bgpd: add neighbor ip-transparent #18789

vjardin · 2025-05-10T22:33:34Z

Implement a per‑neighbor flag that sets IP_TRANSPARENT for the underlying TCP socket. With this flag bgpd can accept or initiate a session to/from an address that is not present on the host.

Typical use‑cases:

running bgpd inside a container without configuring the router loopback address inside that netns.
hitless switchover of a keepalived/VRRP VIP: the standby bgpd can pre‑bind and come up instantly after takeover.
BGP speakers when the IP address is not set (transparent firewall).

donaldsharp · 2025-05-11T12:12:41Z

can we add a simple topotest that shows that this works?

ton31337

Please add a topotest to check if it works as expected.

bgpd/bgp_vty.c

bgpd/bgp_network.c

vjardin · 2025-05-12T14:45:41Z

next: I'll submit the related topotest

louis-6wind · 2025-05-12T15:28:26Z

hitless switchover of a keepalived/VRRP VIP: the standby bgpd can pre‑bind and come up instantly after takeover.

Interesting, if I understand right, this use case works with neighbor passive

bgpd/bgp_vty.c

vjardin · 2025-05-20T09:45:28Z

ci:rerun

unrelated failures

ton31337 · 2025-05-20T10:19:18Z

@vjardin please fix styling (frrbot).

riw777

looks good ... looks like you've added the topo tests, as well

github-actions · 2025-05-20T13:19:55Z

This pull request has conflicts, please resolve those before we can evaluate the pull request.

vjardin · 2025-05-22T08:44:11Z

@vjardin please fix styling (frrbot).

I have fixed all except for peer_flag_action_list since the report is beyond this related pull request:
https://gist.githubusercontent.com/polychaeta/85e8de8a5a79de3f590f483ef95eb70e/raw/a7528f0462cbf79967bdd84881ea2248bf65ea5e/style.diff

 static const struct peer_flag_action peer_flag_action_list[] = {
-	{PEER_FLAG_PASSIVE, 0, peer_change_reset},
-	{PEER_FLAG_SHUTDOWN, 0, peer_change_reset},
-	{PEER_FLAG_RTT_SHUTDOWN, 0, peer_change_none},
  ...
+	{ PEER_FLAG_PASSIVE, 0, peer_change_reset },
+	{ PEER_FLAG_SHUTDOWN, 0, peer_change_reset },
+	{ PEER_FLAG_RTT_SHUTDOWN, 0, peer_change_none },

donaldsharp · 2025-05-22T14:09:06Z

LGTM once CI finishes....

bgpd/bgpd.h

ton31337

Mixed peer->af_flags with peer->flags for PEER_FLAG_IP_TRANSPARENT.

github-actions · 2025-05-23T16:25:15Z

This pull request has conflicts, please resolve those before we can evaluate the pull request.

vjardin · 2025-05-25T14:11:46Z

ci:rerun

doc/user/bgp.rst

riw777 · 2025-05-27T12:11:56Z

waiting on blocker @ton31337 ... :-)

Add sockopt_ip_transparent(), a thin wrapper around setsockopt(sock, SOL_IP, IP_TRANSPARENT) guarded by #ifdef IP_TRANSPARENT. This lets daemons such as bgpd create transparent sockets when running on kernels that support the option, while keeping the build portable on systems that do not provide it. Signed-off-by: Vincent Jardin <[email protected]>

Implement a per‑neighbor flag that sets IP_TRANSPARENT for the underlying TCP socket. With this flag bgpd can accept or initiate a session to/from an address that is not present on the host. Typical use‑cases: - running bgpd inside a container without configuring the router loopback address inside that netns. - hitless switchover of a keepalived/VRRP VIP: the standby bgpd can pre‑bind and come up instantly after takeover. - BGP speakers when the IP address is not set (transparent firewall). - others... It is safeguarded by a CAP_NET_ADMIN. Signed-off-by: Vincent Jardin <[email protected]>

