]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bgpd: implement retain route-target all behaviour
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
1 /* MPLS-VPN
2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "command.h"
24 #include "prefix.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "stream.h"
28 #include "queue.h"
29 #include "filter.h"
30 #include "mpls.h"
31 #include "json.h"
32 #include "zclient.h"
33
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_errors.h"
37 #include "bgpd/bgp_table.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_attr.h"
40 #include "bgpd/bgp_label.h"
41 #include "bgpd/bgp_mplsvpn.h"
42 #include "bgpd/bgp_packet.h"
43 #include "bgpd/bgp_vty.h"
44 #include "bgpd/bgp_vpn.h"
45 #include "bgpd/bgp_ecommunity.h"
46 #include "bgpd/bgp_zebra.h"
47 #include "bgpd/bgp_nexthop.h"
48 #include "bgpd/bgp_nht.h"
49 #include "bgpd/bgp_evpn.h"
50 #include "bgpd/bgp_memory.h"
51
52 #ifdef ENABLE_BGP_VNC
53 #include "bgpd/rfapi/rfapi_backend.h"
54 #endif
55
56 /*
57 * Definitions and external declarations.
58 */
59 extern struct zclient *zclient;
60
61 extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
62 int *index, afi_t *afi)
63 {
64 int ret = 0;
65 if (argv_find(argv, argc, "vpnv4", index)) {
66 ret = 1;
67 if (afi)
68 *afi = AFI_IP;
69 } else if (argv_find(argv, argc, "vpnv6", index)) {
70 ret = 1;
71 if (afi)
72 *afi = AFI_IP6;
73 }
74 return ret;
75 }
76
77 uint32_t decode_label(mpls_label_t *label_pnt)
78 {
79 uint32_t l;
80 uint8_t *pnt = (uint8_t *)label_pnt;
81
82 l = ((uint32_t)*pnt++ << 12);
83 l |= (uint32_t)*pnt++ << 4;
84 l |= (uint32_t)((*pnt & 0xf0) >> 4);
85 return l;
86 }
87
88 void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
89 {
90 uint8_t *pnt = (uint8_t *)label_pnt;
91 if (pnt == NULL)
92 return;
93 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
94 *label_pnt = label;
95 return;
96 }
97 *pnt++ = (label >> 12) & 0xff;
98 *pnt++ = (label >> 4) & 0xff;
99 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
100 }
101
102 int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
103 struct bgp_nlri *packet)
104 {
105 struct prefix p;
106 uint8_t psize = 0;
107 uint8_t prefixlen;
108 uint16_t type;
109 struct rd_as rd_as;
110 struct rd_ip rd_ip;
111 struct prefix_rd prd = {0};
112 mpls_label_t label = {0};
113 afi_t afi;
114 safi_t safi;
115 bool addpath_capable;
116 uint32_t addpath_id;
117 int ret = 0;
118
119 /* Make prefix_rd */
120 prd.family = AF_UNSPEC;
121 prd.prefixlen = 64;
122
123 struct stream *data = stream_new(packet->length);
124 stream_put(data, packet->nlri, packet->length);
125 afi = packet->afi;
126 safi = packet->safi;
127 addpath_id = 0;
128
129 addpath_capable = bgp_addpath_encode_rx(peer, afi, safi);
130
131 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
132 while (STREAM_READABLE(data) > 0) {
133 /* Clear prefix structure. */
134 memset(&p, 0, sizeof(p));
135
136 if (addpath_capable) {
137 STREAM_GET(&addpath_id, data, BGP_ADDPATH_ID_LEN);
138 addpath_id = ntohl(addpath_id);
139 }
140
141 if (STREAM_READABLE(data) < 1) {
142 flog_err(
143 EC_BGP_UPDATE_RCV,
144 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no prefix length)",
145 peer->host, packet->length);
146 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
147 goto done;
148 }
149
150 /* Fetch prefix length. */
151 STREAM_GETC(data, prefixlen);
152 p.family = afi2family(packet->afi);
153 psize = PSIZE(prefixlen);
154
155 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
156 flog_err(
157 EC_BGP_UPDATE_RCV,
158 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
159 peer->host, prefixlen);
160 ret = BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH;
161 goto done;
162 }
163
164 /* sanity check against packet data */
165 if (STREAM_READABLE(data) < psize) {
166 flog_err(
167 EC_BGP_UPDATE_RCV,
168 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
169 peer->host, prefixlen, packet->length);
170 ret = BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
171 goto done;
172 }
173
174 /* sanity check against storage for the IP address portion */
175 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
176 flog_err(
177 EC_BGP_UPDATE_RCV,
178 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
179 peer->host,
180 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
181 sizeof(p.u));
182 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
183 goto done;
184 }
185
186 /* Sanity check against max bitlen of the address family */
187 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
188 flog_err(
189 EC_BGP_UPDATE_RCV,
190 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
191 peer->host,
192 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
193 p.family, prefix_blen(&p));
194 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
195 goto done;
196 }
197
198 /* Copy label to prefix. */
199 if (STREAM_READABLE(data) < BGP_LABEL_BYTES) {
200 flog_err(
201 EC_BGP_UPDATE_RCV,
202 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no label)",
203 peer->host, packet->length);
204 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
205 goto done;
206 }
207
208 STREAM_GET(&label, data, BGP_LABEL_BYTES);
209 bgp_set_valid_label(&label);
210
211 /* Copy routing distinguisher to rd. */
212 if (STREAM_READABLE(data) < 8) {
213 flog_err(
214 EC_BGP_UPDATE_RCV,
215 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no RD)",
216 peer->host, packet->length);
217 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
218 goto done;
219 }
220 STREAM_GET(&prd.val, data, 8);
221
222 /* Decode RD type. */
223 type = decode_rd_type(prd.val);
224
225 switch (type) {
226 case RD_TYPE_AS:
227 decode_rd_as(&prd.val[2], &rd_as);
228 break;
229
230 case RD_TYPE_AS4:
231 decode_rd_as4(&prd.val[2], &rd_as);
232 break;
233
234 case RD_TYPE_IP:
235 decode_rd_ip(&prd.val[2], &rd_ip);
236 break;
237
238 #ifdef ENABLE_BGP_VNC
239 case RD_TYPE_VNC_ETH:
240 break;
241 #endif
242
243 default:
244 flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type);
245 break; /* just report */
246 }
247
248 /* exclude label & RD */
249 p.prefixlen = prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8;
250 STREAM_GET(p.u.val, data, psize - VPN_PREFIXLEN_MIN_BYTES);
251
252 if (attr) {
253 bgp_update(peer, &p, addpath_id, attr, packet->afi,
254 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
255 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
256 } else {
257 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
258 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
259 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
260 }
261 }
262 /* Packet length consistency check. */
263 if (STREAM_READABLE(data) != 0) {
264 flog_err(
265 EC_BGP_UPDATE_RCV,
266 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
267 peer->host, STREAM_READABLE(data));
268 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
269 }
270
271 goto done;
272
273 stream_failure:
274 flog_err(
275 EC_BGP_UPDATE_RCV,
276 "%s [Error] Update packet error / VPN (NLRI of size %u - length error)",
277 peer->host, packet->length);
278 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
279
280 done:
281 stream_free(data);
282 return ret;
283
284 #undef VPN_PREFIXLEN_MIN_BYTES
285 }
286
287 /*
288 * This function informs zebra of the label this vrf sets on routes
289 * leaked to VPN. Zebra should install this label in the kernel with
290 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
291 *
292 * Sending this vrf-label association is qualified by a) whether vrf->vpn
293 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
294 * are set) and b) whether vpn-policy label is set.
295 *
296 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
297 * for this vrf, which zebra interprets to mean "delete this vrf-label
298 * association."
299 */
300 void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
301 {
302 mpls_label_t label = MPLS_LABEL_NONE;
303 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
304
305 if (bgp->vrf_id == VRF_UNKNOWN) {
306 if (debug) {
307 zlog_debug(
308 "%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
309 __func__, bgp->name_pretty, afi2str(afi));
310 }
311 return;
312 }
313
314 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
315 label = bgp->vpn_policy[afi].tovpn_label;
316 }
317
318 if (debug) {
319 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
320 __func__, bgp->name_pretty, afi2str(afi), label,
321 bgp->vrf_id);
322 }
323
324 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
325 label = MPLS_LABEL_NONE;
326 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
327 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
328 }
329
330 /*
331 * If zebra tells us vrf has become unconfigured, tell zebra not to
332 * use this label to forward to the vrf anymore
333 */
334 void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
335 {
336 mpls_label_t label = MPLS_LABEL_NONE;
337 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
338
339 if (bgp->vrf_id == VRF_UNKNOWN) {
340 if (debug) {
341 zlog_debug(
342 "%s: vrf_id not set, can't delete zebra vrf label",
343 __func__);
344 }
345 return;
346 }
347
348 if (debug) {
349 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
350 bgp->name_pretty, bgp->vrf_id);
351 }
352
353 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
354 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
355 }
356
357 /*
358 * This function informs zebra of the srv6-function this vrf sets on routes
359 * leaked to VPN. Zebra should install this srv6-function in the kernel with
360 * an action of "End.DT4/6's IP FIB to route the PDU."
361 */
362 void vpn_leak_zebra_vrf_sid_update(struct bgp *bgp, afi_t afi)
363 {
364 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
365 enum seg6local_action_t act;
366 struct seg6local_context ctx = {};
367 struct in6_addr *tovpn_sid = NULL;
368 struct in6_addr *tovpn_sid_ls = NULL;
369 struct vrf *vrf;
370 char buf[256] = {0};
371
372 if (bgp->vrf_id == VRF_UNKNOWN) {
373 if (debug)
374 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
375 __func__, bgp->name_pretty, afi2str(afi));
376 return;
377 }
378
379 tovpn_sid = bgp->vpn_policy[afi].tovpn_sid;
380 if (!tovpn_sid) {
381 if (debug)
382 zlog_debug("%s: vrf %s: afi %s: sid not set", __func__,
383 bgp->name_pretty, afi2str(afi));
384 return;
385 }
386
387 if (debug) {
388 inet_ntop(AF_INET6, tovpn_sid, buf, sizeof(buf));
389 zlog_debug("%s: vrf %s: afi %s: setting sid %s for vrf id %d",
390 __func__, bgp->name_pretty, afi2str(afi), buf,
391 bgp->vrf_id);
392 }
393
394 vrf = vrf_lookup_by_id(bgp->vrf_id);
395 if (!vrf)
396 return;
397
398 ctx.table = vrf->data.l.table_id;
399 act = afi == AFI_IP ? ZEBRA_SEG6_LOCAL_ACTION_END_DT4
400 : ZEBRA_SEG6_LOCAL_ACTION_END_DT6;
401 zclient_send_localsid(zclient, tovpn_sid, bgp->vrf_id, act, &ctx);
402
403 tovpn_sid_ls = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
404 *tovpn_sid_ls = *tovpn_sid;
405 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent = tovpn_sid_ls;
406 }
407
408 /*
409 * If zebra tells us vrf has become unconfigured, tell zebra not to
410 * use this srv6-function to forward to the vrf anymore
411 */
412 void vpn_leak_zebra_vrf_sid_withdraw(struct bgp *bgp, afi_t afi)
413 {
414 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
415
416 if (bgp->vrf_id == VRF_UNKNOWN) {
417 if (debug)
418 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
419 __func__, bgp->name_pretty, afi2str(afi));
420 return;
421 }
422
423 if (debug)
424 zlog_debug("%s: deleting sid for vrf %s afi (id=%d)", __func__,
425 bgp->name_pretty, bgp->vrf_id);
426
427 zclient_send_localsid(zclient,
428 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent,
429 bgp->vrf_id, ZEBRA_SEG6_LOCAL_ACTION_UNSPEC, NULL);
430 XFREE(MTYPE_BGP_SRV6_SID,
431 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent);
432 }
433
434 int vpn_leak_label_callback(
435 mpls_label_t label,
436 void *labelid,
437 bool allocated)
438 {
439 struct vpn_policy *vp = (struct vpn_policy *)labelid;
440 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
441
442 if (debug)
443 zlog_debug("%s: label=%u, allocated=%d",
444 __func__, label, allocated);
445
446 if (!allocated) {
447 /*
448 * previously-allocated label is now invalid
449 */
450 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
451 (vp->tovpn_label != MPLS_LABEL_NONE)) {
452
453 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
454 vp->afi, bgp_get_default(), vp->bgp);
455 vp->tovpn_label = MPLS_LABEL_NONE;
456 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
457 vp->afi, bgp_get_default(), vp->bgp);
458 }
459 return 0;
460 }
461
462 /*
463 * New label allocation
464 */
465 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
466
467 /*
468 * not currently configured for auto label, reject allocation
469 */
470 return -1;
471 }
472
473 if (vp->tovpn_label != MPLS_LABEL_NONE) {
474 if (label == vp->tovpn_label) {
475 /* already have same label, accept but do nothing */
476 return 0;
477 }
478 /* Shouldn't happen: different label allocation */
479 flog_err(EC_BGP_LABEL,
480 "%s: %s had label %u but got new assignment %u",
481 __func__, vp->bgp->name_pretty, vp->tovpn_label,
482 label);
483 /* use new one */
484 }
485
486 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
487 vp->afi, bgp_get_default(), vp->bgp);
488 vp->tovpn_label = label;
489 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
490 vp->afi, bgp_get_default(), vp->bgp);
491
492 return 0;
493 }
494
495 static void sid_register(struct bgp *bgp, const struct in6_addr *sid,
496 const char *locator_name)
497 {
498 struct bgp_srv6_function *func;
499 func = XCALLOC(MTYPE_BGP_SRV6_FUNCTION,
500 sizeof(struct bgp_srv6_function));
501 func->sid = *sid;
502 snprintf(func->locator_name, sizeof(func->locator_name),
503 "%s", locator_name);
504 listnode_add(bgp->srv6_functions, func);
505 }
506
507 static bool sid_exist(struct bgp *bgp, const struct in6_addr *sid)
508 {
509 struct listnode *node;
510 struct bgp_srv6_function *func;
511
512 for (ALL_LIST_ELEMENTS_RO(bgp->srv6_functions, node, func))
513 if (sid_same(&func->sid, sid))
514 return true;
515 return false;
516 }
517
518 /*
519 * This function generates a new SID based on bgp->srv6_locator_chunks and
520 * index. The locator and generated SID are stored in arguments sid_locator
521 * and sid, respectively.
522 *
523 * if index != 0: try to allocate as index-mode
524 * else: try to allocate as auto-mode
525 */
526 static uint32_t alloc_new_sid(struct bgp *bgp, uint32_t index,
527 struct in6_addr *sid_locator,
528 struct in6_addr *sid)
529 {
530 struct listnode *node;
531 struct srv6_locator_chunk *chunk;
532 bool alloced = false;
533 int label = 0;
534 uint8_t offset = 0;
535 uint8_t len = 0;
536
537 if (!bgp || !sid_locator || !sid)
538 return false;
539
540 for (ALL_LIST_ELEMENTS_RO(bgp->srv6_locator_chunks, node, chunk)) {
541 *sid_locator = chunk->prefix.prefix;
542 *sid = chunk->prefix.prefix;
543 offset = chunk->block_bits_length + chunk->node_bits_length;
544 len = chunk->function_bits_length ?: 16;
545
546 if (index != 0) {
547 label = index << 12;
548 transpose_sid(sid, label, offset, len);
549 if (sid_exist(bgp, sid))
550 return false;
551 alloced = true;
552 break;
553 }
554
555 for (size_t i = 1; i < 255; i++) {
556 label = i << 12;
557 transpose_sid(sid, label, offset, len);
558 if (sid_exist(bgp, sid))
559 continue;
560 alloced = true;
561 break;
562 }
563 }
564
565 if (!alloced)
566 return 0;
567
568 sid_register(bgp, sid, bgp->srv6_locator_name);
569 return label;
570 }
571
572 void ensure_vrf_tovpn_sid(struct bgp *bgp_vpn, struct bgp *bgp_vrf, afi_t afi)
573 {
574 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
575 char buf[256];
576 struct in6_addr *tovpn_sid, *tovpn_sid_locator;
577 uint32_t tovpn_sid_index = 0, tovpn_sid_transpose_label;
578 bool tovpn_sid_auto = false;
579
580 if (debug)
581 zlog_debug("%s: try to allocate new SID for vrf %s: afi %s",
582 __func__, bgp_vrf->name_pretty, afi2str(afi));
583
584 /* skip when tovpn sid is already allocated on vrf instance */
585 if (bgp_vrf->vpn_policy[afi].tovpn_sid)
586 return;
587
588 /*
589 * skip when bgp vpn instance ins't allocated
590 * or srv6 locator chunk isn't allocated
591 */
592 if (!bgp_vpn || !bgp_vpn->srv6_locator_chunks)
593 return;
594
595 tovpn_sid_index = bgp_vrf->vpn_policy[afi].tovpn_sid_index;
596 tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
597 BGP_VPN_POLICY_TOVPN_SID_AUTO);
598
599 /* skip when VPN isn't configured on vrf-instance */
600 if (tovpn_sid_index == 0 && !tovpn_sid_auto)
601 return;
602
603 /* check invalid case both configured index and auto */
604 if (tovpn_sid_index != 0 && tovpn_sid_auto) {
605 zlog_err("%s: index-mode and auto-mode both selected. ignored.",
606 __func__);
607 return;
608 }
609
610 tovpn_sid_locator =
611 XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
612 tovpn_sid = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
613
614 tovpn_sid_transpose_label = alloc_new_sid(bgp_vpn, tovpn_sid_index,
615 tovpn_sid_locator, tovpn_sid);
616
617 if (tovpn_sid_transpose_label == 0) {
618 zlog_debug("%s: not allocated new sid for vrf %s: afi %s",
619 __func__, bgp_vrf->name_pretty, afi2str(afi));
620 XFREE(MTYPE_BGP_SRV6_SID, tovpn_sid_locator);
621 XFREE(MTYPE_BGP_SRV6_SID, tovpn_sid);
622 return;
623 }
624
625 if (debug) {
626 inet_ntop(AF_INET6, tovpn_sid, buf, sizeof(buf));
627 zlog_debug("%s: new sid %s allocated for vrf %s: afi %s",
628 __func__, buf, bgp_vrf->name_pretty,
629 afi2str(afi));
630 }
631
632 bgp_vrf->vpn_policy[afi].tovpn_sid = tovpn_sid;
633 bgp_vrf->vpn_policy[afi].tovpn_sid_locator = tovpn_sid_locator;
634 bgp_vrf->vpn_policy[afi].tovpn_sid_transpose_label =
635 tovpn_sid_transpose_label;
636 }
637
638 /*
639 * This function shifts "label" 4 bits to the right and
640 * embeds it by length "len", starting at offset "offset"
641 * as seen from the MSB (Most Significant Bit) of "sid".
642 *
643 * e.g. if "label" is 0x1000 and "len" is 16, "label" is
644 * embedded in "sid" as follows:
645 *
646 * <---- len ----->
647 * label: 0000 0001 0000 0000 0000
648 * sid: .... 0000 0001 0000 0000
649 * <---- len ----->
650 * ^
651 * |
652 * offset from MSB
653 */
654 void transpose_sid(struct in6_addr *sid, uint32_t label, uint8_t offset,
655 uint8_t len)
656 {
657 for (uint8_t idx = 0; idx < len; idx++) {
658 uint8_t tidx = offset + idx;
659 sid->s6_addr[tidx / 8] &= ~(0x1 << (7 - tidx % 8));
660 if (label >> (len + 3 - idx) & 0x1)
661 sid->s6_addr[tidx / 8] |= 0x1 << (7 - tidx % 8);
662 }
663 }
664
665 static bool ecom_intersect(struct ecommunity *e1, struct ecommunity *e2)
666 {
667 uint32_t i, j;
668
669 if (!e1 || !e2)
670 return false;
671 for (i = 0; i < e1->size; ++i) {
672 for (j = 0; j < e2->size; ++j) {
673 if (!memcmp(e1->val + (i * e1->unit_size),
674 e2->val + (j * e2->unit_size),
675 e1->unit_size)) {
676
677 return true;
678 }
679 }
680 }
681 return false;
682 }
683
684 static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label,
685 uint32_t n)
686 {
687 uint32_t i;
688
689 if (!bpi->extra) {
690 if (!n)
691 return true;
692 else
693 return false;
694 }
695
696 if (n != bpi->extra->num_labels)
697 return false;
698
699 for (i = 0; i < n; ++i) {
700 if (label[i] != bpi->extra->label[i])
701 return false;
702 }
703 return true;
704 }
705
706 /*
707 * make encoded route labels match specified encoded label set
708 */
709 static void setlabels(struct bgp_path_info *bpi,
710 mpls_label_t *label, /* array of labels */
711 uint32_t num_labels)
712 {
713 if (num_labels)
714 assert(label);
715 assert(num_labels <= BGP_MAX_LABELS);
716
717 if (!num_labels) {
718 if (bpi->extra)
719 bpi->extra->num_labels = 0;
720 return;
721 }
722
723 struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi);
724 uint32_t i;
725
726 for (i = 0; i < num_labels; ++i) {
727 extra->label[i] = label[i];
728 if (!bgp_is_valid_label(&label[i])) {
729 bgp_set_valid_label(&extra->label[i]);
730 }
731 }
732 extra->num_labels = num_labels;
733 }
734
735 /*
736 * make encoded route SIDs match specified encoded sid set
737 */
738 static void setsids(struct bgp_path_info *bpi,
739 struct in6_addr *sid,
740 uint32_t num_sids)
741 {
742 uint32_t i;
743 struct bgp_path_info_extra *extra;
744
745 if (num_sids)
746 assert(sid);
747 assert(num_sids <= BGP_MAX_SIDS);
748
749 if (!num_sids) {
750 if (bpi->extra)
751 bpi->extra->num_sids = 0;
752 return;
753 }
754
755 extra = bgp_path_info_extra_get(bpi);
756 for (i = 0; i < num_sids; i++)
757 memcpy(&extra->sid[i].sid, &sid[i], sizeof(struct in6_addr));
758 extra->num_sids = num_sids;
759 }
760
761 static void unsetsids(struct bgp_path_info *bpi)
762 {
763 struct bgp_path_info_extra *extra;
764
765 extra = bgp_path_info_extra_get(bpi);
766 extra->num_sids = 0;
767 memset(extra->sid, 0, sizeof(extra->sid));
768 }
769
770 static bool leak_update_nexthop_valid(struct bgp *to_bgp, struct bgp_dest *bn,
771 struct attr *new_attr, afi_t afi,
772 safi_t safi,
773 struct bgp_path_info *source_bpi,
774 struct bgp_path_info *bpi,
775 struct bgp *bgp_orig,
776 const struct prefix *p, int debug)
777 {
778 struct bgp_path_info *bpi_ultimate;
779 struct bgp *bgp_nexthop;
780 bool nh_valid;
781
782 bpi_ultimate = bgp_get_imported_bpi_ultimate(source_bpi);
783
784 if (bpi->extra && bpi->extra->bgp_orig)
785 bgp_nexthop = bpi->extra->bgp_orig;
786 else
787 bgp_nexthop = bgp_orig;
788
789 /*
790 * No nexthop tracking for redistributed routes or for
791 * EVPN-imported routes that get leaked.
792 */
793 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
794 is_pi_family_evpn(bpi_ultimate))
795 nh_valid = 1;
796 else
797 /*
798 * TBD do we need to do anything about the
799 * 'connected' parameter?
800 */
801 nh_valid = bgp_find_or_add_nexthop(to_bgp, bgp_nexthop, afi,
802 safi, bpi, NULL, 0, p);
803
804 /*
805 * If you are using SRv6 VPN instead of MPLS, it need to check
806 * the SID allocation. If the sid is not allocated, the rib
807 * will be invalid.
808 */
809 if (to_bgp->srv6_enabled &&
810 (!new_attr->srv6_l3vpn && !new_attr->srv6_vpn)) {
811 nh_valid = false;
812 }
813
814 if (debug)
815 zlog_debug("%s: %pFX nexthop is %svalid (in vrf %s)", __func__,
816 p, (nh_valid ? "" : "not "),
817 bgp_nexthop->name_pretty);
818
819 return nh_valid;
820 }
821
822 /*
823 * returns pointer to new bgp_path_info upon success
824 */
825 static struct bgp_path_info *
826 leak_update(struct bgp *to_bgp, struct bgp_dest *bn,
827 struct attr *new_attr, /* already interned */
828 afi_t afi, safi_t safi, struct bgp_path_info *source_bpi,
829 mpls_label_t *label, uint32_t num_labels, struct bgp *bgp_orig,
830 struct prefix *nexthop_orig, int nexthop_self_flag, int debug)
831 {
832 const struct prefix *p = bgp_dest_get_prefix(bn);
833 struct bgp_path_info *bpi;
834 struct bgp_path_info *new;
835 struct bgp_path_info_extra *extra;
836 uint32_t num_sids = 0;
837 void *parent = source_bpi;
838
839 if (new_attr->srv6_l3vpn || new_attr->srv6_vpn)
840 num_sids = 1;
841
842 if (debug)
843 zlog_debug(
844 "%s: entry: leak-to=%s, p=%pBD, type=%d, sub_type=%d",
845 __func__, to_bgp->name_pretty, bn, source_bpi->type,
846 source_bpi->sub_type);
847
848 /*
849 * Routes that are redistributed into BGP from zebra do not get
850 * nexthop tracking. However, if those routes are subsequently
851 * imported to other RIBs within BGP, the leaked routes do not
852 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
853 * in order to determine if the route we are currently leaking
854 * should have nexthop tracking, we must find the ultimate
855 * parent so we can check its sub_type.
