From 643bccfd0753328213a11de264550970ef07a615 Mon Sep 17 00:00:00 2001 From: Ben Cartwright-Cox Date: Thu, 23 Feb 2023 17:03:52 +0000 Subject: [PATCH] Add parsing support for ASPA/BGPSEC in SLURM files Using draft-spaghetti-sidrops-aspa-slurm as a base to work off No filtering/asserts are done yet, that comes shortly --- prefixfile/slurm.go | 45 ++++++++++++++++++++++++++++------------ prefixfile/slurm.json | 25 +++++++++++++++++----- prefixfile/slurm_test.go | 5 +++-- 3 files changed, 55 insertions(+), 20 deletions(-) diff --git a/prefixfile/slurm.go b/prefixfile/slurm.go index 03036b2..a895a77 100644 --- a/prefixfile/slurm.go +++ b/prefixfile/slurm.go @@ -1,4 +1,4 @@ -// rfc8416 +// rfc8416 and draft-sidrops-aspa-slurm package prefixfile @@ -10,25 +10,26 @@ import ( type SlurmPrefixFilter struct { Prefix string - ASN interface{} + ASN *uint32 `json:"asn,omitempty"` Comment string } +type SlurmBGPsecFilter struct { + ASN uint32 `json:"asn"` + Comment string `json:"comment"` +} + +type SlurmASPAFilter struct { + Afi string `json:"afi"` + Comment string `json:"comment"` + CustomerASid uint32 `json:"customer_asid"` +} + func (pf *SlurmPrefixFilter) GetASN() (uint32, bool) { if pf.ASN == nil { return 0, true } else { - switch asn := pf.ASN.(type) { - case json.Number: - c, _ := asn.Int64() - return uint32(c), false - case int: - return uint32(asn), false - case uint32: - return asn, false - default: - return 0, true - } + return *pf.ASN, false } } @@ -39,6 +40,8 @@ func (pf *SlurmPrefixFilter) GetPrefix() *net.IPNet { type SlurmValidationOutputFilters struct { PrefixFilters []SlurmPrefixFilter + BgpsecFilters []SlurmBGPsecFilter + AspaFilters []SlurmASPAFilter } type SlurmPrefixAssertion struct { @@ -48,6 +51,20 @@ type SlurmPrefixAssertion struct { Comment string } +type SlurmBGPsecAssertion struct { + SKI []byte `json:"SKI"` + ASN uint32 `json:"asn"` + Comment string `json:"comment"` + RouterPublicKey []byte `json:"routerPublicKey"` +} + +type SlurmASPAAssertion struct { + Afi string `json:"afi"` + Comment string `json:"comment"` + CustomerASNid uint32 `json:"customer_asid"` + ProviderSet []uint32 `json:"provider_set"` +} + func (pa *SlurmPrefixAssertion) GetASN() uint32 { return pa.ASN } @@ -63,6 +80,8 @@ func (pa *SlurmPrefixAssertion) GetMaxLen() int { type SlurmLocallyAddedAssertions struct { PrefixAssertions []SlurmPrefixAssertion + BgpsecAssertions []SlurmBGPsecAssertion + AspaAssertions []SlurmASPAAssertion } type SlurmConfig struct { diff --git a/prefixfile/slurm.json b/prefixfile/slurm.json index 1b5daac..19fa1bd 100644 --- a/prefixfile/slurm.json +++ b/prefixfile/slurm.json @@ -1,5 +1,5 @@ { - "slurmVersion": 1, + "slurmVersion": 2, "validationOutputFilters": { "prefixFilters": [ { @@ -22,14 +22,21 @@ "comment": "All keys for ASN" }, { - "SKI": "Zm9v", + "SKI": "XC7RBWu3661vfYmhXZwtUw==", "comment": "Key matching Router SKI" }, { "asn": 64497, - "SKI": "YmFy", + "SKI": "XC7RBWu3661vfYmhXZwtUw==", "comment": "Key for ASN 64497 matching Router SKI" } + ], + "aspaFilters": [ + { + "customer_asid": 64496, + "afi": "ipv6", + "comment": "ASPAs matching Customer ASID" + } ] }, "locallyAddedAssertions": { @@ -50,8 +57,16 @@ { "asn": 64496, "comment": "My known key for my important ASN", - "SKI": "", - "routerPublicKey": "" + "SKI": "au5McBIzw6kEM2t29AXSfw==", + "routerPublicKey": "MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEhv5HEBGixUjKJTlenvcD1Axyi07rFdVY1KhN4vMPYy5y0Mx6zfaiEqJN27jK/l61xC36Vsaezd7eXAsZ1AEEsQ==" + } + ], + "aspaAssertions": [ + { + "customer_asid": 64496, + "afi": "ipv6", + "provider_set": [64497, 64498], + "comment": "Pretend 64497 and 64498 are upstream for 64496 in the IPv6 AFI" } ] } diff --git a/prefixfile/slurm_test.go b/prefixfile/slurm_test.go index f1acb23..18afdad 100644 --- a/prefixfile/slurm_test.go +++ b/prefixfile/slurm_test.go @@ -53,17 +53,18 @@ func TestFilterOnVRPs(t *testing.T) { }, } + asA, asB := uint32(65001), uint32(65002) slurm := SlurmValidationOutputFilters{ PrefixFilters: []SlurmPrefixFilter{ { Prefix: "10.0.0.0/8", }, { - ASN: uint32(65001), + ASN: &asA, Prefix: "192.168.0.0/24", }, { - ASN: uint32(65002), + ASN: &asB, }, }, }