Global scenario¶
Built to group as many tests as possible in a single scenario.
AS1:
AS-SETs:
- AS-AS1 (AS1, 1.0.0.0/8, 128.0.0.0/7)
- AS-AS1_CUSTOMERS (AS101, AS103, 101.0.0.0/16, 103.0.0.0/16, AS104)
- white list: 11.1.0.0/16, ASN 1011
- white list routes: exact 11.3.0.0/16 AS1011, 11.4.0.0/16 or more spec w/o origin AS
Enabled to perform graceful BGP session shutdown.
clients:
AS1_1 (192.0.2.11, RTT 0.1 ms)
- next-hop-self configured in AS1_1.conf
- next_hop.policy: strict (inherited from general config)
Originated prefixes:
Prefix ID Prefix AS_PATH Expected result AS1_good1 1.0.1.0/24 pass AS1_good2 1.0.2.0/24 pass bogon1 10.0.0.0/24 fail prefix_is_bogon local1 192.0.2.0/24 fail prefix_is_in_global_blacklist pref_len1 128.0.0.0/7 fail prefix_len_is_valid peer_as1 128.0.0.0/8 [2, 1] fail bgp_path.first != peer_as invalid_asn1 128.0.0.0/9 [1, 65536 1] fail as_path_contains_invalid_asn aspath_len1 128.0.0.0/10 [1, 2x6] fail bgp_path.len > 6 AS1_whitel_1 11.1.1.0/24 [1, 1011] accepted, cause in white list AS1_whitel_2 11.1.2.0/24 [1, 1000] rejected, bad ASN even if prefix in white list AS1_whitel_3 11.2.1.0/24 [1, 1011] rejected, bad prefix even if ASN in white list AS1_whitel_4 11.3.0.0/16 [1, 1011] accepted because in white_list_route AS1_whitel_5 11.4.1.0/24 [1, 1000] accepted because in white_list_route AS1_whitel_6 11.3.1.0/24 [1, 1011] rejected, more specific of prefix allowed by white list route AS1_2 (192.0.2.12, RTT 5 ms)
- NO next-hop-self in AS1_2.conf (next-hop of AS101 used for AS101_good == 101.0.1.0/24)
- next_hop.policy: same-as (from clients config)
- not enabled to receive blackhole requests
Originated prefixes:
Prefix ID Prefix Feature Expected result AS1_good1 1.0.1.0/24 AS1_good2 1.0.2.0/24 AS1_good3 1.0.3.0/24 next_hop=AS1_1 win next_hop_is_valid_for_AS1_2 (same-as)
AS2:
AS-SETs:
- AS-AS2 (AS2, 2.0.0.0/16)
- AS-AS2_CUSTOMERS (AS101, AS103, 101.0.0.0/16, 103.0.0.0/16)
Not enabled to perform graceful BGP session shutdown.
clients:
AS2 (192.0.2.21, RTT 17.3 ms)
- next-hop-self configured in AS2.conf
- next_hop.policy: authorized_addresses (from clients config)
- next_hop.authorized_addresses_list: - 192.0.2.21 and 2001:db8:1:1::21, its own IP addresses - 192.0.2.22 and 2001:db8:1:1::22, IP addresses not configured as route server client
Originated prefixes:
Prefix ID Prefix Feature Expected result AS2_good1 2.0.1.0/24 AS2_good2 2.0.2.0/24 AS2_blackhole1 2.0.3.1/32 announced with BLACKHOLE 65535:666 comm propagated with only 65535:666 to AS1_1 and AS3 (AS1_2 has “announce_to_client” = False) and next-hop 192.0.2.66; NO_EXPORT also added AS2_blackhole2 2.0.3.2/32 announced with local 65534:0 comm as above AS2_blackhole3 2.0.3.3/32 announced with local 65534:0:0 comm as above AS2_nonclient_nexthop1 2.0.4.0/24 announce with an authorized next-hop received by other clients AS2_nonclient_nexthop2 2.0.5.0/24 announce with an unknown next-hop not received by other clients
AS3:
AS-SETs: none
clients:
AS3 (192.0.2.31, RTT 123.8)
- no enforcing of origin in AS-SET
- no enforcing of prefix in AS-SET
- ADD-PATH enabled
- passive client-side (no passive on the route server)
Originated prefixes:
Prefix ID Prefix Communities Expected result AS3_blacklist1 3.0.1.0/24 fail prefix_is_in_AS3_1_blacklist AS3_cc_AS1only 3.0.2.0/24 0:999, 65501:1 seen on AS1_1/_2 only AS3_cc_not_AS1 3.0.3.0/24 0:1 seen on AS2 only AS3_cc_none 3.0.4.0/24 0:999 not seen AS3_prepend1any 3.0.5.0/24 65521:65521 AS_PATH 3, 3 AS3_prepend2any 3.0.6.0/24 65522:65522 AS_PATH 3, 3, 3 AS3_prepend3any 3.0.7.0/24 65523:65523 AS_PATH 3, 3, 3, 3 AS3_prepend1_AS1 3.0.8.0/24 65521:1 AS_PATH 3, 3 on AS1 clients AS3_prepend2_AS2 3.0.9.0/24 65522:2 AS_PATH 3, 3, 3 on AS2 clients AS3_prep3AS1_1any 3.0.10.0/24 65523:1 65521:65521 AS_PATH 3, 3, 3, 3 on AS1 clients, 3, 3 on AS2 clients AS3_noexport_any 3.0.11.0/24 65507:999 received by all with NO_EXPORT AS3_noexport_AS1 3.0.12.0/24 65509:1 65523:2 (prepend x3 to AS2) received by AS1 with NO_EXPORT AS3_rfc1997_noexp 3.0.13.0/24 NO_EXPORT received by all with NO_EXPORT AS3_transitfree_2 3.0.14.0/24 AS_PATH 3, 174, 33: rejected even if 3 is in the transit-free ASN list AS3_prep2AS151866 3.0.15.0/24 65522:64512 using the 16bit_mapped_asn AS3_noexpAS151866 3.0.16.0/24 65509:64512 using the 16bit_mapped_asn Default_route 0.0.0.0/0 rejected by rs
AS4:
AS-SETs: none
clients:
AS4 (192.0.2.41, RTT 600)
- no enforcing of origin in AS-SET
- no enforcing of prefix in AS-SET
- RTT thresholds configured on rs: 5, 10, 15, 20, 30, 50, 100, 200, 500
- other peers RTTs: - AS1_1: 0.1 - AS1_2: 5 - AS2: 17.3 - AS3: 123.8
Originated prefixes:
Prefix ID Prefix Communities Goal Who receives it AS4_rtt_1 4.0.1.0/24 0:999 64532:15 Do not announce to any + announce to peers with RTT <= 15 ms AS1_1, AS1_2 AS4_rtt_2 4.0.2.0/24 0:999 64532:5 Do not announce to any + announce to peers with RTT <= 5 ms AS1_1, AS1_2 AS4_rtt_3 4.0.3.0/24 64531:15 Do not announce to peers with RTT > 15 ms AS1_1, AS1_2 AS4_rtt_4 4.0.4.0/24 64531:5 Do not announce to peers with RTT > 5 ms AS1_1, AS1_2 AS4_rtt_5 4.0.5.0/24 64531:5 65501:3 Do not announce to peers with RTT > 5 ms but announce to AS3 AS1_1, AS1_2, AS3 AS4_rtt_6 4.0.6.0/24 64530:5 64531:100 Do not announce to peers with RTT <= 5 and Do not announce to peers with RTT > 100 AS2 AS4_rtt_7 4.0.7.1/32 65535:666 64531:20 BLACKHOLE request, do not announce to peers with RTT > 20 AS1_1, AS2 (AS1_2 not enabled to receive blackhole requests) AS4_rtt_8 4.0.8.0/24 64539:100 64538:10 Prepend 3x to > 100 ms, 2x to > 10 ms AS1_1, AS1_2, AS2 2x, AS3 3x AS4_rtt_9 4.0.9.0/24 64536:5 64535:20 65521:65521 Prepend 3x to <= 5 ms, 2x to <= 20, 1x to any AS1_1 & AS1_2 3x, AS2 2x, AS3 1x AS4_rtt_10 4.0.10.0/24 rt:64537:10 rt:64538:20 Prepend 1x to > 10 ms, 2x to > 20 ms AS1_1 & AS1_2 no prep, AS2 1x, AS3 2x
AS151866:
Used to verify that the control communities applied by other clients work fine towards 32bit ASN clients.
