]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #11981 from proelbtn/add-support-to-change-function-length
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
1 /* MPLS-VPN
2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "command.h"
24 #include "prefix.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "stream.h"
28 #include "queue.h"
29 #include "filter.h"
30 #include "mpls.h"
31 #include "json.h"
32 #include "zclient.h"
33
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_errors.h"
37 #include "bgpd/bgp_table.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_attr.h"
40 #include "bgpd/bgp_label.h"
41 #include "bgpd/bgp_mplsvpn.h"
42 #include "bgpd/bgp_packet.h"
43 #include "bgpd/bgp_vty.h"
44 #include "bgpd/bgp_vpn.h"
45 #include "bgpd/bgp_ecommunity.h"
46 #include "bgpd/bgp_zebra.h"
47 #include "bgpd/bgp_nexthop.h"
48 #include "bgpd/bgp_nht.h"
49 #include "bgpd/bgp_evpn.h"
50 #include "bgpd/bgp_memory.h"
51
52 #ifdef ENABLE_BGP_VNC
53 #include "bgpd/rfapi/rfapi_backend.h"
54 #endif
55
56 /*
57 * Definitions and external declarations.
58 */
59 extern struct zclient *zclient;
60
61 extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
62 int *index, afi_t *afi)
63 {
64 int ret = 0;
65 if (argv_find(argv, argc, "vpnv4", index)) {
66 ret = 1;
67 if (afi)
68 *afi = AFI_IP;
69 } else if (argv_find(argv, argc, "vpnv6", index)) {
70 ret = 1;
71 if (afi)
72 *afi = AFI_IP6;
73 }
74 return ret;
75 }
76
77 uint32_t decode_label(mpls_label_t *label_pnt)
78 {
79 uint32_t l;
80 uint8_t *pnt = (uint8_t *)label_pnt;
81
82 l = ((uint32_t)*pnt++ << 12);
83 l |= (uint32_t)*pnt++ << 4;
84 l |= (uint32_t)((*pnt & 0xf0) >> 4);
85 return l;
86 }
87
88 void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
89 {
90 uint8_t *pnt = (uint8_t *)label_pnt;
91 if (pnt == NULL)
92 return;
93 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
94 *label_pnt = label;
95 return;
96 }
97 *pnt++ = (label >> 12) & 0xff;
98 *pnt++ = (label >> 4) & 0xff;
99 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
100 }
101
102 int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
103 struct bgp_nlri *packet)
104 {
105 struct prefix p;
106 uint8_t psize = 0;
107 uint8_t prefixlen;
108 uint16_t type;
109 struct rd_as rd_as;
110 struct rd_ip rd_ip;
111 struct prefix_rd prd = {0};
112 mpls_label_t label = {0};
113 afi_t afi;
114 safi_t safi;
115 bool addpath_capable;
116 uint32_t addpath_id;
117 int ret = 0;
118
119 /* Make prefix_rd */
120 prd.family = AF_UNSPEC;
121 prd.prefixlen = 64;
122
123 struct stream *data = stream_new(packet->length);
124 stream_put(data, packet->nlri, packet->length);
125 afi = packet->afi;
126 safi = packet->safi;
127 addpath_id = 0;
128
129 addpath_capable = bgp_addpath_encode_rx(peer, afi, safi);
130
131 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
132 while (STREAM_READABLE(data) > 0) {
133 /* Clear prefix structure. */
134 memset(&p, 0, sizeof(p));
135
136 if (addpath_capable) {
137 STREAM_GET(&addpath_id, data, BGP_ADDPATH_ID_LEN);
138 addpath_id = ntohl(addpath_id);
139 }
140
141 if (STREAM_READABLE(data) < 1) {
142 flog_err(
143 EC_BGP_UPDATE_RCV,
144 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no prefix length)",
145 peer->host, packet->length);
146 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
147 goto done;
148 }
149
150 /* Fetch prefix length. */
151 STREAM_GETC(data, prefixlen);
152 p.family = afi2family(packet->afi);
153 psize = PSIZE(prefixlen);
154
155 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
156 flog_err(
157 EC_BGP_UPDATE_RCV,
158 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
159 peer->host, prefixlen);
160 ret = BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH;
161 goto done;
162 }
163
164 /* sanity check against packet data */
165 if (STREAM_READABLE(data) < psize) {
166 flog_err(
167 EC_BGP_UPDATE_RCV,
168 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
169 peer->host, prefixlen, packet->length);
170 ret = BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
171 goto done;
172 }
173
174 /* sanity check against storage for the IP address portion */
175 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
176 flog_err(
177 EC_BGP_UPDATE_RCV,
178 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
179 peer->host,
180 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
181 sizeof(p.u));
182 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
183 goto done;
184 }
185
186 /* Sanity check against max bitlen of the address family */
187 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
188 flog_err(
189 EC_BGP_UPDATE_RCV,
190 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
191 peer->host,
192 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
193 p.family, prefix_blen(&p));
194 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
195 goto done;
196 }
197
198 /* Copy label to prefix. */
199 if (STREAM_READABLE(data) < BGP_LABEL_BYTES) {
200 flog_err(
201 EC_BGP_UPDATE_RCV,
202 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no label)",
203 peer->host, packet->length);
204 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
205 goto done;
206 }
207
208 STREAM_GET(&label, data, BGP_LABEL_BYTES);
209 bgp_set_valid_label(&label);
210
211 /* Copy routing distinguisher to rd. */
212 if (STREAM_READABLE(data) < 8) {
213 flog_err(
214 EC_BGP_UPDATE_RCV,
215 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no RD)",
216 peer->host, packet->length);
217 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
218 goto done;
219 }
220 STREAM_GET(&prd.val, data, 8);
221
222 /* Decode RD type. */
223 type = decode_rd_type(prd.val);
224
225 switch (type) {
226 case RD_TYPE_AS:
227 decode_rd_as(&prd.val[2], &rd_as);
228 break;
229
230 case RD_TYPE_AS4:
231 decode_rd_as4(&prd.val[2], &rd_as);
232 break;
233
234 case RD_TYPE_IP:
235 decode_rd_ip(&prd.val[2], &rd_ip);
236 break;
237
238 #ifdef ENABLE_BGP_VNC
239 case RD_TYPE_VNC_ETH:
240 break;
241 #endif
242
243 default:
244 flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type);
245 break; /* just report */
246 }
247
248 /* exclude label & RD */
249 p.prefixlen = prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8;
250 STREAM_GET(p.u.val, data, psize - VPN_PREFIXLEN_MIN_BYTES);
251
252 if (attr) {
253 bgp_update(peer, &p, addpath_id, attr, packet->afi,
254 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
255 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
256 } else {
257 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
258 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
259 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
260 }
261 }
262 /* Packet length consistency check. */
263 if (STREAM_READABLE(data) != 0) {
264 flog_err(
265 EC_BGP_UPDATE_RCV,
266 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
267 peer->host, STREAM_READABLE(data));
268 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
269 }
270
271 goto done;
272
273 stream_failure:
274 flog_err(
275 EC_BGP_UPDATE_RCV,
276 "%s [Error] Update packet error / VPN (NLRI of size %u - length error)",
277 peer->host, packet->length);
278 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
279
280 done:
281 stream_free(data);
282 return ret;
283
284 #undef VPN_PREFIXLEN_MIN_BYTES
285 }
286
287 /*
288 * This function informs zebra of the label this vrf sets on routes
289 * leaked to VPN. Zebra should install this label in the kernel with
290 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
291 *
292 * Sending this vrf-label association is qualified by a) whether vrf->vpn
293 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
294 * are set) and b) whether vpn-policy label is set.
295 *
296 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
297 * for this vrf, which zebra interprets to mean "delete this vrf-label
298 * association."
299 */
300 void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
301 {
302 mpls_label_t label = MPLS_LABEL_NONE;
303 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
304
305 if (bgp->vrf_id == VRF_UNKNOWN) {
306 if (debug) {
307 zlog_debug(
308 "%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
309 __func__, bgp->name_pretty, afi2str(afi));
310 }
311 return;
312 }
313
314 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
315 label = bgp->vpn_policy[afi].tovpn_label;
316 }
317
318 if (debug) {
319 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
320 __func__, bgp->name_pretty, afi2str(afi), label,
321 bgp->vrf_id);
322 }
323
324 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
325 label = MPLS_LABEL_NONE;
326 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
327 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
328 }
329
330 /*
331 * If zebra tells us vrf has become unconfigured, tell zebra not to
332 * use this label to forward to the vrf anymore
333 */
334 void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
335 {
336 mpls_label_t label = MPLS_LABEL_NONE;
337 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
338
339 if (bgp->vrf_id == VRF_UNKNOWN) {
340 if (debug) {
341 zlog_debug(
342 "%s: vrf_id not set, can't delete zebra vrf label",
343 __func__);
344 }
345 return;
346 }
347
348 if (debug) {
349 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
350 bgp->name_pretty, bgp->vrf_id);
351 }
352
353 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
354 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
355 }
356
357 /*
358 * This function informs zebra of the srv6-function this vrf sets on routes
359 * leaked to VPN. Zebra should install this srv6-function in the kernel with
360 * an action of "End.DT4/6's IP FIB to route the PDU."
361 */
362 void vpn_leak_zebra_vrf_sid_update(struct bgp *bgp, afi_t afi)
363 {
364 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
365 enum seg6local_action_t act;
366 struct seg6local_context ctx = {};
367 struct in6_addr *tovpn_sid = NULL;
368 struct in6_addr *tovpn_sid_ls = NULL;
369 struct vrf *vrf;
370 char buf[256] = {0};
371
372 if (bgp->vrf_id == VRF_UNKNOWN) {
373 if (debug)
374 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
375 __func__, bgp->name_pretty, afi2str(afi));
376 return;
377 }
378
379 tovpn_sid = bgp->vpn_policy[afi].tovpn_sid;
380 if (!tovpn_sid) {
381 if (debug)
382 zlog_debug("%s: vrf %s: afi %s: sid not set", __func__,
383 bgp->name_pretty, afi2str(afi));
384 return;
385 }
386
387 if (debug) {
388 inet_ntop(AF_INET6, tovpn_sid, buf, sizeof(buf));
389 zlog_debug("%s: vrf %s: afi %s: setting sid %s for vrf id %d",
390 __func__, bgp->name_pretty, afi2str(afi), buf,
391 bgp->vrf_id);
392 }
393
394 vrf = vrf_lookup_by_id(bgp->vrf_id);
395 if (!vrf)
396 return;
397
398 ctx.table = vrf->data.l.table_id;
399 act = afi == AFI_IP ? ZEBRA_SEG6_LOCAL_ACTION_END_DT4
400 : ZEBRA_SEG6_LOCAL_ACTION_END_DT6;
401 zclient_send_localsid(zclient, tovpn_sid, bgp->vrf_id, act, &ctx);
402
403 tovpn_sid_ls = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
404 *tovpn_sid_ls = *tovpn_sid;
405 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent = tovpn_sid_ls;
406 }
407
408 /*
409 * If zebra tells us vrf has become unconfigured, tell zebra not to
410 * use this srv6-function to forward to the vrf anymore
411 */
412 void vpn_leak_zebra_vrf_sid_withdraw(struct bgp *bgp, afi_t afi)
413 {
414 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
415
416 if (bgp->vrf_id == VRF_UNKNOWN) {
417 if (debug)
418 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
419 __func__, bgp->name_pretty, afi2str(afi));
420 return;
421 }
422
423 if (debug)
424 zlog_debug("%s: deleting sid for vrf %s afi (id=%d)", __func__,
425 bgp->name_pretty, bgp->vrf_id);
426
427 zclient_send_localsid(zclient,
428 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent,
429 bgp->vrf_id, ZEBRA_SEG6_LOCAL_ACTION_UNSPEC, NULL);
430 XFREE(MTYPE_BGP_SRV6_SID,
431 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent);
432 }
433
434 int vpn_leak_label_callback(
435 mpls_label_t label,
436 void *labelid,
437 bool allocated)
438 {
439 struct vpn_policy *vp = (struct vpn_policy *)labelid;
440 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
441
442 if (debug)
443 zlog_debug("%s: label=%u, allocated=%d",
444 __func__, label, allocated);
445
446 if (!allocated) {
447 /*
448 * previously-allocated label is now invalid
449 */
450 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
451 (vp->tovpn_label != MPLS_LABEL_NONE)) {
452
453 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
454 vp->afi, bgp_get_default(), vp->bgp);
455 vp->tovpn_label = MPLS_LABEL_NONE;
456 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
457 vp->afi, bgp_get_default(), vp->bgp);
458 }
459 return 0;
460 }
461
462 /*
463 * New label allocation
464 */
465 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
466
467 /*
468 * not currently configured for auto label, reject allocation
469 */
470 return -1;
471 }
472
473 if (vp->tovpn_label != MPLS_LABEL_NONE) {
474 if (label == vp->tovpn_label) {
475 /* already have same label, accept but do nothing */
476 return 0;
477 }
478 /* Shouldn't happen: different label allocation */
479 flog_err(EC_BGP_LABEL,
480 "%s: %s had label %u but got new assignment %u",
481 __func__, vp->bgp->name_pretty, vp->tovpn_label,
482 label);
483 /* use new one */
484 }
485
486 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
487 vp->afi, bgp_get_default(), vp->bgp);
488 vp->tovpn_label = label;
489 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
490 vp->afi, bgp_get_default(), vp->bgp);
491
492 return 0;
493 }
494
495 static void sid_register(struct bgp *bgp, const struct in6_addr *sid,
496 const char *locator_name)
497 {
498 struct bgp_srv6_function *func;
499 func = XCALLOC(MTYPE_BGP_SRV6_FUNCTION,
500 sizeof(struct bgp_srv6_function));
501 func->sid = *sid;
502 snprintf(func->locator_name, sizeof(func->locator_name),
503 "%s", locator_name);
504 listnode_add(bgp->srv6_functions, func);
505 }
506
507 static bool sid_exist(struct bgp *bgp, const struct in6_addr *sid)
508 {
509 struct listnode *node;
510 struct bgp_srv6_function *func;
511
512 for (ALL_LIST_ELEMENTS_RO(bgp->srv6_functions, node, func))
513 if (sid_same(&func->sid, sid))
514 return true;
515 return false;
516 }
517
518 /*
519 * This function generates a new SID based on bgp->srv6_locator_chunks and
520 * index. The locator and generated SID are stored in arguments sid_locator
521 * and sid, respectively.
522 *
523 * if index != 0: try to allocate as index-mode
524 * else: try to allocate as auto-mode
525 */
526 static uint32_t alloc_new_sid(struct bgp *bgp, uint32_t index,
527 struct srv6_locator_chunk *sid_locator_chunk,
528 struct in6_addr *sid)
529 {
530 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
531 struct listnode *node;
532 struct srv6_locator_chunk *chunk;
533 bool alloced = false;
534 int label = 0;
535 uint8_t offset = 0;
536 uint8_t func_len = 0, shift_len = 0;
537 uint32_t index_max = 0;
538
539 if (!bgp || !sid_locator_chunk || !sid)
540 return false;
541
542 for (ALL_LIST_ELEMENTS_RO(bgp->srv6_locator_chunks, node, chunk)) {
543 if (chunk->function_bits_length >
544 BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH) {
545 if (debug)
546 zlog_debug(
547 "%s: invalid SRv6 Locator chunk (%pFX): Function Length must be less or equal to %d",
548 __func__, &chunk->prefix,
549 BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH);
550 continue;
551 }
552
553 index_max = (1 << chunk->function_bits_length) - 1;
554
555 if (index > index_max) {
556 if (debug)
557 zlog_debug(
558 "%s: skipped SRv6 Locator chunk (%pFX): Function Length is too short to support specified index (%u)",
559 __func__, &chunk->prefix, index);
560 continue;
561 }
562
563 *sid = chunk->prefix.prefix;
564 *sid_locator_chunk = *chunk;
565 offset = chunk->block_bits_length + chunk->node_bits_length;
566 func_len = chunk->function_bits_length;
567 shift_len = BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH - func_len;
568
569 if (index != 0) {
570 label = index << shift_len;
571 if (label < MPLS_LABEL_UNRESERVED_MIN) {
572 if (debug)
573 zlog_debug(
574 "%s: skipped to allocate SRv6 SID (%pFX): Label (%u) is too small to use",
575 __func__, &chunk->prefix,
576 label);
577 continue;
578 }
579
580 transpose_sid(sid, label, offset, func_len);
581 if (sid_exist(bgp, sid))
582 continue;
583 alloced = true;
584 break;
585 }
586
587 for (uint32_t i = 1; i < index_max; i++) {
588 label = i << shift_len;
589 if (label < MPLS_LABEL_UNRESERVED_MIN) {
590 if (debug)
591 zlog_debug(
592 "%s: skipped to allocate SRv6 SID (%pFX): Label (%u) is too small to use",
593 __func__, &chunk->prefix,
594 label);
595 continue;
596 }
597 transpose_sid(sid, label, offset, func_len);
598 if (sid_exist(bgp, sid))
599 continue;
600 alloced = true;
601 break;
602 }
603 }
604
605 if (!alloced)
606 return 0;
607
608 sid_register(bgp, sid, bgp->srv6_locator_name);
609 return label;
610 }
611
612 void ensure_vrf_tovpn_sid(struct bgp *bgp_vpn, struct bgp *bgp_vrf, afi_t afi)
613 {
614 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
615 char buf[256];
616 struct srv6_locator_chunk *tovpn_sid_locator;
617 struct in6_addr *tovpn_sid;
618 uint32_t tovpn_sid_index = 0, tovpn_sid_transpose_label;
619 bool tovpn_sid_auto = false;
620
621 if (debug)
622 zlog_debug("%s: try to allocate new SID for vrf %s: afi %s",
623 __func__, bgp_vrf->name_pretty, afi2str(afi));
624
625 /* skip when tovpn sid is already allocated on vrf instance */
626 if (bgp_vrf->vpn_policy[afi].tovpn_sid)
627 return;
628
629 /*
630 * skip when bgp vpn instance ins't allocated
631 * or srv6 locator chunk isn't allocated
632 */
633 if (!bgp_vpn || !bgp_vpn->srv6_locator_chunks)
634 return;
635
636 tovpn_sid_index = bgp_vrf->vpn_policy[afi].tovpn_sid_index;
637 tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
638 BGP_VPN_POLICY_TOVPN_SID_AUTO);
639
640 /* skip when VPN isn't configured on vrf-instance */
641 if (tovpn_sid_index == 0 && !tovpn_sid_auto)
642 return;
643
644 /* check invalid case both configured index and auto */
645 if (tovpn_sid_index != 0 && tovpn_sid_auto) {
646 zlog_err("%s: index-mode and auto-mode both selected. ignored.",
647 __func__);
648 return;
649 }
650
651 tovpn_sid_locator = srv6_locator_chunk_alloc();
652 tovpn_sid = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
653
654 tovpn_sid_transpose_label = alloc_new_sid(bgp_vpn, tovpn_sid_index,
655 tovpn_sid_locator, tovpn_sid);
656
657 if (tovpn_sid_transpose_label == 0) {
658 zlog_debug("%s: not allocated new sid for vrf %s: afi %s",
659 __func__, bgp_vrf->name_pretty, afi2str(afi));
660 srv6_locator_chunk_free(tovpn_sid_locator);
661 XFREE(MTYPE_BGP_SRV6_SID, tovpn_sid);
662 return;
663 }
664
665 if (debug) {
666 inet_ntop(AF_INET6, tovpn_sid, buf, sizeof(buf));
667 zlog_debug("%s: new sid %s allocated for vrf %s: afi %s",
668 __func__, buf, bgp_vrf->name_pretty,
669 afi2str(afi));
670 }
671
672 bgp_vrf->vpn_policy[afi].tovpn_sid = tovpn_sid;
673 bgp_vrf->vpn_policy[afi].tovpn_sid_locator = tovpn_sid_locator;
674 bgp_vrf->vpn_policy[afi].tovpn_sid_transpose_label =
675 tovpn_sid_transpose_label;
676 }
677
678 /*
679 * This function embeds upper `len` bits of `label` in `sid`,
680 * starting at offset `offset` as seen from the MSB of `sid`.
681 *
682 * e.g. Given that `label` is 0x12345 and `len` is 16,
683 * then `label` will be embedded in `sid` as follows:
684 *
685 * <---- len ----->
686 * label: 0001 0002 0003 0004 0005
687 * sid: .... 0001 0002 0003 0004
688 * <---- len ----->
689 * ^
690 * |
691 * offset from MSB
692 *
693 * e.g. Given that `label` is 0x12345 and `len` is 8,
694 * `label` will be embedded in `sid` as follows:
695 *
696 * <- len ->
697 * label: 0001 0002 0003 0004 0005
698 * sid: .... 0001 0002 0000 0000
699 * <- len ->
700 * ^
701 * |
702 * offset from MSB
703 */
704 void transpose_sid(struct in6_addr *sid, uint32_t label, uint8_t offset,
705 uint8_t len)
706 {
707 for (uint8_t idx = 0; idx < len; idx++) {
708 uint8_t tidx = offset + idx;
709 sid->s6_addr[tidx / 8] &= ~(0x1 << (7 - tidx % 8));
710 if (label >> (19 - idx) & 0x1)
711 sid->s6_addr[tidx / 8] |= 0x1 << (7 - tidx % 8);
712 }
713 }
714
715 static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label,
716 uint32_t n)
717 {
718 uint32_t i;
719
720 if (!bpi->extra) {
721 if (!n)
722 return true;
723 else
724 return false;
725 }
726
727 if (n != bpi->extra->num_labels)
728 return false;
729
730 for (i = 0; i < n; ++i) {
731 if (label[i] != bpi->extra->label[i])
732 return false;
733 }
734 return true;
735 }
736
737 /*
738 * make encoded route labels match specified encoded label set
739 */
740 static void setlabels(struct bgp_path_info *bpi,
741 mpls_label_t *label, /* array of labels */
742 uint32_t num_labels)
743 {
744 if (num_labels)
745 assert(label);
746 assert(num_labels <= BGP_MAX_LABELS);
747
748 if (!num_labels) {
749 if (bpi->extra)
750 bpi->extra->num_labels = 0;
751 return;
752 }
753
754 struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi);
755 uint32_t i;
756
757 for (i = 0; i < num_labels; ++i) {
758 extra->label[i] = label[i];
759 if (!bgp_is_valid_label(&label[i])) {
760 bgp_set_valid_label(&extra->label[i]);
761 }
762 }
763 extra->num_labels = num_labels;
764 }
765
766 /*
767 * make encoded route SIDs match specified encoded sid set
768 */
769 static void setsids(struct bgp_path_info *bpi,
770 struct in6_addr *sid,
771 uint32_t num_sids)
772 {
773 uint32_t i;
774 struct bgp_path_info_extra *extra;
775
776 if (num_sids)
777 assert(sid);
778 assert(num_sids <= BGP_MAX_SIDS);
779
780 if (!num_sids) {
781 if (bpi->extra)
782 bpi->extra->num_sids = 0;
783 return;
784 }
785
786 extra = bgp_path_info_extra_get(bpi);
787 for (i = 0; i < num_sids; i++)
788 memcpy(&extra->sid[i].sid, &sid[i], sizeof(struct in6_addr));
789 extra->num_sids = num_sids;
790 }
791
792 static void unsetsids(struct bgp_path_info *bpi)
793 {
794 struct bgp_path_info_extra *extra;
795
796 extra = bgp_path_info_extra_get(bpi);
797 extra->num_sids = 0;
798 memset(extra->sid, 0, sizeof(extra->sid));
799 }
800
801 static bool leak_update_nexthop_valid(struct bgp *to_bgp, struct bgp_dest *bn,
802 struct attr *new_attr, afi_t afi,
803 safi_t safi,
804 struct bgp_path_info *source_bpi,
805 struct bgp_path_info *bpi,
806 struct bgp *bgp_orig,
807 const struct prefix *p, int debug)
808 {
809 struct bgp_path_info *bpi_ultimate;
810 struct bgp *bgp_nexthop;
811 bool nh_valid;
812
813 bpi_ultimate = bgp_get_imported_bpi_ultimate(source_bpi);
814
815 if (bpi->extra && bpi->extra->bgp_orig)
816 bgp_nexthop = bpi->extra->bgp_orig;
817 else
818 bgp_nexthop = bgp_orig;
819
820 /*
821 * No nexthop tracking for redistributed routes or for
822 * EVPN-imported routes that get leaked.
823 */
824 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
825 is_pi_family_evpn(bpi_ultimate))
826 nh_valid = 1;
827 else
828 /*
829 * TBD do we need to do anything about the
830 * 'connected' parameter?
831 */
832 nh_valid = bgp_find_or_add_nexthop(to_bgp, bgp_nexthop, afi,
833 safi, bpi, NULL, 0, p);
834
835 /*
836 * If you are using SRv6 VPN instead of MPLS, it need to check
837 * the SID allocation. If the sid is not allocated, the rib
838 * will be invalid.
839 */
840 if (to_bgp->srv6_enabled &&
841 (!new_attr->srv6_l3vpn && !new_attr->srv6_vpn)) {
842 nh_valid = false;
843 }
844
845 if (debug)
846 zlog_debug("%s: %pFX nexthop is %svalid (in vrf %s)", __func__,
847 p, (nh_valid ? "" : "not "),
848 bgp_nexthop->name_pretty);
849
850 return nh_valid;
851 }
852
853 /*
854 * returns pointer to new bgp_path_info upon success
855 */
856 static struct bgp_path_info *
857 leak_update(struct bgp *to_bgp, struct bgp_dest *bn,
858 struct attr *new_attr, /* already interned */
859 afi_t afi, safi_t safi, struct bgp_path_info *source_bpi,
860 mpls_label_t *label, uint32_t num_labels, struct bgp *bgp_orig,
861 struct prefix *nexthop_orig, int nexthop_self_flag, int debug)
862 {
863 const struct prefix *p = bgp_dest_get_prefix(bn);
864 struct bgp_path_info *bpi;
865 struct bgp_path_info *new;
866 struct bgp_path_info_extra *extra;
867 uint32_t num_sids = 0;
868 void *parent = source_bpi;
869
870 if (new_attr->srv6_l3vpn || new_attr->srv6_vpn)
871 num_sids = 1;
872
873 if (debug)
874 zlog_debug(
875 "%s: entry: leak-to=%s, p=%pBD, type=%d, sub_type=%d",
876 __func__, to_bgp->name_pretty, bn, source_bpi->type,
877 source_bpi->sub_type);
878
879 /*
880 * Routes that are redistributed into BGP from zebra do not get
881 * nexthop tracking. However, if those routes are subsequently
882 * imported to other RIBs within BGP, the leaked routes do not
883 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
884 * in order to determine if the route we are currently leaking
885 * should have nexthop tracking, we must find the ultimate
886 * parent so we can check its sub_type.
887 *
888 * As of now, source_bpi may at most be a second-generation route
889 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
890 * Using a loop here supports more complex intra-bgp import-export
891 * schemes that could be implemented in the future.
892 *
893 */
894
895 /*
896 * match parent
897 */
898 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
899 if (bpi->extra && bpi->extra->parent == parent)
900 break;
901 }
902
903 if (bpi) {
904 bool labelssame = labels_same(bpi, label, num_labels);
905
906 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_REMOVED)
907 && CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
908 if (debug) {
909 zlog_debug(
910 "%s: ->%s(s_flags: 0x%x b_flags: 0x%x): %pFX: Found route, being removed, not leaking",
911 __func__, to_bgp->name_pretty,
912 source_bpi->flags, bpi->flags, p);
913 }
914 return NULL;
915 }
916
917 if (attrhash_cmp(bpi->attr, new_attr) && labelssame
918 && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
919
920 bgp_attr_unintern(&new_attr);
921 if (debug)
922 zlog_debug(
923 "%s: ->%s: %pBD: Found route, no change",
924 __func__, to_bgp->name_pretty, bn);
925 return NULL;
926 }
927
928 /* If the RT was changed via extended communities as an
929 * import/export list, we should withdraw implicitly the old
930 * path from VRFs.
931 * For instance, RT list was modified using route-maps:
932 * route-map test permit 10
933 * set extcommunity rt none
934 */
935 if (CHECK_FLAG(bpi->attr->flag,
936 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES)) &&
937 CHECK_FLAG(new_attr->flag,
938 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES))) {
939 if (!ecommunity_cmp(
940 bgp_attr_get_ecommunity(bpi->attr),
941 bgp_attr_get_ecommunity(new_attr))) {
942 vpn_leak_to_vrf_withdraw(to_bgp, bpi);
943 bgp_aggregate_decrement(to_bgp, p, bpi, afi,
944 safi);
945 bgp_path_info_delete(bn, bpi);
946 }
947 }
948
949 /* attr is changed */
950 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED);
951
952 /* Rewrite BGP route information. */
953 if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED))
954 bgp_path_info_restore(bn, bpi);
955 else
956 bgp_aggregate_decrement(to_bgp, p, bpi, afi, safi);
957 bgp_attr_unintern(&bpi->attr);
958 bpi->attr = new_attr;
959 bpi->uptime = monotime(NULL);
960
961 /*
962 * rewrite labels
963 */
964 if (!labelssame)
965 setlabels(bpi, label, num_labels);
966
967 /*
968 * rewrite sid
969 */
970 if (num_sids) {
971 if (new_attr->srv6_l3vpn) {
972 setsids(bpi, &new_attr->srv6_l3vpn->sid,
973 num_sids);
974
975 extra = bgp_path_info_extra_get(bpi);
976
977 extra->sid[0].loc_block_len =
978 new_attr->srv6_l3vpn->loc_block_len;
979 extra->sid[0].loc_node_len =
980 new_attr->srv6_l3vpn->loc_node_len;
981 extra->sid[0].func_len =
982 new_attr->srv6_l3vpn->func_len;
983 extra->sid[0].arg_len =
984 new_attr->srv6_l3vpn->arg_len;
985 extra->sid[0].transposition_len =
986 new_attr->srv6_l3vpn->transposition_len;
987 extra->sid[0].transposition_offset =
988 new_attr->srv6_l3vpn
989 ->transposition_offset;
990 } else if (new_attr->srv6_vpn)
991 setsids(bpi, &new_attr->srv6_vpn->sid,
992 num_sids);
993 } else
994 unsetsids(bpi);
995
996 if (nexthop_self_flag)
997 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF);
998
999 if (leak_update_nexthop_valid(to_bgp, bn, new_attr, afi, safi,
1000 source_bpi, bpi, bgp_orig, p,
1001 debug))
1002 bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID);
1003 else
1004 bgp_path_info_unset_flag(bn, bpi, BGP_PATH_VALID);
1005
1006 /* Process change. */
1007 bgp_aggregate_increment(to_bgp, p, bpi, afi, safi);
1008 bgp_process(to_bgp, bn, afi, safi);
1009 bgp_dest_unlock_node(bn);
1010
1011 if (debug)
1012 zlog_debug("%s: ->%s: %pBD Found route, changed attr",
1013 __func__, to_bgp->name_pretty, bn);
1014
1015 return bpi;
1016 }
1017
1018 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_REMOVED)) {
1019 if (debug) {
1020 zlog_debug(
1021 "%s: ->%s(s_flags: 0x%x): %pFX: New route, being removed, not leaking",
1022 __func__, to_bgp->name_pretty,
1023 source_bpi->flags, p);
1024 }
1025 return NULL;
1026 }
1027
1028 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
1029 to_bgp->peer_self, new_attr, bn);
1030
1031 if (source_bpi->peer) {
1032 extra = bgp_path_info_extra_get(new);
1033 extra->peer_orig = peer_lock(source_bpi->peer);
1034 }
1035
1036 if (nexthop_self_flag)
1037 bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF);
1038
1039 bgp_path_info_extra_get(new);
1040
1041 /*
1042 * rewrite sid
1043 */
1044 if (num_sids) {
1045 if (new_attr->srv6_l3vpn) {
1046 setsids(new, &new_attr->srv6_l3vpn->sid, num_sids);
1047
1048 extra = bgp_path_info_extra_get(new);
1049
1050 extra->sid[0].loc_block_len =
1051 new_attr->srv6_l3vpn->loc_block_len;
1052 extra->sid[0].loc_node_len =
1053 new_attr->srv6_l3vpn->loc_node_len;
1054 extra->sid[0].func_len = new_attr->srv6_l3vpn->func_len;
1055 extra->sid[0].arg_len = new_attr->srv6_l3vpn->arg_len;
1056 extra->sid[0].transposition_len =
1057 new_attr->srv6_l3vpn->transposition_len;
1058 extra->sid[0].transposition_offset =
1059 new_attr->srv6_l3vpn->transposition_offset;
1060 } else if (new_attr->srv6_vpn)
1061 setsids(new, &new_attr->srv6_vpn->sid, num_sids);
1062 } else
1063 unsetsids(new);
1064
1065 if (num_labels)
1066 setlabels(new, label, num_labels);
1067
1068 new->extra->parent = bgp_path_info_lock(parent);
1069 bgp_dest_lock_node(
1070 (struct bgp_dest *)((struct bgp_path_info *)parent)->net);
1071 if (bgp_orig)
1072 new->extra->bgp_orig = bgp_lock(bgp_orig);
1073 if (nexthop_orig)
1074 new->extra->nexthop_orig = *nexthop_orig;
1075
1076 if (leak_update_nexthop_valid(to_bgp, bn, new_attr, afi, safi,
1077 source_bpi, new, bgp_orig, p, debug))
1078 bgp_path_info_set_flag(bn, new, BGP_PATH_VALID);
1079 else
1080 bgp_path_info_unset_flag(bn, new, BGP_PATH_VALID);
1081
1082 bgp_aggregate_increment(to_bgp, p, new, afi, safi);
1083 bgp_path_info_add(bn, new);
1084
1085 bgp_dest_unlock_node(bn);
1086 bgp_process(to_bgp, bn, afi, safi);
1087
1088 if (debug)
1089 zlog_debug("%s: ->%s: %pBD: Added new route", __func__,
1090 to_bgp->name_pretty, bn);
1091
1092 return new;
1093 }
1094
1095 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
1096 void vpn_leak_from_vrf_update(struct bgp *to_bgp, /* to */
1097 struct bgp *from_bgp, /* from */
1098 struct bgp_path_info *path_vrf) /* route */
1099 {
1100 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1101 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
1102 afi_t afi = family2afi(p->family);
1103 struct attr static_attr = {0};
1104 struct attr *new_attr = NULL;
1105 safi_t safi = SAFI_MPLS_VPN;
1106 mpls_label_t label_val;
1107 mpls_label_t label;
1108 struct bgp_dest *bn;
1109 const char *debugmsg;
1110 int nexthop_self_flag = 0;
1111
1112 if (debug)
1113 zlog_debug("%s: from vrf %s", __func__, from_bgp->name_pretty);
1114
1115 if (debug && bgp_attr_get_ecommunity(path_vrf->attr)) {
1116 char *s = ecommunity_ecom2str(
1117 bgp_attr_get_ecommunity(path_vrf->attr),
1118 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1119
1120 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__,
1121 from_bgp->name, path_vrf->type, s);
1122 XFREE(MTYPE_ECOMMUNITY_STR, s);
1123 }
1124
1125 if (!to_bgp)
1126 return;
1127
1128 if (!afi) {
1129 if (debug)
1130 zlog_debug("%s: can't get afi of prefix", __func__);
1131 return;
1132 }
1133
1134 /* Is this route exportable into the VPN table? */
1135 if (!is_route_injectable_into_vpn(path_vrf))
1136 return;
1137
1138 if (!vpn_leak_to_vpn_active(from_bgp, afi, &debugmsg)) {
1139 if (debug)
1140 zlog_debug("%s: %s skipping: %s", __func__,
1141 from_bgp->name, debugmsg);
1142 return;
1143 }
1144
1145 /* shallow copy */
1146 static_attr = *path_vrf->attr;
1147
1148 /*
1149 * route map handling
1150 */
1151 if (from_bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
1152 struct bgp_path_info info;
1153 route_map_result_t ret;
1154
1155 memset(&info, 0, sizeof(info));
1156 info.peer = to_bgp->peer_self;
1157 info.attr = &static_attr;
1158 ret = route_map_apply(from_bgp->vpn_policy[afi]
1159 .rmap[BGP_VPN_POLICY_DIR_TOVPN],
1160 p, &info);
1161 if (RMAP_DENYMATCH == ret) {
1162 bgp_attr_flush(&static_attr); /* free any added parts */
1163 if (debug)
1164 zlog_debug(
1165 "%s: vrf %s route map \"%s\" says DENY, returning",
1166 __func__, from_bgp->name_pretty,
1167 from_bgp->vpn_policy[afi]
1168 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
1169 ->name);
1170 return;
1171 }
1172 }
1173
1174 if (debug && bgp_attr_get_ecommunity(&static_attr)) {
1175 char *s = ecommunity_ecom2str(
1176 bgp_attr_get_ecommunity(&static_attr),
1177 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1178
1179 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
1180 __func__, s);
1181 XFREE(MTYPE_ECOMMUNITY_STR, s);
1182 }
1183
1184 /*
1185 * Add the vpn-policy rt-list
1186 */
1187 struct ecommunity *old_ecom;
1188 struct ecommunity *new_ecom;
1189
1190 /* Export with the 'from' instance's export RTs. */
1191 /* If doing VRF-to-VRF leaking, strip existing RTs first. */
1192 old_ecom = bgp_attr_get_ecommunity(&static_attr);
1193 if (old_ecom) {
1194 new_ecom = ecommunity_dup(old_ecom);
1195 if (CHECK_FLAG(from_bgp->af_flags[afi][SAFI_UNICAST],
1196 BGP_CONFIG_VRF_TO_VRF_EXPORT))
1197 ecommunity_strip_rts(new_ecom);
1198 new_ecom = ecommunity_merge(
1199 new_ecom, from_bgp->vpn_policy[afi]
1200 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
1201 if (!old_ecom->refcnt)
1202 ecommunity_free(&old_ecom);
1203 } else {
1204 new_ecom = ecommunity_dup(
1205 from_bgp->vpn_policy[afi]
1206 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
1207 }
1208 bgp_attr_set_ecommunity(&static_attr, new_ecom);
1209
1210 if (debug && bgp_attr_get_ecommunity(&static_attr)) {
1211 char *s = ecommunity_ecom2str(
1212 bgp_attr_get_ecommunity(&static_attr),
1213 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1214
1215 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
1216 __func__, s);
1217 XFREE(MTYPE_ECOMMUNITY_STR, s);
1218 }
1219
1220 /* Nexthop */
1221 /* if policy nexthop not set, use 0 */
1222 if (CHECK_FLAG(from_bgp->vpn_policy[afi].flags,
1223 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
1224 struct prefix *nexthop =
1225 &from_bgp->vpn_policy[afi].tovpn_nexthop;
1226
1227 switch (nexthop->family) {
1228 case AF_INET:
1229 /* prevent mp_nexthop_global_in <- self in bgp_route.c
1230 */
1231 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
1232
1233 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
1234 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV4;
1235 break;
1236
1237 case AF_INET6:
1238 static_attr.mp_nexthop_global = nexthop->u.prefix6;
1239 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL;
1240 break;
1241
1242 default:
1243 assert(0);
1244 }
1245 } else {
1246 if (!CHECK_FLAG(from_bgp->af_flags[afi][SAFI_UNICAST],
1247 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
1248 if (afi == AFI_IP) {
1249 /*
1250 * For ipv4, copy to multiprotocol
1251 * nexthop field
1252 */
1253 static_attr.mp_nexthop_global_in =
1254 static_attr.nexthop;
1255 static_attr.mp_nexthop_len =
1256 BGP_ATTR_NHLEN_IPV4;
1257 /*
1258 * XXX Leave static_attr.nexthop
1259 * intact for NHT
1260 */
1261 static_attr.flag &=
1262 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1263 }
1264 } else {
1265 /* Update based on next-hop family to account for
1266 * RFC 5549 (BGP unnumbered) scenario. Note that
1267 * specific action is only needed for the case of
1268 * IPv4 nexthops as the attr has been copied
1269 * otherwise.
1270 */
1271 if (afi == AFI_IP
1272 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
1273 static_attr.mp_nexthop_global_in.s_addr =
1274 static_attr.nexthop.s_addr;
1275 static_attr.mp_nexthop_len =
1276 BGP_ATTR_NHLEN_IPV4;
1277 static_attr.flag |=
1278 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1279 }
1280 }
1281 nexthop_self_flag = 1;
1282 }
1283
1284 label_val = from_bgp->vpn_policy[afi].tovpn_label;
1285 if (label_val == MPLS_LABEL_NONE) {
1286 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
1287 } else {
1288 encode_label(label_val, &label);
1289 }
1290
1291 /* Set originator ID to "me" */
1292 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
1293 static_attr.originator_id = to_bgp->router_id;
1294
1295 /* Set SID for SRv6 VPN */
1296 if (from_bgp->vpn_policy[afi].tovpn_sid_locator) {
1297 encode_label(
1298 from_bgp->vpn_policy[afi].tovpn_sid_transpose_label,
1299 &label);
1300 static_attr.srv6_l3vpn = XCALLOC(MTYPE_BGP_SRV6_L3VPN,
1301 sizeof(struct bgp_attr_srv6_l3vpn));
1302 static_attr.srv6_l3vpn->sid_flags = 0x00;
1303 static_attr.srv6_l3vpn->endpoint_behavior = 0xffff;
1304 static_attr.srv6_l3vpn->loc_block_len =
1305 from_bgp->vpn_policy[afi]
1306 .tovpn_sid_locator->block_bits_length;
1307 static_attr.srv6_l3vpn->loc_node_len =
1308 from_bgp->vpn_policy[afi]
1309 .tovpn_sid_locator->node_bits_length;
1310 static_attr.srv6_l3vpn->func_len =
1311 from_bgp->vpn_policy[afi]
1312 .tovpn_sid_locator->function_bits_length;
1313 static_attr.srv6_l3vpn->arg_len =
1314 from_bgp->vpn_policy[afi]
1315 .tovpn_sid_locator->argument_bits_length;
1316 static_attr.srv6_l3vpn->transposition_len =
1317 from_bgp->vpn_policy[afi]
1318 .tovpn_sid_locator->function_bits_length;
1319 static_attr.srv6_l3vpn->transposition_offset =
1320 from_bgp->vpn_policy[afi]
1321 .tovpn_sid_locator->block_bits_length +
1322 from_bgp->vpn_policy[afi]
1323 .tovpn_sid_locator->node_bits_length;
1324 ;
1325 memcpy(&static_attr.srv6_l3vpn->sid,
1326 &from_bgp->vpn_policy[afi]
1327 .tovpn_sid_locator->prefix.prefix,
1328 sizeof(struct in6_addr));
1329 }
1330
1331
1332 new_attr = bgp_attr_intern(
1333 &static_attr); /* hashed refcounted everything */
1334 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
1335
1336 if (debug && bgp_attr_get_ecommunity(new_attr)) {
1337 char *s = ecommunity_ecom2str(bgp_attr_get_ecommunity(new_attr),
1338 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1339
1340 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
1341 XFREE(MTYPE_ECOMMUNITY_STR, s);
1342 }
1343
1344 /* Now new_attr is an allocated interned attr */
1345
1346 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p,
1347 &(from_bgp->vpn_policy[afi].tovpn_rd));
1348
1349 struct bgp_path_info *new_info;
1350
1351 new_info =
1352 leak_update(to_bgp, bn, new_attr, afi, safi, path_vrf, &label,
1353 1, from_bgp, NULL, nexthop_self_flag, debug);
1354
1355 /*
1356 * Routes actually installed in the vpn RIB must also be
1357 * offered to all vrfs (because now they originate from
1358 * the vpn RIB).
1359 *
1360 * Acceptance into other vrfs depends on rt-lists.
1361 * Originating vrf will not accept the looped back route
1362 * because of loop checking.
1363 */
1364 if (new_info)
1365 vpn_leak_to_vrf_update(from_bgp, new_info);
1366 }
1367
1368 void vpn_leak_from_vrf_withdraw(struct bgp *to_bgp, /* to */
1369 struct bgp *from_bgp, /* from */
1370 struct bgp_path_info *path_vrf) /* route */
1371 {
1372 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1373 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
1374 afi_t afi = family2afi(p->family);
1375 safi_t safi = SAFI_MPLS_VPN;
1376 struct bgp_path_info *bpi;
1377 struct bgp_dest *bn;
1378 const char *debugmsg;
1379
1380 if (debug) {
1381 zlog_debug(
1382 "%s: entry: leak-from=%s, p=%pBD, type=%d, sub_type=%d",
1383 __func__, from_bgp->name_pretty, path_vrf->net,
1384 path_vrf->type, path_vrf->sub_type);
1385 }
1386
1387 if (!to_bgp)
1388 return;
1389
1390 if (!afi) {
1391 if (debug)
1392 zlog_debug("%s: can't get afi of prefix", __func__);
1393 return;
1394 }
1395
1396 /* Is this route exportable into the VPN table? */
1397 if (!is_route_injectable_into_vpn(path_vrf))
1398 return;
1399
1400 if (!vpn_leak_to_vpn_active(from_bgp, afi, &debugmsg)) {
1401 if (debug)
1402 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1403 return;
1404 }
1405
1406 if (debug)
1407 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf);
1408
1409 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p,
1410 &(from_bgp->vpn_policy[afi].tovpn_rd));
1411
1412 if (!bn)
1413 return;
1414 /*
1415 * vrf -> vpn
1416 * match original bpi imported from
1417 */
1418 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
1419 if (bpi->extra && bpi->extra->parent == path_vrf) {
1420 break;
1421 }
1422 }
1423
1424 if (bpi) {
1425 /* withdraw from looped vrfs as well */
1426 vpn_leak_to_vrf_withdraw(to_bgp, bpi);
1427
1428 bgp_aggregate_decrement(to_bgp, p, bpi, afi, safi);
1429 bgp_path_info_delete(bn, bpi);
1430 bgp_process(to_bgp, bn, afi, safi);
1431 }
1432 bgp_dest_unlock_node(bn);
1433 }
1434
1435 void vpn_leak_from_vrf_withdraw_all(struct bgp *to_bgp, struct bgp *from_bgp,
1436 afi_t afi)
1437 {
1438 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1439 struct bgp_dest *pdest;
1440 safi_t safi = SAFI_MPLS_VPN;
1441
1442 /*
1443 * Walk vpn table, delete bpi with bgp_orig == from_bgp
1444 */
1445 for (pdest = bgp_table_top(to_bgp->rib[afi][safi]); pdest;
1446 pdest = bgp_route_next(pdest)) {
1447
1448 struct bgp_table *table;
1449 struct bgp_dest *bn;
1450 struct bgp_path_info *bpi;
1451
1452 /* This is the per-RD table of prefixes */
1453 table = bgp_dest_get_bgp_table_info(pdest);
1454
1455 if (!table)
1456 continue;
1457
1458 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1459 bpi = bgp_dest_get_bgp_path_info(bn);
1460 if (debug && bpi) {
1461 zlog_debug("%s: looking at prefix %pBD",
1462 __func__, bn);
1463 }
1464
1465 for (; bpi; bpi = bpi->next) {
1466 if (debug)
1467 zlog_debug("%s: type %d, sub_type %d",
1468 __func__, bpi->type,
1469 bpi->sub_type);
1470 if (bpi->sub_type != BGP_ROUTE_IMPORTED)
1471 continue;
1472 if (!bpi->extra)
1473 continue;
1474 if ((struct bgp *)bpi->extra->bgp_orig ==
1475 from_bgp) {
1476 /* delete route */
1477 if (debug)
1478 zlog_debug("%s: deleting it",
1479 __func__);
1480 /* withdraw from leak-to vrfs as well */
1481 vpn_leak_to_vrf_withdraw(to_bgp, bpi);
1482 bgp_aggregate_decrement(
1483 to_bgp, bgp_dest_get_prefix(bn),
1484 bpi, afi, safi);
1485 bgp_path_info_delete(bn, bpi);
1486 bgp_process(to_bgp, bn, afi, safi);
1487 }
1488 }
1489 }
1490 }
1491 }
1492
1493 void vpn_leak_from_vrf_update_all(struct bgp *to_bgp, struct bgp *from_bgp,
1494 afi_t afi)
1495 {
1496 struct bgp_dest *bn;
1497 struct bgp_path_info *bpi;
1498 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1499
1500 if (debug)
1501 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
1502 from_bgp->name_pretty);
1503
1504 for (bn = bgp_table_top(from_bgp->rib[afi][SAFI_UNICAST]); bn;
1505 bn = bgp_route_next(bn)) {
1506
1507 if (debug)
1508 zlog_debug("%s: node=%p", __func__, bn);
1509
1510 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1511 bpi = bpi->next) {
1512 if (debug)
1513 zlog_debug(
1514 "%s: calling vpn_leak_from_vrf_update",
1515 __func__);
1516 vpn_leak_from_vrf_update(to_bgp, from_bgp, bpi);
1517 }
1518 }
1519 }
1520
1521 static bool
1522 vpn_leak_to_vrf_update_onevrf(struct bgp *to_bgp, /* to */
1523 struct bgp *from_bgp, /* from */
1524 struct bgp_path_info *path_vpn) /* route */
1525 {
1526 const struct prefix *p = bgp_dest_get_prefix(path_vpn->net);
1527 afi_t afi = family2afi(p->family);
1528
1529 struct attr static_attr = {0};
1530 struct attr *new_attr = NULL;
1531 struct bgp_dest *bn;
1532 safi_t safi = SAFI_UNICAST;
1533 const char *debugmsg;
1534 struct prefix nexthop_orig;
1535 mpls_label_t *pLabels = NULL;
1536 uint32_t num_labels = 0;
1537 int nexthop_self_flag = 1;
1538 struct bgp_path_info *bpi_ultimate = NULL;
1539 int origin_local = 0;
1540 struct bgp *src_vrf;
1541
1542 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1543
1544 if (!vpn_leak_from_vpn_active(to_bgp, afi, &debugmsg)) {
1545 if (debug)
1546 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1547 return false;
1548 }
1549
1550 /* Check for intersection of route targets */
1551 if (!ecommunity_include(
1552 to_bgp->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1553 bgp_attr_get_ecommunity(path_vpn->attr))) {
1554 if (debug)
1555 zlog_debug(
1556 "from vpn (%s) to vrf (%s), skipping after no intersection of route targets",
1557 from_bgp->name_pretty, to_bgp->name_pretty);
1558 return false;
1559 }
1560
1561 if (debug)
1562 zlog_debug("%s: updating %pFX to vrf %s", __func__, p,
1563 to_bgp->name_pretty);
1564
1565 /* shallow copy */
1566 static_attr = *path_vpn->attr;
1567
1568 struct ecommunity *old_ecom;
1569 struct ecommunity *new_ecom;
1570
1571 /* If doing VRF-to-VRF leaking, strip RTs. */
1572 old_ecom = bgp_attr_get_ecommunity(&static_attr);
1573 if (old_ecom && CHECK_FLAG(to_bgp->af_flags[afi][safi],
1574 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1575 new_ecom = ecommunity_dup(old_ecom);
1576 ecommunity_strip_rts(new_ecom);
1577 bgp_attr_set_ecommunity(&static_attr, new_ecom);
1578
1579 if (new_ecom->size == 0) {
1580 ecommunity_free(&new_ecom);
1581 bgp_attr_set_ecommunity(&static_attr, NULL);
1582 }
1583
1584 if (!old_ecom->refcnt)
1585 ecommunity_free(&old_ecom);
1586 }
1587
1588 /*
1589 * Nexthop: stash and clear
1590 *
1591 * Nexthop is valid in context of VPN core, but not in destination vrf.
1592 * Stash it for later label resolution by vrf ingress path and then
1593 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1594 */
1595 uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len);
1596
1597 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1598 nexthop_orig.family = nhfamily;
1599
1600 switch (nhfamily) {
1601 case AF_INET:
1602 /* save */
1603 nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in;
1604 nexthop_orig.prefixlen = IPV4_MAX_BITLEN;
1605
1606 if (CHECK_FLAG(to_bgp->af_flags[afi][safi],
1607 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1608 static_attr.nexthop.s_addr =
1609 nexthop_orig.u.prefix4.s_addr;
1610
1611 static_attr.mp_nexthop_global_in =
1612 path_vpn->attr->mp_nexthop_global_in;
1613 static_attr.mp_nexthop_len =
1614 path_vpn->attr->mp_nexthop_len;
1615 }
1616 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1617 break;
1618 case AF_INET6:
1619 /* save */
1620 nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global;
1621 nexthop_orig.prefixlen = IPV6_MAX_BITLEN;
1622
1623 if (CHECK_FLAG(to_bgp->af_flags[afi][safi],
1624 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1625 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
1626 }
1627 break;
1628 }
1629
1630 /*
1631 * route map handling
1632 */
1633 if (to_bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
1634 struct bgp_path_info info;
1635 route_map_result_t ret;
1636
1637 memset(&info, 0, sizeof(info));
1638 info.peer = to_bgp->peer_self;
1639 info.attr = &static_attr;
1640 info.extra = path_vpn->extra; /* Used for source-vrf filter */
1641 ret = route_map_apply(to_bgp->vpn_policy[afi]
1642 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
1643 p, &info);
1644 if (RMAP_DENYMATCH == ret) {
1645 bgp_attr_flush(&static_attr); /* free any added parts */
1646 if (debug)
1647 zlog_debug(
1648 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
1649 __func__, to_bgp->name_pretty,
1650 to_bgp->vpn_policy[afi]
1651 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
1652 ->name);
1653 return false;
1654 }
1655 /*
1656 * if route-map changed nexthop, don't nexthop-self on output
1657 */
1658 if (!CHECK_FLAG(static_attr.rmap_change_flags,
1659 BATTR_RMAP_NEXTHOP_UNCHANGED))
1660 nexthop_self_flag = 0;
1661 }
1662
1663 new_attr = bgp_attr_intern(&static_attr);
1664 bgp_attr_flush(&static_attr);
1665
1666 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p, NULL);
1667
1668 /*
1669 * ensure labels are copied
1670 *
1671 * However, there is a special case: if the route originated in
1672 * another local VRF (as opposed to arriving via VPN), then the
1673 * nexthop is reached by hairpinning through this router (me)
1674 * using IP forwarding only (no LSP). Therefore, the route
1675 * imported to the VRF should not have labels attached. Note
1676 * that nexthop tracking is also involved: eliminating the
1677 * labels for these routes enables the non-labeled nexthops
1678 * from the originating VRF to be considered valid for this route.
1679 */
1680 if (!CHECK_FLAG(to_bgp->af_flags[afi][safi],
1681 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1682 /* work back to original route */
1683 bpi_ultimate = bgp_get_imported_bpi_ultimate(path_vpn);
1684
1685 /*
1686 * if original route was unicast,
1687 * then it did not arrive over vpn
1688 */
1689 if (bpi_ultimate->net) {
1690 struct bgp_table *table;
1691
1692 table = bgp_dest_table(bpi_ultimate->net);
1693 if (table && (table->safi == SAFI_UNICAST))
1694 origin_local = 1;
1695 }
1696
1697 /* copy labels */
1698 if (!origin_local && path_vpn->extra
1699 && path_vpn->extra->num_labels) {
1700 num_labels = path_vpn->extra->num_labels;
1701 if (num_labels > BGP_MAX_LABELS)
1702 num_labels = BGP_MAX_LABELS;
1703 pLabels = path_vpn->extra->label;
1704 }
1705 }
1706
1707 if (debug)
1708 zlog_debug("%s: pfx %pBD: num_labels %d", __func__,
1709 path_vpn->net, num_labels);
1710
1711 /*
1712 * For VRF-2-VRF route-leaking,
1713 * the source will be the originating VRF.
1714 */
1715 if (path_vpn->extra && path_vpn->extra->bgp_orig)
1716 src_vrf = path_vpn->extra->bgp_orig;
1717 else
1718 src_vrf = from_bgp;
1719
1720 leak_update(to_bgp, bn, new_attr, afi, safi, path_vpn, pLabels,
1721 num_labels, src_vrf, &nexthop_orig, nexthop_self_flag,
1722 debug);
1723 return true;
1724 }
1725
1726 bool vpn_leak_to_vrf_update(struct bgp *from_bgp, /* from */
1727 struct bgp_path_info *path_vpn) /* route */
1728 {
1729 struct listnode *mnode, *mnnode;
1730 struct bgp *bgp;
1731 bool leak_success = false;
1732
1733 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1734
1735 if (debug)
1736 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1737
1738 /* Loop over VRFs */
1739 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1740
1741 if (!path_vpn->extra
1742 || path_vpn->extra->bgp_orig != bgp) { /* no loop */
1743 leak_success |= vpn_leak_to_vrf_update_onevrf(
1744 bgp, from_bgp, path_vpn);
1745 }
1746 }
1747 return leak_success;
1748 }
1749
1750 void vpn_leak_to_vrf_withdraw(struct bgp *from_bgp, /* from */
1751 struct bgp_path_info *path_vpn) /* route */
1752 {
1753 const struct prefix *p;
1754 afi_t afi;
1755 safi_t safi = SAFI_UNICAST;
1756 struct bgp *bgp;
1757 struct listnode *mnode, *mnnode;
1758 struct bgp_dest *bn;
1759 struct bgp_path_info *bpi;
1760 const char *debugmsg;
1761
1762 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1763
1764 if (debug)
1765 zlog_debug("%s: entry: p=%pBD, type=%d, sub_type=%d", __func__,
1766 path_vpn->net, path_vpn->type, path_vpn->sub_type);
1767
1768 if (debug)
1769 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1770
1771 if (!path_vpn->net) {
1772 #ifdef ENABLE_BGP_VNC
1773 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
1774 if (path_vpn->type == ZEBRA_ROUTE_BGP
1775 && path_vpn->sub_type == BGP_ROUTE_RFP) {
1776
1777 return;
1778 }
1779 #endif
1780 if (debug)
1781 zlog_debug(
1782 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
1783 __func__);
1784 return;
1785 }
1786
1787 p = bgp_dest_get_prefix(path_vpn->net);
1788 afi = family2afi(p->family);
1789
1790 /* Loop over VRFs */
1791 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1792 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
1793 if (debug)
1794 zlog_debug("%s: skipping: %s", __func__,
1795 debugmsg);
1796 continue;
1797 }
1798
1799 /* Check for intersection of route targets */
1800 if (!ecommunity_include(
1801 bgp->vpn_policy[afi]
1802 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1803 bgp_attr_get_ecommunity(path_vpn->attr))) {
1804
1805 continue;
1806 }
1807
1808 if (debug)
1809 zlog_debug("%s: withdrawing from vrf %s", __func__,
1810 bgp->name_pretty);
1811
1812 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
1813
1814 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1815 bpi = bpi->next) {
1816 if (bpi->extra
1817 && (struct bgp_path_info *)bpi->extra->parent
1818 == path_vpn) {
1819 break;
1820 }
1821 }
1822
1823 if (bpi) {
1824 if (debug)
1825 zlog_debug("%s: deleting bpi %p", __func__,
1826 bpi);
1827 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
1828 bgp_path_info_delete(bn, bpi);
1829 bgp_process(bgp, bn, afi, safi);
1830 }
1831 bgp_dest_unlock_node(bn);
1832 }
1833 }
1834
1835 void vpn_leak_to_vrf_withdraw_all(struct bgp *to_bgp, afi_t afi)
1836 {
1837 struct bgp_dest *bn;
1838 struct bgp_path_info *bpi;
1839 safi_t safi = SAFI_UNICAST;
1840 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1841
1842 if (debug)
1843 zlog_debug("%s: entry", __func__);
1844 /*
1845 * Walk vrf table, delete bpi with bgp_orig in a different vrf
1846 */
1847 for (bn = bgp_table_top(to_bgp->rib[afi][safi]); bn;
1848 bn = bgp_route_next(bn)) {
1849
1850 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1851 bpi = bpi->next) {
1852 if (bpi->extra && bpi->extra->bgp_orig != to_bgp &&
1853 bpi->extra->parent &&
1854 is_pi_family_vpn(bpi->extra->parent)) {
1855
1856 /* delete route */
1857 bgp_aggregate_decrement(to_bgp,
1858 bgp_dest_get_prefix(bn),
1859 bpi, afi, safi);
1860 bgp_path_info_delete(bn, bpi);
1861 bgp_process(to_bgp, bn, afi, safi);
1862 }
1863 }
1864 }
1865 }
1866
1867 void vpn_leak_to_vrf_update_all(struct bgp *to_bgp, struct bgp *vpn_from,
1868 afi_t afi)
1869 {
1870 struct bgp_dest *pdest;
1871 safi_t safi = SAFI_MPLS_VPN;
1872
1873 assert(vpn_from);
1874
1875 /*
1876 * Walk vpn table
1877 */
1878 for (pdest = bgp_table_top(vpn_from->rib[afi][safi]); pdest;
1879 pdest = bgp_route_next(pdest)) {
1880 struct bgp_table *table;
1881 struct bgp_dest *bn;
1882 struct bgp_path_info *bpi;
1883
1884 /* This is the per-RD table of prefixes */
1885 table = bgp_dest_get_bgp_table_info(pdest);
1886
1887 if (!table)
1888 continue;
1889
1890 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1891
1892 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1893 bpi = bpi->next) {
1894
1895 if (bpi->extra &&
1896 bpi->extra->bgp_orig == to_bgp)
1897 continue;
1898
1899 vpn_leak_to_vrf_update_onevrf(to_bgp, vpn_from,
1900 bpi);
1901 }
1902 }
1903 }
1904 }
1905
1906 /*
1907 * This function is called for definition/deletion/change to a route-map
1908 */
1909 static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
1910 {
1911 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1912 afi_t afi;
1913 struct route_map *rmap;
1914
1915 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1916 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
1917
1918 return;
1919 }
1920
1921 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
1922
1923 for (afi = 0; afi < AFI_MAX; ++afi) {
1924
1925 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
1926 && !strcmp(rmap_name,
1927 bgp->vpn_policy[afi]
1928 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
1929
1930 if (debug)
1931 zlog_debug(
1932 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
1933 __func__, rmap_name, bgp->as,
1934 afi2str(afi));
1935
1936 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1937 bgp_get_default(), bgp);
1938 if (debug)
1939 zlog_debug("%s: after vpn_leak_prechange",
1940 __func__);
1941
1942 /* in case of definition/deletion */
1943 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
1944 rmap;
1945
1946 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1947 bgp_get_default(), bgp);
1948
1949 if (debug)
1950 zlog_debug("%s: after vpn_leak_postchange",
1951 __func__);
1952 }
1953
1954 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
1955 && !strcmp(rmap_name,
1956 bgp->vpn_policy[afi]
1957 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
1958
1959 if (debug) {
1960 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
1961 __func__, rmap_name, bgp->as,
1962 afi2str(afi));
1963 }
1964
1965 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1966 bgp_get_default(), bgp);
1967
1968 /* in case of definition/deletion */
1969 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
1970 rmap;
1971
1972 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1973 bgp_get_default(), bgp);
1974 }
1975 }
1976 }
1977
1978 /* This API is used during router-id change, reflect VPNs
1979 * auto RD and RT values and readvertise routes to VPN table.
1980 */
1981 void vpn_handle_router_id_update(struct bgp *bgp, bool withdraw,
1982 bool is_config)
1983 {
1984 afi_t afi;
1985 int debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF)
1986 | BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1987 char *vname;
1988 const char *export_name;
1989 char buf[RD_ADDRSTRLEN];
1990 struct bgp *bgp_import;
1991 struct listnode *node;
1992 struct ecommunity *ecom;
1993 enum vpn_policy_direction idir, edir;
1994
1995 /*
1996 * Router-id change that is not explicitly configured
1997 * (a change from zebra, frr restart for example)
1998 * should not replace a configured vpn RD/RT.
1999 */
2000 if (!is_config) {
2001 if (debug)
2002 zlog_debug("%s: skipping non explicit router-id change",
2003 __func__);
2004 return;
2005 }
2006
2007 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
2008 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2009 return;
2010
2011 export_name = bgp->name ? bgp->name : VRF_DEFAULT_NAME;
2012 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2013 edir = BGP_VPN_POLICY_DIR_TOVPN;
2014
2015 for (afi = 0; afi < AFI_MAX; ++afi) {
2016 if (!vpn_leak_to_vpn_active(bgp, afi, NULL))
2017 continue;
2018
2019 if (withdraw) {
2020 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
2021 afi, bgp_get_default(), bgp);
2022 if (debug)
2023 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
2024 __func__, export_name);
2025
2026 /* Remove import RT from VRFs */
2027 ecom = bgp->vpn_policy[afi].rtlist[edir];
2028 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
2029 export_vrf, node, vname)) {
2030 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
2031 bgp_import = bgp_get_default();
2032 else
2033 bgp_import = bgp_lookup_by_name(vname);
2034 if (!bgp_import)
2035 continue;
2036
2037 ecommunity_del_val(
2038 bgp_import->vpn_policy[afi]
2039 .rtlist[idir],
2040 (struct ecommunity_val *)ecom->val);
2041 }
2042 } else {
2043 /* New router-id derive auto RD and RT and export
2044 * to VPN
2045 */
2046 form_auto_rd(bgp->router_id, bgp->vrf_rd_id,
2047 &bgp->vrf_prd_auto);
2048 bgp->vpn_policy[afi].tovpn_rd = bgp->vrf_prd_auto;
2049 prefix_rd2str(&bgp->vpn_policy[afi].tovpn_rd, buf,
2050 sizeof(buf));
2051
2052 /* free up pre-existing memory if any and allocate
2053 * the ecommunity attribute with new RD/RT
2054 */
2055 if (bgp->vpn_policy[afi].rtlist[edir])
2056 ecommunity_free(
2057 &bgp->vpn_policy[afi].rtlist[edir]);
2058 bgp->vpn_policy[afi].rtlist[edir] = ecommunity_str2com(
2059 buf, ECOMMUNITY_ROUTE_TARGET, 0);
2060
2061 /* Update import_vrf rt_list */
2062 ecom = bgp->vpn_policy[afi].rtlist[edir];
2063 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
2064 export_vrf, node, vname)) {
2065 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
2066 bgp_import = bgp_get_default();
2067 else
2068 bgp_import = bgp_lookup_by_name(vname);
2069 if (!bgp_import)
2070 continue;
2071 if (bgp_import->vpn_policy[afi].rtlist[idir])
2072 bgp_import->vpn_policy[afi].rtlist[idir]
2073 = ecommunity_merge(
2074 bgp_import->vpn_policy[afi]
2075 .rtlist[idir], ecom);
2076 else
2077 bgp_import->vpn_policy[afi].rtlist[idir]
2078 = ecommunity_dup(ecom);
2079 }
2080
2081 /* Update routes to VPN */
2082 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
2083 afi, bgp_get_default(),
2084 bgp);
2085 if (debug)
2086 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
2087 __func__, export_name);
2088 }
2089 }
2090 }
2091
2092 void vpn_policy_routemap_event(const char *rmap_name)
2093 {
2094 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
2095 struct listnode *mnode, *mnnode;
2096 struct bgp *bgp;
2097
2098 if (debug)
2099 zlog_debug("%s: entry", __func__);
2100
2101 if (bm->bgp == NULL) /* may be called during cleanup */
2102 return;
2103
2104 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
2105 vpn_policy_routemap_update(bgp, rmap_name);
2106 }
2107
2108 void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
2109 afi_t afi, safi_t safi)
2110 {
2111 const char *export_name;
2112 enum vpn_policy_direction idir, edir;
2113 char *vname, *tmp_name;
2114 char buf[RD_ADDRSTRLEN];
2115 struct ecommunity *ecom;
2116 bool first_export = false;
2117 int debug;
2118 struct listnode *node;
2119 bool is_inst_match = false;
2120
2121 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
2122 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2123 edir = BGP_VPN_POLICY_DIR_TOVPN;
2124
2125 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2126 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2127
2128 /*
2129 * Cross-ref both VRFs. Also, note if this is the first time
2130 * any VRF is importing from "import_vrf".
2131 */
2132 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
2133 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
2134
2135 /* Check the import_vrf list of destination vrf for the source vrf name,
2136 * insert otherwise.
2137 */
2138 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf,
2139 node, tmp_name)) {
2140 if (strcmp(vname, tmp_name) == 0) {
2141 is_inst_match = true;
2142 break;
2143 }
2144 }
2145 if (!is_inst_match)
2146 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
2147 vname);
2148 else
2149 XFREE(MTYPE_TMP, vname);
2150
2151 /* Check if the source vrf already exports to any vrf,
2152 * first time export requires to setup auto derived RD/RT values.
2153 * Add the destination vrf name to export vrf list if it is
2154 * not present.
2155 */
2156 is_inst_match = false;
2157 vname = XSTRDUP(MTYPE_TMP, export_name);
2158 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
2159 first_export = true;
2160 } else {
2161 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
2162 node, tmp_name)) {
2163 if (strcmp(vname, tmp_name) == 0) {
2164 is_inst_match = true;
2165 break;
2166 }
2167 }
2168 }
2169 if (!is_inst_match)
2170 listnode_add(from_bgp->vpn_policy[afi].export_vrf,
2171 vname);
2172 else
2173 XFREE(MTYPE_TMP, vname);
2174
2175 /* Update import RT for current VRF using export RT of the VRF we're
2176 * importing from. First though, make sure "import_vrf" has that
2177 * set.
2178 */
2179 if (first_export) {
2180 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
2181 &from_bgp->vrf_prd_auto);
2182 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
2183 SET_FLAG(from_bgp->vpn_policy[afi].flags,
2184 BGP_VPN_POLICY_TOVPN_RD_SET);
2185 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
2186 buf, sizeof(buf));
2187 from_bgp->vpn_policy[afi].rtlist[edir] =
2188 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
2189 SET_FLAG(from_bgp->af_flags[afi][safi],
2190 BGP_CONFIG_VRF_TO_VRF_EXPORT);
2191 from_bgp->vpn_policy[afi].tovpn_label =
2192 BGP_PREVENT_VRF_2_VRF_LEAK;
2193 }
2194 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2195 if (to_bgp->vpn_policy[afi].rtlist[idir])
2196 to_bgp->vpn_policy[afi].rtlist[idir] =
2197 ecommunity_merge(to_bgp->vpn_policy[afi]
2198 .rtlist[idir], ecom);
2199 else
2200 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
2201 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
2202
2203 if (debug) {
2204 const char *from_name;
2205 char *ecom1, *ecom2;
2206
2207 from_name = from_bgp->name ? from_bgp->name :
2208 VRF_DEFAULT_NAME;
2209
2210 ecom1 = ecommunity_ecom2str(
2211 to_bgp->vpn_policy[afi].rtlist[idir],
2212 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
2213
2214 ecom2 = ecommunity_ecom2str(
2215 to_bgp->vpn_policy[afi].rtlist[edir],
2216 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
2217
2218 zlog_debug(
2219 "%s from %s to %s first_export %u import-rt %s export-rt %s",
2220 __func__, from_name, export_name, first_export, ecom1,
2221 ecom2);
2222
2223 ecommunity_strfree(&ecom1);
2224 ecommunity_strfree(&ecom2);
2225 }
2226
2227 /* Does "import_vrf" first need to export its routes or that
2228 * is already done and we just need to import those routes
2229 * from the global table?
2230 */
2231 if (first_export)
2232 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
2233 else
2234 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
2235 }
2236
2237 void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
2238 afi_t afi, safi_t safi)
2239 {
2240 const char *export_name, *tmp_name;
2241 enum vpn_policy_direction idir, edir;
2242 char *vname;
2243 struct ecommunity *ecom = NULL;
2244 struct listnode *node;
2245 int debug;
2246
2247 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
2248 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
2249 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2250 edir = BGP_VPN_POLICY_DIR_TOVPN;
2251
2252 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2253 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2254
2255 /* Were we importing from "import_vrf"? */
2256 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
2257 vname)) {
2258 if (strcmp(vname, tmp_name) == 0)
2259 break;
2260 }
2261
2262 /*
2263 * We do not check in the cli if the passed in bgp
2264 * instance is actually imported into us before
2265 * we call this function. As such if we do not
2266 * find this in the import_vrf list than
2267 * we just need to return safely.
2268 */
2269 if (!vname)
2270 return;
2271
2272 if (debug)
2273 zlog_debug("%s from %s to %s", __func__, tmp_name, export_name);
2274
2275 /* Remove "import_vrf" from our import list. */
2276 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
2277 XFREE(MTYPE_TMP, vname);
2278
2279 /* Remove routes imported from "import_vrf". */
2280 /* TODO: In the current logic, we have to first remove all
2281 * imported routes and then (if needed) import back routes
2282 */
2283 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
2284
2285 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
2286 if (!to_bgp->vpn_policy[afi].rmap[idir])
2287 UNSET_FLAG(to_bgp->af_flags[afi][safi],
2288 BGP_CONFIG_VRF_TO_VRF_IMPORT);
2289 if (to_bgp->vpn_policy[afi].rtlist[idir])
2290 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
2291 } else {
2292 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2293 if (ecom)
2294 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
2295 (struct ecommunity_val *)ecom->val);
2296 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
2297 }
2298
2299 /*
2300 * What?
2301 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
2302 * below is checking for NULL that export_vrf can be
2303 * NULL, consequently it is complaining( like a cabbage )
2304 * that we could dereference and crash in the listcount(..)
2305 * check below.
2306 * So make it happy, under protest, with liberty and justice
2307 * for all.
2308 */
2309 assert(from_bgp->vpn_policy[afi].export_vrf);
2310
2311 /* Remove us from "import_vrf's" export list. If no other VRF
2312 * is importing from "import_vrf", cleanup appropriately.
2313 */
2314 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
2315 node, vname)) {
2316 if (strcmp(vname, export_name) == 0)
2317 break;
2318 }
2319
2320 /*
2321 * If we have gotten to this point then the vname must
2322 * exist. If not, we are in a world of trouble and
2323 * have slag sitting around.
2324 *
2325 * import_vrf and export_vrf must match in having
2326 * the in/out names as appropriate.
2327 * export_vrf list could have been cleaned up
2328 * as part of no router bgp source instnace.
2329 */
2330 if (!vname)
2331 return;
2332
2333 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
2334 XFREE(MTYPE_TMP, vname);
2335
2336 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
2337 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
2338 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
2339 UNSET_FLAG(from_bgp->af_flags[afi][safi],
2340 BGP_CONFIG_VRF_TO_VRF_EXPORT);
2341 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
2342 sizeof(struct prefix_rd));
2343 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
2344 BGP_VPN_POLICY_TOVPN_RD_SET);
2345 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
2346
2347 }
2348 }
2349
2350 /* For testing purpose, static route of MPLS-VPN. */
2351 DEFUN (vpnv4_network,
2352 vpnv4_network_cmd,
2353 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2354 "Specify a network to announce via BGP\n"
2355 "IPv4 prefix\n"
2356 "Specify Route Distinguisher\n"
2357 "VPN Route Distinguisher\n"
2358 "VPN NLRI label (tag)\n"
2359 "VPN NLRI label (tag)\n"
2360 "Label value\n")
2361 {
2362 int idx_ipv4_prefixlen = 1;
2363 int idx_ext_community = 3;
2364 int idx_label = 5;
2365 return bgp_static_set_safi(
2366 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
2367 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
2368 NULL, NULL, NULL, NULL);
2369 }
2370
2371 DEFUN (vpnv4_network_route_map,
2372 vpnv4_network_route_map_cmd,
2373 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map RMAP_NAME",
2374 "Specify a network to announce via BGP\n"
2375 "IPv4 prefix\n"
2376 "Specify Route Distinguisher\n"
2377 "VPN Route Distinguisher\n"
2378 "VPN NLRI label (tag)\n"
2379 "VPN NLRI label (tag)\n"
2380 "Label value\n"
2381 "route map\n"
2382 "route map name\n")
2383 {
2384 int idx_ipv4_prefixlen = 1;
2385 int idx_ext_community = 3;
2386 int idx_label = 5;
2387 int idx_word_2 = 7;
2388 return bgp_static_set_safi(
2389 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
2390 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2391 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
2392 }
2393
2394 /* For testing purpose, static route of MPLS-VPN. */
2395 DEFUN (no_vpnv4_network,
2396 no_vpnv4_network_cmd,
2397 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2398 NO_STR
2399 "Specify a network to announce via BGP\n"
2400 "IPv4 prefix\n"
2401 "Specify Route Distinguisher\n"
2402 "VPN Route Distinguisher\n"
2403 "VPN NLRI label (tag)\n"
2404 "VPN NLRI label (tag)\n"
2405 "Label value\n")
2406 {
2407 int idx_ipv4_prefixlen = 2;
2408 int idx_ext_community = 4;
2409 int idx_label = 6;
2410 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
2411 argv[idx_ipv4_prefixlen]->arg,
2412 argv[idx_ext_community]->arg,
2413 argv[idx_label]->arg, 0, NULL, NULL, NULL);
2414 }
2415
2416 DEFUN (vpnv6_network,
2417 vpnv6_network_cmd,
2418 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map RMAP_NAME]",
2419 "Specify a network to announce via BGP\n"
2420 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2421 "Specify Route Distinguisher\n"
2422 "VPN Route Distinguisher\n"
2423 "VPN NLRI label (tag)\n"
2424 "VPN NLRI label (tag)\n"
2425 "Label value\n"
2426 "route map\n"
2427 "route map name\n")
2428 {
2429 int idx_ipv6_prefix = 1;
2430 int idx_ext_community = 3;
2431 int idx_label = 5;
2432 int idx_word_2 = 7;
2433 if (argc == 8)
2434 return bgp_static_set_safi(
2435 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
2436 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2437 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
2438 else
2439 return bgp_static_set_safi(
2440 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
2441 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2442 NULL, 0, NULL, NULL, NULL, NULL);
2443 }
2444
2445 /* For testing purpose, static route of MPLS-VPN. */
2446 DEFUN (no_vpnv6_network,
2447 no_vpnv6_network_cmd,
2448 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2449 NO_STR
2450 "Specify a network to announce via BGP\n"
2451 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2452 "Specify Route Distinguisher\n"
2453 "VPN Route Distinguisher\n"
2454 "VPN NLRI label (tag)\n"
2455 "VPN NLRI label (tag)\n"
2456 "Label value\n")
2457 {
2458 int idx_ipv6_prefix = 2;
2459 int idx_ext_community = 4;
2460 int idx_label = 6;
2461 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
2462 argv[idx_ipv6_prefix]->arg,
2463 argv[idx_ext_community]->arg,
2464 argv[idx_label]->arg, 0, NULL, NULL, NULL);
2465 }
2466
2467 int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
2468 enum bgp_show_type type, void *output_arg, int tags,
2469 bool use_json)
2470 {
2471 struct bgp *bgp;
2472 struct bgp_table *table;
2473
2474 bgp = bgp_get_default();
2475 if (bgp == NULL) {
2476 if (!use_json)
2477 vty_out(vty, "No BGP process is configured\n");
2478 else
2479 vty_out(vty, "{}\n");
2480 return CMD_WARNING;
2481 }
2482 table = bgp->rib[afi][SAFI_MPLS_VPN];
2483 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
2484 output_arg, use_json);
2485 }
2486
2487 DEFUN (show_bgp_ip_vpn_all_rd,
2488 show_bgp_ip_vpn_all_rd_cmd,
2489 "show bgp "BGP_AFI_CMD_STR" vpn all [rd <ASN:NN_OR_IP-ADDRESS:NN|all>] [json]",
2490 SHOW_STR
2491 BGP_STR
2492 BGP_VPNVX_HELP_STR
2493 "Display VPN NLRI specific information\n"
2494 "Display VPN NLRI specific information\n"
2495 "Display information for a route distinguisher\n"
2496 "VPN Route Distinguisher\n"
2497 "All VPN Route Distinguishers\n"
2498 JSON_STR)
2499 {
2500 int ret;
2501 struct prefix_rd prd;
2502 afi_t afi;
2503 int idx = 0;
2504
2505 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
2506 /* Constrain search if user supplies RD && RD != "all" */
2507 if (argv_find(argv, argc, "rd", &idx)
2508 && strcmp(argv[idx + 1]->arg, "all")) {
2509 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
2510 if (!ret) {
2511 vty_out(vty,
2512 "%% Malformed Route Distinguisher\n");
2513 return CMD_WARNING;
2514 }
2515 return bgp_show_mpls_vpn(vty, afi, &prd,
2516 bgp_show_type_normal, NULL, 0,
2517 use_json(argc, argv));
2518 } else {
2519 return bgp_show_mpls_vpn(vty, afi, NULL,
2520 bgp_show_type_normal, NULL, 0,
2521 use_json(argc, argv));
2522 }
2523 }
2524 return CMD_SUCCESS;
2525 }
2526
2527 ALIAS(show_bgp_ip_vpn_all_rd,
2528 show_bgp_ip_vpn_rd_cmd,
2529 "show bgp "BGP_AFI_CMD_STR" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all> [json]",
2530 SHOW_STR
2531 BGP_STR
2532 BGP_VPNVX_HELP_STR
2533 "Display VPN NLRI specific information\n"
2534 "Display information for a route distinguisher\n"
2535 "VPN Route Distinguisher\n"
2536 "All VPN Route Distinguishers\n"
2537 JSON_STR)
2538
2539 #ifdef KEEP_OLD_VPN_COMMANDS
2540 DEFUN (show_ip_bgp_vpn_rd,
2541 show_ip_bgp_vpn_rd_cmd,
2542 "show ip bgp "BGP_AFI_CMD_STR" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all>",
2543 SHOW_STR
2544 IP_STR
2545 BGP_STR
2546 BGP_AFI_HELP_STR
2547 BGP_AF_MODIFIER_STR
2548 "Display information for a route distinguisher\n"
2549 "VPN Route Distinguisher\n"
2550 "All VPN Route Distinguishers\n")
2551 {
2552 int idx_ext_community = argc - 1;
2553 int ret;
2554 struct prefix_rd prd;
2555 afi_t afi;
2556 int idx = 0;
2557
2558 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2559 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2560 return bgp_show_mpls_vpn(vty, afi, NULL,
2561 bgp_show_type_normal, NULL, 0,
2562 0);
2563 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2564 if (!ret) {
2565 vty_out(vty, "%% Malformed Route Distinguisher\n");
2566 return CMD_WARNING;
2567 }
2568 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2569 NULL, 0, 0);
2570 }
2571 return CMD_SUCCESS;
2572 }
2573
2574 DEFUN (show_ip_bgp_vpn_all,
2575 show_ip_bgp_vpn_all_cmd,
2576 "show [ip] bgp <vpnv4|vpnv6>",
2577 SHOW_STR
2578 IP_STR
2579 BGP_STR
2580 BGP_VPNVX_HELP_STR)
2581 {
2582 afi_t afi;
2583 int idx = 0;
2584
2585 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2586 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2587 NULL, 0, 0);
2588 return CMD_SUCCESS;
2589 }
2590
2591 DEFUN (show_ip_bgp_vpn_all_tags,
2592 show_ip_bgp_vpn_all_tags_cmd,
2593 "show [ip] bgp <vpnv4|vpnv6> all tags",
2594 SHOW_STR
2595 IP_STR
2596 BGP_STR
2597 BGP_VPNVX_HELP_STR
2598 "Display information about all VPNv4/VPNV6 NLRIs\n"
2599 "Display BGP tags for prefixes\n")
2600 {
2601 afi_t afi;
2602 int idx = 0;
2603
2604 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2605 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2606 NULL, 1, 0);
2607 return CMD_SUCCESS;
2608 }
2609
2610 DEFUN (show_ip_bgp_vpn_rd_tags,
2611 show_ip_bgp_vpn_rd_tags_cmd,
2612 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> tags",
2613 SHOW_STR
2614 IP_STR
2615 BGP_STR
2616 BGP_VPNVX_HELP_STR
2617 "Display information for a route distinguisher\n"
2618 "VPN Route Distinguisher\n"
2619 "All VPN Route Distinguishers\n"
2620 "Display BGP tags for prefixes\n")
2621 {
2622 int idx_ext_community = 5;
2623 int ret;
2624 struct prefix_rd prd;
2625 afi_t afi;
2626 int idx = 0;
2627
2628 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2629 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2630 return bgp_show_mpls_vpn(vty, afi, NULL,
2631 bgp_show_type_normal, NULL, 1,
2632 0);
2633 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2634 if (!ret) {
2635 vty_out(vty, "%% Malformed Route Distinguisher\n");
2636 return CMD_WARNING;
2637 }
2638 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2639 NULL, 1, 0);
2640 }
2641 return CMD_SUCCESS;
2642 }
2643
2644 DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
2645 show_ip_bgp_vpn_all_neighbor_routes_cmd,
2646 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
2647 SHOW_STR
2648 IP_STR
2649 BGP_STR
2650 BGP_VPNVX_HELP_STR
2651 "Display information about all VPNv4/VPNv6 NLRIs\n"
2652 "Detailed information on TCP and BGP neighbor connections\n"
2653 "Neighbor to display information about\n"
2654 "Display routes learned from neighbor\n"
2655 JSON_STR)
2656 {
2657 int idx_ipv4 = 6;
2658 union sockunion su;
2659 struct peer *peer;
2660 int ret;
2661 bool uj = use_json(argc, argv);
2662 afi_t afi;
2663 int idx = 0;
2664
2665 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2666 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2667 if (ret < 0) {
2668 if (uj) {
2669 json_object *json_no = NULL;
2670 json_no = json_object_new_object();
2671 json_object_string_add(json_no, "warning",
2672 "Malformed address");
2673 vty_out(vty, "%s\n",
2674 json_object_to_json_string(json_no));
2675 json_object_free(json_no);
2676 } else
2677 vty_out(vty, "Malformed address: %s\n",
2678 argv[idx_ipv4]->arg);
2679 return CMD_WARNING;
2680 }
2681
2682 peer = peer_lookup(NULL, &su);
2683 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2684 if (uj) {
2685 json_object *json_no = NULL;
2686 json_no = json_object_new_object();
2687 json_object_string_add(
2688 json_no, "warning",
2689 "No such neighbor or address family");
2690 vty_out(vty, "%s\n",
2691 json_object_to_json_string(json_no));
2692 json_object_free(json_no);
2693 } else
2694 vty_out(vty,
2695 "%% No such neighbor or address family\n");
2696 return CMD_WARNING;
2697 }
2698
2699 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
2700 &su, 0, uj);
2701 }
2702 return CMD_SUCCESS;
2703 }
2704
2705 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
2706 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
2707 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D routes [json]",
2708 SHOW_STR
2709 IP_STR
2710 BGP_STR
2711 BGP_VPNVX_HELP_STR
2712 "Display information for a route distinguisher\n"
2713 "VPN Route Distinguisher\n"
2714 "All VPN Route Distinguishers\n"
2715 "Detailed information on TCP and BGP neighbor connections\n"
2716 "Neighbor to display information about\n"
2717 "Display routes learned from neighbor\n"
2718 JSON_STR)
2719 {
2720 int idx_ext_community = 5;
2721 int idx_ipv4 = 7;
2722 int ret;
2723 union sockunion su;
2724 struct peer *peer;
2725 struct prefix_rd prd;
2726 bool prefix_rd_all = false;
2727 bool uj = use_json(argc, argv);
2728 afi_t afi;
2729 int idx = 0;
2730
2731 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2732 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2733 prefix_rd_all = true;
2734 else {
2735 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2736 if (!ret) {
2737 if (uj) {
2738 json_object *json_no = NULL;
2739 json_no = json_object_new_object();
2740 json_object_string_add(
2741 json_no, "warning",
2742 "Malformed Route Distinguisher");
2743 vty_out(vty, "%s\n",
2744 json_object_to_json_string(
2745 json_no));
2746 json_object_free(json_no);
2747 } else
2748 vty_out(vty,
2749 "%% Malformed Route Distinguisher\n");
2750 return CMD_WARNING;
2751 }
2752 }
2753
2754 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2755 if (ret < 0) {
2756 if (uj) {
2757 json_object *json_no = NULL;
2758 json_no = json_object_new_object();
2759 json_object_string_add(json_no, "warning",
2760 "Malformed address");
2761 vty_out(vty, "%s\n",
2762 json_object_to_json_string(json_no));
2763 json_object_free(json_no);
2764 } else
2765 vty_out(vty, "Malformed address: %s\n",
2766 argv[idx_ext_community]->arg);
2767 return CMD_WARNING;
2768 }
2769
2770 peer = peer_lookup(NULL, &su);
