mirror of
https://github.com/netbox-community/netbox.git
synced 2026-01-11 21:10:29 +01:00
Change BGP_ASN_MIN value from 1 to 0 (to allow for modeling of RPKI ROAs using the "0"-ASN while using a foreign-key relationship between ROAs and the IPAM ASN table) #10432
Closed
opened 2025-12-29 21:31:23 +01:00 by adam
·
11 comments
No Branch/Tag Specified
main
update-changelog-comments-docs
feature-removal-issue-type
20911-dropdown
20239-plugin-menu-classes-mutable-state
21097-graphql-id-lookups
feature
fix_module_substitution
20923-dcim-templates
20044-elevation-stuck-lightmode
feature-ip-prefix-link
v4.5-beta1-release
20068-import-moduletype-attrs
20766-fix-german-translation-code-literals
20378-del-script
7604-filter-modifiers-v3
circuit-swap
12318-case-insensitive-uniqueness
20637-improve-device-q-filter
20660-script-load
19724-graphql
20614-update-ruff
14884-script
02496-max-page
19720-macaddress-interface-generic-relation
19408-circuit-terminations-export-templates
20203-openapi-check
fix-19669-api-image-download
7604-filter-modifiers
19275-fixes-interface-bulk-edit
fix-17794-get_field_value_return_list
11507-show-aggregate-and-rir-on-api
9583-add_column_specific_search_field_to_tables
v4.5.0
v4.4.10
v4.4.9
v4.5.0-beta1
v4.4.8
v4.4.7
v4.4.6
v4.4.5
v4.4.4
v4.4.3
v4.4.2
v4.4.1
v4.4.0
v4.3.7
v4.4.0-beta1
v4.3.6
v4.3.5
v4.3.4
v4.3.3
v4.3.2
v4.3.1
v4.3.0
v4.2.9
v4.3.0-beta2
v4.2.8
v4.3.0-beta1
v4.2.7
v4.2.6
v4.2.5
v4.2.4
v4.2.3
v4.2.2
v4.2.1
v4.2.0
v4.1.11
v4.1.10
v4.1.9
v4.1.8
v4.2-beta1
v4.1.7
v4.1.6
v4.1.5
v4.1.4
v4.1.3
v4.1.2
v4.1.1
v4.1.0
v4.0.11
v4.0.10
v4.0.9
v4.1-beta1
v4.0.8
v4.0.7
v4.0.6
v4.0.5
v4.0.3
v4.0.2
v4.0.1
v4.0.0
v3.7.8
v3.7.7
v4.0-beta2
v3.7.6
v3.7.5
v4.0-beta1
v3.7.4
v3.7.3
v3.7.2
v3.7.1
v3.7.0
v3.6.9
v3.6.8
v3.6.7
v3.7-beta1
v3.6.6
v3.6.5
v3.6.4
v3.6.3
v3.6.2
v3.6.1
v3.6.0
v3.5.9
v3.6-beta2
v3.5.8
v3.6-beta1
v3.5.7
v3.5.6
v3.5.5
v3.5.4
v3.5.3
v3.5.2
v3.5.1
v3.5.0
v3.4.10
v3.4.9
v3.5-beta2
v3.4.8
v3.5-beta1
v3.4.7
v3.4.6
v3.4.5
v3.4.4
v3.4.3
v3.4.2
v3.4.1
v3.4.0
v3.3.10
v3.3.9
v3.4-beta1
v3.3.8
v3.3.7
v3.3.6
v3.3.5
v3.3.4
v3.3.3
v3.3.2
v3.3.1
v3.3.0
v3.2.9
v3.2.8
v3.3-beta2
v3.2.7
v3.3-beta1
v3.2.6
v3.2.5
v3.2.4
v3.2.3
v3.2.2
v3.2.1
v3.2.0
v3.1.11
v3.1.10
v3.2-beta2
v3.1.9
v3.2-beta1
v3.1.8
v3.1.7
v3.1.6
v3.1.5
v3.1.4
v3.1.3
v3.1.2
v3.1.1
v3.1.0
v3.0.12
v3.0.11
v3.0.10
v3.1-beta1
v3.0.9
v3.0.8
v3.0.7
v3.0.6
v3.0.5
v3.0.4
v3.0.3
v3.0.2
v3.0.1
v3.0.0
v2.11.12
v3.0-beta2
v2.11.11
v2.11.10
v3.0-beta1
v2.11.9
v2.11.8
v2.11.7
v2.11.6
v2.11.5
v2.11.4
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.10
v2.10.9
v2.11-beta1
v2.10.8
v2.10.7
v2.10.6
v2.10.5
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.11
v2.10-beta2
v2.9.10
v2.10-beta1
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.9-beta2
v2.8.9
v2.9-beta1
v2.8.8
v2.8.7
v2.8.6
v2.8.5
v2.8.4
v2.8.3
v2.8.2
v2.8.1
v2.8.0
v2.7.12
v2.7.11
v2.7.10
v2.7.9
v2.7.8
v2.7.7
v2.7.6
v2.7.5
v2.7.4
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.12
