]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #5686 from qlyoung/fix-bgp-fqdn-capability-leak
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
1 /* MPLS-VPN
2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "command.h"
24 #include "prefix.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "stream.h"
28 #include "queue.h"
29 #include "filter.h"
30 #include "mpls.h"
31 #include "json.h"
32 #include "zclient.h"
33
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_errors.h"
37 #include "bgpd/bgp_table.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_attr.h"
40 #include "bgpd/bgp_label.h"
41 #include "bgpd/bgp_mplsvpn.h"
42 #include "bgpd/bgp_packet.h"
43 #include "bgpd/bgp_vty.h"
44 #include "bgpd/bgp_vpn.h"
45 #include "bgpd/bgp_ecommunity.h"
46 #include "bgpd/bgp_zebra.h"
47 #include "bgpd/bgp_nexthop.h"
48 #include "bgpd/bgp_nht.h"
49 #include "bgpd/bgp_evpn.h"
50
51 #if ENABLE_BGP_VNC
52 #include "bgpd/rfapi/rfapi_backend.h"
53 #endif
54
55 /*
56 * Definitions and external declarations.
57 */
58 extern struct zclient *zclient;
59
60 extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
61 int *index, afi_t *afi)
62 {
63 int ret = 0;
64 if (argv_find(argv, argc, "vpnv4", index)) {
65 ret = 1;
66 if (afi)
67 *afi = AFI_IP;
68 } else if (argv_find(argv, argc, "vpnv6", index)) {
69 ret = 1;
70 if (afi)
71 *afi = AFI_IP6;
72 }
73 return ret;
74 }
75
76 uint32_t decode_label(mpls_label_t *label_pnt)
77 {
78 uint32_t l;
79 uint8_t *pnt = (uint8_t *)label_pnt;
80
81 l = ((uint32_t)*pnt++ << 12);
82 l |= (uint32_t)*pnt++ << 4;
83 l |= (uint32_t)((*pnt & 0xf0) >> 4);
84 return l;
85 }
86
87 void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
88 {
89 uint8_t *pnt = (uint8_t *)label_pnt;
90 if (pnt == NULL)
91 return;
92 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
93 *label_pnt = label;
94 return;
95 }
96 *pnt++ = (label >> 12) & 0xff;
97 *pnt++ = (label >> 4) & 0xff;
98 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
99 }
100
101 int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
102 struct bgp_nlri *packet)
103 {
104 uint8_t *pnt;
105 uint8_t *lim;
106 struct prefix p;
107 int psize = 0;
108 int prefixlen;
109 uint16_t type;
110 struct rd_as rd_as;
111 struct rd_ip rd_ip;
112 struct prefix_rd prd = {0};
113 mpls_label_t label = {0};
114 afi_t afi;
115 safi_t safi;
116 int addpath_encoded;
117 uint32_t addpath_id;
118
119 /* Make prefix_rd */
120 prd.family = AF_UNSPEC;
121 prd.prefixlen = 64;
122
123 pnt = packet->nlri;
124 lim = pnt + packet->length;
125 afi = packet->afi;
126 safi = packet->safi;
127 addpath_id = 0;
128
129 addpath_encoded =
130 (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ADDPATH_AF_RX_ADV)
131 && CHECK_FLAG(peer->af_cap[afi][safi],
132 PEER_CAP_ADDPATH_AF_TX_RCV));
133
134 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
135 for (; pnt < lim; pnt += psize) {
136 /* Clear prefix structure. */
137 memset(&p, 0, sizeof(struct prefix));
138
139 if (addpath_encoded) {
140
141 /* When packet overflow occurs return immediately. */
142 if (pnt + BGP_ADDPATH_ID_LEN > lim)
143 return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
144
145 memcpy(&addpath_id, pnt, BGP_ADDPATH_ID_LEN);
146 addpath_id = ntohl(addpath_id);
147 pnt += BGP_ADDPATH_ID_LEN;
148 }
149
150 /* Fetch prefix length. */
151 prefixlen = *pnt++;
152 p.family = afi2family(packet->afi);
153 psize = PSIZE(prefixlen);
154
155 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
156 flog_err(
157 EC_BGP_UPDATE_RCV,
158 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
159 peer->host, prefixlen);
160 return BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH;
161 }
162
163 /* sanity check against packet data */
164 if ((pnt + psize) > lim) {
165 flog_err(
166 EC_BGP_UPDATE_RCV,
167 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
168 peer->host, prefixlen, (uint)(lim - pnt));
169 return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
170 }
171
172 /* sanity check against storage for the IP address portion */
173 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
174 flog_err(
175 EC_BGP_UPDATE_RCV,
176 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
177 peer->host,
178 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
179 sizeof(p.u));
180 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
181 }
182
183 /* Sanity check against max bitlen of the address family */
184 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
185 flog_err(
186 EC_BGP_UPDATE_RCV,
187 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
188 peer->host,
189 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
190 p.family, prefix_blen(&p));
191 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
192 }
193
194 /* Copy label to prefix. */
195 memcpy(&label, pnt, BGP_LABEL_BYTES);
196 bgp_set_valid_label(&label);
197
198 /* Copy routing distinguisher to rd. */
199 memcpy(&prd.val, pnt + BGP_LABEL_BYTES, 8);
200
201 /* Decode RD type. */
202 type = decode_rd_type(pnt + BGP_LABEL_BYTES);
203
204 switch (type) {
205 case RD_TYPE_AS:
206 decode_rd_as(pnt + 5, &rd_as);
207 break;
208
209 case RD_TYPE_AS4:
210 decode_rd_as4(pnt + 5, &rd_as);
211 break;
212
213 case RD_TYPE_IP:
214 decode_rd_ip(pnt + 5, &rd_ip);
215 break;
216
217 #if ENABLE_BGP_VNC
218 case RD_TYPE_VNC_ETH:
219 break;
220 #endif
221
222 default:
223 flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type);
224 break; /* just report */
225 }
226
227 p.prefixlen =
228 prefixlen
229 - VPN_PREFIXLEN_MIN_BYTES * 8; /* exclude label & RD */
230 memcpy(p.u.val, pnt + VPN_PREFIXLEN_MIN_BYTES,
231 psize - VPN_PREFIXLEN_MIN_BYTES);
232
233 if (attr) {
234 bgp_update(peer, &p, addpath_id, attr, packet->afi,
235 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
236 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
237 } else {
238 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
239 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
240 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
241 }
242 }
243 /* Packet length consistency check. */
244 if (pnt != lim) {
245 flog_err(
246 EC_BGP_UPDATE_RCV,
247 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
248 peer->host, lim - pnt);
249 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
250 }
251
252 return 0;
253 #undef VPN_PREFIXLEN_MIN_BYTES
254 }
255
256 /*
257 * This function informs zebra of the label this vrf sets on routes
258 * leaked to VPN. Zebra should install this label in the kernel with
259 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
260 *
261 * Sending this vrf-label association is qualified by a) whether vrf->vpn
262 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
263 * are set) and b) whether vpn-policy label is set.
264 *
265 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
266 * for this vrf, which zebra interprets to mean "delete this vrf-label
267 * association."
