Between 0x② nerd knobs 🎛— BGP unnumbered on SR Linux

Jeroen Van Bemmel
3 min readJan 28, 2022

--

Using a custom FRR agent 🕴️

Supporting BGP unnumbered on SR Linux using a custom embedded agent

As (also) explained in this vodcast by Jeff Doyle and Jeff Tantsura (April 2020), BGP remains a key protocol in networks of all sizes. As part of a global drive for simplification and automation, the engineers at Cumulus Networks have pioneered a feature called “BGP unnumbered” to simplify the configuration of large data center fabrics: RFC8950 (formerly RFC5549) describes how extended next-hop encoding can be negotiated and used to exchange IPv4 prefix routes using IPv6 next hops, such that the fabric interfaces can use auto-assigned IPv6 link-local addresses (only), with no IPv4 at all. In combination with AS number discovery, this greatly simplifies the configuration.

SR Linux inherits its BGP stack from Nokia SR OS, a robust mature hardened software product that runs the internet. It already supports the majority of features that one would expect in a data center context: Besides IPv4/v6 and EVPN address families, there is support for RFC8950 extended next-hop encoding, extensive BGP import/export policies, and much much more. However, in the case of large service provider networks and the internet at large, BGP is often and commonly used between untrusted external parties; people like to be explicit and picky about who they peer with, and so the idea of automatically peering with whomever shows up is considered questionable by some (if not downright “preposterous”). Consequently, fully automatic peering à la BGP unnumbered is not yet possible with SR Linux — at least not out-of-the-box.

Custom FRR agent integration

As the marketing says:

Bring new flexibility to development and integration

Use our NetOps Development Kit (NDK) to integrate third-party applications with the same functionality as Nokia applications

To illustrate how this could work out in practice, take a look at this open source project on GitHub:

Custom YANG model extensions to enable BGP unnumbered (using FRR behind the scenes)

The above SR Linux configuration uses FRR to setup eBGP peering with IPv6-only link local addresses on the interfaces. It then configures the ‘native’ BGP stack to bring up an iBGP peering session between the IPv4 loopback IPs, as exchanged over eBGP unnumbered.

Corresponding auto-generated FRR configuration

The above FRR configuration is generated based on the YANG model parameters. Note the custom port 1179 (enabled by a small patch to FRR) on lines 15 and 17, such that FRR and native BGP can both run in parallel TCP sessions.

FRR connects to its peers and discovers routes which are added to the Linux routing table. Using a Netlink callback socket, the custom Python agent receives these route events and submits them to the SR Linux NDK for programming the data path.

Resulting route table on SR Linux, note the IPv6 ECMP next hops (also) for IPv4 prefixes

if (#trulyopen™ NOS) <your-dream-knob> = True!

With networks becoming ever more open software driven, it is critically important that your Network Operating System(NOS) provides you with the hooks and “nerd knobs” to implement whatever is required. And if the particular knob or feature that you need is missing — like the FRR BGP unnumbered feature illustrated here — you should be able to add it yourself.

#open #SRLinux

--

--

Jeroen Van Bemmel

Sustainable digital transformation at Webscale — real life stories about our discoveries in the world of networking. Views represented are my own.