Re: [Idr] BGP Flowspec rules precedence order (RFC 5575)
PVLR Pavana Murthy <pvlrpm@gmail.com> Thu, 15 February 2018 09:05 UTC
Return-Path: <pvlrpm@gmail.com>
X-Original-To: idr@ietfa.amsl.com
Delivered-To: idr@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 578F812D885 for <idr@ietfa.amsl.com>; Thu, 15 Feb 2018 01:05:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.996
X-Spam-Level:
X-Spam-Status: No, score=-1.996 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HK_RANDOM_ENVFROM=0.001, HTML_MESSAGE=0.001, NORMAL_HTTP_TO_IP=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Q6pcKyocBTtx for <idr@ietfa.amsl.com>; Thu, 15 Feb 2018 01:05:52 -0800 (PST)
Received: from mail-wr0-x229.google.com (mail-wr0-x229.google.com [IPv6:2a00:1450:400c:c0c::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AAF93126C19 for <idr@ietf.org>; Thu, 15 Feb 2018 01:05:51 -0800 (PST)
Received: by mail-wr0-x229.google.com with SMTP id w77so2549385wrc.6 for <idr@ietf.org>; Thu, 15 Feb 2018 01:05:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=FIt/D/6Rtkje8xnZ0HglOkiYW79G0rY+jM1gOj1oElU=; b=L9dQNLEuOvFHgV+Zg+kG8d1Bi2cRb9MPf9be0wE/7mJW8MtyCM2HKHMmSHpiD2ox8f /kGMbfVF0oBHfjK3ecKFG3VF0ZRGy0pMK0ZwgH86UoNxzJe1qZ9BHxE1y3YJosh+URxx 4nsaYiiaHOJdCpC8GIsqLOX29ttUjn4QNenD0v15TIXvpvvPgRfIuczo0rIjUFqFt5Ug AT474NB3thcMH7jVAfqIvysUDuagf1UqoaeT2vUVk4BHHFcnoWCqxqzD0ss2MUOhojzK YK/AeH6IQ7h8j/ObesVYhoUw/1ejHEpCOyF87+JALEQGizEIUnHKelX/q7hri3K7YCTb uheA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=FIt/D/6Rtkje8xnZ0HglOkiYW79G0rY+jM1gOj1oElU=; b=adQpGEHP41iXLm5tCiHIg9dohPTrBPyC6NCgx8MK32hL7Mjal0KYl4hVewSZcKccoO Q2Tcs91E2NwnsEjTjxnByuhwHqFml3V2hq4VsY9NGN5rZ/Xi73XWEGqVgV3NVI1r/lQc G1EC/v83r2Nt+POcx38nc1siUliDUELmvx1gSxGN6sxLPHISWMGNSw8hKSiNgnRBtlGR MlVLlo76Hm1xE8SlBEZu5vO9ozwrweUPuPYLoB75XQxYB8X8OALr70pCyof+GAkVQpQL uQhbTCpvBix8r3PpQq6c3rg/Zv8sYh6XBBwno9LSugDuvidKbhbGy5t+7un39tbphvkC zVPw==
X-Gm-Message-State: APf1xPDeF09StXtqfWJUAjGgCZp8eIjFAGNAW4Fa8NyD1SJOeI9ZzxqV KcZ3j/uAl2o9SaxrUNAUBvv8U/UPDshXAvTgUBQ=
X-Google-Smtp-Source: AH8x224AqhgyREB7xXwgnZhVcloL1gTz/14Zw1lUy5BzASFCu7gCraM2XFOYavdUJJXtdzHgCSdgfpcPJI6f8WkBCQQ=
X-Received: by 10.223.173.18 with SMTP id p18mr1869725wrc.29.1518685550006; Thu, 15 Feb 2018 01:05:50 -0800 (PST)
MIME-Version: 1.0
Received: by 10.223.195.200 with HTTP; Thu, 15 Feb 2018 01:05:49 -0800 (PST)
In-Reply-To: <9A8127C2-BADC-4E09-BE54-EBB5D07C994B@tix.at>
References: <CAN-MQG6xnsP28Xn3d7-PECkJrDSk-+QuKZawmAgJs6c-j536=w@mail.gmail.com> <372B554B-47F1-49AC-8D66-37A7ED69E57F@tix.at> <CAN-MQG59aTOKYVULVscfK_Mx3L8xcaXhny=1q4E5yi2+7rc2kQ@mail.gmail.com> <9A8127C2-BADC-4E09-BE54-EBB5D07C994B@tix.at>
From: PVLR Pavana Murthy <pvlrpm@gmail.com>
Date: Thu, 15 Feb 2018 14:35:49 +0530
Message-ID: <CAN-MQG6gyZnO0_hTLYp7g09fph7X3sX+jHDYHEn=6oephS4jQQ@mail.gmail.com>
To: Christoph Loibl <c@tix.at>
Cc: idr wg <idr@ietf.org>
Content-Type: multipart/alternative; boundary="f403045cf650bbd72405653c8886"