268 */
269 void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
270 {
271 mpls_label_t label = MPLS_LABEL_NONE;
272 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
273
274 if (bgp->vrf_id == VRF_UNKNOWN) {
275 if (debug) {
276 zlog_debug(
277 "%s: vrf %s: afi %s: vrf_id not set, "
278 "can't set zebra vrf label",
279 __func__, bgp->name_pretty, afi2str(afi));
280 }
281 return;
282 }
283
284 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
285 label = bgp->vpn_policy[afi].tovpn_label;
286 }
287
288 if (debug) {
289 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
290 __func__, bgp->name_pretty, afi2str(afi), label,
291 bgp->vrf_id);
292 }
293
294 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
295 label = MPLS_LABEL_NONE;
296 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
297 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
298 }
299
300 /*
301 * If zebra tells us vrf has become unconfigured, tell zebra not to
302 * use this label to forward to the vrf anymore
303 */
304 void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
305 {
306 mpls_label_t label = MPLS_LABEL_NONE;
307 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
308
309 if (bgp->vrf_id == VRF_UNKNOWN) {
310 if (debug) {
311 zlog_debug(
312 "%s: vrf_id not set, can't delete zebra vrf label",
313 __func__);
314 }
315 return;
316 }
317
318 if (debug) {
319 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
320 bgp->name_pretty, bgp->vrf_id);
321 }
322
323 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
324 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
325 }
326
327 int vpn_leak_label_callback(
328 mpls_label_t label,
329 void *labelid,
330 bool allocated)
331 {
332 struct vpn_policy *vp = (struct vpn_policy *)labelid;
333 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
334
335 if (debug)
336 zlog_debug("%s: label=%u, allocated=%d",
337 __func__, label, allocated);
338
339 if (!allocated) {
340 /*
341 * previously-allocated label is now invalid
342 */
343 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
344 (vp->tovpn_label != MPLS_LABEL_NONE)) {
345
346 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
347 vp->afi, bgp_get_default(), vp->bgp);
348 vp->tovpn_label = MPLS_LABEL_NONE;
349 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
350 vp->afi, bgp_get_default(), vp->bgp);
351 }
352 return 0;
353 }
354
355 /*
356 * New label allocation
357 */
358 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
359
360 /*
361 * not currently configured for auto label, reject allocation
362 */
363 return -1;
364 }
365
366 if (vp->tovpn_label != MPLS_LABEL_NONE) {
367 if (label == vp->tovpn_label) {
368 /* already have same label, accept but do nothing */
369 return 0;
370 }
371 /* Shouldn't happen: different label allocation */
372 flog_err(EC_BGP_LABEL,
373 "%s: %s had label %u but got new assignment %u",
374 __func__, vp->bgp->name_pretty, vp->tovpn_label,
375 label);
376 /* use new one */
377 }
378
379 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
380 vp->afi, bgp_get_default(), vp->bgp);
381 vp->tovpn_label = label;
382 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
383 vp->afi, bgp_get_default(), vp->bgp);
384
385 return 0;
386 }
387
388 static int ecom_intersect(struct ecommunity *e1, struct ecommunity *e2)
389 {
390 int i;
391 int j;
392
393 if (!e1 || !e2)
394 return 0;
395
396 for (i = 0; i < e1->size; ++i) {
397 for (j = 0; j < e2->size; ++j) {
398 if (!memcmp(e1->val + (i * ECOMMUNITY_SIZE),
399 e2->val + (j * ECOMMUNITY_SIZE),
400 ECOMMUNITY_SIZE)) {
401
402 return 1;
403 }
404 }
405 }
406 return 0;
407 }
408
409 static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label,
410 uint32_t n)
411 {
412 uint32_t i;
413
414 if (!bpi->extra) {
415 if (!n)
416 return true;
417 else
418 return false;
419 }
420
421 if (n != bpi->extra->num_labels)
422 return false;
423
424 for (i = 0; i < n; ++i) {
425 if (label[i] != bpi->extra->label[i])
426 return false;
427 }
428 return true;
429 }
430
431 /*
432 * make encoded route labels match specified encoded label set
433 */
434 static void setlabels(struct bgp_path_info *bpi,
435 mpls_label_t *label, /* array of labels */
436 uint32_t num_labels)
437 {
438 if (num_labels)
439 assert(label);
440 assert(num_labels <= BGP_MAX_LABELS);
441
442 if (!num_labels) {
443 if (bpi->extra)
444 bpi->extra->num_labels = 0;
445 return;
446 }
447
448 struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi);
449 uint32_t i;
450
451 for (i = 0; i < num_labels; ++i) {
452 extra->label[i] = label[i];
453 if (!bgp_is_valid_label(&label[i])) {
454 bgp_set_valid_label(&extra->label[i]);
455 }
456 }
457 extra->num_labels = num_labels;
458 }
459
460 /*
461 * returns pointer to new bgp_path_info upon success
462 */
463 static struct bgp_path_info *
464 leak_update(struct bgp *bgp, /* destination bgp instance */
465 struct bgp_node *bn, struct attr *new_attr, /* already interned */
466 afi_t afi, safi_t safi, struct bgp_path_info *source_bpi,
467 mpls_label_t *label, uint32_t num_labels, void *parent,
468 struct bgp *bgp_orig, struct prefix *nexthop_orig,
469 int nexthop_self_flag, int debug)
470 {
471 struct prefix *p = &bn->p;
472 struct bgp_path_info *bpi;
473 struct bgp_path_info *bpi_ultimate;
474 struct bgp_path_info *new;
475 char buf_prefix[PREFIX_STRLEN];
476
477 if (debug) {
478 prefix2str(&bn->p, buf_prefix, sizeof(buf_prefix));
479 zlog_debug("%s: entry: leak-to=%s, p=%s, type=%d, sub_type=%d",
480 __func__, bgp->name_pretty, buf_prefix,
481 source_bpi->type, source_bpi->sub_type);
482 }
483
484 /*
485 * Routes that are redistributed into BGP from zebra do not get
486 * nexthop tracking. However, if those routes are subsequently
487 * imported to other RIBs within BGP, the leaked routes do not
488 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
489 * in order to determine if the route we are currently leaking
490 * should have nexthop tracking, we must find the ultimate
491 * parent so we can check its sub_type.
492 *
493 * As of now, source_bpi may at most be a second-generation route
494 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
495 * Using a loop here supports more complex intra-bgp import-export
496 * schemes that could be implemented in the future.
497 *
498 */
499 for (bpi_ultimate = source_bpi;
500 bpi_ultimate->extra && bpi_ultimate->extra->parent;
501 bpi_ultimate = bpi_ultimate->extra->parent)
502 ;
503
504 /*
505 * match parent
506 */
507 for (bpi = bgp_node_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
508 if (bpi->extra && bpi->extra->parent == parent)
509 break;
510 }
511
512 if (bpi) {
513 bool labelssame = labels_same(bpi, label, num_labels);
514
515 if (attrhash_cmp(bpi->attr, new_attr) && labelssame
516 && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
517
518 bgp_attr_unintern(&new_attr);
519 if (debug)
520 zlog_debug(
521 "%s: ->%s: %s: Found route, no change",
522 __func__, bgp->name_pretty,
523 buf_prefix);
524 return NULL;
525 }
526
527 /* attr is changed */
528 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED);
529
530 /* Rewrite BGP route information. */
531 if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED))
532 bgp_path_info_restore(bn, bpi);
533 else
534 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
535 bgp_attr_unintern(&bpi->attr);
536 bpi->attr = new_attr;
537 bpi->uptime = bgp_clock();
538
539 /*
540 * rewrite labels
541 */
542 if (!labelssame)
543 setlabels(bpi, label, num_labels);
544
545 if (nexthop_self_flag)
546 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF);
547
548 struct bgp *bgp_nexthop = bgp;
549 int nh_valid;
550
551 if (bpi->extra && bpi->extra->bgp_orig)
552 bgp_nexthop = bpi->extra->bgp_orig;
553
554 /*
555 * No nexthop tracking for redistributed routes or for
556 * EVPN-imported routes that get leaked.
557 */
558 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
559 is_pi_family_evpn(bpi_ultimate))
560 nh_valid = 1;
561 else
562 /*
563 * TBD do we need to do anything about the
564 * 'connected' parameter?
565 */
566 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop,
567 afi, bpi, NULL, 0);
568
569 if (debug)
570 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
571 __func__, (nh_valid ? "" : "not "),
572 bgp_nexthop->name_pretty);
573
574 if (nh_valid)
575 bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID);
576
577 /* Process change. */
578 bgp_aggregate_increment(bgp, p, bpi, afi, safi);
579 bgp_process(bgp, bn, afi, safi);
580 bgp_unlock_node(bn);
581
582 if (debug)
583 zlog_debug("%s: ->%s: %s Found route, changed attr",
584 __func__, bgp->name_pretty, buf_prefix);
585
586 return bpi;
587 }
588
589 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
590 bgp->peer_self, new_attr, bn);
591
592 if (nexthop_self_flag)
593 bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF);
594
595 bgp_path_info_extra_get(new);
596
597 if (num_labels)
598 setlabels(new, label, num_labels);
599
600 new->extra->parent = bgp_path_info_lock(parent);
601 bgp_lock_node((struct bgp_node *)((struct bgp_path_info *)parent)->net);
602 if (bgp_orig)
603 new->extra->bgp_orig = bgp_lock(bgp_orig);
604 if (nexthop_orig)
605 new->extra->nexthop_orig = *nexthop_orig;
606
607 /*
608 * nexthop tracking for unicast routes
609 */
610 struct bgp *bgp_nexthop = bgp;
611 int nh_valid;
612
613 if (new->extra->bgp_orig)
614 bgp_nexthop = new->extra->bgp_orig;
615
616 /*
617 * No nexthop tracking for redistributed routes because
618 * their originating protocols will do the tracking and
619 * withdraw those routes if the nexthops become unreachable
620 * This also holds good for EVPN-imported routes that get
621 * leaked.
