtr, install it, and then download the deb from https://ci1.netdef.org/browse/FRR-PULLREQ3-4323/artifact. |
I'm not compiling librtr, I'm compiling only the patched version of frr.
Or am I missing something and don't need to compile it neither?
…________________________________
From: Donatas Abraitis ***@***.***>
Sent: Tuesday, July 30, 2024 4:32:00 PM
To: FRRouting/frr ***@***.***>
Cc: Samuele Quinzi ***@***.***>; Author ***@***.***>
Subject: Re: [FRRouting/frr] path selection in bgp is not updated accordingly to rpki updates (Issue #16474)
You don't need to compile. Just download librtr, install it, and then download the deb from https://ci1.netdef.org/browse/FRR-PULLREQ3-4323/artifact.
—
Reply to this email directly, view it on GitHub<#16474 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANZG3ANY4DHYSKF2USCEKX3ZO6PWBAVCNFSM6AAAAABLOVRFBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJYGUYDEOBUHE>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
You don't need to compile anything. Just install those two debs :) |
Ahh, I see.
Then, I downloaded and tried to install frr with the file https://ci1.netdef.org/artifact/FRR-PULLREQ3/shared/build-4323/Debian-12-(Bookworm)-x86_64-Packages/frr_10.2-dev-PR16483-gb1d2d52-20240727.135427-1%7Edeb12u1_amd64.deb<https://ci1.netdef.org/artifact/FRR-PULLREQ3/shared/build-4323/Debian-12-(Bookworm)-x86_64-Packages/frr_10.2-dev-PR16483-gb1d2d52-20240727.135427-1~deb12u1_amd64.deb>
Anyway, the problems are not finished 😭😭
I'm installing it using command "apt install ./filename.deb"
It show a dependency not found error:
The following packages have unmet dependencies:
frr:i386 : Depends: lsof:i386 but it is not installable
Depends: libc-ares2:i386 (>= 1.7.0) but it is not installable
Depends: libc6:i386 (>= 2.34) but it is not installable
Depends: libcap2:i386 (>= 1:2.10) but it is not installable
Depends: libcrypt1:i386 (>= 1:4.1.0) but it is not installable
Depends: libjson-c5:i386 (>= 0.15) but it is not installable
Depends: liblua5.3-0:i386 but it is not installable
Depends: libpam0g:i386 (>= 0.99.7.1) but it is not installable
Depends: libprotobuf-c1:i386 (>= 1.0.1) but it is not installable
Depends: libreadline8:i386 (>= 7.0~rc1) but it is not installable
Depends: libyang2:i386 (>= 2.1.128~) but it is not installable
However, all this packages are correctly installed on my system (which is a Debian 12 docker container). In fact, trying to manually install them I get the output:
***@***.***:/# apt install lsof libc-ares2 libc6 libcap2 libcrypt1 libjson-c5 liblua5.3-0 libpam0g libprotobuf-c1 libreadline8 libyang2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
lsof is already the newest version (4.95.0-1).
libc-ares2 is already the newest version (1.18.1-3).
libc6 is already the newest version (2.36-9+deb12u7).
libcap2 is already the newest version (1:2.66-4).
libcrypt1 is already the newest version (1:4.4.33-2).
libjson-c5 is already the newest version (0.16-2).
liblua5.3-0 is already the newest version (5.3.6-2).
libpam0g is already the newest version (1.5.2-6+deb12u1).
libprotobuf-c1 is already the newest version (1.4.1-1+b1).
libreadline8 is already the newest version (8.2-1.3).
libyang2 is already the newest version (2.1.30-2).
Any idea why? 🙈🙈
…________________________________
Da: Donatas Abraitis ***@***.***>
Inviato: martedì 30 luglio 2024 17:08
A: FRRouting/frr ***@***.***>
Cc: Samuele Quinzi ***@***.***>; Author ***@***.***>
Oggetto: Re: [FRRouting/frr] path selection in bgp is not updated accordingly to rpki updates (Issue #16474)
You don't need to compile anything. Just install those two debs :)
—
Reply to this email directly, view it on GitHub<#16474 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANZG3AN26YBRTCPLSUDQVITZO6T7XAVCNFSM6AAAAABLOVRFBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJYGU4DKMZZGY>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Rectification.
