]> git.proxmox.com Git - mirror_frr.git/blame - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #5686 from qlyoung/fix-bgp-fqdn-capability-leak
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
CommitLineData
718e3744 1/* MPLS-VPN
896014f4
DL		 2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
718e3744 20
21#include <zebra.h>
22
23#include "command.h"
24#include "prefix.h"
25#include "log.h"
26#include "memory.h"
27#include "stream.h"
3f9c7369 28#include "queue.h"
039f3a34 29#include "filter.h"
ddb5b488 30#include "mpls.h"
b9c7bc5a
PZ		 31#include "json.h"
32#include "zclient.h"
9bedbb1e 33
718e3744 34#include "bgpd/bgpd.h"
ddb5b488 35#include "bgpd/bgp_debug.h"
14454c9f 36#include "bgpd/bgp_errors.h"
718e3744 37#include "bgpd/bgp_table.h"
38#include "bgpd/bgp_route.h"
39#include "bgpd/bgp_attr.h"
9bedbb1e 40#include "bgpd/bgp_label.h"
718e3744 41#include "bgpd/bgp_mplsvpn.h"
48a5452b 42#include "bgpd/bgp_packet.h"
3f227172 43#include "bgpd/bgp_vty.h"
784d3a42 44#include "bgpd/bgp_vpn.h"
ddb5b488
PZ		 45#include "bgpd/bgp_ecommunity.h"
46#include "bgpd/bgp_zebra.h"
47#include "bgpd/bgp_nexthop.h"
960035b2 48#include "bgpd/bgp_nht.h"
0a2f9ac1 49#include "bgpd/bgp_evpn.h"
718e3744 50
65efcfce 51#if ENABLE_BGP_VNC
f8b6f499 52#include "bgpd/rfapi/rfapi_backend.h"
65efcfce
LB		 53#endif
54
ddb5b488
PZ		 55/*
56 * Definitions and external declarations.
57 */
58extern struct zclient *zclient;
59
d62a17ae 60extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
61 int *index, afi_t *afi)
3f227172 62{
d62a17ae 63 int ret = 0;
64 if (argv_find(argv, argc, "vpnv4", index)) {
65 ret = 1;
66 if (afi)
67 *afi = AFI_IP;
68 } else if (argv_find(argv, argc, "vpnv6", index)) {
69 ret = 1;
70 if (afi)
71 *afi = AFI_IP6;
72 }
73 return ret;
3f227172
PG		 74}
75
d7c0a89a 76uint32_t decode_label(mpls_label_t *label_pnt)
718e3744 77{
d7c0a89a
QY		 78 uint32_t l;
79 uint8_t *pnt = (uint8_t *)label_pnt;
718e3744 80
d7c0a89a
QY		 81 l = ((uint32_t)*pnt++ << 12);
82 l |= (uint32_t)*pnt++ << 4;
83 l |= (uint32_t)((*pnt & 0xf0) >> 4);
d62a17ae 84 return l;
718e3744 85}
86
d62a17ae 87void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
65efcfce 88{
d7c0a89a 89 uint8_t *pnt = (uint8_t *)label_pnt;
d62a17ae 90 if (pnt == NULL)
91 return;
13b7e7f0
DS		 92 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
93 *label_pnt = label;
94 return;
95 }
d62a17ae 96 *pnt++ = (label >> 12) & 0xff;
97 *pnt++ = (label >> 4) & 0xff;
98 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
65efcfce
LB		 99}
100
d62a17ae 101int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
102 struct bgp_nlri *packet)
718e3744 103{
d7c0a89a
QY		 104 uint8_t *pnt;
105 uint8_t *lim;
d62a17ae 106 struct prefix p;
107 int psize = 0;
108 int prefixlen;
d7c0a89a 109 uint16_t type;
d62a17ae 110 struct rd_as rd_as;
111 struct rd_ip rd_ip;
ef1af5e5 112 struct prefix_rd prd = {0};
ddb5b488 113 mpls_label_t label = {0};
d62a17ae 114 afi_t afi;
115 safi_t safi;
116 int addpath_encoded;
d7c0a89a 117 uint32_t addpath_id;
d62a17ae 118
d62a17ae 119 /* Make prefix_rd */
120 prd.family = AF_UNSPEC;
121 prd.prefixlen = 64;
122
123 pnt = packet->nlri;
124 lim = pnt + packet->length;
125 afi = packet->afi;
126 safi = packet->safi;
127 addpath_id = 0;
128
129 addpath_encoded =
130 (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ADDPATH_AF_RX_ADV)
131 && CHECK_FLAG(peer->af_cap[afi][safi],
132 PEER_CAP_ADDPATH_AF_TX_RCV));
718e3744 133
50905aa2 134#define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
d62a17ae 135 for (; pnt < lim; pnt += psize) {
136 /* Clear prefix structure. */
137 memset(&p, 0, sizeof(struct prefix));
138
139 if (addpath_encoded) {
140
141 /* When packet overflow occurs return immediately. */
142 if (pnt + BGP_ADDPATH_ID_LEN > lim)
513386b5 143 return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
d62a17ae 144
a3a850a1
S		 145 memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
146 addpath_id = ntohl(addpath_id);
d62a17ae 147 pnt += BGP_ADDPATH_ID_LEN;
148 }
149
150 /* Fetch prefix length. */
151 prefixlen = *pnt++;
152 p.family = afi2family(packet->afi);
153 psize = PSIZE(prefixlen);
154
155 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
af4c2728 156 flog_err(
e50f7cfd 157 EC_BGP_UPDATE_RCV,
d62a17ae 158 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
159 peer->host, prefixlen);
513386b5 160 return BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH;
d62a17ae 161 }
162
163 /* sanity check against packet data */
164 if ((pnt + psize) > lim) {
af4c2728 165 flog_err(
e50f7cfd 166 EC_BGP_UPDATE_RCV,
d62a17ae 167 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
168 peer->host, prefixlen, (uint)(lim - pnt));
513386b5 169 return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
d62a17ae 170 }
171
172 /* sanity check against storage for the IP address portion */
173 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
af4c2728 174 flog_err(
e50f7cfd 175 EC_BGP_UPDATE_RCV,
d62a17ae 176 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
177 peer->host,
178 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
179 sizeof(p.u));
513386b5 180 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
d62a17ae 181 }
182
183 /* Sanity check against max bitlen of the address family */
184 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
af4c2728 185 flog_err(
e50f7cfd 186 EC_BGP_UPDATE_RCV,
d62a17ae 187 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
188 peer->host,
189 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
190 p.family, prefix_blen(&p));
513386b5 191 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
d62a17ae 192 }
193
194 /* Copy label to prefix. */
195 memcpy(&label, pnt, BGP_LABEL_BYTES);
196 bgp_set_valid_label(&label);
197
198 /* Copy routing distinguisher to rd. */
199 memcpy(&prd.val, pnt + BGP_LABEL_BYTES, 8);
200
201 /* Decode RD type. */
202 type = decode_rd_type(pnt + BGP_LABEL_BYTES);
203
204 switch (type) {
205 case RD_TYPE_AS:
206 decode_rd_as(pnt + 5, &rd_as);
207 break;
208
209 case RD_TYPE_AS4:
210 decode_rd_as4(pnt + 5, &rd_as);
211 break;
212
213 case RD_TYPE_IP:
214 decode_rd_ip(pnt + 5, &rd_ip);
215 break;
fe770c88 216
65efcfce 217#if ENABLE_BGP_VNC
d62a17ae 218 case RD_TYPE_VNC_ETH:
219 break;
65efcfce
LB		 220#endif
221
d62a17ae 222 default:
1c50c1c0 223 flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type);
d62a17ae 224 break; /* just report */
225 }
226
227 p.prefixlen =
228 prefixlen
229 - VPN_PREFIXLEN_MIN_BYTES * 8; /* exclude label & RD */
a85297a7 230 memcpy(p.u.val, pnt + VPN_PREFIXLEN_MIN_BYTES,
d62a17ae 231 psize - VPN_PREFIXLEN_MIN_BYTES);
232
233 if (attr) {
234 bgp_update(peer, &p, addpath_id, attr, packet->afi,
235 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
b57ba6d2 236 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
d62a17ae 237 } else {
238 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
239 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
b57ba6d2 240 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
d62a17ae 241 }
242 }
243 /* Packet length consistency check. */
244 if (pnt != lim) {
af4c2728 245 flog_err(
e50f7cfd 246 EC_BGP_UPDATE_RCV,
d62a17ae 247 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
248 peer->host, lim - pnt);
513386b5 249 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
d62a17ae 250 }
251
252 return 0;
50905aa2 253#undef VPN_PREFIXLEN_MIN_BYTES
718e3744 254}
255
ddb5b488
PZ		 256/*
257 * This function informs zebra of the label this vrf sets on routes
258 * leaked to VPN. Zebra should install this label in the kernel with
259 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
260 *
261 * Sending this vrf-label association is qualified by a) whether vrf->vpn
262 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
263 * are set) and b) whether vpn-policy label is set.
264 *
265 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
266 * for this vrf, which zebra interprets to mean "delete this vrf-label
267 * association."