v2.6.11
v2.6.10
v2.6.9
v2.7-beta1
Solcon-2020-01-06
v2.6.8
v2.6.7
v2.6.6
v2.6.5
v2.6.4
v2.6.3
v2.6.2
v2.6.1
v2.6.0
v2.5.13
v2.5.12
v2.6-beta1
v2.5.11
v2.5.10
v2.5.9
v2.5.8
v2.5.7
v2.5.6
v2.5.5
v2.5.4
v2.5.3
v2.5.2
v2.5.1
v2.5.0
v2.4.9
v2.5-beta2
v2.4.8
v2.5-beta1
v2.4.7
v2.4.6
v2.4.5
v2.4.4
v2.4.3
v2.4.2
v2.4.1
v2.4.0
v2.3.7
v2.4-beta1
v2.3.6
v2.3.5
v2.3.4
v2.3.3
v2.3.2
v2.3.1
v2.3.0
v2.2.10
v2.3-beta2
v2.2.9
v2.3-beta1
v2.2.8
v2.2.7
v2.2.6
v2.2.5
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.6
v2.2-beta2
v2.1.5
v2.2-beta1
v2.1.4
v2.1.3
v2.1.2
v2.1.1
v2.1.0
v2.0.10
v2.1-beta1
v2.0.9
v2.0.8
v2.0.7
v2.0.6
v2.0.5
v2.0.4
v2.0.3
v2.0.2
v2.0.1
v2.0.0
v2.0-beta3
v1.9.6
v1.9.5
v2.0-beta2
v1.9.4-r1
v1.9.3
v2.0-beta1
v1.9.2
v1.9.1
v1.9.0-r1
v1.8.4
v1.8.3
v1.8.2
v1.8.1
v1.8.0
v1.7.3
v1.7.2-r1
v1.7.1
v1.7.0
v1.6.3
v1.6.2-r1
v1.6.1-r1
1.6.1
v1.6.0
v1.5.2
v1.5.1
v1.5.0
v1.4.2
v1.4.1
v1.4.0
v1.3.2
v1.3.1
v1.3.0
v1.2.2
v1.2.1
v1.2.0
v1.1.0
v1.0.7-r1
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3-r1
v1.0.3
1.0.0
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
Mirrored from GitHub Pull Request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: starred/netbox#10432
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @menckend on GitHub (Nov 4, 2024).
NetBox version
v4.1.6
Feature type
Change to existing functionality
Triage priority
I volunteer to perform this work (if approved)
Proposed functionality
I'd like to have the BGP_ASN_MIN value in https://github.com/netbox-community/netbox/blob/develop/netbox/ipam/fields.py changed from "1" to "0".
Use case
"0" is defined as a "reserved" value, and should never be included in any BGP updates, but ASNs are used in RPKI ROAs as well, where the reserved value of "0" for an AS number is used to signify that no ASN is authorized to originate a given prefix. I'd like to see this value changed from 1 to 0, so that we can accurately model the semantics of RPKI ROAs for both ROAs referring to registered ASNSs as well as those referring to the reserved/"0" ASN. (Using a foreign-key relationship between the ASN and the RIR that has allocated it to a specific organization.)
Directly applicable to the netbox_rpki plugin I'm writing.
Database changes
I don't believe that this change has any impacts beyond changing the variable BGP_ASN_MIN from 1 to 0.
External dependencies
None.
@bctiemann commented on GitHub (Nov 7, 2024):
Sounds good to me, sounds localized and low-impact.
@menckend commented on GitHub (Nov 7, 2024):
New here / learning the norms. I submitted a pull request implementing this change and referencing this issue. Apologies if that was premature.
@jeremystretch commented on GitHub (Nov 8, 2024):
This doesn't make sense to me. What would be the purpose of created an ASN object in NetBox with an expressly disallowed value? Why would the ROA object not use a null value for the ASN in this scenario? This seems like an unsupportable change.
