BGP strict bind socket error

Alexander Zubkov green at qrator.net
Tue Dec 28 18:34:28 CET 2021


Hi,

I want to bring this question up again. In our company we use it in
production with patches, but I think it would be useful in upstream
version too.
Short version of the story: bird can try to bind socket when
IP-address is absent in the system, it will result in a error and the
protocol will remain in down state after that. Suggested change is to
allow it to bind non-local addresses.
First, lets start with just the flag in the socket interface. I
adapted the patch, now system-dependend code is in a separate function
sk_set_freebind(), which is defined in sysdep/X/sysio.h, as it was
suggested.
If this variant is OK, than the next step is to choose wether it would
be some configuration option or maybe a compile-time flag.

On Thu, Jan 23, 2020 at 11:05 PM Alexander Zubkov <green at qrator.net> wrote:
>
> On Thu, Jan 23, 2020 at 5:21 PM Ondrej Zajicek <santiago at crfreenet.org> wrote:
> >
> > On Wed, Jan 15, 2020 at 01:57:19AM +0100, Alexander Zubkov wrote:
> > > Hi,
> > >
> > > Check the attached patches. The first adds option to sockets to use
> > > nonlocal bind (IP_FREEBIND in Linux) and the second adds bgp option to
> > > use such sockets ("nonlocal bind yes|no"). Some additional thoughts:
> > > - probably the option could be implemented for any protocol, not only for bgp
> > > ...
> > > - it can be also considered to enable nonlocal bind for all bgp
> > > unconditionally, at least I see no obvious problems yet
> >
> > Hi
> >
> > Is there a reason for such option? Is there a downside of using it always?
>
> If I remember right, when address is not available during bind, in
> strict bind mode bird logs en error and puts protocol down. It is
> inconvenient when one uses VRRP, for example, with migrating address.
> Or there could be some problems during applying some configuration
> changes to the interfaces in the system. We use this socket option
> with VRRP and also we have interfaces without ip addresses configured
> yet for some reason.
> I do not know if using it always-on is a good idea or not. We made it
> always-on in our setup and are just happy with it. But I'm not sure if
> it does not break something somewhere. It will make at least bird's
> behaviour different on different systems with the same config and that
> may be confusing. On the other hand, the extra option to put in config
> may be unreasonable payment.
> I also not tested how it will behave if ip address migrates from one
> interface to the other in the system. If it ties to the interfaces
> somehow and because of this option does not mention the change, that
> could be a problem.
>
> >
> > One minor nitpick is that sysdep/unix/io.c should not use non-portable
> > syscalls/sockopts directly, they should be defined as functions in
> > sysdep/X/sysio.h (with implementations for Linux and BSD) and such
> > function called from sysdep/unix/io.c code.
>
> Probably you are right, it might be somewhere there if it would end
> into the vanilla bird.
>
> >
> > --
> > Elen sila lumenn' omentielvo
> >
> > Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
> > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
> > "To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: bird-io-freebind.patch
Type: text/x-patch
Size: 2451 bytes
Desc: not available
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20211228/5255c559/attachment.bin>


More information about the Bird-users mailing list