]> git.proxmox.com Git - mirror_frr.git/blame - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge pull request #5638 from qlyoung/fix-bgp-cluster-list-null-memcmp
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
CommitLineData
718e3744 1/* MPLS-VPN
896014f4
DL		 2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
718e3744 20
21#include <zebra.h>
22
23#include "command.h"
24#include "prefix.h"
25#include "log.h"
26#include "memory.h"
27#include "stream.h"
3f9c7369 28#include "queue.h"
039f3a34 29#include "filter.h"
ddb5b488 30#include "mpls.h"
b9c7bc5a
PZ		 31#include "json.h"
32#include "zclient.h"
9bedbb1e 33
718e3744 34#include "bgpd/bgpd.h"
ddb5b488 35#include "bgpd/bgp_debug.h"
14454c9f 36#include "bgpd/bgp_errors.h"
718e3744 37#include "bgpd/bgp_table.h"
38#include "bgpd/bgp_route.h"
39#include "bgpd/bgp_attr.h"
9bedbb1e 40#include "bgpd/bgp_label.h"
718e3744 41#include "bgpd/bgp_mplsvpn.h"
48a5452b 42#include "bgpd/bgp_packet.h"
3f227172 43#include "bgpd/bgp_vty.h"
784d3a42 44#include "bgpd/bgp_vpn.h"
ddb5b488
PZ		 45#include "bgpd/bgp_ecommunity.h"
46#include "bgpd/bgp_zebra.h"
47#include "bgpd/bgp_nexthop.h"
960035b2 48#include "bgpd/bgp_nht.h"
0a2f9ac1 49#include "bgpd/bgp_evpn.h"
718e3744 50
65efcfce 51#if ENABLE_BGP_VNC
f8b6f499 52#include "bgpd/rfapi/rfapi_backend.h"
65efcfce
LB		 53#endif
54
ddb5b488
PZ		 55/*
56 * Definitions and external declarations.
57 */
58extern struct zclient *zclient;
59
d62a17ae 60extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
61 int *index, afi_t *afi)
3f227172 62{
d62a17ae 63 int ret = 0;
64 if (argv_find(argv, argc, "vpnv4", index)) {
65 ret = 1;
66 if (afi)
67 *afi = AFI_IP;
68 } else if (argv_find(argv, argc, "vpnv6", index)) {
69 ret = 1;
70 if (afi)
71 *afi = AFI_IP6;
72 }
73 return ret;
3f227172
PG		 74}
75
d7c0a89a 76uint32_t decode_label(mpls_label_t *label_pnt)
718e3744 77{
d7c0a89a
QY		 78 uint32_t l;
79 uint8_t *pnt = (uint8_t *)label_pnt;
718e3744 80
d7c0a89a
QY		 81 l = ((uint32_t)*pnt++ << 12);
82 l |= (uint32_t)*pnt++ << 4;
83 l |= (uint32_t)((*pnt & 0xf0) >> 4);
d62a17ae 84 return l;
718e3744 85}
86
d62a17ae 87void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
65efcfce 88{
d7c0a89a 89 uint8_t *pnt = (uint8_t *)label_pnt;
d62a17ae 90 if (pnt == NULL)
91 return;
13b7e7f0
DS		 92 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
93 *label_pnt = label;
94 return;
95 }
d62a17ae 96 *pnt++ = (label >> 12) & 0xff;
97 *pnt++ = (label >> 4) & 0xff;
98 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
65efcfce
LB		 99}
100
d62a17ae 101int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
102 struct bgp_nlri *packet)
718e3744 103{
d7c0a89a
QY		 104 uint8_t *pnt;
105 uint8_t *lim;
d62a17ae 106 struct prefix p;
107 int psize = 0;
108 int prefixlen;
d7c0a89a 109 uint16_t type;
d62a17ae 110 struct rd_as rd_as;
111 struct rd_ip rd_ip;
ef1af5e5 112 struct prefix_rd prd = {0};
ddb5b488 113 mpls_label_t label = {0};
d62a17ae 114 afi_t afi;
115 safi_t safi;
116 int addpath_encoded;
d7c0a89a 117 uint32_t addpath_id;
d62a17ae 118
d62a17ae 119 /* Make prefix_rd */
120 prd.family = AF_UNSPEC;
121 prd.prefixlen = 64;
122
123 pnt = packet->nlri;
124 lim = pnt + packet->length;
125 afi = packet->afi;
126 safi = packet->safi;
127 addpath_id = 0;
128
129 addpath_encoded =
130 (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ADDPATH_AF_RX_ADV)
131 && CHECK_FLAG(peer->af_cap[afi][safi],
132 PEER_CAP_ADDPATH_AF_TX_RCV));
718e3744 133
50905aa2 134#define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
d62a17ae 135 for (; pnt < lim; pnt += psize) {
136 /* Clear prefix structure. */
137 memset(&p, 0, sizeof(struct prefix));
138
139 if (addpath_encoded) {
140
141 /* When packet overflow occurs return immediately. */
142 if (pnt + BGP_ADDPATH_ID_LEN > lim)
513386b5 143 return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
d62a17ae 144
145 addpath_id = ntohl(*((uint32_t *)pnt));
146 pnt += BGP_ADDPATH_ID_LEN;
147 }
148
149 /* Fetch prefix length. */
150 prefixlen = *pnt++;
151 p.family = afi2family(packet->afi);
152 psize = PSIZE(prefixlen);
153
154 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
af4c2728 155 flog_err(
e50f7cfd 156 EC_BGP_UPDATE_RCV,
d62a17ae 157 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
158 peer->host, prefixlen);
513386b5 159 return BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH;
d62a17ae 160 }
161
162 /* sanity check against packet data */
163 if ((pnt + psize) > lim) {
af4c2728 164 flog_err(
e50f7cfd 165 EC_BGP_UPDATE_RCV,
d62a17ae 166 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
167 peer->host, prefixlen, (uint)(lim - pnt));
513386b5 168 return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
d62a17ae 169 }
170
171 /* sanity check against storage for the IP address portion */
172 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
af4c2728 173 flog_err(
e50f7cfd 174 EC_BGP_UPDATE_RCV,
d62a17ae 175 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
176 peer->host,
177 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
178 sizeof(p.u));
513386b5 179 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
d62a17ae 180 }
181
182 /* Sanity check against max bitlen of the address family */
183 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
af4c2728 184 flog_err(
e50f7cfd 185 EC_BGP_UPDATE_RCV,
d62a17ae 186 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
187 peer->host,
188 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
189 p.family, prefix_blen(&p));
513386b5 190 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
d62a17ae 191 }
192
193 /* Copy label to prefix. */
194 memcpy(&label, pnt, BGP_LABEL_BYTES);
195 bgp_set_valid_label(&label);
196
197 /* Copy routing distinguisher to rd. */
198 memcpy(&prd.val, pnt + BGP_LABEL_BYTES, 8);
199
200 /* Decode RD type. */
201 type = decode_rd_type(pnt + BGP_LABEL_BYTES);
202
203 switch (type) {
204 case RD_TYPE_AS:
205 decode_rd_as(pnt + 5, &rd_as);
206 break;
207
208 case RD_TYPE_AS4:
209 decode_rd_as4(pnt + 5, &rd_as);
210 break;
211
212 case RD_TYPE_IP:
213 decode_rd_ip(pnt + 5, &rd_ip);
214 break;
fe770c88 215
65efcfce 216#if ENABLE_BGP_VNC
d62a17ae 217 case RD_TYPE_VNC_ETH:
218 break;
65efcfce
LB		 219#endif
220
d62a17ae 221 default:
1c50c1c0 222 flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type);
d62a17ae 223 break; /* just report */
224 }
225
226 p.prefixlen =
227 prefixlen
228 - VPN_PREFIXLEN_MIN_BYTES * 8; /* exclude label & RD */
a85297a7 229 memcpy(p.u.val, pnt + VPN_PREFIXLEN_MIN_BYTES,
d62a17ae 230 psize - VPN_PREFIXLEN_MIN_BYTES);
231
232 if (attr) {
233 bgp_update(peer, &p, addpath_id, attr, packet->afi,
234 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
b57ba6d2 235 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
d62a17ae 236 } else {
237 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
238 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
b57ba6d2 239 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
d62a17ae 240 }
241 }
242 /* Packet length consistency check. */
243 if (pnt != lim) {
af4c2728 244 flog_err(
e50f7cfd 245 EC_BGP_UPDATE_RCV,
d62a17ae 246 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
247 peer->host, lim - pnt);
513386b5 248 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
d62a17ae 249 }
250
251 return 0;
50905aa2 252#undef VPN_PREFIXLEN_MIN_BYTES
718e3744 253}
254
ddb5b488
PZ		 255/*
256 * This function informs zebra of the label this vrf sets on routes
257 * leaked to VPN. Zebra should install this label in the kernel with
258 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
259 *
260 * Sending this vrf-label association is qualified by a) whether vrf->vpn
261 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
262 * are set) and b) whether vpn-policy label is set.
263 *
264 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
265 * for this vrf, which zebra interprets to mean "delete this vrf-label
266 * association."