268 */
269void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
270{
271 mpls_label_t label = MPLS_LABEL_NONE;
ddb5b488
PZ		 272 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
273
ddb5b488
PZ		 274 if (bgp->vrf_id == VRF_UNKNOWN) {
275 if (debug) {
276 zlog_debug(
277 "%s: vrf %s: afi %s: vrf_id not set, "
278 "can't set zebra vrf label",
960035b2 279 __func__, bgp->name_pretty, afi2str(afi));
ddb5b488
PZ		 280 }
281 return;
282 }
283
284 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
285 label = bgp->vpn_policy[afi].tovpn_label;
286 }
287
288 if (debug) {
289 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
960035b2
PZ		 290 __func__, bgp->name_pretty, afi2str(afi), label,
291 bgp->vrf_id);
ddb5b488
PZ		 292 }
293
3f518d59
DS		 294 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
295 label = MPLS_LABEL_NONE;
ddb5b488
PZ		 296 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
297 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
298}
299
300/*
301 * If zebra tells us vrf has become unconfigured, tell zebra not to
302 * use this label to forward to the vrf anymore
303 */
304void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
305{
306 mpls_label_t label = MPLS_LABEL_NONE;
307 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
308
309 if (bgp->vrf_id == VRF_UNKNOWN) {
310 if (debug) {
311 zlog_debug(
312 "%s: vrf_id not set, can't delete zebra vrf label",
313 __func__);
314 }
315 return;
316 }
317
318 if (debug) {
319 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
960035b2 320 bgp->name_pretty, bgp->vrf_id);
ddb5b488
PZ		 321 }
322
323 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
324 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
325}
326
e70e9f8e
PZ		 327int vpn_leak_label_callback(
328 mpls_label_t label,
329 void *labelid,
330 bool allocated)
331{
332 struct vpn_policy *vp = (struct vpn_policy *)labelid;
333 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
334
335 if (debug)
336 zlog_debug("%s: label=%u, allocated=%d",
337 __func__, label, allocated);
338
339 if (!allocated) {
340 /*
341 * previously-allocated label is now invalid
342 */
343 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
344 (vp->tovpn_label != MPLS_LABEL_NONE)) {
345
346 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
347 vp->afi, bgp_get_default(), vp->bgp);
348 vp->tovpn_label = MPLS_LABEL_NONE;
349 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
350 vp->afi, bgp_get_default(), vp->bgp);
351 }
352 return 0;
353 }
354
355 /*
356 * New label allocation
357 */
358 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
359
360 /*
361 * not currently configured for auto label, reject allocation
362 */
363 return -1;
364 }
365
366 if (vp->tovpn_label != MPLS_LABEL_NONE) {
367 if (label == vp->tovpn_label) {
368 /* already have same label, accept but do nothing */
369 return 0;
370 }
371 /* Shouldn't happen: different label allocation */
e50f7cfd 372 flog_err(EC_BGP_LABEL,
1c50c1c0
QY		 373 "%s: %s had label %u but got new assignment %u",
374 __func__, vp->bgp->name_pretty, vp->tovpn_label,
375 label);
e70e9f8e
PZ		 376 /* use new one */
377 }
378
379 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
380 vp->afi, bgp_get_default(), vp->bgp);
381 vp->tovpn_label = label;
382 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
383 vp->afi, bgp_get_default(), vp->bgp);
384
385 return 0;
386}
387
ddb5b488
PZ		 388static int ecom_intersect(struct ecommunity *e1, struct ecommunity *e2)
389{
390 int i;
391 int j;
392
393 if (!e1 || !e2)
394 return 0;
395
396 for (i = 0; i < e1->size; ++i) {
397 for (j = 0; j < e2->size; ++j) {
398 if (!memcmp(e1->val + (i * ECOMMUNITY_SIZE),
399 e2->val + (j * ECOMMUNITY_SIZE),
400 ECOMMUNITY_SIZE)) {
401
402 return 1;
403 }
404 }
405 }
406 return 0;
407}
408
40381db7 409static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label,
4b7e6066 410 uint32_t n)
e37fb4bf
PZ		 411{
412 uint32_t i;
413
40381db7 414 if (!bpi->extra) {
e37fb4bf
PZ		 415 if (!n)
416 return true;
417 else
418 return false;
419 }
420
40381db7 421 if (n != bpi->extra->num_labels)
e37fb4bf
PZ		 422 return false;
423
424 for (i = 0; i < n; ++i) {
40381db7 425 if (label[i] != bpi->extra->label[i])
e37fb4bf
PZ		 426 return false;
427 }
428 return true;
429}
430
431/*
432 * make encoded route labels match specified encoded label set
433 */
40381db7 434static void setlabels(struct bgp_path_info *bpi,
4b7e6066
DS		 435 mpls_label_t *label, /* array of labels */
436 uint32_t num_labels)
e37fb4bf
PZ		 437{
438 if (num_labels)
439 assert(label);
440 assert(num_labels <= BGP_MAX_LABELS);
441
442 if (!num_labels) {
40381db7
DS		 443 if (bpi->extra)
444 bpi->extra->num_labels = 0;
e37fb4bf
PZ		 445 return;
446 }
447
40381db7 448 struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi);
e37fb4bf
PZ		 449 uint32_t i;
450
451 for (i = 0; i < num_labels; ++i) {
452 extra->label[i] = label[i];
453 if (!bgp_is_valid_label(&label[i])) {
454 bgp_set_valid_label(&extra->label[i]);
455 }
456 }
457 extra->num_labels = num_labels;
458}
459
ddb5b488 460/*
18ee8310 461 * returns pointer to new bgp_path_info upon success
ddb5b488 462 */
4b7e6066
DS		 463static struct bgp_path_info *
464leak_update(struct bgp *bgp, /* destination bgp instance */
465 struct bgp_node *bn, struct attr *new_attr, /* already interned */
40381db7 466 afi_t afi, safi_t safi, struct bgp_path_info *source_bpi,
4b7e6066
DS		 467 mpls_label_t *label, uint32_t num_labels, void *parent,
468 struct bgp *bgp_orig, struct prefix *nexthop_orig,
469 int nexthop_self_flag, int debug)
ddb5b488
PZ		 470{
471 struct prefix *p = &bn->p;
40381db7
DS		 472 struct bgp_path_info *bpi;
473 struct bgp_path_info *bpi_ultimate;
4b7e6066 474 struct bgp_path_info *new;
ddb5b488 475 char buf_prefix[PREFIX_STRLEN];
ddb5b488
PZ		 476
477 if (debug) {
478 prefix2str(&bn->p, buf_prefix, sizeof(buf_prefix));
960035b2 479 zlog_debug("%s: entry: leak-to=%s, p=%s, type=%d, sub_type=%d",
40381db7
DS		 480 __func__, bgp->name_pretty, buf_prefix,
481 source_bpi->type, source_bpi->sub_type);
ddb5b488
PZ		 482 }
483
f46d45c1
PZ		 484 /*
485 * Routes that are redistributed into BGP from zebra do not get
486 * nexthop tracking. However, if those routes are subsequently
487 * imported to other RIBs within BGP, the leaked routes do not
488 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
489 * in order to determine if the route we are currently leaking
490 * should have nexthop tracking, we must find the ultimate
491 * parent so we can check its sub_type.
492 *
40381db7 493 * As of now, source_bpi may at most be a second-generation route
f46d45c1
PZ		 494 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
495 * Using a loop here supports more complex intra-bgp import-export
496 * schemes that could be implemented in the future.
3bd70bf8 497 *
f46d45c1 498 */
40381db7
DS		 499 for (bpi_ultimate = source_bpi;
500 bpi_ultimate->extra && bpi_ultimate->extra->parent;
501 bpi_ultimate = bpi_ultimate->extra->parent)
502 ;
f46d45c1 503
ddb5b488
PZ		 504 /*
505 * match parent
506 */
6f94b685 507 for (bpi = bgp_node_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
40381db7 508 if (bpi->extra && bpi->extra->parent == parent)
ddb5b488
PZ		 509 break;
510 }
511
40381db7
DS		 512 if (bpi) {
513 bool labelssame = labels_same(bpi, label, num_labels);
e37fb4bf 514
40381db7
DS		 515 if (attrhash_cmp(bpi->attr, new_attr) && labelssame
516 && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
ddb5b488
PZ		 517
518 bgp_attr_unintern(&new_attr);
519 if (debug)
520 zlog_debug(
521 "%s: ->%s: %s: Found route, no change",
960035b2 522 __func__, bgp->name_pretty,
ddb5b488
PZ		 523 buf_prefix);
524 return NULL;
525 }
526
527 /* attr is changed */
40381db7 528 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED);
ddb5b488
PZ		 529
530 /* Rewrite BGP route information. */
40381db7
DS		 531 if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED))
532 bgp_path_info_restore(bn, bpi);
ddb5b488 533 else
40381db7
DS		 534 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
535 bgp_attr_unintern(&bpi->attr);
536 bpi->attr = new_attr;
537 bpi->uptime = bgp_clock();
ddb5b488 538
e37fb4bf
PZ		 539 /*
540 * rewrite labels
541 */
542 if (!labelssame)
40381db7 543 setlabels(bpi, label, num_labels);
e37fb4bf 544
960035b2 545 if (nexthop_self_flag)
40381db7 546 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF);
960035b2
PZ		 547
548 struct bgp *bgp_nexthop = bgp;
549 int nh_valid;
550
40381db7
DS		 551 if (bpi->extra && bpi->extra->bgp_orig)
552 bgp_nexthop = bpi->extra->bgp_orig;
960035b2 553
0a2f9ac1 554 /*
555 * No nexthop tracking for redistributed routes or for
556 * EVPN-imported routes that get leaked.
557 */
558 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
559 is_pi_family_evpn(bpi_ultimate))
960035b2
PZ		 560 nh_valid = 1;
561 else
562 /*
563 * TBD do we need to do anything about the
564 * 'connected' parameter?
565 */
40381db7
DS		 566 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop,
567 afi, bpi, NULL, 0);
960035b2
PZ		 568
569 if (debug)
570 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
571 __func__, (nh_valid ? "" : "not "),
572 bgp_nexthop->name_pretty);
573
574 if (nh_valid)
40381db7 575 bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID);
960035b2 576
ddb5b488 577 /* Process change. */
40381db7 578 bgp_aggregate_increment(bgp, p, bpi, afi, safi);
ddb5b488
PZ		 579 bgp_process(bgp, bn, afi, safi);
580 bgp_unlock_node(bn);
581
582 if (debug)
583 zlog_debug("%s: ->%s: %s Found route, changed attr",
960035b2 584 __func__, bgp->name_pretty, buf_prefix);
ddb5b488 585
40381db7 586 return bpi;
ddb5b488
PZ		 587 }
588
be180f97 589 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
960035b2
PZ		 590 bgp->peer_self, new_attr, bn);
591
592 if (nexthop_self_flag)
18ee8310 593 bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF);
ddb5b488 594
18ee8310 595 bgp_path_info_extra_get(new);
4b85140f 596
e37fb4bf
PZ		 597 if (num_labels)
598 setlabels(new, label, num_labels);
599
18ee8310 600 new->extra->parent = bgp_path_info_lock(parent);
4b7e6066 601 bgp_lock_node((struct bgp_node *)((struct bgp_path_info *)parent)->net);
ddb5b488 602 if (bgp_orig)
21d88ef7 603 new->extra->bgp_orig = bgp_lock(bgp_orig);
ddb5b488
PZ		 604 if (nexthop_orig)
605 new->extra->nexthop_orig = *nexthop_orig;
606
960035b2
PZ		 607 /*
608 * nexthop tracking for unicast routes
609 */
610 struct bgp *bgp_nexthop = bgp;
611 int nh_valid;
612
4b85140f 613 if (new->extra->bgp_orig)
960035b2
PZ		 614 bgp_nexthop = new->extra->bgp_orig;
615
616 /*
617 * No nexthop tracking for redistributed routes because
618 * their originating protocols will do the tracking and
619 * withdraw those routes if the nexthops become unreachable
0a2f9ac1 620 * This also holds good for EVPN-imported routes that get
621 * leaked.
960035b2 622 */
0a2f9ac1 623 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
624 is_pi_family_evpn(bpi_ultimate))
960035b2
PZ		 625 nh_valid = 1;
626 else
627 /*
628 * TBD do we need to do anything about the
629 * 'connected' parameter?