I downloaded the wrong file for my platform.
Downloading the correct file it reduce the dependency error to just "libyang2" package:
frr : Depends: libyang2 (>= 2.1.128~) but it is not going to be installed
However, using apt, it install libyang2 version 2.1.30-2 saying it is the newest version.
…________________________________
Da: Samuele Quinzi ***@***.***>
Inviato: martedì 30 luglio 2024 17:48
A: FRRouting/frr ***@***.***>
Oggetto: R: [FRRouting/frr] path selection in bgp is not updated accordingly to rpki updates (Issue #16474)
Ahh, I see.
Then, I downloaded and tried to install frr with the file https://ci1.netdef.org/artifact/FRR-PULLREQ3/shared/build-4323/Debian-12-(Bookworm)-x86_64-Packages/frr_10.2-dev-PR16483-gb1d2d52-20240727.135427-1%7Edeb12u1_amd64.deb<https://ci1.netdef.org/artifact/FRR-PULLREQ3/shared/build-4323/Debian-12-(Bookworm)-x86_64-Packages/frr_10.2-dev-PR16483-gb1d2d52-20240727.135427-1~deb12u1_amd64.deb>
Anyway, the problems are not finished 😭😭
I'm installing it using command "apt install ./filename.deb"
It show a dependency not found error:
The following packages have unmet dependencies:
frr:i386 : Depends: lsof:i386 but it is not installable
Depends: libc-ares2:i386 (>= 1.7.0) but it is not installable
Depends: libc6:i386 (>= 2.34) but it is not installable
Depends: libcap2:i386 (>= 1:2.10) but it is not installable
Depends: libcrypt1:i386 (>= 1:4.1.0) but it is not installable
Depends: libjson-c5:i386 (>= 0.15) but it is not installable
Depends: liblua5.3-0:i386 but it is not installable
Depends: libpam0g:i386 (>= 0.99.7.1) but it is not installable
Depends: libprotobuf-c1:i386 (>= 1.0.1) but it is not installable
Depends: libreadline8:i386 (>= 7.0~rc1) but it is not installable
Depends: libyang2:i386 (>= 2.1.128~) but it is not installable
However, all this packages are correctly installed on my system (which is a Debian 12 docker container). In fact, trying to manually install them I get the output:
***@***.***:/# apt install lsof libc-ares2 libc6 libcap2 libcrypt1 libjson-c5 liblua5.3-0 libpam0g libprotobuf-c1 libreadline8 libyang2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
lsof is already the newest version (4.95.0-1).
libc-ares2 is already the newest version (1.18.1-3).
libc6 is already the newest version (2.36-9+deb12u7).
libcap2 is already the newest version (1:2.66-4).
libcrypt1 is already the newest version (1:4.4.33-2).
libjson-c5 is already the newest version (0.16-2).
liblua5.3-0 is already the newest version (5.3.6-2).
libpam0g is already the newest version (1.5.2-6+deb12u1).
libprotobuf-c1 is already the newest version (1.4.1-1+b1).
libreadline8 is already the newest version (8.2-1.3).
libyang2 is already the newest version (2.1.30-2).
Any idea why? 🙈🙈
________________________________
Da: Donatas Abraitis ***@***.***>
Inviato: martedì 30 luglio 2024 17:08
A: FRRouting/frr ***@***.***>
Cc: Samuele Quinzi ***@***.***>; Author ***@***.***>
Oggetto: Re: [FRRouting/frr] path selection in bgp is not updated accordingly to rpki updates (Issue #16474)
You don't need to compile anything. Just install those two debs :)
—
Reply to this email directly, view it on GitHub<#16474 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANZG3AN26YBRTCPLSUDQVITZO6T7XAVCNFSM6AAAAABLOVRFBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJYGU4DKMZZGY>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
I managed to find an installation of libyang2 with the correct version.