@menckend commented on GitHub (Nov 8, 2024):
The purpose would be to accurately model ROA objects in a plugin (hopefully/eventually as part of the core data model.) There is a real-world foreign-key relationship between ROAs and ASNs. The BGP ASN value of "0" is not expresssly disallowed. It is explicitly "invalid" within the context of a BGP update. (It's formal status is "reserved".) It is also explicitly valid_ within the context of an RPKI ROA. RFC7607 addresses this directly.
I (obviously) didn't write the original RPKI RFCs, but I'm assuming that the motivation in using the reserved "0" value rather than a null value was good old fashioned design-discipline. I.E., it's standard practice to use the null value as an option of last resort to signify something. There are a lot of actual values that we can assign for a lot of different cases, but there's only one null value, and we're choosing on behalf of all posterity when we decide to use it for some specific design/use case.
Even assuming that BGP updates were the only context in which BGP ASNs were utilized, I think there's still precedent for allowing the 0 value. I think it's directly analogous to the way netbox handles IP addressing. The IPv4 address-space itself is defined as a 32-bit address space, and Netbox allows us define "prefixes" across all of it (even netblocks that we're not "allowed" to actually use.) I don't think that we should need to resort to that reasoning though, since ASN 0 is a valid value for RFC-defined use-cases.
@jeremystretch commented on GitHub (Nov 14, 2024):
Again, outside the specific use case you cite, the use of zero as an AS identifier is not valid. Thus, NetBox should not blindly permit the creation of ASN 0. (This would be considered a bug.)
@menckend commented on GitHub (Nov 14, 2024):
Thank you for continuing to discuss this.
I can't follow the your reasoning that creating an ASN object with a value of "0" would be a bug, but I think that's probably because I'm misunderstanding what the ASN model/table is intended to actually represent.
I've been conceptualizing it as representing the ASN address-space itself (directly analogous to the IPv4 and IPv6 address-spaces) under IANA's purview and defined by IETF RFCs. In that framework, I don't think that there's anything invalid about an ASN object with a value of "0" (or 65535, or 64496-64511, or any other "reserved" values.) This conception of the ASN model/table/object leaves room for all potential use-cases that utilize this address-space. It lets Netbox model "a thing" that very-much exists in the real-world (the address-space itself is strictly defined and managed by IETF and IANA.)
I think that you're conceptualizing the ASN model/table/objects as representing "an attribute in BGPP updates", and as such, it would be wrong to allow the creation of an ASN object with a value of "0" (because "0" should never be present in the the AS-path attribute of a BGP update?)
I don't think that concern should carry much weight though, since there's nothing more valid about the BGP AS-path attribute use-case than there is about the RPKI ROA originating-AS use-case. Equally important, the Netbox data-model doesn't currently go that deep anyway.
The netbox_bgp plugin does go that deep, introducing the "BGP session" construct which has a foreign-key relationship to the ASN model, but I suggest that it would be "better" data-modeling to _implement the "don't allow an ASN of 0" logic in the remoteAS and localAS fields of the netbox_bgp plugin's BGP Session model/table than to do so in the ASN model/table itself. I'd be happy to submit a pull request to do exactly that in the netbox_bgp plugin if that might allay your concerns?
To go back to the IPv4 address-space analogy though, Netbox has an IPv4 "Prefix" model/table/object, and it allows the creation of objects across the entire address space, without any carveouts for IP addresses/prefixes that are invalid in particular use-cases. Rather than perceiving that as a bug for any specific use-case, I see that as a boon for our ability to model a rich array of use-cases utilizing IP addresses. (E.G., nobody should ever be accepting routes for 127.0.0.0/8, but we can certainly want to refer to it in an ip prefix that gets applied in multiple contexts.)
Anyway, please let me know if you think applying the "no ASN 0" logic in the bgp plugin's bgp_session model would sway your opinion? (Assuming that the rest of my bloviating above didn't do the trick already :) )
@menckend commented on GitHub (Nov 15, 2024):
Purely FWIW, I have written an RPKI plugin that implements the logic I'm discussing. (Don't want you thinking that I'm splitting hairs over a pure hypothetical.)
@menckend commented on GitHub (Nov 26, 2024):
Is this still under consideration/review, or is the last response from @jeremystretch the end of the road on this?
@menckend commented on GitHub (Dec 12, 2024):
@bctiemann / @jeremystretch: Please advise as to status?
@jeremystretch commented on GitHub (Dec 12, 2024):
I'm sorry but you've not provided sufficient justification for the change in my view, and nor has anyone else represented support for the proposed change. We're going to pass. However, as NetBox is open source, you remain free to make any desired changes in your own fork.
@menckend commented on GitHub (Dec 12, 2024):
@jeremystretch: That is disappointing, but understood. Thanks for hearing me out.