Rest HTTPS API with json from GoBGP using bgp4 IPv4 flowspec RFC5575 daemon.
Concept, "Show config & Announce BGP UPDATE, throw json, receive json":kissing_heart:
I want to make very Mutual cooperation & very HTTP frendly & very very simple flowspec BGP daemon.:laughing:
this code is under implement suite.
- GoBGP (Using GoBGP as Golang Library, so jgob get values from Native GoBGP API return)
- REST HTTPS API(using mux, having a unique URI return bgp infomation with json format)
- HTTPS Access log(using go-http-logger)
- Hooking syslog(using logrus)
- Easy Toml config files.
- Having permanent routing table with json format.
- When Reloading processes, loading last install routes.
- Can remark route put a string which you like in a "remark" field.
Running gRPC server with this Gobgp daemon,
so you want to use "gobgp" client command, you will.
Let's build jgob
$ git clone https://github.com/nnao45/jgob
$ cd jgob
$ go build
make config file. (can use following script make template. please change following info into your environments.)
& cat makeTestConfig.sh
#!/bin/sh
cat << EOT > config.tml
[jgobconfig]
as = 65501
router-id = "10.0.0.1"
[[jgobconfig.neighbor-config]]
peer-as = 65501
neighbor-address = "10.0.0.2"
peer-type = "internal"
EOT
cat << EOT > .env
USERNAME=user
PASSWORD=pass
EOT
jgob use SSL, so you must make certification object.
If you don't have, use makeSSL.sh
.
$ cat makeSSL.sh
#!/bin/sh
openssl genrsa 2048 > myself.key
openssl req -new -key myself.key <<EOF > myself.csr
JP
Tokyo
Japari Town
Japari Company
Japari Section
nyanpasu.com
EOF
openssl x509 -days 3650 -req -signkey myself.key < myself.csr > myself.crt
mkdir -p ssl/development/
mv myself.crt ssl/development
mv myself.csr ssl/development
mv myself.key ssl/development
It's joke infomation 😜 Do Use only to test.
And, jgob's Usage...
Usage:
jgob_IPv4Flowspec [-r route-file] [-f config-file]
Examples:
jgob_IPv4Flowspec
jgob_IPv4Flowspec -r test.rib -f tokyo.tml
/--┐
|---/test ..... [GET] simple test URI. Check living HTTPS API.
|
|---/global ... [GET] show global configuration of Running Gobgp.
|
|---/nei ...... [GET] show bgp ipv4 flowspec neighbor of Running Gobgp.
|
|---/route .... [GET] show a rib of address-family ipv4 flowspec of Running Gobgp.
|
|---/remark ... [GET] show route's remark and uuid in a rib.
|
|---/add ...... [POST] adding ipv4 flowspec routes with more bgp attribute.
|
|---/del ...... [POST] deleting ipv4 flowspec routes from uuid.
|
|---/reload ... [GET] reloading rib from jgob.route(it's danger API...)
Plain text.
root@ubu-bgp:/godev/jgob/jgob_IPv4Flowspec# cat jgob.route | jq .
[
{
"remark":"hoge"
"attrs": {
"destination": "3.0.0.0/24",
"source": "2.0.0.0/24",
"protocol": "udp",
"destination-port": " ==22",
"source-port": " ==80",
"origin": " e",
"extcomms": "2000.000000",
"aspath": ""
}
},
{
"remark":"piyo"
"attrs": {
"destination": "33.0.0.0/24",
"source": "22.0.0.0/24",
"protocol": "udp",
"destination-port": " ==22",
"source-port": " ==80",
"origin": " e",
"extcomms": "2000.000000",
"aspath": ""
}
},
{
"remark":"huga"
"attrs": {
"destination": "93.0.0.0/24",
"source": "92.0.0.0/24",
"protocol": "udp",
"destination-port": " ==22",
"source-port": " ==80",
"origin": " e",
"extcomms": "2000.000000",
"aspath": ""
}
},
{
"remark":"ponyo"
"attrs": {
"destination": "192.168.0.0/24",
"source": "10.0.0.0/24",
"protocol": "tcp",
"destination-port": " ==9999",
"source-port": " ==22222",
"origin": " i",
"extcomms": "100000.000000",
"aspath": "65500,65000"
}
}
]
It's so unique? 😙
type Prefix struct {
Remark string `json:"remark"` //remarking this route, it's filed you take it easy to write.
Uuid string `json:"uuid"` //this route's universally unique id.
Age string `json:"age"` //this route's aging time.
Flag bool `json:"flag"` //this is internal server error flag.
Attrs struct {
Aspath string `json:"aspath"` //this route flowspec attribute's as path.
Protocol string `json:"protocol"` //this route flowspec attribute's protobcol.
Src string `json:"source"` //this route flowspec attribute's src address.
Dst string `json:"destination"` //this route flowspec attribute's dst address.
SrcPort string `json:"source-port"` //this route flowspec attribute's src port.
DstPort string `json:"destination-port"` //this route flowspec attribute's dst port.
Origin string `json:"origin"` //this route flowspec attribute's origin.
Communities string `json:"community"` //this route flowspec attribute's community.
Extcomms string `json:"extcomms"` //this route flowspec attribute's extra community(for example, accept, discard, or rate-limit bps value).
}
}
[jgob#1(10.0.0.1)]=====[jgob#2(10.0.0.2)]
$ jgob1
[jgobconfig]
as = 65501
router-id = "10.0.0.1"
[[jgobconfig.neighbor-config]]
peer-as = 65501
neighbor-address = "10.0.0.2"
peer-type = "internal"
$ jgob2
[jgobconfig]
as = 65501
router-id = "10.0.0.2"
[[jgobconfig.neighbor-config]]
peer-as = 65501
neighbor-address = "10.0.0.1"
peer-type = "internal"
jgob config is very simple.
[jgobconfig]
as = <local-as>
router-id = <router-id>
[[jgobconfig.neighbor-config]]
peer-as = <remote-as>
neighbor-address = <neighbor-address>
peer-type = <peer-type>
address-family fixed, ipv4-flowspec. You must use only these param, and toml format.
POST new routes to "/add" (multipath is ok, adding in array 😇)
Don't need to "age" value, "uuid" value.
Done, And received "uuid"(adding route's universally unique id), "remark"(adding route's remark, free string)
and system messages.
(if server internal faild, system messsages will be values in direct error messages)
If you want to route delete, it's very easy.(also, multipath is ok, adding in array 😇)
POST "/del" a route having uuid(if you will want to check uuid, GET "/route").
Need to only "uuid" value.
And receiving delete route's uuid, remark, and system messages.
(if server internal faild, system messsages will be values in direct error messages)
- I think that jgob is as flowspec controller, so may not be received routes.
- jgob is running auto sync interval 1sec "jgob.route" and GoBGP Rib(If you use "gobgp" cmd, no problem).
- jgob's global configuration, Intentionally can't change(add neighbor, delete neighbor, change router-id...), but you can use "gobgp" cmd, so this operation, use cmd.
- jgob can receving protocol "tcp", "udp", "icmp".
- jgob can receving flowsepc action (MBGP EXT_COMMUNITIES) "accept", "discard", "rate-limit".
this three action, using same keys "extcomms"
Why selecting args?? sorry, when jgob pasing json all gobgp option, json formating is very difficult. You want to other option, you rewirte code, or make issue or pull request for me :)
- now, βversion, may not stable:sweat_smile:
Have a nice go hacking days✨😉
jgob was writed by nnao45 (WORK:Network Engineer, Twitter:@A_Resas, MAIL:[email protected]).
This software is released under the MIT License, see LICENSE.