622 */
623 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
624 is_pi_family_evpn(bpi_ultimate))
625 nh_valid = 1;
626 else
627 /*
628 * TBD do we need to do anything about the
629 * 'connected' parameter?
630 */
631 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop,
632 afi, new, NULL, 0);
633
634 if (debug)
635 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
636 __func__, (nh_valid ? "" : "not "),
637 bgp_nexthop->name_pretty);
638 if (nh_valid)
639 bgp_path_info_set_flag(bn, new, BGP_PATH_VALID);
640
641 bgp_aggregate_increment(bgp, p, new, afi, safi);
642 bgp_path_info_add(bn, new);
643
644 bgp_unlock_node(bn);
645 bgp_process(bgp, bn, afi, safi);
646
647 if (debug)
648 zlog_debug("%s: ->%s: %s: Added new route", __func__,
649 bgp->name_pretty, buf_prefix);
650
651 return new;
652 }
653
654 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
655 void vpn_leak_from_vrf_update(struct bgp *bgp_vpn, /* to */
656 struct bgp *bgp_vrf, /* from */
657 struct bgp_path_info *path_vrf) /* route */
658 {
659 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
660 struct prefix *p = &path_vrf->net->p;
661 afi_t afi = family2afi(p->family);
662 struct attr static_attr = {0};
663 struct attr *new_attr = NULL;
664 safi_t safi = SAFI_MPLS_VPN;
665 mpls_label_t label_val;
666 mpls_label_t label;
667 struct bgp_node *bn;
668 const char *debugmsg;
669 int nexthop_self_flag = 0;
670
671 if (debug)
672 zlog_debug("%s: from vrf %s", __func__, bgp_vrf->name_pretty);
673
674 if (debug && path_vrf->attr->ecommunity) {
675 char *s = ecommunity_ecom2str(path_vrf->attr->ecommunity,
676 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
677
678 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__,
679 bgp_vrf->name, path_vrf->type, s);
680 XFREE(MTYPE_ECOMMUNITY_STR, s);
681 }
682
683 if (!bgp_vpn)
684 return;
685
686 if (!afi) {
687 if (debug)
688 zlog_debug("%s: can't get afi of prefix", __func__);
689 return;
690 }
691
692 /* Is this route exportable into the VPN table? */
693 if (!is_route_injectable_into_vpn(path_vrf))
694 return;
695
696 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
697 if (debug)
698 zlog_debug("%s: %s skipping: %s", __func__,
699 bgp_vrf->name, debugmsg);
700 return;
701 }
702
703 /* shallow copy */
704 static_attr = *path_vrf->attr;
705
706 /*
707 * route map handling
708 */
709 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
710 struct bgp_path_info info;
711 route_map_result_t ret;
712
713 memset(&info, 0, sizeof(info));
714 info.peer = bgp_vpn->peer_self;
715 info.attr = &static_attr;
716 ret = route_map_apply(
717 bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN],
718 p, RMAP_BGP, &info);
719 if (RMAP_DENYMATCH == ret) {
720 bgp_attr_flush(&static_attr); /* free any added parts */
721 if (debug)
722 zlog_debug(
723 "%s: vrf %s route map \"%s\" says DENY, returning",
724 __func__, bgp_vrf->name_pretty,
725 bgp_vrf->vpn_policy[afi]
726 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
727 ->name);
728 return;
729 }
730 }
731
732 if (debug && static_attr.ecommunity) {
733 char *s = ecommunity_ecom2str(static_attr.ecommunity,
734 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
735
736 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
737 __func__, s);
738 XFREE(MTYPE_ECOMMUNITY_STR, s);
739 }
740
741 /*
742 * Add the vpn-policy rt-list
743 */
744 struct ecommunity *old_ecom;
745 struct ecommunity *new_ecom;
746
747 old_ecom = static_attr.ecommunity;
748 if (old_ecom) {
749 new_ecom = ecommunity_merge(
750 ecommunity_dup(old_ecom),
751 bgp_vrf->vpn_policy[afi]
752 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
753 if (!old_ecom->refcnt)
754 ecommunity_free(&old_ecom);
755 } else {
756 new_ecom = ecommunity_dup(
757 bgp_vrf->vpn_policy[afi]
758 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
759 }
760 static_attr.ecommunity = new_ecom;
761 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
762
763 if (debug && static_attr.ecommunity) {
764 char *s = ecommunity_ecom2str(static_attr.ecommunity,
765 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
766
767 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
768 __func__, s);
769 XFREE(MTYPE_ECOMMUNITY_STR, s);
770 }
771
772 /* Nexthop */
773 /* if policy nexthop not set, use 0 */
774 if (CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
775 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
776 struct prefix *nexthop =
777 &bgp_vrf->vpn_policy[afi].tovpn_nexthop;
778
779 switch (nexthop->family) {
780 case AF_INET:
781 /* prevent mp_nexthop_global_in <- self in bgp_route.c
782 */
783 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
784
785 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
786 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV4;
787 break;
788
789 case AF_INET6:
790 static_attr.mp_nexthop_global = nexthop->u.prefix6;
791 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL;
792 break;
793
794 default:
795 assert(0);
796 }
797 } else {
798 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST],
799 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
800 if (afi == AFI_IP) {
801 /*
802 * For ipv4, copy to multiprotocol
803 * nexthop field
804 */
805 static_attr.mp_nexthop_global_in =
806 static_attr.nexthop;
807 static_attr.mp_nexthop_len =
808 BGP_ATTR_NHLEN_IPV4;
809 /*
810 * XXX Leave static_attr.nexthop
811 * intact for NHT
812 */
813 static_attr.flag &=
814 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
815 }
816 } else {
817 /* Update based on next-hop family to account for
818 * RFC 5549 (BGP unnumbered) scenario. Note that
819 * specific action is only needed for the case of
820 * IPv4 nexthops as the attr has been copied
821 * otherwise.
822 */
823 if (afi == AFI_IP
824 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
825 static_attr.mp_nexthop_global_in.s_addr =
826 static_attr.nexthop.s_addr;
827 static_attr.mp_nexthop_len =
828 BGP_ATTR_NHLEN_IPV4;
829 static_attr.flag |=
830 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
831 }
832 }
833 nexthop_self_flag = 1;
834 }
835
836 label_val = bgp_vrf->vpn_policy[afi].tovpn_label;
837 if (label_val == MPLS_LABEL_NONE) {
838 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
839 } else {
840 encode_label(label_val, &label);
841 }
842
843 /* Set originator ID to "me" */
844 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
845 static_attr.originator_id = bgp_vpn->router_id;
846
847
848 new_attr = bgp_attr_intern(
849 &static_attr); /* hashed refcounted everything */
850 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
851
852 if (debug && new_attr->ecommunity) {
853 char *s = ecommunity_ecom2str(new_attr->ecommunity,
854 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
855
856 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
857 XFREE(MTYPE_ECOMMUNITY_STR, s);
858 }
859
860 /* Now new_attr is an allocated interned attr */
861
862 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
863 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
864
865 struct bgp_path_info *new_info;
866
867 new_info = leak_update(bgp_vpn, bn, new_attr, afi, safi, path_vrf,
868 &label, 1, path_vrf, bgp_vrf, NULL,
869 nexthop_self_flag, debug);
870
871 /*
872 * Routes actually installed in the vpn RIB must also be
873 * offered to all vrfs (because now they originate from
874 * the vpn RIB).
875 *
876 * Acceptance into other vrfs depends on rt-lists.
877 * Originating vrf will not accept the looped back route
878 * because of loop checking.
