Bidirectional Forwarding Detection#67
Merged
Merged
Conversation
f1406da to
3fc1954
Compare
Nieuwejaar
reviewed
Jul 1, 2023
Nieuwejaar
left a comment
Contributor
There was a problem hiding this comment.
Is this meant to be open-sourced, or not yet? If so, we need copyrights,etc.
I need to step away from the keyboard for a bit. I've gone through everything but sm.rs. So far it all looks good. It really is a refreshingly simple protocol.
Nieuwejaar
reviewed
Jul 5, 2023
c9b2ead to
53dfa7a
Compare
712a2e8 to
2fd0b4c
Compare
Nieuwejaar
reviewed
Jan 30, 2024
Nieuwejaar
left a comment
Contributor
There was a problem hiding this comment.
I still have a few files to get through, but I'm done for the night. So far, this looks really solid.
Nieuwejaar
reviewed
Jan 30, 2024
Nieuwejaar
approved these changes
Jan 30, 2024
Nieuwejaar
left a comment
Contributor
There was a problem hiding this comment.
One final spelling nit. Otherwise, good to go.
allows multiple sessions to share the same source address
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This is an initial implementation of the RFC 5880: Bidirectional Forwarding Detection (BFD) protocol. This PR is limited in scope to RFC 5883: Bidirectional Forwarding Detection (BFD) for Multihop Paths and RFC 5881: Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop). Authentication is not covered in this initial PR but will likely be added in a follow-on based on recommendations from RFC 5883.
This is purely a protocol implementation. No attempt is made to influence an underlying forwarding platform or interact with routing daemons.BFD is now fully integrated with the Maghemite RIB.The driving use case for BFD, as described in RFD 276 Section 3.1, is providing an HA path into an Oxide rack for customers who use static routing. BFD is commonly implemented in enterprise-grade networking equipment for precisely this purpose. To make this direction work, we only need to implement the upper half of the protocol. This will inform upstream routers/firewalls about what sidecar to send packets to in the event of an outage. Integration with the Maghemite RIB allows our switches to detect upstream forwarding faults and react accordingly.
In addition to the CI-based tests that have been added. I have also tested this against the VyOS/FRR BFD implementation, and the basic detection mechanisms look good. As we move forward, I'll work on integrating testing for FortiGate, PanOS, and others.
The BFD functionality is plumbed into the
mgdAPI is designed to be driven by an overarching control plane. No static configuration is available whatsoever - everything is configured through the API. A basic CLI commands are provided inmgadmalong with additions to the progenitor-based client library formfd.The daemon is also stateless, meaning that a higher-level entity is responsible for managing state across daemon restarts.The deamon stores session information in the Maghemite RDB. It will restore BFD sessions on restart. The RDB does not survive a sled reboot, as its on the ramdisk. At that point, it's the control plane's responsibility to repopulate things. The I've tested that the Omicron BFD RPW performs this function as expected.Finally, the core functionality in the BFD library is independent of network transport. This was done to make lightweight testing possible without having to set up complete networks with a bunch of zones/VMs and the whole nine yards. BFD sessions are linked to an underlying UDP mechanism through bidirectional channels that carry packet data and destination addresses. This makes it really simple to define multi-daemon protocol tests.