Global scenario

Built to group as many tests as possible in a single scenario.

  • AS1:

    AS-SETs:

    • AS-AS1 (AS1, 1.0.0.0/8, 128.0.0.0/7)

    • AS-AS1_CUSTOMERS (AS101, AS103, 101.0.0.0/16, 103.0.0.0/16, AS104)

    • white list: 11.1.0.0/16, ASN 1011

    • white list routes: exact 11.3.0.0/16 AS1011, 11.4.0.0/16 or more spec w/o origin AS

    Enabled to perform graceful BGP session shutdown.

    clients:

    • AS1_1 (192.0.2.11, RTT 0.1 ms)

      • next-hop-self configured in AS1_1.conf

      • next_hop.policy: strict (inherited from general config)

      Originated prefixes:

      Prefix ID

      Prefix

      AS_PATH

      Expected result

      AS1_good1

      1.0.1.0/24

      pass

      AS1_good2

      1.0.2.0/24

      pass

      bogon1

      10.0.0.0/24

      fail prefix_is_bogon

      local1

      192.0.2.0/24

      fail prefix_is_in_global_blacklist

      pref_len1

      128.0.0.0/7

      fail prefix_len_is_valid

      peer_as1

      128.0.0.0/8

      [2, 1]

      fail bgp_path.first != peer_as

      invalid_asn1

      128.0.0.0/9

      [1, 65536 1]

      fail as_path_contains_invalid_asn

      aspath_len1

      128.0.0.0/10

      [1, 2x6]

      fail bgp_path.len > 6

      AS1_whitel_1

      11.1.1.0/24

      [1, 1011]

      accepted, cause in white list

      AS1_whitel_2

      11.1.2.0/24

      [1, 1000]

      rejected, bad ASN even if prefix in white list

      AS1_whitel_3

      11.2.1.0/24

      [1, 1011]

      rejected, bad prefix even if ASN in white list

      AS1_whitel_4

      11.3.0.0/16

      [1, 1011]

      accepted because in white_list_route

      AS1_whitel_5

      11.4.1.0/24

      [1, 1000]

      accepted because in white_list_route

      AS1_whitel_6

      11.3.1.0/24

      [1, 1011]

      rejected, more specific of prefix allowed by white list route

    • AS1_2 (192.0.2.12, RTT 5 ms)

      • NO next-hop-self in AS1_2.conf (next-hop of AS101 used for AS101_good == 101.0.1.0/24)

      • next_hop.policy: same-as (from clients config)

      • not enabled to receive blackhole requests

      Originated prefixes:

      Prefix ID

      Prefix

      Feature

      Expected result

      AS1_good1

      1.0.1.0/24

      AS1_good2

      1.0.2.0/24

      AS1_good3

      1.0.3.0/24

      next_hop=AS1_1

      win next_hop_is_valid_for_AS1_2 (same-as)

  • AS2:

    AS-SETs:

    • AS-AS2 (AS2, 2.0.0.0/16)

    • AS-AS2_CUSTOMERS (AS101, AS103, 101.0.0.0/16, 103.0.0.0/16)

    Not enabled to perform graceful BGP session shutdown.

    clients:

    • AS2 (192.0.2.21, RTT 17.3 ms)

      • next-hop-self configured in AS2.conf

      • next_hop.policy: authorized_addresses (from clients config)

      • next_hop.authorized_addresses_list: - 192.0.2.21 and 2001:db8:1:1::21, its own IP addresses - 192.0.2.22 and 2001:db8:1:1::22, IP addresses not configured as route server client

      Originated prefixes:

      Prefix ID

      Prefix

      Feature

      Expected result

      AS2_good1

      2.0.1.0/24

      AS2_good2

      2.0.2.0/24

      AS2_blackhole1

      2.0.3.1/32

      announced with BLACKHOLE 65535:666 comm

      propagated with only 65535:666 to AS1_1 and AS3 (AS1_2 has “announce_to_client” = False) and next-hop 192.0.2.66; NO_EXPORT also added

      AS2_blackhole2

      2.0.3.2/32

      announced with local 65534:0 comm

      as above

      AS2_blackhole3

      2.0.3.3/32

      announced with local 65534:0:0 comm

      as above

      AS2_nonclient_nexthop1

      2.0.4.0/24

      announce with an authorized next-hop

      received by other clients

      AS2_nonclient_nexthop2

      2.0.5.0/24

      announce with an unknown next-hop

      not received by other clients

  • AS3:

    AS-SETs: none

    clients:

    • AS3 (192.0.2.31, RTT 123.8)

      • no enforcing of origin in AS-SET

      • no enforcing of prefix in AS-SET

      • ADD-PATH enabled

      • passive client-side (no passive on the route server)

      Originated prefixes:

      Prefix ID

      Prefix

      Communities

      Expected result

      AS3_blacklist1

      3.0.1.0/24

      fail prefix_is_in_AS3_1_blacklist

      AS3_cc_AS1only

      3.0.2.0/24

      0:999, 65501:1

      seen on AS1_1/_2 only

      AS3_cc_not_AS1

      3.0.3.0/24

      0:1

      seen on AS2 only

      AS3_cc_none

      3.0.4.0/24

      0:999

      not seen

      AS3_prepend1any

      3.0.5.0/24

      65521:65521

      AS_PATH 3, 3

      AS3_prepend2any

      3.0.6.0/24

      65522:65522

      AS_PATH 3, 3, 3

      AS3_prepend3any

      3.0.7.0/24

      65523:65523

      AS_PATH 3, 3, 3, 3

      AS3_prepend1_AS1

      3.0.8.0/24

      65521:1

      AS_PATH 3, 3 on AS1 clients

      AS3_prepend2_AS2

      3.0.9.0/24

      65522:2

      AS_PATH 3, 3, 3 on AS2 clients

      AS3_prep3AS1_1any

      3.0.10.0/24

      65523:1 65521:65521

      AS_PATH 3, 3, 3, 3 on AS1 clients, 3, 3 on AS2 clients

      AS3_noexport_any

      3.0.11.0/24

      65507:999

      received by all with NO_EXPORT

      AS3_noexport_AS1

      3.0.12.0/24

      65509:1 65523:2

      (prepend x3 to AS2) received by AS1 with NO_EXPORT

      AS3_rfc1997_noexp

      3.0.13.0/24

      NO_EXPORT

      received by all with NO_EXPORT

      AS3_transitfree_2

      3.0.14.0/24

      AS_PATH 3, 174, 33: rejected even if 3 is in the transit-free ASN list

      AS3_prep2AS151866

      3.0.15.0/24

      65522:64512

      using the 16bit_mapped_asn

      AS3_noexpAS151866

      3.0.16.0/24

      65509:64512

      using the 16bit_mapped_asn

      Default_route

      0.0.0.0/0

      rejected by rs

  • AS4:

    AS-SETs: none

    clients:

    • AS4 (192.0.2.41, RTT 600)

      • no enforcing of origin in AS-SET

      • no enforcing of prefix in AS-SET

      • RTT thresholds configured on rs: 5, 10, 15, 20, 30, 50, 100, 200, 500

      • other peers RTTs: - AS1_1: 0.1 - AS1_2: 5 - AS2: 17.3 - AS3: 123.8

      Originated prefixes:

      Prefix ID

      Prefix

      Communities

      Goal

      Who receives it

      AS4_rtt_1

      4.0.1.0/24

      0:999 64532:15

      Do not announce to any + announce to peers with RTT <= 15 ms

      AS1_1, AS1_2

      AS4_rtt_2

      4.0.2.0/24

      0:999 64532:5

      Do not announce to any + announce to peers with RTT <= 5 ms

      AS1_1, AS1_2

      AS4_rtt_3

      4.0.3.0/24

      64531:15

      Do not announce to peers with RTT > 15 ms

      AS1_1, AS1_2

      AS4_rtt_4

      4.0.4.0/24

      64531:5

      Do not announce to peers with RTT > 5 ms

      AS1_1, AS1_2

      AS4_rtt_5

      4.0.5.0/24

      64531:5 65501:3

      Do not announce to peers with RTT > 5 ms but announce to AS3

      AS1_1, AS1_2, AS3

      AS4_rtt_6

      4.0.6.0/24

      64530:5 64531:100

      Do not announce to peers with RTT <= 5 and Do not announce to peers with RTT > 100

      AS2

      AS4_rtt_7

      4.0.7.1/32

      65535:666 64531:20

      BLACKHOLE request, do not announce to peers with RTT > 20

      AS1_1, AS2 (AS1_2 not enabled to receive blackhole requests)

      AS4_rtt_8

      4.0.8.0/24

      64539:100 64538:10

      Prepend 3x to > 100 ms, 2x to > 10 ms

      AS1_1, AS1_2, AS2 2x, AS3 3x

      AS4_rtt_9

      4.0.9.0/24

      64536:5 64535:20 65521:65521

      Prepend 3x to <= 5 ms, 2x to <= 20, 1x to any

      AS1_1 & AS1_2 3x, AS2 2x, AS3 1x

      AS4_rtt_10

      4.0.10.0/24

      rt:64537:10 rt:64538:20

      Prepend 1x to > 10 ms, 2x to > 20 ms

      AS1_1 & AS1_2 no prep, AS2 1x, AS3 2x

  • AS151866:

    Used to verify that the control communities applied by other clients work fine towards 32bit ASN clients.

    Originated prefixes:

    Prefix ID

    Prefix

    Expected result

    AS151866_bogon_1

    192.168.1.0/24

    Dropped (bogon), used to test that the rejected_route_announced_by std comm is properly set.