267 */
268void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
269{
270 mpls_label_t label = MPLS_LABEL_NONE;
ddb5b488
PZ		 271 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
272
ddb5b488
PZ		 273 if (bgp->vrf_id == VRF_UNKNOWN) {
274 if (debug) {
275 zlog_debug(
276 "%s: vrf %s: afi %s: vrf_id not set, "
277 "can't set zebra vrf label",
960035b2 278 __func__, bgp->name_pretty, afi2str(afi));
ddb5b488
PZ		 279 }
280 return;
281 }
282
283 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
284 label = bgp->vpn_policy[afi].tovpn_label;
285 }
286
287 if (debug) {
288 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
960035b2
PZ		 289 __func__, bgp->name_pretty, afi2str(afi), label,
290 bgp->vrf_id);
ddb5b488
PZ		 291 }
292
3f518d59
DS		 293 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
294 label = MPLS_LABEL_NONE;
ddb5b488
PZ		 295 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
296 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
297}
298
299/*
300 * If zebra tells us vrf has become unconfigured, tell zebra not to
301 * use this label to forward to the vrf anymore
302 */
303void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
304{
305 mpls_label_t label = MPLS_LABEL_NONE;
306 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
307
308 if (bgp->vrf_id == VRF_UNKNOWN) {
309 if (debug) {
310 zlog_debug(
311 "%s: vrf_id not set, can't delete zebra vrf label",
312 __func__);
313 }
314 return;
315 }
316
317 if (debug) {
318 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
960035b2 319 bgp->name_pretty, bgp->vrf_id);
ddb5b488
PZ		 320 }
321
322 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
323 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
324}
325
e70e9f8e
PZ		 326int vpn_leak_label_callback(
327 mpls_label_t label,
328 void *labelid,
329 bool allocated)
330{
331 struct vpn_policy *vp = (struct vpn_policy *)labelid;
332 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
333
334 if (debug)
335 zlog_debug("%s: label=%u, allocated=%d",
336 __func__, label, allocated);
337
338 if (!allocated) {
339 /*
340 * previously-allocated label is now invalid
341 */
342 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
343 (vp->tovpn_label != MPLS_LABEL_NONE)) {
344
345 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
346 vp->afi, bgp_get_default(), vp->bgp);
347 vp->tovpn_label = MPLS_LABEL_NONE;
348 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
349 vp->afi, bgp_get_default(), vp->bgp);
350 }
351 return 0;
352 }
353
354 /*
355 * New label allocation
356 */
357 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
358
359 /*
360 * not currently configured for auto label, reject allocation
361 */
362 return -1;
363 }
364
365 if (vp->tovpn_label != MPLS_LABEL_NONE) {
366 if (label == vp->tovpn_label) {
367 /* already have same label, accept but do nothing */
368 return 0;
369 }
370 /* Shouldn't happen: different label allocation */
e50f7cfd 371 flog_err(EC_BGP_LABEL,
1c50c1c0
QY		 372 "%s: %s had label %u but got new assignment %u",
373 __func__, vp->bgp->name_pretty, vp->tovpn_label,
374 label);
e70e9f8e
PZ		 375 /* use new one */
376 }
377
378 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
379 vp->afi, bgp_get_default(), vp->bgp);
380 vp->tovpn_label = label;
381 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
382 vp->afi, bgp_get_default(), vp->bgp);
383
384 return 0;
385}
386
ddb5b488
PZ		 387static int ecom_intersect(struct ecommunity *e1, struct ecommunity *e2)
388{
389 int i;
390 int j;
391
392 if (!e1 || !e2)
393 return 0;
394
395 for (i = 0; i < e1->size; ++i) {
396 for (j = 0; j < e2->size; ++j) {
397 if (!memcmp(e1->val + (i * ECOMMUNITY_SIZE),
398 e2->val + (j * ECOMMUNITY_SIZE),
399 ECOMMUNITY_SIZE)) {
400
401 return 1;
402 }
403 }
404 }
405 return 0;
406}
407
40381db7 408static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label,
4b7e6066 409 uint32_t n)
e37fb4bf
PZ		 410{
411 uint32_t i;
412
40381db7 413 if (!bpi->extra) {
e37fb4bf
PZ		 414 if (!n)
415 return true;
416 else
417 return false;
418 }
419
40381db7 420 if (n != bpi->extra->num_labels)
e37fb4bf
PZ		 421 return false;
422
423 for (i = 0; i < n; ++i) {
40381db7 424 if (label[i] != bpi->extra->label[i])
e37fb4bf
PZ		 425 return false;
426 }
427 return true;
428}
429
430/*
431 * make encoded route labels match specified encoded label set
432 */
40381db7 433static void setlabels(struct bgp_path_info *bpi,
4b7e6066
DS		 434 mpls_label_t *label, /* array of labels */
435 uint32_t num_labels)
e37fb4bf
PZ		 436{
437 if (num_labels)
438 assert(label);
439 assert(num_labels <= BGP_MAX_LABELS);
440
441 if (!num_labels) {
40381db7
DS		 442 if (bpi->extra)
443 bpi->extra->num_labels = 0;
e37fb4bf
PZ		 444 return;
445 }
446
40381db7 447 struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi);
e37fb4bf
PZ		 448 uint32_t i;
449
450 for (i = 0; i < num_labels; ++i) {
451 extra->label[i] = label[i];
452 if (!bgp_is_valid_label(&label[i])) {
453 bgp_set_valid_label(&extra->label[i]);
454 }
455 }
456 extra->num_labels = num_labels;
457}
458
ddb5b488 459/*
18ee8310 460 * returns pointer to new bgp_path_info upon success
ddb5b488 461 */
4b7e6066
DS		 462static struct bgp_path_info *
463leak_update(struct bgp *bgp, /* destination bgp instance */
464 struct bgp_node *bn, struct attr *new_attr, /* already interned */
40381db7 465 afi_t afi, safi_t safi, struct bgp_path_info *source_bpi,
4b7e6066
DS		 466 mpls_label_t *label, uint32_t num_labels, void *parent,
467 struct bgp *bgp_orig, struct prefix *nexthop_orig,
468 int nexthop_self_flag, int debug)
ddb5b488
PZ		 469{
470 struct prefix *p = &bn->p;
40381db7
DS		 471 struct bgp_path_info *bpi;
472 struct bgp_path_info *bpi_ultimate;
4b7e6066 473 struct bgp_path_info *new;
ddb5b488 474 char buf_prefix[PREFIX_STRLEN];
ddb5b488
PZ		 475
476 if (debug) {
477 prefix2str(&bn->p, buf_prefix, sizeof(buf_prefix));
960035b2 478 zlog_debug("%s: entry: leak-to=%s, p=%s, type=%d, sub_type=%d",
40381db7
DS		 479 __func__, bgp->name_pretty, buf_prefix,
480 source_bpi->type, source_bpi->sub_type);
ddb5b488
PZ		 481 }
482
f46d45c1
PZ		 483 /*
484 * Routes that are redistributed into BGP from zebra do not get
485 * nexthop tracking. However, if those routes are subsequently
486 * imported to other RIBs within BGP, the leaked routes do not
487 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
488 * in order to determine if the route we are currently leaking
489 * should have nexthop tracking, we must find the ultimate
490 * parent so we can check its sub_type.
491 *
40381db7 492 * As of now, source_bpi may at most be a second-generation route
f46d45c1
PZ		 493 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
494 * Using a loop here supports more complex intra-bgp import-export
495 * schemes that could be implemented in the future.
3bd70bf8 496 *
f46d45c1 497 */
40381db7
DS		 498 for (bpi_ultimate = source_bpi;
499 bpi_ultimate->extra && bpi_ultimate->extra->parent;
500 bpi_ultimate = bpi_ultimate->extra->parent)
501 ;
f46d45c1 502
ddb5b488
PZ		 503 /*
504 * match parent
505 */
6f94b685 506 for (bpi = bgp_node_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
40381db7 507 if (bpi->extra && bpi->extra->parent == parent)
ddb5b488
PZ		 508 break;
509 }
510
40381db7
DS		 511 if (bpi) {
512 bool labelssame = labels_same(bpi, label, num_labels);
e37fb4bf 513
40381db7
DS		 514 if (attrhash_cmp(bpi->attr, new_attr) && labelssame
515 && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
ddb5b488
PZ		 516
517 bgp_attr_unintern(&new_attr);
518 if (debug)
519 zlog_debug(
520 "%s: ->%s: %s: Found route, no change",
960035b2 521 __func__, bgp->name_pretty,
ddb5b488
PZ		 522 buf_prefix);
523 return NULL;
524 }
525
526 /* attr is changed */
40381db7 527 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED);
ddb5b488
PZ		 528
529 /* Rewrite BGP route information. */
40381db7
DS		 530 if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED))
531 bgp_path_info_restore(bn, bpi);
ddb5b488 532 else
40381db7
DS		 533 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
534 bgp_attr_unintern(&bpi->attr);
535 bpi->attr = new_attr;
536 bpi->uptime = bgp_clock();
ddb5b488 537
e37fb4bf
PZ		 538 /*
539 * rewrite labels
540 */
541 if (!labelssame)
40381db7 542 setlabels(bpi, label, num_labels);
e37fb4bf 543
960035b2 544 if (nexthop_self_flag)
40381db7 545 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF);
960035b2
PZ		 546
547 struct bgp *bgp_nexthop = bgp;
548 int nh_valid;
549
40381db7
DS		 550 if (bpi->extra && bpi->extra->bgp_orig)
551 bgp_nexthop = bpi->extra->bgp_orig;
960035b2 552
0a2f9ac1 553 /*
554 * No nexthop tracking for redistributed routes or for
555 * EVPN-imported routes that get leaked.
556 */
557 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
558 is_pi_family_evpn(bpi_ultimate))
960035b2
PZ		 559 nh_valid = 1;
560 else
561 /*
562 * TBD do we need to do anything about the
563 * 'connected' parameter?
564 */
40381db7
DS		 565 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop,
566 afi, bpi, NULL, 0);
960035b2
PZ		 567
568 if (debug)
569 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
570 __func__, (nh_valid ? "" : "not "),
571 bgp_nexthop->name_pretty);
572
573 if (nh_valid)
40381db7 574 bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID);
960035b2 575
ddb5b488 576 /* Process change. */
40381db7 577 bgp_aggregate_increment(bgp, p, bpi, afi, safi);
ddb5b488
PZ		 578 bgp_process(bgp, bn, afi, safi);
579 bgp_unlock_node(bn);
580
581 if (debug)
582 zlog_debug("%s: ->%s: %s Found route, changed attr",
960035b2 583 __func__, bgp->name_pretty, buf_prefix);
ddb5b488 584
40381db7 585 return bpi;
ddb5b488
PZ		 586 }
587
be180f97 588 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
960035b2
PZ		 589 bgp->peer_self, new_attr, bn);
590
591 if (nexthop_self_flag)
18ee8310 592 bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF);
ddb5b488 593
18ee8310 594 bgp_path_info_extra_get(new);
4b85140f 595
e37fb4bf
PZ		 596 if (num_labels)
597 setlabels(new, label, num_labels);
598
18ee8310 599 new->extra->parent = bgp_path_info_lock(parent);
4b7e6066 600 bgp_lock_node((struct bgp_node *)((struct bgp_path_info *)parent)->net);
ddb5b488 601 if (bgp_orig)
21d88ef7 602 new->extra->bgp_orig = bgp_lock(bgp_orig);
ddb5b488
PZ		 603 if (nexthop_orig)
604 new->extra->nexthop_orig = *nexthop_orig;
605
960035b2
PZ		 606 /*
607 * nexthop tracking for unicast routes
608 */
609 struct bgp *bgp_nexthop = bgp;
610 int nh_valid;
611
4b85140f 612 if (new->extra->bgp_orig)
960035b2
PZ		 613 bgp_nexthop = new->extra->bgp_orig;
614
615 /*
616 * No nexthop tracking for redistributed routes because
617 * their originating protocols will do the tracking and
618 * withdraw those routes if the nexthops become unreachable
0a2f9ac1 619 * This also holds good for EVPN-imported routes that get
620 * leaked.
960035b2 621 */
0a2f9ac1 622 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
623 is_pi_family_evpn(bpi_ultimate))
960035b2
PZ		 624 nh_valid = 1;
625 else
626 /*
627 * TBD do we need to do anything about the
628 * 'connected' parameter?
629 */
630 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop,
631 afi, new, NULL, 0);
632
633 if (debug)
634 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
635 __func__, (nh_valid ? "" : "not "),
636 bgp_nexthop->name_pretty);
637 if (nh_valid)
18ee8310 638 bgp_path_info_set_flag(bn, new, BGP_PATH_VALID);
960035b2 639
ddb5b488 640 bgp_aggregate_increment(bgp, p, new, afi, safi);
18ee8310 641 bgp_path_info_add(bn, new);
ddb5b488
PZ		 642
643 bgp_unlock_node(bn);
644 bgp_process(bgp, bn, afi, safi);
645
646 if (debug)
647 zlog_debug("%s: ->%s: %s: Added new route", __func__,
960035b2 648 bgp->name_pretty, buf_prefix);
ddb5b488
PZ		 649
650 return new;
651}
652
653/* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
4b7e6066
DS		 654void vpn_leak_from_vrf_update(struct bgp *bgp_vpn, /* to */
655 struct bgp *bgp_vrf, /* from */
40381db7 656 struct bgp_path_info *path_vrf) /* route */
ddb5b488
PZ		 657{
658 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
40381db7 659 struct prefix *p = &path_vrf->net->p;
ddb5b488
PZ		 660 afi_t afi = family2afi(p->family);
661 struct attr static_attr = {0};
662 struct attr *new_attr = NULL;
663 safi_t safi = SAFI_MPLS_VPN;
664 mpls_label_t label_val;
665 mpls_label_t label;
666 struct bgp_node *bn;
667 const char *debugmsg;
960035b2
PZ		 668 int nexthop_self_flag = 0;
669
670 if (debug)
671 zlog_debug("%s: from vrf %s", __func__, bgp_vrf->name_pretty);
ddb5b488 672
40381db7
DS		 673 if (debug && path_vrf->attr->ecommunity) {
674 char *s = ecommunity_ecom2str(path_vrf->attr->ecommunity,
c8f57349 675 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
ddb5b488 676
40381db7
DS		 677 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__,
678 bgp_vrf->name, path_vrf->type, s);
c8f57349 679 XFREE(MTYPE_ECOMMUNITY_STR, s);
ddb5b488
PZ		 680 }
681
682 if (!bgp_vpn)
683 return;
684
685 if (!afi) {
686 if (debug)
687 zlog_debug("%s: can't get afi of prefix", __func__);
688 return;
689 }
690
12d6100c 691 /* Is this route exportable into the VPN table? */
692 if (!is_route_injectable_into_vpn(path_vrf))
ddb5b488
PZ		 693 return;
694
ddb5b488
PZ		 695 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
696 if (debug)
12a844a5
DS		 697 zlog_debug("%s: %s skipping: %s", __func__,
698 bgp_vrf->name, debugmsg);
ddb5b488
PZ		 699 return;
700 }
701
6f4f49b2
QY		 702 /* shallow copy */
703 static_attr = *path_vrf->attr;
ddb5b488
PZ		 704
705 /*
706 * route map handling
707 */
708 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
4b7e6066 709 struct bgp_path_info info;
ddb5b488
PZ		 710 route_map_result_t ret;
711
712 memset(&info, 0, sizeof(info));
713 info.peer = bgp_vpn->peer_self;
714 info.attr = &static_attr;
715 ret = route_map_apply(
716 bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN],
717 p, RMAP_BGP, &info);
718 if (RMAP_DENYMATCH == ret) {
719 bgp_attr_flush(&static_attr); /* free any added parts */
720 if (debug)
721 zlog_debug(
722 "%s: vrf %s route map \"%s\" says DENY, returning",
960035b2 723 __func__, bgp_vrf->name_pretty,
ddb5b488
PZ		 724 bgp_vrf->vpn_policy[afi]
725 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
726 ->name);
727 return;
728 }
729 }
730
c8f57349
DS		 731 if (debug && static_attr.ecommunity) {
732 char *s = ecommunity_ecom2str(static_attr.ecommunity,
733 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
ddb5b488 734
ddb5b488
PZ		 735 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
736 __func__, s);
c8f57349 737 XFREE(MTYPE_ECOMMUNITY_STR, s);
ddb5b488
PZ		 738 }
739
740 /*
741 * Add the vpn-policy rt-list
742 */
743 struct ecommunity *old_ecom;
744 struct ecommunity *new_ecom;
745
746 old_ecom = static_attr.ecommunity;
747 if (old_ecom) {
748 new_ecom = ecommunity_merge(
749 ecommunity_dup(old_ecom),
750 bgp_vrf->vpn_policy[afi]
751 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
752 if (!old_ecom->refcnt)
753 ecommunity_free(&old_ecom);
754 } else {
755 new_ecom = ecommunity_dup(
756 bgp_vrf->vpn_policy[afi]
757 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
758 }
759 static_attr.ecommunity = new_ecom;
760 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
761
c8f57349
DS		 762 if (debug && static_attr.ecommunity) {
763 char *s = ecommunity_ecom2str(static_attr.ecommunity,
764 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
ddb5b488 765
ddb5b488
PZ		 766 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
767 __func__, s);
c8f57349 768 XFREE(MTYPE_ECOMMUNITY_STR, s);
ddb5b488
PZ		 769 }
770
771 /* Nexthop */
772 /* if policy nexthop not set, use 0 */
773 if (CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
774 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
ddb5b488
PZ		 775 struct prefix *nexthop =
776 &bgp_vrf->vpn_policy[afi].tovpn_nexthop;
12a844a5 777
ddb5b488
PZ		 778 switch (nexthop->family) {
779 case AF_INET:
780 /* prevent mp_nexthop_global_in <- self in bgp_route.c
781 */
782 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
783
784 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
0606039c 785 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV4;
ddb5b488
PZ		 786 break;
787
788 case AF_INET6:
789 static_attr.mp_nexthop_global = nexthop->u.prefix6;
0606039c 790 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL;
ddb5b488
PZ		 791 break;
792
793 default:
794 assert(0);
795 }
796 } else {
12a844a5
DS		 797 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST],
798 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
799 if (afi == AFI_IP) {
020a3f60
DS		 800 /*
801 * For ipv4, copy to multiprotocol
802 * nexthop field
803 */
804 static_attr.mp_nexthop_global_in =
805 static_attr.nexthop;
0606039c
DA		 806 static_attr.mp_nexthop_len =
807 BGP_ATTR_NHLEN_IPV4;
020a3f60
DS		 808 /*
809 * XXX Leave static_attr.nexthop
810 * intact for NHT
811 */
812 static_attr.flag &=
813 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
12a844a5
DS		 814 }
815 } else {
77e62f2b 816 /* Update based on next-hop family to account for
817 * RFC 5549 (BGP unnumbered) scenario. Note that
818 * specific action is only needed for the case of
819 * IPv4 nexthops as the attr has been copied
820 * otherwise.
821 */
40381db7
DS		 822 if (afi == AFI_IP
823 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
12a844a5
DS		 824 static_attr.mp_nexthop_global_in.s_addr =
825 static_attr.nexthop.s_addr;
0606039c
DA		 826 static_attr.mp_nexthop_len =
827 BGP_ATTR_NHLEN_IPV4;
12a844a5
DS		 828 static_attr.flag |=
829 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
12a844a5 830 }
ddb5b488 831 }
960035b2 832 nexthop_self_flag = 1;
ddb5b488
PZ		 833 }
834
835 label_val = bgp_vrf->vpn_policy[afi].tovpn_label;
836 if (label_val == MPLS_LABEL_NONE) {
291e32c3 837 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
ddb5b488
PZ		 838 } else {
839 encode_label(label_val, &label);
840 }
841
842 /* Set originator ID to "me" */
843 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
844 static_attr.originator_id = bgp_vpn->router_id;
845
846
847 new_attr = bgp_attr_intern(
848 &static_attr); /* hashed refcounted everything */
849 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
850
c3e345b1
DS		 851 if (debug && new_attr->ecommunity) {
852 char *s = ecommunity_ecom2str(new_attr->ecommunity,
853 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
ddb5b488 854
ddb5b488 855 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
c3e345b1 856 XFREE(MTYPE_ECOMMUNITY_STR, s);
ddb5b488
PZ		 857 }
858
859 /* Now new_attr is an allocated interned attr */
860
861 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
862 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
863
4b7e6066 864 struct bgp_path_info *new_info;
ddb5b488 865
40381db7
DS		 866 new_info = leak_update(bgp_vpn, bn, new_attr, afi, safi, path_vrf,
867 &label, 1, path_vrf, bgp_vrf, NULL,
960035b2 868 nexthop_self_flag, debug);
ddb5b488
PZ		 869
870 /*
871 * Routes actually installed in the vpn RIB must also be
872 * offered to all vrfs (because now they originate from
873 * the vpn RIB).
874 *
875 * Acceptance into other vrfs depends on rt-lists.
876 * Originating vrf will not accept the looped back route
877 * because of loop checking.
878 */
879 if (new_info)
321b4bc9 880 vpn_leak_to_vrf_update(bgp_vrf, new_info);
ddb5b488
PZ		 881}
882
4b7e6066
DS		 883void vpn_leak_from_vrf_withdraw(struct bgp *bgp_vpn, /* to */
884 struct bgp *bgp_vrf, /* from */
40381db7 885 struct bgp_path_info *path_vrf) /* route */
ddb5b488
PZ		 886{
887 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
40381db7 888 struct prefix *p = &path_vrf->net->p;
ddb5b488
PZ		 889 afi_t afi = family2afi(p->family);
890 safi_t safi = SAFI_MPLS_VPN;
40381db7 891 struct bgp_path_info *bpi;
ddb5b488
PZ		 892 struct bgp_node *bn;
893 const char *debugmsg;
960035b2
PZ		 894 char buf_prefix[PREFIX_STRLEN];
895
896 if (debug) {
897 prefix2str(p, buf_prefix, sizeof(buf_prefix));
898 zlog_debug(
899 "%s: entry: leak-from=%s, p=%s, type=%d, sub_type=%d",
900 __func__, bgp_vrf->name_pretty, buf_prefix,
40381db7 901 path_vrf->type, path_vrf->sub_type);
960035b2 902 }
ddb5b488 903
ddb5b488
PZ		 904 if (!bgp_vpn)
905 return;
906
907 if (!afi) {
908 if (debug)
909 zlog_debug("%s: can't get afi of prefix", __func__);
910 return;
911 }
912
12d6100c 913 /* Is this route exportable into the VPN table? */
914 if (!is_route_injectable_into_vpn(path_vrf))
915 return;
916
ddb5b488
PZ		 917 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
918 if (debug)
919 zlog_debug("%s: skipping: %s", __func__, debugmsg);
920 return;
921 }
922
923 if (debug)
40381db7 924 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf);
ddb5b488
PZ		 925
926 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
927 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
928
6f94b685
DS		 929 if (!bn)
930 return;
ddb5b488
PZ		 931 /*
932 * vrf -> vpn
40381db7 933 * match original bpi imported from
ddb5b488 934 */
6f94b685 935 for (bpi = bgp_node_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
40381db7 936 if (bpi->extra && bpi->extra->parent == path_vrf) {
ddb5b488
PZ		 937 break;
938 }
939 }
940
40381db7 941 if (bpi) {
ddb5b488 942 /* withdraw from looped vrfs as well */
40381db7 943 vpn_leak_to_vrf_withdraw(bgp_vpn, bpi);
ddb5b488 944
40381db7
DS		 945 bgp_aggregate_decrement(bgp_vpn, p, bpi, afi, safi);
946 bgp_path_info_delete(bn, bpi);
ddb5b488
PZ		 947 bgp_process(bgp_vpn, bn, afi, safi);
948 }
949 bgp_unlock_node(bn);
950}
951
952void vpn_leak_from_vrf_withdraw_all(struct bgp *bgp_vpn, /* to */
953 struct bgp *bgp_vrf, /* from */
954 afi_t afi)
955{
956 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
957 struct bgp_node *prn;
958 safi_t safi = SAFI_MPLS_VPN;
959
960 /*
40381db7 961 * Walk vpn table, delete bpi with bgp_orig == bgp_vrf
ddb5b488
PZ		 962 */
963 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
964 prn = bgp_route_next(prn)) {
965
966 struct bgp_table *table;
967 struct bgp_node *bn;
40381db7 968 struct bgp_path_info *bpi;
ddb5b488
PZ		 969
970 /* This is the per-RD table of prefixes */
67009e22 971 table = bgp_node_get_bgp_table_info(prn);
ddb5b488
PZ		 972
973 if (!table)
974 continue;
975
976 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
977
978 char buf[PREFIX2STR_BUFFER];
979
6f94b685
DS		 980 bpi = bgp_node_get_bgp_path_info(bn);
981 if (debug && bpi) {
ddb5b488
PZ		 982 zlog_debug(
983 "%s: looking at prefix %s", __func__,
984 prefix2str(&bn->p, buf, sizeof(buf)));
985 }
986
6f94b685 987 for (; bpi; bpi = bpi->next) {
ddb5b488
PZ		 988 if (debug)
989 zlog_debug("%s: type %d, sub_type %d",
40381db7
DS		 990 __func__, bpi->type,
991 bpi->sub_type);
992 if (bpi->sub_type != BGP_ROUTE_IMPORTED)
ddb5b488 993 continue;
40381db7 994 if (!bpi->extra)
ddb5b488 995 continue;
40381db7 996 if ((struct bgp *)bpi->extra->bgp_orig
ddb5b488
PZ		 997 == bgp_vrf) {
998 /* delete route */
999 if (debug)
9165c5f5 1000 zlog_debug("%s: deleting it",
ddb5b488
PZ		 1001 __func__);
1002 bgp_aggregate_decrement(bgp_vpn, &bn->p,
40381db7
DS		 1003 bpi, afi, safi);
1004 bgp_path_info_delete(bn, bpi);
ddb5b488
PZ		 1005 bgp_process(bgp_vpn, bn, afi, safi);
1006 }
1007 }
1008 }
1009 }
1010}
1011
1012void vpn_leak_from_vrf_update_all(struct bgp *bgp_vpn, /* to */
1013 struct bgp *bgp_vrf, /* from */
1014 afi_t afi)
1015{
1016 struct bgp_node *bn;
40381db7 1017 struct bgp_path_info *bpi;
ddb5b488
PZ		 1018 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1019
1020 if (debug)
1021 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
960035b2 1022 bgp_vrf->name_pretty);
ddb5b488
PZ		 1023
1024 for (bn = bgp_table_top(bgp_vrf->rib[afi][SAFI_UNICAST]); bn;
1025 bn = bgp_route_next(bn)) {
1026
1027 if (debug)
1028 zlog_debug("%s: node=%p", __func__, bn);
1029
6f94b685
DS		 1030 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1031 bpi = bpi->next) {
ddb5b488
PZ		 1032 if (debug)
1033 zlog_debug(
1034 "%s: calling vpn_leak_from_vrf_update",
1035 __func__);
40381db7 1036 vpn_leak_from_vrf_update(bgp_vpn, bgp_vrf, bpi);
ddb5b488
PZ		 1037 }
1038 }
1039}
1040
4b7e6066
DS		 1041static void
1042vpn_leak_to_vrf_update_onevrf(struct bgp *bgp_vrf, /* to */
1043 struct bgp *bgp_vpn, /* from */
40381db7 1044 struct bgp_path_info *path_vpn) /* route */
ddb5b488 1045{
40381db7 1046 struct prefix *p = &path_vpn->net->p;
ddb5b488
PZ		 1047 afi_t afi = family2afi(p->family);
1048
ddb5b488
PZ		 1049 struct attr static_attr = {0};
1050 struct attr *new_attr = NULL;
1051 struct bgp_node *bn;
1052 safi_t safi = SAFI_UNICAST;
1053 const char *debugmsg;
1054 struct prefix nexthop_orig;
1055 mpls_label_t *pLabels = NULL;
e37fb4bf 1056 uint32_t num_labels = 0;
960035b2 1057 int nexthop_self_flag = 1;
40381db7 1058 struct bgp_path_info *bpi_ultimate = NULL;
513bf8d6 1059 int origin_local = 0;
d6632478 1060 struct bgp *src_vrf;
ddb5b488
PZ		 1061
1062 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1063
b9c7bc5a 1064 if (!vpn_leak_from_vpn_active(bgp_vrf, afi, &debugmsg)) {
ddb5b488
PZ		 1065 if (debug)
1066 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1067 return;
1068 }
1069
1070 /* Check for intersection of route targets */
1071 if (!ecom_intersect(
1072 bgp_vrf->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
40381db7 1073 path_vpn->attr->ecommunity)) {
ddb5b488
PZ		 1074
1075 return;
1076 }
1077
1dcc9e5b
CS		 1078 if (debug) {
1079 char buf_prefix[PREFIX_STRLEN];
1080
1081 prefix2str(p, buf_prefix, sizeof(buf_prefix));
1082 zlog_debug("%s: updating %s to vrf %s", __func__,
1083 buf_prefix, bgp_vrf->name_pretty);
1084 }
ddb5b488 1085
6f4f49b2
QY		 1086 /* shallow copy */
1087 static_attr = *path_vpn->attr;
ddb5b488
PZ		 1088
1089 /*
1090 * Nexthop: stash and clear
1091 *
1092 * Nexthop is valid in context of VPN core, but not in destination vrf.
1093 * Stash it for later label resolution by vrf ingress path and then
1094 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1095 */
40381db7 1096 uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len);
ddb5b488
PZ		 1097
1098 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1099 nexthop_orig.family = nhfamily;
1100
1101 switch (nhfamily) {
ddb5b488
PZ		 1102 case AF_INET:
1103 /* save */
40381db7 1104 nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in;
ddb5b488 1105 nexthop_orig.prefixlen = 32;
12a844a5
DS		 1106
1107 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1108 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1109 static_attr.nexthop.s_addr =
1110 nexthop_orig.u.prefix4.s_addr;
1111
1112 static_attr.mp_nexthop_global_in =
40381db7 1113 path_vpn->attr->mp_nexthop_global_in;
12a844a5 1114 static_attr.mp_nexthop_len =
40381db7 1115 path_vpn->attr->mp_nexthop_len;
12a844a5 1116 }
de4d0a51 1117 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
ddb5b488 1118 break;
ddb5b488
PZ		 1119 case AF_INET6:
1120 /* save */
40381db7 1121 nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global;
ddb5b488 1122 nexthop_orig.prefixlen = 128;
12a844a5
DS		 1123
1124 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1125 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1126 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
12a844a5 1127 }
ddb5b488
PZ		 1128 break;
1129 }
1130
ddb5b488
PZ		 1131 /*
1132 * route map handling
ddb5b488 1133 */
ddb5b488 1134 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
4b7e6066 1135 struct bgp_path_info info;
ddb5b488
PZ		 1136 route_map_result_t ret;
1137
1138 memset(&info, 0, sizeof(info));
1139 info.peer = bgp_vrf->peer_self;
1140 info.attr = &static_attr;
1dcc9e5b 1141 info.extra = path_vpn->extra; /* Used for source-vrf filter */
ddb5b488
PZ		 1142 ret = route_map_apply(bgp_vrf->vpn_policy[afi]
1143 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
1144 p, RMAP_BGP, &info);
1145 if (RMAP_DENYMATCH == ret) {
1146 bgp_attr_flush(&static_attr); /* free any added parts */
1147 if (debug)
1148 zlog_debug(
1149 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
960035b2 1150 __func__, bgp_vrf->name_pretty,
ddb5b488
PZ		 1151 bgp_vrf->vpn_policy[afi]
1152 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
1153 ->name);
1154 return;
1155 }
960035b2
PZ		 1156 /*
1157 * if route-map changed nexthop, don't nexthop-self on output
1158 */
1159 if (!CHECK_FLAG(static_attr.rmap_change_flags,
1160 BATTR_RMAP_NEXTHOP_UNCHANGED))
1161 nexthop_self_flag = 0;
ddb5b488
PZ		 1162 }
1163
1164 new_attr = bgp_attr_intern(&static_attr);
1165 bgp_attr_flush(&static_attr);
1166
1167 bn = bgp_afi_node_get(bgp_vrf->rib[afi][safi], afi, safi, p, NULL);
1168
1169 /*
1170 * ensure labels are copied
513bf8d6
PZ		 1171 *
1172 * However, there is a special case: if the route originated in
1173 * another local VRF (as opposed to arriving via VPN), then the
1174 * nexthop is reached by hairpinning through this router (me)
1175 * using IP forwarding only (no LSP). Therefore, the route
1176 * imported to the VRF should not have labels attached. Note
1177 * that nexthop tracking is also involved: eliminating the
1178 * labels for these routes enables the non-labeled nexthops
1179 * from the originating VRF to be considered valid for this route.
ddb5b488 1180 */
12a844a5
DS		 1181 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1182 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1183 /* work back to original route */
40381db7
DS		 1184 for (bpi_ultimate = path_vpn;
1185 bpi_ultimate->extra && bpi_ultimate->extra->parent;
1186 bpi_ultimate = bpi_ultimate->extra->parent)
12a844a5 1187 ;
513bf8d6 1188
12a844a5
DS		 1189 /*
1190 * if original route was unicast,
1191 * then it did not arrive over vpn
1192 */
40381db7 1193 if (bpi_ultimate->net) {
12a844a5 1194 struct bgp_table *table;
513bf8d6 1195
40381db7 1196 table = bgp_node_table(bpi_ultimate->net);
12a844a5
DS		 1197 if (table && (table->safi == SAFI_UNICAST))
1198 origin_local = 1;
1199 }
513bf8d6 1200
12a844a5 1201 /* copy labels */
40381db7
DS		 1202 if (!origin_local && path_vpn->extra
1203 && path_vpn->extra->num_labels) {
1204 num_labels = path_vpn->extra->num_labels;
12a844a5
DS		 1205 if (num_labels > BGP_MAX_LABELS)
1206 num_labels = BGP_MAX_LABELS;
40381db7 1207 pLabels = path_vpn->extra->label;
12a844a5 1208 }
ddb5b488 1209 }
513bf8d6 1210
ddb5b488
PZ		 1211 if (debug) {
1212 char buf_prefix[PREFIX_STRLEN];
1213 prefix2str(p, buf_prefix, sizeof(buf_prefix));
1214 zlog_debug("%s: pfx %s: num_labels %d", __func__, buf_prefix,
1215 num_labels);
1216 }
1217
44338987 1218 /*
1d4e8b0d
DS		 1219 * For VRF-2-VRF route-leaking,
1220 * the source will be the originating VRF.
44338987 1221 */
40381db7
DS		 1222 if (path_vpn->extra && path_vpn->extra->bgp_orig)
1223 src_vrf = path_vpn->extra->bgp_orig;
d6632478
PZ		 1224 else
1225 src_vrf = bgp_vpn;
1226
40381db7
DS		 1227 leak_update(bgp_vrf, bn, new_attr, afi, safi, path_vpn, pLabels,
1228 num_labels, path_vpn, /* parent */
1229 src_vrf, &nexthop_orig, nexthop_self_flag, debug);
ddb5b488
PZ		 1230}
1231
4b7e6066 1232void vpn_leak_to_vrf_update(struct bgp *bgp_vpn, /* from */
40381db7 1233 struct bgp_path_info *path_vpn) /* route */
ddb5b488
PZ		 1234{
1235 struct listnode *mnode, *mnnode;
1236 struct bgp *bgp;
1237
1238 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1239
1240 if (debug)
40381db7 1241 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
ddb5b488
PZ		 1242
1243 /* Loop over VRFs */
1244 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1245
40381db7
DS		 1246 if (!path_vpn->extra
1247 || path_vpn->extra->bgp_orig != bgp) { /* no loop */
1248 vpn_leak_to_vrf_update_onevrf(bgp, bgp_vpn, path_vpn);
ddb5b488
PZ		 1249 }
1250 }
1251}
1252
4b7e6066 1253void vpn_leak_to_vrf_withdraw(struct bgp *bgp_vpn, /* from */
40381db7 1254 struct bgp_path_info *path_vpn) /* route */
ddb5b488 1255{
1b3510a0
PZ		 1256 struct prefix *p;
1257 afi_t afi;
ddb5b488
PZ		 1258 safi_t safi = SAFI_UNICAST;
1259 struct bgp *bgp;
1260 struct listnode *mnode, *mnnode;
ddb5b488 1261 struct bgp_node *bn;
40381db7 1262 struct bgp_path_info *bpi;
ddb5b488 1263 const char *debugmsg;
960035b2 1264 char buf_prefix[PREFIX_STRLEN];
ddb5b488
PZ		 1265
1266 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1267
960035b2 1268 if (debug) {
40381db7
DS		 1269 prefix2str(&path_vpn->net->p, buf_prefix, sizeof(buf_prefix));
1270 zlog_debug("%s: entry: p=%s, type=%d, sub_type=%d", __func__,
1271 buf_prefix, path_vpn->type, path_vpn->sub_type);
960035b2
PZ		 1272 }
1273
ddb5b488 1274 if (debug)
40381db7 1275 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
ddb5b488 1276
40381db7 1277 if (!path_vpn->net) {
56c2c080 1278#if ENABLE_BGP_VNC
40381db7
DS		 1279 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
1280 if (path_vpn->type == ZEBRA_ROUTE_BGP
1281 && path_vpn->sub_type == BGP_ROUTE_RFP) {
1b3510a0
PZ		 1282
1283 return;
1284 }
56c2c080 1285#endif
1b3510a0 1286 if (debug)
40381db7
DS		 1287 zlog_debug(
1288 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
1b3510a0
PZ		 1289 __func__);
1290 return;
1291 }
1292
40381db7 1293 p = &path_vpn->net->p;
1b3510a0 1294 afi = family2afi(p->family);
ddb5b488
PZ		 1295
1296 /* Loop over VRFs */
1297 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
b9c7bc5a 1298 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
ddb5b488
PZ		 1299 if (debug)
1300 zlog_debug("%s: skipping: %s", __func__,
1301 debugmsg);
1302 continue;
1303 }
1304
1305 /* Check for intersection of route targets */
1306 if (!ecom_intersect(bgp->vpn_policy[afi]
1307 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
40381db7 1308 path_vpn->attr->ecommunity)) {
ddb5b488
PZ		 1309
1310 continue;
1311 }
1312
1313 if (debug)
1314 zlog_debug("%s: withdrawing from vrf %s", __func__,
960035b2 1315 bgp->name_pretty);
ddb5b488
PZ		 1316
1317 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
6f94b685
DS		 1318
1319 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1320 bpi = bpi->next) {
40381db7
DS		 1321 if (bpi->extra
1322 && (struct bgp_path_info *)bpi->extra->parent
1323 == path_vpn) {
ddb5b488
PZ		 1324 break;
1325 }
1326 }
1327
40381db7 1328 if (bpi) {
ddb5b488 1329 if (debug)
40381db7
DS		 1330 zlog_debug("%s: deleting bpi %p", __func__,
1331 bpi);
1332 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
1333 bgp_path_info_delete(bn, bpi);
ddb5b488
PZ		 1334 bgp_process(bgp, bn, afi, safi);
1335 }
1336 bgp_unlock_node(bn);
1337 }
1338}
1339
1340void vpn_leak_to_vrf_withdraw_all(struct bgp *bgp_vrf, /* to */
1341 afi_t afi)
1342{
1343 struct bgp_node *bn;
40381db7 1344 struct bgp_path_info *bpi;
ddb5b488
PZ		 1345 safi_t safi = SAFI_UNICAST;
1346 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
ddb5b488
PZ		 1347
1348 if (debug)
1349 zlog_debug("%s: entry", __func__);
1350 /*
40381db7 1351 * Walk vrf table, delete bpi with bgp_orig in a different vrf
ddb5b488
PZ		 1352 */
1353 for (bn = bgp_table_top(bgp_vrf->rib[afi][safi]); bn;
1354 bn = bgp_route_next(bn)) {
1355
6f94b685
DS		 1356 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1357 bpi = bpi->next) {
9544ddb2 1358 if (bpi->extra
1359 && bpi->extra->bgp_orig != bgp_vrf
1360 && bpi->extra->parent
1361 && is_pi_family_vpn(bpi->extra->parent)) {
ddb5b488
PZ		 1362
1363 /* delete route */
40381db7 1364 bgp_aggregate_decrement(bgp_vrf, &bn->p, bpi,
ddb5b488 1365 afi, safi);
40381db7 1366 bgp_path_info_delete(bn, bpi);
ddb5b488
PZ		 1367 bgp_process(bgp_vrf, bn, afi, safi);
1368 }
1369 }
1370 }
1371}
1372
1373void vpn_leak_to_vrf_update_all(struct bgp *bgp_vrf, /* to */
1374 struct bgp *bgp_vpn, /* from */
1375 afi_t afi)
1376{
1377 struct prefix_rd prd;
1378 struct bgp_node *prn;
1379 safi_t safi = SAFI_MPLS_VPN;
1380
3bd70bf8 1381 assert(bgp_vpn);
73aed584 1382
ddb5b488
PZ		 1383 /*
1384 * Walk vpn table
1385 */
1386 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
1387 prn = bgp_route_next(prn)) {
1388
1389 struct bgp_table *table;
1390 struct bgp_node *bn;
40381db7 1391 struct bgp_path_info *bpi;
ddb5b488
PZ		 1392
1393 memset(&prd, 0, sizeof(prd));
1394 prd.family = AF_UNSPEC;
1395 prd.prefixlen = 64;
1396 memcpy(prd.val, prn->p.u.val, 8);
1397
1398 /* This is the per-RD table of prefixes */
67009e22 1399 table = bgp_node_get_bgp_table_info(prn);
ddb5b488
PZ		 1400
1401 if (!table)
1402 continue;
1403
1404 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1405
6f94b685
DS		 1406 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1407 bpi = bpi->next) {
ddb5b488 1408
40381db7
DS		 1409 if (bpi->extra
1410 && bpi->extra->bgp_orig == bgp_vrf)
ddb5b488
PZ		 1411 continue;
1412
1413 vpn_leak_to_vrf_update_onevrf(bgp_vrf, bgp_vpn,
40381db7 1414 bpi);
ddb5b488
PZ		 1415 }
1416 }
1417 }
1418}
1419
d92a55df
PZ		 1420/*
1421 * This function is called for definition/deletion/change to a route-map
1422 */
ddb5b488
PZ		 1423static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
1424{
1425 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1426 afi_t afi;
1427 struct route_map *rmap;
1428
1429 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1430 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
1431
1432 return;
1433 }
1434
1435 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
1436
1437 for (afi = 0; afi < AFI_MAX; ++afi) {
1438
d92a55df
PZ		 1439 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
1440 && !strcmp(rmap_name,
ddb5b488
PZ		 1441 bgp->vpn_policy[afi]
1442 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
1443
1444 if (debug)
1445 zlog_debug(
1446 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
1447 __func__, rmap_name, bgp->as,
1448 afi2str(afi));
1449
1450 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1451 bgp_get_default(), bgp);
1452 if (debug)
1453 zlog_debug("%s: after vpn_leak_prechange",
1454 __func__);
1455
d92a55df
PZ		 1456 /* in case of definition/deletion */
1457 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
1458 rmap;
ddb5b488
PZ		 1459
1460 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1461 bgp_get_default(), bgp);
d92a55df 1462
ddb5b488
PZ		 1463 if (debug)
1464 zlog_debug("%s: after vpn_leak_postchange",
1465 __func__);
1466 }
1467
d92a55df
PZ		 1468 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
1469 && !strcmp(rmap_name,
1470 bgp->vpn_policy[afi]
1471 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
b9c7bc5a
PZ		 1472
1473 if (debug) {
1474 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
ddb5b488
PZ		 1475 __func__, rmap_name, bgp->as,
1476 afi2str(afi));
b9c7bc5a 1477 }
ddb5b488
PZ		 1478
1479 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1480 bgp_get_default(), bgp);
1481
d92a55df
PZ		 1482 /* in case of definition/deletion */
1483 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
1484 rmap;
ddb5b488
PZ		 1485
1486 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1487 bgp_get_default(), bgp);
1488 }
1489 }
1490}
1491
636f7608
CS		 1492/* This API is used during router-id change, reflect VPNs
1493 * auto RD and RT values and readvertise routes to VPN table.
1494 */
e65fe398
MS		 1495void vpn_handle_router_id_update(struct bgp *bgp, bool withdraw,
1496 bool is_config)
636f7608
CS		 1497{
1498 afi_t afi;
1499 int debug;
1500 char *vname;
1501 const char *export_name;
1502 char buf[RD_ADDRSTRLEN];
1503 struct bgp *bgp_import;
1504 struct listnode *node;
1505 struct ecommunity *ecom;
1506 vpn_policy_direction_t idir, edir;
1507
1508 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1509 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
1510 return;
1511
1512 export_name = bgp->name ? bgp->name : VRF_DEFAULT_NAME;
1513 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1514 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1515
1516 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1517 edir = BGP_VPN_POLICY_DIR_TOVPN;
1518
1519 for (afi = 0; afi < AFI_MAX; ++afi) {
1520 if (!vpn_leak_to_vpn_active(bgp, afi, NULL))
1521 continue;
1522
1523 if (withdraw) {
1524 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
1525 afi, bgp_get_default(), bgp);
1526 if (debug)
1527 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
1528 __func__, export_name);
1529
1530 /* Remove import RT from VRFs */
1531 ecom = bgp->vpn_policy[afi].rtlist[edir];
1532 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1533 export_vrf, node, vname)) {
1534 bgp_import = bgp_lookup_by_name(vname);
1535 if (!bgp_import)
1536 continue;
1537
1538 ecommunity_del_val(bgp_import->vpn_policy[afi].
1539 rtlist[idir],
1540 (struct ecommunity_val *)ecom->val);
1541
1542 }
1543 } else {
e65fe398
MS		 1544 /*
1545 * Router-id changes that are not explicit config
1546 * changes should not replace configured RD/RT.
1547 */
1548 if (!is_config) {
1549 if (CHECK_FLAG(bgp->vpn_policy[afi].flags,
1550 BGP_VPN_POLICY_TOVPN_RD_SET)) {
1551 if (debug)
1552 zlog_debug("%s: auto router-id change skipped",
1553 __func__);
1554 goto postchange;
1555 }
1556 }
1557
636f7608
CS		 1558 /* New router-id derive auto RD and RT and export
1559 * to VPN
1560 */
1561 form_auto_rd(bgp->router_id, bgp->vrf_rd_id,
1562 &bgp->vrf_prd_auto);
1563 bgp->vpn_policy[afi].tovpn_rd = bgp->vrf_prd_auto;
1564 prefix_rd2str(&bgp->vpn_policy[afi].tovpn_rd, buf,
1565 sizeof(buf));
1566 bgp->vpn_policy[afi].rtlist[edir] =
1567 ecommunity_str2com(buf,
1568 ECOMMUNITY_ROUTE_TARGET, 0);
1569
1570 /* Update import_vrf rt_list */
1571 ecom = bgp->vpn_policy[afi].rtlist[edir];
1572 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1573 export_vrf, node, vname)) {
1574 bgp_import = bgp_lookup_by_name(vname);
1575 if (!bgp_import)
1576 continue;
1577 if (bgp_import->vpn_policy[afi].rtlist[idir])
1578 bgp_import->vpn_policy[afi].rtlist[idir]
1579 = ecommunity_merge(
1580 bgp_import->vpn_policy[afi]
1581 .rtlist[idir], ecom);
1582 else
1583 bgp_import->vpn_policy[afi].rtlist[idir]
1584 = ecommunity_dup(ecom);
1585
1586 }
e65fe398
MS		 1587
1588postchange:
636f7608
CS		 1589 /* Update routes to VPN */
1590 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
1591 afi, bgp_get_default(),
1592 bgp);
1593 if (debug)
1594 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
1595 __func__, export_name);
1596 }
1597 }
1598}
1599
ddb5b488
PZ		 1600void vpn_policy_routemap_event(const char *rmap_name)
1601{
1602 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1603 struct listnode *mnode, *mnnode;
1604 struct bgp *bgp;
1605
1606 if (debug)
1607 zlog_debug("%s: entry", __func__);
1608
1609 if (bm->bgp == NULL) /* may be called during cleanup */
1610 return;
1611
1612 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
1613 vpn_policy_routemap_update(bgp, rmap_name);
1614}
1615
1d4e8b0d 1616void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
44338987 1617 afi_t afi, safi_t safi)
1618{
1619 const char *export_name;
1620 vpn_policy_direction_t idir, edir;
9ecf931b
CS		 1621 char *vname, *tmp_name;
1622 char buf[RD_ADDRSTRLEN];
44338987 1623 struct ecommunity *ecom;
1624 bool first_export = false;
636f7608 1625 int debug;
9ecf931b
CS		 1626 struct listnode *node;
1627 bool is_inst_match = false;
44338987 1628
5742e42b 1629 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
44338987 1630 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1631 edir = BGP_VPN_POLICY_DIR_TOVPN;
1632
636f7608
CS		 1633 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1634 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1635
1d4e8b0d
DS		 1636 /*
1637 * Cross-ref both VRFs. Also, note if this is the first time
44338987 1638 * any VRF is importing from "import_vrf".
1639 */
a8dadcf6 1640 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
5742e42b 1641 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
a8dadcf6 1642
9ecf931b
CS		 1643 /* Check the import_vrf list of destination vrf for the source vrf name,
1644 * insert otherwise.
1645 */
1646 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf,
1647 node, tmp_name)) {
1648 if (strcmp(vname, tmp_name) == 0) {
1649 is_inst_match = true;
1650 break;
1651 }
1652 }
1653 if (!is_inst_match)
1654 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
1655 vname);
44338987 1656
9ecf931b
CS		 1657 /* Check if the source vrf already exports to any vrf,
1658 * first time export requires to setup auto derived RD/RT values.
1659 * Add the destination vrf name to export vrf list if it is
1660 * not present.
1661 */
1662 is_inst_match = false;
44338987 1663 vname = XSTRDUP(MTYPE_TMP, export_name);
9ecf931b
CS		 1664 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
1665 first_export = true;
1666 } else {
1667 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
1668 node, tmp_name)) {
1669 if (strcmp(vname, tmp_name) == 0) {
1670 is_inst_match = true;
1671 break;
1672 }
1673 }
1674 }
1675 if (!is_inst_match)
1676 listnode_add(from_bgp->vpn_policy[afi].export_vrf,
1677 vname);
44338987 1678 /* Update import RT for current VRF using export RT of the VRF we're
1679 * importing from. First though, make sure "import_vrf" has that
1680 * set.
1681 */
1682 if (first_export) {
1d4e8b0d
DS		 1683 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
1684 &from_bgp->vrf_prd_auto);
1685 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
1686 SET_FLAG(from_bgp->vpn_policy[afi].flags,
44338987 1687 BGP_VPN_POLICY_TOVPN_RD_SET);
1d4e8b0d 1688 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
44338987 1689 buf, sizeof(buf));
1d4e8b0d 1690 from_bgp->vpn_policy[afi].rtlist[edir] =
44338987 1691 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
1d4e8b0d 1692 SET_FLAG(from_bgp->af_flags[afi][safi],
44338987 1693 BGP_CONFIG_VRF_TO_VRF_EXPORT);
13b7e7f0
DS		 1694 from_bgp->vpn_policy[afi].tovpn_label =
1695 BGP_PREVENT_VRF_2_VRF_LEAK;
44338987 1696 }
1d4e8b0d
DS		 1697 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1698 if (to_bgp->vpn_policy[afi].rtlist[idir])
1699 to_bgp->vpn_policy[afi].rtlist[idir] =
1700 ecommunity_merge(to_bgp->vpn_policy[afi]
44338987 1701 .rtlist[idir], ecom);
1702 else
1d4e8b0d
DS		 1703 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
1704 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
44338987 1705
636f7608
CS		 1706 if (debug) {
1707 const char *from_name;
1708
1709 from_name = from_bgp->name ? from_bgp->name :
1710 VRF_DEFAULT_NAME;
1711 zlog_debug("%s from %s to %s first_export %u import-rt %s export-rt %s",
1712 __func__, from_name, export_name, first_export,
1713 to_bgp->vpn_policy[afi].rtlist[idir] ?
1714 (ecommunity_ecom2str(to_bgp->vpn_policy[afi].
1715 rtlist[idir],
1716 ECOMMUNITY_FORMAT_ROUTE_MAP, 0)) : " ",
1717 to_bgp->vpn_policy[afi].rtlist[edir] ?
1718 (ecommunity_ecom2str(to_bgp->vpn_policy[afi].
1719 rtlist[edir],
1720 ECOMMUNITY_FORMAT_ROUTE_MAP, 0)) : " ");
1721 }
1722
44338987 1723 /* Does "import_vrf" first need to export its routes or that
1724 * is already done and we just need to import those routes
1725 * from the global table?
1726 */
1727 if (first_export)
1d4e8b0d 1728 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
44338987 1729 else
1d4e8b0d 1730 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
44338987 1731}
1732
1d4e8b0d 1733void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
44338987 1734 afi_t afi, safi_t safi)
1735{
a8dadcf6 1736 const char *export_name, *tmp_name;
44338987 1737 vpn_policy_direction_t idir, edir;
1738 char *vname;
9ecf931b 1739 struct ecommunity *ecom = NULL;
44338987 1740 struct listnode *node;
636f7608 1741 int debug;
44338987 1742
5742e42b
DS		 1743 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
1744 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
44338987 1745 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1746 edir = BGP_VPN_POLICY_DIR_TOVPN;
1747
636f7608
CS		 1748 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1749 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1750
44338987 1751 /* Were we importing from "import_vrf"? */
1d4e8b0d
DS		 1752 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
1753 vname)) {
a8dadcf6 1754 if (strcmp(vname, tmp_name) == 0)
020a3f60 1755 break;
44338987 1756 }
1d4e8b0d
DS		 1757
1758 /*
1759 * We do not check in the cli if the passed in bgp
1760 * instance is actually imported into us before
1761 * we call this function. As such if we do not
1762 * find this in the import_vrf list than
1763 * we just need to return safely.
1764 */
44338987 1765 if (!vname)
1766 return;
1767
636f7608
CS		 1768 if (debug)
1769 zlog_debug("%s from %s to %s", __func__, tmp_name, export_name);
1770
44338987 1771 /* Remove "import_vrf" from our import list. */
1d4e8b0d 1772 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
44338987 1773 XFREE(MTYPE_TMP, vname);
1774
1775 /* Remove routes imported from "import_vrf". */
1776 /* TODO: In the current logic, we have to first remove all
1777 * imported routes and then (if needed) import back routes
1778 */
1d4e8b0d 1779 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
44338987 1780
1d4e8b0d
DS		 1781 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
1782 UNSET_FLAG(to_bgp->af_flags[afi][safi],
44338987 1783 BGP_CONFIG_VRF_TO_VRF_IMPORT);
9ecf931b
CS		 1784 if (to_bgp->vpn_policy[afi].rtlist[idir])
1785 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
44338987 1786 } else {
1d4e8b0d 1787 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
9ecf931b
CS		 1788 if (ecom)
1789 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
44338987 1790 (struct ecommunity_val *)ecom->val);
1d4e8b0d 1791 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
44338987 1792 }
1793
89d59347
DS		 1794 /*
1795 * What?
1796 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
1797 * below is checking for NULL that export_vrf can be
1798 * NULL, consequently it is complaining( like a cabbage )
1799 * that we could dereference and crash in the listcount(..)
1800 * check below.
1801 * So make it happy, under protest, with liberty and justice
1802 * for all.
1803 */
1d4e8b0d 1804 assert(from_bgp->vpn_policy[afi].export_vrf);
89d59347 1805
44338987 1806 /* Remove us from "import_vrf's" export list. If no other VRF
1807 * is importing from "import_vrf", cleanup appropriately.
1808 */
1d4e8b0d 1809 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
44338987 1810 node, vname)) {
1811 if (strcmp(vname, export_name) == 0)
1812 break;
1813 }
1814
1d4e8b0d
DS		 1815 /*
1816 * If we have gotten to this point then the vname must
1817 * exist. If not, we are in a world of trouble and
1818 * have slag sitting around.
1819 *
1820 * import_vrf and export_vrf must match in having
1821 * the in/out names as appropriate.
9ecf931b
CS		 1822 * export_vrf list could have been cleaned up
1823 * as part of no router bgp source instnace.
1d4e8b0d 1824 */
9ecf931b
CS		 1825 if (!vname)
1826 return;
1d4e8b0d
DS		 1827
1828 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
44338987 1829 XFREE(MTYPE_TMP, vname);
1830
1d4e8b0d
DS		 1831 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
1832 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
1833 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
1834 UNSET_FLAG(from_bgp->af_flags[afi][safi],
44338987 1835 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1d4e8b0d 1836 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
44338987 1837 sizeof(struct prefix_rd));
1d4e8b0d 1838 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
44338987 1839 BGP_VPN_POLICY_TOVPN_RD_SET);
13b7e7f0
DS		 1840 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
1841
44338987 1842 }
1843}
1844
718e3744 1845/* For testing purpose, static route of MPLS-VPN. */
1846DEFUN (vpnv4_network,
1847 vpnv4_network_cmd,
d114b977 1848 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
718e3744 1849 "Specify a network to announce via BGP\n"
0c7b1b01 1850 "IPv4 prefix\n"
718e3744 1851 "Specify Route Distinguisher\n"
1852 "VPN Route Distinguisher\n"
fb1d2a2d
LB		 1853 "VPN NLRI label (tag)\n"
1854 "VPN NLRI label (tag)\n"
1855 "Label value\n")
718e3744 1856{
d62a17ae 1857 int idx_ipv4_prefixlen = 1;
1858 int idx_ext_community = 3;
1859 int idx_label = 5;
1860 return bgp_static_set_safi(
1861 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1862 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
1863 NULL, NULL, NULL, NULL);
137446f9
LB		 1864}
1865
1866DEFUN (vpnv4_network_route_map,
1867 vpnv4_network_route_map_cmd,
d114b977 1868 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map WORD",
137446f9 1869 "Specify a network to announce via BGP\n"
0c7b1b01 1870 "IPv4 prefix\n"
137446f9
LB		 1871 "Specify Route Distinguisher\n"
1872 "VPN Route Distinguisher\n"
fb1d2a2d
LB		 1873 "VPN NLRI label (tag)\n"
1874 "VPN NLRI label (tag)\n"
1875 "Label value\n"
137446f9
LB		 1876 "route map\n"
1877 "route map name\n")
1878{
d62a17ae 1879 int idx_ipv4_prefixlen = 1;
1880 int idx_ext_community = 3;
1881 int idx_label = 5;
1882 int idx_word_2 = 7;
1883 return bgp_static_set_safi(
1884 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1885 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1886 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
718e3744 1887}
1888
1889/* For testing purpose, static route of MPLS-VPN. */
1890DEFUN (no_vpnv4_network,
1891 no_vpnv4_network_cmd,
d114b977 1892 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
718e3744 1893 NO_STR
1894 "Specify a network to announce via BGP\n"
0c7b1b01 1895 "IPv4 prefix\n"
718e3744 1896 "Specify Route Distinguisher\n"
1897 "VPN Route Distinguisher\n"
fb1d2a2d
LB		 1898 "VPN NLRI label (tag)\n"
1899 "VPN NLRI label (tag)\n"
1900 "Label value\n")
718e3744 1901{
d62a17ae 1902 int idx_ipv4_prefixlen = 2;
1903 int idx_ext_community = 4;
1904 int idx_label = 6;
1905 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
1906 argv[idx_ipv4_prefixlen]->arg,
1907 argv[idx_ext_community]->arg,
1908 argv[idx_label]->arg, 0, NULL, NULL, NULL);
718e3744 1909}
1910
c286be96
LX		 1911DEFUN (vpnv6_network,
1912 vpnv6_network_cmd,
d114b977 1913 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map WORD]",
c286be96
LX		 1914 "Specify a network to announce via BGP\n"
1915 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1916 "Specify Route Distinguisher\n"
1917 "VPN Route Distinguisher\n"
fb1d2a2d
LB		 1918 "VPN NLRI label (tag)\n"
1919 "VPN NLRI label (tag)\n"
1920 "Label value\n"
11daee81
DS		 1921 "route map\n"
1922 "route map name\n")
c286be96 1923{
d62a17ae 1924 int idx_ipv6_prefix = 1;
1925 int idx_ext_community = 3;
1926 int idx_label = 5;
1927 int idx_word_2 = 7;
1928 if (argc == 8)
1929 return bgp_static_set_safi(
1930 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1931 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1932 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1933 else
1934 return bgp_static_set_safi(
1935 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1936 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1937 NULL, 0, NULL, NULL, NULL, NULL);
c286be96
LX		 1938}
1939
1940/* For testing purpose, static route of MPLS-VPN. */
1941DEFUN (no_vpnv6_network,
1942 no_vpnv6_network_cmd,
d114b977 1943 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
c286be96
LX		 1944 NO_STR
1945 "Specify a network to announce via BGP\n"
1946 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1947 "Specify Route Distinguisher\n"
1948 "VPN Route Distinguisher\n"
fb1d2a2d
LB		 1949 "VPN NLRI label (tag)\n"
1950 "VPN NLRI label (tag)\n"
1951 "Label value\n")
c286be96 1952{
d62a17ae 1953 int idx_ipv6_prefix = 2;
