search

inex / IXP-Manager

Full stack web application powering peering at over 200 Internet Exchange Points (IXPs) globally.
https://www.ixpmanager.org/
GNU General Public License v2.0
375 stars 160 forks source link

[NF] Allow to exclude interface lists by ASNs inside IX-F feed #896

Closed bluecmd closed 3 months ago

bluecmd commented 4 months ago

[NF] This allows to remove which specific PoPs a given member ASN is connected on.

Longer description

We have a need to mask where some peers are physically connected, which specifically for us means to remove the switch_id from the IX-F feed. However, removing just the switch_id results in a validation error on IXPDB's validator - thus we suggest omitting the whole if_list structure for a matching member.

In addition to the above, I have:

Example IX-F resource

{
  "asnum": 213113,
  "member_since": "2021-07-15T00:00:00Z",
  "url": "https://kamel.network",
  "name": "Kamel Networks",
  "peering_policy": "open",
  "member_type": "peering",
  "connection_list": [
    {
      "ixp_id": 1,
      "state": "active",
      "vlan_list": [
        {
          "vlan_id": 1,
          "ipv4": {
            "address": "185.1.215.11",
            "as_macro": "AS-KAMEL",
            "routeserver": true,
            "mac_addresses": [
              "00:1c:73:2c:6e:ca"
            ],
            "max_prefix": 12
          },
          "ipv6": {
            "address": "2001:7f8:117::21:3113:1",
            "as_macro": "AS-KAMEL",
            "routeserver": true,
            "mac_addresses": [
              "00:1c:73:2c:6e:ca"
            ],
            "max_prefix": 12
          }
        }
      ]
    }
  ]
}

Example configuration

IXP_API_JSONEXPORTSCHEMA_EXCLUDE_ASNUM_IF="213113|1234"
barryo commented 4 months ago

Thanks @bluecmd for the PR. I'm getting more and more concerned that we're adding far too many knobs to this piece of code such that it's going to get unmaintainable. This particular use case seems firmly in the corner case bracket?

It might be best to just add an access key and then use a simple PHP script as the public end point? E.g.:

$asns_to_hide_location_of = [ 1, 2, 3, ... ];
$j = json_decode(
  file_get_contents("https://ixpmanager.example.com/api/v4/member-export/ixf?access_key=super-secret-access-key")
);
foreach ($j->member_list as $id => $record) {
  if ( in_array( $record->asnum, $asns_to_hide_location_of ) {
    foreach ($j->member_list[$id]->connection_list as $cid => $crecord) {
      $j->member_list[$id]->connection_list[$cid]->if_list = [];
    }
  }
}
echo json_encode($j);
bluecmd commented 4 months ago

Thanks for the feedback.

Sure - we can do that for our use case if you feel there is no need to add this upstream.