Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BGP Perl module question #622

Open
jmessenger51 opened this issue Jul 26, 2024 · 5 comments
Open

BGP Perl module question #622

jmessenger51 opened this issue Jul 26, 2024 · 5 comments

Comments

@jmessenger51
Copy link

Question / potential feature request:

I want to add BGP data to the sflow data to improve troubleshooting capabilities. However, when nProbe is running inside a kubernetes infrastructure, if I attempt to run the perl script from inside the container, the container is not able to attach an interface because the IP is from the CNI overlay and is dynamically allocated and is not from the baremetal / host level network. So the perl script configuration doesn't align with the configured IP address.

  • The configured IP can be NATTED on firewalls or other elements to get the BGP session to establish, but becuase the container IP is dynamiclly allocated it throws errors.

The questions I have are:
1.) Are there plans to improve the usability of the bgp perl script such that it can run natively in nProbe inside a container?
2.) Should I just run the perl script outside of the container and feed the data to nProbe similar to how sflow ingresses through the K8s infrastructure to the container? Essentially bypassing the K8s complexity where the perl script is concerned.

For additional context, when I attempt to run the script from inside the nprobe containt, I'm instructing the container to:

  • Install cpan so it can install the needed perl modules
  • Instal Net::BGP perl module with associated dependancies
  • Launch the perl script

K8s commands run at container start:
sudo apt update && sudo apt --assume-yes install cpanminus sleep 10 yes | sudo perl -MCPAN -e 'install Net::BGP' /etc/ntopbgp/bgp_probe_client.pl

The last step fails and throws the error:
bind() failed at /usr/local/share/perl/5.34.0/Net/BGP/Process.pm line 237.
at /etc/ntopbgp/bgp_probe_client.pl line 134.

line 134 = $bgp->event_loop();

from the perl script.
@jmessenger51 jmessenger51 changed the title https://www.ntop.org/guides/nprobe/plugins/bgp.html BGP Perl module question Jul 26, 2024
@jmessenger51
Copy link
Author

I did try to add the perl module:

use Net::Address::IP::Local;

and redefined the variable:
my $local_ip = Net::Address::IP::Local->public_ipv4;

My thought was that our CNI will NAT the private K8s network to the bare metal network, and I can NAT the bare metal traffic as needed so the BGP peers think they are peering with the correct destination. That simple method didn't work sadly, I think I'll try passing the pod IP as an enviornment variable.

@jmessenger51
Copy link
Author

Enabled the pod_ip as an enviornment variable within the helm chart:

    spec:
      containers:
        - name: nprobe
          image: docker.io/ntop/nprobe.dev:latest
          imagePullPolicy: Always
          command: [ "sh", "/etc/nprobe/startup.sh" ]
          ports:
            - name: nprobe
              containerPort: 3000
              protocol: TCP
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP

and modified the startup script:

    sudo apt update && sudo apt --assume-yes install cpanminus
    sleep 10
    yes | sudo perl -MCPAN -e 'install Net::BGP'
    sleep 5
    echo $POD_IP
    sleep 5
    /etc/ntopbgp/bgp_probe_client.pl
    sleep 5

and although the pod is seeing the IP by the enviornment variable, the perl script is still failing.
I exec into the pod and:

root@nprobe-7f94d8c77d-zqd5v:/#  echo $POD_IP
172.22.1.207
root@nprobe-7f94d8c77d-zqd5v:/#
root@nprobe-7f94d8c77d-zqd5v:/# /etc/ntopbgp/bgp_probe_client.pl
bind() failed at /usr/local/share/perl/5.34.0/Net/BGP/Process.pm line 237.
 at /etc/ntopbgp/bgp_probe_client.pl line 136.
root@nprobe-7f94d8c77d-zqd5v:/#

so something is still failing even though the IP is properly passed in as the local IP.

@jmessenger51
Copy link
Author

I used a VM to test the BGP perl script to remove the K8s and it still throws the bind() error.

Its an ubuntu VM, I install cpanminus
sudo apt update && sudo apt --assume-yes install cpanminus
yes | sudo perl -MCPAN -e 'install Net::BGP'

and configured the script but it fails to bind.

@jmessenger51
Copy link
Author

I'm reviewing the BGP Perl Script vs a Python BMP script, Are there specific formats that nprobe needs in order to get AS path?

Example Python BGP Monitoring Protocol (BMP) script https://github.com/smartbgp/yabmp, thinking it would function and scale better than doing a BGP peering.

@lucaderi
Copy link
Member

The format nprobe expects is very simple and there is nothing special to know. I will loo at the Python tool you have listed above

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lucaderi @jmessenger51