[Xorp-hackers] Some thoughts
Kristian Larsson
kristian@juniks.net
Mon, 7 Nov 2005 13:41:13 +0100
On Mon, Nov 07, 2005 at 02:29:01PM +0200, Hasso Tepper wrote:
> Mark Handley wrote:
> > Now, suppose I configure the IP address of an interface through the
> > rtrmgr. The FEA will set this interface address. And now someone
> > changes it through ifconfig or whatever. What is the correct action
> > for XORP to do?
>
> What is "change"? Two actions can be done by kernel (via ifconfig or
> any other mechanism) - add address or delete address.
>
> > The IP address has been configured in XORP, so XORP should in
> > principle believe this is still what is wanted. If it observes the
> > change, then it should re-configure it back, as XORP is still
> > configured to set this particular address.
>
> Xorp has to force the use of address which is configured in rtrmgr. If
> address is deleted by kernel and event to delete is not initiated by
> Xorp, it has to send address_add message again to the kernel.
>
> > An alternative is for XORP to monitor the machine state, and consider
> > the rest of the machine is in charge. In which case it would then
> > change it's running config automatically. But the general idea is the
> > running config is set by a human, so having this change under you
> > isn't principle of least surprise.
>
> No way. Nothing should change running config automatically. All addresses
> coming from system should have meaning for rib only.
>
> > The end result is that there is no good answer to this. As XORP is
> > intended not as just a routing daemon, but as the entire router
> > control plane (yes, long-term plan), then the most sensible (and
> > certainly simplest) answer is "XORP is in charge".
> >
> > We discussed this ad-nauseum in the early days of XORP, and ended up
> > with this decision. There is simply no good solution to this that
> > everyone would be happy with - you have to decide who is in charge.
> >
> > Now, the IPv6 link-local address issue is one where the kernel should
> > be in charge. Not any other user-space daemon. Thus this is
> > obviously one we should handle better than we do.
> >
> > And issues such as CARP/VRRP should be handled in a what that the user
> > specifies somehow that this address is to be set automatically, and so
> > can change under you. We don't have the hooks for this right now, and
> > should have. But there's only so much time, and so many things to do.
>
> My view is something like this:
>
> * Xorp is in charge, but it listens kernel if it doesn't conflict with
> Xorp's view of things.
> * All addresses and connected routes configured/added by kernel have
> meaning for rib only - no configuration changes.
>
> Situations:
>
> Interface is created in Xorp (it has to exist in the system for now, but
> hopefully this will change). Addresses already on interface are added to
> the RIB (like it's done with default-system-config at the moment). If
> there are addresses configured in Xorp, they are added to the interface.
>
> Xorp receives address_add message from kernel - address are added to the
> RIB with connected route (if it isn't there already).
>
> Xorp receives address_del message from kernel. If it is the address not
> configured from Xorp, delete it from RIB. If it is configured from Xorp,
> add it back - ie. send address_add to the kernel.
>
> Interface is deleted in Xorp. Only the addresses configured from Xorp are
> removed from interface.
>
> If you see any problem with this approach, please tell me. This fixes
> both link-local and vrrp/carp cases.
>
> Btw, it also fixes secondary address handling in Linux for example. At
> the moment you can try something like this on Linux:
>
> XORP# create interfaces interface eth0 vif eth0 address 10.10.10.1
> prefix-length 24
> XORP# commit
> XORP# create interfaces interface eth0 vif eth0 address 10.10.10.2
> prefix-length 24
> XORP# commit
> XORP# delete interfaces interface eth0 vif eth0 address 10.10.10.1
> XORP# commit
>
> Result is that interface eth0 has no addresses configured, but 10.10.10.2
> is still configured in Xorp. That's because Linux deletes all secondary
> addresses from interface if primary is deleted.
I beleive there is an option for this.
Promote secondary IPs
When deleting a primary the 'next' secondary will
become primary.
Of course, most people don't have this ( I think
it is available as of 2.6.13 or .14) so what
you're saying still holds true.
Kristian.
>
>
> with my bets wishes,
>
> --
> Hasso Tepper
> _______________________________________________
> Xorp-hackers mailing list
> Xorp-hackers@icir.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/xorp-hackers