879 */
880 if (new_info)
881 vpn_leak_to_vrf_update(bgp_vrf, new_info);
882 }
883
884 void vpn_leak_from_vrf_withdraw(struct bgp *bgp_vpn, /* to */
885 struct bgp *bgp_vrf, /* from */
886 struct bgp_path_info *path_vrf) /* route */
887 {
888 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
889 struct prefix *p = &path_vrf->net->p;
890 afi_t afi = family2afi(p->family);
891 safi_t safi = SAFI_MPLS_VPN;
892 struct bgp_path_info *bpi;
893 struct bgp_node *bn;
894 const char *debugmsg;
895 char buf_prefix[PREFIX_STRLEN];
896
897 if (debug) {
898 prefix2str(p, buf_prefix, sizeof(buf_prefix));
899 zlog_debug(
900 "%s: entry: leak-from=%s, p=%s, type=%d, sub_type=%d",
901 __func__, bgp_vrf->name_pretty, buf_prefix,
902 path_vrf->type, path_vrf->sub_type);
903 }
904
905 if (!bgp_vpn)
906 return;
907
908 if (!afi) {
909 if (debug)
910 zlog_debug("%s: can't get afi of prefix", __func__);
911 return;
912 }
913
914 /* Is this route exportable into the VPN table? */
915 if (!is_route_injectable_into_vpn(path_vrf))
916 return;
917
918 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
919 if (debug)
920 zlog_debug("%s: skipping: %s", __func__, debugmsg);
921 return;
922 }
923
924 if (debug)
925 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf);
926
927 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
928 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
929
930 if (!bn)
931 return;
932 /*
933 * vrf -> vpn
934 * match original bpi imported from
935 */
936 for (bpi = bgp_node_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
937 if (bpi->extra && bpi->extra->parent == path_vrf) {
938 break;
939 }
940 }
941
942 if (bpi) {
943 /* withdraw from looped vrfs as well */
944 vpn_leak_to_vrf_withdraw(bgp_vpn, bpi);
945
946 bgp_aggregate_decrement(bgp_vpn, p, bpi, afi, safi);
947 bgp_path_info_delete(bn, bpi);
948 bgp_process(bgp_vpn, bn, afi, safi);
949 }
950 bgp_unlock_node(bn);
951 }
952
953 void vpn_leak_from_vrf_withdraw_all(struct bgp *bgp_vpn, /* to */
954 struct bgp *bgp_vrf, /* from */
955 afi_t afi)
956 {
957 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
958 struct bgp_node *prn;
959 safi_t safi = SAFI_MPLS_VPN;
960
961 /*
962 * Walk vpn table, delete bpi with bgp_orig == bgp_vrf
963 */
964 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
965 prn = bgp_route_next(prn)) {
966
967 struct bgp_table *table;
968 struct bgp_node *bn;
969 struct bgp_path_info *bpi;
970
971 /* This is the per-RD table of prefixes */
972 table = bgp_node_get_bgp_table_info(prn);
973
974 if (!table)
975 continue;
976
977 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
978
979 char buf[PREFIX2STR_BUFFER];
980
981 bpi = bgp_node_get_bgp_path_info(bn);
982 if (debug && bpi) {
983 zlog_debug(
984 "%s: looking at prefix %s", __func__,
985 prefix2str(&bn->p, buf, sizeof(buf)));
986 }
987
988 for (; bpi; bpi = bpi->next) {
989 if (debug)
990 zlog_debug("%s: type %d, sub_type %d",
991 __func__, bpi->type,
992 bpi->sub_type);
993 if (bpi->sub_type != BGP_ROUTE_IMPORTED)
994 continue;
995 if (!bpi->extra)
996 continue;
997 if ((struct bgp *)bpi->extra->bgp_orig
998 == bgp_vrf) {
999 /* delete route */
1000 if (debug)
1001 zlog_debug("%s: deleting it",
1002 __func__);
1003 bgp_aggregate_decrement(bgp_vpn, &bn->p,
1004 bpi, afi, safi);
1005 bgp_path_info_delete(bn, bpi);
1006 bgp_process(bgp_vpn, bn, afi, safi);
1007 }
1008 }
1009 }
1010 }
1011 }
1012
1013 void vpn_leak_from_vrf_update_all(struct bgp *bgp_vpn, /* to */
1014 struct bgp *bgp_vrf, /* from */
1015 afi_t afi)
1016 {
1017 struct bgp_node *bn;
1018 struct bgp_path_info *bpi;
1019 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1020
1021 if (debug)
1022 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
1023 bgp_vrf->name_pretty);
1024
1025 for (bn = bgp_table_top(bgp_vrf->rib[afi][SAFI_UNICAST]); bn;
1026 bn = bgp_route_next(bn)) {
1027
1028 if (debug)
1029 zlog_debug("%s: node=%p", __func__, bn);
1030
1031 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1032 bpi = bpi->next) {
1033 if (debug)
1034 zlog_debug(
1035 "%s: calling vpn_leak_from_vrf_update",
1036 __func__);
1037 vpn_leak_from_vrf_update(bgp_vpn, bgp_vrf, bpi);
1038 }
1039 }
1040 }
1041
1042 static void
1043 vpn_leak_to_vrf_update_onevrf(struct bgp *bgp_vrf, /* to */
1044 struct bgp *bgp_vpn, /* from */
1045 struct bgp_path_info *path_vpn) /* route */
1046 {
1047 struct prefix *p = &path_vpn->net->p;
1048 afi_t afi = family2afi(p->family);
1049
1050 struct attr static_attr = {0};
1051 struct attr *new_attr = NULL;
1052 struct bgp_node *bn;
1053 safi_t safi = SAFI_UNICAST;
1054 const char *debugmsg;
1055 struct prefix nexthop_orig;
1056 mpls_label_t *pLabels = NULL;
1057 uint32_t num_labels = 0;
1058 int nexthop_self_flag = 1;
1059 struct bgp_path_info *bpi_ultimate = NULL;
1060 int origin_local = 0;
1061 struct bgp *src_vrf;
1062
1063 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1064
1065 if (!vpn_leak_from_vpn_active(bgp_vrf, afi, &debugmsg)) {
1066 if (debug)
1067 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1068 return;
1069 }
1070
1071 /* Check for intersection of route targets */
1072 if (!ecom_intersect(
1073 bgp_vrf->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1074 path_vpn->attr->ecommunity)) {
1075
1076 return;
1077 }
1078
1079 if (debug) {
1080 char buf_prefix[PREFIX_STRLEN];
1081
1082 prefix2str(p, buf_prefix, sizeof(buf_prefix));
1083 zlog_debug("%s: updating %s to vrf %s", __func__,
1084 buf_prefix, bgp_vrf->name_pretty);
1085 }
1086
1087 /* shallow copy */
1088 static_attr = *path_vpn->attr;
1089
1090 /*
1091 * Nexthop: stash and clear
1092 *
1093 * Nexthop is valid in context of VPN core, but not in destination vrf.
1094 * Stash it for later label resolution by vrf ingress path and then
1095 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1096 */
1097 uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len);
1098
1099 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1100 nexthop_orig.family = nhfamily;
1101
1102 switch (nhfamily) {
1103 case AF_INET:
1104 /* save */
1105 nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in;
1106 nexthop_orig.prefixlen = 32;
1107
1108 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1109 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1110 static_attr.nexthop.s_addr =
1111 nexthop_orig.u.prefix4.s_addr;
1112
1113 static_attr.mp_nexthop_global_in =
1114 path_vpn->attr->mp_nexthop_global_in;
1115 static_attr.mp_nexthop_len =
1116 path_vpn->attr->mp_nexthop_len;
1117 }
1118 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1119 break;
1120 case AF_INET6:
1121 /* save */
1122 nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global;
1123 nexthop_orig.prefixlen = 128;
1124
1125 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1126 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1127 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
1128 }
1129 break;
1130 }
1131
1132 /*
1133 * route map handling
1134 */
1135 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
1136 struct bgp_path_info info;
1137 route_map_result_t ret;
1138
1139 memset(&info, 0, sizeof(info));
1140 info.peer = bgp_vrf->peer_self;
1141 info.attr = &static_attr;
1142 info.extra = path_vpn->extra; /* Used for source-vrf filter */
1143 ret = route_map_apply(bgp_vrf->vpn_policy[afi]
1144 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
1145 p, RMAP_BGP, &info);
1146 if (RMAP_DENYMATCH == ret) {
1147 bgp_attr_flush(&static_attr); /* free any added parts */
1148 if (debug)
1149 zlog_debug(
1150 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
1151 __func__, bgp_vrf->name_pretty,
1152 bgp_vrf->vpn_policy[afi]
1153 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
1154 ->name);
1155 return;
1156 }
1157 /*
1158 * if route-map changed nexthop, don't nexthop-self on output
1159 */
1160 if (!CHECK_FLAG(static_attr.rmap_change_flags,
1161 BATTR_RMAP_NEXTHOP_UNCHANGED))
1162 nexthop_self_flag = 0;
1163 }
1164
1165 new_attr = bgp_attr_intern(&static_attr);
1166 bgp_attr_flush(&static_attr);
1167
1168 bn = bgp_afi_node_get(bgp_vrf->rib[afi][safi], afi, safi, p, NULL);
1169
1170 /*
1171 * ensure labels are copied
1172 *
1173 * However, there is a special case: if the route originated in
1174 * another local VRF (as opposed to arriving via VPN), then the
1175 * nexthop is reached by hairpinning through this router (me)
1176 * using IP forwarding only (no LSP). Therefore, the route
1177 * imported to the VRF should not have labels attached. Note
1178 * that nexthop tracking is also involved: eliminating the
1179 * labels for these routes enables the non-labeled nexthops
1180 * from the originating VRF to be considered valid for this route.
