ideas for additional checks
tcatm opened this issue · 4 comments
tcatm commented
- check whether icvpn IPs are within transfer net
- check whether BGP ipv4 and ipv6 "match"
- check whether community range lies outside of transfer net
booo commented
Maybe we should add a check for overlapping community ip ranges too.
jplitza commented
What are the rules for "matching" BGP IPv4 and IPv6 addresses?
I thought at least they should have the same last byte, but when I ran it this mostly was not the case:
Last bytes of BGP addresses differ between protocols:{17, 10} (augsburg)
Last bytes of BGP addresses differ between protocols:{25, 28} (bayreuth)
Last bytes of BGP addresses differ between protocols:{89, 59} (bielefeld)
Last bytes of BGP addresses differ between protocols:{96, 67} (bielefeld)
Last bytes of BGP addresses differ between protocols:{24, 218} (darmstadt)
Last bytes of BGP addresses differ between protocols:{25, 219} (darmstadt)
Last bytes of BGP addresses differ between protocols:{26, 12} (diepholz)
Last bytes of BGP addresses differ between protocols:{72, 188} (dreilaendereck)
Last bytes of BGP addresses differ between protocols:{75, 190} (dreilaendereck)
Last bytes of BGP addresses differ between protocols:{74, 186} (dreilaendereck)
Last bytes of BGP addresses differ between protocols:{2, 20} (dresden)
Last bytes of BGP addresses differ between protocols:{1, 19} (dresden)
Last bytes of BGP addresses differ between protocols:{45, 69} (ehingen)
Last bytes of BGP addresses differ between protocols:{128, 17} (flensburg)
Last bytes of BGP addresses differ between protocols:{16, 129} (flensburg)
Last bytes of BGP addresses differ between protocols:{33, 21} (freiburg)
Last bytes of BGP addresses differ between protocols:{65, 1} (goettingen)
Last bytes of BGP addresses differ between protocols:{57, 87} (kbu)
Last bytes of BGP addresses differ between protocols:{48, 30} (ljubljana)
Last bytes of BGP addresses differ between protocols:{35, 23} (ljubljana)
Last bytes of BGP addresses differ between protocols:{120, 32} (monitoringmoehne)
Last bytes of BGP addresses differ between protocols:{43, 67} (muenster)
Last bytes of BGP addresses differ between protocols:{66, 142} (rhein-neckar)
Last bytes of BGP addresses differ between protocols:{9, 79} (ruhrgebiet)
Last bytes of BGP addresses differ between protocols:{85, 55} (vfnnrw)
Last bytes of BGP addresses differ between protocols:{73, 113} (wuppertal)
jplitza commented
I implemented the check nonetheless (with the padding with zeroes to 16 bits in IPv6, or more precisely: the last half of the host part of the address has to match, i.e. 16 bits in IPv6 and 8 bits in IPv4).
I will do some refactoring (and already have done some) in order to introduce warnings and thus make the existing problems ignorable.
Until more ideas for checks pop up, I'll close this issue.