-
Notifications
You must be signed in to change notification settings - Fork 11
Open
Description
The message "Expected route object in RIPE matches BGP origin, but non-matching objects exist in other IRRs" is not included in the "Explanation of different messages" table.
There seem to be a few others missing, they all come from:
irrexplorer/irrexplorer/api/report.py
Lines 8 to 62 in aeb6f6b
| def enrich_prefix_summaries_with_report(prefix_summaries: List[PrefixSummary]): | |
| """ | |
| Given a list of PrefixSummary objects, enriches them with reporting info. | |
| This fills the messages attribute by calling the info/warning/danger methods. | |
| To help, PrefixSummary has quite a few properties for simpler access to data, | |
| which are extensively used. | |
| """ | |
| for s in prefix_summaries: | |
| # Detect superfluous route objects | |
| if not s.bgp_origins and s.irr_origins: | |
| s.info("Route objects exist, but prefix not seen in DFZ") | |
| if not s.bgp_origins and s.rpki_origins and s.rpki_origins != {0}: | |
| s.info("RPKI ROA exists, but prefix not seen in DFZ") | |
| # Detect route objects in unexpected IRR | |
| if s.irr_expected_rir and s.irr_routes and not s.irr_routes_expected_rir: | |
| s.warning( | |
| f"Expected route object in {s.irr_expected_rir}, but only found in other IRRs" | |
| ) | |
| # Check route objects against origins | |
| if s.bgp_origins - s.irr_origins: | |
| if s.bgp_origins.intersection(s.irr_origins): | |
| s.danger("No route objects for some DFZ origins") | |
| else: | |
| s.danger("No route objects match DFZ origin") | |
| elif s.irr_routes_expected_rir and s.bgp_origins - s.irr_origins_expected_rir: | |
| s.danger( | |
| f"Expected route object in {s.irr_expected_rir}, but BGP origin does not " | |
| f"match. Objects from other IRRs do match BGP origin" | |
| ) | |
| elif s.irr_origins_not_expected_rir and s.bgp_origins - s.irr_origins_not_expected_rir: | |
| s.warning( | |
| f"Expected route object in {s.irr_expected_rir} matches BGP origin, " | |
| f"but non-matching objects exist in other IRRs" | |
| ) | |
| elif len(s.irr_origins) > 1 and len(s.bgp_origins) == 1: | |
| s.warning("Multiple route objects exist with different origins, but DFZ only has one") | |
| # Detect RPKI situation | |
| if s.rpki_origins and s.bgp_origins - s.rpki_origins: | |
| s.danger("RPKI origin does not match BGP origin") | |
| if any([r.rpki_status == RPKIStatus.invalid for r in s.irr_routes_all]): | |
| s.danger("RPKI-invalid route objects found") | |
| elif s.irr_routes and all( | |
| [r.rpki_status == RPKIStatus.not_found for r in s.irr_routes_all] | |
| ): | |
| s.info("No (covering) RPKI ROA found for route objects") | |
| for name, special_use_prefix in SPECIAL_USE_SPACE: | |
| if s.prefix.overlaps(special_use_prefix): | |
| s.danger(f"Overlaps with {name} special use prefix {special_use_prefix}") | |
| s.finalise_status() |
Spotted by @baknu
Metadata
Metadata
Assignees
Labels
No labels