856 *
857 * As of now, source_bpi may at most be a second-generation route
858 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
859 * Using a loop here supports more complex intra-bgp import-export
860 * schemes that could be implemented in the future.
861 *
862 */
863
864 /*
865 * match parent
866 */
867 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
868 if (bpi->extra && bpi->extra->parent == parent)
869 break;
870 }
871
872 if (bpi) {
873 bool labelssame = labels_same(bpi, label, num_labels);
874
875 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_REMOVED)
876 && CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
877 if (debug) {
878 zlog_debug(
879 "%s: ->%s(s_flags: 0x%x b_flags: 0x%x): %pFX: Found route, being removed, not leaking",
880 __func__, to_bgp->name_pretty,
881 source_bpi->flags, bpi->flags, p);
882 }
883 return NULL;
884 }
885
886 if (attrhash_cmp(bpi->attr, new_attr) && labelssame
887 && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
888
889 bgp_attr_unintern(&new_attr);
890 if (debug)
891 zlog_debug(
892 "%s: ->%s: %pBD: Found route, no change",
893 __func__, to_bgp->name_pretty, bn);
894 return NULL;
895 }
896
897 /* If the RT was changed via extended communities as an
898 * import/export list, we should withdraw implicitly the old
899 * path from VRFs.
900 * For instance, RT list was modified using route-maps:
901 * route-map test permit 10
902 * set extcommunity rt none
903 */
904 if (CHECK_FLAG(bpi->attr->flag,
905 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES)) &&
906 CHECK_FLAG(new_attr->flag,
907 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES))) {
908 if (!ecommunity_cmp(
909 bgp_attr_get_ecommunity(bpi->attr),
910 bgp_attr_get_ecommunity(new_attr))) {
911 vpn_leak_to_vrf_withdraw(to_bgp, bpi);
912 bgp_aggregate_decrement(to_bgp, p, bpi, afi,
913 safi);
914 bgp_path_info_delete(bn, bpi);
915 }
916 }
917
918 /* attr is changed */
919 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED);
920
921 /* Rewrite BGP route information. */
922 if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED))
923 bgp_path_info_restore(bn, bpi);
924 else
925 bgp_aggregate_decrement(to_bgp, p, bpi, afi, safi);
926 bgp_attr_unintern(&bpi->attr);
927 bpi->attr = new_attr;
928 bpi->uptime = bgp_clock();
929
930 /*
931 * rewrite labels
932 */
933 if (!labelssame)
934 setlabels(bpi, label, num_labels);
935
936 /*
937 * rewrite sid
938 */
939 if (num_sids) {
940 if (new_attr->srv6_l3vpn) {
941 setsids(bpi, &new_attr->srv6_l3vpn->sid,
942 num_sids);
943
944 extra = bgp_path_info_extra_get(bpi);
945
946 extra->sid[0].loc_block_len =
947 new_attr->srv6_l3vpn->loc_block_len;
948 extra->sid[0].loc_node_len =
949 new_attr->srv6_l3vpn->loc_node_len;
950 extra->sid[0].func_len =
951 new_attr->srv6_l3vpn->func_len;
952 extra->sid[0].arg_len =
953 new_attr->srv6_l3vpn->arg_len;
954 extra->sid[0].transposition_len =
955 new_attr->srv6_l3vpn->transposition_len;
956 extra->sid[0].transposition_offset =
957 new_attr->srv6_l3vpn
958 ->transposition_offset;
959 } else if (new_attr->srv6_vpn)
960 setsids(bpi, &new_attr->srv6_vpn->sid,
961 num_sids);
962 } else
963 unsetsids(bpi);
964
965 if (nexthop_self_flag)
966 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF);
967
968 if (leak_update_nexthop_valid(to_bgp, bn, new_attr, afi, safi,
969 source_bpi, bpi, bgp_orig, p,
970 debug))
971 bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID);
972 else
973 bgp_path_info_unset_flag(bn, bpi, BGP_PATH_VALID);
974
975 /* Process change. */
976 bgp_aggregate_increment(to_bgp, p, bpi, afi, safi);
977 bgp_process(to_bgp, bn, afi, safi);
978 bgp_dest_unlock_node(bn);
979
980 if (debug)
981 zlog_debug("%s: ->%s: %pBD Found route, changed attr",
982 __func__, to_bgp->name_pretty, bn);
983
984 return bpi;
985 }
986
987 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_REMOVED)) {
988 if (debug) {
989 zlog_debug(
990 "%s: ->%s(s_flags: 0x%x): %pFX: New route, being removed, not leaking",
991 __func__, to_bgp->name_pretty,
992 source_bpi->flags, p);
993 }
994 return NULL;
995 }
996
997 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
998 to_bgp->peer_self, new_attr, bn);
999
1000 if (nexthop_self_flag)
1001 bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF);
1002
1003 bgp_path_info_extra_get(new);
1004
1005 /*
1006 * rewrite sid
1007 */
1008 if (num_sids) {
1009 if (new_attr->srv6_l3vpn) {
1010 setsids(new, &new_attr->srv6_l3vpn->sid, num_sids);
1011
1012 extra = bgp_path_info_extra_get(new);
1013
1014 extra->sid[0].loc_block_len =
1015 new_attr->srv6_l3vpn->loc_block_len;
1016 extra->sid[0].loc_node_len =
1017 new_attr->srv6_l3vpn->loc_node_len;
1018 extra->sid[0].func_len = new_attr->srv6_l3vpn->func_len;
1019 extra->sid[0].arg_len = new_attr->srv6_l3vpn->arg_len;
1020 extra->sid[0].transposition_len =
1021 new_attr->srv6_l3vpn->transposition_len;
1022 extra->sid[0].transposition_offset =
1023 new_attr->srv6_l3vpn->transposition_offset;
1024 } else if (new_attr->srv6_vpn)
1025 setsids(new, &new_attr->srv6_vpn->sid, num_sids);
1026 } else
1027 unsetsids(new);
1028
1029 if (num_labels)
1030 setlabels(new, label, num_labels);
1031
1032 new->extra->parent = bgp_path_info_lock(parent);
1033 bgp_dest_lock_node(
1034 (struct bgp_dest *)((struct bgp_path_info *)parent)->net);
1035 if (bgp_orig)
1036 new->extra->bgp_orig = bgp_lock(bgp_orig);
1037 if (nexthop_orig)
1038 new->extra->nexthop_orig = *nexthop_orig;
1039
1040 if (leak_update_nexthop_valid(to_bgp, bn, new_attr, afi, safi,
1041 source_bpi, new, bgp_orig, p, debug))
1042 bgp_path_info_set_flag(bn, new, BGP_PATH_VALID);
1043 else
1044 bgp_path_info_unset_flag(bn, new, BGP_PATH_VALID);
1045
1046 bgp_aggregate_increment(to_bgp, p, new, afi, safi);
1047 bgp_path_info_add(bn, new);
1048
1049 bgp_dest_unlock_node(bn);
1050 bgp_process(to_bgp, bn, afi, safi);
1051
1052 if (debug)
1053 zlog_debug("%s: ->%s: %pBD: Added new route", __func__,
1054 to_bgp->name_pretty, bn);
1055
1056 return new;
1057 }
1058
1059 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
1060 void vpn_leak_from_vrf_update(struct bgp *to_bgp, /* to */
1061 struct bgp *from_bgp, /* from */
1062 struct bgp_path_info *path_vrf) /* route */
1063 {
1064 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1065 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
1066 afi_t afi = family2afi(p->family);
1067 struct attr static_attr = {0};
1068 struct attr *new_attr = NULL;
1069 safi_t safi = SAFI_MPLS_VPN;
1070 mpls_label_t label_val;
1071 mpls_label_t label;
1072 struct bgp_dest *bn;
1073 const char *debugmsg;
1074 int nexthop_self_flag = 0;
1075
1076 if (debug)
1077 zlog_debug("%s: from vrf %s", __func__, from_bgp->name_pretty);
1078
1079 if (debug && bgp_attr_get_ecommunity(path_vrf->attr)) {
1080 char *s = ecommunity_ecom2str(
1081 bgp_attr_get_ecommunity(path_vrf->attr),
1082 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1083
1084 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__,
1085 from_bgp->name, path_vrf->type, s);
1086 XFREE(MTYPE_ECOMMUNITY_STR, s);
1087 }
1088
1089 if (!to_bgp)
1090 return;
1091
1092 if (!afi) {
1093 if (debug)
1094 zlog_debug("%s: can't get afi of prefix", __func__);
1095 return;
1096 }
1097
1098 /* Is this route exportable into the VPN table? */
1099 if (!is_route_injectable_into_vpn(path_vrf))
1100 return;
1101
1102 if (!vpn_leak_to_vpn_active(from_bgp, afi, &debugmsg)) {
1103 if (debug)
1104 zlog_debug("%s: %s skipping: %s", __func__,
1105 from_bgp->name, debugmsg);
1106 return;
1107 }
1108
1109 /* shallow copy */
1110 static_attr = *path_vrf->attr;
1111
1112 /*
1113 * route map handling
1114 */
1115 if (from_bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
1116 struct bgp_path_info info;
1117 route_map_result_t ret;
1118
1119 memset(&info, 0, sizeof(info));
1120 info.peer = to_bgp->peer_self;
1121 info.attr = &static_attr;
1122 ret = route_map_apply(from_bgp->vpn_policy[afi]
1123 .rmap[BGP_VPN_POLICY_DIR_TOVPN],
1124 p, &info);
1125 if (RMAP_DENYMATCH == ret) {
1126 bgp_attr_flush(&static_attr); /* free any added parts */
1127 if (debug)
1128 zlog_debug(
1129 "%s: vrf %s route map \"%s\" says DENY, returning",
1130 __func__, from_bgp->name_pretty,
1131 from_bgp->vpn_policy[afi]
1132 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
1133 ->name);
1134 return;
1135 }
1136 }
1137
1138 if (debug && bgp_attr_get_ecommunity(&static_attr)) {
1139 char *s = ecommunity_ecom2str(
1140 bgp_attr_get_ecommunity(&static_attr),
1141 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1142
1143 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
1144 __func__, s);
1145 XFREE(MTYPE_ECOMMUNITY_STR, s);
1146 }
1147
1148 /*
1149 * Add the vpn-policy rt-list
1150 */
1151 struct ecommunity *old_ecom;
1152 struct ecommunity *new_ecom;
1153
1154 /* Export with the 'from' instance's export RTs. */
1155 /* If doing VRF-to-VRF leaking, strip existing RTs first. */
1156 old_ecom = bgp_attr_get_ecommunity(&static_attr);
1157 if (old_ecom) {
1158 new_ecom = ecommunity_dup(old_ecom);
1159 if (CHECK_FLAG(from_bgp->af_flags[afi][SAFI_UNICAST],
1160 BGP_CONFIG_VRF_TO_VRF_EXPORT))
1161 ecommunity_strip_rts(new_ecom);
1162 new_ecom = ecommunity_merge(
1163 new_ecom, from_bgp->vpn_policy[afi]
1164 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
1165 if (!old_ecom->refcnt)
1166 ecommunity_free(&old_ecom);
1167 } else {
1168 new_ecom = ecommunity_dup(
1169 from_bgp->vpn_policy[afi]
1170 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
1171 }
1172 bgp_attr_set_ecommunity(&static_attr, new_ecom);
1173
1174 if (debug && bgp_attr_get_ecommunity(&static_attr)) {
1175 char *s = ecommunity_ecom2str(
1176 bgp_attr_get_ecommunity(&static_attr),
1177 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1178
1179 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
1180 __func__, s);
1181 XFREE(MTYPE_ECOMMUNITY_STR, s);
1182 }
1183
1184 /* Nexthop */
1185 /* if policy nexthop not set, use 0 */
1186 if (CHECK_FLAG(from_bgp->vpn_policy[afi].flags,
1187 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
1188 struct prefix *nexthop =
1189 &from_bgp->vpn_policy[afi].tovpn_nexthop;
1190
1191 switch (nexthop->family) {
1192 case AF_INET:
1193 /* prevent mp_nexthop_global_in <- self in bgp_route.c
1194 */
1195 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
1196
1197 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
1198 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV4;
1199 break;
1200
1201 case AF_INET6:
1202 static_attr.mp_nexthop_global = nexthop->u.prefix6;
1203 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL;
1204 break;
1205
1206 default:
1207 assert(0);
1208 }
1209 } else {
1210 if (!CHECK_FLAG(from_bgp->af_flags[afi][SAFI_UNICAST],
1211 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
1212 if (afi == AFI_IP) {
1213 /*
1214 * For ipv4, copy to multiprotocol
1215 * nexthop field
1216 */
1217 static_attr.mp_nexthop_global_in =
1218 static_attr.nexthop;
1219 static_attr.mp_nexthop_len =
1220 BGP_ATTR_NHLEN_IPV4;
1221 /*
1222 * XXX Leave static_attr.nexthop
1223 * intact for NHT
1224 */
1225 static_attr.flag &=
1226 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1227 }
1228 } else {
1229 /* Update based on next-hop family to account for
1230 * RFC 5549 (BGP unnumbered) scenario. Note that
1231 * specific action is only needed for the case of
1232 * IPv4 nexthops as the attr has been copied
1233 * otherwise.
1234 */
1235 if (afi == AFI_IP
1236 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
1237 static_attr.mp_nexthop_global_in.s_addr =
1238 static_attr.nexthop.s_addr;
1239 static_attr.mp_nexthop_len =
1240 BGP_ATTR_NHLEN_IPV4;
1241 static_attr.flag |=
1242 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1243 }
1244 }
1245 nexthop_self_flag = 1;
1246 }
1247
1248 label_val = from_bgp->vpn_policy[afi].tovpn_label;
1249 if (label_val == MPLS_LABEL_NONE) {
1250 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
1251 } else {
1252 encode_label(label_val, &label);
1253 }
1254
1255 /* Set originator ID to "me" */
1256 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
1257 static_attr.originator_id = to_bgp->router_id;
1258
1259 /* Set SID for SRv6 VPN */
1260 if (from_bgp->vpn_policy[afi].tovpn_sid_locator) {
1261 encode_label(
1262 from_bgp->vpn_policy[afi].tovpn_sid_transpose_label,
1263 &label);
1264 static_attr.srv6_l3vpn = XCALLOC(MTYPE_BGP_SRV6_L3VPN,
1265 sizeof(struct bgp_attr_srv6_l3vpn));
1266 static_attr.srv6_l3vpn->sid_flags = 0x00;
1267 static_attr.srv6_l3vpn->endpoint_behavior = 0xffff;
1268 static_attr.srv6_l3vpn->loc_block_len =
1269 BGP_PREFIX_SID_SRV6_LOCATOR_BLOCK_LENGTH;
1270 static_attr.srv6_l3vpn->loc_node_len =
1271 BGP_PREFIX_SID_SRV6_LOCATOR_NODE_LENGTH;
1272 static_attr.srv6_l3vpn->func_len =
1273 BGP_PREFIX_SID_SRV6_FUNCTION_LENGTH;
1274 static_attr.srv6_l3vpn->arg_len =
1275 BGP_PREFIX_SID_SRV6_ARGUMENT_LENGTH;
1276 static_attr.srv6_l3vpn->transposition_len =
1277 BGP_PREFIX_SID_SRV6_TRANSPOSITION_LENGTH;
1278 static_attr.srv6_l3vpn->transposition_offset =
1279 BGP_PREFIX_SID_SRV6_TRANSPOSITION_OFFSET;
1280 memcpy(&static_attr.srv6_l3vpn->sid,
1281 from_bgp->vpn_policy[afi].tovpn_sid_locator,
1282 sizeof(struct in6_addr));
1283 }
1284
1285
1286 new_attr = bgp_attr_intern(
1287 &static_attr); /* hashed refcounted everything */
1288 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
1289
1290 if (debug && bgp_attr_get_ecommunity(new_attr)) {
1291 char *s = ecommunity_ecom2str(bgp_attr_get_ecommunity(new_attr),
1292 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1293
1294 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
1295 XFREE(MTYPE_ECOMMUNITY_STR, s);
1296 }
1297
1298 /* Now new_attr is an allocated interned attr */
1299
1300 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p,
1301 &(from_bgp->vpn_policy[afi].tovpn_rd));
1302
1303 struct bgp_path_info *new_info;
1304
1305 new_info =
1306 leak_update(to_bgp, bn, new_attr, afi, safi, path_vrf, &label,
1307 1, from_bgp, NULL, nexthop_self_flag, debug);
1308
1309 /*
1310 * Routes actually installed in the vpn RIB must also be
1311 * offered to all vrfs (because now they originate from
1312 * the vpn RIB).
1313 *
1314 * Acceptance into other vrfs depends on rt-lists.
1315 * Originating vrf will not accept the looped back route
1316 * because of loop checking.
1317 */
1318 if (new_info)
1319 vpn_leak_to_vrf_update(from_bgp, new_info);
1320 }
1321
1322 void vpn_leak_from_vrf_withdraw(struct bgp *to_bgp, /* to */
1323 struct bgp *from_bgp, /* from */
1324 struct bgp_path_info *path_vrf) /* route */
1325 {
1326 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1327 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
1328 afi_t afi = family2afi(p->family);
1329 safi_t safi = SAFI_MPLS_VPN;
1330 struct bgp_path_info *bpi;
1331 struct bgp_dest *bn;
1332 const char *debugmsg;
1333
1334 if (debug) {
1335 zlog_debug(
1336 "%s: entry: leak-from=%s, p=%pBD, type=%d, sub_type=%d",
1337 __func__, from_bgp->name_pretty, path_vrf->net,
1338 path_vrf->type, path_vrf->sub_type);
1339 }
1340
1341 if (!to_bgp)
1342 return;
1343
1344 if (!afi) {
1345 if (debug)
1346 zlog_debug("%s: can't get afi of prefix", __func__);
1347 return;
1348 }
1349
1350 /* Is this route exportable into the VPN table? */
1351 if (!is_route_injectable_into_vpn(path_vrf))
1352 return;
1353
1354 if (!vpn_leak_to_vpn_active(from_bgp, afi, &debugmsg)) {
1355 if (debug)
1356 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1357 return;
1358 }
1359
1360 if (debug)
1361 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf);
1362
1363 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p,
1364 &(from_bgp->vpn_policy[afi].tovpn_rd));
1365
1366 if (!bn)
1367 return;
1368 /*
1369 * vrf -> vpn
1370 * match original bpi imported from
1371 */
1372 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
1373 if (bpi->extra && bpi->extra->parent == path_vrf) {
1374 break;
1375 }
1376 }
1377
1378 if (bpi) {
1379 /* withdraw from looped vrfs as well */
1380 vpn_leak_to_vrf_withdraw(to_bgp, bpi);
1381
1382 bgp_aggregate_decrement(to_bgp, p, bpi, afi, safi);
1383 bgp_path_info_delete(bn, bpi);
1384 bgp_process(to_bgp, bn, afi, safi);
1385 }
1386 bgp_dest_unlock_node(bn);
1387 }
1388
1389 void vpn_leak_from_vrf_withdraw_all(struct bgp *to_bgp, struct bgp *from_bgp,
1390 afi_t afi)
1391 {
1392 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1393 struct bgp_dest *pdest;
1394 safi_t safi = SAFI_MPLS_VPN;
1395
1396 /*
1397 * Walk vpn table, delete bpi with bgp_orig == from_bgp
1398 */
1399 for (pdest = bgp_table_top(to_bgp->rib[afi][safi]); pdest;
1400 pdest = bgp_route_next(pdest)) {
1401
1402 struct bgp_table *table;
1403 struct bgp_dest *bn;
1404 struct bgp_path_info *bpi;
1405
1406 /* This is the per-RD table of prefixes */
1407 table = bgp_dest_get_bgp_table_info(pdest);
1408
1409 if (!table)
1410 continue;
1411
1412 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1413 bpi = bgp_dest_get_bgp_path_info(bn);
1414 if (debug && bpi) {
1415 zlog_debug("%s: looking at prefix %pBD",
1416 __func__, bn);
1417 }
1418
1419 for (; bpi; bpi = bpi->next) {
1420 if (debug)
1421 zlog_debug("%s: type %d, sub_type %d",
1422 __func__, bpi->type,
1423 bpi->sub_type);
1424 if (bpi->sub_type != BGP_ROUTE_IMPORTED)
1425 continue;
1426 if (!bpi->extra)
1427 continue;
1428 if ((struct bgp *)bpi->extra->bgp_orig ==
1429 from_bgp) {
1430 /* delete route */
1431 if (debug)
1432 zlog_debug("%s: deleting it",
1433 __func__);
1434 /* withdraw from leak-to vrfs as well */
1435 vpn_leak_to_vrf_withdraw(to_bgp, bpi);
1436 bgp_aggregate_decrement(
1437 to_bgp, bgp_dest_get_prefix(bn),
1438 bpi, afi, safi);
1439 bgp_path_info_delete(bn, bpi);
1440 bgp_process(to_bgp, bn, afi, safi);
1441 }
1442 }
1443 }
1444 }
1445 }
1446
1447 void vpn_leak_from_vrf_update_all(struct bgp *to_bgp, struct bgp *from_bgp,
1448 afi_t afi)
1449 {
1450 struct bgp_dest *bn;
1451 struct bgp_path_info *bpi;
1452 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1453
1454 if (debug)
1455 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
1456 from_bgp->name_pretty);
1457
1458 for (bn = bgp_table_top(from_bgp->rib[afi][SAFI_UNICAST]); bn;
1459 bn = bgp_route_next(bn)) {
1460
1461 if (debug)
1462 zlog_debug("%s: node=%p", __func__, bn);
1463
1464 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1465 bpi = bpi->next) {
1466 if (debug)
1467 zlog_debug(
1468 "%s: calling vpn_leak_from_vrf_update",
1469 __func__);
1470 vpn_leak_from_vrf_update(to_bgp, from_bgp, bpi);
1471 }
1472 }
1473 }
1474
1475 static bool
1476 vpn_leak_to_vrf_update_onevrf(struct bgp *to_bgp, /* to */
1477 struct bgp *from_bgp, /* from */
1478 struct bgp_path_info *path_vpn) /* route */
1479 {
1480 const struct prefix *p = bgp_dest_get_prefix(path_vpn->net);
1481 afi_t afi = family2afi(p->family);
1482
1483 struct attr static_attr = {0};
1484 struct attr *new_attr = NULL;
1485 struct bgp_dest *bn;
1486 safi_t safi = SAFI_UNICAST;
1487 const char *debugmsg;
1488 struct prefix nexthop_orig;
1489 mpls_label_t *pLabels = NULL;
1490 uint32_t num_labels = 0;
1491 int nexthop_self_flag = 1;
1492 struct bgp_path_info *bpi_ultimate = NULL;
1493 int origin_local = 0;
1494 struct bgp *src_vrf;
1495
1496 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1497
1498 if (!vpn_leak_from_vpn_active(to_bgp, afi, &debugmsg)) {
1499 if (debug)
1500 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1501 return false;
1502 }
1503
1504 /* Check for intersection of route targets */
1505 if (!ecom_intersect(
1506 to_bgp->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1507 bgp_attr_get_ecommunity(path_vpn->attr))) {
1508 if (debug)
1509 zlog_debug(
1510 "from vpn (%s) to vrf (%s), skipping after no intersection of route targets",
1511 from_bgp->name_pretty, to_bgp->name_pretty);
1512 return false;
1513 }
1514
1515 if (debug)
1516 zlog_debug("%s: updating %pFX to vrf %s", __func__, p,
1517 to_bgp->name_pretty);
1518
1519 /* shallow copy */
1520 static_attr = *path_vpn->attr;
1521
1522 struct ecommunity *old_ecom;
1523 struct ecommunity *new_ecom;
1524
1525 /* If doing VRF-to-VRF leaking, strip RTs. */
1526 old_ecom = bgp_attr_get_ecommunity(&static_attr);
1527 if (old_ecom && CHECK_FLAG(to_bgp->af_flags[afi][safi],
1528 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1529 new_ecom = ecommunity_dup(old_ecom);
1530 ecommunity_strip_rts(new_ecom);
1531 bgp_attr_set_ecommunity(&static_attr, new_ecom);
1532
1533 if (new_ecom->size == 0) {
1534 ecommunity_free(&new_ecom);
1535 bgp_attr_set_ecommunity(&static_attr, NULL);
1536 }
1537
1538 if (!old_ecom->refcnt)
1539 ecommunity_free(&old_ecom);
1540 }
1541
1542 /*
1543 * Nexthop: stash and clear
1544 *
1545 * Nexthop is valid in context of VPN core, but not in destination vrf.