It seems I've installed all correctly 🎊🎊
I will add it to my Kathara lab and test if it fixes the initial bug. I'll keep you update
…________________________________
Da: Samuele Quinzi ***@***.***>
Inviato: martedì 30 luglio 2024 18:05
A: FRRouting/frr ***@***.***>
Oggetto: R: [FRRouting/frr] path selection in bgp is not updated accordingly to rpki updates (Issue #16474)
Rectification.
I downloaded the wrong file for my platform.
Downloading the correct file it reduce the dependency error to just "libyang2" package:
frr : Depends: libyang2 (>= 2.1.128~) but it is not going to be installed
However, using apt, it install libyang2 version 2.1.30-2 saying it is the newest version.
________________________________
Da: Samuele Quinzi ***@***.***>
Inviato: martedì 30 luglio 2024 17:48
A: FRRouting/frr ***@***.***>
Oggetto: R: [FRRouting/frr] path selection in bgp is not updated accordingly to rpki updates (Issue #16474)
Ahh, I see.
Then, I downloaded and tried to install frr with the file https://ci1.netdef.org/artifact/FRR-PULLREQ3/shared/build-4323/Debian-12-(Bookworm)-x86_64-Packages/frr_10.2-dev-PR16483-gb1d2d52-20240727.135427-1%7Edeb12u1_amd64.deb<https://ci1.netdef.org/artifact/FRR-PULLREQ3/shared/build-4323/Debian-12-(Bookworm)-x86_64-Packages/frr_10.2-dev-PR16483-gb1d2d52-20240727.135427-1~deb12u1_amd64.deb>
Anyway, the problems are not finished 😭😭
I'm installing it using command "apt install ./filename.deb"
It show a dependency not found error:
The following packages have unmet dependencies:
frr:i386 : Depends: lsof:i386 but it is not installable
Depends: libc-ares2:i386 (>= 1.7.0) but it is not installable
Depends: libc6:i386 (>= 2.34) but it is not installable
Depends: libcap2:i386 (>= 1:2.10) but it is not installable
Depends: libcrypt1:i386 (>= 1:4.1.0) but it is not installable
Depends: libjson-c5:i386 (>= 0.15) but it is not installable
Depends: liblua5.3-0:i386 but it is not installable
Depends: libpam0g:i386 (>= 0.99.7.1) but it is not installable
Depends: libprotobuf-c1:i386 (>= 1.0.1) but it is not installable
Depends: libreadline8:i386 (>= 7.0~rc1) but it is not installable
Depends: libyang2:i386 (>= 2.1.128~) but it is not installable
However, all this packages are correctly installed on my system (which is a Debian 12 docker container). In fact, trying to manually install them I get the output:
***@***.***:/# apt install lsof libc-ares2 libc6 libcap2 libcrypt1 libjson-c5 liblua5.3-0 libpam0g libprotobuf-c1 libreadline8 libyang2
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
lsof is already the newest version (4.95.0-1).
libc-ares2 is already the newest version (1.18.1-3).
libc6 is already the newest version (2.36-9+deb12u7).
libcap2 is already the newest version (1:2.66-4).
libcrypt1 is already the newest version (1:4.4.33-2).
libjson-c5 is already the newest version (0.16-2).
liblua5.3-0 is already the newest version (5.3.6-2).
libpam0g is already the newest version (1.5.2-6+deb12u1).
libprotobuf-c1 is already the newest version (1.4.1-1+b1).
libreadline8 is already the newest version (8.2-1.3).
libyang2 is already the newest version (2.1.30-2).
