.png)
4 months ago
7
Holo v0.8 is out, the MIT-licensed open-source routing protocol suite written in Rust. In this post, we’ll highlight some of the most notable changes in this release, going beyond the terse lines of the release notes.
While routing is often seen as a “solved” problem, the reality tells a different story. New applications, technologies, and operational requirements continue to push networks in new directions. As a result, routing protocols like IS-IS are continuously evolving. The IS-IS protocol deployed today is quite different from the one used twenty years ago and will likely look even more different twenty years from now.
With this in mind, the Holo codebase was designed to be modular and easy to extend, allowing us to add new protocol features without sacrificing reliability or maintainability. In this release, we’ve extended our IS-IS implementation with a set of widely deployed and essential features for modern networks. Here’s a brief overview:
- SR-MPLS: Segment Routing simplifies the MPLS control plane by eliminating the need for the LDP protocol. It also serves as a foundation for other important features, such as SR-based traffic engineering and TI-LFA.
- Multi Topology: Enables IPv4 and IPv6 to operate over separate logical topologies, offering more flexibility and control in dual-stack environments.
- BFD Integration: Enables sub-50ms detection of link failures, leading to faster routing convergence.
- Route Summarization: Helps reduce the size of the link-state database in large networks and limits the propagation of routing instability between domains.
In the early days of Holo, there was a runtime dependency on the zebra daemon from the FRRouting project. The protocol crates connected to zebra to retrieve system information, such as interfaces and addresses, and to install routes into the kernel. That dependency was later removed, with the same functionality reimplemented in the holo-routing and holo-interface crates. This change was necessary to make Holo fully self-contained and independent.
To manage networking information at the kernel level, Holo uses the Netlink protocol, with the help of the excellent rtnetlink crate from the Rust ecosystem. This crate offers a high-level, easy-to-use interface that abstracts away much of Netlink’s complexity. One issue, however, was that Holo’s advanced networking needs included features that the rtnetlink crate didn’t yet support. Specifically, there was no support for ECMP, MPLS, or unnumbered interfaces. This meant, for example, that while it was possible to deploy LDP or Segment Routing and learn labels for the entire network, those labels could not be installed in the kernel. This significantly limited Holo’s applicability in environments that required these features.
With the release of rtnetlink v0.17, these features are now supported, and Holo was promptly updated to take advantage of them. Now, there is no longer a mismatch between what Holo supports in the control plane and what can be used in the forwarding plane.
Note: As of now, only OSPFv2 and IS-IS support unnumbered interfaces, with BGP support planned for the next release.
A major improvement in user experience in this release is the introduction of trace-options for fine-grained control over logging messages. Previously, it was only possible to filter log messages by severity level, such as logging only warnings and errors. In some cases, it’s desirable to see debug messages, especially when troubleshooting specific issues like “Why isn’t this OSPF adjacency forming?” However, enabling all debug messages can generate an overwhelming amount of information.
To address this, it’s now possible to log debug messages selectively. That can be done using trace-options, which are part of the YANG-modeled configuration, borrowing heavy influence from Junos and Nokia SR Linux. They can be applied at multiple levels of the configuration hierarchy, such as routing instances, interfaces, or peers. This allows, for example, enabling debug messages for a single BGP peer or all BGP peers.
In this release, all protocol crates support trace options, with each protocol supporting different tracing flags (e.g., tracing sent/received packets, adjacency changes, LSDB updates, etc.). For those coming from a Cisco background, trace options can be seen as the equivalent of traditional debug commands.
Thanks to Rust’s memory safety guarantees, Holo is inherently protected against many common memory-related bugs and security vulnerabilities. However, that doesn’t mean security can be taken for granted. As a routing stack, the primary attack vector involves receiving malicious packets that could trigger parsing errors and lead to denial-of-service attacks.
In this release, all protocol implementations have been updated to use the new fallible APIs from the bytes crate for parsing network packets. The fallible APIs safeguard against out-of-bounds reads, enabling proper error handling instead of causing unrecoverable panics. As a result, Holo is now significantly more resilient to malformed or malicious input.
Additionally, work has started on a fuzzing infrastructure to detect other classes of bugs, such as unchecked unwraps and integer arithmetic errors, before they can reach production. Routing protocols power the Internet as we know it, and security hardening must remain an ongoing effort.
Holo began as an experimental project, which made the Rust nightly toolchain a natural choice. At the time, many important language features, like async/await, were only available behind unstable flags.
Since then, most of those features have been stabilized. The last major one Holo relied on, let_chains, was stabilized in Rust 1.88. Alongside that, Holo was updated to remove a few other unstable features that were no longer strictly necessary.
As of this release, Holo builds on the stable Rust toolchain for the first time. This is an important milestone, marking Holo’s transition from a prototype to a more mature and stable project.
The Holo project is funded through NGI Zero Core, a fund established by NLnet with financial support from the European Commission’s Next Generation Internet program.
If you’re interested in Holo, consider joining our community! Whether you want to be an early adopter, a contributor, or simply follow along, you’re welcome. Join us on Holo’s Discord server or reach out directly at [email protected].