630 */
631 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop,
632 afi, new, NULL, 0);
633
634 if (debug)
635 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
636 __func__, (nh_valid ? "" : "not "),
637 bgp_nexthop->name_pretty);
638 if (nh_valid)
18ee8310 639 bgp_path_info_set_flag(bn, new, BGP_PATH_VALID);
960035b2 640
ddb5b488 641 bgp_aggregate_increment(bgp, p, new, afi, safi);
18ee8310 642 bgp_path_info_add(bn, new);
ddb5b488
PZ		 643
644 bgp_unlock_node(bn);
645 bgp_process(bgp, bn, afi, safi);
646
647 if (debug)
648 zlog_debug("%s: ->%s: %s: Added new route", __func__,
960035b2 649 bgp->name_pretty, buf_prefix);
ddb5b488
PZ		 650
651 return new;
652}
653
654/* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
4b7e6066
DS		 655void vpn_leak_from_vrf_update(struct bgp *bgp_vpn, /* to */
656 struct bgp *bgp_vrf, /* from */
40381db7 657 struct bgp_path_info *path_vrf) /* route */
ddb5b488
PZ		 658{
659 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
40381db7 660 struct prefix *p = &path_vrf->net->p;
ddb5b488
PZ		 661 afi_t afi = family2afi(p->family);
662 struct attr static_attr = {0};
663 struct attr *new_attr = NULL;
664 safi_t safi = SAFI_MPLS_VPN;
665 mpls_label_t label_val;
666 mpls_label_t label;
667 struct bgp_node *bn;
668 const char *debugmsg;
960035b2
PZ		 669 int nexthop_self_flag = 0;
670
671 if (debug)
672 zlog_debug("%s: from vrf %s", __func__, bgp_vrf->name_pretty);
ddb5b488 673
40381db7
DS		 674 if (debug && path_vrf->attr->ecommunity) {
675 char *s = ecommunity_ecom2str(path_vrf->attr->ecommunity,
c8f57349 676 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
ddb5b488 677
40381db7
DS		 678 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__,
679 bgp_vrf->name, path_vrf->type, s);
c8f57349 680 XFREE(MTYPE_ECOMMUNITY_STR, s);
ddb5b488
PZ		 681 }
682
683 if (!bgp_vpn)
684 return;
685
686 if (!afi) {
687 if (debug)
688 zlog_debug("%s: can't get afi of prefix", __func__);
689 return;
690 }
691
12d6100c 692 /* Is this route exportable into the VPN table? */
693 if (!is_route_injectable_into_vpn(path_vrf))
ddb5b488
PZ		 694 return;
695
ddb5b488
PZ		 696 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
697 if (debug)
12a844a5
DS		 698 zlog_debug("%s: %s skipping: %s", __func__,
699 bgp_vrf->name, debugmsg);
ddb5b488
PZ		 700 return;
701 }
702
6f4f49b2
QY		 703 /* shallow copy */
704 static_attr = *path_vrf->attr;
ddb5b488
PZ		 705
706 /*
707 * route map handling
708 */
709 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
4b7e6066 710 struct bgp_path_info info;
ddb5b488
PZ		 711 route_map_result_t ret;
712
713 memset(&info, 0, sizeof(info));
714 info.peer = bgp_vpn->peer_self;
715 info.attr = &static_attr;
716 ret = route_map_apply(
717 bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN],
718 p, RMAP_BGP, &info);
719 if (RMAP_DENYMATCH == ret) {
720 bgp_attr_flush(&static_attr); /* free any added parts */
721 if (debug)
722 zlog_debug(
723 "%s: vrf %s route map \"%s\" says DENY, returning",
960035b2 724 __func__, bgp_vrf->name_pretty,
ddb5b488
PZ		 725 bgp_vrf->vpn_policy[afi]
726 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
727 ->name);
728 return;
729 }
730 }
731
c8f57349
DS		 732 if (debug && static_attr.ecommunity) {
733 char *s = ecommunity_ecom2str(static_attr.ecommunity,
734 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
ddb5b488 735
ddb5b488
PZ		 736 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
737 __func__, s);
c8f57349 738 XFREE(MTYPE_ECOMMUNITY_STR, s);
ddb5b488
PZ		 739 }
740
741 /*
742 * Add the vpn-policy rt-list
743 */
744 struct ecommunity *old_ecom;
745 struct ecommunity *new_ecom;
746
747 old_ecom = static_attr.ecommunity;
748 if (old_ecom) {
749 new_ecom = ecommunity_merge(
750 ecommunity_dup(old_ecom),
751 bgp_vrf->vpn_policy[afi]
752 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
753 if (!old_ecom->refcnt)
754 ecommunity_free(&old_ecom);
755 } else {
756 new_ecom = ecommunity_dup(
757 bgp_vrf->vpn_policy[afi]
758 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
759 }
760 static_attr.ecommunity = new_ecom;
761 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
762
c8f57349
DS		 763 if (debug && static_attr.ecommunity) {
764 char *s = ecommunity_ecom2str(static_attr.ecommunity,
765 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
ddb5b488 766
ddb5b488
PZ		 767 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
768 __func__, s);
c8f57349 769 XFREE(MTYPE_ECOMMUNITY_STR, s);
ddb5b488
PZ		 770 }
771
772 /* Nexthop */
773 /* if policy nexthop not set, use 0 */
774 if (CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
775 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
ddb5b488
PZ		 776 struct prefix *nexthop =
777 &bgp_vrf->vpn_policy[afi].tovpn_nexthop;
12a844a5 778
ddb5b488
PZ		 779 switch (nexthop->family) {
780 case AF_INET:
781 /* prevent mp_nexthop_global_in <- self in bgp_route.c
782 */
783 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
784
785 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
0606039c 786 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV4;
ddb5b488
PZ		 787 break;
788
789 case AF_INET6:
790 static_attr.mp_nexthop_global = nexthop->u.prefix6;
0606039c 791 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL;
ddb5b488
PZ		 792 break;
793
794 default:
795 assert(0);
796 }
797 } else {
12a844a5
DS		 798 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST],
799 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
800 if (afi == AFI_IP) {
020a3f60
DS		 801 /*
802 * For ipv4, copy to multiprotocol
803 * nexthop field
804 */
805 static_attr.mp_nexthop_global_in =
806 static_attr.nexthop;
0606039c
DA		 807 static_attr.mp_nexthop_len =
808 BGP_ATTR_NHLEN_IPV4;
020a3f60
DS		 809 /*
810 * XXX Leave static_attr.nexthop
811 * intact for NHT
812 */
813 static_attr.flag &=
814 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
12a844a5
DS		 815 }
816 } else {
77e62f2b 817 /* Update based on next-hop family to account for
818 * RFC 5549 (BGP unnumbered) scenario. Note that
819 * specific action is only needed for the case of
820 * IPv4 nexthops as the attr has been copied
821 * otherwise.
822 */
40381db7
DS		 823 if (afi == AFI_IP
824 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
12a844a5
DS		 825 static_attr.mp_nexthop_global_in.s_addr =
826 static_attr.nexthop.s_addr;
0606039c
DA		 827 static_attr.mp_nexthop_len =
828 BGP_ATTR_NHLEN_IPV4;
12a844a5
DS		 829 static_attr.flag |=
830 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
12a844a5 831 }
ddb5b488 832 }
960035b2 833 nexthop_self_flag = 1;
ddb5b488
PZ		 834 }
835
836 label_val = bgp_vrf->vpn_policy[afi].tovpn_label;
837 if (label_val == MPLS_LABEL_NONE) {
291e32c3 838 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
ddb5b488
PZ		 839 } else {
840 encode_label(label_val, &label);
841 }
842
843 /* Set originator ID to "me" */
844 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
845 static_attr.originator_id = bgp_vpn->router_id;
846
847
848 new_attr = bgp_attr_intern(
849 &static_attr); /* hashed refcounted everything */
850 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
851
c3e345b1
DS		 852 if (debug && new_attr->ecommunity) {
853 char *s = ecommunity_ecom2str(new_attr->ecommunity,
854 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
ddb5b488 855
ddb5b488 856 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
c3e345b1 857 XFREE(MTYPE_ECOMMUNITY_STR, s);
ddb5b488
PZ		 858 }
859
860 /* Now new_attr is an allocated interned attr */
861
862 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
863 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
864
4b7e6066 865 struct bgp_path_info *new_info;
ddb5b488 866
40381db7
DS		 867 new_info = leak_update(bgp_vpn, bn, new_attr, afi, safi, path_vrf,
868 &label, 1, path_vrf, bgp_vrf, NULL,
960035b2 869 nexthop_self_flag, debug);
ddb5b488
PZ		 870
871 /*
872 * Routes actually installed in the vpn RIB must also be
873 * offered to all vrfs (because now they originate from
874 * the vpn RIB).
875 *
876 * Acceptance into other vrfs depends on rt-lists.
877 * Originating vrf will not accept the looped back route
878 * because of loop checking.
879 */
880 if (new_info)
321b4bc9 881 vpn_leak_to_vrf_update(bgp_vrf, new_info);
ddb5b488
PZ		 882}
883
4b7e6066
DS		 884void vpn_leak_from_vrf_withdraw(struct bgp *bgp_vpn, /* to */
885 struct bgp *bgp_vrf, /* from */
40381db7 886 struct bgp_path_info *path_vrf) /* route */
ddb5b488
PZ		 887{
888 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
40381db7 889 struct prefix *p = &path_vrf->net->p;
ddb5b488
PZ		 890 afi_t afi = family2afi(p->family);
891 safi_t safi = SAFI_MPLS_VPN;
40381db7 892 struct bgp_path_info *bpi;
ddb5b488
PZ		 893 struct bgp_node *bn;
894 const char *debugmsg;
960035b2
PZ		 895 char buf_prefix[PREFIX_STRLEN];
896
897 if (debug) {
898 prefix2str(p, buf_prefix, sizeof(buf_prefix));
899 zlog_debug(
900 "%s: entry: leak-from=%s, p=%s, type=%d, sub_type=%d",
901 __func__, bgp_vrf->name_pretty, buf_prefix,
40381db7 902 path_vrf->type, path_vrf->sub_type);
960035b2 903 }
ddb5b488 904
ddb5b488
PZ		 905 if (!bgp_vpn)
906 return;
907
908 if (!afi) {
909 if (debug)
910 zlog_debug("%s: can't get afi of prefix", __func__);
911 return;
912 }
913
12d6100c 914 /* Is this route exportable into the VPN table? */
915 if (!is_route_injectable_into_vpn(path_vrf))
916 return;
917
ddb5b488
PZ		 918 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
919 if (debug)
920 zlog_debug("%s: skipping: %s", __func__, debugmsg);
921 return;
922 }
923
924 if (debug)
40381db7 925 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf);
ddb5b488
PZ		 926
927 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
928 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
929
6f94b685
DS		 930 if (!bn)
931 return;
ddb5b488
PZ		 932 /*
933 * vrf -> vpn
40381db7 934 * match original bpi imported from
ddb5b488 935 */
6f94b685 936 for (bpi = bgp_node_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
40381db7 937 if (bpi->extra && bpi->extra->parent == path_vrf) {
ddb5b488
PZ		 938 break;
939 }
940 }
941
40381db7 942 if (bpi) {
ddb5b488 943 /* withdraw from looped vrfs as well */
40381db7 944 vpn_leak_to_vrf_withdraw(bgp_vpn, bpi);
ddb5b488 945
40381db7
DS		 946 bgp_aggregate_decrement(bgp_vpn, p, bpi, afi, safi);
947 bgp_path_info_delete(bn, bpi);
ddb5b488
PZ		 948 bgp_process(bgp_vpn, bn, afi, safi);
949 }
950 bgp_unlock_node(bn);
951}
952
953void vpn_leak_from_vrf_withdraw_all(struct bgp *bgp_vpn, /* to */
954 struct bgp *bgp_vrf, /* from */
955 afi_t afi)
956{
957 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
958 struct bgp_node *prn;
959 safi_t safi = SAFI_MPLS_VPN;
960
961 /*
40381db7 962 * Walk vpn table, delete bpi with bgp_orig == bgp_vrf
ddb5b488
PZ		 963 */
964 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
965 prn = bgp_route_next(prn)) {
966
967 struct bgp_table *table;
968 struct bgp_node *bn;
40381db7 969 struct bgp_path_info *bpi;
ddb5b488
PZ		 970
971 /* This is the per-RD table of prefixes */
67009e22 972 table = bgp_node_get_bgp_table_info(prn);
ddb5b488
PZ		 973
974 if (!table)
975 continue;
976
977 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
978
979 char buf[PREFIX2STR_BUFFER];
980
6f94b685
DS		 981 bpi = bgp_node_get_bgp_path_info(bn);
982 if (debug && bpi) {
ddb5b488
PZ		 983 zlog_debug(
984 "%s: looking at prefix %s", __func__,
985 prefix2str(&bn->p, buf, sizeof(buf)));
986 }
987
6f94b685 988 for (; bpi; bpi = bpi->next) {
ddb5b488
PZ		 989 if (debug)
990 zlog_debug("%s: type %d, sub_type %d",
40381db7
DS		 991 __func__, bpi->type,
992 bpi->sub_type);
993 if (bpi->sub_type != BGP_ROUTE_IMPORTED)
ddb5b488 994 continue;
40381db7 995 if (!bpi->extra)
ddb5b488 996 continue;
40381db7 997 if ((struct bgp *)bpi->extra->bgp_orig
ddb5b488
PZ		 998 == bgp_vrf) {
999 /* delete route */
1000 if (debug)
9165c5f5 1001 zlog_debug("%s: deleting it",
ddb5b488
PZ		 1002 __func__);
1003 bgp_aggregate_decrement(bgp_vpn, &bn->p,
40381db7
DS		 1004 bpi, afi, safi);
1005 bgp_path_info_delete(bn, bpi);
ddb5b488
PZ		 1006 bgp_process(bgp_vpn, bn, afi, safi);
1007 }
1008 }
1009 }
1010 }
1011}
1012
1013void vpn_leak_from_vrf_update_all(struct bgp *bgp_vpn, /* to */
1014 struct bgp *bgp_vrf, /* from */
1015 afi_t afi)
1016{
1017 struct bgp_node *bn;
40381db7 1018 struct bgp_path_info *bpi;
ddb5b488
PZ		 1019 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1020
1021 if (debug)
1022 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
960035b2 1023 bgp_vrf->name_pretty);
ddb5b488
PZ		 1024
1025 for (bn = bgp_table_top(bgp_vrf->rib[afi][SAFI_UNICAST]); bn;
1026 bn = bgp_route_next(bn)) {
1027
1028 if (debug)
1029 zlog_debug("%s: node=%p", __func__, bn);
1030
6f94b685
DS		 1031 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1032 bpi = bpi->next) {
ddb5b488
PZ		 1033 if (debug)
1034 zlog_debug(
1035 "%s: calling vpn_leak_from_vrf_update",
1036 __func__);
40381db7 1037 vpn_leak_from_vrf_update(bgp_vpn, bgp_vrf, bpi);
ddb5b488
PZ		 1038 }
1039 }
1040}
1041
4b7e6066
DS		 1042static void
1043vpn_leak_to_vrf_update_onevrf(struct bgp *bgp_vrf, /* to */
1044 struct bgp *bgp_vpn, /* from */
40381db7 1045 struct bgp_path_info *path_vpn) /* route */
ddb5b488 1046{
40381db7 1047 struct prefix *p = &path_vpn->net->p;
ddb5b488
PZ		 1048 afi_t afi = family2afi(p->family);
1049
ddb5b488
PZ		 1050 struct attr static_attr = {0};
1051 struct attr *new_attr = NULL;
1052 struct bgp_node *bn;
1053 safi_t safi = SAFI_UNICAST;
1054 const char *debugmsg;
1055 struct prefix nexthop_orig;
1056 mpls_label_t *pLabels = NULL;
e37fb4bf 1057 uint32_t num_labels = 0;
960035b2 1058 int nexthop_self_flag = 1;
40381db7 1059 struct bgp_path_info *bpi_ultimate = NULL;
513bf8d6 1060 int origin_local = 0;
d6632478 1061 struct bgp *src_vrf;
ddb5b488
PZ		 1062
1063 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1064
b9c7bc5a 1065 if (!vpn_leak_from_vpn_active(bgp_vrf, afi, &debugmsg)) {
ddb5b488
PZ		 1066 if (debug)
1067 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1068 return;
1069 }
1070
1071 /* Check for intersection of route targets */
1072 if (!ecom_intersect(
1073 bgp_vrf->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
40381db7 1074 path_vpn->attr->ecommunity)) {
ddb5b488
PZ		 1075
1076 return;
1077 }
1078
1dcc9e5b
CS		 1079 if (debug) {
1080 char buf_prefix[PREFIX_STRLEN];
1081
1082 prefix2str(p, buf_prefix, sizeof(buf_prefix));
1083 zlog_debug("%s: updating %s to vrf %s", __func__,
1084 buf_prefix, bgp_vrf->name_pretty);
1085 }
ddb5b488 1086
6f4f49b2
QY		 1087 /* shallow copy */
1088 static_attr = *path_vpn->attr;
ddb5b488
PZ		 1089
1090 /*
1091 * Nexthop: stash and clear
1092 *
1093 * Nexthop is valid in context of VPN core, but not in destination vrf.