1546 * Stash it for later label resolution by vrf ingress path and then
1547 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1548 */
1549 uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len);
1550
1551 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1552 nexthop_orig.family = nhfamily;
1553
1554 switch (nhfamily) {
1555 case AF_INET:
1556 /* save */
1557 nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in;
1558 nexthop_orig.prefixlen = IPV4_MAX_BITLEN;
1559
1560 if (CHECK_FLAG(to_bgp->af_flags[afi][safi],
1561 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1562 static_attr.nexthop.s_addr =
1563 nexthop_orig.u.prefix4.s_addr;
1564
1565 static_attr.mp_nexthop_global_in =
1566 path_vpn->attr->mp_nexthop_global_in;
1567 static_attr.mp_nexthop_len =
1568 path_vpn->attr->mp_nexthop_len;
1569 }
1570 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1571 break;
1572 case AF_INET6:
1573 /* save */
1574 nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global;
1575 nexthop_orig.prefixlen = IPV6_MAX_BITLEN;
1576
1577 if (CHECK_FLAG(to_bgp->af_flags[afi][safi],
1578 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1579 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
1580 }
1581 break;
1582 }
1583
1584 /*
1585 * route map handling
1586 */
1587 if (to_bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
1588 struct bgp_path_info info;
1589 route_map_result_t ret;
1590
1591 memset(&info, 0, sizeof(info));
1592 info.peer = to_bgp->peer_self;
1593 info.attr = &static_attr;
1594 info.extra = path_vpn->extra; /* Used for source-vrf filter */
1595 ret = route_map_apply(to_bgp->vpn_policy[afi]
1596 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
1597 p, &info);
1598 if (RMAP_DENYMATCH == ret) {
1599 bgp_attr_flush(&static_attr); /* free any added parts */
1600 if (debug)
1601 zlog_debug(
1602 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
1603 __func__, to_bgp->name_pretty,
1604 to_bgp->vpn_policy[afi]
1605 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
1606 ->name);
1607 return false;
1608 }
1609 /*
1610 * if route-map changed nexthop, don't nexthop-self on output
1611 */
1612 if (!CHECK_FLAG(static_attr.rmap_change_flags,
1613 BATTR_RMAP_NEXTHOP_UNCHANGED))
1614 nexthop_self_flag = 0;
1615 }
1616
1617 new_attr = bgp_attr_intern(&static_attr);
1618 bgp_attr_flush(&static_attr);
1619
1620 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p, NULL);
1621
1622 /*
1623 * ensure labels are copied
1624 *
1625 * However, there is a special case: if the route originated in
1626 * another local VRF (as opposed to arriving via VPN), then the
1627 * nexthop is reached by hairpinning through this router (me)
1628 * using IP forwarding only (no LSP). Therefore, the route
1629 * imported to the VRF should not have labels attached. Note
1630 * that nexthop tracking is also involved: eliminating the
1631 * labels for these routes enables the non-labeled nexthops
1632 * from the originating VRF to be considered valid for this route.
1633 */
1634 if (!CHECK_FLAG(to_bgp->af_flags[afi][safi],
1635 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1636 /* work back to original route */
1637 bpi_ultimate = bgp_get_imported_bpi_ultimate(path_vpn);
1638
1639 /*
1640 * if original route was unicast,
1641 * then it did not arrive over vpn
1642 */
1643 if (bpi_ultimate->net) {
1644 struct bgp_table *table;
1645
1646 table = bgp_dest_table(bpi_ultimate->net);
1647 if (table && (table->safi == SAFI_UNICAST))
1648 origin_local = 1;
1649 }
1650
1651 /* copy labels */
1652 if (!origin_local && path_vpn->extra
1653 && path_vpn->extra->num_labels) {
1654 num_labels = path_vpn->extra->num_labels;
1655 if (num_labels > BGP_MAX_LABELS)
1656 num_labels = BGP_MAX_LABELS;
1657 pLabels = path_vpn->extra->label;
1658 }
1659 }
1660
1661 if (debug)
1662 zlog_debug("%s: pfx %pBD: num_labels %d", __func__,
1663 path_vpn->net, num_labels);
1664
1665 /*
1666 * For VRF-2-VRF route-leaking,
1667 * the source will be the originating VRF.
1668 */
1669 if (path_vpn->extra && path_vpn->extra->bgp_orig)
1670 src_vrf = path_vpn->extra->bgp_orig;
1671 else
1672 src_vrf = from_bgp;
1673
1674 leak_update(to_bgp, bn, new_attr, afi, safi, path_vpn, pLabels,
1675 num_labels, src_vrf, &nexthop_orig, nexthop_self_flag,
1676 debug);
1677 return true;
1678 }
1679
1680 bool vpn_leak_to_vrf_update(struct bgp *from_bgp, /* from */
1681 struct bgp_path_info *path_vpn) /* route */
1682 {
1683 struct listnode *mnode, *mnnode;
1684 struct bgp *bgp;
1685 bool leak_success = false;
1686
1687 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1688
1689 if (debug)
1690 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1691
1692 /* Loop over VRFs */
1693 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1694
1695 if (!path_vpn->extra
1696 || path_vpn->extra->bgp_orig != bgp) { /* no loop */
1697 leak_success |= vpn_leak_to_vrf_update_onevrf(
1698 bgp, from_bgp, path_vpn);
1699 }
1700 }
1701 return leak_success;
1702 }
1703
1704 void vpn_leak_to_vrf_withdraw(struct bgp *from_bgp, /* from */
1705 struct bgp_path_info *path_vpn) /* route */
1706 {
1707 const struct prefix *p;
1708 afi_t afi;
1709 safi_t safi = SAFI_UNICAST;
1710 struct bgp *bgp;
1711 struct listnode *mnode, *mnnode;
1712 struct bgp_dest *bn;
1713 struct bgp_path_info *bpi;
1714 const char *debugmsg;
1715
1716 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1717
1718 if (debug)
1719 zlog_debug("%s: entry: p=%pBD, type=%d, sub_type=%d", __func__,
1720 path_vpn->net, path_vpn->type, path_vpn->sub_type);
1721
1722 if (debug)
1723 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1724
1725 if (!path_vpn->net) {
1726 #ifdef ENABLE_BGP_VNC
1727 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
1728 if (path_vpn->type == ZEBRA_ROUTE_BGP
1729 && path_vpn->sub_type == BGP_ROUTE_RFP) {
1730
1731 return;
1732 }
1733 #endif
1734 if (debug)
1735 zlog_debug(
1736 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
1737 __func__);
1738 return;
1739 }
1740
1741 p = bgp_dest_get_prefix(path_vpn->net);
1742 afi = family2afi(p->family);
1743
1744 /* Loop over VRFs */
1745 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1746 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
1747 if (debug)
1748 zlog_debug("%s: skipping: %s", __func__,
1749 debugmsg);
1750 continue;
1751 }
1752
1753 /* Check for intersection of route targets */
1754 if (!ecom_intersect(bgp->vpn_policy[afi]
1755 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1756 bgp_attr_get_ecommunity(path_vpn->attr))) {
1757
1758 continue;
1759 }
1760
1761 if (debug)
1762 zlog_debug("%s: withdrawing from vrf %s", __func__,
1763 bgp->name_pretty);
1764
1765 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
1766
1767 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1768 bpi = bpi->next) {
1769 if (bpi->extra
1770 && (struct bgp_path_info *)bpi->extra->parent
1771 == path_vpn) {
1772 break;
1773 }
1774 }
1775
1776 if (bpi) {
1777 if (debug)
1778 zlog_debug("%s: deleting bpi %p", __func__,
1779 bpi);
1780 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
1781 bgp_path_info_delete(bn, bpi);
1782 bgp_process(bgp, bn, afi, safi);
1783 }
1784 bgp_dest_unlock_node(bn);
1785 }
1786 }
1787
1788 void vpn_leak_to_vrf_withdraw_all(struct bgp *to_bgp, afi_t afi)
1789 {
1790 struct bgp_dest *bn;
1791 struct bgp_path_info *bpi;
1792 safi_t safi = SAFI_UNICAST;
1793 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1794
1795 if (debug)
1796 zlog_debug("%s: entry", __func__);
1797 /*
1798 * Walk vrf table, delete bpi with bgp_orig in a different vrf
1799 */
1800 for (bn = bgp_table_top(to_bgp->rib[afi][safi]); bn;
1801 bn = bgp_route_next(bn)) {
1802
1803 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1804 bpi = bpi->next) {
1805 if (bpi->extra && bpi->extra->bgp_orig != to_bgp &&
1806 bpi->extra->parent &&
1807 is_pi_family_vpn(bpi->extra->parent)) {
1808
1809 /* delete route */
1810 bgp_aggregate_decrement(to_bgp,
1811 bgp_dest_get_prefix(bn),
1812 bpi, afi, safi);
1813 bgp_path_info_delete(bn, bpi);
1814 bgp_process(to_bgp, bn, afi, safi);
1815 }
1816 }
1817 }
1818 }
1819
1820 void vpn_leak_to_vrf_update_all(struct bgp *to_bgp, struct bgp *vpn_from,
1821 afi_t afi)
1822 {
1823 struct bgp_dest *pdest;
1824 safi_t safi = SAFI_MPLS_VPN;
1825
1826 assert(vpn_from);
1827
1828 /*
1829 * Walk vpn table
1830 */
1831 for (pdest = bgp_table_top(vpn_from->rib[afi][safi]); pdest;
1832 pdest = bgp_route_next(pdest)) {
1833 struct bgp_table *table;
1834 struct bgp_dest *bn;
1835 struct bgp_path_info *bpi;
1836
1837 /* This is the per-RD table of prefixes */
1838 table = bgp_dest_get_bgp_table_info(pdest);
1839
1840 if (!table)
1841 continue;
1842
1843 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1844
1845 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1846 bpi = bpi->next) {
1847
1848 if (bpi->extra &&
1849 bpi->extra->bgp_orig == to_bgp)
1850 continue;
1851
1852 vpn_leak_to_vrf_update_onevrf(to_bgp, vpn_from,
1853 bpi);
1854 }
1855 }
1856 }
1857 }
1858
1859 /*
1860 * This function is called for definition/deletion/change to a route-map
1861 */
1862 static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
1863 {
1864 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1865 afi_t afi;
1866 struct route_map *rmap;
1867
1868 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1869 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
1870
1871 return;
1872 }
1873
1874 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
1875
1876 for (afi = 0; afi < AFI_MAX; ++afi) {
1877
1878 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
1879 && !strcmp(rmap_name,
1880 bgp->vpn_policy[afi]
1881 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
1882
1883 if (debug)
1884 zlog_debug(
1885 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
1886 __func__, rmap_name, bgp->as,
1887 afi2str(afi));
1888
1889 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1890 bgp_get_default(), bgp);
1891 if (debug)
1892 zlog_debug("%s: after vpn_leak_prechange",
1893 __func__);
1894
1895 /* in case of definition/deletion */
1896 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
1897 rmap;
1898
1899 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1900 bgp_get_default(), bgp);
1901
1902 if (debug)
1903 zlog_debug("%s: after vpn_leak_postchange",
1904 __func__);
1905 }
1906
1907 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
1908 && !strcmp(rmap_name,
1909 bgp->vpn_policy[afi]
1910 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
1911
1912 if (debug) {
1913 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
1914 __func__, rmap_name, bgp->as,
1915 afi2str(afi));
1916 }
1917
1918 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1919 bgp_get_default(), bgp);
1920
1921 /* in case of definition/deletion */
1922 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
1923 rmap;
1924
1925 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1926 bgp_get_default(), bgp);
1927 }
1928 }
1929 }
1930
1931 /* This API is used during router-id change, reflect VPNs
1932 * auto RD and RT values and readvertise routes to VPN table.
1933 */
1934 void vpn_handle_router_id_update(struct bgp *bgp, bool withdraw,
1935 bool is_config)
1936 {
1937 afi_t afi;
1938 int debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF)
1939 | BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1940 char *vname;
1941 const char *export_name;
1942 char buf[RD_ADDRSTRLEN];
1943 struct bgp *bgp_import;
1944 struct listnode *node;
1945 struct ecommunity *ecom;
1946 enum vpn_policy_direction idir, edir;
1947
1948 /*
1949 * Router-id change that is not explicitly configured
1950 * (a change from zebra, frr restart for example)
1951 * should not replace a configured vpn RD/RT.
1952 */
1953 if (!is_config) {
1954 if (debug)
1955 zlog_debug("%s: skipping non explicit router-id change",
1956 __func__);
1957 return;
1958 }
1959
1960 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1961 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
1962 return;
1963
1964 export_name = bgp->name ? bgp->name : VRF_DEFAULT_NAME;
1965 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1966 edir = BGP_VPN_POLICY_DIR_TOVPN;
1967
1968 for (afi = 0; afi < AFI_MAX; ++afi) {
1969 if (!vpn_leak_to_vpn_active(bgp, afi, NULL))
1970 continue;
1971
1972 if (withdraw) {
1973 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
1974 afi, bgp_get_default(), bgp);
1975 if (debug)
1976 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
1977 __func__, export_name);
1978
1979 /* Remove import RT from VRFs */
1980 ecom = bgp->vpn_policy[afi].rtlist[edir];
1981 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1982 export_vrf, node, vname)) {
1983 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
1984 bgp_import = bgp_get_default();
1985 else
1986 bgp_import = bgp_lookup_by_name(vname);
1987 if (!bgp_import)
1988 continue;
1989
1990 ecommunity_del_val(
1991 bgp_import->vpn_policy[afi]
1992 .rtlist[idir],
1993 (struct ecommunity_val *)ecom->val);
1994 }
1995 } else {
1996 /* New router-id derive auto RD and RT and export
1997 * to VPN
1998 */
1999 form_auto_rd(bgp->router_id, bgp->vrf_rd_id,
2000 &bgp->vrf_prd_auto);
2001 bgp->vpn_policy[afi].tovpn_rd = bgp->vrf_prd_auto;
2002 prefix_rd2str(&bgp->vpn_policy[afi].tovpn_rd, buf,
2003 sizeof(buf));
2004 bgp->vpn_policy[afi].rtlist[edir] =
2005 ecommunity_str2com(buf,
2006 ECOMMUNITY_ROUTE_TARGET, 0);
2007
2008 /* Update import_vrf rt_list */
2009 ecom = bgp->vpn_policy[afi].rtlist[edir];
2010 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
2011 export_vrf, node, vname)) {
2012 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
2013 bgp_import = bgp_get_default();
2014 else
2015 bgp_import = bgp_lookup_by_name(vname);
2016 if (!bgp_import)
2017 continue;
2018 if (bgp_import->vpn_policy[afi].rtlist[idir])
2019 bgp_import->vpn_policy[afi].rtlist[idir]
2020 = ecommunity_merge(
2021 bgp_import->vpn_policy[afi]
2022 .rtlist[idir], ecom);
2023 else
2024 bgp_import->vpn_policy[afi].rtlist[idir]
2025 = ecommunity_dup(ecom);
2026 }
2027
2028 /* Update routes to VPN */
2029 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
2030 afi, bgp_get_default(),
2031 bgp);
2032 if (debug)
2033 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
2034 __func__, export_name);
2035 }
2036 }
2037 }
2038
2039 void vpn_policy_routemap_event(const char *rmap_name)
2040 {
2041 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
2042 struct listnode *mnode, *mnnode;
2043 struct bgp *bgp;
2044
2045 if (debug)
2046 zlog_debug("%s: entry", __func__);
2047
2048 if (bm->bgp == NULL) /* may be called during cleanup */
2049 return;
2050
2051 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
2052 vpn_policy_routemap_update(bgp, rmap_name);
2053 }
2054
2055 void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
2056 afi_t afi, safi_t safi)
2057 {
2058 const char *export_name;
2059 enum vpn_policy_direction idir, edir;
2060 char *vname, *tmp_name;
2061 char buf[RD_ADDRSTRLEN];
2062 struct ecommunity *ecom;
2063 bool first_export = false;
2064 int debug;
2065 struct listnode *node;
2066 bool is_inst_match = false;
2067
2068 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
2069 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2070 edir = BGP_VPN_POLICY_DIR_TOVPN;
2071
2072 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2073 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2074
2075 /*
2076 * Cross-ref both VRFs. Also, note if this is the first time
2077 * any VRF is importing from "import_vrf".
2078 */
2079 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
2080 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
2081
2082 /* Check the import_vrf list of destination vrf for the source vrf name,
2083 * insert otherwise.
2084 */
2085 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf,
2086 node, tmp_name)) {
2087 if (strcmp(vname, tmp_name) == 0) {
2088 is_inst_match = true;
2089 break;
2090 }
2091 }
2092 if (!is_inst_match)
2093 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
2094 vname);
2095 else
2096 XFREE(MTYPE_TMP, vname);
2097
2098 /* Check if the source vrf already exports to any vrf,
2099 * first time export requires to setup auto derived RD/RT values.
2100 * Add the destination vrf name to export vrf list if it is
2101 * not present.
2102 */
2103 is_inst_match = false;
2104 vname = XSTRDUP(MTYPE_TMP, export_name);
2105 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
2106 first_export = true;
2107 } else {
2108 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
2109 node, tmp_name)) {
2110 if (strcmp(vname, tmp_name) == 0) {
2111 is_inst_match = true;
2112 break;
2113 }
2114 }
2115 }
2116 if (!is_inst_match)
2117 listnode_add(from_bgp->vpn_policy[afi].export_vrf,
2118 vname);
2119 else
2120 XFREE(MTYPE_TMP, vname);
2121
2122 /* Update import RT for current VRF using export RT of the VRF we're
2123 * importing from. First though, make sure "import_vrf" has that
2124 * set.
2125 */
2126 if (first_export) {
2127 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
2128 &from_bgp->vrf_prd_auto);
2129 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
2130 SET_FLAG(from_bgp->vpn_policy[afi].flags,
2131 BGP_VPN_POLICY_TOVPN_RD_SET);
2132 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
2133 buf, sizeof(buf));
2134 from_bgp->vpn_policy[afi].rtlist[edir] =
2135 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
2136 SET_FLAG(from_bgp->af_flags[afi][safi],
2137 BGP_CONFIG_VRF_TO_VRF_EXPORT);
2138 from_bgp->vpn_policy[afi].tovpn_label =
2139 BGP_PREVENT_VRF_2_VRF_LEAK;
2140 }
2141 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2142 if (to_bgp->vpn_policy[afi].rtlist[idir])
2143 to_bgp->vpn_policy[afi].rtlist[idir] =
2144 ecommunity_merge(to_bgp->vpn_policy[afi]
2145 .rtlist[idir], ecom);
2146 else
2147 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
2148 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
2149
2150 if (debug) {
2151 const char *from_name;
2152 char *ecom1, *ecom2;
2153
2154 from_name = from_bgp->name ? from_bgp->name :
2155 VRF_DEFAULT_NAME;
2156
2157 ecom1 = ecommunity_ecom2str(
2158 to_bgp->vpn_policy[afi].rtlist[idir],
2159 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
2160
2161 ecom2 = ecommunity_ecom2str(
2162 to_bgp->vpn_policy[afi].rtlist[edir],
2163 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
2164
2165 zlog_debug(
2166 "%s from %s to %s first_export %u import-rt %s export-rt %s",
2167 __func__, from_name, export_name, first_export, ecom1,
2168 ecom2);
2169
2170 ecommunity_strfree(&ecom1);
2171 ecommunity_strfree(&ecom2);
2172 }
2173
2174 /* Does "import_vrf" first need to export its routes or that
2175 * is already done and we just need to import those routes
2176 * from the global table?
2177 */
2178 if (first_export)
2179 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
2180 else
2181 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
2182 }
2183
2184 void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
2185 afi_t afi, safi_t safi)
2186 {
2187 const char *export_name, *tmp_name;
2188 enum vpn_policy_direction idir, edir;
2189 char *vname;
2190 struct ecommunity *ecom = NULL;
2191 struct listnode *node;
2192 int debug;
2193
2194 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
2195 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
2196 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2197 edir = BGP_VPN_POLICY_DIR_TOVPN;
2198
2199 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2200 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2201
2202 /* Were we importing from "import_vrf"? */
2203 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
2204 vname)) {
2205 if (strcmp(vname, tmp_name) == 0)
2206 break;
2207 }
2208
2209 /*
2210 * We do not check in the cli if the passed in bgp
2211 * instance is actually imported into us before
2212 * we call this function. As such if we do not
2213 * find this in the import_vrf list than
2214 * we just need to return safely.
2215 */
2216 if (!vname)
2217 return;
2218
2219 if (debug)
2220 zlog_debug("%s from %s to %s", __func__, tmp_name, export_name);
2221
2222 /* Remove "import_vrf" from our import list. */
2223 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
2224 XFREE(MTYPE_TMP, vname);
2225
2226 /* Remove routes imported from "import_vrf". */
2227 /* TODO: In the current logic, we have to first remove all
2228 * imported routes and then (if needed) import back routes
2229 */
2230 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
2231
2232 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
2233 if (!to_bgp->vpn_policy[afi].rmap[idir])
2234 UNSET_FLAG(to_bgp->af_flags[afi][safi],
2235 BGP_CONFIG_VRF_TO_VRF_IMPORT);
2236 if (to_bgp->vpn_policy[afi].rtlist[idir])
2237 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
2238 } else {
2239 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2240 if (ecom)
2241 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
2242 (struct ecommunity_val *)ecom->val);
2243 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
2244 }
2245
2246 /*
2247 * What?
2248 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
2249 * below is checking for NULL that export_vrf can be
2250 * NULL, consequently it is complaining( like a cabbage )
2251 * that we could dereference and crash in the listcount(..)
2252 * check below.
2253 * So make it happy, under protest, with liberty and justice
2254 * for all.
2255 */
2256 assert(from_bgp->vpn_policy[afi].export_vrf);
2257
2258 /* Remove us from "import_vrf's" export list. If no other VRF
2259 * is importing from "import_vrf", cleanup appropriately.
2260 */
2261 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
2262 node, vname)) {
2263 if (strcmp(vname, export_name) == 0)
2264 break;
2265 }
2266
2267 /*
2268 * If we have gotten to this point then the vname must
2269 * exist. If not, we are in a world of trouble and
2270 * have slag sitting around.
2271 *
2272 * import_vrf and export_vrf must match in having
2273 * the in/out names as appropriate.
2274 * export_vrf list could have been cleaned up
2275 * as part of no router bgp source instnace.
2276 */
2277 if (!vname)
2278 return;
2279
2280 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
2281 XFREE(MTYPE_TMP, vname);
2282
2283 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
2284 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
2285 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
2286 UNSET_FLAG(from_bgp->af_flags[afi][safi],
2287 BGP_CONFIG_VRF_TO_VRF_EXPORT);
2288 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
2289 sizeof(struct prefix_rd));
2290 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
2291 BGP_VPN_POLICY_TOVPN_RD_SET);
2292 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
2293
2294 }
2295 }
2296
2297 /* For testing purpose, static route of MPLS-VPN. */
2298 DEFUN (vpnv4_network,
2299 vpnv4_network_cmd,
2300 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2301 "Specify a network to announce via BGP\n"
2302 "IPv4 prefix\n"
2303 "Specify Route Distinguisher\n"
2304 "VPN Route Distinguisher\n"
2305 "VPN NLRI label (tag)\n"
2306 "VPN NLRI label (tag)\n"
2307 "Label value\n")
2308 {
2309 int idx_ipv4_prefixlen = 1;
2310 int idx_ext_community = 3;
2311 int idx_label = 5;
2312 return bgp_static_set_safi(
2313 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
2314 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
2315 NULL, NULL, NULL, NULL);
2316 }
2317
2318 DEFUN (vpnv4_network_route_map,
2319 vpnv4_network_route_map_cmd,
2320 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map RMAP_NAME",
2321 "Specify a network to announce via BGP\n"
2322 "IPv4 prefix\n"
2323 "Specify Route Distinguisher\n"
2324 "VPN Route Distinguisher\n"
2325 "VPN NLRI label (tag)\n"
2326 "VPN NLRI label (tag)\n"
2327 "Label value\n"
2328 "route map\n"
2329 "route map name\n")
2330 {
2331 int idx_ipv4_prefixlen = 1;
2332 int idx_ext_community = 3;
2333 int idx_label = 5;
2334 int idx_word_2 = 7;
2335 return bgp_static_set_safi(
2336 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
2337 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2338 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
2339 }
2340
2341 /* For testing purpose, static route of MPLS-VPN. */
2342 DEFUN (no_vpnv4_network,
2343 no_vpnv4_network_cmd,
2344 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2345 NO_STR
2346 "Specify a network to announce via BGP\n"
2347 "IPv4 prefix\n"
2348 "Specify Route Distinguisher\n"
2349 "VPN Route Distinguisher\n"
2350 "VPN NLRI label (tag)\n"
2351 "VPN NLRI label (tag)\n"
2352 "Label value\n")
2353 {
2354 int idx_ipv4_prefixlen = 2;
2355 int idx_ext_community = 4;
2356 int idx_label = 6;
2357 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
2358 argv[idx_ipv4_prefixlen]->arg,
2359 argv[idx_ext_community]->arg,
2360 argv[idx_label]->arg, 0, NULL, NULL, NULL);
2361 }
2362
2363 DEFUN (vpnv6_network,
2364 vpnv6_network_cmd,
2365 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map RMAP_NAME]",
2366 "Specify a network to announce via BGP\n"
2367 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2368 "Specify Route Distinguisher\n"
2369 "VPN Route Distinguisher\n"
2370 "VPN NLRI label (tag)\n"
2371 "VPN NLRI label (tag)\n"
2372 "Label value\n"
2373 "route map\n"
2374 "route map name\n")
2375 {
2376 int idx_ipv6_prefix = 1;
2377 int idx_ext_community = 3;
2378 int idx_label = 5;
2379 int idx_word_2 = 7;
2380 if (argc == 8)
2381 return bgp_static_set_safi(
2382 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
2383 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2384 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
2385 else
2386 return bgp_static_set_safi(
2387 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
2388 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2389 NULL, 0, NULL, NULL, NULL, NULL);
2390 }
2391
2392 /* For testing purpose, static route of MPLS-VPN. */
2393 DEFUN (no_vpnv6_network,
2394 no_vpnv6_network_cmd,
2395 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2396 NO_STR
2397 "Specify a network to announce via BGP\n"
2398 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2399 "Specify Route Distinguisher\n"
2400 "VPN Route Distinguisher\n"
2401 "VPN NLRI label (tag)\n"
2402 "VPN NLRI label (tag)\n"
2403 "Label value\n")
2404 {
2405 int idx_ipv6_prefix = 2;
2406 int idx_ext_community = 4;
2407 int idx_label = 6;
2408 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
2409 argv[idx_ipv6_prefix]->arg,
2410 argv[idx_ext_community]->arg,
2411 argv[idx_label]->arg, 0, NULL, NULL, NULL);
2412 }
2413
2414 int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
2415 enum bgp_show_type type, void *output_arg, int tags,
2416 bool use_json)
2417 {
2418 struct bgp *bgp;
2419 struct bgp_table *table;
2420
2421 bgp = bgp_get_default();
2422 if (bgp == NULL) {
2423 if (!use_json)
2424 vty_out(vty, "No BGP process is configured\n");
2425 else
2426 vty_out(vty, "{}\n");
2427 return CMD_WARNING;
2428 }
2429 table = bgp->rib[afi][SAFI_MPLS_VPN];
2430 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
2431 output_arg, use_json);
2432 }
2433
2434 DEFUN (show_bgp_ip_vpn_all_rd,
2435 show_bgp_ip_vpn_all_rd_cmd,
2436 "show bgp "BGP_AFI_CMD_STR" vpn all [rd <ASN:NN_OR_IP-ADDRESS:NN|all>] [json]",
2437 SHOW_STR
2438 BGP_STR
2439 BGP_VPNVX_HELP_STR
2440 "Display VPN NLRI specific information\n"
2441 "Display VPN NLRI specific information\n"
2442 "Display information for a route distinguisher\n"
2443 "VPN Route Distinguisher\n"
2444 "All VPN Route Distinguishers\n"
2445 JSON_STR)
2446 {
2447 int ret;
2448 struct prefix_rd prd;
2449 afi_t afi;
2450 int idx = 0;
2451
2452 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
2453 /* Constrain search if user supplies RD && RD != "all" */
2454 if (argv_find(argv, argc, "rd", &idx)
2455 && strcmp(argv[idx + 1]->arg, "all")) {
2456 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
2457 if (!ret) {
2458 vty_out(vty,
2459 "%% Malformed Route Distinguisher\n");
2460 return CMD_WARNING;
2461 }
2462 return bgp_show_mpls_vpn(vty, afi, &prd,
2463 bgp_show_type_normal, NULL, 0,
2464 use_json(argc, argv));
2465 } else {
2466 return bgp_show_mpls_vpn(vty, afi, NULL,
2467 bgp_show_type_normal, NULL, 0,
2468 use_json(argc, argv));
2469 }
2470 }
2471 return CMD_SUCCESS;
2472 }
2473
2474 ALIAS(show_bgp_ip_vpn_all_rd,
2475 show_bgp_ip_vpn_rd_cmd,
2476 "show bgp "BGP_AFI_CMD_STR" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all> [json]",
2477 SHOW_STR
2478 BGP_STR
2479 BGP_VPNVX_HELP_STR
2480 "Display VPN NLRI specific information\n"
2481 "Display information for a route distinguisher\n"
2482 "VPN Route Distinguisher\n"
2483 "All VPN Route Distinguishers\n"
2484 JSON_STR)
2485
2486 #ifdef KEEP_OLD_VPN_COMMANDS
2487 DEFUN (show_ip_bgp_vpn_rd,
2488 show_ip_bgp_vpn_rd_cmd,
2489 "show ip bgp "BGP_AFI_CMD_STR" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all>",
2490 SHOW_STR
2491 IP_STR
2492 BGP_STR
2493 BGP_AFI_HELP_STR
2494 "Address Family modifier\n"
2495 "Display information for a route distinguisher\n"
2496 "VPN Route Distinguisher\n"
2497 "All VPN Route Distinguishers\n")
2498 {
2499 int idx_ext_community = argc - 1;
2500 int ret;
2501 struct prefix_rd prd;
2502 afi_t afi;
2503 int idx = 0;
2504
2505 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2506 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2507 return bgp_show_mpls_vpn(vty, afi, NULL,
2508 bgp_show_type_normal, NULL, 0,
2509 0);
2510 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2511 if (!ret) {
2512 vty_out(vty, "%% Malformed Route Distinguisher\n");
2513 return CMD_WARNING;
2514 }
2515 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2516 NULL, 0, 0);
2517 }
2518 return CMD_SUCCESS;
2519 }
2520
2521 DEFUN (show_ip_bgp_vpn_all,
2522 show_ip_bgp_vpn_all_cmd,
2523 "show [ip] bgp <vpnv4|vpnv6>",
2524 SHOW_STR
2525 IP_STR
2526 BGP_STR
2527 BGP_VPNVX_HELP_STR)
2528 {
2529 afi_t afi;
2530 int idx = 0;
2531
2532 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2533 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2534 NULL, 0, 0);
2535 return CMD_SUCCESS;
2536 }
2537
2538 DEFUN (show_ip_bgp_vpn_all_tags,
2539 show_ip_bgp_vpn_all_tags_cmd,
2540 "show [ip] bgp <vpnv4|vpnv6> all tags",
2541 SHOW_STR
2542 IP_STR
2543 BGP_STR
2544 BGP_VPNVX_HELP_STR
2545 "Display information about all VPNv4/VPNV6 NLRIs\n"
2546 "Display BGP tags for prefixes\n")
2547 {
2548 afi_t afi;
2549 int idx = 0;
2550
2551 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2552 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2553 NULL, 1, 0);
2554 return CMD_SUCCESS;
2555 }
2556
2557 DEFUN (show_ip_bgp_vpn_rd_tags,
2558 show_ip_bgp_vpn_rd_tags_cmd,
2559 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> tags",
2560 SHOW_STR
2561 IP_STR
2562 BGP_STR
2563 BGP_VPNVX_HELP_STR
2564 "Display information for a route distinguisher\n"
2565 "VPN Route Distinguisher\n"
2566 "All VPN Route Distinguishers\n"
2567 "Display BGP tags for prefixes\n")
2568 {
2569 int idx_ext_community = 5;
2570 int ret;
2571 struct prefix_rd prd;
2572 afi_t afi;
2573 int idx = 0;
2574
2575 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2576 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2577 return bgp_show_mpls_vpn(vty, afi, NULL,
2578 bgp_show_type_normal, NULL, 1,
2579 0);
2580 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2581 if (!ret) {
2582 vty_out(vty, "%% Malformed Route Distinguisher\n");
2583 return CMD_WARNING;
2584 }
2585 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2586 NULL, 1, 0);
2587 }
2588 return CMD_SUCCESS;
2589 }
2590
2591 DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
2592 show_ip_bgp_vpn_all_neighbor_routes_cmd,
2593 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
2594 SHOW_STR
2595 IP_STR
2596 BGP_STR
2597 BGP_VPNVX_HELP_STR
2598 "Display information about all VPNv4/VPNv6 NLRIs\n"
2599 "Detailed information on TCP and BGP neighbor connections\n"
2600 "Neighbor to display information about\n"
2601 "Display routes learned from neighbor\n"
2602 JSON_STR)
2603 {
2604 int idx_ipv4 = 6;
2605 union sockunion su;
2606 struct peer *peer;
2607 int ret;
2608 bool uj = use_json(argc, argv);
2609 afi_t afi;
2610 int idx = 0;
2611
2612 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2613 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2614 if (ret < 0) {
2615 if (uj) {
2616 json_object *json_no = NULL;
2617 json_no = json_object_new_object();
2618 json_object_string_add(json_no, "warning",
2619 "Malformed address");
2620 vty_out(vty, "%s\n",
2621 json_object_to_json_string(json_no));
2622 json_object_free(json_no);
2623 } else
2624 vty_out(vty, "Malformed address: %s\n",
2625 argv[idx_ipv4]->arg);
2626 return CMD_WARNING;
2627 }
2628
2629 peer = peer_lookup(NULL, &su);
2630 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2631 if (uj) {
2632 json_object *json_no = NULL;
2633 json_no = json_object_new_object();
2634 json_object_string_add(
2635 json_no, "warning",
2636 "No such neighbor or address family");
2637 vty_out(vty, "%s\n",
2638 json_object_to_json_string(json_no));
2639 json_object_free(json_no);
2640 } else
2641 vty_out(vty,
2642 "%% No such neighbor or address family\n");
2643 return CMD_WARNING;
2644 }
2645
2646 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
2647 &su, 0, uj);
2648 }
2649 return CMD_SUCCESS;
2650 }
2651
2652 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
2653 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
2654 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D routes [json]",
2655 SHOW_STR
2656 IP_STR
2657 BGP_STR
2658 BGP_VPNVX_HELP_STR
2659 "Display information for a route distinguisher\n"
2660 "VPN Route Distinguisher\n"
2661 "All VPN Route Distinguishers\n"
2662 "Detailed information on TCP and BGP neighbor connections\n"
2663 "Neighbor to display information about\n"
2664 "Display routes learned from neighbor\n"
2665 JSON_STR)
2666 {
2667 int idx_ext_community = 5;
2668 int idx_ipv4 = 7;
2669 int ret;
2670 union sockunion su;
2671 struct peer *peer;
2672 struct prefix_rd prd;
2673 bool prefix_rd_all = false;
2674 bool uj = use_json(argc, argv);
2675 afi_t afi;
2676 int idx = 0;
2677
2678 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2679 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2680 prefix_rd_all = true;
2681 else {
2682 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2683 if (!ret) {
2684 if (uj) {
2685 json_object *json_no = NULL;
2686 json_no = json_object_new_object();
2687 json_object_string_add(
2688 json_no, "warning",
2689 "Malformed Route Distinguisher");
2690 vty_out(vty, "%s\n",
2691 json_object_to_json_string(
2692 json_no));
2693 json_object_free(json_no);
2694 } else
2695 vty_out(vty,
2696 "%% Malformed Route Distinguisher\n");
2697 return CMD_WARNING;
2698 }
2699 }
2700
2701 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2702 if (ret < 0) {
2703 if (uj) {
2704 json_object *json_no = NULL;
2705 json_no = json_object_new_object();
2706 json_object_string_add(json_no, "warning",
2707 "Malformed address");
2708 vty_out(vty, "%s\n",
2709 json_object_to_json_string(json_no));
2710 json_object_free(json_no);
2711 } else
2712 vty_out(vty, "Malformed address: %s\n",
2713 argv[idx_ext_community]->arg);
2714 return CMD_WARNING;
2715 }
2716
2717 peer = peer_lookup(NULL, &su);
2718 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2719 if (uj) {
2720 json_object *json_no = NULL;
2721 json_no = json_object_new_object();
2722 json_object_string_add(
2723 json_no, "warning",
2724 "No such neighbor or address family");
2725 vty_out(vty, "%s\n",
2726 json_object_to_json_string(json_no));
2727 json_object_free(json_no);
2728 } else
2729 vty_out(vty,
2730 "%% No such neighbor or address family\n");
2731 return CMD_WARNING;
2732 }
2733
2734 if (prefix_rd_all)
2735 return bgp_show_mpls_vpn(vty, afi, NULL,
2736 bgp_show_type_neighbor, &su, 0,
2737 uj);
2738 else
2739 return bgp_show_mpls_vpn(vty, afi, &prd,
2740 bgp_show_type_neighbor, &su, 0,
2741 uj);
2742 }
2743 return CMD_SUCCESS;
2744 }
2745
2746 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
2747 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
2748 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
2749 SHOW_STR
2750 IP_STR
2751 BGP_STR
2752 BGP_VPNVX_HELP_STR
2753 "Display information about all VPNv4/VPNv6 NLRIs\n"
2754 "Detailed information on TCP and BGP neighbor connections\n"
2755 "Neighbor to display information about\n"
2756 "Display the routes advertised to a BGP neighbor\n"
2757 JSON_STR)
2758 {
2759 int idx_ipv4 = 6;
2760 int ret;
2761 struct peer *peer;
2762 union sockunion su;
2763 bool uj = use_json(argc, argv);
2764 afi_t afi;
2765 int idx = 0;
2766
2767 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2768 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2769 if (ret < 0) {
2770 if (uj) {
2771 json_object *json_no = NULL;
2772 json_no = json_object_new_object();
2773 json_object_string_add(json_no, "warning",
2774 "Malformed address");
2775 vty_out(vty, "%s\n",
2776 json_object_to_json_string(json_no));
2777 json_object_free(json_no);
2778 } else
2779 vty_out(vty, "Malformed address: %s\n",
2780 argv[idx_ipv4]->arg);
2781 return CMD_WARNING;
2782 }
2783 peer = peer_lookup(NULL, &su);
2784 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2785 if (uj) {
2786 json_object *json_no = NULL;
2787 json_no = json_object_new_object();
2788 json_object_string_add(
2789 json_no, "warning",
2790 "No such neighbor or address family");
2791 vty_out(vty, "%s\n",
2792 json_object_to_json_string(json_no));
2793 json_object_free(json_no);
2794 } else
2795 vty_out(vty,
2796 "%% No such neighbor or address family\n");
2797 return CMD_WARNING;
2798 }
2799 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2800 SAFI_MPLS_VPN, uj);
2801 }
2802 return CMD_SUCCESS;
2803 }
2804
2805 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
2806 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
2807 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D advertised-routes [json]",
2808 SHOW_STR
2809 IP_STR
2810 BGP_STR
2811 BGP_VPNVX_HELP_STR
2812 "Display information for a route distinguisher\n"
2813 "VPN Route Distinguisher\n"
2814 "All VPN Route Distinguishers\n"
2815 "Detailed information on TCP and BGP neighbor connections\n"
2816 "Neighbor to display information about\n"
2817 "Display the routes advertised to a BGP neighbor\n"
2818 JSON_STR)
2819 {
2820 int idx_ext_community = 5;
2821 int idx_ipv4 = 7;
2822 int ret;
2823 struct peer *peer;
2824 struct prefix_rd prd;
2825 union sockunion su;
2826 bool uj = use_json(argc, argv);
2827 afi_t afi;
2828 int idx = 0;
2829
2830 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2831 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2832 if (ret < 0) {
2833 if (uj) {
2834 json_object *json_no = NULL;
2835 json_no = json_object_new_object();
2836 json_object_string_add(json_no, "warning",
2837 "Malformed address");
2838 vty_out(vty, "%s\n",
2839 json_object_to_json_string(json_no));
2840 json_object_free(json_no);
2841 } else
2842 vty_out(vty, "Malformed address: %s\n",
2843 argv[idx_ext_community]->arg);
2844 return CMD_WARNING;
2845 }
2846 peer = peer_lookup(NULL, &su);
2847 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2848 if (uj) {
2849 json_object *json_no = NULL;
2850 json_no = json_object_new_object();
2851 json_object_string_add(
2852 json_no, "warning",
2853 "No such neighbor or address family");
2854 vty_out(vty, "%s\n",
2855 json_object_to_json_string(json_no));
2856 json_object_free(json_no);
2857 } else
2858 vty_out(vty,
2859 "%% No such neighbor or address family\n");
2860 return CMD_WARNING;
2861 }
2862
2863 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2864 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2865 SAFI_MPLS_VPN, uj);
2866 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2867 if (!ret) {
2868 if (uj) {
2869 json_object *json_no = NULL;
2870 json_no = json_object_new_object();
2871 json_object_string_add(
2872 json_no, "warning",
2873 "Malformed Route Distinguisher");
2874 vty_out(vty, "%s\n",
2875 json_object_to_json_string(json_no));
2876 json_object_free(json_no);
2877 } else
2878 vty_out(vty,
2879 "%% Malformed Route Distinguisher\n");
2880 return CMD_WARNING;
2881 }
2882
2883 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
2884 SAFI_MPLS_VPN, uj);
2885 }
2886 return CMD_SUCCESS;
2887 }
2888 #endif /* KEEP_OLD_VPN_COMMANDS */
2889
2890 void bgp_mplsvpn_init(void)
2891 {
2892 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
2893 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
2894 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
2895
2896 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
2897 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
2898
2899 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
2900 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
2901 #ifdef KEEP_OLD_VPN_COMMANDS
2902 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
2903 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
2904 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
2905 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
2906 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
2907 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
2908 install_element(VIEW_NODE,
2909 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
2910 install_element(VIEW_NODE,
2911 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
2912 #endif /* KEEP_OLD_VPN_COMMANDS */
2913 }
2914
2915 vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
2916 {
2917 struct listnode *mnode, *mnnode;
2918 struct bgp *bgp;
2919 afi_t afi = AFI_IP;
2920
2921 if (eckey->unit_size == IPV6_ECOMMUNITY_SIZE)
2922 afi = AFI_IP6;
2923
2924 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2925 struct ecommunity *ec;
2926
2927 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2928 continue;
2929
2930 ec = bgp->vpn_policy[afi].import_redirect_rtlist;
2931
2932 if (ec && eckey->unit_size != ec->unit_size)
2933 continue;
2934
2935 if (ecom_intersect(ec, eckey))
2936 return bgp->vrf_id;
2937 }
2938 return VRF_UNKNOWN;
2939 }
2940
2941 /*
2942 * The purpose of this function is to process leaks that were deferred
2943 * from earlier per-vrf configuration due to not-yet-existing default
2944 * vrf, in other words, configuration such as:
2945 *
2946 * router bgp MMM vrf FOO
2947 * address-family ipv4 unicast
2948 * rd vpn export 1:1
2949 * exit-address-family
2950 *
2951 * router bgp NNN
2952 * ...
2953 *
2954 * This function gets called when the default instance ("router bgp NNN")
2955 * is created.
2956 */
2957 void vpn_leak_postchange_all(void)
2958 {
2959 struct listnode *next;
2960 struct bgp *bgp;
2961 struct bgp *bgp_default = bgp_get_default();
2962
2963 assert(bgp_default);
2964
2965 /* First, do any exporting from VRFs to the single VPN RIB */
2966 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2967
2968 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2969 continue;
2970
2971 vpn_leak_postchange(
2972 BGP_VPN_POLICY_DIR_TOVPN,
2973 AFI_IP,
2974 bgp_default,
2975 bgp);
2976
2977 vpn_leak_postchange(
2978 BGP_VPN_POLICY_DIR_TOVPN,
2979 AFI_IP6,
2980 bgp_default,
2981 bgp);
2982 }
2983
2984 /* Now, do any importing to VRFs from the single VPN RIB */
2985 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2986
2987 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2988 continue;
2989
2990 vpn_leak_postchange(
2991 BGP_VPN_POLICY_DIR_FROMVPN,
2992 AFI_IP,
2993 bgp_default,
2994 bgp);
2995
2996 vpn_leak_postchange(
2997 BGP_VPN_POLICY_DIR_FROMVPN,
2998 AFI_IP6,
2999 bgp_default,
3000 bgp);
3001 }
3002 }
3003
3004 /* When a bgp vrf instance is unconfigured, remove its routes
3005 * from the VPN table and this vrf could be importing routes from other
3006 * bgp vrf instnaces, unimport them.
3007 * VRF X and VRF Y are exporting routes to each other.
3008 * When VRF X is deleted, unimport its routes from all target vrfs,
3009 * also VRF Y should unimport its routes from VRF X table.
3010 * This will ensure VPN table is cleaned up appropriately.
3011 */
3012 void bgp_vpn_leak_unimport(struct bgp *from_bgp)
3013 {
3014 struct bgp *to_bgp;
3015 const char *tmp_name;
3016 char *vname;
3017 struct listnode *node, *next;
3018 safi_t safi = SAFI_UNICAST;
3019 afi_t afi;
3020 bool is_vrf_leak_bind;
3021 int debug;
3022
3023 if (from_bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3024 return;
3025
3026 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
3027 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
3028
3029 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
3030
3031 for (afi = 0; afi < AFI_MAX; ++afi) {
3032 /* vrf leak is for IPv4 and IPv6 Unicast only */
3033 if (afi != AFI_IP && afi != AFI_IP6)
3034 continue;
3035
3036 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
3037 if (from_bgp == to_bgp)
3038 continue;
3039
3040 /* Unimport and remove source vrf from the
3041 * other vrfs import list.
3042 */
3043 struct vpn_policy *to_vpolicy;
3044
3045 is_vrf_leak_bind = false;
3046 to_vpolicy = &(to_bgp->vpn_policy[afi]);
3047 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf, node,
3048 vname)) {
3049 if (strcmp(vname, tmp_name) == 0) {
3050 is_vrf_leak_bind = true;
3051 break;
3052 }
3053 }
3054 /* skip this bgp instance as there is no leak to this
3055 * vrf instance.
3056 */
3057 if (!is_vrf_leak_bind)
3058 continue;
3059
3060 if (debug)
3061 zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u",
3062 __func__, from_bgp->name_pretty,
3063 to_bgp->name_pretty, afi2str(afi),
3064 to_vpolicy->import_vrf->count);
3065
3066 vrf_unimport_from_vrf(to_bgp, from_bgp, afi, safi);
3067
3068 /* readd vrf name as unimport removes import vrf name
3069 * from the destination vrf's import list where the
3070 * `import vrf` configuration still exist.
3071 */
3072 vname = XSTRDUP(MTYPE_TMP, tmp_name);
3073 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
3074 vname);
3075 SET_FLAG(to_bgp->af_flags[afi][safi],
3076 BGP_CONFIG_VRF_TO_VRF_IMPORT);
3077
3078 /* If to_bgp exports its routes to the bgp vrf
3079 * which is being deleted, un-import the
3080 * to_bgp routes from VPN.
3081 */
3082 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi]
3083 .export_vrf, node,
3084 vname)) {
3085 if (strcmp(vname, tmp_name) == 0) {
3086 vrf_unimport_from_vrf(from_bgp, to_bgp,
3087 afi, safi);
3088 break;
3089 }
3090 }
3091 }
3092 }
3093 return;
3094 }
3095
3096 /* When a router bgp is configured, there could be a bgp vrf
3097 * instance importing routes from this newly configured
3098 * bgp vrf instance. Export routes from configured
3099 * bgp vrf to VPN.
3100 * VRF Y has import from bgp vrf x,
3101 * when a bgp vrf x instance is created, export its routes
3102 * to VRF Y instance.
3103 */
3104 void bgp_vpn_leak_export(struct bgp *from_bgp)
3105 {
3106 afi_t afi;
3107 const char *export_name;
3108 char *vname;
3109 struct listnode *node, *next;
3110 struct ecommunity *ecom;
3111 enum vpn_policy_direction idir, edir;
3112 safi_t safi = SAFI_UNICAST;
3113 struct bgp *to_bgp;
3114 int debug;
3115
3116 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
3117 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
3118
3119 idir = BGP_VPN_POLICY_DIR_FROMVPN;
3120 edir = BGP_VPN_POLICY_DIR_TOVPN;
3121
3122 export_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
3123
3124 for (afi = 0; afi < AFI_MAX; ++afi) {
3125 /* vrf leak is for IPv4 and IPv6 Unicast only */
3126 if (afi != AFI_IP && afi != AFI_IP6)
3127 continue;
3128
3129 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
3130 if (from_bgp == to_bgp)
3131 continue;
3132
3133 /* bgp instance has import list, check to see if newly
3134 * configured bgp instance is the list.
3135 */
3136 struct vpn_policy *to_vpolicy;
3137
3138 to_vpolicy = &(to_bgp->vpn_policy[afi]);
3139 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf,
3140 node, vname)) {
3141 if (strcmp(vname, export_name) != 0)
3142 continue;
3143
3144 if (debug)
3145 zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.",
3146 __func__,
3147 export_name, to_bgp->name_pretty);
3148
3149 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
3150 /* remove import rt, it will be readded
3151 * as part of import from vrf.
3152 */
3153 if (ecom)
3154 ecommunity_del_val(
3155 to_vpolicy->rtlist[idir],
3156 (struct ecommunity_val *)
3157 ecom->val);
3158 vrf_import_from_vrf(to_bgp, from_bgp,
3159 afi, safi);
3160 break;
3161
3162 }
3163 }
3164 }
3165 }
FRRouting mirror