neutron

bgp os_ken ssh_console support

Bug #2025969 reported by Yusuf Güngör
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
neutron
New
Wishlist
Unassigned

Bug Description

Hi, is it possible to enable the os_ken ssh_console?

For now there is no way to see the live status of the bgp connections.

There exist a closed RFE about bgp statistics: https://bugs.launchpad.net/neutron/+bug/1527993

Enabling ssh console should require less effort than bgp statistics RFE.

ssh console example:

    $ ssh localhost -p 4990

    Hello, this is OSKen BGP speaker (version 4.19).

    bgpd> # Hit '?' key
     clear - allows to reset BGP connections
     help - show this help
     quit - exit this session
     set - set runtime settings
     show - shows runtime state information
    bgpd>
    bgpd> show rib all
    Status codes: * valid, > best
    Origin codes: i - IGP, e - EGP, ? - incomplete
         Network Labels Next Hop Reason Metric LocPrf Path
     *> 10.10.1.0/24 None 0.0.0.0 Only Path i
    bgpd>

os-ken supports ssh console:

ssh_console specifies whether or not SSH CLI need to be started.

ssh_port specifies the port number for SSH CLI server. The default is bgp.operator.ssh.DEFAULT_SSH_PORT.

ssh_host specifies the IP address for SSH CLI server. The default is bgp.operator.ssh.DEFAULT_SSH_HOST.

ssh_host_key specifies the path to the host key added to the keys list used by SSH CLI server. The default is bgp.operator.ssh.DEFAULT_SSH_HOST_KEY.

# ./os_ken/services/protocols/bgp/bgpspeaker.py

class BGPSpeaker(object):
    """Class to provide the APIs of OSKen BGP Speaker.

    ``as_number`` specifies an Autonomous Number. It must be an integer
    between 1 and 65535.

    ``router_id`` specifies BGP router identifier. It must be the
    string representation of an IPv4 address (e.g. 10.0.0.1).

    ``bgp_server_host`` specifies a list of TCP listen host addresses.

    ``bgp_server_port`` specifies TCP listen port number. 179 is
    used if not specified.

    ``refresh_stalepath_time`` causes the BGP speaker to remove
    stale routes from the BGP table after the timer expires, even
    if the speaker does not receive a Router-Refresh End-of-RIB
    message. This feature is disabled (not implemented yet).

    ``refresh_max_eor_time`` causes the BGP speaker to generate a
    Route-Refresh End-of-RIB message if it was not able to
    generate one due to route flapping. This feature is disabled
    (not implemented yet).

    ``best_path_change_handler``, if specified, is called when any
    best remote path is changed due to an update message or remote
    peer down. The handler is supposed to take one argument, the
    instance of an EventPrefix class instance.

    ``adj_rib_in_change_handler``, if specified, is called when any
    adj-RIB-in path is changed due to an update message or remote
    peer down. The given handler should take three argument, the
    instance of an EventPrefix class instance, str type peer's IP address
    and int type peer's AS number.

    ``peer_down_handler``, if specified, is called when BGP peering
    session goes down.

    ``peer_up_handler``, if specified, is called when BGP peering
    session goes up.

    ``ssh_console`` specifies whether or not SSH CLI need to be started.

    ``ssh_port`` specifies the port number for SSH CLI server.
    The default is bgp.operator.ssh.DEFAULT_SSH_PORT.

    ``ssh_host`` specifies the IP address for SSH CLI server.
    The default is bgp.operator.ssh.DEFAULT_SSH_HOST.

    ``ssh_host_key`` specifies the path to the host key added to
    the keys list used by SSH CLI server.
    The default is bgp.operator.ssh.DEFAULT_SSH_HOST_KEY.

    ``label_range`` specifies the range of MPLS labels generated
    automatically.

    ``allow_local_as_in_count`` maximum number of local AS number
    occurrences in AS_PATH. This option is useful for e.g. auto RD/RT
    configurations in leaf/spine architecture with shared AS numbers.
    The default is 0 and means "local AS number is not allowed in
    AS_PATH". To allow local AS, 3 is recommended (Cisco's default).