1181 */
1182 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1183 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1184 /* work back to original route */
1185 for (bpi_ultimate = path_vpn;
1186 bpi_ultimate->extra && bpi_ultimate->extra->parent;
1187 bpi_ultimate = bpi_ultimate->extra->parent)
1188 ;
1189
1190 /*
1191 * if original route was unicast,
1192 * then it did not arrive over vpn
1193 */
1194 if (bpi_ultimate->net) {
1195 struct bgp_table *table;
1196
1197 table = bgp_node_table(bpi_ultimate->net);
1198 if (table && (table->safi == SAFI_UNICAST))
1199 origin_local = 1;
1200 }
1201
1202 /* copy labels */
1203 if (!origin_local && path_vpn->extra
1204 && path_vpn->extra->num_labels) {
1205 num_labels = path_vpn->extra->num_labels;
1206 if (num_labels > BGP_MAX_LABELS)
1207 num_labels = BGP_MAX_LABELS;
1208 pLabels = path_vpn->extra->label;
1209 }
1210 }
1211
1212 if (debug) {
1213 char buf_prefix[PREFIX_STRLEN];
1214 prefix2str(p, buf_prefix, sizeof(buf_prefix));
1215 zlog_debug("%s: pfx %s: num_labels %d", __func__, buf_prefix,
1216 num_labels);
1217 }
1218
1219 /*
1220 * For VRF-2-VRF route-leaking,
1221 * the source will be the originating VRF.
1222 */
1223 if (path_vpn->extra && path_vpn->extra->bgp_orig)
1224 src_vrf = path_vpn->extra->bgp_orig;
1225 else
1226 src_vrf = bgp_vpn;
1227
1228 leak_update(bgp_vrf, bn, new_attr, afi, safi, path_vpn, pLabels,
1229 num_labels, path_vpn, /* parent */
1230 src_vrf, &nexthop_orig, nexthop_self_flag, debug);
1231 }
1232
1233 void vpn_leak_to_vrf_update(struct bgp *bgp_vpn, /* from */
1234 struct bgp_path_info *path_vpn) /* route */
1235 {
1236 struct listnode *mnode, *mnnode;
1237 struct bgp *bgp;
1238
1239 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1240
1241 if (debug)
1242 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1243
1244 /* Loop over VRFs */
1245 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1246
1247 if (!path_vpn->extra
1248 || path_vpn->extra->bgp_orig != bgp) { /* no loop */
1249 vpn_leak_to_vrf_update_onevrf(bgp, bgp_vpn, path_vpn);
1250 }
1251 }
1252 }
1253
1254 void vpn_leak_to_vrf_withdraw(struct bgp *bgp_vpn, /* from */
1255 struct bgp_path_info *path_vpn) /* route */
1256 {
1257 struct prefix *p;
1258 afi_t afi;
1259 safi_t safi = SAFI_UNICAST;
1260 struct bgp *bgp;
1261 struct listnode *mnode, *mnnode;
1262 struct bgp_node *bn;
1263 struct bgp_path_info *bpi;
1264 const char *debugmsg;
1265 char buf_prefix[PREFIX_STRLEN];
1266
1267 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1268
1269 if (debug) {
1270 prefix2str(&path_vpn->net->p, buf_prefix, sizeof(buf_prefix));
1271 zlog_debug("%s: entry: p=%s, type=%d, sub_type=%d", __func__,
1272 buf_prefix, path_vpn->type, path_vpn->sub_type);
1273 }
1274
1275 if (debug)
1276 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1277
1278 if (!path_vpn->net) {
1279 #if ENABLE_BGP_VNC
1280 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
1281 if (path_vpn->type == ZEBRA_ROUTE_BGP
1282 && path_vpn->sub_type == BGP_ROUTE_RFP) {
1283
1284 return;
1285 }
1286 #endif
1287 if (debug)
1288 zlog_debug(
1289 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
1290 __func__);
1291 return;
1292 }
1293
1294 p = &path_vpn->net->p;
1295 afi = family2afi(p->family);
1296
1297 /* Loop over VRFs */
1298 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1299 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
1300 if (debug)
1301 zlog_debug("%s: skipping: %s", __func__,
1302 debugmsg);
1303 continue;
1304 }
1305
1306 /* Check for intersection of route targets */
1307 if (!ecom_intersect(bgp->vpn_policy[afi]
1308 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1309 path_vpn->attr->ecommunity)) {
1310
1311 continue;
1312 }
1313
1314 if (debug)
1315 zlog_debug("%s: withdrawing from vrf %s", __func__,
1316 bgp->name_pretty);
1317
1318 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
1319
1320 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1321 bpi = bpi->next) {
1322 if (bpi->extra
1323 && (struct bgp_path_info *)bpi->extra->parent
1324 == path_vpn) {
1325 break;
1326 }
1327 }
1328
1329 if (bpi) {
1330 if (debug)
1331 zlog_debug("%s: deleting bpi %p", __func__,
1332 bpi);
1333 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
1334 bgp_path_info_delete(bn, bpi);
1335 bgp_process(bgp, bn, afi, safi);
1336 }
1337 bgp_unlock_node(bn);
1338 }
1339 }
1340
1341 void vpn_leak_to_vrf_withdraw_all(struct bgp *bgp_vrf, /* to */
1342 afi_t afi)
1343 {
1344 struct bgp_node *bn;
1345 struct bgp_path_info *bpi;
1346 safi_t safi = SAFI_UNICAST;
1347 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1348
1349 if (debug)
1350 zlog_debug("%s: entry", __func__);
1351 /*
1352 * Walk vrf table, delete bpi with bgp_orig in a different vrf
1353 */
1354 for (bn = bgp_table_top(bgp_vrf->rib[afi][safi]); bn;
1355 bn = bgp_route_next(bn)) {
1356
1357 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1358 bpi = bpi->next) {
1359 if (bpi->extra
1360 && bpi->extra->bgp_orig != bgp_vrf
1361 && bpi->extra->parent
1362 && is_pi_family_vpn(bpi->extra->parent)) {
1363
1364 /* delete route */
1365 bgp_aggregate_decrement(bgp_vrf, &bn->p, bpi,
1366 afi, safi);
1367 bgp_path_info_delete(bn, bpi);
1368 bgp_process(bgp_vrf, bn, afi, safi);
1369 }
1370 }
1371 }
1372 }
1373
1374 void vpn_leak_to_vrf_update_all(struct bgp *bgp_vrf, /* to */
1375 struct bgp *bgp_vpn, /* from */
1376 afi_t afi)
1377 {
1378 struct prefix_rd prd;
1379 struct bgp_node *prn;
1380 safi_t safi = SAFI_MPLS_VPN;
1381
1382 assert(bgp_vpn);
1383
1384 /*
1385 * Walk vpn table
1386 */
1387 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
1388 prn = bgp_route_next(prn)) {
1389
1390 struct bgp_table *table;
1391 struct bgp_node *bn;
1392 struct bgp_path_info *bpi;
1393
1394 memset(&prd, 0, sizeof(prd));
1395 prd.family = AF_UNSPEC;
1396 prd.prefixlen = 64;
1397 memcpy(prd.val, prn->p.u.val, 8);
1398
1399 /* This is the per-RD table of prefixes */
1400 table = bgp_node_get_bgp_table_info(prn);
1401
1402 if (!table)
1403 continue;
1404
1405 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1406
1407 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1408 bpi = bpi->next) {
1409
1410 if (bpi->extra
1411 && bpi->extra->bgp_orig == bgp_vrf)
1412 continue;
1413
1414 vpn_leak_to_vrf_update_onevrf(bgp_vrf, bgp_vpn,
1415 bpi);
1416 }
1417 }
1418 }
1419 }
1420
1421 /*
1422 * This function is called for definition/deletion/change to a route-map
1423 */
1424 static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
1425 {
1426 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1427 afi_t afi;
1428 struct route_map *rmap;
1429
1430 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1431 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
1432
1433 return;
1434 }
1435
1436 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
1437
1438 for (afi = 0; afi < AFI_MAX; ++afi) {
1439
1440 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
1441 && !strcmp(rmap_name,
1442 bgp->vpn_policy[afi]
1443 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
1444
1445 if (debug)
1446 zlog_debug(
1447 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
1448 __func__, rmap_name, bgp->as,
1449 afi2str(afi));
1450
1451 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1452 bgp_get_default(), bgp);
1453 if (debug)
1454 zlog_debug("%s: after vpn_leak_prechange",
1455 __func__);
1456
1457 /* in case of definition/deletion */
1458 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
1459 rmap;
1460
1461 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1462 bgp_get_default(), bgp);
1463
1464 if (debug)
1465 zlog_debug("%s: after vpn_leak_postchange",
1466 __func__);
1467 }
1468
1469 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
1470 && !strcmp(rmap_name,
1471 bgp->vpn_policy[afi]
1472 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
1473
1474 if (debug) {
1475 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
1476 __func__, rmap_name, bgp->as,
1477 afi2str(afi));
1478 }
1479
1480 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1481 bgp_get_default(), bgp);
1482
1483 /* in case of definition/deletion */
1484 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
1485 rmap;
1486
1487 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1488 bgp_get_default(), bgp);
1489 }
1490 }
1491 }
1492
1493 /* This API is used during router-id change, reflect VPNs
1494 * auto RD and RT values and readvertise routes to VPN table.