Archived-At: <https://mailarchive.ietf.org/arch/msg/idr/NYCw2s6Or4VNZ0EwIzXcXtCwwCQ>
Subject: Re: [Idr] BGP Flowspec rules precedence order (RFC 5575)
X-BeenThere: idr@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Inter-Domain Routing <idr.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/idr>, <mailto:idr-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/idr/>
List-Post: <mailto:idr@ietf.org>
List-Help: <mailto:idr-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/idr>, <mailto:idr-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Feb 2018 09:05:54 -0000
Hi Christoph, Thanks a lot for the detailed explanation. That answers my question completely :-). On Thu, Feb 15, 2018 at 1:07 PM, Christoph Loibl <c@tix.at> wrote: > Hi Pavana, > > You can rather easily test the behaviour when you feed your case into the > python function: > > def main(): > fs1 = FS_nlri(components=[ > FS_component(component_type=IP_DESTINATION, > value=ipaddress.ip_network('88.88.88.0/24')), > FS_component(component_type=4, value=bytearray([0x01, 0x46, 0x81, > 0x50])) > ]) > > fs2 = FS_nlri(components=[ > FS_component(component_type=IP_DESTINATION, > value=ipaddress.ip_network('88.88.88.0/24')), > FS_component(component_type=4, value=bytearray([0x03, 0x5a, 0xc5, > 0x6e])) > ]) > print(flow_rule_cmp(fs1, fs2)) > > What happens is (I refer to line numbers of the code in the github repo > https://github.com/stoffi92/flowspec-cmp/blob/master/flow_cmp.py : > > *) The IP components are compared and as you mentioned: no decision can be > made since the ip components are equal. (we reach line 74 for the equal ip > components and continue with the next iteration) > > *) The second component _types_ are equal but not IP (we end up in the > branch in line 80 since the components are type=4 and not 1 or 2) > > *) The length of the second components is compared and equal, so we > continue in line 82 > > ** See below: this is basically where the compare that you asked for > happens ** > > *) Now we come to the point where we compare the string of bytes one by > one. As long as they are equal. (this is basically what memcmp does - this > is not very explicit in the python code, since it is done by the <, > > operators for the bytearray implicitly) > > In your case what it does is, that it compares 0x01 to 0x03 and figures > out that 0x01 is the lower value so it takes the branch in line 84 and > returns with A_HAS_PRECEDENCE from line 85 (if both of your components > would start with 0x01 it would continue to the second byte and so on). > > Your first FS nlri has precedence because of the “lower” value. > > 01 *18 58 58 58* 04 *01 46 81 50 ----> Dst.Prefix: 88.88.88.0/24 >> <http://88.88.88.0/24> Port: 70 | 80* >> >> > Discamer: I assumed that you encoded the components themselfs correctly > (the 01 46 81 50 and 03 5a c5 6e) > > Does this answer your question? > > Christoph > > -- > Christoph Loibl > c@tix.at | CL8-RIPE | PGP-Key-ID: 0x4B2C0055 | http://www.nextlayer.at > > > > On 15.02.2018, at 05:08, PVLR Pavana Murthy <pvlrpm@gmail.com> wrote: > > Hi Christoph, > Even in the RFC5575bis, the following is given for comparing > non-prefix type components. > > else: > # assuming comp_a.value, comp_b.value of type bytearray > if len(comp_a.value) == len(comp_b.value): > if comp_a.value > comp_b.value: > return B_HAS_PRECEDENCE > if comp_a.value < comp_b.value: > return A_HAS_PRECEDENCE > # components equal -> continue with next component > else: > common = min(len(comp_a.value), len(comp_b.value)) > if comp_a.value[:common] > comp_b.value[:common]: > return B_HAS_PRECEDENCE > elif comp_a.value[:common] < comp_b.value[:common]: > return A_HAS_PRECEDENCE > # the first common bytes match > elif len(comp_a.value) > len(comp_b.value): > return A_HAS_PRECEDENCE > else: > return B_HAS_PRECEDENCE > > > *What is comp_a.value here ? Is it the binary sting of [op, value]/[op,bitmask] or only value/bitmask ?* > > > Thanks, > > Pavana. > > > On Thu, Feb 15, 2018 at 3:11 AM, Christoph Loibl <c@tix.at> wrote: > >> Hi Pavana, >> >> Did you have a look into the actual code (thanks to Job’s comment) that >> is contained in the RFC5575bis draft which should be identical from the >> behaviour: >> >> https://tools.ietf.org/html/draft-ietf-idr-rfc5575bis-06 >> >> Christoph >> >> -- >> Christoph Loibl >> c@tix.at | CL8-RIPE | PGP-Key-ID: 0x4B2C0055 | http://www.nextlayer.at >> >> >> >> On 12.02.2018, at 12:03, PVLR Pavana Murthy <pvlrpm@gmail.com> wrote: >> >> Hello, >> In the RFC 5575, the following is given for the comparing the Flowspec >> components of types other then prefix. >> >> } else { >> common = >> MIN(component_length(comp1), component_length(comp2)); >> cmp = memcmp(data(comp1), data(comp2), common); >> // not equal, lowest value has precedence >> // equal, longest string has precedence >> } >> >> >> Here, what does *data* refrer to ? >> >> Is it the binary form of 1) [op, value]> / [op, bitmask] or 2) Just >> [value] / [bitmask] >> >> eg: >> >> >> 1) 01 *18 58 58 58* 04 *01 46 81 50 ----> Dst.Prefix: 88.88.88.0/24 >> <http://88.88.88.0/24> Port: 70 | 80* >> >> 2) 01* 18 58 58 58 *04* 03 5a c5 6e ----> Dst.Prefix: >> 88.88.88.0/24 <http://88.88.88.0/24> Port: >=90 & <= 110* >> >> *In the above FS rules, Dst. Prefix is same in both, so we need to >> compare the data of next type 4 (Port). * >> *So do we need to do memcmp of (01 46 81 50) and (03 5a c5 6e) ?* >> >> Thanks, >> Pavana*.* >> >> >> >> _______________________________________________ >> Idr mailing list >> Idr@ietf.org >> https://www.ietf.org/mailman/listinfo/idr >> >> >> > >
- [Idr] BGP Flowspec rules precedence order (RFC 55… PVLR Pavana Murthy
- Re: [Idr] BGP Flowspec rules precedence order (RF… Christoph Loibl
- Re: [Idr] BGP Flowspec rules precedence order (RF… PVLR Pavana Murthy
- Re: [Idr] BGP Flowspec rules precedence order (RF… Christoph Loibl
- Re: [Idr] BGP Flowspec rules precedence order (RF… PVLR Pavana Murthy