Independent Submission M. Stubbig Request for Comments: 8522 Independent Category: Informational February 2019 ISSN: 2070-1721
Looking Glass Command Set
Abstract
This document introduces a command set standard to the web-based "Network Looking Glass" software. Its purpose is to provide application programmers uniform access to the Looking Glass service and to analyze a standardized response.
The interface is supposed to provide the same level of information as web-based interfaces, but in a computer-readable format.
Status of This Memo
This document is not an Internet Standards Track specification; it is published for informational purposes.
This is a contribution to the RFC Series, independently of any other RFC stream. The RFC Editor has chosen to publish this document at its discretion and makes no statement about its value for implementation or deployment. Documents approved for publication by the RFC Editor are not candidates for any level of Internet Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any errata, and how to provide feedback on it may be obtained at https://www.rfc-editor.org/info/rfc8522.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.
Many Internet service providers (ISPs) and Internet exchange points (IXPs) offer a complimentary web-based service to their customers and the general public that gives insights to the backbone routing table, BGP neighbor information, or offered routes. This service is known as a "Network Looking Glass". Because they utilize a web-based interface, it is hard to automate access to the services and make that automation transferable between different service implementations.
This document describes a common command set to provide application programmers uniform access to Looking Glass services.
The commands are intended to provide the same level of information as available via web-based interfaces, but to do so in a computer- readable format. The intention is that multiple implementers of Looking Glass services can provide access through these commands so that an application can make use of the different implementations.
Stubbig Informational [Page 2]
RFC 8522 Looking Glass Command Set February 2019
The command set is split into the following categories: mandatory to support, optional, and additional. The commands are extensible for new features and for value-add by implementations.
The Looking Glass command set is described as a language-independent concept. Consequently, any programming language that satisfies the commands listed in the following sections is acceptable.
This work is not the output of the IETF and is presented in the hope that Looking Glass implementers will offer a common programmable interface.
The requirement of a uniform access to a Looking Glass service becomes important when multiple Looking Glasses are part of a monitoring system. Implementing a web client and HTTP parser for every kind of web-based Looking Glass is a time-consuming workaround. However, the Looking Glass command set is a much more viable, compatible, and scalable solution.
All URLs in this documentation use the reserved sample domain of "example.net" as defined in Section 6.5 of [RFC6761].
The URLs further use the fixed [RFC5785] prefix of ".well-known/ looking-glass" to prevent a collision in the domain's namespace.
IPv4 addresses use the documentation block of 192.0.2.0/24 [RFC5737] and IPv6 addresses reside in the reserved prefix of 2001:DB8::/32 [RFC3849]. BGP Autonomous System (AS) numbers are chosen from the private AS range defined in [RFC6996].
The examples skip some required parameters for reasons of simplicity.
A client issues a query using the HTTP GET method to request specific resources from the server. The resource is a URI and can be informational or a command execution. The client must present all necessary parameters for the server to execute the command on the selected router. Every call is stateless and independent of the previous one.
The path component of the resource URI must use the prefix of ".well- known/looking-glass" (see Section 5.1) to stay namespace neutral.
The "call" is a request from the client that specifies a predefined operation ("function") that the server will execute on a selected router. The "command" is a task executed on the router and initiated by the server on behalf of the client. The type and scope of all commands are defined and limited by the server. The client must not be able to execute random commands on the targeting router. There must not be any direct communication between the client and the router.
After the execution of the command on the selected router has finished, the server replies to the client if the operation has either succeeded, failed, or timed out. The response is sent to the client in JSON format. The communication protocol used between the server and router is not specified by this document; any method (e.g., Telnet, SSH, NETCONF, serial console) is acceptable.
All parameters and their values are case insensitive.
Method parameters are mandatory components of the URI and are placed in the "path" section in terms of [RFC7320]. Basically, the method parameters specify the call and determine which command the client wants to be executed on the selected router.
Query parameters are optional components of the URI and are placed in the "query" section in terms of [RFC7320]. Generally, the query parameters are additional instructions for the requested command.
protocol Restrict the command and method parameters to use the specified protocol and version. Protocol is selected as "Address Family Identifier" [IANA-AFN] [RFC4760] and optionally as "Subsequent Address Family Identifier" [IANA-SAFI] separated by a comma. Default value is 1,1 (IP version 4, unicast). JSON datatype is String. Examples:
* protocol=2,1 (IP version 6, unicast)
* protocol=26 (MPLS, no SAFI used)
router Run the command on the router identified by its name. This is not necessarily the router's hostname as long as the Looking Glass software recognizes it. Default value is the first router in the list of available routers. JSON datatype is String. Example: router=rbgn06.example.net
routerindex Run the command on this router identified by its position in the list of available routers. Default value is "0". JSON datatype is Number. Example: routerindex=8
random Append a random string to prevent the client (or an intermediate proxy) from caching the response. The server must ignore its value. No default value. JSON datatype is String. Example: random=517A93B50
Stubbig Informational [Page 5]
RFC 8522 Looking Glass Command Set February 2019
vrf Run the command from the selected routing table. This parameter is valid only on routers that support "Virtual Routing and Forwarding" (VRF). No default value. JSON datatype is String. Example: vrf=mgmt
runtime Stop executing the command after the runtime limit (in seconds) is exceeded. A value of 0 disables the limit. Default value is "30". JSON datatype is Number. Example: runtime=60
format Request the server to provide the output (if any) in the selected format. Specify multiple formats separated by a comma in descending order of preference. See Section 3.3.2 for more details. Default value is "text/plain" (raw/unformatted output). JSON datatype is String. Example: format=application/yang,text/plain
The HTTP response header contains an appropriate HTTP status code as defined in [RFC7231] with the Content-Type set to "application/json".
The HTTP body contains details and error descriptions. The response text must comply with the JSON syntax specification JSend, which is briefly explained in Appendix A. Consequently, every response must contain a "status" field of either "success", "fail", or "error" as explained in the following sections.
A successful response must set the "status" field to "success". It must also contain a "data" object including the following information:
performed_at Combined date and time in UTC ISO 8601 [iso8601] indicating when the operation finished. This information must be present.
runtime Amount of seconds (wallclock) used to run the command. This information must be present.
Stubbig Informational [Page 6]
RFC 8522 Looking Glass Command Set February 2019
router Name of the router that executed the command. This information may be present.
output Output of the command in a format that was requested by the client; it otherwise defaults to raw output as it appeared on the router's command-line interface (CLI). It might even be blank if the command did not produce any output. This information should be present.
format Selected output format by the server. The client might request multiple formats so that the "Looking Glass" server has to choose the best option and tell the client which format was selected. This information should be present (defaults to "text/plain" if missing).
Adding more information to the response is permitted and must be placed inside the "data" object.
The HTTP status code should be 200.
Example:
HTTP/1.1 200 OK Content-Type: application/json { "status" : "success", "data" : { "router" : "route-server.lookingglass.example.net" "performed_at" : "2014-10-15T17:15:34Z", "runtime" : 2.63, "output" : [ "full raw output from the observing router..." ], "format" : "text/plain" } }
A status of "fail" indicates that the selected command was executed on the router but failed to succeed. The response message must set the "status" field to "fail" and must contain the "data" object with command-specific content listed in Section 2.3.1.
The status "error" represents either that the command timed out or that an error occurred in processing the request. The response message must set the "status" field to "error" and must contain the "message" key, which keeps a meaningful message, explaining what went wrong.
The response may contain the "data" key with required values listed in Section 2.3.1. It may also include a "code" field that carries a numeric code corresponding to the error.
The HTTP status code should be 400 in case of a client-side error, 500 in case of a server-side error, or 502 for errors occurring on the target router. Code 504 should be used when a command timed out.
Example:
HTTP/1.1 400 Bad Request { "status" : "error", "message" : "Unrecognized host or address." }
The Looking Glass command set provides functions that are either mandatory to support or optional to implement. The same principle applies to the web-based Looking Glass.
It is not possible for any function to modify the server's state. Therefore, all HTTP methods are GET operations.
Variables are templated and expanded in accordance with [RFC6570].
Display a matching record from the BGP routing table. This should include networks, next hop, and may include metric, local preference, path list, weight, etc.
Implementation of the "show bgp" command is optional.
Print a summary of BGP neighbor status. This may include the neighbor BGP ID, autonomous system number, duration of peering, number of received prefixes, etc.
Implementation of the "show bgp summary" command is optional.
Provide detailed information on BGP neighbor connections. Available details may include neighbor BGP ID, advertised networks, learned networks, autonomous system number, capabilities, protocol, statistics, etc.
Implementation of the "show bgp neighbors" command is optional.
Provides a full list of routers that are available for command execution. This list includes the router ID and its name. It is equivalent to the common "router" HTML drop-down form element and contains the same information.
Lists additional information about the selected router specified by its router index. The response must contain the router's hostname and router index. The response may contain more details like output format, country code, city, administrative contact, vendor, and model.
Available output formats are specified by Internet media type as of [RFC6838] and listed in [IANA-MT]. If the routers support multiple formats, they are separated by a comma.
The router might provide output formats that are not yet registered or listed in [IANA-MT]. For example, output in NETCONF format could use "text/x.netconf". [RFC6838] provides a tree for unregistered subtypes.
A missing output format defaults to "text/plain", which is a copy of the raw command-line output.
Provides a full list of commands that are available for execution. The list includes mandatory to support, optional, and additional (Section 3.4) commands. It is equivalent to the "command" HTML drop- down or radio-button form element and contains the same information.
Stubbig Informational [Page 15]
RFC 8522 Looking Glass Command Set February 2019
The list is formatted as a "commands" array containing one object per command. This object contains informative strings about the current command: href, arguments, description, and command.
The network traffic sent by a "Looking Glass" is not appropriate when measuring Service Level Agreements or validating Quality of Service settings.
Stubbig Informational [Page 16]
RFC 8522 Looking Glass Command Set February 2019
If a monitoring system uses the Looking Glass command set for reachability checks, it should not rely on the HTTP status codes but on the "status" message field inside the HTTP body.
The main goal of the Looking Glass command set is the automated usage of the Looking Glass service. This allows the scripting of API calls, which could be used as a Distributed Denial of Service (DDoS) attack. It is recommended that implementers of the Looking Glass API take steps to mitigate the above described abuse. The strategy can include blocking or rate-limiting by client IP address or target IP network.
Authentication is not a requirement because the current Looking Glass web services are usable without authentication. Requests to the proposed API service may be authenticated by any method. The decision is up to the implementer's security requirements.
Some of the described commands provide a detailed insight into the provider's network. It is therefore up to the implementer's security policy to dismiss commands that are marked as "optional" or to restrict commands that are marked as "mandatory".
[iso8601] International Organization for Standardization, "Data elements and interchange formats - Information interchange - Representation of dates and times", December 2004.
JSend is a specification that lays down some rules for how JSON responses from web servers should be formatted. JSend focuses on application-level (as opposed to protocol- or transport-level) messaging which makes it ideal for use in REST-style applications and APIs.
A basic JSend-compliant response must contain a "status" key and should contain "data", "message", and "code" keys dependent on the status value. The following table lists the required and optional keys.
+---------+-----------------+---------------+ | Type | Required keys | Optional keys | +---------+-----------------+---------------+ | success | status, data | | | fail | status, data | | | error | status, message | code, data | +---------+-----------------+---------------+