1094 * Stash it for later label resolution by vrf ingress path and then
1095 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1096 */
40381db7 1097 uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len);
ddb5b488
PZ		 1098
1099 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1100 nexthop_orig.family = nhfamily;
1101
1102 switch (nhfamily) {
ddb5b488
PZ		 1103 case AF_INET:
1104 /* save */
40381db7 1105 nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in;
ddb5b488 1106 nexthop_orig.prefixlen = 32;
12a844a5
DS		 1107
1108 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1109 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1110 static_attr.nexthop.s_addr =
1111 nexthop_orig.u.prefix4.s_addr;
1112
1113 static_attr.mp_nexthop_global_in =
40381db7 1114 path_vpn->attr->mp_nexthop_global_in;
12a844a5 1115 static_attr.mp_nexthop_len =
40381db7 1116 path_vpn->attr->mp_nexthop_len;
12a844a5 1117 }
de4d0a51 1118 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
ddb5b488 1119 break;
ddb5b488
PZ		 1120 case AF_INET6:
1121 /* save */
40381db7 1122 nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global;
ddb5b488 1123 nexthop_orig.prefixlen = 128;
12a844a5
DS		 1124
1125 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1126 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1127 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
12a844a5 1128 }
ddb5b488
PZ		 1129 break;
1130 }
1131
ddb5b488
PZ		 1132 /*
1133 * route map handling
ddb5b488 1134 */
ddb5b488 1135 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
4b7e6066 1136 struct bgp_path_info info;
ddb5b488
PZ		 1137 route_map_result_t ret;
1138
1139 memset(&info, 0, sizeof(info));
1140 info.peer = bgp_vrf->peer_self;
1141 info.attr = &static_attr;
1dcc9e5b 1142 info.extra = path_vpn->extra; /* Used for source-vrf filter */
ddb5b488
PZ		 1143 ret = route_map_apply(bgp_vrf->vpn_policy[afi]
1144 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
1145 p, RMAP_BGP, &info);
1146 if (RMAP_DENYMATCH == ret) {
1147 bgp_attr_flush(&static_attr); /* free any added parts */
1148 if (debug)
1149 zlog_debug(
1150 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
960035b2 1151 __func__, bgp_vrf->name_pretty,
ddb5b488
PZ		 1152 bgp_vrf->vpn_policy[afi]
1153 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
1154 ->name);
1155 return;
1156 }
960035b2
PZ		 1157 /*
1158 * if route-map changed nexthop, don't nexthop-self on output
1159 */
1160 if (!CHECK_FLAG(static_attr.rmap_change_flags,
1161 BATTR_RMAP_NEXTHOP_UNCHANGED))
1162 nexthop_self_flag = 0;
ddb5b488
PZ		 1163 }
1164
1165 new_attr = bgp_attr_intern(&static_attr);
1166 bgp_attr_flush(&static_attr);
1167
1168 bn = bgp_afi_node_get(bgp_vrf->rib[afi][safi], afi, safi, p, NULL);
1169
1170 /*
1171 * ensure labels are copied
513bf8d6
PZ		 1172 *
1173 * However, there is a special case: if the route originated in
1174 * another local VRF (as opposed to arriving via VPN), then the
1175 * nexthop is reached by hairpinning through this router (me)
1176 * using IP forwarding only (no LSP). Therefore, the route
1177 * imported to the VRF should not have labels attached. Note
1178 * that nexthop tracking is also involved: eliminating the
1179 * labels for these routes enables the non-labeled nexthops
1180 * from the originating VRF to be considered valid for this route.
ddb5b488 1181 */
12a844a5
DS		 1182 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1183 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1184 /* work back to original route */
40381db7
DS		 1185 for (bpi_ultimate = path_vpn;
1186 bpi_ultimate->extra && bpi_ultimate->extra->parent;
1187 bpi_ultimate = bpi_ultimate->extra->parent)
12a844a5 1188 ;
513bf8d6 1189
12a844a5
DS		 1190 /*
1191 * if original route was unicast,
1192 * then it did not arrive over vpn
1193 */
40381db7 1194 if (bpi_ultimate->net) {
12a844a5 1195 struct bgp_table *table;
513bf8d6 1196
40381db7 1197 table = bgp_node_table(bpi_ultimate->net);
12a844a5
DS		 1198 if (table && (table->safi == SAFI_UNICAST))
1199 origin_local = 1;
1200 }
513bf8d6 1201
12a844a5 1202 /* copy labels */
40381db7
DS		 1203 if (!origin_local && path_vpn->extra
1204 && path_vpn->extra->num_labels) {
1205 num_labels = path_vpn->extra->num_labels;
12a844a5
DS		 1206 if (num_labels > BGP_MAX_LABELS)
1207 num_labels = BGP_MAX_LABELS;
40381db7 1208 pLabels = path_vpn->extra->label;
12a844a5 1209 }
ddb5b488 1210 }
513bf8d6 1211
ddb5b488
PZ		 1212 if (debug) {
1213 char buf_prefix[PREFIX_STRLEN];
1214 prefix2str(p, buf_prefix, sizeof(buf_prefix));
1215 zlog_debug("%s: pfx %s: num_labels %d", __func__, buf_prefix,
1216 num_labels);
1217 }
1218
44338987 1219 /*
1d4e8b0d
DS		 1220 * For VRF-2-VRF route-leaking,
1221 * the source will be the originating VRF.
44338987 1222 */
40381db7
DS		 1223 if (path_vpn->extra && path_vpn->extra->bgp_orig)
1224 src_vrf = path_vpn->extra->bgp_orig;
d6632478
PZ		 1225 else
1226 src_vrf = bgp_vpn;
1227
40381db7
DS		 1228 leak_update(bgp_vrf, bn, new_attr, afi, safi, path_vpn, pLabels,
1229 num_labels, path_vpn, /* parent */
1230 src_vrf, &nexthop_orig, nexthop_self_flag, debug);
ddb5b488
PZ		 1231}
1232
4b7e6066 1233void vpn_leak_to_vrf_update(struct bgp *bgp_vpn, /* from */
40381db7 1234 struct bgp_path_info *path_vpn) /* route */
ddb5b488
PZ		 1235{
1236 struct listnode *mnode, *mnnode;
1237 struct bgp *bgp;
1238
1239 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1240
1241 if (debug)
40381db7 1242 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
ddb5b488
PZ		 1243
1244 /* Loop over VRFs */
1245 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1246
40381db7
DS		 1247 if (!path_vpn->extra
1248 || path_vpn->extra->bgp_orig != bgp) { /* no loop */
1249 vpn_leak_to_vrf_update_onevrf(bgp, bgp_vpn, path_vpn);
ddb5b488
PZ		 1250 }
1251 }
1252}
1253
4b7e6066 1254void vpn_leak_to_vrf_withdraw(struct bgp *bgp_vpn, /* from */
40381db7 1255 struct bgp_path_info *path_vpn) /* route */
ddb5b488 1256{
1b3510a0
PZ		 1257 struct prefix *p;
1258 afi_t afi;
ddb5b488
PZ		 1259 safi_t safi = SAFI_UNICAST;
1260 struct bgp *bgp;
1261 struct listnode *mnode, *mnnode;
ddb5b488 1262 struct bgp_node *bn;
40381db7 1263 struct bgp_path_info *bpi;
ddb5b488 1264 const char *debugmsg;
960035b2 1265 char buf_prefix[PREFIX_STRLEN];
ddb5b488
PZ		 1266
1267 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1268
960035b2 1269 if (debug) {
40381db7
DS		 1270 prefix2str(&path_vpn->net->p, buf_prefix, sizeof(buf_prefix));
1271 zlog_debug("%s: entry: p=%s, type=%d, sub_type=%d", __func__,
1272 buf_prefix, path_vpn->type, path_vpn->sub_type);
960035b2
PZ		 1273 }
1274
ddb5b488 1275 if (debug)
40381db7 1276 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
ddb5b488 1277
40381db7 1278 if (!path_vpn->net) {
56c2c080 1279#if ENABLE_BGP_VNC
40381db7
DS		 1280 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
1281 if (path_vpn->type == ZEBRA_ROUTE_BGP
1282 && path_vpn->sub_type == BGP_ROUTE_RFP) {
1b3510a0
PZ		 1283
1284 return;
1285 }
56c2c080 1286#endif
1b3510a0 1287 if (debug)
40381db7
DS		 1288 zlog_debug(
1289 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
1b3510a0
PZ		 1290 __func__);
1291 return;
1292 }
1293
40381db7 1294 p = &path_vpn->net->p;
1b3510a0 1295 afi = family2afi(p->family);
ddb5b488
PZ		 1296
1297 /* Loop over VRFs */
1298 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
b9c7bc5a 1299 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
ddb5b488
PZ		 1300 if (debug)
1301 zlog_debug("%s: skipping: %s", __func__,
1302 debugmsg);
1303 continue;
1304 }
1305
1306 /* Check for intersection of route targets */
1307 if (!ecom_intersect(bgp->vpn_policy[afi]
1308 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
40381db7 1309 path_vpn->attr->ecommunity)) {
ddb5b488
PZ		 1310
1311 continue;
1312 }
1313
1314 if (debug)
1315 zlog_debug("%s: withdrawing from vrf %s", __func__,
960035b2 1316 bgp->name_pretty);
ddb5b488
PZ		 1317
1318 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
6f94b685
DS		 1319
1320 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1321 bpi = bpi->next) {
40381db7
DS		 1322 if (bpi->extra
1323 && (struct bgp_path_info *)bpi->extra->parent
1324 == path_vpn) {
ddb5b488
PZ		 1325 break;
1326 }
1327 }
1328
40381db7 1329 if (bpi) {
ddb5b488 1330 if (debug)
40381db7
DS		 1331 zlog_debug("%s: deleting bpi %p", __func__,
1332 bpi);
1333 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
1334 bgp_path_info_delete(bn, bpi);
ddb5b488
PZ		 1335 bgp_process(bgp, bn, afi, safi);
1336 }
1337 bgp_unlock_node(bn);
1338 }
1339}
1340
1341void vpn_leak_to_vrf_withdraw_all(struct bgp *bgp_vrf, /* to */
1342 afi_t afi)
1343{
1344 struct bgp_node *bn;
40381db7 1345 struct bgp_path_info *bpi;
ddb5b488
PZ		 1346 safi_t safi = SAFI_UNICAST;
1347 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
ddb5b488
PZ		 1348
1349 if (debug)
1350 zlog_debug("%s: entry", __func__);
1351 /*
40381db7 1352 * Walk vrf table, delete bpi with bgp_orig in a different vrf
ddb5b488
PZ		 1353 */
1354 for (bn = bgp_table_top(bgp_vrf->rib[afi][safi]); bn;
1355 bn = bgp_route_next(bn)) {
1356
6f94b685
DS		 1357 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1358 bpi = bpi->next) {
9544ddb2 1359 if (bpi->extra