1495 */
1496 void vpn_handle_router_id_update(struct bgp *bgp, bool withdraw,
1497 bool is_config)
1498 {
1499 afi_t afi;
1500 int debug;
1501 char *vname;
1502 const char *export_name;
1503 char buf[RD_ADDRSTRLEN];
1504 struct bgp *bgp_import;
1505 struct listnode *node;
1506 struct ecommunity *ecom;
1507 vpn_policy_direction_t idir, edir;
1508
1509 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1510 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
1511 return;
1512
1513 export_name = bgp->name ? bgp->name : VRF_DEFAULT_NAME;
1514 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1515 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1516
1517 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1518 edir = BGP_VPN_POLICY_DIR_TOVPN;
1519
1520 for (afi = 0; afi < AFI_MAX; ++afi) {
1521 if (!vpn_leak_to_vpn_active(bgp, afi, NULL))
1522 continue;
1523
1524 if (withdraw) {
1525 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
1526 afi, bgp_get_default(), bgp);
1527 if (debug)
1528 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
1529 __func__, export_name);
1530
1531 /* Remove import RT from VRFs */
1532 ecom = bgp->vpn_policy[afi].rtlist[edir];
1533 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1534 export_vrf, node, vname)) {
1535 bgp_import = bgp_lookup_by_name(vname);
1536 if (!bgp_import)
1537 continue;
1538
1539 ecommunity_del_val(bgp_import->vpn_policy[afi].
1540 rtlist[idir],
1541 (struct ecommunity_val *)ecom->val);
1542
1543 }
1544 } else {
1545 /*
1546 * Router-id changes that are not explicit config
1547 * changes should not replace configured RD/RT.
1548 */
1549 if (!is_config) {
1550 if (CHECK_FLAG(bgp->vpn_policy[afi].flags,
1551 BGP_VPN_POLICY_TOVPN_RD_SET)) {
1552 if (debug)
1553 zlog_debug("%s: auto router-id change skipped",
1554 __func__);
1555 goto postchange;
1556 }
1557 }
1558
1559 /* New router-id derive auto RD and RT and export
1560 * to VPN
1561 */
1562 form_auto_rd(bgp->router_id, bgp->vrf_rd_id,
1563 &bgp->vrf_prd_auto);
1564 bgp->vpn_policy[afi].tovpn_rd = bgp->vrf_prd_auto;
1565 prefix_rd2str(&bgp->vpn_policy[afi].tovpn_rd, buf,
1566 sizeof(buf));
1567 bgp->vpn_policy[afi].rtlist[edir] =
1568 ecommunity_str2com(buf,
1569 ECOMMUNITY_ROUTE_TARGET, 0);
1570
1571 /* Update import_vrf rt_list */
1572 ecom = bgp->vpn_policy[afi].rtlist[edir];
1573 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1574 export_vrf, node, vname)) {
1575 bgp_import = bgp_lookup_by_name(vname);
1576 if (!bgp_import)
1577 continue;
1578 if (bgp_import->vpn_policy[afi].rtlist[idir])
1579 bgp_import->vpn_policy[afi].rtlist[idir]
1580 = ecommunity_merge(
1581 bgp_import->vpn_policy[afi]
1582 .rtlist[idir], ecom);
1583 else
1584 bgp_import->vpn_policy[afi].rtlist[idir]
1585 = ecommunity_dup(ecom);
1586
1587 }
1588
1589 postchange:
1590 /* Update routes to VPN */
1591 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
1592 afi, bgp_get_default(),
1593 bgp);
1594 if (debug)
1595 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
1596 __func__, export_name);
1597 }
1598 }
1599 }
1600
1601 void vpn_policy_routemap_event(const char *rmap_name)
1602 {
1603 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1604 struct listnode *mnode, *mnnode;
1605 struct bgp *bgp;
1606
1607 if (debug)
1608 zlog_debug("%s: entry", __func__);
1609
1610 if (bm->bgp == NULL) /* may be called during cleanup */
1611 return;
1612
1613 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
1614 vpn_policy_routemap_update(bgp, rmap_name);
1615 }
1616
1617 void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
1618 afi_t afi, safi_t safi)
1619 {
1620 const char *export_name;
1621 vpn_policy_direction_t idir, edir;
1622 char *vname, *tmp_name;
1623 char buf[RD_ADDRSTRLEN];
1624 struct ecommunity *ecom;
1625 bool first_export = false;
1626 int debug;
1627 struct listnode *node;
1628 bool is_inst_match = false;
1629
1630 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
1631 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1632 edir = BGP_VPN_POLICY_DIR_TOVPN;
1633
1634 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1635 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1636
1637 /*
1638 * Cross-ref both VRFs. Also, note if this is the first time
1639 * any VRF is importing from "import_vrf".
1640 */
1641 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
1642 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
1643
1644 /* Check the import_vrf list of destination vrf for the source vrf name,
1645 * insert otherwise.
1646 */
1647 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf,
1648 node, tmp_name)) {
1649 if (strcmp(vname, tmp_name) == 0) {
1650 is_inst_match = true;
1651 break;
1652 }
1653 }
1654 if (!is_inst_match)
1655 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
1656 vname);
1657
1658 /* Check if the source vrf already exports to any vrf,
1659 * first time export requires to setup auto derived RD/RT values.
1660 * Add the destination vrf name to export vrf list if it is
1661 * not present.
1662 */
1663 is_inst_match = false;
1664 vname = XSTRDUP(MTYPE_TMP, export_name);
1665 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
1666 first_export = true;
1667 } else {
1668 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
1669 node, tmp_name)) {
1670 if (strcmp(vname, tmp_name) == 0) {
1671 is_inst_match = true;
1672 break;
1673 }
1674 }
1675 }
1676 if (!is_inst_match)
1677 listnode_add(from_bgp->vpn_policy[afi].export_vrf,
1678 vname);
1679 /* Update import RT for current VRF using export RT of the VRF we're
1680 * importing from. First though, make sure "import_vrf" has that
1681 * set.
1682 */
1683 if (first_export) {
1684 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
1685 &from_bgp->vrf_prd_auto);
1686 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
1687 SET_FLAG(from_bgp->vpn_policy[afi].flags,
1688 BGP_VPN_POLICY_TOVPN_RD_SET);
1689 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
1690 buf, sizeof(buf));
1691 from_bgp->vpn_policy[afi].rtlist[edir] =
1692 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
1693 SET_FLAG(from_bgp->af_flags[afi][safi],
1694 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1695 from_bgp->vpn_policy[afi].tovpn_label =
1696 BGP_PREVENT_VRF_2_VRF_LEAK;
1697 }
1698 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1699 if (to_bgp->vpn_policy[afi].rtlist[idir])
1700 to_bgp->vpn_policy[afi].rtlist[idir] =
1701 ecommunity_merge(to_bgp->vpn_policy[afi]
1702 .rtlist[idir], ecom);
1703 else
1704 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
1705 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
1706
1707 if (debug) {
1708 const char *from_name;
1709
1710 from_name = from_bgp->name ? from_bgp->name :
1711 VRF_DEFAULT_NAME;
1712 zlog_debug("%s from %s to %s first_export %u import-rt %s export-rt %s",
1713 __func__, from_name, export_name, first_export,
1714 to_bgp->vpn_policy[afi].rtlist[idir] ?
1715 (ecommunity_ecom2str(to_bgp->vpn_policy[afi].
1716 rtlist[idir],
1717 ECOMMUNITY_FORMAT_ROUTE_MAP, 0)) : " ",
1718 to_bgp->vpn_policy[afi].rtlist[edir] ?
1719 (ecommunity_ecom2str(to_bgp->vpn_policy[afi].
1720 rtlist[edir],
1721 ECOMMUNITY_FORMAT_ROUTE_MAP, 0)) : " ");
1722 }
1723
1724 /* Does "import_vrf" first need to export its routes or that
1725 * is already done and we just need to import those routes
1726 * from the global table?
1727 */
1728 if (first_export)
1729 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
1730 else
1731 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
1732 }
1733
1734 void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
1735 afi_t afi, safi_t safi)
1736 {
1737 const char *export_name, *tmp_name;
1738 vpn_policy_direction_t idir, edir;
1739 char *vname;
1740 struct ecommunity *ecom = NULL;
1741 struct listnode *node;
1742 int debug;
1743
1744 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
1745 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
1746 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1747 edir = BGP_VPN_POLICY_DIR_TOVPN;
1748
1749 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1750 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1751
1752 /* Were we importing from "import_vrf"? */
1753 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
1754 vname)) {
1755 if (strcmp(vname, tmp_name) == 0)
1756 break;
1757 }
1758
1759 /*
1760 * We do not check in the cli if the passed in bgp
1761 * instance is actually imported into us before
1762 * we call this function. As such if we do not
1763 * find this in the import_vrf list than
1764 * we just need to return safely.
1765 */
1766 if (!vname)
1767 return;
1768
1769 if (debug)
1770 zlog_debug("%s from %s to %s", __func__, tmp_name, export_name);
1771
1772 /* Remove "import_vrf" from our import list. */
1773 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
1774 XFREE(MTYPE_TMP, vname);
1775
1776 /* Remove routes imported from "import_vrf". */
1777 /* TODO: In the current logic, we have to first remove all
1778 * imported routes and then (if needed) import back routes
1779 */
1780 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
1781
1782 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
1783 UNSET_FLAG(to_bgp->af_flags[afi][safi],
1784 BGP_CONFIG_VRF_TO_VRF_IMPORT);
1785 if (to_bgp->vpn_policy[afi].rtlist[idir])
1786 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
1787 } else {
1788 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1789 if (ecom)
1790 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
1791 (struct ecommunity_val *)ecom->val);
1792 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
1793 }
1794
1795 /*
1796 * What?
1797 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
1798 * below is checking for NULL that export_vrf can be
1799 * NULL, consequently it is complaining( like a cabbage )
1800 * that we could dereference and crash in the listcount(..)
1801 * check below.
1802 * So make it happy, under protest, with liberty and justice
1803 * for all.
1804 */
1805 assert(from_bgp->vpn_policy[afi].export_vrf);
1806
1807 /* Remove us from "import_vrf's" export list. If no other VRF
1808 * is importing from "import_vrf", cleanup appropriately.
1809 */
1810 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
1811 node, vname)) {
1812 if (strcmp(vname, export_name) == 0)
1813 break;
1814 }
1815
1816 /*
1817 * If we have gotten to this point then the vname must
1818 * exist. If not, we are in a world of trouble and
1819 * have slag sitting around.
1820 *
1821 * import_vrf and export_vrf must match in having
1822 * the in/out names as appropriate.
1823 * export_vrf list could have been cleaned up
1824 * as part of no router bgp source instnace.
1825 */
1826 if (!vname)
1827 return;
1828
1829 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
1830 XFREE(MTYPE_TMP, vname);
1831
1832 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
1833 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
1834 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
1835 UNSET_FLAG(from_bgp->af_flags[afi][safi],
1836 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1837 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
1838 sizeof(struct prefix_rd));
1839 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
1840 BGP_VPN_POLICY_TOVPN_RD_SET);
1841 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
1842
1843 }
1844 }
1845
1846 /* For testing purpose, static route of MPLS-VPN. */
1847 DEFUN (vpnv4_network,
1848 vpnv4_network_cmd,
1849 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1850 "Specify a network to announce via BGP\n"
1851 "IPv4 prefix\n"
1852 "Specify Route Distinguisher\n"
1853 "VPN Route Distinguisher\n"
1854 "VPN NLRI label (tag)\n"
1855 "VPN NLRI label (tag)\n"
1856 "Label value\n")
1857 {
1858 int idx_ipv4_prefixlen = 1;
1859 int idx_ext_community = 3;
1860 int idx_label = 5;
1861 return bgp_static_set_safi(
1862 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1863 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
1864 NULL, NULL, NULL, NULL);
1865 }
1866
1867 DEFUN (vpnv4_network_route_map,
1868 vpnv4_network_route_map_cmd,
1869 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map WORD",
1870 "Specify a network to announce via BGP\n"
1871 "IPv4 prefix\n"
1872 "Specify Route Distinguisher\n"
1873 "VPN Route Distinguisher\n"
1874 "VPN NLRI label (tag)\n"
1875 "VPN NLRI label (tag)\n"
1876 "Label value\n"
1877 "route map\n"
1878 "route map name\n")
1879 {
1880 int idx_ipv4_prefixlen = 1;
1881 int idx_ext_community = 3;
1882 int idx_label = 5;
1883 int idx_word_2 = 7;
1884 return bgp_static_set_safi(
1885 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1886 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1887 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1888 }
1889
1890 /* For testing purpose, static route of MPLS-VPN. */
1891 DEFUN (no_vpnv4_network,
1892 no_vpnv4_network_cmd,
1893 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1894 NO_STR
1895 "Specify a network to announce via BGP\n"
1896 "IPv4 prefix\n"
1897 "Specify Route Distinguisher\n"
1898 "VPN Route Distinguisher\n"
1899 "VPN NLRI label (tag)\n"
1900 "VPN NLRI label (tag)\n"
1901 "Label value\n")
1902 {
1903 int idx_ipv4_prefixlen = 2;
1904 int idx_ext_community = 4;
1905 int idx_label = 6;
1906 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
1907 argv[idx_ipv4_prefixlen]->arg,
1908 argv[idx_ext_community]->arg,
1909 argv[idx_label]->arg, 0, NULL, NULL, NULL);