Originated prefixes:
Prefix ID Prefix Expected result AS151866_bogon_1 192.168.1.0/24 Dropped (bogon), used to test that the rejected_route_announced_by std comm is properly set. AS222:
AS-SETs:
- AS-AS222 (AS333, 222.0.0.0/8)
- white list routes: exact 222.1.1.0/24 w/o origin AS
Used for tests about RFC 6907 7.1.9 and BCP172/RFC 6472.
clients:
AS222_1 (192.0.2.222)
Originated prefixes:
Prefix ID Prefix AS_PATH Expected result AS222_aggregate1 222.1.1.0/24 222, 333, {333 333} rejected because RPKI INVALID (this route passes IRR filters because of a client-level white_list_route AS222_aggregate2 222.2.2.0/24 222, 333, {333 333} BIRD: rejected because IRR origin invalid AS222_aggregate3 222.3.3.0/24 222, 333, {444 555} OpenBGPD: accepted because IRR origin validation is done on the last non-aggregated ASN
AS101:
clients:
Not a route server client, it only peers with AS1_1, AS1_2 and AS2 on 192.0.2.101.
RPKI ROAs:
ID Prefix Max ASN 1 101.0.8.0/24 101 2 101.0.9.0/24 102 3 101.0.128.0/20 23 101 4 101.2.0.0/17 101 5 101.2.128.0/17 24 101 6 101.3.0.0/16 24 105
Originated prefixes:
Prefix ID Prefix AS_PATH Expected result AS101_good1 101.0.1.0/24 fail next_hop_is_valid_for_AS1_2 (for the prefix announced by AS101 to AS1_2) AS101_no_rset 101.1.0.0/24 fail prefix_is_in_AS1_1_r_set and prefix_is_in_AS2_1_r_set AS102_no_asset 102.0.1.0/24 [101 102] fail origin_as_in_AS1_1_as_set and origin_as_in_AS2_1_as_set AS101_bad_std_comm 101.0.2.0/24 add 65530:0, scrubbed by rs AS101_bad_lrg_comm 101.0.3.0/24 add 999:65530:0, scrubbed by rs AS101_other_s_comm 101.0.4.0/24 add 888:0, NOT scrubbed by rs AS101_other_l_comm 101.0.5.0/24 add 888:0:0, NOT scrubbed by rs AS101_bad_good_comms 101.0.6.0/24 add 65530:1,999:65530:1,777:0,777:0:0, 65530 are scrubbed by rs, 777:** are kept AS101_transitfree_1 101.0.7.0/24 [101 174] fail as_path_contains_transit_free_asn AS101_neverviars_1 101.0.10.0/24 [101 666] fail never via route-servers ASNs (PeeringDB) AS101_neverviars_2 101.0.11.0/24 [101 777] fail never via route-servers ASNs (‘asns’ list) AS101_roa_valid1 101.0.8.0/24 roa check ok (roa n. 1), tagged with 64512:1 / 999:64512:1 AS101_roa_invalid1 101.0.9.0/24 roa check fail (roa n. 2, bad origin ASN), rejected AS101_roa_badlen 101.0.128.0/24 roa check fail (roa n. 3, bad length), rejected AS101_roa_blackhole 101.0.128.1/32 65535:666, pass because blackhole filtering request AS101_roa_routeobj_1 101.2.0.0/17 accepted because roa_as_route_objects, add 65530:2 AS101_roa_routeobj_2 101.2.1.0/24 fail, roa_as_route_objects but prefix is more specific than ROA AS101_roa_routeobj_3 101.2.128.0/24 accepted because roa_as_route_objects, add 65530:2 AS101_roa_routeobj_4 101.3.0.0/24 [101 105] fail, roa_as_route_objects but origin ASN not allowed by AS-SETs AS101_no_ipv6_gl_uni 8000:1::/32 fail IPv6 global unicast space check AS103_gshut_1 103.0.1.0/24 to AS1: [101 103]
to AS2: [101*2 103]
AS1 (best) performs gshut of this route; AS3 and AS4 receive the route via AS2 (sub-optimal path) AS103_gshut_2 103.0.2.0/24 to AS1: [101*2 103]
to AS2: [101 103]
AS2 (best) tries gshut of this route but it’s not enabled; AS3 and AS4 receive the route via AS2 AS104_arin_1 104.0.1.0/24 [101 104] Accepted from AS1 via ARIN Whois DB dump; rejected by others AS104_nicbr_1 104.1.1.0/24 [101 104] Accepted from AS1 via NIC.BR Whois DB dump; rejected by others