2771 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2772 if (uj) {
2773 json_object *json_no = NULL;
2774 json_no = json_object_new_object();
2775 json_object_string_add(
2776 json_no, "warning",
2777 "No such neighbor or address family");
2778 vty_out(vty, "%s\n",
2779 json_object_to_json_string(json_no));
2780 json_object_free(json_no);
2781 } else
2782 vty_out(vty,
2783 "%% No such neighbor or address family\n");
2784 return CMD_WARNING;
2785 }
2786
2787 if (prefix_rd_all)
2788 return bgp_show_mpls_vpn(vty, afi, NULL,
2789 bgp_show_type_neighbor, &su, 0,
2790 uj);
2791 else
2792 return bgp_show_mpls_vpn(vty, afi, &prd,
2793 bgp_show_type_neighbor, &su, 0,
2794 uj);
2795 }
2796 return CMD_SUCCESS;
2797 }
2798
2799 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
2800 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
2801 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
2802 SHOW_STR
2803 IP_STR
2804 BGP_STR
2805 BGP_VPNVX_HELP_STR
2806 "Display information about all VPNv4/VPNv6 NLRIs\n"
2807 "Detailed information on TCP and BGP neighbor connections\n"
2808 "Neighbor to display information about\n"
2809 "Display the routes advertised to a BGP neighbor\n"
2810 JSON_STR)
2811 {
2812 int idx_ipv4 = 6;
2813 int ret;
2814 struct peer *peer;
2815 union sockunion su;
2816 bool uj = use_json(argc, argv);
2817 afi_t afi;
2818 int idx = 0;
2819
2820 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2821 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2822 if (ret < 0) {
2823 if (uj) {
2824 json_object *json_no = NULL;
2825 json_no = json_object_new_object();
2826 json_object_string_add(json_no, "warning",
2827 "Malformed address");
2828 vty_out(vty, "%s\n",
2829 json_object_to_json_string(json_no));
2830 json_object_free(json_no);
2831 } else
2832 vty_out(vty, "Malformed address: %s\n",
2833 argv[idx_ipv4]->arg);
2834 return CMD_WARNING;
2835 }
2836 peer = peer_lookup(NULL, &su);
2837 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2838 if (uj) {
2839 json_object *json_no = NULL;
2840 json_no = json_object_new_object();
2841 json_object_string_add(
2842 json_no, "warning",
2843 "No such neighbor or address family");
2844 vty_out(vty, "%s\n",
2845 json_object_to_json_string(json_no));
2846 json_object_free(json_no);
2847 } else
2848 vty_out(vty,
2849 "%% No such neighbor or address family\n");
2850 return CMD_WARNING;
2851 }
2852 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2853 SAFI_MPLS_VPN, uj);
2854 }
2855 return CMD_SUCCESS;
2856 }
2857
2858 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
2859 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
2860 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D advertised-routes [json]",
2861 SHOW_STR
2862 IP_STR
2863 BGP_STR
2864 BGP_VPNVX_HELP_STR
2865 "Display information for a route distinguisher\n"
2866 "VPN Route Distinguisher\n"
2867 "All VPN Route Distinguishers\n"
2868 "Detailed information on TCP and BGP neighbor connections\n"
2869 "Neighbor to display information about\n"
2870 "Display the routes advertised to a BGP neighbor\n"
2871 JSON_STR)
2872 {
2873 int idx_ext_community = 5;
2874 int idx_ipv4 = 7;
2875 int ret;
2876 struct peer *peer;
2877 struct prefix_rd prd;
2878 union sockunion su;
2879 bool uj = use_json(argc, argv);
2880 afi_t afi;
2881 int idx = 0;
2882
2883 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2884 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2885 if (ret < 0) {
2886 if (uj) {
2887 json_object *json_no = NULL;
2888 json_no = json_object_new_object();
2889 json_object_string_add(json_no, "warning",
2890 "Malformed address");
2891 vty_out(vty, "%s\n",
2892 json_object_to_json_string(json_no));
2893 json_object_free(json_no);
2894 } else
2895 vty_out(vty, "Malformed address: %s\n",
2896 argv[idx_ext_community]->arg);
2897 return CMD_WARNING;
2898 }
2899 peer = peer_lookup(NULL, &su);
2900 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2901 if (uj) {
2902 json_object *json_no = NULL;
2903 json_no = json_object_new_object();
2904 json_object_string_add(
2905 json_no, "warning",
2906 "No such neighbor or address family");
2907 vty_out(vty, "%s\n",
2908 json_object_to_json_string(json_no));
2909 json_object_free(json_no);
2910 } else
2911 vty_out(vty,
2912 "%% No such neighbor or address family\n");
2913 return CMD_WARNING;
2914 }
2915
2916 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2917 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2918 SAFI_MPLS_VPN, uj);
2919 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2920 if (!ret) {
2921 if (uj) {
2922 json_object *json_no = NULL;
2923 json_no = json_object_new_object();
2924 json_object_string_add(
2925 json_no, "warning",
2926 "Malformed Route Distinguisher");
2927 vty_out(vty, "%s\n",
2928 json_object_to_json_string(json_no));
2929 json_object_free(json_no);
2930 } else
2931 vty_out(vty,
2932 "%% Malformed Route Distinguisher\n");
2933 return CMD_WARNING;
2934 }
2935
2936 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
2937 SAFI_MPLS_VPN, uj);
2938 }
2939 return CMD_SUCCESS;
2940 }
2941 #endif /* KEEP_OLD_VPN_COMMANDS */
2942
2943 void bgp_mplsvpn_init(void)
2944 {
2945 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
2946 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
2947 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
2948
2949 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
2950 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
2951
2952 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
2953 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
2954 #ifdef KEEP_OLD_VPN_COMMANDS
2955 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
2956 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
2957 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
2958 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
2959 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
2960 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
2961 install_element(VIEW_NODE,
2962 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
2963 install_element(VIEW_NODE,
2964 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
2965 #endif /* KEEP_OLD_VPN_COMMANDS */
2966 }
2967
2968 vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
2969 {
2970 struct listnode *mnode, *mnnode;
2971 struct bgp *bgp;
2972 afi_t afi = AFI_IP;
2973
2974 if (eckey->unit_size == IPV6_ECOMMUNITY_SIZE)
2975 afi = AFI_IP6;
2976
2977 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2978 struct ecommunity *ec;
2979
2980 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2981 continue;
2982
2983 ec = bgp->vpn_policy[afi].import_redirect_rtlist;
2984
2985 if (ec && eckey->unit_size != ec->unit_size)
2986 continue;
2987
2988 if (ecommunity_include(ec, eckey))
2989 return bgp->vrf_id;
2990 }
2991 return VRF_UNKNOWN;
2992 }
2993
2994 /*
2995 * The purpose of this function is to process leaks that were deferred
2996 * from earlier per-vrf configuration due to not-yet-existing default
2997 * vrf, in other words, configuration such as:
2998 *
2999 * router bgp MMM vrf FOO
3000 * address-family ipv4 unicast
3001 * rd vpn export 1:1
3002 * exit-address-family
3003 *
3004 * router bgp NNN
3005 * ...
3006 *
3007 * This function gets called when the default instance ("router bgp NNN")
3008 * is created.
3009 */
3010 void vpn_leak_postchange_all(void)
3011 {
3012 struct listnode *next;
3013 struct bgp *bgp;
3014 struct bgp *bgp_default = bgp_get_default();
3015
3016 assert(bgp_default);
3017
3018 /* First, do any exporting from VRFs to the single VPN RIB */
3019 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
3020
3021 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3022 continue;
3023
3024 vpn_leak_postchange(
3025 BGP_VPN_POLICY_DIR_TOVPN,
3026 AFI_IP,
3027 bgp_default,
3028 bgp);
3029
3030 vpn_leak_postchange(
3031 BGP_VPN_POLICY_DIR_TOVPN,
3032 AFI_IP6,
3033 bgp_default,
3034 bgp);
3035 }
3036
3037 /* Now, do any importing to VRFs from the single VPN RIB */
3038 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
3039
3040 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3041 continue;
3042
3043 vpn_leak_postchange(
3044 BGP_VPN_POLICY_DIR_FROMVPN,
3045 AFI_IP,
3046 bgp_default,
3047 bgp);
3048
3049 vpn_leak_postchange(
3050 BGP_VPN_POLICY_DIR_FROMVPN,
3051 AFI_IP6,
3052 bgp_default,
3053 bgp);
3054 }
3055 }
3056
3057 /* When a bgp vrf instance is unconfigured, remove its routes
3058 * from the VPN table and this vrf could be importing routes from other
3059 * bgp vrf instnaces, unimport them.
3060 * VRF X and VRF Y are exporting routes to each other.
3061 * When VRF X is deleted, unimport its routes from all target vrfs,
3062 * also VRF Y should unimport its routes from VRF X table.
3063 * This will ensure VPN table is cleaned up appropriately.
3064 */
3065 void bgp_vpn_leak_unimport(struct bgp *from_bgp)
3066 {
3067 struct bgp *to_bgp;
3068 const char *tmp_name;
3069 char *vname;
3070 struct listnode *node, *next;
3071 safi_t safi = SAFI_UNICAST;
3072 afi_t afi;
3073 bool is_vrf_leak_bind;
3074 int debug;
3075
3076 if (from_bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3077 return;
3078
3079 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
3080 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
3081
3082 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
3083
3084 for (afi = 0; afi < AFI_MAX; ++afi) {
3085 /* vrf leak is for IPv4 and IPv6 Unicast only */
3086 if (afi != AFI_IP && afi != AFI_IP6)
3087 continue;
3088
3089 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
3090 if (from_bgp == to_bgp)
3091 continue;
3092
3093 /* Unimport and remove source vrf from the
3094 * other vrfs import list.
3095 */
3096 struct vpn_policy *to_vpolicy;
3097
3098 is_vrf_leak_bind = false;
3099 to_vpolicy = &(to_bgp->vpn_policy[afi]);
3100 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf, node,
3101 vname)) {
3102 if (strcmp(vname, tmp_name) == 0) {
3103 is_vrf_leak_bind = true;
3104 break;
3105 }
3106 }
3107 /* skip this bgp instance as there is no leak to this
3108 * vrf instance.
3109 */
3110 if (!is_vrf_leak_bind)
3111 continue;
3112
3113 if (debug)
3114 zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u",
3115 __func__, from_bgp->name_pretty,
3116 to_bgp->name_pretty, afi2str(afi),
3117 to_vpolicy->import_vrf->count);
3118
3119 vrf_unimport_from_vrf(to_bgp, from_bgp, afi, safi);
3120
3121 /* readd vrf name as unimport removes import vrf name
3122 * from the destination vrf's import list where the
3123 * `import vrf` configuration still exist.
3124 */
3125 vname = XSTRDUP(MTYPE_TMP, tmp_name);
3126 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
3127 vname);
3128 SET_FLAG(to_bgp->af_flags[afi][safi],
3129 BGP_CONFIG_VRF_TO_VRF_IMPORT);
3130
3131 /* If to_bgp exports its routes to the bgp vrf
3132 * which is being deleted, un-import the
3133 * to_bgp routes from VPN.
3134 */
3135 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi]
3136 .export_vrf, node,
3137 vname)) {
3138 if (strcmp(vname, tmp_name) == 0) {
3139 vrf_unimport_from_vrf(from_bgp, to_bgp,
3140 afi, safi);
3141 break;
3142 }
3143 }
3144 }
3145 }
3146 return;
3147 }
3148
3149 /* When a router bgp is configured, there could be a bgp vrf
3150 * instance importing routes from this newly configured
3151 * bgp vrf instance. Export routes from configured
3152 * bgp vrf to VPN.
3153 * VRF Y has import from bgp vrf x,
3154 * when a bgp vrf x instance is created, export its routes
3155 * to VRF Y instance.
3156 */
3157 void bgp_vpn_leak_export(struct bgp *from_bgp)
3158 {
3159 afi_t afi;
3160 const char *export_name;
3161 char *vname;
3162 struct listnode *node, *next;
3163 struct ecommunity *ecom;
3164 enum vpn_policy_direction idir, edir;
3165 safi_t safi = SAFI_UNICAST;
3166 struct bgp *to_bgp;
3167 int debug;
3168
3169 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
3170 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
3171
3172 idir = BGP_VPN_POLICY_DIR_FROMVPN;
3173 edir = BGP_VPN_POLICY_DIR_TOVPN;
3174
3175 export_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
3176
3177 for (afi = 0; afi < AFI_MAX; ++afi) {
3178 /* vrf leak is for IPv4 and IPv6 Unicast only */
3179 if (afi != AFI_IP && afi != AFI_IP6)
3180 continue;
3181
3182 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
3183 if (from_bgp == to_bgp)
3184 continue;
3185
3186 /* bgp instance has import list, check to see if newly
3187 * configured bgp instance is the list.
3188 */
3189 struct vpn_policy *to_vpolicy;
3190
3191 to_vpolicy = &(to_bgp->vpn_policy[afi]);
3192 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf,
3193 node, vname)) {
3194 if (strcmp(vname, export_name) != 0)
3195 continue;
3196
3197 if (debug)
3198 zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.",
3199 __func__,
3200 export_name, to_bgp->name_pretty);
3201
3202 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
3203 /* remove import rt, it will be readded
3204 * as part of import from vrf.
3205 */
3206 if (ecom)
3207 ecommunity_del_val(
3208 to_vpolicy->rtlist[idir],
3209 (struct ecommunity_val *)
3210 ecom->val);
3211 vrf_import_from_vrf(to_bgp, from_bgp,
3212 afi, safi);
3213 break;
3214
3215 }
3216 }
3217 }
3218 }
FRRouting mirror