1954 int idx_ext_community = 4;
1955 int idx_label = 6;
1956 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
1957 argv[idx_ipv6_prefix]->arg,
1958 argv[idx_ext_community]->arg,
1959 argv[idx_label]->arg, 0, NULL, NULL, NULL);
c286be96
LX		 1960}
1961
d62a17ae 1962int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
1963 enum bgp_show_type type, void *output_arg, int tags,
9f049418 1964 bool use_json)
718e3744 1965{
d62a17ae 1966 struct bgp *bgp;
1967 struct bgp_table *table;
d62a17ae 1968
1969 bgp = bgp_get_default();
1970 if (bgp == NULL) {
1971 if (!use_json)
1972 vty_out(vty, "No BGP process is configured\n");
16307668
RW		 1973 else
1974 vty_out(vty, "{}\n");
d62a17ae 1975 return CMD_WARNING;
1976 }
1ae44dfc 1977 table = bgp->rib[afi][SAFI_MPLS_VPN];
a4d82a8a
PZ		 1978 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
1979 output_arg, use_json);
718e3744 1980}
1981
4f280b15
LB		 1982DEFUN (show_bgp_ip_vpn_all_rd,
1983 show_bgp_ip_vpn_all_rd_cmd,
d114b977 1984 "show bgp "BGP_AFI_CMD_STR" vpn all [rd ASN:NN_OR_IP-ADDRESS:NN] [json]",
e3e29b32
LB		 1985 SHOW_STR
1986 BGP_STR
05e588f4 1987 BGP_VPNVX_HELP_STR
e3e29b32 1988 "Display VPN NLRI specific information\n"
af8528fa 1989 "Display VPN NLRI specific information\n"
e3e29b32
LB		 1990 "Display information for a route distinguisher\n"
1991 "VPN Route Distinguisher\n"
1992 JSON_STR)
1993{
d62a17ae 1994 int ret;
1995 struct prefix_rd prd;
1996 afi_t afi;
1997 int idx = 0;
1998
1999 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
3d7c4cd7 2000 if (argv_find(argv, argc, "rd", &idx)) {
a4d82a8a 2001 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
d62a17ae 2002 if (!ret) {
2003 vty_out(vty,
2004 "%% Malformed Route Distinguisher\n");
2005 return CMD_WARNING;
2006 }
2007 return bgp_show_mpls_vpn(vty, afi, &prd,
2008 bgp_show_type_normal, NULL, 0,
2009 use_json(argc, argv));
2010 } else {
2011 return bgp_show_mpls_vpn(vty, afi, NULL,
2012 bgp_show_type_normal, NULL, 0,
2013 use_json(argc, argv));
2014 }
2015 }
2016 return CMD_SUCCESS;
718e3744 2017}
2018
af8528fa
LB		 2019ALIAS(show_bgp_ip_vpn_all_rd,
2020 show_bgp_ip_vpn_rd_cmd,
2021 "show bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN [json]",
2022 SHOW_STR
2023 BGP_STR
2024 BGP_VPNVX_HELP_STR
2025 "Display VPN NLRI specific information\n"
2026 "Display information for a route distinguisher\n"
2027 "VPN Route Distinguisher\n"
2028 JSON_STR)
2029
2030#ifdef KEEP_OLD_VPN_COMMANDS
3f227172
PG		 2031DEFUN (show_ip_bgp_vpn_rd,
2032 show_ip_bgp_vpn_rd_cmd,
af8528fa 2033 "show ip bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN",
718e3744 2034 SHOW_STR
2035 IP_STR
2036 BGP_STR
4f280b15 2037 BGP_AFI_HELP_STR
3517059b 2038 "Address Family modifier\n"
718e3744 2039 "Display information for a route distinguisher\n"
2040 "VPN Route Distinguisher\n")
2041{
d62a17ae 2042 int idx_ext_community = argc - 1;
2043 int ret;
2044 struct prefix_rd prd;
2045 afi_t afi;
2046 int idx = 0;
2047
2048 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2049 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2050 if (!ret) {
2051 vty_out(vty, "%% Malformed Route Distinguisher\n");
2052 return CMD_WARNING;
2053 }
2054 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2055 NULL, 0, 0);
2056 }
2057 return CMD_SUCCESS;
2058}
718e3744 2059
4f280b15
LB		 2060DEFUN (show_ip_bgp_vpn_all,
2061 show_ip_bgp_vpn_all_cmd,
2062 "show [ip] bgp <vpnv4|vpnv6>",
2063 SHOW_STR
2064 IP_STR
2065 BGP_STR
2066 BGP_VPNVX_HELP_STR)
2067{
d62a17ae 2068 afi_t afi;
2069 int idx = 0;
4f280b15 2070
d62a17ae 2071 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2072 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2073 NULL, 0, 0);
2074 return CMD_SUCCESS;
4f280b15
LB		 2075}
2076
3f227172
PG		 2077DEFUN (show_ip_bgp_vpn_all_tags,
2078 show_ip_bgp_vpn_all_tags_cmd,
2079 "show [ip] bgp <vpnv4|vpnv6> all tags",
718e3744 2080 SHOW_STR
2081 IP_STR
2082 BGP_STR
3f227172
PG		 2083 BGP_VPNVX_HELP_STR
2084 "Display information about all VPNv4/VPNV6 NLRIs\n"
718e3744 2085 "Display BGP tags for prefixes\n")
2086{
d62a17ae 2087 afi_t afi;
2088 int idx = 0;
3f227172 2089
d62a17ae 2090 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2091 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2092 NULL, 1, 0);
2093 return CMD_SUCCESS;
718e3744 2094}
2095
3f227172
PG		 2096DEFUN (show_ip_bgp_vpn_rd_tags,
2097 show_ip_bgp_vpn_rd_tags_cmd,
d114b977 2098 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN tags",
718e3744 2099 SHOW_STR
2100 IP_STR
2101 BGP_STR
3f227172 2102 BGP_VPNVX_HELP_STR
718e3744 2103 "Display information for a route distinguisher\n"
2104 "VPN Route Distinguisher\n"
2105 "Display BGP tags for prefixes\n")
2106{
d62a17ae 2107 int idx_ext_community = 5;
2108 int ret;
2109 struct prefix_rd prd;
2110 afi_t afi;
2111 int idx = 0;
2112
2113 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2114 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2115 if (!ret) {
2116 vty_out(vty, "%% Malformed Route Distinguisher\n");
2117 return CMD_WARNING;
2118 }
2119 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2120 NULL, 1, 0);
2121 }
2122 return CMD_SUCCESS;
718e3744 2123}
2124
3f227172
PG		 2125DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
2126 show_ip_bgp_vpn_all_neighbor_routes_cmd,
2127 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
718e3744 2128 SHOW_STR
2129 IP_STR
2130 BGP_STR
3f227172
PG		 2131 BGP_VPNVX_HELP_STR
2132 "Display information about all VPNv4/VPNv6 NLRIs\n"
718e3744 2133 "Detailed information on TCP and BGP neighbor connections\n"
2134 "Neighbor to display information about\n"
856ca177 2135 "Display routes learned from neighbor\n"
9973d184 2136 JSON_STR)
718e3744 2137{
d62a17ae 2138 int idx_ipv4 = 6;
2139 union sockunion su;
2140 struct peer *peer;
2141 int ret;
9f049418 2142 bool uj = use_json(argc, argv);
d62a17ae 2143 afi_t afi;
2144 int idx = 0;
2145
2146 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2147 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2148 if (ret < 0) {
2149 if (uj) {
2150 json_object *json_no = NULL;
2151 json_no = json_object_new_object();
2152 json_object_string_add(json_no, "warning",
2153 "Malformed address");
2154 vty_out(vty, "%s\n",
2155 json_object_to_json_string(json_no));
2156 json_object_free(json_no);
2157 } else
2158 vty_out(vty, "Malformed address: %s\n",
2159 argv[idx_ipv4]->arg);
2160 return CMD_WARNING;
2161 }
2162
2163 peer = peer_lookup(NULL, &su);
2164 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2165 if (uj) {
2166 json_object *json_no = NULL;
2167 json_no = json_object_new_object();
2168 json_object_string_add(
2169 json_no, "warning",
2170 "No such neighbor or address family");
2171 vty_out(vty, "%s\n",
2172 json_object_to_json_string(json_no));
2173 json_object_free(json_no);
2174 } else
2175 vty_out(vty,
2176 "%% No such neighbor or address family\n");
2177 return CMD_WARNING;
2178 }
2179
2180 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
2181 &su, 0, uj);
2182 }
2183 return CMD_SUCCESS;
718e3744 2184}
2185
3f227172
PG		 2186DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
2187 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
d114b977 2188 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D routes [json]",
718e3744 2189 SHOW_STR
2190 IP_STR
2191 BGP_STR
3f227172 2192 BGP_VPNVX_HELP_STR
718e3744 2193 "Display information for a route distinguisher\n"
2194 "VPN Route Distinguisher\n"
2195 "Detailed information on TCP and BGP neighbor connections\n"
2196 "Neighbor to display information about\n"
856ca177 2197 "Display routes learned from neighbor\n"
9973d184 2198 JSON_STR)
718e3744 2199{
d62a17ae 2200 int idx_ext_community = 5;
2201 int idx_ipv4 = 7;
2202 int ret;
2203 union sockunion su;
2204 struct peer *peer;
2205 struct prefix_rd prd;
9f049418 2206 bool uj = use_json(argc, argv);
d62a17ae 2207 afi_t afi;
2208 int idx = 0;
2209
2210 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2211 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2212 if (!ret) {
2213 if (uj) {
2214 json_object *json_no = NULL;
2215 json_no = json_object_new_object();
2216 json_object_string_add(
2217 json_no, "warning",
2218 "Malformed Route Distinguisher");
2219 vty_out(vty, "%s\n",
2220 json_object_to_json_string(json_no));
2221 json_object_free(json_no);
2222 } else
2223 vty_out(vty,
2224 "%% Malformed Route Distinguisher\n");
2225 return CMD_WARNING;
2226 }
2227
2228 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2229 if (ret < 0) {
2230 if (uj) {
2231 json_object *json_no = NULL;
2232 json_no = json_object_new_object();
2233 json_object_string_add(json_no, "warning",
2234 "Malformed address");
2235 vty_out(vty, "%s\n",
2236 json_object_to_json_string(json_no));
2237 json_object_free(json_no);
2238 } else
2239 vty_out(vty, "Malformed address: %s\n",
2240 argv[idx_ext_community]->arg);
2241 return CMD_WARNING;
2242 }
2243
2244 peer = peer_lookup(NULL, &su);
2245 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2246 if (uj) {
2247 json_object *json_no = NULL;
2248 json_no = json_object_new_object();
2249 json_object_string_add(
2250 json_no, "warning",
2251 "No such neighbor or address family");
2252 vty_out(vty, "%s\n",
2253 json_object_to_json_string(json_no));
2254 json_object_free(json_no);
2255 } else
2256 vty_out(vty,
2257 "%% No such neighbor or address family\n");
2258 return CMD_WARNING;
2259 }
2260
2261 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_neighbor,
2262 &su, 0, uj);
2263 }
2264 return CMD_SUCCESS;
718e3744 2265}
2266
3f227172
PG		 2267DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
2268 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
2269 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
718e3744 2270 SHOW_STR
2271 IP_STR
2272 BGP_STR
3f227172
PG		 2273 BGP_VPNVX_HELP_STR
2274 "Display information about all VPNv4/VPNv6 NLRIs\n"
718e3744 2275 "Detailed information on TCP and BGP neighbor connections\n"
2276 "Neighbor to display information about\n"
856ca177 2277 "Display the routes advertised to a BGP neighbor\n"
9973d184 2278 JSON_STR)
718e3744 2279{
d62a17ae 2280 int idx_ipv4 = 6;
2281 int ret;
2282 struct peer *peer;
2283 union sockunion su;
9f049418 2284 bool uj = use_json(argc, argv);
d62a17ae 2285 afi_t afi;
2286 int idx = 0;
2287
2288 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2289 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2290 if (ret < 0) {
2291 if (uj) {
2292 json_object *json_no = NULL;
2293 json_no = json_object_new_object();
2294 json_object_string_add(json_no, "warning",
2295 "Malformed address");
2296 vty_out(vty, "%s\n",
2297 json_object_to_json_string(json_no));
2298 json_object_free(json_no);
2299 } else
2300 vty_out(vty, "Malformed address: %s\n",
2301 argv[idx_ipv4]->arg);
2302 return CMD_WARNING;
2303 }
2304 peer = peer_lookup(NULL, &su);
2305 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2306 if (uj) {
2307 json_object *json_no = NULL;
2308 json_no = json_object_new_object();
2309 json_object_string_add(
2310 json_no, "warning",
2311 "No such neighbor or address family");