When a neighbor is established for an ip-transparent and the source address is well known, let's honor that the connection. Signed-off-by: Vincent Jardin <[email protected]>

r1 is a legacy bgp setting r2 is configured using IP transparent 2 steps: - when IP transparent is not set, TCP session should not establish - when IP transparent is set, TCP session should establish Signed-off-by: Vincent Jardin <[email protected]>

vjardin · 2025-05-28T08:20:20Z

Thanks

frrbot bot added bgp libfrr labels May 10, 2025

github-actions bot added master size/M labels May 10, 2025

ton31337 requested changes May 11, 2025

View reviewed changes

bgpd/bgp_vty.c Outdated Show resolved Hide resolved

bgpd/bgp_network.c Show resolved Hide resolved

vjardin force-pushed the vj_addbgpiptransparent branch from a5a96aa to 8f05c96 Compare May 12, 2025 14:42

vjardin force-pushed the vj_addbgpiptransparent branch from 8f05c96 to d50b46a Compare May 18, 2025 21:57

github-actions bot added size/L and removed size/M labels May 18, 2025

ton31337 reviewed May 19, 2025

View reviewed changes

bgpd/bgp_vty.c Outdated Show resolved Hide resolved

vjardin force-pushed the vj_addbgpiptransparent branch from d50b46a to ef813aa Compare May 19, 2025 16:48

frrbot bot added bugfix tests Topotests, make check, etc labels May 19, 2025

github-actions bot added size/XL and removed size/L labels May 19, 2025

vjardin force-pushed the vj_addbgpiptransparent branch from ef813aa to a6de6cf Compare May 19, 2025 16:49

github-actions bot added size/L and removed size/XL labels May 19, 2025

vjardin force-pushed the vj_addbgpiptransparent branch from a6de6cf to af44d1a Compare May 19, 2025 16:50

riw777 approved these changes May 20, 2025

View reviewed changes

github-actions bot added the conflicts label May 20, 2025

vjardin force-pushed the vj_addbgpiptransparent branch from af44d1a to a7993ba Compare May 22, 2025 08:38

github-actions bot removed the conflicts label May 22, 2025

vjardin force-pushed the vj_addbgpiptransparent branch from eb458e9 to 7cdd080 Compare May 22, 2025 13:44

ton31337 reviewed May 23, 2025

View reviewed changes

bgpd/bgpd.h Outdated Show resolved Hide resolved

ton31337 requested changes May 23, 2025

View reviewed changes

vjardin force-pushed the vj_addbgpiptransparent branch from 7cdd080 to d1a6e3c Compare May 23, 2025 16:25

frrbot bot added the zebra label May 23, 2025

github-actions bot added size/XXL conflicts and removed size/L labels May 23, 2025

github-actions bot added the rebase PR needs rebase label May 23, 2025

vjardin force-pushed the vj_addbgpiptransparent branch from d1a6e3c to d219953 Compare May 23, 2025 16:26

github-actions bot added size/L and removed size/XXL conflicts labels May 23, 2025

vjardin force-pushed the vj_addbgpiptransparent branch from d219953 to 00e2a6a Compare May 23, 2025 17:37

vjardin requested a review from ton31337 May 23, 2025 17:39

ton31337 reviewed May 26, 2025

View reviewed changes

doc/user/bgp.rst Show resolved Hide resolved

vjardin removed the bugfix label May 27, 2025

vjardin added 3 commits May 27, 2025 20:00

bgpd: honor missing nexthop for transparent+source

22aedab

When a neighbor is established for an ip-transparent and the source address is well known, let's honor that the connection. Signed-off-by: Vincent Jardin <[email protected]>

vjardin force-pushed the vj_addbgpiptransparent branch from 00e2a6a to 4d07a2f Compare May 27, 2025 20:02

ton31337 approved these changes May 28, 2025

View reviewed changes

ton31337 merged commit 94e65ba into FRRouting:master May 28, 2025
13 checks passed

vjardin deleted the vj_addbgpiptransparent branch May 28, 2025 08:19

bgpd: add neighbor ip-transparent #18789

bgpd: add neighbor ip-transparent #18789

Uh oh!

Conversation

vjardin commented May 10, 2025

Uh oh!

donaldsharp commented May 11, 2025

Uh oh!

ton31337 left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

vjardin commented May 12, 2025

Uh oh!

louis-6wind commented May 12, 2025

Uh oh!

Uh oh!

vjardin commented May 20, 2025

Uh oh!

ton31337 commented May 20, 2025

Uh oh!

riw777 left a comment

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented May 20, 2025

Uh oh!

vjardin commented May 22, 2025

Uh oh!

donaldsharp commented May 22, 2025

Uh oh!

Uh oh!

ton31337 left a comment

Choose a reason for hiding this comment

Uh oh!

github-actions bot commented May 23, 2025

Uh oh!

vjardin commented May 25, 2025

Uh oh!

Uh oh!

riw777 commented May 27, 2025

Uh oh!

Uh oh!

vjardin commented May 28, 2025

Uh oh!

Uh oh!