IETF Logo Mail Archive

[babel] Babel filtering: routing policies

Juliusz Chroboczek <jch@irif.fr> Wed, 24 July 2019 21:37 UTC

Return-Path: <jch@irif.fr>
X-Original-To: babel@ietfa.amsl.com
Delivered-To: babel@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CF537120159 for <babel@ietfa.amsl.com>; Wed, 24 Jul 2019 14:37:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id l28KZoGHMszF for <babel@ietfa.amsl.com>; Wed, 24 Jul 2019 14:37:29 -0700 (PDT)
Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4A3FB1202EC for <babel@ietf.org>; Wed, 24 Jul 2019 14:37:28 -0700 (PDT)
Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id x6OLapEj020808 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Wed, 24 Jul 2019 23:36:51 +0200
Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id x6OLapan021996; Wed, 24 Jul 2019 23:36:52 +0200
Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 58D68377FF; Wed, 24 Jul 2019 23:36:54 +0200 (CEST)
X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr
Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id Y-nCEvBWCwjW; Wed, 24 Jul 2019 23:36:53 +0200 (CEST)
Received: from pirx.irif.fr (82-64-141-196.subs.proxad.net [82.64.141.196]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 2773D377FD; Wed, 24 Jul 2019 23:36:53 +0200 (CEST)
Date: Wed, 24 Jul 2019 23:36:54 +0200
Message-ID: <87lfwn5d3d.wl-jch@irif.fr>
From: Juliusz Chroboczek <jch@irif.fr>
To: babel@ietf.org
CC: Mahesh Jethanandani <mjethanandani@gmail.com>, Barbara Stark <bs7652@att.com>
User-Agent: Wanderlust/2.15.9
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset="US-ASCII"
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Wed, 24 Jul 2019 23:36:51 +0200 (CEST)
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Wed, 24 Jul 2019 23:36:52 +0200 (CEST)
X-Miltered: at korolev with ID 5D38CF73.002 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-Miltered: at potemkin with ID 5D38CF73.004 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)!
X-j-chkmail-Enveloppe: 5D38CF73.002 from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/<jch@irif.fr>
X-j-chkmail-Enveloppe: 5D38CF73.004 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/<jch@irif.fr>
X-j-chkmail-Score: MSGID : 5D38CF73.002 on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Score: MSGID : 5D38CF73.004 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000
X-j-chkmail-Status: Ham
X-j-chkmail-Status: Ham
Archived-At: <https://mailarchive.ietf.org/arch/msg/babel/1CBHzmosImP5baQBDbxflfRhJu8>
Subject: [babel] Babel filtering: routing policies
X-BeenThere: babel@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "A list for discussion of the Babel Routing Protocol." <babel.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/babel>, <mailto:babel-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/babel/>
List-Post: <mailto:babel@ietf.org>
List-Help: <mailto:babel-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/babel>, <mailto:babel-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Jul 2019 21:37:33 -0000

Dear Barbara, dear Mahesh,

All distance-vector routing protocols, including BGP and Babel,
intrinsically support flexible routing policies.  In the Babel community,
we consider the way of defining such policies as an implementation
feature, and they are not part of the protocol definition.

The following therefore applies to babeld, the "reference" implementation.

In babeld, we speak about filter chains.  A route goes through each filter
in a filter chain at four points in Babel:

  "in" chain, when the route is learnt from a neighbour;
  "install" chain, when the route is installed in the kernel;
  "redistribute" chain, when the route is learnt from the kernel;
  "out" chain, when the route is announced to a neighbour.

When a filter chain is applied, the individual filters in a chain are
checked, and the first filter that applies to the route is executed.
A filter can perfrom the following actions:

  "allow" -- pass the route unchanged, equivalent to "metric 0";
  "deny" -- drop the route;
  "metric nnn" -- add nnn to the metric value.

There exist other actions, more specialised -- see the manual page for
details.

Babeld implements a rich language for matching routes -- it can match on
next-hop address, on destination prefix, on destination prefix length, on
the router-id of the originating router, etc.  Again, see the manual page
for details.

Examples
========

## Default filters

    in allow

    out allow

    redistribute local allow
    redistribute deny

    install allow

These are the default chains if no filters are defined, and are suitable
for a mesh node with no attached prefixes.  They say that babeld is
promiscuous (it learns all routes and announces all routes), it only
redistributes local node addresses, and installs any routes that it learns
unchanged.

## Traditional router

  redistribute proto 2 allow
  redistribute deny

This overrides the default to not redistribute any local addresses, but to
redistribute any locally attached prefixes.  This is the default behaviour
or a traditional router.

## Traditional router with redistribution

  redistribute proto 2 allow
  redistribute proto 11 metric 32384
  redistribute deny

This says to additionally redistribute any routes learned from
Zebra/Quagga/FRR, but to attach them with a higher metric -- Babel routes
will thus be preferred to FRR routes.

## Stub router

  redistribute proto 2 allow
  redistribute deny
  
  out ip 192.168.42.0/24 allow
  out ip 2001:db8:4242::/48 allow
  out deny

This says to learn routes promiscuously, but to only reannounce routes in
the given prefixes.  This is typical of a stub router, that only announces
routes in the local prefixes.

## Default router

  out ip 0.0.0.0/0 le 0 allow
  out ip ::/0 le 0 allow
  out deny

This router only announces default routes.

## IPv6 border router

  in ip ::/0 allow
  in deny

  out if eth0 ip 2001:db8:4242::/48 le 48 allow
  out if eth0 deny

  out if eth1 ip 2001:db8:5757::/48 le 48 allow
  out if eth1 deny

This router sits at the interface between two networks, and only announces
a route summarising a whole network to the other network.  This reduces
the amount of traffic, at the cost of non-optimal routing.

## Ignoring bad routers

  in if eth0 nh fe80::1 deny
  in router-id 12:34:56:78:9a:bc deny
  in allow

This router ignores routes from a given next hop as well as routes
originated by a given router-id.  This can be used to temporarily
blackhole a mis-configured router, before it is fixed.

-- Juliusz

v2.23.0 | Report a Bug | By Email