BGP Perl module question

[jmessenger51]

Question / potential feature request:

I want to add BGP data to the sflow data to improve troubleshooting capabilities. However, when nProbe is running inside a kubernetes infrastructure, if I attempt to run the perl script from inside the container, the container is not able to attach an interface because the IP is from the CNI overlay and is dynamically allocated and is not from the baremetal / host level network. So the perl script configuration doesn't align with the configured IP address.

• The configured IP can be NATTED on firewalls or other elements to get the BGP session to establish, but becuase the container IP is dynamiclly allocated it throws errors.

The questions I have are: 1.) Are there plans to improve the usability of the bgp perl script such that it can run natively in nProbe inside a container? 2.) Should I just run the perl script outside of the container and feed the data to nProbe similar to how sflow ingresses through the K8s infrastructure to the container? Essentially bypassing the K8s complexity where the perl script is concerned.

For additional context, when I attempt to run the script from inside the nprobe containt, I'm instructing the container to:

• Install cpan so it can install the needed perl modules
• Instal Net::BGP perl module with associated dependancies
• Launch the perl script

K8s commands run at container start: sudo apt update && sudo apt --assume-yes install cpanminus sleep 10 yes | sudo perl -MCPAN -e 'install Net::BGP' /etc/ntopbgp/bgp_probe_client.pl

The last step fails and throws the error: bind() failed at /usr/local/share/perl/5.34.0/Net/BGP/Process.pm line 237. at /etc/ntopbgp/bgp_probe_client.pl line 134.

line 134 = $bgp->event_loop();

from the perl script.

[jmessenger51]

I did try to add the perl module:

use Net::Address::IP::Local;

and redefined the variable: my $local_ip = Net::Address::IP::Local->public_ipv4;

My thought was that our CNI will NAT the private K8s network to the bare metal network, and I can NAT the bare metal traffic as needed so the BGP peers think they are peering with the correct destination. That simple method didn't work sadly, I think I'll try passing the pod IP as an enviornment variable.

[jmessenger51]

Enabled the pod_ip as an enviornment variable within the helm chart:

    spec:
      containers:
        - name: nprobe
          image: docker.io/ntop/nprobe.dev:latest
          imagePullPolicy: Always
          command: [ "sh", "/etc/nprobe/startup.sh" ]
          ports:
            - name: nprobe
              containerPort: 3000
              protocol: TCP
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP

and modified the startup script:

    sudo apt update && sudo apt --assume-yes install cpanminus
    sleep 10
    yes | sudo perl -MCPAN -e 'install Net::BGP'
    sleep 5
    echo $POD_IP
    sleep 5
    /etc/ntopbgp/bgp_probe_client.pl
    sleep 5

and although the pod is seeing the IP by the enviornment variable, the perl script is still failing. I exec into the pod and:

root@nprobe-7f94d8c77d-zqd5v:/#  echo $POD_IP
172.22.1.207
root@nprobe-7f94d8c77d-zqd5v:/#
root@nprobe-7f94d8c77d-zqd5v:/# /etc/ntopbgp/bgp_probe_client.pl
bind() failed at /usr/local/share/perl/5.34.0/Net/BGP/Process.pm line 237.
 at /etc/ntopbgp/bgp_probe_client.pl line 136.
root@nprobe-7f94d8c77d-zqd5v:/#

so something is still failing even though the IP is properly passed in as the local IP.

[jmessenger51]

I used a VM to test the BGP perl script to remove the K8s and it still throws the bind() error.

Its an ubuntu VM, I install cpanminus sudo apt update && sudo apt --assume-yes install cpanminus yes | sudo perl -MCPAN -e 'install Net::BGP'

and configured the script but it fails to bind.

[jmessenger51]

I'm reviewing the BGP Perl Script vs a Python BMP script, Are there specific formats that nprobe needs in order to get AS path?

Example Python BGP Monitoring Protocol (BMP) script https://github.com/smartbgp/yabmp, thinking it would function and scale better than doing a BGP peering.