feat(router): route server management (BGP + tunnels)#139
Merged
Conversation
Extend the router subsystem with BGP and tunnel capabilities behind two new optional traits (TunnelRouter, BgpRouter) on the existing Router abstraction, implemented by a new Linux/SSH backend and Mikrotik. - Add RouterKind::LinuxSsh (ssh://user@host/iface + PEM key) with ARP via iproute2, reusing the ssh2 SshClient (linux-ssh feature) - TunnelRouter: GRE/VXLAN/WireGuard detect+manage; per-interface traffic counters (Linux ip/wg, Mikrotik REST) - BgpRouter: session detect, scoped originated-route + default-route detection, peer discovery, enable/disable toggle (BIRD birdc, Mikrotik /rest/routing/bgp/*) - Persistence: router_tunnel, router_tunnel_traffic, router_bgp_session tables + 60s background sampler (WorkJob::SampleRouterTraffic) - Admin API: list tunnels, tunnel traffic history, list BGP sessions, toggle BGP session (WorkJob::ToggleBgpSession) - Full-DFZ-table safe: no unbounded route enumeration; Mikrotik uses server-side dst-address filters; originated_routes scoped to candidates Closes #138
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #138
Extends the router subsystem with BGP and tunnel management behind two new optional capability traits (
TunnelRouter,BgpRouter) on the existingRouterabstraction, implemented by a new Linux/SSH backend and Mikrotik.What's included
RouterKind::LinuxSsh) —url = ssh://user@host[:port]/iface,token= PEM key; ARP via iproute2; reuses the existing ssh2SshClient(behind alinux-sshfeature).ip/wg) and Mikrotik (/rest/interface/*).birdc, BIRD/Pathvector) and Mikrotik (/rest/routing/bgp/*).router_tunnel,router_tunnel_traffic,router_bgp_sessiontables + a 60s background sampler (WorkJob::SampleRouterTraffic).from/to), list BGP sessions, toggle BGP session (WorkJob::ToggleBgpSession).Issue tasks
Full DFZ table safety
Routers may carry a full internet table (~1M+ routes). Handled:
GET /rest/ip/route; uses server-sidedst-addressfilters.originated_routes(candidates)is scoped to VM prefixes, never enumerates the table.show route for <addr>(LPM) +show route where source = RTS_STATIC(bounded output) — never a bareshow route.Notes / follow-ups
wg setand never returned on listing; DB storage of key material is an open question.birdc disable/enable; persisting via Pathvector YAML regeneration is a follow-up.Testing
cargo test --workspace --exclude lnvps_e2e -- --test-threads=1);cargo fmt+cargo clippyclean.Implementation tracked in
work/route-server-management.md.