    ``cluster_id`` specifies the cluster identifier for Route Reflector.
    It must be the string representation of an IPv4 address.
    If omitted, "router_id" is used for this field.

    ``local_pref`` specifies the default local preference. It must be an
    integer.
    """

    def __init__(self, as_number, router_id,
                 bgp_server_hosts=DEFAULT_BGP_SERVER_HOSTS,
                 bgp_server_port=DEFAULT_BGP_SERVER_PORT,
                 refresh_stalepath_time=DEFAULT_REFRESH_STALEPATH_TIME,
                 refresh_max_eor_time=DEFAULT_REFRESH_MAX_EOR_TIME,
                 best_path_change_handler=None,
                 adj_rib_in_change_handler=None,
                 peer_down_handler=None,
                 peer_up_handler=None,
                 ssh_console=False,
                 ssh_port=None, ssh_host=None, ssh_host_key=None,
                 label_range=DEFAULT_LABEL_RANGE,
                 allow_local_as_in_count=0,
                 cluster_id=None,
                 local_pref=DEFAULT_LOCAL_PREF):
        super(BGPSpeaker, self).__init__()

# ./neutron_dynamic_routing/services/bgp/agent/driver/os_ken/driver.py
        curr_speaker = bgpspeaker.BGPSpeaker(as_number=speaker_as,
                             router_id=self.routerid, bgp_server_port=0,
                             best_path_change_handler=best_path_change_cb,
                             peer_down_handler=bgp_peer_down_cb,
                             peer_up_handler=bgp_peer_up_cb)

Dynamic Routing can get the ssh_console, ssh_port, ssh_host and ssh_host_key variables from config and initialize the curr_speaker with ssh_console support.

Do you have any idea why this feature is not implemented? Thanks.

Tags: rfe
Rodolfo Alonso (rodolfo-alonso-hernandez)
tags: added: rfe
Changed in neutron:
importance: Undecided → Wishlist
Revision history for this message
Rodolfo Alonso (rodolfo-alonso-hernandez) wrote :

Hello Yusuf:

Can you explain a bit what is the goal of this RFE? Why do you need this console? Just a quick comment, providing the user a console to a service is a backdoor that could be exploited. I'm particularly against this proposal but feel free to add you topic in [1], in the "On Demand Agenda" section. The meetings are all Friday's (if there is any topic) at 1400UTC.

If you need help, please ping me in IRC, channel #openstack-neutron, nick <ralonsoh>.

Regards.

[1]https://wiki.openstack.org/wiki/Meetings/NeutronDrivers

Revision history for this message
Roberto Bartzen Acosta (rbartzen) wrote :

Hello Yusuf,

This can be interesting to perform some troubleshoot such as the issue that drops BGP sessions and keeps the dr-agent active on Neutron [1]. However, for observability purposes, I believe that the information in the logs can help in obtaining the status and triggering alarms.

neutron-bgp-dragent[907]: neutron_dynamic_routing.services.bgp.agent.driver.os_ken.driver [-] BGP Peer IPv6-Peer-Address for remote_as=XXX went DOWN.
neutron-bgp-dragent[907]: neutron_dynamic_routing.services.bgp.agent.driver.os_ken.driver [-] BGP Peer IPv6-Peer-Address for remote_as=XXX is UP.

Now, in case this "local" ssh session gets realtime session status, I'd like to see it exported to an integrated tool like Prometheus :)

[1] https://bugs.launchpad.net/neutron/+bug/2023632

Revision history for this message
Yusuf Güngör (yusuf2) wrote :

Hi @Rodolfo,

Actually my motivaion is same as @Roberto

Our bgp peers, the networking guys, always suprised when we say there is no where to see the bgp connection status.

We can parse the dragent logs and trigger some alerts but it will be nice to have a live troubleshoot console.

SSH console can only listen the localhost for security concerns.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.