1360 && bpi->extra->bgp_orig != bgp_vrf
1361 && bpi->extra->parent
1362 && is_pi_family_vpn(bpi->extra->parent)) {
ddb5b488
PZ		 1363
1364 /* delete route */
40381db7 1365 bgp_aggregate_decrement(bgp_vrf, &bn->p, bpi,
ddb5b488 1366 afi, safi);
40381db7 1367 bgp_path_info_delete(bn, bpi);
ddb5b488
PZ		 1368 bgp_process(bgp_vrf, bn, afi, safi);
1369 }
1370 }
1371 }
1372}
1373
1374void vpn_leak_to_vrf_update_all(struct bgp *bgp_vrf, /* to */
1375 struct bgp *bgp_vpn, /* from */
1376 afi_t afi)
1377{
1378 struct prefix_rd prd;
1379 struct bgp_node *prn;
1380 safi_t safi = SAFI_MPLS_VPN;
1381
3bd70bf8 1382 assert(bgp_vpn);
73aed584 1383
ddb5b488
PZ		 1384 /*
1385 * Walk vpn table
1386 */
1387 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
1388 prn = bgp_route_next(prn)) {
1389
1390 struct bgp_table *table;
1391 struct bgp_node *bn;
40381db7 1392 struct bgp_path_info *bpi;
ddb5b488
PZ		 1393
1394 memset(&prd, 0, sizeof(prd));
1395 prd.family = AF_UNSPEC;
1396 prd.prefixlen = 64;
1397 memcpy(prd.val, prn->p.u.val, 8);
1398
1399 /* This is the per-RD table of prefixes */
67009e22 1400 table = bgp_node_get_bgp_table_info(prn);
ddb5b488
PZ		 1401
1402 if (!table)
1403 continue;
1404
1405 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1406
6f94b685
DS		 1407 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1408 bpi = bpi->next) {
ddb5b488 1409
40381db7
DS		 1410 if (bpi->extra
1411 && bpi->extra->bgp_orig == bgp_vrf)
ddb5b488
PZ		 1412 continue;
1413
1414 vpn_leak_to_vrf_update_onevrf(bgp_vrf, bgp_vpn,
40381db7 1415 bpi);
ddb5b488
PZ		 1416 }
1417 }
1418 }
1419}
1420
d92a55df
PZ		 1421/*
1422 * This function is called for definition/deletion/change to a route-map
1423 */
ddb5b488
PZ		 1424static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
1425{
1426 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1427 afi_t afi;
1428 struct route_map *rmap;
1429
1430 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1431 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
1432
1433 return;
1434 }
1435
1436 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
1437
1438 for (afi = 0; afi < AFI_MAX; ++afi) {
1439
d92a55df
PZ		 1440 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
1441 && !strcmp(rmap_name,
ddb5b488
PZ		 1442 bgp->vpn_policy[afi]
1443 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
1444
1445 if (debug)
1446 zlog_debug(
1447 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
1448 __func__, rmap_name, bgp->as,
1449 afi2str(afi));
1450
1451 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1452 bgp_get_default(), bgp);
1453 if (debug)
1454 zlog_debug("%s: after vpn_leak_prechange",
1455 __func__);
1456
d92a55df
PZ		 1457 /* in case of definition/deletion */
1458 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
1459 rmap;
ddb5b488
PZ		 1460
1461 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1462 bgp_get_default(), bgp);
d92a55df 1463
ddb5b488
PZ		 1464 if (debug)
1465 zlog_debug("%s: after vpn_leak_postchange",
1466 __func__);
1467 }
1468
d92a55df
PZ		 1469 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
1470 && !strcmp(rmap_name,
1471 bgp->vpn_policy[afi]
1472 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
b9c7bc5a
PZ		 1473
1474 if (debug) {
1475 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
ddb5b488
PZ		 1476 __func__, rmap_name, bgp->as,
1477 afi2str(afi));
b9c7bc5a 1478 }
ddb5b488
PZ		 1479
1480 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1481 bgp_get_default(), bgp);
1482
d92a55df
PZ		 1483 /* in case of definition/deletion */
1484 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
1485 rmap;
ddb5b488
PZ		 1486
1487 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1488 bgp_get_default(), bgp);
1489 }
1490 }
1491}
1492
636f7608
CS		 1493/* This API is used during router-id change, reflect VPNs
1494 * auto RD and RT values and readvertise routes to VPN table.
1495 */
e65fe398
MS		 1496void vpn_handle_router_id_update(struct bgp *bgp, bool withdraw,
1497 bool is_config)
636f7608
CS		 1498{
1499 afi_t afi;
1500 int debug;
1501 char *vname;
1502 const char *export_name;
1503 char buf[RD_ADDRSTRLEN];
1504 struct bgp *bgp_import;
1505 struct listnode *node;
1506 struct ecommunity *ecom;
1507 vpn_policy_direction_t idir, edir;
1508
1509 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1510 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
1511 return;
1512
1513 export_name = bgp->name ? bgp->name : VRF_DEFAULT_NAME;
1514 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1515 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1516
1517 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1518 edir = BGP_VPN_POLICY_DIR_TOVPN;
1519
1520 for (afi = 0; afi < AFI_MAX; ++afi) {
1521 if (!vpn_leak_to_vpn_active(bgp, afi, NULL))
1522 continue;
1523
1524 if (withdraw) {
1525 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
1526 afi, bgp_get_default(), bgp);
1527 if (debug)
1528 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
1529 __func__, export_name);
1530
1531 /* Remove import RT from VRFs */
1532 ecom = bgp->vpn_policy[afi].rtlist[edir];
1533 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1534 export_vrf, node, vname)) {
1535 bgp_import = bgp_lookup_by_name(vname);
1536 if (!bgp_import)
1537 continue;
1538
1539 ecommunity_del_val(bgp_import->vpn_policy[afi].
1540 rtlist[idir],
1541 (struct ecommunity_val *)ecom->val);
1542
1543 }
1544 } else {
e65fe398
MS		 1545 /*
1546 * Router-id changes that are not explicit config
1547 * changes should not replace configured RD/RT.
1548 */
1549 if (!is_config) {
1550 if (CHECK_FLAG(bgp->vpn_policy[afi].flags,
1551 BGP_VPN_POLICY_TOVPN_RD_SET)) {
1552 if (debug)
1553 zlog_debug("%s: auto router-id change skipped",
1554 __func__);
1555 goto postchange;
1556 }
1557 }
1558
636f7608
CS		 1559 /* New router-id derive auto RD and RT and export
1560 * to VPN
1561 */
1562 form_auto_rd(bgp->router_id, bgp->vrf_rd_id,
1563 &bgp->vrf_prd_auto);
1564 bgp->vpn_policy[afi].tovpn_rd = bgp->vrf_prd_auto;
1565 prefix_rd2str(&bgp->vpn_policy[afi].tovpn_rd, buf,
1566 sizeof(buf));
1567 bgp->vpn_policy[afi].rtlist[edir] =
1568 ecommunity_str2com(buf,
1569 ECOMMUNITY_ROUTE_TARGET, 0);
1570
1571 /* Update import_vrf rt_list */
1572 ecom = bgp->vpn_policy[afi].rtlist[edir];
1573 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1574 export_vrf, node, vname)) {
1575 bgp_import = bgp_lookup_by_name(vname);
1576 if (!bgp_import)
1577 continue;
1578 if (bgp_import->vpn_policy[afi].rtlist[idir])
1579 bgp_import->vpn_policy[afi].rtlist[idir]
1580 = ecommunity_merge(
1581 bgp_import->vpn_policy[afi]
1582 .rtlist[idir], ecom);
1583 else
1584 bgp_import->vpn_policy[afi].rtlist[idir]
1585 = ecommunity_dup(ecom);
1586
1587 }
e65fe398
MS		 1588
1589postchange:
636f7608
CS		 1590 /* Update routes to VPN */
1591 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
1592 afi, bgp_get_default(),
1593 bgp);
1594 if (debug)
1595 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
1596 __func__, export_name);
1597 }
1598 }
1599}
1600
ddb5b488
PZ		 1601void vpn_policy_routemap_event(const char *rmap_name)
1602{
1603 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1604 struct listnode *mnode, *mnnode;
1605 struct bgp *bgp;
1606
1607 if (debug)
1608 zlog_debug("%s: entry", __func__);
1609
1610 if (bm->bgp == NULL) /* may be called during cleanup */
1611 return;
1612
1613 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
1614 vpn_policy_routemap_update(bgp, rmap_name);
1615}
1616
1d4e8b0d 1617void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
44338987 1618 afi_t afi, safi_t safi)
1619{
1620 const char *export_name;
1621 vpn_policy_direction_t idir, edir;
9ecf931b
CS		 1622 char *vname, *tmp_name;
1623 char buf[RD_ADDRSTRLEN];
44338987 1624 struct ecommunity *ecom;
1625 bool first_export = false;
636f7608 1626 int debug;
9ecf931b
CS		 1627 struct listnode *node;
1628 bool is_inst_match = false;
44338987 1629
5742e42b 1630 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
44338987 1631 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1632 edir = BGP_VPN_POLICY_DIR_TOVPN;
1633
636f7608
CS		 1634 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1635 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1636
1d4e8b0d
DS		 1637 /*
1638 * Cross-ref both VRFs. Also, note if this is the first time
44338987 1639 * any VRF is importing from "import_vrf".
1640 */
a8dadcf6 1641 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
5742e42b 1642 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
a8dadcf6 1643
9ecf931b
CS		 1644 /* Check the import_vrf list of destination vrf for the source vrf name,
1645 * insert otherwise.
1646 */
1647 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf,
1648 node, tmp_name)) {
1649 if (strcmp(vname, tmp_name) == 0) {
1650 is_inst_match = true;
1651 break;
1652 }
1653 }
1654 if (!is_inst_match)
1655 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
1656 vname);
44338987 1657
9ecf931b
CS		 1658 /* Check if the source vrf already exports to any vrf,
1659 * first time export requires to setup auto derived RD/RT values.
1660 * Add the destination vrf name to export vrf list if it is
1661 * not present.
1662 */
1663 is_inst_match = false;
44338987 1664 vname = XSTRDUP(MTYPE_TMP, export_name);
9ecf931b
CS		 1665 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
1666 first_export = true;
1667 } else {
1668 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
1669 node, tmp_name)) {
1670 if (strcmp(vname, tmp_name) == 0) {
1671 is_inst_match = true;
1672 break;
1673 }
1674 }
1675 }
1676 if (!is_inst_match)
1677 listnode_add(from_bgp->vpn_policy[afi].export_vrf,
1678 vname);
44338987 1679 /* Update import RT for current VRF using export RT of the VRF we're
1680 * importing from. First though, make sure "import_vrf" has that
1681 * set.
1682 */
1683 if (first_export) {
1d4e8b0d
DS		 1684 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
1685 &from_bgp->vrf_prd_auto);
1686 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
1687 SET_FLAG(from_bgp->vpn_policy[afi].flags,
44338987 1688 BGP_VPN_POLICY_TOVPN_RD_SET);
1d4e8b0d 1689 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
44338987 1690 buf, sizeof(buf));
1d4e8b0d 1691 from_bgp->vpn_policy[afi].rtlist[edir] =
44338987 1692 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
1d4e8b0d 1693 SET_FLAG(from_bgp->af_flags[afi][safi],
44338987 1694 BGP_CONFIG_VRF_TO_VRF_EXPORT);
13b7e7f0
DS		 1695 from_bgp->vpn_policy[afi].tovpn_label =
1696 BGP_PREVENT_VRF_2_VRF_LEAK;
44338987 1697 }
1d4e8b0d
DS		 1698 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1699 if (to_bgp->vpn_policy[afi].rtlist[idir])
1700 to_bgp->vpn_policy[afi].rtlist[idir] =
1701 ecommunity_merge(to_bgp->vpn_policy[afi]
44338987 1702 .rtlist[idir], ecom);
1703 else
1d4e8b0d
DS		 1704 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
1705 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
44338987 1706
636f7608
CS		 1707 if (debug) {
1708 const char *from_name;
1709
1710 from_name = from_bgp->name ? from_bgp->name :
1711 VRF_DEFAULT_NAME;
1712 zlog_debug("%s from %s to %s first_export %u import-rt %s export-rt %s",
1713 __func__, from_name, export_name, first_export,
1714 to_bgp->vpn_policy[afi].rtlist[idir] ?
1715 (ecommunity_ecom2str(to_bgp->vpn_policy[afi].
1716 rtlist[idir],
1717 ECOMMUNITY_FORMAT_ROUTE_MAP, 0)) : " ",
1718 to_bgp->vpn_policy[afi].rtlist[edir] ?
1719 (ecommunity_ecom2str(to_bgp->vpn_policy[afi].
1720 rtlist[edir],
1721 ECOMMUNITY_FORMAT_ROUTE_MAP, 0)) : " ");
1722 }
1723
44338987 1724 /* Does "import_vrf" first need to export its routes or that
1725 * is already done and we just need to import those routes
1726 * from the global table?
1727 */
1728 if (first_export)
1d4e8b0d 1729 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
44338987 1730 else
1d4e8b0d 1731 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
44338987 1732}
1733
1d4e8b0d 1734void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
44338987 1735 afi_t afi, safi_t safi)
1736{
a8dadcf6 1737 const char *export_name, *tmp_name;
44338987 1738 vpn_policy_direction_t idir, edir;
1739 char *vname;
9ecf931b 1740 struct ecommunity *ecom = NULL;
44338987 1741 struct listnode *node;
636f7608 1742 int debug;
44338987 1743
5742e42b
DS		 1744 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
1745 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
44338987 1746 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1747 edir = BGP_VPN_POLICY_DIR_TOVPN;
1748
636f7608
CS		 1749 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1750 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1751
44338987 1752 /* Were we importing from "import_vrf"? */
1d4e8b0d
DS		 1753 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
1754 vname)) {
a8dadcf6 1755 if (strcmp(vname, tmp_name) == 0)
020a3f60 1756 break;
44338987 1757 }
1d4e8b0d
DS		 1758
1759 /*
1760 * We do not check in the cli if the passed in bgp
1761 * instance is actually imported into us before
1762 * we call this function. As such if we do not
1763 * find this in the import_vrf list than
1764 * we just need to return safely.
1765 */
44338987 1766 if (!vname)
1767 return;
1768
636f7608
CS		 1769 if (debug)
1770 zlog_debug("%s from %s to %s", __func__, tmp_name, export_name);
1771
44338987 1772 /* Remove "import_vrf" from our import list. */
1d4e8b0d 1773 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
44338987 1774 XFREE(MTYPE_TMP, vname);
1775
1776 /* Remove routes imported from "import_vrf". */
1777 /* TODO: In the current logic, we have to first remove all
1778 * imported routes and then (if needed) import back routes
1779 */
1d4e8b0d 1780 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
44338987 1781
1d4e8b0d
DS		 1782 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
1783 UNSET_FLAG(to_bgp->af_flags[afi][safi],
44338987 1784 BGP_CONFIG_VRF_TO_VRF_IMPORT);
9ecf931b
CS		 1785 if (to_bgp->vpn_policy[afi].rtlist[idir])
1786 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
44338987 1787 } else {
1d4e8b0d 1788 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
9ecf931b
CS		 1789 if (ecom)
1790 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
44338987 1791 (struct ecommunity_val *)ecom->val);
1d4e8b0d 1792 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
44338987 1793 }
1794
89d59347
DS		 1795 /*
1796 * What?
1797 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
1798 * below is checking for NULL that export_vrf can be
1799 * NULL, consequently it is complaining( like a cabbage )
1800 * that we could dereference and crash in the listcount(..)
1801 * check below.
1802 * So make it happy, under protest, with liberty and justice
1803 * for all.
1804 */
1d4e8b0d 1805 assert(from_bgp->vpn_policy[afi].export_vrf);
89d59347 1806
44338987 1807 /* Remove us from "import_vrf's" export list. If no other VRF
1808 * is importing from "import_vrf", cleanup appropriately.
1809 */
1d4e8b0d 1810 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
44338987 1811 node, vname)) {
1812 if (strcmp(vname, export_name) == 0)
1813 break;
1814 }
1815
1d4e8b0d
DS		 1816 /*
1817 * If we have gotten to this point then the vname must
1818 * exist. If not, we are in a world of trouble and
1819 * have slag sitting around.
1820 *
1821 * import_vrf and export_vrf must match in having
1822 * the in/out names as appropriate.
9ecf931b
CS		 1823 * export_vrf list could have been cleaned up
1824 * as part of no router bgp source instnace.
1d4e8b0d 1825 */
9ecf931b
CS		 1826 if (!vname)
1827 return;
1d4e8b0d
DS		 1828
1829 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
44338987 1830 XFREE(MTYPE_TMP, vname);
1831
1d4e8b0d
DS		 1832 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
1833 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
1834 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
1835 UNSET_FLAG(from_bgp->af_flags[afi][safi],
44338987 1836 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1d4e8b0d 1837 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
44338987 1838 sizeof(struct prefix_rd));
1d4e8b0d 1839 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
44338987 1840 BGP_VPN_POLICY_TOVPN_RD_SET);
13b7e7f0
DS		 1841 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
1842
44338987 1843 }
1844}
1845
718e3744 1846/* For testing purpose, static route of MPLS-VPN. */
1847DEFUN (vpnv4_network,
1848 vpnv4_network_cmd,
d114b977 1849 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
718e3744 1850 "Specify a network to announce via BGP\n"
0c7b1b01 1851 "IPv4 prefix\n"
718e3744 1852 "Specify Route Distinguisher\n"
1853 "VPN Route Distinguisher\n"
fb1d2a2d
LB		 1854 "VPN NLRI label (tag)\n"
1855 "VPN NLRI label (tag)\n"
1856 "Label value\n")
718e3744 1857{
d62a17ae 1858 int idx_ipv4_prefixlen = 1;
1859 int idx_ext_community = 3;
1860 int idx_label = 5;
1861 return bgp_static_set_safi(
1862 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1863 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
1864 NULL, NULL, NULL, NULL);
137446f9
LB		 1865}
1866
1867DEFUN (vpnv4_network_route_map,
1868 vpnv4_network_route_map_cmd,
d114b977 1869 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map WORD",
137446f9 1870 "Specify a network to announce via BGP\n"
0c7b1b01 1871 "IPv4 prefix\n"
137446f9
LB		 1872 "Specify Route Distinguisher\n"
1873 "VPN Route Distinguisher\n"
fb1d2a2d
LB		 1874 "VPN NLRI label (tag)\n"
1875 "VPN NLRI label (tag)\n"
1876 "Label value\n"
137446f9
LB		 1877 "route map\n"
1878 "route map name\n")
1879{
d62a17ae 1880 int idx_ipv4_prefixlen = 1;
1881 int idx_ext_community = 3;
1882 int idx_label = 5;
1883 int idx_word_2 = 7;
1884 return bgp_static_set_safi(
1885 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1886 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1887 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
718e3744 1888}
1889
1890/* For testing purpose, static route of MPLS-VPN. */
1891DEFUN (no_vpnv4_network,
1892 no_vpnv4_network_cmd,
d114b977 1893 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
718e3744 1894 NO_STR
1895 "Specify a network to announce via BGP\n"
0c7b1b01 1896 "IPv4 prefix\n"
718e3744 1897 "Specify Route Distinguisher\n"
1898 "VPN Route Distinguisher\n"
fb1d2a2d
LB		 1899 "VPN NLRI label (tag)\n"
1900 "VPN NLRI label (tag)\n"
1901 "Label value\n")
718e3744 1902{
d62a17ae 1903 int idx_ipv4_prefixlen = 2;
1904 int idx_ext_community = 4;
1905 int idx_label = 6;
1906 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
1907 argv[idx_ipv4_prefixlen]->arg,
1908 argv[idx_ext_community]->arg,
1909 argv[idx_label]->arg, 0, NULL, NULL, NULL);
718e3744 1910}
1911
c286be96
LX		 1912DEFUN (vpnv6_network,
1913 vpnv6_network_cmd,
d114b977 1914 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map WORD]",
c286be96
LX		 1915 "Specify a network to announce via BGP\n"
1916 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1917 "Specify Route Distinguisher\n"
1918 "VPN Route Distinguisher\n"
fb1d2a2d
LB		 1919 "VPN NLRI label (tag)\n"
1920 "VPN NLRI label (tag)\n"
1921 "Label value\n"
11daee81
DS		 1922 "route map\n"
1923 "route map name\n")
c286be96 1924{
d62a17ae 1925 int idx_ipv6_prefix = 1;
1926 int idx_ext_community = 3;
1927 int idx_label = 5;
1928 int idx_word_2 = 7;
1929 if (argc == 8)
1930 return bgp_static_set_safi(
1931 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1932 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1933 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1934 else
1935 return bgp_static_set_safi(
1936 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1937 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1938 NULL, 0, NULL, NULL, NULL, NULL);
c286be96
LX		 1939}
1940
1941/* For testing purpose, static route of MPLS-VPN. */
1942DEFUN (no_vpnv6_network,
1943 no_vpnv6_network_cmd,
d114b977 1944 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
c286be96
LX		 1945 NO_STR
1946 "Specify a network to announce via BGP\n"
1947 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1948 "Specify Route Distinguisher\n"
1949 "VPN Route Distinguisher\n"
fb1d2a2d
LB		 1950 "VPN NLRI label (tag)\n"
1951 "VPN NLRI label (tag)\n"
1952 "Label value\n")
c286be96 1953{
d62a17ae 1954 int idx_ipv6_prefix = 2;
1955 int idx_ext_community = 4;
1956 int idx_label = 6;
1957 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
1958 argv[idx_ipv6_prefix]->arg,
1959 argv[idx_ext_community]->arg,
1960 argv[idx_label]->arg, 0, NULL, NULL, NULL);
c286be96
LX		 1961}
1962
d62a17ae 1963int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
1964 enum bgp_show_type type, void *output_arg, int tags,
9f049418 1965 bool use_json)
718e3744 1966{
d62a17ae 1967 struct bgp *bgp;
1968 struct bgp_table *table;
d62a17ae 1969
1970 bgp = bgp_get_default();
1971 if (bgp == NULL) {
1972 if (!use_json)
1973 vty_out(vty, "No BGP process is configured\n");
16307668
RW		 1974 else
1975 vty_out(vty, "{}\n");
d62a17ae 1976 return CMD_WARNING;
1977 }
1ae44dfc 1978 table = bgp->rib[afi][SAFI_MPLS_VPN];
a4d82a8a
PZ		 1979 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
1980 output_arg, use_json);
718e3744 1981}
1982
4f280b15
LB		 1983DEFUN (show_bgp_ip_vpn_all_rd,
1984 show_bgp_ip_vpn_all_rd_cmd,
d114b977 1985 "show bgp "BGP_AFI_CMD_STR" vpn all [rd ASN:NN_OR_IP-ADDRESS:NN] [json]",
e3e29b32
LB		 1986 SHOW_STR
1987 BGP_STR
05e588f4 1988 BGP_VPNVX_HELP_STR
e3e29b32 1989 "Display VPN NLRI specific information\n"
af8528fa 1990 "Display VPN NLRI specific information\n"
e3e29b32
LB		 1991 "Display information for a route distinguisher\n"
1992 "VPN Route Distinguisher\n"
1993 JSON_STR)
1994{
d62a17ae 1995 int ret;
1996 struct prefix_rd prd;
1997 afi_t afi;
1998 int idx = 0;
1999
2000 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
3d7c4cd7 2001 if (argv_find(argv, argc, "rd", &idx)) {
a4d82a8a 2002 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
d62a17ae 2003 if (!ret) {
2004 vty_out(vty,
2005 "%% Malformed Route Distinguisher\n");
2006 return CMD_WARNING;
2007 }
2008 return bgp_show_mpls_vpn(vty, afi, &prd,
2009 bgp_show_type_normal, NULL, 0,
2010 use_json(argc, argv));
2011 } else {
2012 return bgp_show_mpls_vpn(vty, afi, NULL,
2013 bgp_show_type_normal, NULL, 0,
2014 use_json(argc, argv));
2015 }
2016 }
2017 return CMD_SUCCESS;
718e3744 2018}
2019
af8528fa
LB		 2020ALIAS(show_bgp_ip_vpn_all_rd,
2021 show_bgp_ip_vpn_rd_cmd,
2022 "show bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN [json]",
2023 SHOW_STR
2024 BGP_STR
2025 BGP_VPNVX_HELP_STR
2026 "Display VPN NLRI specific information\n"
2027 "Display information for a route distinguisher\n"
2028 "VPN Route Distinguisher\n"
2029 JSON_STR)
2030
2031#ifdef KEEP_OLD_VPN_COMMANDS
3f227172
PG		 2032DEFUN (show_ip_bgp_vpn_rd,
2033 show_ip_bgp_vpn_rd_cmd,
af8528fa 2034 "show ip bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN",
718e3744 2035 SHOW_STR
2036 IP_STR
2037 BGP_STR
4f280b15 2038 BGP_AFI_HELP_STR
3517059b 2039 "Address Family modifier\n"
718e3744 2040 "Display information for a route distinguisher\n"
2041 "VPN Route Distinguisher\n")
2042{
d62a17ae 2043 int idx_ext_community = argc - 1;
2044 int ret;
2045 struct prefix_rd prd;
2046 afi_t afi;
2047 int idx = 0;
2048
2049 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2050 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2051 if (!ret) {
2052 vty_out(vty, "%% Malformed Route Distinguisher\n");
2053 return CMD_WARNING;
2054 }
2055 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2056 NULL, 0, 0);
2057 }
2058 return CMD_SUCCESS;
2059}
718e3744 2060
4f280b15
LB		 2061DEFUN (show_ip_bgp_vpn_all,
2062 show_ip_bgp_vpn_all_cmd,
2063 "show [ip] bgp <vpnv4|vpnv6>",
2064 SHOW_STR
2065 IP_STR
2066 BGP_STR
2067 BGP_VPNVX_HELP_STR)
2068{
d62a17ae 2069 afi_t afi;
2070 int idx = 0;
4f280b15 2071
d62a17ae 2072 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2073 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2074 NULL, 0, 0);
2075 return CMD_SUCCESS;
4f280b15
LB		 2076}
2077
3f227172
PG		 2078DEFUN (show_ip_bgp_vpn_all_tags,
2079 show_ip_bgp_vpn_all_tags_cmd,
2080 "show [ip] bgp <vpnv4|vpnv6> all tags",
718e3744 2081 SHOW_STR
2082 IP_STR
2083 BGP_STR
3f227172
PG		 2084 BGP_VPNVX_HELP_STR
2085 "Display information about all VPNv4/VPNV6 NLRIs\n"
718e3744 2086 "Display BGP tags for prefixes\n")
2087{
d62a17ae 2088 afi_t afi;
2089 int idx = 0;
3f227172 2090
d62a17ae 2091 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2092 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2093 NULL, 1, 0);
2094 return CMD_SUCCESS;
718e3744 2095}
2096
3f227172
PG		 2097DEFUN (show_ip_bgp_vpn_rd_tags,
2098 show_ip_bgp_vpn_rd_tags_cmd,
d114b977 2099 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN tags",
718e3744 2100 SHOW_STR
2101 IP_STR
2102 BGP_STR
3f227172 2103 BGP_VPNVX_HELP_STR
718e3744 2104 "Display information for a route distinguisher\n"
2105 "VPN Route Distinguisher\n"
2106 "Display BGP tags for prefixes\n")
2107{
d62a17ae 2108 int idx_ext_community = 5;
2109 int ret;
2110 struct prefix_rd prd;
2111 afi_t afi;
2112 int idx = 0;
2113
2114 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2115 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2116 if (!ret) {
2117 vty_out(vty, "%% Malformed Route Distinguisher\n");
2118 return CMD_WARNING;
2119 }
2120 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2121 NULL, 1, 0);
2122 }
2123 return CMD_SUCCESS;
718e3744 2124}
2125
3f227172
PG		 2126DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
2127 show_ip_bgp_vpn_all_neighbor_routes_cmd,
2128 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
718e3744 2129 SHOW_STR
2130 IP_STR
2131 BGP_STR
3f227172
PG		 2132 BGP_VPNVX_HELP_STR
2133 "Display information about all VPNv4/VPNv6 NLRIs\n"
718e3744 2134 "Detailed information on TCP and BGP neighbor connections\n"
2135 "Neighbor to display information about\n"
856ca177 2136 "Display routes learned from neighbor\n"
9973d184 2137 JSON_STR)
718e3744 2138{
d62a17ae 2139 int idx_ipv4 = 6;
2140 union sockunion su;
2141 struct peer *peer;
2142 int ret;
9f049418 2143 bool uj = use_json(argc, argv);
d62a17ae 2144 afi_t afi;
2145 int idx = 0;
2146
2147 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2148 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2149 if (ret < 0) {
2150 if (uj) {
2151 json_object *json_no = NULL;
2152 json_no = json_object_new_object();
2153 json_object_string_add(json_no, "warning",
2154 "Malformed address");
2155 vty_out(vty, "%s\n",
2156 json_object_to_json_string(json_no));
2157 json_object_free(json_no);
2158 } else
2159 vty_out(vty, "Malformed address: %s\n",
2160 argv[idx_ipv4]->arg);
2161 return CMD_WARNING;
2162 }
2163
2164 peer = peer_lookup(NULL, &su);
2165 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2166 if (uj) {
2167 json_object *json_no = NULL;
2168 json_no = json_object_new_object();
2169 json_object_string_add(
2170 json_no, "warning",
2171 "No such neighbor or address family");
2172 vty_out(vty, "%s\n",
2173 json_object_to_json_string(json_no));
2174 json_object_free(json_no);
2175 } else
2176 vty_out(vty,
2177 "%% No such neighbor or address family\n");
2178 return CMD_WARNING;
2179 }
2180
2181 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
2182 &su, 0, uj);
2183 }
2184 return CMD_SUCCESS;
718e3744 2185}
2186
3f227172
PG		 2187DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
2188 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
d114b977 2189 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D routes [json]",
718e3744 2190 SHOW_STR
2191 IP_STR
2192 BGP_STR
3f227172 2193 BGP_VPNVX_HELP_STR
718e3744 2194 "Display information for a route distinguisher\n"
2195 "VPN Route Distinguisher\n"
2196 "Detailed information on TCP and BGP neighbor connections\n"
2197 "Neighbor to display information about\n"
856ca177 2198 "Display routes learned from neighbor\n"
9973d184 2199 JSON_STR)
718e3744 2200{
d62a17ae 2201 int idx_ext_community = 5;
2202 int idx_ipv4 = 7;
2203 int ret;
2204 union sockunion su;
2205 struct peer *peer;
2206 struct prefix_rd prd;
9f049418 2207 bool uj = use_json(argc, argv);
d62a17ae 2208 afi_t afi;
2209 int idx = 0;
2210
2211 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2212 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2213 if (!ret) {
2214 if (uj) {
2215 json_object *json_no = NULL;
2216 json_no = json_object_new_object();
2217 json_object_string_add(
2218 json_no, "warning",
2219 "Malformed Route Distinguisher");
2220 vty_out(vty, "%s\n",
2221 json_object_to_json_string(json_no));
2222 json_object_free(json_no);
2223 } else
2224 vty_out(vty,
2225 "%% Malformed Route Distinguisher\n");
2226 return CMD_WARNING;
2227 }
2228
2229 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2230 if (ret < 0) {
2231 if (uj) {
2232 json_object *json_no = NULL;
2233 json_no = json_object_new_object();
2234 json_object_string_add(json_no, "warning",
2235 "Malformed address");
2236 vty_out(vty, "%s\n",
2237 json_object_to_json_string(json_no));
2238 json_object_free(json_no);
2239 } else
2240 vty_out(vty, "Malformed address: %s\n",
2241 argv[idx_ext_community]->arg);
2242 return CMD_WARNING;
2243 }
2244
2245 peer = peer_lookup(NULL, &su);
2246 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2247 if (uj) {
2248 json_object *json_no = NULL;
2249 json_no = json_object_new_object();
2250 json_object_string_add(
2251 json_no, "warning",
2252 "No such neighbor or address family");
2253 vty_out(vty, "%s\n",
2254 json_object_to_json_string(json_no));
2255 json_object_free(json_no);
2256 } else
2257 vty_out(vty,
2258 "%% No such neighbor or address family\n");
2259 return CMD_WARNING;
2260 }
2261
2262 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_neighbor,
2263 &su, 0, uj);
2264 }
2265 return CMD_SUCCESS;
718e3744 2266}
2267
3f227172
PG		 2268DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
2269 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
2270 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
718e3744 2271 SHOW_STR
2272 IP_STR
2273 BGP_STR
3f227172
PG		 2274 BGP_VPNVX_HELP_STR
2275 "Display information about all VPNv4/VPNv6 NLRIs\n"
718e3744 2276 "Detailed information on TCP and BGP neighbor connections\n"
2277 "Neighbor to display information about\n"
856ca177 2278 "Display the routes advertised to a BGP neighbor\n"
9973d184 2279 JSON_STR)
718e3744 2280{
d62a17ae 2281 int idx_ipv4 = 6;
2282 int ret;
2283 struct peer *peer;
2284 union sockunion su;
9f049418 2285 bool uj = use_json(argc, argv);
d62a17ae 2286 afi_t afi;
2287 int idx = 0;
2288
2289 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2290 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2291 if (ret < 0) {
2292 if (uj) {
2293 json_object *json_no = NULL;
2294 json_no = json_object_new_object();
2295 json_object_string_add(json_no, "warning",
2296 "Malformed address");
2297 vty_out(vty, "%s\n",
2298 json_object_to_json_string(json_no));
2299 json_object_free(json_no);
2300 } else
2301 vty_out(vty, "Malformed address: %s\n",
2302 argv[idx_ipv4]->arg);
2303 return CMD_WARNING;
2304 }
2305 peer = peer_lookup(NULL, &su);
2306 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2307 if (uj) {
2308 json_object *json_no = NULL;
2309 json_no = json_object_new_object();
2310 json_object_string_add(
2311 json_no, "warning",
2312 "No such neighbor or address family");
2313 vty_out(vty, "%s\n",
2314 json_object_to_json_string(json_no));
2315 json_object_free(json_no);
2316 } else
2317 vty_out(vty,
2318 "%% No such neighbor or address family\n");
2319 return CMD_WARNING;
2320 }
2321 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2322 SAFI_MPLS_VPN, uj);
2323 }
2324 return CMD_SUCCESS;
718e3744 2325}
2326
3f227172
PG		 2327DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
2328 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
d114b977 2329 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D advertised-routes [json]",
718e3744 2330 SHOW_STR
2331 IP_STR
2332 BGP_STR
3f227172 2333 BGP_VPNVX_HELP_STR
718e3744 2334 "Display information for a route distinguisher\n"
2335 "VPN Route Distinguisher\n"
2336 "Detailed information on TCP and BGP neighbor connections\n"
2337 "Neighbor to display information about\n"
856ca177 2338 "Display the routes advertised to a BGP neighbor\n"
9973d184 2339 JSON_STR)
718e3744 2340{
d62a17ae 2341 int idx_ext_community = 5;
2342 int idx_ipv4 = 7;
2343 int ret;
2344 struct peer *peer;
2345 struct prefix_rd prd;
2346 union sockunion su;
9f049418 2347 bool uj = use_json(argc, argv);
d62a17ae 2348 afi_t afi;
2349 int idx = 0;
2350
2351 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2352 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2353 if (ret < 0) {
2354 if (uj) {
2355 json_object *json_no = NULL;
2356 json_no = json_object_new_object();
2357 json_object_string_add(json_no, "warning",
2358 "Malformed address");
2359 vty_out(vty, "%s\n",
2360 json_object_to_json_string(json_no));
2361 json_object_free(json_no);
2362 } else
2363 vty_out(vty, "Malformed address: %s\n",
2364 argv[idx_ext_community]->arg);
2365 return CMD_WARNING;
2366 }
2367 peer = peer_lookup(NULL, &su);
2368 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2369 if (uj) {
2370 json_object *json_no = NULL;
2371 json_no = json_object_new_object();
2372 json_object_string_add(
2373 json_no, "warning",
2374 "No such neighbor or address family");
2375 vty_out(vty, "%s\n",
2376 json_object_to_json_string(json_no));
2377 json_object_free(json_no);
2378 } else
2379 vty_out(vty,
2380 "%% No such neighbor or address family\n");
2381 return CMD_WARNING;
2382 }
2383
2384 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2385 if (!ret) {
2386 if (uj) {
2387 json_object *json_no = NULL;
2388 json_no = json_object_new_object();
2389 json_object_string_add(
2390 json_no, "warning",
2391 "Malformed Route Distinguisher");
2392 vty_out(vty, "%s\n",
2393 json_object_to_json_string(json_no));
2394 json_object_free(json_no);
2395 } else
2396 vty_out(vty,
2397 "%% Malformed Route Distinguisher\n");
2398 return CMD_WARNING;
2399 }
2400
2401 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
2402 SAFI_MPLS_VPN, uj);
2403 }
2404 return CMD_SUCCESS;
718e3744 2405}
d6902373 2406#endif /* KEEP_OLD_VPN_COMMANDS */
718e3744 2407
d62a17ae 2408void bgp_mplsvpn_init(void)
718e3744 2409{
d62a17ae 2410 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
2411 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
2412 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
718e3744 2413
d62a17ae 2414 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
2415 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
c286be96 2416
d62a17ae 2417 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
af8528fa 2418 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
d6902373 2419#ifdef KEEP_OLD_VPN_COMMANDS
af8528fa 2420 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
d62a17ae 2421 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
2422 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
2423 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
2424 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
2425 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
2426 install_element(VIEW_NODE,
2427 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
2428 install_element(VIEW_NODE,
2429 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
d6902373 2430#endif /* KEEP_OLD_VPN_COMMANDS */
718e3744 2431}
301ad80a
PG		 2432
2433vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
2434{
2435 struct listnode *mnode, *mnnode;
2436 struct bgp *bgp;
2437
2438 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2439 struct ecommunity *ec;
2440
2441 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2442 continue;
2443
2444 ec = bgp->vpn_policy[AFI_IP].import_redirect_rtlist;
2445
2446 if (ecom_intersect(ec, eckey))
2447 return bgp->vrf_id;
2448 }
2449 return VRF_UNKNOWN;
2450}
3bd70bf8
PZ		 2451
2452/*
2453 * The purpose of this function is to process leaks that were deferred
2454 * from earlier per-vrf configuration due to not-yet-existing default
2455 * vrf, in other words, configuration such as:
2456 *
2457 * router bgp MMM vrf FOO
2458 * address-family ipv4 unicast
2459 * rd vpn export 1:1
2460 * exit-address-family
2461 *
2462 * router bgp NNN
2463 * ...
2464 *
2465 * This function gets called when the default instance ("router bgp NNN")
2466 * is created.
2467 */
2468void vpn_leak_postchange_all(void)
2469{
2470 struct listnode *next;
2471 struct bgp *bgp;
2472 struct bgp *bgp_default = bgp_get_default();
2473
2474 assert(bgp_default);
2475
2476 /* First, do any exporting from VRFs to the single VPN RIB */
2477 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2478
2479 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2480 continue;
2481
2482 vpn_leak_postchange(
2483 BGP_VPN_POLICY_DIR_TOVPN,
2484 AFI_IP,
2485 bgp_default,
2486 bgp);
2487
2488 vpn_leak_postchange(
2489 BGP_VPN_POLICY_DIR_TOVPN,
2490 AFI_IP6,
2491 bgp_default,
2492 bgp);
2493 }
2494
2495 /* Now, do any importing to VRFs from the single VPN RIB */
2496 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2497
2498 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2499 continue;
2500
2501 vpn_leak_postchange(
2502 BGP_VPN_POLICY_DIR_FROMVPN,
2503 AFI_IP,
2504 bgp_default,
2505 bgp);
2506
2507 vpn_leak_postchange(
2508 BGP_VPN_POLICY_DIR_FROMVPN,
2509 AFI_IP6,
2510 bgp_default,
2511 bgp);
2512 }
2513}
9ecf931b
CS		 2514
2515/* When a bgp vrf instance is unconfigured, remove its routes
2516 * from the VPN table and this vrf could be importing routes from other
2517 * bgp vrf instnaces, unimport them.
2518 * VRF X and VRF Y are exporting routes to each other.
2519 * When VRF X is deleted, unimport its routes from all target vrfs,
2520 * also VRF Y should unimport its routes from VRF X table.
2521 * This will ensure VPN table is cleaned up appropriately.
2522 */
2523int bgp_vpn_leak_unimport(struct bgp *from_bgp, struct vty *vty)
2524{
2525 struct bgp *to_bgp;
2526 const char *tmp_name;
2527 char *vname;
2528 struct listnode *node, *next;
2529 safi_t safi = SAFI_UNICAST;
2530 afi_t afi;
2531 bool is_vrf_leak_bind;
2532 int debug;
2533
2534 if (from_bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2535 return 0;
2536
2537 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2538 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2539
2540 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
2541
2542 for (afi = 0; afi < AFI_MAX; ++afi) {
2543 /* vrf leak is for IPv4 and IPv6 Unicast only */
2544 if (afi != AFI_IP && afi != AFI_IP6)
2545 continue;
2546
2547 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
2548 if (from_bgp == to_bgp)
2549 continue;
2550
2551 /* Unimport and remove source vrf from the
2552 * other vrfs import list.
2553 */
2554 struct vpn_policy *to_vpolicy;
2555
2556 is_vrf_leak_bind = false;
2557 to_vpolicy = &(to_bgp->vpn_policy[afi]);
2558 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf, node,
2559 vname)) {
2560 if (strcmp(vname, tmp_name) == 0) {
2561 is_vrf_leak_bind = true;
2562 break;
2563 }
2564 }
2565 /* skip this bgp instance as there is no leak to this
2566 * vrf instance.
2567 */
2568 if (!is_vrf_leak_bind)
2569 continue;
2570
2571 if (debug)
2572 zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u",
2573 __func__, from_bgp->name_pretty,
2574 to_bgp->name_pretty, afi2str(afi),
2575 to_vpolicy->import_vrf->count);
2576
2577 vrf_unimport_from_vrf(to_bgp, from_bgp, afi, safi);
2578
2579 /* readd vrf name as unimport removes import vrf name
2580 * from the destination vrf's import list where the
2581 * `import vrf` configuration still exist.
2582 */
2583 vname = XSTRDUP(MTYPE_TMP, tmp_name);
2584 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
2585 vname);
2586 SET_FLAG(to_bgp->af_flags[afi][safi],
2587 BGP_CONFIG_VRF_TO_VRF_IMPORT);
2588
2589 /* If to_bgp exports its routes to the bgp vrf
2590 * which is being deleted, un-import the
2591 * to_bgp routes from VPN.
2592 */
2593 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi]
2594 .export_vrf, node,
2595 vname)) {
2596 if (strcmp(vname, tmp_name) == 0) {
2597 vrf_unimport_from_vrf(from_bgp, to_bgp,
2598 afi, safi);
2599 break;
2600 }
2601 }
2602 }
2603 }
2604 return 0;
2605}
48381346
CS		 2606
2607/* When a router bgp is configured, there could be a bgp vrf
2608 * instance importing routes from this newly configured
2609 * bgp vrf instance. Export routes from configured
2610 * bgp vrf to VPN.
2611 * VRF Y has import from bgp vrf x,
2612 * when a bgp vrf x instance is created, export its routes
2613 * to VRF Y instance.
2614 */
2615void bgp_vpn_leak_export(struct bgp *from_bgp)
2616{
2617 afi_t afi;
2618 const char *export_name;
2619 char *vname;
2620 struct listnode *node, *next;
2621 struct ecommunity *ecom;
2622 vpn_policy_direction_t idir, edir;
2623 safi_t safi = SAFI_UNICAST;
2624 struct bgp *to_bgp;
2625 int debug;
2626
2627 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2628 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2629
2630 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2631 edir = BGP_VPN_POLICY_DIR_TOVPN;
2632
2633 export_name = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
2634 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
2635
2636 for (afi = 0; afi < AFI_MAX; ++afi) {
2637 /* vrf leak is for IPv4 and IPv6 Unicast only */
2638 if (afi != AFI_IP && afi != AFI_IP6)
2639 continue;
2640
2641 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
2642 if (from_bgp == to_bgp)
2643 continue;
2644
2645 /* bgp instance has import list, check to see if newly
2646 * configured bgp instance is the list.
2647 */
2648 struct vpn_policy *to_vpolicy;
2649
2650 to_vpolicy = &(to_bgp->vpn_policy[afi]);
2651 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf,
2652 node, vname)) {
2653 if (strcmp(vname, export_name) != 0)
2654 continue;
2655
2656 if (debug)
2657 zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.",
2658 __func__,
2659 export_name, to_bgp->name_pretty);
2660
2661 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2662 /* remove import rt, it will be readded
2663 * as part of import from vrf.
2664 */
2665 if (ecom)
2666 ecommunity_del_val(
2667 to_vpolicy->rtlist[idir],
2668 (struct ecommunity_val *)
2669 ecom->val);
2670 vrf_import_from_vrf(to_bgp, from_bgp,
2671 afi, safi);
2672 break;
2673
2674 }
2675 }
2676 }
2677}
FRRouting mirror