2312 vty_out(vty, "%s\n",
2313 json_object_to_json_string(json_no));
2314 json_object_free(json_no);
2315 } else
2316 vty_out(vty,
2317 "%% No such neighbor or address family\n");
2318 return CMD_WARNING;
2319 }
2320 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2321 SAFI_MPLS_VPN, uj);
2322 }
2323 return CMD_SUCCESS;
718e3744 2324}
2325
3f227172
PG		 2326DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
2327 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
d114b977 2328 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D advertised-routes [json]",
718e3744 2329 SHOW_STR
2330 IP_STR
2331 BGP_STR
3f227172 2332 BGP_VPNVX_HELP_STR
718e3744 2333 "Display information for a route distinguisher\n"
2334 "VPN Route Distinguisher\n"
2335 "Detailed information on TCP and BGP neighbor connections\n"
2336 "Neighbor to display information about\n"
856ca177 2337 "Display the routes advertised to a BGP neighbor\n"
9973d184 2338 JSON_STR)
718e3744 2339{
d62a17ae 2340 int idx_ext_community = 5;
2341 int idx_ipv4 = 7;
2342 int ret;
2343 struct peer *peer;
2344 struct prefix_rd prd;
2345 union sockunion su;
9f049418 2346 bool uj = use_json(argc, argv);
d62a17ae 2347 afi_t afi;
2348 int idx = 0;
2349
2350 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2351 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2352 if (ret < 0) {
2353 if (uj) {
2354 json_object *json_no = NULL;
2355 json_no = json_object_new_object();
2356 json_object_string_add(json_no, "warning",
2357 "Malformed address");
2358 vty_out(vty, "%s\n",
2359 json_object_to_json_string(json_no));
2360 json_object_free(json_no);
2361 } else
2362 vty_out(vty, "Malformed address: %s\n",
2363 argv[idx_ext_community]->arg);
2364 return CMD_WARNING;
2365 }
2366 peer = peer_lookup(NULL, &su);
2367 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2368 if (uj) {
2369 json_object *json_no = NULL;
2370 json_no = json_object_new_object();
2371 json_object_string_add(
2372 json_no, "warning",
2373 "No such neighbor or address family");
2374 vty_out(vty, "%s\n",
2375 json_object_to_json_string(json_no));
2376 json_object_free(json_no);
2377 } else
2378 vty_out(vty,
2379 "%% No such neighbor or address family\n");
2380 return CMD_WARNING;
2381 }
2382
2383 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2384 if (!ret) {
2385 if (uj) {
2386 json_object *json_no = NULL;
2387 json_no = json_object_new_object();
2388 json_object_string_add(
2389 json_no, "warning",
2390 "Malformed Route Distinguisher");
2391 vty_out(vty, "%s\n",
2392 json_object_to_json_string(json_no));
2393 json_object_free(json_no);
2394 } else
2395 vty_out(vty,
2396 "%% Malformed Route Distinguisher\n");
2397 return CMD_WARNING;
2398 }
2399
2400 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
2401 SAFI_MPLS_VPN, uj);
2402 }
2403 return CMD_SUCCESS;
718e3744 2404}
d6902373 2405#endif /* KEEP_OLD_VPN_COMMANDS */
718e3744 2406
d62a17ae 2407void bgp_mplsvpn_init(void)
718e3744 2408{
d62a17ae 2409 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
2410 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
2411 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
718e3744 2412
d62a17ae 2413 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
2414 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
c286be96 2415
d62a17ae 2416 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
af8528fa 2417 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
d6902373 2418#ifdef KEEP_OLD_VPN_COMMANDS
af8528fa 2419 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
d62a17ae 2420 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
2421 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
2422 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
2423 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
2424 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
2425 install_element(VIEW_NODE,
2426 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
2427 install_element(VIEW_NODE,
2428 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
d6902373 2429#endif /* KEEP_OLD_VPN_COMMANDS */
718e3744 2430}
301ad80a
PG		 2431
2432vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
2433{
2434 struct listnode *mnode, *mnnode;
2435 struct bgp *bgp;
2436
2437 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2438 struct ecommunity *ec;
2439
2440 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2441 continue;
2442
2443 ec = bgp->vpn_policy[AFI_IP].import_redirect_rtlist;
2444
2445 if (ecom_intersect(ec, eckey))
2446 return bgp->vrf_id;
2447 }
2448 return VRF_UNKNOWN;
2449}
3bd70bf8
PZ		 2450
2451/*
2452 * The purpose of this function is to process leaks that were deferred
2453 * from earlier per-vrf configuration due to not-yet-existing default
2454 * vrf, in other words, configuration such as:
2455 *
2456 * router bgp MMM vrf FOO
2457 * address-family ipv4 unicast
2458 * rd vpn export 1:1
2459 * exit-address-family
2460 *
2461 * router bgp NNN
2462 * ...
2463 *
2464 * This function gets called when the default instance ("router bgp NNN")
2465 * is created.
2466 */
2467void vpn_leak_postchange_all(void)
2468{
2469 struct listnode *next;
2470 struct bgp *bgp;
2471 struct bgp *bgp_default = bgp_get_default();
2472
2473 assert(bgp_default);
2474
2475 /* First, do any exporting from VRFs to the single VPN RIB */
2476 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2477
2478 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2479 continue;
2480
2481 vpn_leak_postchange(
2482 BGP_VPN_POLICY_DIR_TOVPN,
2483 AFI_IP,
2484 bgp_default,
2485 bgp);
2486
2487 vpn_leak_postchange(
2488 BGP_VPN_POLICY_DIR_TOVPN,
2489 AFI_IP6,
2490 bgp_default,
2491 bgp);
2492 }
2493
2494 /* Now, do any importing to VRFs from the single VPN RIB */
2495 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2496
2497 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2498 continue;
2499
2500 vpn_leak_postchange(
2501 BGP_VPN_POLICY_DIR_FROMVPN,
2502 AFI_IP,
2503 bgp_default,
2504 bgp);
2505
2506 vpn_leak_postchange(
2507 BGP_VPN_POLICY_DIR_FROMVPN,
2508 AFI_IP6,
2509 bgp_default,
2510 bgp);
2511 }
2512}
9ecf931b
CS		 2513
2514/* When a bgp vrf instance is unconfigured, remove its routes
2515 * from the VPN table and this vrf could be importing routes from other
2516 * bgp vrf instnaces, unimport them.
2517 * VRF X and VRF Y are exporting routes to each other.
2518 * When VRF X is deleted, unimport its routes from all target vrfs,
2519 * also VRF Y should unimport its routes from VRF X table.
2520 * This will ensure VPN table is cleaned up appropriately.
2521 */
2522int bgp_vpn_leak_unimport(struct bgp *from_bgp, struct vty *vty)
2523{
2524 struct bgp *to_bgp;
2525 const char *tmp_name;
2526 char *vname;
2527 struct listnode *node, *next;
2528 safi_t safi = SAFI_UNICAST;
2529 afi_t afi;
2530 bool is_vrf_leak_bind;
2531 int debug;
2532
2533 if (from_bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2534 return 0;
2535
2536 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2537 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2538
2539 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
2540
2541 for (afi = 0; afi < AFI_MAX; ++afi) {
2542 /* vrf leak is for IPv4 and IPv6 Unicast only */
2543 if (afi != AFI_IP && afi != AFI_IP6)
2544 continue;
2545
2546 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
2547 if (from_bgp == to_bgp)
2548 continue;
2549
2550 /* Unimport and remove source vrf from the
2551 * other vrfs import list.
2552 */
2553 struct vpn_policy *to_vpolicy;
2554
2555 is_vrf_leak_bind = false;
2556 to_vpolicy = &(to_bgp->vpn_policy[afi]);
2557 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf, node,
2558 vname)) {
2559 if (strcmp(vname, tmp_name) == 0) {
2560 is_vrf_leak_bind = true;
2561 break;
2562 }
2563 }
2564 /* skip this bgp instance as there is no leak to this
2565 * vrf instance.
2566 */
2567 if (!is_vrf_leak_bind)
2568 continue;
2569
2570 if (debug)
2571 zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u",
2572 __func__, from_bgp->name_pretty,
2573 to_bgp->name_pretty, afi2str(afi),
2574 to_vpolicy->import_vrf->count);
2575
2576 vrf_unimport_from_vrf(to_bgp, from_bgp, afi, safi);
2577
2578 /* readd vrf name as unimport removes import vrf name
2579 * from the destination vrf's import list where the
2580 * `import vrf` configuration still exist.
2581 */
2582 vname = XSTRDUP(MTYPE_TMP, tmp_name);
2583 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
2584 vname);
2585 SET_FLAG(to_bgp->af_flags[afi][safi],
2586 BGP_CONFIG_VRF_TO_VRF_IMPORT);
2587
2588 /* If to_bgp exports its routes to the bgp vrf
2589 * which is being deleted, un-import the
2590 * to_bgp routes from VPN.
2591 */
2592 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi]
2593 .export_vrf, node,
2594 vname)) {
2595 if (strcmp(vname, tmp_name) == 0) {
2596 vrf_unimport_from_vrf(from_bgp, to_bgp,
2597 afi, safi);
2598 break;
2599 }
2600 }
2601 }
2602 }
2603 return 0;
2604}
48381346
CS		 2605
2606/* When a router bgp is configured, there could be a bgp vrf
2607 * instance importing routes from this newly configured
2608 * bgp vrf instance. Export routes from configured
2609 * bgp vrf to VPN.
2610 * VRF Y has import from bgp vrf x,
2611 * when a bgp vrf x instance is created, export its routes
2612 * to VRF Y instance.
2613 */
2614void bgp_vpn_leak_export(struct bgp *from_bgp)
2615{
2616 afi_t afi;
2617 const char *export_name;
2618 char *vname;
2619 struct listnode *node, *next;
2620 struct ecommunity *ecom;
2621 vpn_policy_direction_t idir, edir;
2622 safi_t safi = SAFI_UNICAST;
2623 struct bgp *to_bgp;
2624 int debug;
2625
2626 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2627 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2628
2629 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2630 edir = BGP_VPN_POLICY_DIR_TOVPN;
2631
2632 export_name = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
2633 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
2634
2635 for (afi = 0; afi < AFI_MAX; ++afi) {
2636 /* vrf leak is for IPv4 and IPv6 Unicast only */
2637 if (afi != AFI_IP && afi != AFI_IP6)
2638 continue;
2639
2640 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
2641 if (from_bgp == to_bgp)
2642 continue;
2643
2644 /* bgp instance has import list, check to see if newly
2645 * configured bgp instance is the list.
2646 */
2647 struct vpn_policy *to_vpolicy;
2648
2649 to_vpolicy = &(to_bgp->vpn_policy[afi]);
2650 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf,
2651 node, vname)) {
2652 if (strcmp(vname, export_name) != 0)
2653 continue;
2654
2655 if (debug)
2656 zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.",
2657 __func__,
2658 export_name, to_bgp->name_pretty);
2659
2660 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2661 /* remove import rt, it will be readded
2662 * as part of import from vrf.
2663 */
2664 if (ecom)
2665 ecommunity_del_val(
2666 to_vpolicy->rtlist[idir],
2667 (struct ecommunity_val *)
2668 ecom->val);
2669 vrf_import_from_vrf(to_bgp, from_bgp,
2670 afi, safi);
2671 break;
2672
2673 }
2674 }
2675 }
2676}
FRRouting mirror