Any idea why? 🙈🙈
________________________________
Da: Donatas Abraitis ***@***.***>
Inviato: martedì 30 luglio 2024 17:08
A: FRRouting/frr ***@***.***>
Cc: Samuele Quinzi ***@***.***>; Author ***@***.***>
Oggetto: Re: [FRRouting/frr] path selection in bgp is not updated accordingly to rpki updates (Issue #16474)
You don't need to compile anything. Just install those two debs :)
—
Reply to this email directly, view it on GitHub<#16474 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANZG3AN26YBRTCPLSUDQVITZO6T7XAVCNFSM6AAAAABLOVRFBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJYGU4DKMZZGY>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Also, adjust the timer for revalidation to see the adj-rib-in faster, e.g.:
|
Problem fixed!!
Thank you very much for your support!
…________________________________
Da: Donatas Abraitis ***@***.***>
Inviato: martedì 30 luglio 2024 18:37
A: FRRouting/frr ***@***.***>
Cc: Samuele Quinzi ***@***.***>; Author ***@***.***>
Oggetto: Re: [FRRouting/frr] path selection in bgp is not updated accordingly to rpki updates (Issue #16474)
Also, adjust the timer for revalidation to see the adj-rib-in faster, e.g.:
rpki
rpki revalidate_interval 5
—
Reply to this email directly, view it on GitHub<#16474 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANZG3AOVHVXC3DR5GKPB24DZO66LHAVCNFSM6AAAAABLOVRFBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJYG43DKOBWGA>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Dear Donatas,
Sorry for not having given you any news. I was totally absorbed by holidays first and some personal problems after.
I managed to install the frr version in my lab and test it.
It worked perfectly and solved the problem, so thank you for your precious support!
It would also ask you if this version of frr will be made publicly available and, if so, do you know when?
Again thank you very much.
Best regards,
Samuele
…________________________________
Da: Donatas Abraitis ***@***.***>
Inviato: martedì 30 luglio 2024 18:37
A: FRRouting/frr ***@***.***>
Cc: Samuele Quinzi ***@***.***>; Author ***@***.***>
Oggetto: Re: [FRRouting/frr] path selection in bgp is not updated accordingly to rpki updates (Issue #16474)
Also, adjust the timer for revalidation to see the adj-rib-in faster, e.g.:
rpki
rpki revalidate_interval 5
—
Reply to this email directly, view it on GitHub<#16474 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ANZG3AOVHVXC3DR5GKPB24DZO66LHAVCNFSM6AAAAABLOVRFBKVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDENJYG43DKOBWGA>.
You are receiving this because you authored the thread.Message ID: ***@***.***>
|
The PR #16483 is still open. |
Description
Hello,
I want that updates by the RPKI cache servers are applied to the adj-rib-in stored data and that stored announcements which become valid from an invalid state are considered in the best path selection process and inserted into the RIB.
In the documentation, I found the line: "Updates from the RPKI cache servers are directly applied and path selection is updated accordingly. (Soft reconfiguration must be enabled for this to work)" in the section "Feature of the Current Implementation".
However, when a new certificate makes an announcement valid (from invalid state) the adj-rib-in is correctly processed but the route is not installed in the RIB unless the peering is manually cleared with "clear bgp neighbor x.x.x.x soft in".
Am I missing something? Or have I incorrectly interpreted the meaning of the above sentence?
Version
How to reproduce
The configuration of router2 is the following. The rpki cache is located on the router itself, which runs "routinator".
remove the certificate "x.x.x.x/y => A". The route announced by router1 is now invalid
verify that router2 removed the route from the RIB, and that in the adj-rib-in from router1 the value of the local pref is now absent
restore the certificate "x.x.x.x/y => A". The route is now valid again.
verify that for router2, the route stored in the adj-rib-in from router1 has been processed again (the local pref is now set to the value associated to valid routes)
verify that the route IS NOT present in the router2's RIB.
The following zip folder three-line-peering.zip contains a [Kathará] lab that can be used to replicate the issue in an emulated environment on docker containers. The docker images used by "router2" (kathara/routinator) and "krill" (kathara/krill) machines can be build from dockerfile.zip. Other images are available on docker hub.
Expected behavior
Actual behavior
Additional context
No response
Checklist
The text was updated successfully, but these errors were encountered: