]>
Commit | Line | Data |
---|---|---|
718e3744 | 1 | /* MPLS-VPN |
896014f4 DL |
2 | * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org> |
3 | * | |
4 | * This file is part of GNU Zebra. | |
5 | * | |
6 | * GNU Zebra is free software; you can redistribute it and/or modify it | |
7 | * under the terms of the GNU General Public License as published by the | |
8 | * Free Software Foundation; either version 2, or (at your option) any | |
9 | * later version. | |
10 | * | |
11 | * GNU Zebra is distributed in the hope that it will be useful, but | |
12 | * WITHOUT ANY WARRANTY; without even the implied warranty of | |
13 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
14 | * General Public License for more details. | |
15 | * | |
16 | * You should have received a copy of the GNU General Public License along | |
17 | * with this program; see the file COPYING; if not, write to the Free Software | |
18 | * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA | |
19 | */ | |
718e3744 | 20 | |
21 | #include <zebra.h> | |
22 | ||
23 | #include "command.h" | |
24 | #include "prefix.h" | |
25 | #include "log.h" | |
26 | #include "memory.h" | |
27 | #include "stream.h" | |
3f9c7369 | 28 | #include "queue.h" |
039f3a34 | 29 | #include "filter.h" |
ddb5b488 | 30 | #include "mpls.h" |
b9c7bc5a PZ |
31 | #include "json.h" |
32 | #include "zclient.h" | |
9bedbb1e | 33 | |
718e3744 | 34 | #include "bgpd/bgpd.h" |
ddb5b488 | 35 | #include "bgpd/bgp_debug.h" |
14454c9f | 36 | #include "bgpd/bgp_errors.h" |
718e3744 | 37 | #include "bgpd/bgp_table.h" |
38 | #include "bgpd/bgp_route.h" | |
39 | #include "bgpd/bgp_attr.h" | |
9bedbb1e | 40 | #include "bgpd/bgp_label.h" |
718e3744 | 41 | #include "bgpd/bgp_mplsvpn.h" |
48a5452b | 42 | #include "bgpd/bgp_packet.h" |
3f227172 | 43 | #include "bgpd/bgp_vty.h" |
784d3a42 | 44 | #include "bgpd/bgp_vpn.h" |
ddb5b488 PZ |
45 | #include "bgpd/bgp_ecommunity.h" |
46 | #include "bgpd/bgp_zebra.h" | |
47 | #include "bgpd/bgp_nexthop.h" | |
960035b2 | 48 | #include "bgpd/bgp_nht.h" |
0a2f9ac1 | 49 | #include "bgpd/bgp_evpn.h" |
718e3744 | 50 | |
65efcfce | 51 | #if ENABLE_BGP_VNC |
f8b6f499 | 52 | #include "bgpd/rfapi/rfapi_backend.h" |
65efcfce LB |
53 | #endif |
54 | ||
ddb5b488 PZ |
55 | /* |
56 | * Definitions and external declarations. | |
57 | */ | |
58 | extern struct zclient *zclient; | |
59 | ||
d62a17ae | 60 | extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc, |
61 | int *index, afi_t *afi) | |
3f227172 | 62 | { |
d62a17ae | 63 | int ret = 0; |
64 | if (argv_find(argv, argc, "vpnv4", index)) { | |
65 | ret = 1; | |
66 | if (afi) | |
67 | *afi = AFI_IP; | |
68 | } else if (argv_find(argv, argc, "vpnv6", index)) { | |
69 | ret = 1; | |
70 | if (afi) | |
71 | *afi = AFI_IP6; | |
72 | } | |
73 | return ret; | |
3f227172 PG |
74 | } |
75 | ||
d7c0a89a | 76 | uint32_t decode_label(mpls_label_t *label_pnt) |
718e3744 | 77 | { |
d7c0a89a QY |
78 | uint32_t l; |
79 | uint8_t *pnt = (uint8_t *)label_pnt; | |
718e3744 | 80 | |
d7c0a89a QY |
81 | l = ((uint32_t)*pnt++ << 12); |
82 | l |= (uint32_t)*pnt++ << 4; | |
83 | l |= (uint32_t)((*pnt & 0xf0) >> 4); | |
d62a17ae | 84 | return l; |
718e3744 | 85 | } |
86 | ||
d62a17ae | 87 | void encode_label(mpls_label_t label, mpls_label_t *label_pnt) |
65efcfce | 88 | { |
d7c0a89a | 89 | uint8_t *pnt = (uint8_t *)label_pnt; |
d62a17ae | 90 | if (pnt == NULL) |
91 | return; | |
13b7e7f0 DS |
92 | if (label == BGP_PREVENT_VRF_2_VRF_LEAK) { |
93 | *label_pnt = label; | |
94 | return; | |
95 | } | |
d62a17ae | 96 | *pnt++ = (label >> 12) & 0xff; |
97 | *pnt++ = (label >> 4) & 0xff; | |
98 | *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */ | |
65efcfce LB |
99 | } |
100 | ||
d62a17ae | 101 | int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr, |
102 | struct bgp_nlri *packet) | |
718e3744 | 103 | { |
d7c0a89a QY |
104 | uint8_t *pnt; |
105 | uint8_t *lim; | |
d62a17ae | 106 | struct prefix p; |
107 | int psize = 0; | |
108 | int prefixlen; | |
d7c0a89a | 109 | uint16_t type; |
d62a17ae | 110 | struct rd_as rd_as; |
111 | struct rd_ip rd_ip; | |
ef1af5e5 | 112 | struct prefix_rd prd = {0}; |
ddb5b488 | 113 | mpls_label_t label = {0}; |
d62a17ae | 114 | afi_t afi; |
115 | safi_t safi; | |
116 | int addpath_encoded; | |
d7c0a89a | 117 | uint32_t addpath_id; |
d62a17ae | 118 | |
d62a17ae | 119 | /* Make prefix_rd */ |
120 | prd.family = AF_UNSPEC; | |
121 | prd.prefixlen = 64; | |
122 | ||
123 | pnt = packet->nlri; | |
124 | lim = pnt + packet->length; | |
125 | afi = packet->afi; | |
126 | safi = packet->safi; | |
127 | addpath_id = 0; | |
128 | ||
129 | addpath_encoded = | |
130 | (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ADDPATH_AF_RX_ADV) | |
131 | && CHECK_FLAG(peer->af_cap[afi][safi], | |
132 | PEER_CAP_ADDPATH_AF_TX_RCV)); | |
718e3744 | 133 | |
50905aa2 | 134 | #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */ |
d62a17ae | 135 | for (; pnt < lim; pnt += psize) { |
136 | /* Clear prefix structure. */ | |
137 | memset(&p, 0, sizeof(struct prefix)); | |
138 | ||
139 | if (addpath_encoded) { | |
140 | ||
141 | /* When packet overflow occurs return immediately. */ | |
142 | if (pnt + BGP_ADDPATH_ID_LEN > lim) | |
513386b5 | 143 | return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW; |
d62a17ae | 144 | |
a3a850a1 S |
145 | memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN); |
146 | addpath_id = ntohl(addpath_id); | |
d62a17ae | 147 | pnt += BGP_ADDPATH_ID_LEN; |
148 | } | |
149 | ||
150 | /* Fetch prefix length. */ | |
151 | prefixlen = *pnt++; | |
152 | p.family = afi2family(packet->afi); | |
153 | psize = PSIZE(prefixlen); | |
154 | ||
155 | if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) { | |
af4c2728 | 156 | flog_err( |
e50f7cfd | 157 | EC_BGP_UPDATE_RCV, |
d62a17ae | 158 | "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)", |
159 | peer->host, prefixlen); | |
513386b5 | 160 | return BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH; |
d62a17ae | 161 | } |
162 | ||
163 | /* sanity check against packet data */ | |
164 | if ((pnt + psize) > lim) { | |
af4c2728 | 165 | flog_err( |
e50f7cfd | 166 | EC_BGP_UPDATE_RCV, |
d62a17ae | 167 | "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)", |
168 | peer->host, prefixlen, (uint)(lim - pnt)); | |
513386b5 | 169 | return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW; |
d62a17ae | 170 | } |
171 | ||
172 | /* sanity check against storage for the IP address portion */ | |
173 | if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) { | |
af4c2728 | 174 | flog_err( |
e50f7cfd | 175 | EC_BGP_UPDATE_RCV, |
d62a17ae | 176 | "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)", |
177 | peer->host, | |
178 | prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8, | |
179 | sizeof(p.u)); | |
513386b5 | 180 | return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH; |
d62a17ae | 181 | } |
182 | ||
183 | /* Sanity check against max bitlen of the address family */ | |
184 | if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) { | |
af4c2728 | 185 | flog_err( |
e50f7cfd | 186 | EC_BGP_UPDATE_RCV, |
d62a17ae | 187 | "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)", |
188 | peer->host, | |
189 | prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8, | |
190 | p.family, prefix_blen(&p)); | |
513386b5 | 191 | return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH; |
d62a17ae | 192 | } |
193 | ||
194 | /* Copy label to prefix. */ | |
195 | memcpy(&label, pnt, BGP_LABEL_BYTES); | |
196 | bgp_set_valid_label(&label); | |
197 | ||
198 | /* Copy routing distinguisher to rd. */ | |
199 | memcpy(&prd.val, pnt + BGP_LABEL_BYTES, 8); | |
200 | ||
201 | /* Decode RD type. */ | |
202 | type = decode_rd_type(pnt + BGP_LABEL_BYTES); | |
203 | ||
204 | switch (type) { | |
205 | case RD_TYPE_AS: | |
206 | decode_rd_as(pnt + 5, &rd_as); | |
207 | break; | |
208 | ||
209 | case RD_TYPE_AS4: | |
210 | decode_rd_as4(pnt + 5, &rd_as); | |
211 | break; | |
212 | ||
213 | case RD_TYPE_IP: | |
214 | decode_rd_ip(pnt + 5, &rd_ip); | |
215 | break; | |
fe770c88 | 216 | |
65efcfce | 217 | #if ENABLE_BGP_VNC |
d62a17ae | 218 | case RD_TYPE_VNC_ETH: |
219 | break; | |
65efcfce LB |
220 | #endif |
221 | ||
d62a17ae | 222 | default: |
1c50c1c0 | 223 | flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type); |
d62a17ae | 224 | break; /* just report */ |
225 | } | |
226 | ||
227 | p.prefixlen = | |
228 | prefixlen | |
229 | - VPN_PREFIXLEN_MIN_BYTES * 8; /* exclude label & RD */ | |
a85297a7 | 230 | memcpy(p.u.val, pnt + VPN_PREFIXLEN_MIN_BYTES, |
d62a17ae | 231 | psize - VPN_PREFIXLEN_MIN_BYTES); |
232 | ||
233 | if (attr) { | |
234 | bgp_update(peer, &p, addpath_id, attr, packet->afi, | |
235 | SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP, | |
b57ba6d2 | 236 | BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL); |
d62a17ae | 237 | } else { |
238 | bgp_withdraw(peer, &p, addpath_id, attr, packet->afi, | |
239 | SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP, | |
b57ba6d2 | 240 | BGP_ROUTE_NORMAL, &prd, &label, 1, NULL); |
d62a17ae | 241 | } |
242 | } | |
243 | /* Packet length consistency check. */ | |
244 | if (pnt != lim) { | |
af4c2728 | 245 | flog_err( |
e50f7cfd | 246 | EC_BGP_UPDATE_RCV, |
d62a17ae | 247 | "%s [Error] Update packet error / VPN (%zu data remaining after parsing)", |
248 | peer->host, lim - pnt); | |
513386b5 | 249 | return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH; |
d62a17ae | 250 | } |
251 | ||
252 | return 0; | |
50905aa2 | 253 | #undef VPN_PREFIXLEN_MIN_BYTES |
718e3744 | 254 | } |
255 | ||
ddb5b488 PZ |
256 | /* |
257 | * This function informs zebra of the label this vrf sets on routes | |
258 | * leaked to VPN. Zebra should install this label in the kernel with | |
259 | * an action of "pop label and then use this vrf's IP FIB to route the PDU." | |
260 | * | |
261 | * Sending this vrf-label association is qualified by a) whether vrf->vpn | |
262 | * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list | |
263 | * are set) and b) whether vpn-policy label is set. | |
264 | * | |
265 | * If any of these conditions do not hold, then we send MPLS_LABEL_NONE | |
266 | * for this vrf, which zebra interprets to mean "delete this vrf-label | |
267 | * association." | |
268 | */ | |
269 | void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi) | |
270 | { | |
271 | mpls_label_t label = MPLS_LABEL_NONE; | |
ddb5b488 PZ |
272 | int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL); |
273 | ||
ddb5b488 PZ |
274 | if (bgp->vrf_id == VRF_UNKNOWN) { |
275 | if (debug) { | |
276 | zlog_debug( | |
277 | "%s: vrf %s: afi %s: vrf_id not set, " | |
278 | "can't set zebra vrf label", | |
960035b2 | 279 | __func__, bgp->name_pretty, afi2str(afi)); |
ddb5b488 PZ |
280 | } |
281 | return; | |
282 | } | |
283 | ||
284 | if (vpn_leak_to_vpn_active(bgp, afi, NULL)) { | |
285 | label = bgp->vpn_policy[afi].tovpn_label; | |
286 | } | |
287 | ||
288 | if (debug) { | |
289 | zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d", | |
960035b2 PZ |
290 | __func__, bgp->name_pretty, afi2str(afi), label, |
291 | bgp->vrf_id); | |
ddb5b488 PZ |
292 | } |
293 | ||
3f518d59 DS |
294 | if (label == BGP_PREVENT_VRF_2_VRF_LEAK) |
295 | label = MPLS_LABEL_NONE; | |
ddb5b488 PZ |
296 | zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP); |
297 | bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label; | |
298 | } | |
299 | ||
300 | /* | |
301 | * If zebra tells us vrf has become unconfigured, tell zebra not to | |
302 | * use this label to forward to the vrf anymore | |
303 | */ | |
304 | void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi) | |
305 | { | |
306 | mpls_label_t label = MPLS_LABEL_NONE; | |
307 | int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL); | |
308 | ||
309 | if (bgp->vrf_id == VRF_UNKNOWN) { | |
310 | if (debug) { | |
311 | zlog_debug( | |
312 | "%s: vrf_id not set, can't delete zebra vrf label", | |
313 | __func__); | |
314 | } | |
315 | return; | |
316 | } | |
317 | ||
318 | if (debug) { | |
319 | zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__, | |
960035b2 | 320 | bgp->name_pretty, bgp->vrf_id); |
ddb5b488 PZ |
321 | } |
322 | ||
323 | zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP); | |
324 | bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label; | |
325 | } | |
326 | ||
e70e9f8e PZ |
327 | int vpn_leak_label_callback( |
328 | mpls_label_t label, | |
329 | void *labelid, | |
330 | bool allocated) | |
331 | { | |
332 | struct vpn_policy *vp = (struct vpn_policy *)labelid; | |
333 | int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL); | |
334 | ||
335 | if (debug) | |
336 | zlog_debug("%s: label=%u, allocated=%d", | |
337 | __func__, label, allocated); | |
338 | ||
339 | if (!allocated) { | |
340 | /* | |
341 | * previously-allocated label is now invalid | |
342 | */ | |
343 | if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) && | |
344 | (vp->tovpn_label != MPLS_LABEL_NONE)) { | |
345 | ||
346 | vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, | |
347 | vp->afi, bgp_get_default(), vp->bgp); | |
348 | vp->tovpn_label = MPLS_LABEL_NONE; | |
349 | vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, | |
350 | vp->afi, bgp_get_default(), vp->bgp); | |
351 | } | |
352 | return 0; | |
353 | } | |
354 | ||
355 | /* | |
356 | * New label allocation | |
357 | */ | |
358 | if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) { | |
359 | ||
360 | /* | |
361 | * not currently configured for auto label, reject allocation | |
362 | */ | |
363 | return -1; | |
364 | } | |
365 | ||
366 | if (vp->tovpn_label != MPLS_LABEL_NONE) { | |
367 | if (label == vp->tovpn_label) { | |
368 | /* already have same label, accept but do nothing */ | |
369 | return 0; | |
370 | } | |
371 | /* Shouldn't happen: different label allocation */ | |
e50f7cfd | 372 | flog_err(EC_BGP_LABEL, |
1c50c1c0 QY |
373 | "%s: %s had label %u but got new assignment %u", |
374 | __func__, vp->bgp->name_pretty, vp->tovpn_label, | |
375 | label); | |
e70e9f8e PZ |
376 | /* use new one */ |
377 | } | |
378 | ||
379 | vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, | |
380 | vp->afi, bgp_get_default(), vp->bgp); | |
381 | vp->tovpn_label = label; | |
382 | vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, | |
383 | vp->afi, bgp_get_default(), vp->bgp); | |
384 | ||
385 | return 0; | |
386 | } | |
387 | ||
ddb5b488 PZ |
388 | static int ecom_intersect(struct ecommunity *e1, struct ecommunity *e2) |
389 | { | |
390 | int i; | |
391 | int j; | |
392 | ||
393 | if (!e1 || !e2) | |
394 | return 0; | |
395 | ||
396 | for (i = 0; i < e1->size; ++i) { | |
397 | for (j = 0; j < e2->size; ++j) { | |
398 | if (!memcmp(e1->val + (i * ECOMMUNITY_SIZE), | |
399 | e2->val + (j * ECOMMUNITY_SIZE), | |
400 | ECOMMUNITY_SIZE)) { | |
401 | ||
402 | return 1; | |
403 | } | |
404 | } | |
405 | } | |
406 | return 0; | |
407 | } | |
408 | ||
40381db7 | 409 | static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label, |
4b7e6066 | 410 | uint32_t n) |
e37fb4bf PZ |
411 | { |
412 | uint32_t i; | |
413 | ||
40381db7 | 414 | if (!bpi->extra) { |
e37fb4bf PZ |
415 | if (!n) |
416 | return true; | |
417 | else | |
418 | return false; | |
419 | } | |
420 | ||
40381db7 | 421 | if (n != bpi->extra->num_labels) |
e37fb4bf PZ |
422 | return false; |
423 | ||
424 | for (i = 0; i < n; ++i) { | |
40381db7 | 425 | if (label[i] != bpi->extra->label[i]) |
e37fb4bf PZ |
426 | return false; |
427 | } | |
428 | return true; | |
429 | } | |
430 | ||
431 | /* | |
432 | * make encoded route labels match specified encoded label set | |
433 | */ | |
40381db7 | 434 | static void setlabels(struct bgp_path_info *bpi, |
4b7e6066 DS |
435 | mpls_label_t *label, /* array of labels */ |
436 | uint32_t num_labels) | |
e37fb4bf PZ |
437 | { |
438 | if (num_labels) | |
439 | assert(label); | |
440 | assert(num_labels <= BGP_MAX_LABELS); | |
441 | ||
442 | if (!num_labels) { | |
40381db7 DS |
443 | if (bpi->extra) |
444 | bpi->extra->num_labels = 0; | |
e37fb4bf PZ |
445 | return; |
446 | } | |
447 | ||
40381db7 | 448 | struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi); |
e37fb4bf PZ |
449 | uint32_t i; |
450 | ||
451 | for (i = 0; i < num_labels; ++i) { | |
452 | extra->label[i] = label[i]; | |
453 | if (!bgp_is_valid_label(&label[i])) { | |
454 | bgp_set_valid_label(&extra->label[i]); | |
455 | } | |
456 | } | |
457 | extra->num_labels = num_labels; | |
458 | } | |
459 | ||
ddb5b488 | 460 | /* |
18ee8310 | 461 | * returns pointer to new bgp_path_info upon success |
ddb5b488 | 462 | */ |
4b7e6066 DS |
463 | static struct bgp_path_info * |
464 | leak_update(struct bgp *bgp, /* destination bgp instance */ | |
465 | struct bgp_node *bn, struct attr *new_attr, /* already interned */ | |
40381db7 | 466 | afi_t afi, safi_t safi, struct bgp_path_info *source_bpi, |
4b7e6066 DS |
467 | mpls_label_t *label, uint32_t num_labels, void *parent, |
468 | struct bgp *bgp_orig, struct prefix *nexthop_orig, | |
469 | int nexthop_self_flag, int debug) | |
ddb5b488 PZ |
470 | { |
471 | struct prefix *p = &bn->p; | |
40381db7 DS |
472 | struct bgp_path_info *bpi; |
473 | struct bgp_path_info *bpi_ultimate; | |
4b7e6066 | 474 | struct bgp_path_info *new; |
ddb5b488 | 475 | char buf_prefix[PREFIX_STRLEN]; |
ddb5b488 PZ |
476 | |
477 | if (debug) { | |
478 | prefix2str(&bn->p, buf_prefix, sizeof(buf_prefix)); | |
960035b2 | 479 | zlog_debug("%s: entry: leak-to=%s, p=%s, type=%d, sub_type=%d", |
40381db7 DS |
480 | __func__, bgp->name_pretty, buf_prefix, |
481 | source_bpi->type, source_bpi->sub_type); | |
ddb5b488 PZ |
482 | } |
483 | ||
f46d45c1 PZ |
484 | /* |
485 | * Routes that are redistributed into BGP from zebra do not get | |
486 | * nexthop tracking. However, if those routes are subsequently | |
487 | * imported to other RIBs within BGP, the leaked routes do not | |
488 | * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore, | |
489 | * in order to determine if the route we are currently leaking | |
490 | * should have nexthop tracking, we must find the ultimate | |
491 | * parent so we can check its sub_type. | |
492 | * | |
40381db7 | 493 | * As of now, source_bpi may at most be a second-generation route |
f46d45c1 PZ |
494 | * (only one hop back to ultimate parent for vrf-vpn-vrf scheme). |
495 | * Using a loop here supports more complex intra-bgp import-export | |
496 | * schemes that could be implemented in the future. | |
3bd70bf8 | 497 | * |
f46d45c1 | 498 | */ |
40381db7 DS |
499 | for (bpi_ultimate = source_bpi; |
500 | bpi_ultimate->extra && bpi_ultimate->extra->parent; | |
501 | bpi_ultimate = bpi_ultimate->extra->parent) | |
502 | ; | |
f46d45c1 | 503 | |
ddb5b488 PZ |
504 | /* |
505 | * match parent | |
506 | */ | |
6f94b685 | 507 | for (bpi = bgp_node_get_bgp_path_info(bn); bpi; bpi = bpi->next) { |
40381db7 | 508 | if (bpi->extra && bpi->extra->parent == parent) |
ddb5b488 PZ |
509 | break; |
510 | } | |
511 | ||
40381db7 DS |
512 | if (bpi) { |
513 | bool labelssame = labels_same(bpi, label, num_labels); | |
e37fb4bf | 514 | |
40381db7 DS |
515 | if (attrhash_cmp(bpi->attr, new_attr) && labelssame |
516 | && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) { | |
ddb5b488 PZ |
517 | |
518 | bgp_attr_unintern(&new_attr); | |
519 | if (debug) | |
520 | zlog_debug( | |
521 | "%s: ->%s: %s: Found route, no change", | |
960035b2 | 522 | __func__, bgp->name_pretty, |
ddb5b488 PZ |
523 | buf_prefix); |
524 | return NULL; | |
525 | } | |
526 | ||
527 | /* attr is changed */ | |
40381db7 | 528 | bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED); |
ddb5b488 PZ |
529 | |
530 | /* Rewrite BGP route information. */ | |
40381db7 DS |
531 | if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) |
532 | bgp_path_info_restore(bn, bpi); | |
ddb5b488 | 533 | else |
40381db7 DS |
534 | bgp_aggregate_decrement(bgp, p, bpi, afi, safi); |
535 | bgp_attr_unintern(&bpi->attr); | |
536 | bpi->attr = new_attr; | |
537 | bpi->uptime = bgp_clock(); | |
ddb5b488 | 538 | |
e37fb4bf PZ |
539 | /* |
540 | * rewrite labels | |
541 | */ | |
542 | if (!labelssame) | |
40381db7 | 543 | setlabels(bpi, label, num_labels); |
e37fb4bf | 544 | |
960035b2 | 545 | if (nexthop_self_flag) |
40381db7 | 546 | bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF); |
960035b2 PZ |
547 | |
548 | struct bgp *bgp_nexthop = bgp; | |
549 | int nh_valid; | |
550 | ||
40381db7 DS |
551 | if (bpi->extra && bpi->extra->bgp_orig) |
552 | bgp_nexthop = bpi->extra->bgp_orig; | |
960035b2 | 553 | |
0a2f9ac1 | 554 | /* |
555 | * No nexthop tracking for redistributed routes or for | |
556 | * EVPN-imported routes that get leaked. | |
557 | */ | |
558 | if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE || | |
559 | is_pi_family_evpn(bpi_ultimate)) | |
960035b2 PZ |
560 | nh_valid = 1; |
561 | else | |
562 | /* | |
563 | * TBD do we need to do anything about the | |
564 | * 'connected' parameter? | |
565 | */ | |
40381db7 DS |
566 | nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop, |
567 | afi, bpi, NULL, 0); | |
960035b2 PZ |
568 | |
569 | if (debug) | |
570 | zlog_debug("%s: nexthop is %svalid (in vrf %s)", | |
571 | __func__, (nh_valid ? "" : "not "), | |
572 | bgp_nexthop->name_pretty); | |
573 | ||
574 | if (nh_valid) | |
40381db7 | 575 | bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID); |
960035b2 | 576 | |
ddb5b488 | 577 | /* Process change. */ |
40381db7 | 578 | bgp_aggregate_increment(bgp, p, bpi, afi, safi); |
ddb5b488 PZ |
579 | bgp_process(bgp, bn, afi, safi); |
580 | bgp_unlock_node(bn); | |
581 | ||
582 | if (debug) | |
583 | zlog_debug("%s: ->%s: %s Found route, changed attr", | |
960035b2 | 584 | __func__, bgp->name_pretty, buf_prefix); |
ddb5b488 | 585 | |
40381db7 | 586 | return bpi; |
ddb5b488 PZ |
587 | } |
588 | ||
be180f97 | 589 | new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0, |
960035b2 PZ |
590 | bgp->peer_self, new_attr, bn); |
591 | ||
592 | if (nexthop_self_flag) | |
18ee8310 | 593 | bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF); |
ddb5b488 | 594 | |
18ee8310 | 595 | bgp_path_info_extra_get(new); |
4b85140f | 596 | |
e37fb4bf PZ |
597 | if (num_labels) |
598 | setlabels(new, label, num_labels); | |
599 | ||
18ee8310 | 600 | new->extra->parent = bgp_path_info_lock(parent); |
4b7e6066 | 601 | bgp_lock_node((struct bgp_node *)((struct bgp_path_info *)parent)->net); |
ddb5b488 | 602 | if (bgp_orig) |
21d88ef7 | 603 | new->extra->bgp_orig = bgp_lock(bgp_orig); |
ddb5b488 PZ |
604 | if (nexthop_orig) |
605 | new->extra->nexthop_orig = *nexthop_orig; | |
606 | ||
960035b2 PZ |
607 | /* |
608 | * nexthop tracking for unicast routes | |
609 | */ | |
610 | struct bgp *bgp_nexthop = bgp; | |
611 | int nh_valid; | |
612 | ||
4b85140f | 613 | if (new->extra->bgp_orig) |
960035b2 PZ |
614 | bgp_nexthop = new->extra->bgp_orig; |
615 | ||
616 | /* | |
617 | * No nexthop tracking for redistributed routes because | |
618 | * their originating protocols will do the tracking and | |
619 | * withdraw those routes if the nexthops become unreachable | |
0a2f9ac1 | 620 | * This also holds good for EVPN-imported routes that get |
621 | * leaked. | |
960035b2 | 622 | */ |
0a2f9ac1 | 623 | if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE || |
624 | is_pi_family_evpn(bpi_ultimate)) | |
960035b2 PZ |
625 | nh_valid = 1; |
626 | else | |
627 | /* | |
628 | * TBD do we need to do anything about the | |
629 | * 'connected' parameter? | |
630 | */ | |
631 | nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop, | |
632 | afi, new, NULL, 0); | |
633 | ||
634 | if (debug) | |
635 | zlog_debug("%s: nexthop is %svalid (in vrf %s)", | |
636 | __func__, (nh_valid ? "" : "not "), | |
637 | bgp_nexthop->name_pretty); | |
638 | if (nh_valid) | |
18ee8310 | 639 | bgp_path_info_set_flag(bn, new, BGP_PATH_VALID); |
960035b2 | 640 | |
ddb5b488 | 641 | bgp_aggregate_increment(bgp, p, new, afi, safi); |
18ee8310 | 642 | bgp_path_info_add(bn, new); |
ddb5b488 PZ |
643 | |
644 | bgp_unlock_node(bn); | |
645 | bgp_process(bgp, bn, afi, safi); | |
646 | ||
647 | if (debug) | |
648 | zlog_debug("%s: ->%s: %s: Added new route", __func__, | |
960035b2 | 649 | bgp->name_pretty, buf_prefix); |
ddb5b488 PZ |
650 | |
651 | return new; | |
652 | } | |
653 | ||
654 | /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */ | |
4b7e6066 DS |
655 | void vpn_leak_from_vrf_update(struct bgp *bgp_vpn, /* to */ |
656 | struct bgp *bgp_vrf, /* from */ | |
40381db7 | 657 | struct bgp_path_info *path_vrf) /* route */ |
ddb5b488 PZ |
658 | { |
659 | int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF); | |
40381db7 | 660 | struct prefix *p = &path_vrf->net->p; |
ddb5b488 PZ |
661 | afi_t afi = family2afi(p->family); |
662 | struct attr static_attr = {0}; | |
663 | struct attr *new_attr = NULL; | |
664 | safi_t safi = SAFI_MPLS_VPN; | |
665 | mpls_label_t label_val; | |
666 | mpls_label_t label; | |
667 | struct bgp_node *bn; | |
668 | const char *debugmsg; | |
960035b2 PZ |
669 | int nexthop_self_flag = 0; |
670 | ||
671 | if (debug) | |
672 | zlog_debug("%s: from vrf %s", __func__, bgp_vrf->name_pretty); | |
ddb5b488 | 673 | |
40381db7 DS |
674 | if (debug && path_vrf->attr->ecommunity) { |
675 | char *s = ecommunity_ecom2str(path_vrf->attr->ecommunity, | |
c8f57349 | 676 | ECOMMUNITY_FORMAT_ROUTE_MAP, 0); |
ddb5b488 | 677 | |
40381db7 DS |
678 | zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__, |
679 | bgp_vrf->name, path_vrf->type, s); | |
c8f57349 | 680 | XFREE(MTYPE_ECOMMUNITY_STR, s); |
ddb5b488 PZ |
681 | } |
682 | ||
683 | if (!bgp_vpn) | |
684 | return; | |
685 | ||
686 | if (!afi) { | |
687 | if (debug) | |
688 | zlog_debug("%s: can't get afi of prefix", __func__); | |
689 | return; | |
690 | } | |
691 | ||
12d6100c | 692 | /* Is this route exportable into the VPN table? */ |
693 | if (!is_route_injectable_into_vpn(path_vrf)) | |
ddb5b488 PZ |
694 | return; |
695 | ||
ddb5b488 PZ |
696 | if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) { |
697 | if (debug) | |
12a844a5 DS |
698 | zlog_debug("%s: %s skipping: %s", __func__, |
699 | bgp_vrf->name, debugmsg); | |
ddb5b488 PZ |
700 | return; |
701 | } | |
702 | ||
6f4f49b2 QY |
703 | /* shallow copy */ |
704 | static_attr = *path_vrf->attr; | |
ddb5b488 PZ |
705 | |
706 | /* | |
707 | * route map handling | |
708 | */ | |
709 | if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) { | |
4b7e6066 | 710 | struct bgp_path_info info; |
ddb5b488 PZ |
711 | route_map_result_t ret; |
712 | ||
713 | memset(&info, 0, sizeof(info)); | |
714 | info.peer = bgp_vpn->peer_self; | |
715 | info.attr = &static_attr; | |
716 | ret = route_map_apply( | |
717 | bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN], | |
718 | p, RMAP_BGP, &info); | |
719 | if (RMAP_DENYMATCH == ret) { | |
720 | bgp_attr_flush(&static_attr); /* free any added parts */ | |
721 | if (debug) | |
722 | zlog_debug( | |
723 | "%s: vrf %s route map \"%s\" says DENY, returning", | |
960035b2 | 724 | __func__, bgp_vrf->name_pretty, |
ddb5b488 PZ |
725 | bgp_vrf->vpn_policy[afi] |
726 | .rmap[BGP_VPN_POLICY_DIR_TOVPN] | |
727 | ->name); | |
728 | return; | |
729 | } | |
730 | } | |
731 | ||
c8f57349 DS |
732 | if (debug && static_attr.ecommunity) { |
733 | char *s = ecommunity_ecom2str(static_attr.ecommunity, | |
734 | ECOMMUNITY_FORMAT_ROUTE_MAP, 0); | |
ddb5b488 | 735 | |
ddb5b488 PZ |
736 | zlog_debug("%s: post route map static_attr.ecommunity{%s}", |
737 | __func__, s); | |
c8f57349 | 738 | XFREE(MTYPE_ECOMMUNITY_STR, s); |
ddb5b488 PZ |
739 | } |
740 | ||
741 | /* | |
742 | * Add the vpn-policy rt-list | |
743 | */ | |
744 | struct ecommunity *old_ecom; | |
745 | struct ecommunity *new_ecom; | |
746 | ||
747 | old_ecom = static_attr.ecommunity; | |
748 | if (old_ecom) { | |
749 | new_ecom = ecommunity_merge( | |
750 | ecommunity_dup(old_ecom), | |
751 | bgp_vrf->vpn_policy[afi] | |
752 | .rtlist[BGP_VPN_POLICY_DIR_TOVPN]); | |
753 | if (!old_ecom->refcnt) | |
754 | ecommunity_free(&old_ecom); | |
755 | } else { | |
756 | new_ecom = ecommunity_dup( | |
757 | bgp_vrf->vpn_policy[afi] | |
758 | .rtlist[BGP_VPN_POLICY_DIR_TOVPN]); | |
759 | } | |
760 | static_attr.ecommunity = new_ecom; | |
761 | SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES)); | |
762 | ||
c8f57349 DS |
763 | if (debug && static_attr.ecommunity) { |
764 | char *s = ecommunity_ecom2str(static_attr.ecommunity, | |
765 | ECOMMUNITY_FORMAT_ROUTE_MAP, 0); | |
ddb5b488 | 766 | |
ddb5b488 PZ |
767 | zlog_debug("%s: post merge static_attr.ecommunity{%s}", |
768 | __func__, s); | |
c8f57349 | 769 | XFREE(MTYPE_ECOMMUNITY_STR, s); |
ddb5b488 PZ |
770 | } |
771 | ||
772 | /* Nexthop */ | |
773 | /* if policy nexthop not set, use 0 */ | |
774 | if (CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags, | |
775 | BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) { | |
ddb5b488 PZ |
776 | struct prefix *nexthop = |
777 | &bgp_vrf->vpn_policy[afi].tovpn_nexthop; | |
12a844a5 | 778 | |
ddb5b488 PZ |
779 | switch (nexthop->family) { |
780 | case AF_INET: | |
781 | /* prevent mp_nexthop_global_in <- self in bgp_route.c | |
782 | */ | |
783 | static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr; | |
784 | ||
785 | static_attr.mp_nexthop_global_in = nexthop->u.prefix4; | |
0606039c | 786 | static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV4; |
ddb5b488 PZ |
787 | break; |
788 | ||
789 | case AF_INET6: | |
790 | static_attr.mp_nexthop_global = nexthop->u.prefix6; | |
0606039c | 791 | static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL; |
ddb5b488 PZ |
792 | break; |
793 | ||
794 | default: | |
795 | assert(0); | |
796 | } | |
797 | } else { | |
12a844a5 DS |
798 | if (!CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST], |
799 | BGP_CONFIG_VRF_TO_VRF_EXPORT)) { | |
800 | if (afi == AFI_IP) { | |
020a3f60 DS |
801 | /* |
802 | * For ipv4, copy to multiprotocol | |
803 | * nexthop field | |
804 | */ | |
805 | static_attr.mp_nexthop_global_in = | |
806 | static_attr.nexthop; | |
0606039c DA |
807 | static_attr.mp_nexthop_len = |
808 | BGP_ATTR_NHLEN_IPV4; | |
020a3f60 DS |
809 | /* |
810 | * XXX Leave static_attr.nexthop | |
811 | * intact for NHT | |
812 | */ | |
813 | static_attr.flag &= | |
814 | ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP); | |
12a844a5 DS |
815 | } |
816 | } else { | |
77e62f2b | 817 | /* Update based on next-hop family to account for |
818 | * RFC 5549 (BGP unnumbered) scenario. Note that | |
819 | * specific action is only needed for the case of | |
820 | * IPv4 nexthops as the attr has been copied | |
821 | * otherwise. | |
822 | */ | |
40381db7 DS |
823 | if (afi == AFI_IP |
824 | && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) { | |
12a844a5 DS |
825 | static_attr.mp_nexthop_global_in.s_addr = |
826 | static_attr.nexthop.s_addr; | |
0606039c DA |
827 | static_attr.mp_nexthop_len = |
828 | BGP_ATTR_NHLEN_IPV4; | |
12a844a5 DS |
829 | static_attr.flag |= |
830 | ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP); | |
12a844a5 | 831 | } |
ddb5b488 | 832 | } |
960035b2 | 833 | nexthop_self_flag = 1; |
ddb5b488 PZ |
834 | } |
835 | ||
836 | label_val = bgp_vrf->vpn_policy[afi].tovpn_label; | |
837 | if (label_val == MPLS_LABEL_NONE) { | |
291e32c3 | 838 | encode_label(MPLS_LABEL_IMPLICIT_NULL, &label); |
ddb5b488 PZ |
839 | } else { |
840 | encode_label(label_val, &label); | |
841 | } | |
842 | ||
843 | /* Set originator ID to "me" */ | |
844 | SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID)); | |
845 | static_attr.originator_id = bgp_vpn->router_id; | |
846 | ||
847 | ||
848 | new_attr = bgp_attr_intern( | |
849 | &static_attr); /* hashed refcounted everything */ | |
850 | bgp_attr_flush(&static_attr); /* free locally-allocated parts */ | |
851 | ||
c3e345b1 DS |
852 | if (debug && new_attr->ecommunity) { |
853 | char *s = ecommunity_ecom2str(new_attr->ecommunity, | |
854 | ECOMMUNITY_FORMAT_ROUTE_MAP, 0); | |
ddb5b488 | 855 | |
ddb5b488 | 856 | zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s); |
c3e345b1 | 857 | XFREE(MTYPE_ECOMMUNITY_STR, s); |
ddb5b488 PZ |
858 | } |
859 | ||
860 | /* Now new_attr is an allocated interned attr */ | |
861 | ||
862 | bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p, | |
863 | &(bgp_vrf->vpn_policy[afi].tovpn_rd)); | |
864 | ||
4b7e6066 | 865 | struct bgp_path_info *new_info; |
ddb5b488 | 866 | |
40381db7 DS |
867 | new_info = leak_update(bgp_vpn, bn, new_attr, afi, safi, path_vrf, |
868 | &label, 1, path_vrf, bgp_vrf, NULL, | |
960035b2 | 869 | nexthop_self_flag, debug); |
ddb5b488 PZ |
870 | |
871 | /* | |
872 | * Routes actually installed in the vpn RIB must also be | |
873 | * offered to all vrfs (because now they originate from | |
874 | * the vpn RIB). | |
875 | * | |
876 | * Acceptance into other vrfs depends on rt-lists. | |
877 | * Originating vrf will not accept the looped back route | |
878 | * because of loop checking. | |
879 | */ | |
880 | if (new_info) | |
321b4bc9 | 881 | vpn_leak_to_vrf_update(bgp_vrf, new_info); |
ddb5b488 PZ |
882 | } |
883 | ||
4b7e6066 DS |
884 | void vpn_leak_from_vrf_withdraw(struct bgp *bgp_vpn, /* to */ |
885 | struct bgp *bgp_vrf, /* from */ | |
40381db7 | 886 | struct bgp_path_info *path_vrf) /* route */ |
ddb5b488 PZ |
887 | { |
888 | int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF); | |
40381db7 | 889 | struct prefix *p = &path_vrf->net->p; |
ddb5b488 PZ |
890 | afi_t afi = family2afi(p->family); |
891 | safi_t safi = SAFI_MPLS_VPN; | |
40381db7 | 892 | struct bgp_path_info *bpi; |
ddb5b488 PZ |
893 | struct bgp_node *bn; |
894 | const char *debugmsg; | |
960035b2 PZ |
895 | char buf_prefix[PREFIX_STRLEN]; |
896 | ||
897 | if (debug) { | |
898 | prefix2str(p, buf_prefix, sizeof(buf_prefix)); | |
899 | zlog_debug( | |
900 | "%s: entry: leak-from=%s, p=%s, type=%d, sub_type=%d", | |
901 | __func__, bgp_vrf->name_pretty, buf_prefix, | |
40381db7 | 902 | path_vrf->type, path_vrf->sub_type); |
960035b2 | 903 | } |
ddb5b488 | 904 | |
ddb5b488 PZ |
905 | if (!bgp_vpn) |
906 | return; | |
907 | ||
908 | if (!afi) { | |
909 | if (debug) | |
910 | zlog_debug("%s: can't get afi of prefix", __func__); | |
911 | return; | |
912 | } | |
913 | ||
12d6100c | 914 | /* Is this route exportable into the VPN table? */ |
915 | if (!is_route_injectable_into_vpn(path_vrf)) | |
916 | return; | |
917 | ||
ddb5b488 PZ |
918 | if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) { |
919 | if (debug) | |
920 | zlog_debug("%s: skipping: %s", __func__, debugmsg); | |
921 | return; | |
922 | } | |
923 | ||
924 | if (debug) | |
40381db7 | 925 | zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf); |
ddb5b488 PZ |
926 | |
927 | bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p, | |
928 | &(bgp_vrf->vpn_policy[afi].tovpn_rd)); | |
929 | ||
6f94b685 DS |
930 | if (!bn) |
931 | return; | |
ddb5b488 PZ |
932 | /* |
933 | * vrf -> vpn | |
40381db7 | 934 | * match original bpi imported from |
ddb5b488 | 935 | */ |
6f94b685 | 936 | for (bpi = bgp_node_get_bgp_path_info(bn); bpi; bpi = bpi->next) { |
40381db7 | 937 | if (bpi->extra && bpi->extra->parent == path_vrf) { |
ddb5b488 PZ |
938 | break; |
939 | } | |
940 | } | |
941 | ||
40381db7 | 942 | if (bpi) { |
ddb5b488 | 943 | /* withdraw from looped vrfs as well */ |
40381db7 | 944 | vpn_leak_to_vrf_withdraw(bgp_vpn, bpi); |
ddb5b488 | 945 | |
40381db7 DS |
946 | bgp_aggregate_decrement(bgp_vpn, p, bpi, afi, safi); |
947 | bgp_path_info_delete(bn, bpi); | |
ddb5b488 PZ |
948 | bgp_process(bgp_vpn, bn, afi, safi); |
949 | } | |
950 | bgp_unlock_node(bn); | |
951 | } | |
952 | ||
953 | void vpn_leak_from_vrf_withdraw_all(struct bgp *bgp_vpn, /* to */ | |
954 | struct bgp *bgp_vrf, /* from */ | |
955 | afi_t afi) | |
956 | { | |
957 | int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF); | |
958 | struct bgp_node *prn; | |
959 | safi_t safi = SAFI_MPLS_VPN; | |
960 | ||
961 | /* | |
40381db7 | 962 | * Walk vpn table, delete bpi with bgp_orig == bgp_vrf |
ddb5b488 PZ |
963 | */ |
964 | for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn; | |
965 | prn = bgp_route_next(prn)) { | |
966 | ||
967 | struct bgp_table *table; | |
968 | struct bgp_node *bn; | |
40381db7 | 969 | struct bgp_path_info *bpi; |
ddb5b488 PZ |
970 | |
971 | /* This is the per-RD table of prefixes */ | |
67009e22 | 972 | table = bgp_node_get_bgp_table_info(prn); |
ddb5b488 PZ |
973 | |
974 | if (!table) | |
975 | continue; | |
976 | ||
977 | for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) { | |
978 | ||
979 | char buf[PREFIX2STR_BUFFER]; | |
980 | ||
6f94b685 DS |
981 | bpi = bgp_node_get_bgp_path_info(bn); |
982 | if (debug && bpi) { | |
ddb5b488 PZ |
983 | zlog_debug( |
984 | "%s: looking at prefix %s", __func__, | |
985 | prefix2str(&bn->p, buf, sizeof(buf))); | |
986 | } | |
987 | ||
6f94b685 | 988 | for (; bpi; bpi = bpi->next) { |
ddb5b488 PZ |
989 | if (debug) |
990 | zlog_debug("%s: type %d, sub_type %d", | |
40381db7 DS |
991 | __func__, bpi->type, |
992 | bpi->sub_type); | |
993 | if (bpi->sub_type != BGP_ROUTE_IMPORTED) | |
ddb5b488 | 994 | continue; |
40381db7 | 995 | if (!bpi->extra) |
ddb5b488 | 996 | continue; |
40381db7 | 997 | if ((struct bgp *)bpi->extra->bgp_orig |
ddb5b488 PZ |
998 | == bgp_vrf) { |
999 | /* delete route */ | |
1000 | if (debug) | |
9165c5f5 | 1001 | zlog_debug("%s: deleting it", |
ddb5b488 PZ |
1002 | __func__); |
1003 | bgp_aggregate_decrement(bgp_vpn, &bn->p, | |
40381db7 DS |
1004 | bpi, afi, safi); |
1005 | bgp_path_info_delete(bn, bpi); | |
ddb5b488 PZ |
1006 | bgp_process(bgp_vpn, bn, afi, safi); |
1007 | } | |
1008 | } | |
1009 | } | |
1010 | } | |
1011 | } | |
1012 | ||
1013 | void vpn_leak_from_vrf_update_all(struct bgp *bgp_vpn, /* to */ | |
1014 | struct bgp *bgp_vrf, /* from */ | |
1015 | afi_t afi) | |
1016 | { | |
1017 | struct bgp_node *bn; | |
40381db7 | 1018 | struct bgp_path_info *bpi; |
ddb5b488 PZ |
1019 | int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF); |
1020 | ||
1021 | if (debug) | |
1022 | zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi, | |
960035b2 | 1023 | bgp_vrf->name_pretty); |
ddb5b488 PZ |
1024 | |
1025 | for (bn = bgp_table_top(bgp_vrf->rib[afi][SAFI_UNICAST]); bn; | |
1026 | bn = bgp_route_next(bn)) { | |
1027 | ||
1028 | if (debug) | |
1029 | zlog_debug("%s: node=%p", __func__, bn); | |
1030 | ||
6f94b685 DS |
1031 | for (bpi = bgp_node_get_bgp_path_info(bn); bpi; |
1032 | bpi = bpi->next) { | |
ddb5b488 PZ |
1033 | if (debug) |
1034 | zlog_debug( | |
1035 | "%s: calling vpn_leak_from_vrf_update", | |
1036 | __func__); | |
40381db7 | 1037 | vpn_leak_from_vrf_update(bgp_vpn, bgp_vrf, bpi); |
ddb5b488 PZ |
1038 | } |
1039 | } | |
1040 | } | |
1041 | ||
4b7e6066 DS |
1042 | static void |
1043 | vpn_leak_to_vrf_update_onevrf(struct bgp *bgp_vrf, /* to */ | |
1044 | struct bgp *bgp_vpn, /* from */ | |
40381db7 | 1045 | struct bgp_path_info *path_vpn) /* route */ |
ddb5b488 | 1046 | { |
40381db7 | 1047 | struct prefix *p = &path_vpn->net->p; |
ddb5b488 PZ |
1048 | afi_t afi = family2afi(p->family); |
1049 | ||
ddb5b488 PZ |
1050 | struct attr static_attr = {0}; |
1051 | struct attr *new_attr = NULL; | |
1052 | struct bgp_node *bn; | |
1053 | safi_t safi = SAFI_UNICAST; | |
1054 | const char *debugmsg; | |
1055 | struct prefix nexthop_orig; | |
1056 | mpls_label_t *pLabels = NULL; | |
e37fb4bf | 1057 | uint32_t num_labels = 0; |
960035b2 | 1058 | int nexthop_self_flag = 1; |
40381db7 | 1059 | struct bgp_path_info *bpi_ultimate = NULL; |
513bf8d6 | 1060 | int origin_local = 0; |
d6632478 | 1061 | struct bgp *src_vrf; |
ddb5b488 PZ |
1062 | |
1063 | int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF); | |
1064 | ||
b9c7bc5a | 1065 | if (!vpn_leak_from_vpn_active(bgp_vrf, afi, &debugmsg)) { |
ddb5b488 PZ |
1066 | if (debug) |
1067 | zlog_debug("%s: skipping: %s", __func__, debugmsg); | |
1068 | return; | |
1069 | } | |
1070 | ||
1071 | /* Check for intersection of route targets */ | |
1072 | if (!ecom_intersect( | |
1073 | bgp_vrf->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN], | |
40381db7 | 1074 | path_vpn->attr->ecommunity)) { |
ddb5b488 PZ |
1075 | |
1076 | return; | |
1077 | } | |
1078 | ||
1dcc9e5b CS |
1079 | if (debug) { |
1080 | char buf_prefix[PREFIX_STRLEN]; | |
1081 | ||
1082 | prefix2str(p, buf_prefix, sizeof(buf_prefix)); | |
1083 | zlog_debug("%s: updating %s to vrf %s", __func__, | |
1084 | buf_prefix, bgp_vrf->name_pretty); | |
1085 | } | |
ddb5b488 | 1086 | |
6f4f49b2 QY |
1087 | /* shallow copy */ |
1088 | static_attr = *path_vpn->attr; | |
ddb5b488 PZ |
1089 | |
1090 | /* | |
1091 | * Nexthop: stash and clear | |
1092 | * | |
1093 | * Nexthop is valid in context of VPN core, but not in destination vrf. | |
1094 | * Stash it for later label resolution by vrf ingress path and then | |
1095 | * overwrite with 0, i.e., "me", for the sake of vrf advertisement. | |
1096 | */ | |
40381db7 | 1097 | uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len); |
ddb5b488 PZ |
1098 | |
1099 | memset(&nexthop_orig, 0, sizeof(nexthop_orig)); | |
1100 | nexthop_orig.family = nhfamily; | |
1101 | ||
1102 | switch (nhfamily) { | |
ddb5b488 PZ |
1103 | case AF_INET: |
1104 | /* save */ | |
40381db7 | 1105 | nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in; |
ddb5b488 | 1106 | nexthop_orig.prefixlen = 32; |
12a844a5 DS |
1107 | |
1108 | if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi], | |
1109 | BGP_CONFIG_VRF_TO_VRF_IMPORT)) { | |
1110 | static_attr.nexthop.s_addr = | |
1111 | nexthop_orig.u.prefix4.s_addr; | |
1112 | ||
1113 | static_attr.mp_nexthop_global_in = | |
40381db7 | 1114 | path_vpn->attr->mp_nexthop_global_in; |
12a844a5 | 1115 | static_attr.mp_nexthop_len = |
40381db7 | 1116 | path_vpn->attr->mp_nexthop_len; |
12a844a5 | 1117 | } |
de4d0a51 | 1118 | static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP); |
ddb5b488 | 1119 | break; |
ddb5b488 PZ |
1120 | case AF_INET6: |
1121 | /* save */ | |
40381db7 | 1122 | nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global; |
ddb5b488 | 1123 | nexthop_orig.prefixlen = 128; |
12a844a5 DS |
1124 | |
1125 | if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi], | |
1126 | BGP_CONFIG_VRF_TO_VRF_IMPORT)) { | |
1127 | static_attr.mp_nexthop_global = nexthop_orig.u.prefix6; | |
12a844a5 | 1128 | } |
ddb5b488 PZ |
1129 | break; |
1130 | } | |
1131 | ||
ddb5b488 PZ |
1132 | /* |
1133 | * route map handling | |
ddb5b488 | 1134 | */ |
ddb5b488 | 1135 | if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) { |
4b7e6066 | 1136 | struct bgp_path_info info; |
ddb5b488 PZ |
1137 | route_map_result_t ret; |
1138 | ||
1139 | memset(&info, 0, sizeof(info)); | |
1140 | info.peer = bgp_vrf->peer_self; | |
1141 | info.attr = &static_attr; | |
1dcc9e5b | 1142 | info.extra = path_vpn->extra; /* Used for source-vrf filter */ |
ddb5b488 PZ |
1143 | ret = route_map_apply(bgp_vrf->vpn_policy[afi] |
1144 | .rmap[BGP_VPN_POLICY_DIR_FROMVPN], | |
1145 | p, RMAP_BGP, &info); | |
1146 | if (RMAP_DENYMATCH == ret) { | |
1147 | bgp_attr_flush(&static_attr); /* free any added parts */ | |
1148 | if (debug) | |
1149 | zlog_debug( | |
1150 | "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning", | |
960035b2 | 1151 | __func__, bgp_vrf->name_pretty, |
ddb5b488 PZ |
1152 | bgp_vrf->vpn_policy[afi] |
1153 | .rmap[BGP_VPN_POLICY_DIR_FROMVPN] | |
1154 | ->name); | |
1155 | return; | |
1156 | } | |
960035b2 PZ |
1157 | /* |
1158 | * if route-map changed nexthop, don't nexthop-self on output | |
1159 | */ | |
1160 | if (!CHECK_FLAG(static_attr.rmap_change_flags, | |
1161 | BATTR_RMAP_NEXTHOP_UNCHANGED)) | |
1162 | nexthop_self_flag = 0; | |
ddb5b488 PZ |
1163 | } |
1164 | ||
1165 | new_attr = bgp_attr_intern(&static_attr); | |
1166 | bgp_attr_flush(&static_attr); | |
1167 | ||
1168 | bn = bgp_afi_node_get(bgp_vrf->rib[afi][safi], afi, safi, p, NULL); | |
1169 | ||
1170 | /* | |
1171 | * ensure labels are copied | |
513bf8d6 PZ |
1172 | * |
1173 | * However, there is a special case: if the route originated in | |
1174 | * another local VRF (as opposed to arriving via VPN), then the | |
1175 | * nexthop is reached by hairpinning through this router (me) | |
1176 | * using IP forwarding only (no LSP). Therefore, the route | |
1177 | * imported to the VRF should not have labels attached. Note | |
1178 | * that nexthop tracking is also involved: eliminating the | |
1179 | * labels for these routes enables the non-labeled nexthops | |
1180 | * from the originating VRF to be considered valid for this route. | |
ddb5b488 | 1181 | */ |
12a844a5 DS |
1182 | if (!CHECK_FLAG(bgp_vrf->af_flags[afi][safi], |
1183 | BGP_CONFIG_VRF_TO_VRF_IMPORT)) { | |
1184 | /* work back to original route */ | |
40381db7 DS |
1185 | for (bpi_ultimate = path_vpn; |
1186 | bpi_ultimate->extra && bpi_ultimate->extra->parent; | |
1187 | bpi_ultimate = bpi_ultimate->extra->parent) | |
12a844a5 | 1188 | ; |
513bf8d6 | 1189 | |
12a844a5 DS |
1190 | /* |
1191 | * if original route was unicast, | |
1192 | * then it did not arrive over vpn | |
1193 | */ | |
40381db7 | 1194 | if (bpi_ultimate->net) { |
12a844a5 | 1195 | struct bgp_table *table; |
513bf8d6 | 1196 | |
40381db7 | 1197 | table = bgp_node_table(bpi_ultimate->net); |
12a844a5 DS |
1198 | if (table && (table->safi == SAFI_UNICAST)) |
1199 | origin_local = 1; | |
1200 | } | |
513bf8d6 | 1201 | |
12a844a5 | 1202 | /* copy labels */ |
40381db7 DS |
1203 | if (!origin_local && path_vpn->extra |
1204 | && path_vpn->extra->num_labels) { | |
1205 | num_labels = path_vpn->extra->num_labels; | |
12a844a5 DS |
1206 | if (num_labels > BGP_MAX_LABELS) |
1207 | num_labels = BGP_MAX_LABELS; | |
40381db7 | 1208 | pLabels = path_vpn->extra->label; |
12a844a5 | 1209 | } |
ddb5b488 | 1210 | } |
513bf8d6 | 1211 | |
ddb5b488 PZ |
1212 | if (debug) { |
1213 | char buf_prefix[PREFIX_STRLEN]; | |
1214 | prefix2str(p, buf_prefix, sizeof(buf_prefix)); | |
1215 | zlog_debug("%s: pfx %s: num_labels %d", __func__, buf_prefix, | |
1216 | num_labels); | |
1217 | } | |
1218 | ||
44338987 | 1219 | /* |
1d4e8b0d DS |
1220 | * For VRF-2-VRF route-leaking, |
1221 | * the source will be the originating VRF. | |
44338987 | 1222 | */ |
40381db7 DS |
1223 | if (path_vpn->extra && path_vpn->extra->bgp_orig) |
1224 | src_vrf = path_vpn->extra->bgp_orig; | |
d6632478 PZ |
1225 | else |
1226 | src_vrf = bgp_vpn; | |
1227 | ||
40381db7 DS |
1228 | leak_update(bgp_vrf, bn, new_attr, afi, safi, path_vpn, pLabels, |
1229 | num_labels, path_vpn, /* parent */ | |
1230 | src_vrf, &nexthop_orig, nexthop_self_flag, debug); | |
ddb5b488 PZ |
1231 | } |
1232 | ||
4b7e6066 | 1233 | void vpn_leak_to_vrf_update(struct bgp *bgp_vpn, /* from */ |
40381db7 | 1234 | struct bgp_path_info *path_vpn) /* route */ |
ddb5b488 PZ |
1235 | { |
1236 | struct listnode *mnode, *mnnode; | |
1237 | struct bgp *bgp; | |
1238 | ||
1239 | int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF); | |
1240 | ||
1241 | if (debug) | |
40381db7 | 1242 | zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn); |
ddb5b488 PZ |
1243 | |
1244 | /* Loop over VRFs */ | |
1245 | for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) { | |
1246 | ||
40381db7 DS |
1247 | if (!path_vpn->extra |
1248 | || path_vpn->extra->bgp_orig != bgp) { /* no loop */ | |
1249 | vpn_leak_to_vrf_update_onevrf(bgp, bgp_vpn, path_vpn); | |
ddb5b488 PZ |
1250 | } |
1251 | } | |
1252 | } | |
1253 | ||
4b7e6066 | 1254 | void vpn_leak_to_vrf_withdraw(struct bgp *bgp_vpn, /* from */ |
40381db7 | 1255 | struct bgp_path_info *path_vpn) /* route */ |
ddb5b488 | 1256 | { |
1b3510a0 PZ |
1257 | struct prefix *p; |
1258 | afi_t afi; | |
ddb5b488 PZ |
1259 | safi_t safi = SAFI_UNICAST; |
1260 | struct bgp *bgp; | |
1261 | struct listnode *mnode, *mnnode; | |
ddb5b488 | 1262 | struct bgp_node *bn; |
40381db7 | 1263 | struct bgp_path_info *bpi; |
ddb5b488 | 1264 | const char *debugmsg; |
960035b2 | 1265 | char buf_prefix[PREFIX_STRLEN]; |
ddb5b488 PZ |
1266 | |
1267 | int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF); | |
1268 | ||
960035b2 | 1269 | if (debug) { |
40381db7 DS |
1270 | prefix2str(&path_vpn->net->p, buf_prefix, sizeof(buf_prefix)); |
1271 | zlog_debug("%s: entry: p=%s, type=%d, sub_type=%d", __func__, | |
1272 | buf_prefix, path_vpn->type, path_vpn->sub_type); | |
960035b2 PZ |
1273 | } |
1274 | ||
ddb5b488 | 1275 | if (debug) |
40381db7 | 1276 | zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn); |
ddb5b488 | 1277 | |
40381db7 | 1278 | if (!path_vpn->net) { |
56c2c080 | 1279 | #if ENABLE_BGP_VNC |
40381db7 DS |
1280 | /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */ |
1281 | if (path_vpn->type == ZEBRA_ROUTE_BGP | |
1282 | && path_vpn->sub_type == BGP_ROUTE_RFP) { | |
1b3510a0 PZ |
1283 | |
1284 | return; | |
1285 | } | |
56c2c080 | 1286 | #endif |
1b3510a0 | 1287 | if (debug) |
40381db7 DS |
1288 | zlog_debug( |
1289 | "%s: path_vpn->net unexpectedly NULL, no prefix, bailing", | |
1b3510a0 PZ |
1290 | __func__); |
1291 | return; | |
1292 | } | |
1293 | ||
40381db7 | 1294 | p = &path_vpn->net->p; |
1b3510a0 | 1295 | afi = family2afi(p->family); |
ddb5b488 PZ |
1296 | |
1297 | /* Loop over VRFs */ | |
1298 | for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) { | |
b9c7bc5a | 1299 | if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) { |
ddb5b488 PZ |
1300 | if (debug) |
1301 | zlog_debug("%s: skipping: %s", __func__, | |
1302 | debugmsg); | |
1303 | continue; | |
1304 | } | |
1305 | ||
1306 | /* Check for intersection of route targets */ | |
1307 | if (!ecom_intersect(bgp->vpn_policy[afi] | |
1308 | .rtlist[BGP_VPN_POLICY_DIR_FROMVPN], | |
40381db7 | 1309 | path_vpn->attr->ecommunity)) { |
ddb5b488 PZ |
1310 | |
1311 | continue; | |
1312 | } | |
1313 | ||
1314 | if (debug) | |
1315 | zlog_debug("%s: withdrawing from vrf %s", __func__, | |
960035b2 | 1316 | bgp->name_pretty); |
ddb5b488 PZ |
1317 | |
1318 | bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL); | |
6f94b685 DS |
1319 | |
1320 | for (bpi = bgp_node_get_bgp_path_info(bn); bpi; | |
1321 | bpi = bpi->next) { | |
40381db7 DS |
1322 | if (bpi->extra |
1323 | && (struct bgp_path_info *)bpi->extra->parent | |
1324 | == path_vpn) { | |
ddb5b488 PZ |
1325 | break; |
1326 | } | |
1327 | } | |
1328 | ||
40381db7 | 1329 | if (bpi) { |
ddb5b488 | 1330 | if (debug) |
40381db7 DS |
1331 | zlog_debug("%s: deleting bpi %p", __func__, |
1332 | bpi); | |
1333 | bgp_aggregate_decrement(bgp, p, bpi, afi, safi); | |
1334 | bgp_path_info_delete(bn, bpi); | |
ddb5b488 PZ |
1335 | bgp_process(bgp, bn, afi, safi); |
1336 | } | |
1337 | bgp_unlock_node(bn); | |
1338 | } | |
1339 | } | |
1340 | ||
1341 | void vpn_leak_to_vrf_withdraw_all(struct bgp *bgp_vrf, /* to */ | |
1342 | afi_t afi) | |
1343 | { | |
1344 | struct bgp_node *bn; | |
40381db7 | 1345 | struct bgp_path_info *bpi; |
ddb5b488 PZ |
1346 | safi_t safi = SAFI_UNICAST; |
1347 | int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF); | |
ddb5b488 PZ |
1348 | |
1349 | if (debug) | |
1350 | zlog_debug("%s: entry", __func__); | |
1351 | /* | |
40381db7 | 1352 | * Walk vrf table, delete bpi with bgp_orig in a different vrf |
ddb5b488 PZ |
1353 | */ |
1354 | for (bn = bgp_table_top(bgp_vrf->rib[afi][safi]); bn; | |
1355 | bn = bgp_route_next(bn)) { | |
1356 | ||
6f94b685 DS |
1357 | for (bpi = bgp_node_get_bgp_path_info(bn); bpi; |
1358 | bpi = bpi->next) { | |
9544ddb2 | 1359 | if (bpi->extra |
1360 | && bpi->extra->bgp_orig != bgp_vrf | |
1361 | && bpi->extra->parent | |
1362 | && is_pi_family_vpn(bpi->extra->parent)) { | |
ddb5b488 PZ |
1363 | |
1364 | /* delete route */ | |
40381db7 | 1365 | bgp_aggregate_decrement(bgp_vrf, &bn->p, bpi, |
ddb5b488 | 1366 | afi, safi); |
40381db7 | 1367 | bgp_path_info_delete(bn, bpi); |
ddb5b488 PZ |
1368 | bgp_process(bgp_vrf, bn, afi, safi); |
1369 | } | |
1370 | } | |
1371 | } | |
1372 | } | |
1373 | ||
1374 | void vpn_leak_to_vrf_update_all(struct bgp *bgp_vrf, /* to */ | |
1375 | struct bgp *bgp_vpn, /* from */ | |
1376 | afi_t afi) | |
1377 | { | |
1378 | struct prefix_rd prd; | |
1379 | struct bgp_node *prn; | |
1380 | safi_t safi = SAFI_MPLS_VPN; | |
1381 | ||
3bd70bf8 | 1382 | assert(bgp_vpn); |
73aed584 | 1383 | |
ddb5b488 PZ |
1384 | /* |
1385 | * Walk vpn table | |
1386 | */ | |
1387 | for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn; | |
1388 | prn = bgp_route_next(prn)) { | |
1389 | ||
1390 | struct bgp_table *table; | |
1391 | struct bgp_node *bn; | |
40381db7 | 1392 | struct bgp_path_info *bpi; |
ddb5b488 PZ |
1393 | |
1394 | memset(&prd, 0, sizeof(prd)); | |
1395 | prd.family = AF_UNSPEC; | |
1396 | prd.prefixlen = 64; | |
1397 | memcpy(prd.val, prn->p.u.val, 8); | |
1398 | ||
1399 | /* This is the per-RD table of prefixes */ | |
67009e22 | 1400 | table = bgp_node_get_bgp_table_info(prn); |
ddb5b488 PZ |
1401 | |
1402 | if (!table) | |
1403 | continue; | |
1404 | ||
1405 | for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) { | |
1406 | ||
6f94b685 DS |
1407 | for (bpi = bgp_node_get_bgp_path_info(bn); bpi; |
1408 | bpi = bpi->next) { | |
ddb5b488 | 1409 | |
40381db7 DS |
1410 | if (bpi->extra |
1411 | && bpi->extra->bgp_orig == bgp_vrf) | |
ddb5b488 PZ |
1412 | continue; |
1413 | ||
1414 | vpn_leak_to_vrf_update_onevrf(bgp_vrf, bgp_vpn, | |
40381db7 | 1415 | bpi); |
ddb5b488 PZ |
1416 | } |
1417 | } | |
1418 | } | |
1419 | } | |
1420 | ||
d92a55df PZ |
1421 | /* |
1422 | * This function is called for definition/deletion/change to a route-map | |
1423 | */ | |
ddb5b488 PZ |
1424 | static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name) |
1425 | { | |
1426 | int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT); | |
1427 | afi_t afi; | |
1428 | struct route_map *rmap; | |
1429 | ||
1430 | if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT | |
1431 | && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) { | |
1432 | ||
1433 | return; | |
1434 | } | |
1435 | ||
1436 | rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */ | |
1437 | ||
1438 | for (afi = 0; afi < AFI_MAX; ++afi) { | |
1439 | ||
d92a55df PZ |
1440 | if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN] |
1441 | && !strcmp(rmap_name, | |
ddb5b488 PZ |
1442 | bgp->vpn_policy[afi] |
1443 | .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) { | |
1444 | ||
1445 | if (debug) | |
1446 | zlog_debug( | |
1447 | "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s", | |
1448 | __func__, rmap_name, bgp->as, | |
1449 | afi2str(afi)); | |
1450 | ||
1451 | vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi, | |
1452 | bgp_get_default(), bgp); | |
1453 | if (debug) | |
1454 | zlog_debug("%s: after vpn_leak_prechange", | |
1455 | __func__); | |
1456 | ||
d92a55df PZ |
1457 | /* in case of definition/deletion */ |
1458 | bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] = | |
1459 | rmap; | |
ddb5b488 PZ |
1460 | |
1461 | vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi, | |
1462 | bgp_get_default(), bgp); | |
d92a55df | 1463 | |
ddb5b488 PZ |
1464 | if (debug) |
1465 | zlog_debug("%s: after vpn_leak_postchange", | |
1466 | __func__); | |
1467 | } | |
1468 | ||
d92a55df PZ |
1469 | if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN] |
1470 | && !strcmp(rmap_name, | |
1471 | bgp->vpn_policy[afi] | |
1472 | .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) { | |
b9c7bc5a PZ |
1473 | |
1474 | if (debug) { | |
1475 | zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s", | |
ddb5b488 PZ |
1476 | __func__, rmap_name, bgp->as, |
1477 | afi2str(afi)); | |
b9c7bc5a | 1478 | } |
ddb5b488 PZ |
1479 | |
1480 | vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi, | |
1481 | bgp_get_default(), bgp); | |
1482 | ||
d92a55df PZ |
1483 | /* in case of definition/deletion */ |
1484 | bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] = | |
1485 | rmap; | |
ddb5b488 PZ |
1486 | |
1487 | vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi, | |
1488 | bgp_get_default(), bgp); | |
1489 | } | |
1490 | } | |
1491 | } | |
1492 | ||
636f7608 CS |
1493 | /* This API is used during router-id change, reflect VPNs |
1494 | * auto RD and RT values and readvertise routes to VPN table. | |
1495 | */ | |
e65fe398 MS |
1496 | void vpn_handle_router_id_update(struct bgp *bgp, bool withdraw, |
1497 | bool is_config) | |
636f7608 CS |
1498 | { |
1499 | afi_t afi; | |
1500 | int debug; | |
1501 | char *vname; | |
1502 | const char *export_name; | |
1503 | char buf[RD_ADDRSTRLEN]; | |
1504 | struct bgp *bgp_import; | |
1505 | struct listnode *node; | |
1506 | struct ecommunity *ecom; | |
1507 | vpn_policy_direction_t idir, edir; | |
1508 | ||
1509 | if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT | |
1510 | && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) | |
1511 | return; | |
1512 | ||
1513 | export_name = bgp->name ? bgp->name : VRF_DEFAULT_NAME; | |
1514 | debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) | | |
1515 | BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF)); | |
1516 | ||
1517 | idir = BGP_VPN_POLICY_DIR_FROMVPN; | |
1518 | edir = BGP_VPN_POLICY_DIR_TOVPN; | |
1519 | ||
1520 | for (afi = 0; afi < AFI_MAX; ++afi) { | |
1521 | if (!vpn_leak_to_vpn_active(bgp, afi, NULL)) | |
1522 | continue; | |
1523 | ||
1524 | if (withdraw) { | |
1525 | vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, | |
1526 | afi, bgp_get_default(), bgp); | |
1527 | if (debug) | |
1528 | zlog_debug("%s: %s after to_vpn vpn_leak_prechange", | |
1529 | __func__, export_name); | |
1530 | ||
1531 | /* Remove import RT from VRFs */ | |
1532 | ecom = bgp->vpn_policy[afi].rtlist[edir]; | |
1533 | for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi]. | |
1534 | export_vrf, node, vname)) { | |
1535 | bgp_import = bgp_lookup_by_name(vname); | |
1536 | if (!bgp_import) | |
1537 | continue; | |
1538 | ||
1539 | ecommunity_del_val(bgp_import->vpn_policy[afi]. | |
1540 | rtlist[idir], | |
1541 | (struct ecommunity_val *)ecom->val); | |
1542 | ||
1543 | } | |
1544 | } else { | |
e65fe398 MS |
1545 | /* |
1546 | * Router-id changes that are not explicit config | |
1547 | * changes should not replace configured RD/RT. | |
1548 | */ | |
1549 | if (!is_config) { | |
1550 | if (CHECK_FLAG(bgp->vpn_policy[afi].flags, | |
1551 | BGP_VPN_POLICY_TOVPN_RD_SET)) { | |
1552 | if (debug) | |
1553 | zlog_debug("%s: auto router-id change skipped", | |
1554 | __func__); | |
1555 | goto postchange; | |
1556 | } | |
1557 | } | |
1558 | ||
636f7608 CS |
1559 | /* New router-id derive auto RD and RT and export |
1560 | * to VPN | |
1561 | */ | |
1562 | form_auto_rd(bgp->router_id, bgp->vrf_rd_id, | |
1563 | &bgp->vrf_prd_auto); | |
1564 | bgp->vpn_policy[afi].tovpn_rd = bgp->vrf_prd_auto; | |
1565 | prefix_rd2str(&bgp->vpn_policy[afi].tovpn_rd, buf, | |
1566 | sizeof(buf)); | |
1567 | bgp->vpn_policy[afi].rtlist[edir] = | |
1568 | ecommunity_str2com(buf, | |
1569 | ECOMMUNITY_ROUTE_TARGET, 0); | |
1570 | ||
1571 | /* Update import_vrf rt_list */ | |
1572 | ecom = bgp->vpn_policy[afi].rtlist[edir]; | |
1573 | for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi]. | |
1574 | export_vrf, node, vname)) { | |
1575 | bgp_import = bgp_lookup_by_name(vname); | |
1576 | if (!bgp_import) | |
1577 | continue; | |
1578 | if (bgp_import->vpn_policy[afi].rtlist[idir]) | |
1579 | bgp_import->vpn_policy[afi].rtlist[idir] | |
1580 | = ecommunity_merge( | |
1581 | bgp_import->vpn_policy[afi] | |
1582 | .rtlist[idir], ecom); | |
1583 | else | |
1584 | bgp_import->vpn_policy[afi].rtlist[idir] | |
1585 | = ecommunity_dup(ecom); | |
1586 | ||
1587 | } | |
e65fe398 MS |
1588 | |
1589 | postchange: | |
636f7608 CS |
1590 | /* Update routes to VPN */ |
1591 | vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, | |
1592 | afi, bgp_get_default(), | |
1593 | bgp); | |
1594 | if (debug) | |
1595 | zlog_debug("%s: %s after to_vpn vpn_leak_postchange", | |
1596 | __func__, export_name); | |
1597 | } | |
1598 | } | |
1599 | } | |
1600 | ||
ddb5b488 PZ |
1601 | void vpn_policy_routemap_event(const char *rmap_name) |
1602 | { | |
1603 | int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT); | |
1604 | struct listnode *mnode, *mnnode; | |
1605 | struct bgp *bgp; | |
1606 | ||
1607 | if (debug) | |
1608 | zlog_debug("%s: entry", __func__); | |
1609 | ||
1610 | if (bm->bgp == NULL) /* may be called during cleanup */ | |
1611 | return; | |
1612 | ||
1613 | for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) | |
1614 | vpn_policy_routemap_update(bgp, rmap_name); | |
1615 | } | |
1616 | ||
1d4e8b0d | 1617 | void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp, |
44338987 | 1618 | afi_t afi, safi_t safi) |
1619 | { | |
1620 | const char *export_name; | |
1621 | vpn_policy_direction_t idir, edir; | |
9ecf931b CS |
1622 | char *vname, *tmp_name; |
1623 | char buf[RD_ADDRSTRLEN]; | |
44338987 | 1624 | struct ecommunity *ecom; |
1625 | bool first_export = false; | |
636f7608 | 1626 | int debug; |
9ecf931b CS |
1627 | struct listnode *node; |
1628 | bool is_inst_match = false; | |
44338987 | 1629 | |
5742e42b | 1630 | export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME; |
44338987 | 1631 | idir = BGP_VPN_POLICY_DIR_FROMVPN; |
1632 | edir = BGP_VPN_POLICY_DIR_TOVPN; | |
1633 | ||
636f7608 CS |
1634 | debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) | |
1635 | BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF)); | |
1636 | ||
1d4e8b0d DS |
1637 | /* |
1638 | * Cross-ref both VRFs. Also, note if this is the first time | |
44338987 | 1639 | * any VRF is importing from "import_vrf". |
1640 | */ | |
a8dadcf6 | 1641 | vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name) |
5742e42b | 1642 | : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME)); |
a8dadcf6 | 1643 | |
9ecf931b CS |
1644 | /* Check the import_vrf list of destination vrf for the source vrf name, |
1645 | * insert otherwise. | |
1646 | */ | |
1647 | for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, | |
1648 | node, tmp_name)) { | |
1649 | if (strcmp(vname, tmp_name) == 0) { | |
1650 | is_inst_match = true; | |
1651 | break; | |
1652 | } | |
1653 | } | |
1654 | if (!is_inst_match) | |
1655 | listnode_add(to_bgp->vpn_policy[afi].import_vrf, | |
1656 | vname); | |
44338987 | 1657 | |
9ecf931b CS |
1658 | /* Check if the source vrf already exports to any vrf, |
1659 | * first time export requires to setup auto derived RD/RT values. | |
1660 | * Add the destination vrf name to export vrf list if it is | |
1661 | * not present. | |
1662 | */ | |
1663 | is_inst_match = false; | |
44338987 | 1664 | vname = XSTRDUP(MTYPE_TMP, export_name); |
9ecf931b CS |
1665 | if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) { |
1666 | first_export = true; | |
1667 | } else { | |
1668 | for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf, | |
1669 | node, tmp_name)) { | |
1670 | if (strcmp(vname, tmp_name) == 0) { | |
1671 | is_inst_match = true; | |
1672 | break; | |
1673 | } | |
1674 | } | |
1675 | } | |
1676 | if (!is_inst_match) | |
1677 | listnode_add(from_bgp->vpn_policy[afi].export_vrf, | |
1678 | vname); | |
44338987 | 1679 | /* Update import RT for current VRF using export RT of the VRF we're |
1680 | * importing from. First though, make sure "import_vrf" has that | |
1681 | * set. | |
1682 | */ | |
1683 | if (first_export) { | |
1d4e8b0d DS |
1684 | form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id, |
1685 | &from_bgp->vrf_prd_auto); | |
1686 | from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto; | |
1687 | SET_FLAG(from_bgp->vpn_policy[afi].flags, | |
44338987 | 1688 | BGP_VPN_POLICY_TOVPN_RD_SET); |
1d4e8b0d | 1689 | prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd, |
44338987 | 1690 | buf, sizeof(buf)); |
1d4e8b0d | 1691 | from_bgp->vpn_policy[afi].rtlist[edir] = |
44338987 | 1692 | ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0); |
1d4e8b0d | 1693 | SET_FLAG(from_bgp->af_flags[afi][safi], |
44338987 | 1694 | BGP_CONFIG_VRF_TO_VRF_EXPORT); |
13b7e7f0 DS |
1695 | from_bgp->vpn_policy[afi].tovpn_label = |
1696 | BGP_PREVENT_VRF_2_VRF_LEAK; | |
44338987 | 1697 | } |
1d4e8b0d DS |
1698 | ecom = from_bgp->vpn_policy[afi].rtlist[edir]; |
1699 | if (to_bgp->vpn_policy[afi].rtlist[idir]) | |
1700 | to_bgp->vpn_policy[afi].rtlist[idir] = | |
1701 | ecommunity_merge(to_bgp->vpn_policy[afi] | |
44338987 | 1702 | .rtlist[idir], ecom); |
1703 | else | |
1d4e8b0d DS |
1704 | to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom); |
1705 | SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT); | |
44338987 | 1706 | |
636f7608 CS |
1707 | if (debug) { |
1708 | const char *from_name; | |
1709 | ||
1710 | from_name = from_bgp->name ? from_bgp->name : | |
1711 | VRF_DEFAULT_NAME; | |
1712 | zlog_debug("%s from %s to %s first_export %u import-rt %s export-rt %s", | |
1713 | __func__, from_name, export_name, first_export, | |
1714 | to_bgp->vpn_policy[afi].rtlist[idir] ? | |
1715 | (ecommunity_ecom2str(to_bgp->vpn_policy[afi]. | |
1716 | rtlist[idir], | |
1717 | ECOMMUNITY_FORMAT_ROUTE_MAP, 0)) : " ", | |
1718 | to_bgp->vpn_policy[afi].rtlist[edir] ? | |
1719 | (ecommunity_ecom2str(to_bgp->vpn_policy[afi]. | |
1720 | rtlist[edir], | |
1721 | ECOMMUNITY_FORMAT_ROUTE_MAP, 0)) : " "); | |
1722 | } | |
1723 | ||
44338987 | 1724 | /* Does "import_vrf" first need to export its routes or that |
1725 | * is already done and we just need to import those routes | |
1726 | * from the global table? | |
1727 | */ | |
1728 | if (first_export) | |
1d4e8b0d | 1729 | vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp); |
44338987 | 1730 | else |
1d4e8b0d | 1731 | vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp); |
44338987 | 1732 | } |
1733 | ||
1d4e8b0d | 1734 | void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp, |
44338987 | 1735 | afi_t afi, safi_t safi) |
1736 | { | |
a8dadcf6 | 1737 | const char *export_name, *tmp_name; |
44338987 | 1738 | vpn_policy_direction_t idir, edir; |
1739 | char *vname; | |
9ecf931b | 1740 | struct ecommunity *ecom = NULL; |
44338987 | 1741 | struct listnode *node; |
636f7608 | 1742 | int debug; |
44338987 | 1743 | |
5742e42b DS |
1744 | export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME; |
1745 | tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME; | |
44338987 | 1746 | idir = BGP_VPN_POLICY_DIR_FROMVPN; |
1747 | edir = BGP_VPN_POLICY_DIR_TOVPN; | |
1748 | ||
636f7608 CS |
1749 | debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) | |
1750 | BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF)); | |
1751 | ||
44338987 | 1752 | /* Were we importing from "import_vrf"? */ |
1d4e8b0d DS |
1753 | for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node, |
1754 | vname)) { | |
a8dadcf6 | 1755 | if (strcmp(vname, tmp_name) == 0) |
020a3f60 | 1756 | break; |
44338987 | 1757 | } |
1d4e8b0d DS |
1758 | |
1759 | /* | |
1760 | * We do not check in the cli if the passed in bgp | |
1761 | * instance is actually imported into us before | |
1762 | * we call this function. As such if we do not | |
1763 | * find this in the import_vrf list than | |
1764 | * we just need to return safely. | |
1765 | */ | |
44338987 | 1766 | if (!vname) |
1767 | return; | |
1768 | ||
636f7608 CS |
1769 | if (debug) |
1770 | zlog_debug("%s from %s to %s", __func__, tmp_name, export_name); | |
1771 | ||
44338987 | 1772 | /* Remove "import_vrf" from our import list. */ |
1d4e8b0d | 1773 | listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname); |
44338987 | 1774 | XFREE(MTYPE_TMP, vname); |
1775 | ||
1776 | /* Remove routes imported from "import_vrf". */ | |
1777 | /* TODO: In the current logic, we have to first remove all | |
1778 | * imported routes and then (if needed) import back routes | |
1779 | */ | |
1d4e8b0d | 1780 | vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp); |
44338987 | 1781 | |
1d4e8b0d DS |
1782 | if (to_bgp->vpn_policy[afi].import_vrf->count == 0) { |
1783 | UNSET_FLAG(to_bgp->af_flags[afi][safi], | |
44338987 | 1784 | BGP_CONFIG_VRF_TO_VRF_IMPORT); |
9ecf931b CS |
1785 | if (to_bgp->vpn_policy[afi].rtlist[idir]) |
1786 | ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]); | |
44338987 | 1787 | } else { |
1d4e8b0d | 1788 | ecom = from_bgp->vpn_policy[afi].rtlist[edir]; |
9ecf931b CS |
1789 | if (ecom) |
1790 | ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir], | |
44338987 | 1791 | (struct ecommunity_val *)ecom->val); |
1d4e8b0d | 1792 | vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp); |
44338987 | 1793 | } |
1794 | ||
89d59347 DS |
1795 | /* |
1796 | * What? | |
1797 | * So SA is assuming that since the ALL_LIST_ELEMENTS_RO | |
1798 | * below is checking for NULL that export_vrf can be | |
1799 | * NULL, consequently it is complaining( like a cabbage ) | |
1800 | * that we could dereference and crash in the listcount(..) | |
1801 | * check below. | |
1802 | * So make it happy, under protest, with liberty and justice | |
1803 | * for all. | |
1804 | */ | |
1d4e8b0d | 1805 | assert(from_bgp->vpn_policy[afi].export_vrf); |
89d59347 | 1806 | |
44338987 | 1807 | /* Remove us from "import_vrf's" export list. If no other VRF |
1808 | * is importing from "import_vrf", cleanup appropriately. | |
1809 | */ | |
1d4e8b0d | 1810 | for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf, |
44338987 | 1811 | node, vname)) { |
1812 | if (strcmp(vname, export_name) == 0) | |
1813 | break; | |
1814 | } | |
1815 | ||
1d4e8b0d DS |
1816 | /* |
1817 | * If we have gotten to this point then the vname must | |
1818 | * exist. If not, we are in a world of trouble and | |
1819 | * have slag sitting around. | |
1820 | * | |
1821 | * import_vrf and export_vrf must match in having | |
1822 | * the in/out names as appropriate. | |
9ecf931b CS |
1823 | * export_vrf list could have been cleaned up |
1824 | * as part of no router bgp source instnace. | |
1d4e8b0d | 1825 | */ |
9ecf931b CS |
1826 | if (!vname) |
1827 | return; | |
1d4e8b0d DS |
1828 | |
1829 | listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname); | |
44338987 | 1830 | XFREE(MTYPE_TMP, vname); |
1831 | ||
1d4e8b0d DS |
1832 | if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) { |
1833 | vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp); | |
1834 | ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]); | |
1835 | UNSET_FLAG(from_bgp->af_flags[afi][safi], | |
44338987 | 1836 | BGP_CONFIG_VRF_TO_VRF_EXPORT); |
1d4e8b0d | 1837 | memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0, |
44338987 | 1838 | sizeof(struct prefix_rd)); |
1d4e8b0d | 1839 | UNSET_FLAG(from_bgp->vpn_policy[afi].flags, |
44338987 | 1840 | BGP_VPN_POLICY_TOVPN_RD_SET); |
13b7e7f0 DS |
1841 | from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE; |
1842 | ||
44338987 | 1843 | } |
1844 | } | |
1845 | ||
718e3744 | 1846 | /* For testing purpose, static route of MPLS-VPN. */ |
1847 | DEFUN (vpnv4_network, | |
1848 | vpnv4_network_cmd, | |
d114b977 | 1849 | "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)", |
718e3744 | 1850 | "Specify a network to announce via BGP\n" |
0c7b1b01 | 1851 | "IPv4 prefix\n" |
718e3744 | 1852 | "Specify Route Distinguisher\n" |
1853 | "VPN Route Distinguisher\n" | |
fb1d2a2d LB |
1854 | "VPN NLRI label (tag)\n" |
1855 | "VPN NLRI label (tag)\n" | |
1856 | "Label value\n") | |
718e3744 | 1857 | { |
d62a17ae | 1858 | int idx_ipv4_prefixlen = 1; |
1859 | int idx_ext_community = 3; | |
1860 | int idx_label = 5; | |
1861 | return bgp_static_set_safi( | |
1862 | AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg, | |
1863 | argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0, | |
1864 | NULL, NULL, NULL, NULL); | |
137446f9 LB |
1865 | } |
1866 | ||
1867 | DEFUN (vpnv4_network_route_map, | |
1868 | vpnv4_network_route_map_cmd, | |
d114b977 | 1869 | "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map WORD", |
137446f9 | 1870 | "Specify a network to announce via BGP\n" |
0c7b1b01 | 1871 | "IPv4 prefix\n" |
137446f9 LB |
1872 | "Specify Route Distinguisher\n" |
1873 | "VPN Route Distinguisher\n" | |
fb1d2a2d LB |
1874 | "VPN NLRI label (tag)\n" |
1875 | "VPN NLRI label (tag)\n" | |
1876 | "Label value\n" | |
137446f9 LB |
1877 | "route map\n" |
1878 | "route map name\n") | |
1879 | { | |
d62a17ae | 1880 | int idx_ipv4_prefixlen = 1; |
1881 | int idx_ext_community = 3; | |
1882 | int idx_label = 5; | |
1883 | int idx_word_2 = 7; | |
1884 | return bgp_static_set_safi( | |
1885 | AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg, | |
1886 | argv[idx_ext_community]->arg, argv[idx_label]->arg, | |
1887 | argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL); | |
718e3744 | 1888 | } |
1889 | ||
1890 | /* For testing purpose, static route of MPLS-VPN. */ | |
1891 | DEFUN (no_vpnv4_network, | |
1892 | no_vpnv4_network_cmd, | |
d114b977 | 1893 | "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)", |
718e3744 | 1894 | NO_STR |
1895 | "Specify a network to announce via BGP\n" | |
0c7b1b01 | 1896 | "IPv4 prefix\n" |
718e3744 | 1897 | "Specify Route Distinguisher\n" |
1898 | "VPN Route Distinguisher\n" | |
fb1d2a2d LB |
1899 | "VPN NLRI label (tag)\n" |
1900 | "VPN NLRI label (tag)\n" | |
1901 | "Label value\n") | |
718e3744 | 1902 | { |
d62a17ae | 1903 | int idx_ipv4_prefixlen = 2; |
1904 | int idx_ext_community = 4; | |
1905 | int idx_label = 6; | |
1906 | return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty, | |
1907 | argv[idx_ipv4_prefixlen]->arg, | |
1908 | argv[idx_ext_community]->arg, | |
1909 | argv[idx_label]->arg, 0, NULL, NULL, NULL); | |
718e3744 | 1910 | } |
1911 | ||
c286be96 LX |
1912 | DEFUN (vpnv6_network, |
1913 | vpnv6_network_cmd, | |
d114b977 | 1914 | "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map WORD]", |
c286be96 LX |
1915 | "Specify a network to announce via BGP\n" |
1916 | "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n" | |
1917 | "Specify Route Distinguisher\n" | |
1918 | "VPN Route Distinguisher\n" | |
fb1d2a2d LB |
1919 | "VPN NLRI label (tag)\n" |
1920 | "VPN NLRI label (tag)\n" | |
1921 | "Label value\n" | |
11daee81 DS |
1922 | "route map\n" |
1923 | "route map name\n") | |
c286be96 | 1924 | { |
d62a17ae | 1925 | int idx_ipv6_prefix = 1; |
1926 | int idx_ext_community = 3; | |
1927 | int idx_label = 5; | |
1928 | int idx_word_2 = 7; | |
1929 | if (argc == 8) | |
1930 | return bgp_static_set_safi( | |
1931 | AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg, | |
1932 | argv[idx_ext_community]->arg, argv[idx_label]->arg, | |
1933 | argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL); | |
1934 | else | |
1935 | return bgp_static_set_safi( | |
1936 | AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg, | |
1937 | argv[idx_ext_community]->arg, argv[idx_label]->arg, | |
1938 | NULL, 0, NULL, NULL, NULL, NULL); | |
c286be96 LX |
1939 | } |
1940 | ||
1941 | /* For testing purpose, static route of MPLS-VPN. */ | |
1942 | DEFUN (no_vpnv6_network, | |
1943 | no_vpnv6_network_cmd, | |
d114b977 | 1944 | "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)", |
c286be96 LX |
1945 | NO_STR |
1946 | "Specify a network to announce via BGP\n" | |
1947 | "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n" | |
1948 | "Specify Route Distinguisher\n" | |
1949 | "VPN Route Distinguisher\n" | |
fb1d2a2d LB |
1950 | "VPN NLRI label (tag)\n" |
1951 | "VPN NLRI label (tag)\n" | |
1952 | "Label value\n") | |
c286be96 | 1953 | { |
d62a17ae | 1954 | int idx_ipv6_prefix = 2; |
1955 | int idx_ext_community = 4; | |
1956 | int idx_label = 6; | |
1957 | return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty, | |
1958 | argv[idx_ipv6_prefix]->arg, | |
1959 | argv[idx_ext_community]->arg, | |
1960 | argv[idx_label]->arg, 0, NULL, NULL, NULL); | |
c286be96 LX |
1961 | } |
1962 | ||
d62a17ae | 1963 | int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd, |
1964 | enum bgp_show_type type, void *output_arg, int tags, | |
9f049418 | 1965 | bool use_json) |
718e3744 | 1966 | { |
d62a17ae | 1967 | struct bgp *bgp; |
1968 | struct bgp_table *table; | |
d62a17ae | 1969 | |
1970 | bgp = bgp_get_default(); | |
1971 | if (bgp == NULL) { | |
1972 | if (!use_json) | |
1973 | vty_out(vty, "No BGP process is configured\n"); | |
16307668 RW |
1974 | else |
1975 | vty_out(vty, "{}\n"); | |
d62a17ae | 1976 | return CMD_WARNING; |
1977 | } | |
1ae44dfc | 1978 | table = bgp->rib[afi][SAFI_MPLS_VPN]; |
a4d82a8a PZ |
1979 | return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type, |
1980 | output_arg, use_json); | |
718e3744 | 1981 | } |
1982 | ||
4f280b15 LB |
1983 | DEFUN (show_bgp_ip_vpn_all_rd, |
1984 | show_bgp_ip_vpn_all_rd_cmd, | |
d114b977 | 1985 | "show bgp "BGP_AFI_CMD_STR" vpn all [rd ASN:NN_OR_IP-ADDRESS:NN] [json]", |
e3e29b32 LB |
1986 | SHOW_STR |
1987 | BGP_STR | |
05e588f4 | 1988 | BGP_VPNVX_HELP_STR |
e3e29b32 | 1989 | "Display VPN NLRI specific information\n" |
af8528fa | 1990 | "Display VPN NLRI specific information\n" |
e3e29b32 LB |
1991 | "Display information for a route distinguisher\n" |
1992 | "VPN Route Distinguisher\n" | |
1993 | JSON_STR) | |
1994 | { | |
d62a17ae | 1995 | int ret; |
1996 | struct prefix_rd prd; | |
1997 | afi_t afi; | |
1998 | int idx = 0; | |
1999 | ||
2000 | if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) { | |
3d7c4cd7 | 2001 | if (argv_find(argv, argc, "rd", &idx)) { |
a4d82a8a | 2002 | ret = str2prefix_rd(argv[idx + 1]->arg, &prd); |
d62a17ae | 2003 | if (!ret) { |
2004 | vty_out(vty, | |
2005 | "%% Malformed Route Distinguisher\n"); | |
2006 | return CMD_WARNING; | |
2007 | } | |
2008 | return bgp_show_mpls_vpn(vty, afi, &prd, | |
2009 | bgp_show_type_normal, NULL, 0, | |
2010 | use_json(argc, argv)); | |
2011 | } else { | |
2012 | return bgp_show_mpls_vpn(vty, afi, NULL, | |
2013 | bgp_show_type_normal, NULL, 0, | |
2014 | use_json(argc, argv)); | |
2015 | } | |
2016 | } | |
2017 | return CMD_SUCCESS; | |
718e3744 | 2018 | } |
2019 | ||
af8528fa LB |
2020 | ALIAS(show_bgp_ip_vpn_all_rd, |
2021 | show_bgp_ip_vpn_rd_cmd, | |
2022 | "show bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN [json]", | |
2023 | SHOW_STR | |
2024 | BGP_STR | |
2025 | BGP_VPNVX_HELP_STR | |
2026 | "Display VPN NLRI specific information\n" | |
2027 | "Display information for a route distinguisher\n" | |
2028 | "VPN Route Distinguisher\n" | |
2029 | JSON_STR) | |
2030 | ||
2031 | #ifdef KEEP_OLD_VPN_COMMANDS | |
3f227172 PG |
2032 | DEFUN (show_ip_bgp_vpn_rd, |
2033 | show_ip_bgp_vpn_rd_cmd, | |
af8528fa | 2034 | "show ip bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN", |
718e3744 | 2035 | SHOW_STR |
2036 | IP_STR | |
2037 | BGP_STR | |
4f280b15 | 2038 | BGP_AFI_HELP_STR |
3517059b | 2039 | "Address Family modifier\n" |
718e3744 | 2040 | "Display information for a route distinguisher\n" |
2041 | "VPN Route Distinguisher\n") | |
2042 | { | |
d62a17ae | 2043 | int idx_ext_community = argc - 1; |
2044 | int ret; | |
2045 | struct prefix_rd prd; | |
2046 | afi_t afi; | |
2047 | int idx = 0; | |
2048 | ||
2049 | if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) { | |
2050 | ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd); | |
2051 | if (!ret) { | |
2052 | vty_out(vty, "%% Malformed Route Distinguisher\n"); | |
2053 | return CMD_WARNING; | |
2054 | } | |
2055 | return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal, | |
2056 | NULL, 0, 0); | |
2057 | } | |
2058 | return CMD_SUCCESS; | |
2059 | } | |
718e3744 | 2060 | |
4f280b15 LB |
2061 | DEFUN (show_ip_bgp_vpn_all, |
2062 | show_ip_bgp_vpn_all_cmd, | |
2063 | "show [ip] bgp <vpnv4|vpnv6>", | |
2064 | SHOW_STR | |
2065 | IP_STR | |
2066 | BGP_STR | |
2067 | BGP_VPNVX_HELP_STR) | |
2068 | { | |
d62a17ae | 2069 | afi_t afi; |
2070 | int idx = 0; | |
4f280b15 | 2071 | |
d62a17ae | 2072 | if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) |
2073 | return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal, | |
2074 | NULL, 0, 0); | |
2075 | return CMD_SUCCESS; | |
4f280b15 LB |
2076 | } |
2077 | ||
3f227172 PG |
2078 | DEFUN (show_ip_bgp_vpn_all_tags, |
2079 | show_ip_bgp_vpn_all_tags_cmd, | |
2080 | "show [ip] bgp <vpnv4|vpnv6> all tags", | |
718e3744 | 2081 | SHOW_STR |
2082 | IP_STR | |
2083 | BGP_STR | |
3f227172 PG |
2084 | BGP_VPNVX_HELP_STR |
2085 | "Display information about all VPNv4/VPNV6 NLRIs\n" | |
718e3744 | 2086 | "Display BGP tags for prefixes\n") |
2087 | { | |
d62a17ae | 2088 | afi_t afi; |
2089 | int idx = 0; | |
3f227172 | 2090 | |
d62a17ae | 2091 | if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) |
2092 | return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal, | |
2093 | NULL, 1, 0); | |
2094 | return CMD_SUCCESS; | |
718e3744 | 2095 | } |
2096 | ||
3f227172 PG |
2097 | DEFUN (show_ip_bgp_vpn_rd_tags, |
2098 | show_ip_bgp_vpn_rd_tags_cmd, | |
d114b977 | 2099 | "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN tags", |
718e3744 | 2100 | SHOW_STR |
2101 | IP_STR | |
2102 | BGP_STR | |
3f227172 | 2103 | BGP_VPNVX_HELP_STR |
718e3744 | 2104 | "Display information for a route distinguisher\n" |
2105 | "VPN Route Distinguisher\n" | |
2106 | "Display BGP tags for prefixes\n") | |
2107 | { | |
d62a17ae | 2108 | int idx_ext_community = 5; |
2109 | int ret; | |
2110 | struct prefix_rd prd; | |
2111 | afi_t afi; | |
2112 | int idx = 0; | |
2113 | ||
2114 | if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) { | |
2115 | ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd); | |
2116 | if (!ret) { | |
2117 | vty_out(vty, "%% Malformed Route Distinguisher\n"); | |
2118 | return CMD_WARNING; | |
2119 | } | |
2120 | return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal, | |
2121 | NULL, 1, 0); | |
2122 | } | |
2123 | return CMD_SUCCESS; | |
718e3744 | 2124 | } |
2125 | ||
3f227172 PG |
2126 | DEFUN (show_ip_bgp_vpn_all_neighbor_routes, |
2127 | show_ip_bgp_vpn_all_neighbor_routes_cmd, | |
2128 | "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]", | |
718e3744 | 2129 | SHOW_STR |
2130 | IP_STR | |
2131 | BGP_STR | |
3f227172 PG |
2132 | BGP_VPNVX_HELP_STR |
2133 | "Display information about all VPNv4/VPNv6 NLRIs\n" | |
718e3744 | 2134 | "Detailed information on TCP and BGP neighbor connections\n" |
2135 | "Neighbor to display information about\n" | |
856ca177 | 2136 | "Display routes learned from neighbor\n" |
9973d184 | 2137 | JSON_STR) |
718e3744 | 2138 | { |
d62a17ae | 2139 | int idx_ipv4 = 6; |
2140 | union sockunion su; | |
2141 | struct peer *peer; | |
2142 | int ret; | |
9f049418 | 2143 | bool uj = use_json(argc, argv); |
d62a17ae | 2144 | afi_t afi; |
2145 | int idx = 0; | |
2146 | ||
2147 | if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) { | |
2148 | ret = str2sockunion(argv[idx_ipv4]->arg, &su); | |
2149 | if (ret < 0) { | |
2150 | if (uj) { | |
2151 | json_object *json_no = NULL; | |
2152 | json_no = json_object_new_object(); | |
2153 | json_object_string_add(json_no, "warning", | |
2154 | "Malformed address"); | |
2155 | vty_out(vty, "%s\n", | |
2156 | json_object_to_json_string(json_no)); | |
2157 | json_object_free(json_no); | |
2158 | } else | |
2159 | vty_out(vty, "Malformed address: %s\n", | |
2160 | argv[idx_ipv4]->arg); | |
2161 | return CMD_WARNING; | |
2162 | } | |
2163 | ||
2164 | peer = peer_lookup(NULL, &su); | |
2165 | if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) { | |
2166 | if (uj) { | |
2167 | json_object *json_no = NULL; | |
2168 | json_no = json_object_new_object(); | |
2169 | json_object_string_add( | |
2170 | json_no, "warning", | |
2171 | "No such neighbor or address family"); | |
2172 | vty_out(vty, "%s\n", | |
2173 | json_object_to_json_string(json_no)); | |
2174 | json_object_free(json_no); | |
2175 | } else | |
2176 | vty_out(vty, | |
2177 | "%% No such neighbor or address family\n"); | |
2178 | return CMD_WARNING; | |
2179 | } | |
2180 | ||
2181 | return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor, | |
2182 | &su, 0, uj); | |
2183 | } | |
2184 | return CMD_SUCCESS; | |
718e3744 | 2185 | } |
2186 | ||
3f227172 PG |
2187 | DEFUN (show_ip_bgp_vpn_rd_neighbor_routes, |
2188 | show_ip_bgp_vpn_rd_neighbor_routes_cmd, | |
d114b977 | 2189 | "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D routes [json]", |
718e3744 | 2190 | SHOW_STR |
2191 | IP_STR | |
2192 | BGP_STR | |
3f227172 | 2193 | BGP_VPNVX_HELP_STR |
718e3744 | 2194 | "Display information for a route distinguisher\n" |
2195 | "VPN Route Distinguisher\n" | |
2196 | "Detailed information on TCP and BGP neighbor connections\n" | |
2197 | "Neighbor to display information about\n" | |
856ca177 | 2198 | "Display routes learned from neighbor\n" |
9973d184 | 2199 | JSON_STR) |
718e3744 | 2200 | { |
d62a17ae | 2201 | int idx_ext_community = 5; |
2202 | int idx_ipv4 = 7; | |
2203 | int ret; | |
2204 | union sockunion su; | |
2205 | struct peer *peer; | |
2206 | struct prefix_rd prd; | |
9f049418 | 2207 | bool uj = use_json(argc, argv); |
d62a17ae | 2208 | afi_t afi; |
2209 | int idx = 0; | |
2210 | ||
2211 | if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) { | |
2212 | ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd); | |
2213 | if (!ret) { | |
2214 | if (uj) { | |
2215 | json_object *json_no = NULL; | |
2216 | json_no = json_object_new_object(); | |
2217 | json_object_string_add( | |
2218 | json_no, "warning", | |
2219 | "Malformed Route Distinguisher"); | |
2220 | vty_out(vty, "%s\n", | |
2221 | json_object_to_json_string(json_no)); | |
2222 | json_object_free(json_no); | |
2223 | } else | |
2224 | vty_out(vty, | |
2225 | "%% Malformed Route Distinguisher\n"); | |
2226 | return CMD_WARNING; | |
2227 | } | |
2228 | ||
2229 | ret = str2sockunion(argv[idx_ipv4]->arg, &su); | |
2230 | if (ret < 0) { | |
2231 | if (uj) { | |
2232 | json_object *json_no = NULL; | |
2233 | json_no = json_object_new_object(); | |
2234 | json_object_string_add(json_no, "warning", | |
2235 | "Malformed address"); | |
2236 | vty_out(vty, "%s\n", | |
2237 | json_object_to_json_string(json_no)); | |
2238 | json_object_free(json_no); | |
2239 | } else | |
2240 | vty_out(vty, "Malformed address: %s\n", | |
2241 | argv[idx_ext_community]->arg); | |
2242 | return CMD_WARNING; | |
2243 | } | |
2244 | ||
2245 | peer = peer_lookup(NULL, &su); | |
2246 | if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) { | |
2247 | if (uj) { | |
2248 | json_object *json_no = NULL; | |
2249 | json_no = json_object_new_object(); | |
2250 | json_object_string_add( | |
2251 | json_no, "warning", | |
2252 | "No such neighbor or address family"); | |
2253 | vty_out(vty, "%s\n", | |
2254 | json_object_to_json_string(json_no)); | |
2255 | json_object_free(json_no); | |
2256 | } else | |
2257 | vty_out(vty, | |
2258 | "%% No such neighbor or address family\n"); | |
2259 | return CMD_WARNING; | |
2260 | } | |
2261 | ||
2262 | return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_neighbor, | |
2263 | &su, 0, uj); | |
2264 | } | |
2265 | return CMD_SUCCESS; | |
718e3744 | 2266 | } |
2267 | ||
3f227172 PG |
2268 | DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes, |
2269 | show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd, | |
2270 | "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]", | |
718e3744 | 2271 | SHOW_STR |
2272 | IP_STR | |
2273 | BGP_STR | |
3f227172 PG |
2274 | BGP_VPNVX_HELP_STR |
2275 | "Display information about all VPNv4/VPNv6 NLRIs\n" | |
718e3744 | 2276 | "Detailed information on TCP and BGP neighbor connections\n" |
2277 | "Neighbor to display information about\n" | |
856ca177 | 2278 | "Display the routes advertised to a BGP neighbor\n" |
9973d184 | 2279 | JSON_STR) |
718e3744 | 2280 | { |
d62a17ae | 2281 | int idx_ipv4 = 6; |
2282 | int ret; | |
2283 | struct peer *peer; | |
2284 | union sockunion su; | |
9f049418 | 2285 | bool uj = use_json(argc, argv); |
d62a17ae | 2286 | afi_t afi; |
2287 | int idx = 0; | |
2288 | ||
2289 | if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) { | |
2290 | ret = str2sockunion(argv[idx_ipv4]->arg, &su); | |
2291 | if (ret < 0) { | |
2292 | if (uj) { | |
2293 | json_object *json_no = NULL; | |
2294 | json_no = json_object_new_object(); | |
2295 | json_object_string_add(json_no, "warning", | |
2296 | "Malformed address"); | |
2297 | vty_out(vty, "%s\n", | |
2298 | json_object_to_json_string(json_no)); | |
2299 | json_object_free(json_no); | |
2300 | } else | |
2301 | vty_out(vty, "Malformed address: %s\n", | |
2302 | argv[idx_ipv4]->arg); | |
2303 | return CMD_WARNING; | |
2304 | } | |
2305 | peer = peer_lookup(NULL, &su); | |
2306 | if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) { | |
2307 | if (uj) { | |
2308 | json_object *json_no = NULL; | |
2309 | json_no = json_object_new_object(); | |
2310 | json_object_string_add( | |
2311 | json_no, "warning", | |
2312 | "No such neighbor or address family"); | |
2313 | vty_out(vty, "%s\n", | |
2314 | json_object_to_json_string(json_no)); | |
2315 | json_object_free(json_no); | |
2316 | } else | |
2317 | vty_out(vty, | |
2318 | "%% No such neighbor or address family\n"); | |
2319 | return CMD_WARNING; | |
2320 | } | |
2321 | return show_adj_route_vpn(vty, peer, NULL, AFI_IP, | |
2322 | SAFI_MPLS_VPN, uj); | |
2323 | } | |
2324 | return CMD_SUCCESS; | |
718e3744 | 2325 | } |
2326 | ||
3f227172 PG |
2327 | DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes, |
2328 | show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd, | |
d114b977 | 2329 | "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D advertised-routes [json]", |
718e3744 | 2330 | SHOW_STR |
2331 | IP_STR | |
2332 | BGP_STR | |
3f227172 | 2333 | BGP_VPNVX_HELP_STR |
718e3744 | 2334 | "Display information for a route distinguisher\n" |
2335 | "VPN Route Distinguisher\n" | |
2336 | "Detailed information on TCP and BGP neighbor connections\n" | |
2337 | "Neighbor to display information about\n" | |
856ca177 | 2338 | "Display the routes advertised to a BGP neighbor\n" |
9973d184 | 2339 | JSON_STR) |
718e3744 | 2340 | { |
d62a17ae | 2341 | int idx_ext_community = 5; |
2342 | int idx_ipv4 = 7; | |
2343 | int ret; | |
2344 | struct peer *peer; | |
2345 | struct prefix_rd prd; | |
2346 | union sockunion su; | |
9f049418 | 2347 | bool uj = use_json(argc, argv); |
d62a17ae | 2348 | afi_t afi; |
2349 | int idx = 0; | |
2350 | ||
2351 | if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) { | |
2352 | ret = str2sockunion(argv[idx_ipv4]->arg, &su); | |
2353 | if (ret < 0) { | |
2354 | if (uj) { | |
2355 | json_object *json_no = NULL; | |
2356 | json_no = json_object_new_object(); | |
2357 | json_object_string_add(json_no, "warning", | |
2358 | "Malformed address"); | |
2359 | vty_out(vty, "%s\n", | |
2360 | json_object_to_json_string(json_no)); | |
2361 | json_object_free(json_no); | |
2362 | } else | |
2363 | vty_out(vty, "Malformed address: %s\n", | |
2364 | argv[idx_ext_community]->arg); | |
2365 | return CMD_WARNING; | |
2366 | } | |
2367 | peer = peer_lookup(NULL, &su); | |
2368 | if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) { | |
2369 | if (uj) { | |
2370 | json_object *json_no = NULL; | |
2371 | json_no = json_object_new_object(); | |
2372 | json_object_string_add( | |
2373 | json_no, "warning", | |
2374 | "No such neighbor or address family"); | |
2375 | vty_out(vty, "%s\n", | |
2376 | json_object_to_json_string(json_no)); | |
2377 | json_object_free(json_no); | |
2378 | } else | |
2379 | vty_out(vty, | |
2380 | "%% No such neighbor or address family\n"); | |
2381 | return CMD_WARNING; | |
2382 | } | |
2383 | ||
2384 | ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd); | |
2385 | if (!ret) { | |
2386 | if (uj) { | |
2387 | json_object *json_no = NULL; | |
2388 | json_no = json_object_new_object(); | |
2389 | json_object_string_add( | |
2390 | json_no, "warning", | |
2391 | "Malformed Route Distinguisher"); | |
2392 | vty_out(vty, "%s\n", | |
2393 | json_object_to_json_string(json_no)); | |
2394 | json_object_free(json_no); | |
2395 | } else | |
2396 | vty_out(vty, | |
2397 | "%% Malformed Route Distinguisher\n"); | |
2398 | return CMD_WARNING; | |
2399 | } | |
2400 | ||
2401 | return show_adj_route_vpn(vty, peer, &prd, AFI_IP, | |
2402 | SAFI_MPLS_VPN, uj); | |
2403 | } | |
2404 | return CMD_SUCCESS; | |
718e3744 | 2405 | } |
d6902373 | 2406 | #endif /* KEEP_OLD_VPN_COMMANDS */ |
718e3744 | 2407 | |
d62a17ae | 2408 | void bgp_mplsvpn_init(void) |
718e3744 | 2409 | { |
d62a17ae | 2410 | install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd); |
2411 | install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd); | |
2412 | install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd); | |
718e3744 | 2413 | |
d62a17ae | 2414 | install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd); |
2415 | install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd); | |
c286be96 | 2416 | |
d62a17ae | 2417 | install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd); |
af8528fa | 2418 | install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd); |
d6902373 | 2419 | #ifdef KEEP_OLD_VPN_COMMANDS |
af8528fa | 2420 | install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd); |
d62a17ae | 2421 | install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd); |
2422 | install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd); | |
2423 | install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd); | |
2424 | install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd); | |
2425 | install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd); | |
2426 | install_element(VIEW_NODE, | |
2427 | &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd); | |
2428 | install_element(VIEW_NODE, | |
2429 | &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd); | |
d6902373 | 2430 | #endif /* KEEP_OLD_VPN_COMMANDS */ |
718e3744 | 2431 | } |
301ad80a PG |
2432 | |
2433 | vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey) | |
2434 | { | |
2435 | struct listnode *mnode, *mnnode; | |
2436 | struct bgp *bgp; | |
2437 | ||
2438 | for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) { | |
2439 | struct ecommunity *ec; | |
2440 | ||
2441 | if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF) | |
2442 | continue; | |
2443 | ||
2444 | ec = bgp->vpn_policy[AFI_IP].import_redirect_rtlist; | |
2445 | ||
2446 | if (ecom_intersect(ec, eckey)) | |
2447 | return bgp->vrf_id; | |
2448 | } | |
2449 | return VRF_UNKNOWN; | |
2450 | } | |
3bd70bf8 PZ |
2451 | |
2452 | /* | |
2453 | * The purpose of this function is to process leaks that were deferred | |
2454 | * from earlier per-vrf configuration due to not-yet-existing default | |
2455 | * vrf, in other words, configuration such as: | |
2456 | * | |
2457 | * router bgp MMM vrf FOO | |
2458 | * address-family ipv4 unicast | |
2459 | * rd vpn export 1:1 | |
2460 | * exit-address-family | |
2461 | * | |
2462 | * router bgp NNN | |
2463 | * ... | |
2464 | * | |
2465 | * This function gets called when the default instance ("router bgp NNN") | |
2466 | * is created. | |
2467 | */ | |
2468 | void vpn_leak_postchange_all(void) | |
2469 | { | |
2470 | struct listnode *next; | |
2471 | struct bgp *bgp; | |
2472 | struct bgp *bgp_default = bgp_get_default(); | |
2473 | ||
2474 | assert(bgp_default); | |
2475 | ||
2476 | /* First, do any exporting from VRFs to the single VPN RIB */ | |
2477 | for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) { | |
2478 | ||
2479 | if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF) | |
2480 | continue; | |
2481 | ||
2482 | vpn_leak_postchange( | |
2483 | BGP_VPN_POLICY_DIR_TOVPN, | |
2484 | AFI_IP, | |
2485 | bgp_default, | |
2486 | bgp); | |
2487 | ||
2488 | vpn_leak_postchange( | |
2489 | BGP_VPN_POLICY_DIR_TOVPN, | |
2490 | AFI_IP6, | |
2491 | bgp_default, | |
2492 | bgp); | |
2493 | } | |
2494 | ||
2495 | /* Now, do any importing to VRFs from the single VPN RIB */ | |
2496 | for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) { | |
2497 | ||
2498 | if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF) | |
2499 | continue; | |
2500 | ||
2501 | vpn_leak_postchange( | |
2502 | BGP_VPN_POLICY_DIR_FROMVPN, | |
2503 | AFI_IP, | |
2504 | bgp_default, | |
2505 | bgp); | |
2506 | ||
2507 | vpn_leak_postchange( | |
2508 | BGP_VPN_POLICY_DIR_FROMVPN, | |
2509 | AFI_IP6, | |
2510 | bgp_default, | |
2511 | bgp); | |
2512 | } | |
2513 | } | |
9ecf931b CS |
2514 | |
2515 | /* When a bgp vrf instance is unconfigured, remove its routes | |
2516 | * from the VPN table and this vrf could be importing routes from other | |
2517 | * bgp vrf instnaces, unimport them. | |
2518 | * VRF X and VRF Y are exporting routes to each other. | |
2519 | * When VRF X is deleted, unimport its routes from all target vrfs, | |
2520 | * also VRF Y should unimport its routes from VRF X table. | |
2521 | * This will ensure VPN table is cleaned up appropriately. | |
2522 | */ | |
2523 | int bgp_vpn_leak_unimport(struct bgp *from_bgp, struct vty *vty) | |
2524 | { | |
2525 | struct bgp *to_bgp; | |
2526 | const char *tmp_name; | |
2527 | char *vname; | |
2528 | struct listnode *node, *next; | |
2529 | safi_t safi = SAFI_UNICAST; | |
2530 | afi_t afi; | |
2531 | bool is_vrf_leak_bind; | |
2532 | int debug; | |
2533 | ||
2534 | if (from_bgp->inst_type != BGP_INSTANCE_TYPE_VRF) | |
2535 | return 0; | |
2536 | ||
2537 | debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) | | |
2538 | BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF)); | |
2539 | ||
2540 | tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME; | |
2541 | ||
2542 | for (afi = 0; afi < AFI_MAX; ++afi) { | |
2543 | /* vrf leak is for IPv4 and IPv6 Unicast only */ | |
2544 | if (afi != AFI_IP && afi != AFI_IP6) | |
2545 | continue; | |
2546 | ||
2547 | for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) { | |
2548 | if (from_bgp == to_bgp) | |
2549 | continue; | |
2550 | ||
2551 | /* Unimport and remove source vrf from the | |
2552 | * other vrfs import list. | |
2553 | */ | |
2554 | struct vpn_policy *to_vpolicy; | |
2555 | ||
2556 | is_vrf_leak_bind = false; | |
2557 | to_vpolicy = &(to_bgp->vpn_policy[afi]); | |
2558 | for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf, node, | |
2559 | vname)) { | |
2560 | if (strcmp(vname, tmp_name) == 0) { | |
2561 | is_vrf_leak_bind = true; | |
2562 | break; | |
2563 | } | |
2564 | } | |
2565 | /* skip this bgp instance as there is no leak to this | |
2566 | * vrf instance. | |
2567 | */ | |
2568 | if (!is_vrf_leak_bind) | |
2569 | continue; | |
2570 | ||
2571 | if (debug) | |
2572 | zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u", | |
2573 | __func__, from_bgp->name_pretty, | |
2574 | to_bgp->name_pretty, afi2str(afi), | |
2575 | to_vpolicy->import_vrf->count); | |
2576 | ||
2577 | vrf_unimport_from_vrf(to_bgp, from_bgp, afi, safi); | |
2578 | ||
2579 | /* readd vrf name as unimport removes import vrf name | |
2580 | * from the destination vrf's import list where the | |
2581 | * `import vrf` configuration still exist. | |
2582 | */ | |
2583 | vname = XSTRDUP(MTYPE_TMP, tmp_name); | |
2584 | listnode_add(to_bgp->vpn_policy[afi].import_vrf, | |
2585 | vname); | |
2586 | SET_FLAG(to_bgp->af_flags[afi][safi], | |
2587 | BGP_CONFIG_VRF_TO_VRF_IMPORT); | |
2588 | ||
2589 | /* If to_bgp exports its routes to the bgp vrf | |
2590 | * which is being deleted, un-import the | |
2591 | * to_bgp routes from VPN. | |
2592 | */ | |
2593 | for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi] | |
2594 | .export_vrf, node, | |
2595 | vname)) { | |
2596 | if (strcmp(vname, tmp_name) == 0) { | |
2597 | vrf_unimport_from_vrf(from_bgp, to_bgp, | |
2598 | afi, safi); | |
2599 | break; | |
2600 | } | |
2601 | } | |
2602 | } | |
2603 | } | |
2604 | return 0; | |
2605 | } | |
48381346 CS |
2606 | |
2607 | /* When a router bgp is configured, there could be a bgp vrf | |
2608 | * instance importing routes from this newly configured | |
2609 | * bgp vrf instance. Export routes from configured | |
2610 | * bgp vrf to VPN. | |
2611 | * VRF Y has import from bgp vrf x, | |
2612 | * when a bgp vrf x instance is created, export its routes | |
2613 | * to VRF Y instance. | |
2614 | */ | |
2615 | void bgp_vpn_leak_export(struct bgp *from_bgp) | |
2616 | { | |
2617 | afi_t afi; | |
2618 | const char *export_name; | |
2619 | char *vname; | |
2620 | struct listnode *node, *next; | |
2621 | struct ecommunity *ecom; | |
2622 | vpn_policy_direction_t idir, edir; | |
2623 | safi_t safi = SAFI_UNICAST; | |
2624 | struct bgp *to_bgp; | |
2625 | int debug; | |
2626 | ||
2627 | debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) | | |
2628 | BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF)); | |
2629 | ||
2630 | idir = BGP_VPN_POLICY_DIR_FROMVPN; | |
2631 | edir = BGP_VPN_POLICY_DIR_TOVPN; | |
2632 | ||
2633 | export_name = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name) | |
2634 | : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME)); | |
2635 | ||
2636 | for (afi = 0; afi < AFI_MAX; ++afi) { | |
2637 | /* vrf leak is for IPv4 and IPv6 Unicast only */ | |
2638 | if (afi != AFI_IP && afi != AFI_IP6) | |
2639 | continue; | |
2640 | ||
2641 | for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) { | |
2642 | if (from_bgp == to_bgp) | |
2643 | continue; | |
2644 | ||
2645 | /* bgp instance has import list, check to see if newly | |
2646 | * configured bgp instance is the list. | |
2647 | */ | |
2648 | struct vpn_policy *to_vpolicy; | |
2649 | ||
2650 | to_vpolicy = &(to_bgp->vpn_policy[afi]); | |
2651 | for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf, | |
2652 | node, vname)) { | |
2653 | if (strcmp(vname, export_name) != 0) | |
2654 | continue; | |
2655 | ||
2656 | if (debug) | |
2657 | zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.", | |
2658 | __func__, | |
2659 | export_name, to_bgp->name_pretty); | |
2660 | ||
2661 | ecom = from_bgp->vpn_policy[afi].rtlist[edir]; | |
2662 | /* remove import rt, it will be readded | |
2663 | * as part of import from vrf. | |
2664 | */ | |
2665 | if (ecom) | |
2666 | ecommunity_del_val( | |
2667 | to_vpolicy->rtlist[idir], | |
2668 | (struct ecommunity_val *) | |
2669 | ecom->val); | |
2670 | vrf_import_from_vrf(to_bgp, from_bgp, | |
2671 | afi, safi); | |
2672 | break; | |
2673 | ||
2674 | } | |
2675 | } | |
2676 | } | |
2677 | } |