Dec 3, 2003, 8:02 AM
Post #5 of 11
(2147 views)
Permalink
On Wed, 3 Dec 2003, Greg Troxel wrote:
> I'm convinced the current code is broken.
its supposed to provide:
- normal semantics for network statement in general, ie match local
addresses of interfaces (PtP or not). (to avoid need for dozens of
network /32 network statements when all my PtP links for an area are
allocated from same block)
while
- still providing backwards compat for the Zebra 'match destination
address if iface is PtP' behaviour, and iirc, i took the
IPV4_ADDR_SAME from the existing Zebra test applied to PtP
interfaces.
> I would like to first get agreement on the desired semantics.
sure.
> For broadcast interfaces, it seems clear that the correct test is
> whether the interface address falls within the configured prefix:
>
> prefix_match (net, co->address)
yes. which Zebra, rather awkwardly, does not do.
> For p2p, I can see four options:
>
> 1. local address falls within a configured prefix
> 2. local address matches a configured /32 prefix
> 3. remote address falls within a configured prefix
> 4. remote address matches a configured /32 prefix
if you have 1, you have 2. ditto for 3,4. (just stating the obvious,
obviously).
> Option 1 is problematic because it is hard to exclude a p2p
> interface that reuses an ethernet's address (whether one should be
> doing this is debatable, but people do, and this is partly due to
> IPv4 address scarcity).
>
> Option 2 means you need a specific network statement to match the ppp
> link, which galls me a bit.
Galls me too. Then those who have/can plan out their allocations
nicely again end up with dozens of network statements. (even if PtP
links for an area are nicely aggregrated).
> Option 3 nicely excludes internal/external links, but this does seem a
> bit odd.
>
> Option 4 doesn't seem necessary; option 2 gets the precise behavior
> control when needed.
Yes, but option 2 forces 'dozens of network statements' on everyone
who uses PtP links. Option 1 OTOH allows those with nicely
aggregrated networks to not have to individually specify every
interface prefix.
Further, IMHO, I dont think ospfd deals properly with
overlapping/reused addresses, hence i dont think it makes sense to
work the network statement semantics to allow this.
> Reading the original code, an interface is included if either
>
> the interface is p2p
>
> AND
>
> the destination address matches the address used in the network
> statement (even if it is not a /32)
>
> OR
>
> the interface addr falls within the configured prefix
> (for p2p or broadcast interfaces)
>
> So according to my taxonomy, this is option 1 for non-p2p and for p2p
> the or of option 1 and almost option 4.
No, the original code didnt have the latter behaviour iirc. PtP
interfaces could only be enabled with the first (tests) of the OR
statement above.
If the latter had been true for PtP, I would never have wanted to
change it.
> The problem with this semantics is that one can't exclude a p2p
> interface in the following scenario:
>
> network 10.0.0.0/8 area 0
>
> tlp0: 10.0.0.1/8
> ppp0: 10.1.2.3/32 dst 192.16.1.1/32
but this is a broken setup, the prefix used on ppp0 is contained
within the prefix used on tlp0. What happens if you receive a message
from the router with source 10.1.2.3? More generally, the PtP
interface prefixes tend to be from the same aggregrate, eg:
ppp0 10.1.2.3/32 dst 10.1.2.1/32
what happens if you have OSPF router 10.1.2.1?
> (Again, arguably one should not configure ppp interfaces with
> addresses that belong elsewhere, but one could have a bunch of
> ethernets with 10.x.0.0/16, reserve one value of x for ppp, and
> _still_ want to have a single 'network 10/8' statement to include
> all of one's network.
yes. but more fundamentally, ospfd cant handle it.
> So perhaps the right behavior for p2p is
>
> 1. if both local and remote fall within the same prefix, include it
remote is only meaningful for PtP though.
> 2. if either local or remote match a prefix as a /32 (or only if the
> prefix is also /32), include it
ditto.
The current semantics:
if (local matches prefix) || (ptp && destination is same)
provide these semantics though, no? yes, it could be cleaned up a
bit, but i think the general semantics are sound.
> This avoids the "hard to exclude an interface" problem, but also
> includes links that are wholly within the network statement.
But I think the 'exclude interfaces' bit is flawed.
> (I actually run ospf over ppp with routers on both sides.)
I used to, actually mostly VPN links, but still PtP. (what the
carrier is doesnt really matter).
> This change is only a workaround for William's problem; something
> is wrong with with handling of interfaces going up and down.
regards,
--
Paul Jakma paul@clubi.ie paul@jakma.org Key ID: 64A2FF6A
warning: do not ever send email to spam@dishone.st
Fortune:
GREAT MOMENTS IN HISTORY (#7): April 2, 1751
Issac Newton becomes discouraged when he falls up a flight of stairs.