  • AS222:

    AS-SETs:

    • AS-AS222 (AS333, 222.0.0.0/8)

    • white list routes: exact 222.1.1.0/24 w/o origin AS

    Used for tests about RFC 6907 7.1.9 and BCP172/RFC 6472.

    clients:

    • AS222_1 (192.0.2.222)

      Originated prefixes:

      Prefix ID

      Prefix

      AS_PATH

      Expected result

      AS222_aggregate1

      222.1.1.0/24

      222, 333, {333 333}

      rejected because RPKI INVALID (this route passes IRR filters because of a client-level white_list_route

      AS222_aggregate2

      222.2.2.0/24

      222, 333, {333 333}

      BIRD: rejected because IRR origin invalid

      AS222_aggregate3

      222.3.3.0/24

      222, 333, {444 555}

      OpenBGPD: accepted because IRR origin validation is done on the last non-aggregated ASN

  • AS101:

    clients:

    • Not a route server client, it only peers with AS1_1, AS1_2 and AS2 on 192.0.2.101.

    • RPKI ROAs:

      ID

      Prefix

      Max

      ASN

      1

      101.0.8.0/24

      101

      2

      101.0.9.0/24

      102

      3

      101.0.128.0/20

      23

      101

      4

      101.2.0.0/17

      101

      5

      101.2.128.0/17

      24

      101

      6

      101.3.0.0/16

      24

      105

    Originated prefixes:

    Prefix ID

    Prefix

    AS_PATH

    Expected result

    AS101_good1

    101.0.1.0/24

    fail next_hop_is_valid_for_AS1_2 (for the prefix announced by AS101 to AS1_2)

    AS101_no_rset

    101.1.0.0/24

    fail prefix_is_in_AS1_1_r_set and prefix_is_in_AS2_1_r_set

    AS102_no_asset

    102.0.1.0/24

    [101 102]

    fail origin_as_in_AS1_1_as_set and origin_as_in_AS2_1_as_set

    AS101_bad_std_comm

    101.0.2.0/24

    add 65530:0, scrubbed by rs

    AS101_bad_lrg_comm

    101.0.3.0/24

    add 999:65530:0, scrubbed by rs

    AS101_other_s_comm

    101.0.4.0/24

    add 888:0, NOT scrubbed by rs

    AS101_other_l_comm

    101.0.5.0/24

    add 888:0:0, NOT scrubbed by rs

    AS101_bad_good_comms

    101.0.6.0/24

    add 65530:1,999:65530:1,777:0,777:0:0, 65530 are scrubbed by rs, 777:** are kept

    AS101_transitfree_1

    101.0.7.0/24

    [101 174]

    fail as_path_contains_transit_free_asn

    AS101_neverviars_1

    101.0.10.0/24

    [101 666]

    fail never via route-servers ASNs (PeeringDB)

    AS101_neverviars_2

    101.0.11.0/24

    [101 777]

    fail never via route-servers ASNs (‘asns’ list)

    AS101_roa_valid1

    101.0.8.0/24

    roa check ok (roa n. 1), tagged with 64512:1 / 999:64512:1

    AS101_roa_invalid1

    101.0.9.0/24

    roa check fail (roa n. 2, bad origin ASN), rejected

    AS101_roa_badlen

    101.0.128.0/24

    roa check fail (roa n. 3, bad length), rejected

    AS101_roa_blackhole

    101.0.128.1/32

    65535:666, pass because blackhole filtering request

    AS101_roa_routeobj_1

    101.2.0.0/17

    accepted because roa_as_route_objects, add 65530:2

    AS101_roa_routeobj_2

    101.2.1.0/24

    fail, roa_as_route_objects but prefix is more specific than ROA

    AS101_roa_routeobj_3

    101.2.128.0/24

    accepted because roa_as_route_objects, add 65530:2

    AS101_roa_routeobj_4

    101.3.0.0/24

    [101 105]

    fail, roa_as_route_objects but origin ASN not allowed by AS-SETs

    AS101_no_ipv6_gl_uni

    8000:1::/32

    fail IPv6 global unicast space check

    AS103_gshut_1

    103.0.1.0/24

    to AS1: [101 103]

    to AS2: [101*2 103]

    AS1 (best) performs gshut of this route; AS3 and AS4 receive the route via AS2 (sub-optimal path)

    AS103_gshut_2

    103.0.2.0/24

    to AS1: [101*2 103]

    to AS2: [101 103]

    AS2 (best) tries gshut of this route but it’s not enabled; AS3 and AS4 receive the route via AS2

    AS104_arin_1

    104.0.1.0/24

    [101 104]

    Accepted from AS1 via ARIN Whois DB dump; rejected by others

    AS104_nicbr_1

    104.1.1.0/24

    [101 104]

    Accepted from AS1 via NIC.BR Whois DB dump; rejected by others