1910 }
1911
1912 DEFUN (vpnv6_network,
1913 vpnv6_network_cmd,
1914 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map WORD]",
1915 "Specify a network to announce via BGP\n"
1916 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1917 "Specify Route Distinguisher\n"
1918 "VPN Route Distinguisher\n"
1919 "VPN NLRI label (tag)\n"
1920 "VPN NLRI label (tag)\n"
1921 "Label value\n"
1922 "route map\n"
1923 "route map name\n")
1924 {
1925 int idx_ipv6_prefix = 1;
1926 int idx_ext_community = 3;
1927 int idx_label = 5;
1928 int idx_word_2 = 7;
1929 if (argc == 8)
1930 return bgp_static_set_safi(
1931 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1932 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1933 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1934 else
1935 return bgp_static_set_safi(
1936 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1937 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1938 NULL, 0, NULL, NULL, NULL, NULL);
1939 }
1940
1941 /* For testing purpose, static route of MPLS-VPN. */
1942 DEFUN (no_vpnv6_network,
1943 no_vpnv6_network_cmd,
1944 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1945 NO_STR
1946 "Specify a network to announce via BGP\n"
1947 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1948 "Specify Route Distinguisher\n"
1949 "VPN Route Distinguisher\n"
1950 "VPN NLRI label (tag)\n"
1951 "VPN NLRI label (tag)\n"
1952 "Label value\n")
1953 {
1954 int idx_ipv6_prefix = 2;
1955 int idx_ext_community = 4;
1956 int idx_label = 6;
1957 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
1958 argv[idx_ipv6_prefix]->arg,
1959 argv[idx_ext_community]->arg,
1960 argv[idx_label]->arg, 0, NULL, NULL, NULL);
1961 }
1962
1963 int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
1964 enum bgp_show_type type, void *output_arg, int tags,
1965 bool use_json)
1966 {
1967 struct bgp *bgp;
1968 struct bgp_table *table;
1969
1970 bgp = bgp_get_default();
1971 if (bgp == NULL) {
1972 if (!use_json)
1973 vty_out(vty, "No BGP process is configured\n");
1974 else
1975 vty_out(vty, "{}\n");
1976 return CMD_WARNING;
1977 }
1978 table = bgp->rib[afi][SAFI_MPLS_VPN];
1979 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
1980 output_arg, use_json);
1981 }
1982
1983 DEFUN (show_bgp_ip_vpn_all_rd,
1984 show_bgp_ip_vpn_all_rd_cmd,
1985 "show bgp "BGP_AFI_CMD_STR" vpn all [rd ASN:NN_OR_IP-ADDRESS:NN] [json]",
1986 SHOW_STR
1987 BGP_STR
1988 BGP_VPNVX_HELP_STR
1989 "Display VPN NLRI specific information\n"
1990 "Display VPN NLRI specific information\n"
1991 "Display information for a route distinguisher\n"
1992 "VPN Route Distinguisher\n"
1993 JSON_STR)
1994 {
1995 int ret;
1996 struct prefix_rd prd;
1997 afi_t afi;
1998 int idx = 0;
1999
2000 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
2001 if (argv_find(argv, argc, "rd", &idx)) {
2002 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
2003 if (!ret) {
2004 vty_out(vty,
2005 "%% Malformed Route Distinguisher\n");
2006 return CMD_WARNING;
2007 }
2008 return bgp_show_mpls_vpn(vty, afi, &prd,
2009 bgp_show_type_normal, NULL, 0,
2010 use_json(argc, argv));
2011 } else {
2012 return bgp_show_mpls_vpn(vty, afi, NULL,
2013 bgp_show_type_normal, NULL, 0,
2014 use_json(argc, argv));
2015 }
2016 }
2017 return CMD_SUCCESS;
2018 }
2019
2020 ALIAS(show_bgp_ip_vpn_all_rd,
2021 show_bgp_ip_vpn_rd_cmd,
2022 "show bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN [json]",
2023 SHOW_STR
2024 BGP_STR
2025 BGP_VPNVX_HELP_STR
2026 "Display VPN NLRI specific information\n"
2027 "Display information for a route distinguisher\n"
2028 "VPN Route Distinguisher\n"
2029 JSON_STR)
2030
2031 #ifdef KEEP_OLD_VPN_COMMANDS
2032 DEFUN (show_ip_bgp_vpn_rd,
2033 show_ip_bgp_vpn_rd_cmd,
2034 "show ip bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN",
2035 SHOW_STR
2036 IP_STR
2037 BGP_STR
2038 BGP_AFI_HELP_STR
2039 "Address Family modifier\n"
2040 "Display information for a route distinguisher\n"
2041 "VPN Route Distinguisher\n")
2042 {
2043 int idx_ext_community = argc - 1;
2044 int ret;
2045 struct prefix_rd prd;
2046 afi_t afi;
2047 int idx = 0;
2048
2049 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2050 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2051 if (!ret) {
2052 vty_out(vty, "%% Malformed Route Distinguisher\n");
2053 return CMD_WARNING;
2054 }
2055 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2056 NULL, 0, 0);
2057 }
2058 return CMD_SUCCESS;
2059 }
2060
2061 DEFUN (show_ip_bgp_vpn_all,
2062 show_ip_bgp_vpn_all_cmd,
2063 "show [ip] bgp <vpnv4|vpnv6>",
2064 SHOW_STR
2065 IP_STR
2066 BGP_STR
2067 BGP_VPNVX_HELP_STR)
2068 {
2069 afi_t afi;
2070 int idx = 0;
2071
2072 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2073 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2074 NULL, 0, 0);
2075 return CMD_SUCCESS;
2076 }
2077
2078 DEFUN (show_ip_bgp_vpn_all_tags,
2079 show_ip_bgp_vpn_all_tags_cmd,
2080 "show [ip] bgp <vpnv4|vpnv6> all tags",
2081 SHOW_STR
2082 IP_STR
2083 BGP_STR
2084 BGP_VPNVX_HELP_STR
2085 "Display information about all VPNv4/VPNV6 NLRIs\n"
2086 "Display BGP tags for prefixes\n")
2087 {
2088 afi_t afi;
2089 int idx = 0;
2090
2091 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2092 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2093 NULL, 1, 0);
2094 return CMD_SUCCESS;
2095 }
2096
2097 DEFUN (show_ip_bgp_vpn_rd_tags,
2098 show_ip_bgp_vpn_rd_tags_cmd,
2099 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN tags",
2100 SHOW_STR
2101 IP_STR
2102 BGP_STR
2103 BGP_VPNVX_HELP_STR
2104 "Display information for a route distinguisher\n"
2105 "VPN Route Distinguisher\n"
2106 "Display BGP tags for prefixes\n")
2107 {
2108 int idx_ext_community = 5;
2109 int ret;
2110 struct prefix_rd prd;
2111 afi_t afi;
2112 int idx = 0;
2113
2114 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2115 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2116 if (!ret) {
2117 vty_out(vty, "%% Malformed Route Distinguisher\n");
2118 return CMD_WARNING;
2119 }
2120 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2121 NULL, 1, 0);
2122 }
2123 return CMD_SUCCESS;
2124 }
2125
2126 DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
2127 show_ip_bgp_vpn_all_neighbor_routes_cmd,
2128 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
2129 SHOW_STR
2130 IP_STR
2131 BGP_STR
2132 BGP_VPNVX_HELP_STR
2133 "Display information about all VPNv4/VPNv6 NLRIs\n"
2134 "Detailed information on TCP and BGP neighbor connections\n"
2135 "Neighbor to display information about\n"
2136 "Display routes learned from neighbor\n"
2137 JSON_STR)
2138 {
2139 int idx_ipv4 = 6;
2140 union sockunion su;
2141 struct peer *peer;
2142 int ret;
2143 bool uj = use_json(argc, argv);
2144 afi_t afi;
2145 int idx = 0;
2146
2147 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2148 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2149 if (ret < 0) {
2150 if (uj) {
2151 json_object *json_no = NULL;
2152 json_no = json_object_new_object();
2153 json_object_string_add(json_no, "warning",
2154 "Malformed address");
2155 vty_out(vty, "%s\n",
2156 json_object_to_json_string(json_no));
2157 json_object_free(json_no);
2158 } else
2159 vty_out(vty, "Malformed address: %s\n",
2160 argv[idx_ipv4]->arg);
2161 return CMD_WARNING;
2162 }
2163
2164 peer = peer_lookup(NULL, &su);
2165 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2166 if (uj) {
2167 json_object *json_no = NULL;
2168 json_no = json_object_new_object();
2169 json_object_string_add(
2170 json_no, "warning",
2171 "No such neighbor or address family");
2172 vty_out(vty, "%s\n",
2173 json_object_to_json_string(json_no));
2174 json_object_free(json_no);
2175 } else
2176 vty_out(vty,
2177 "%% No such neighbor or address family\n");
2178 return CMD_WARNING;
2179 }
2180
2181 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
2182 &su, 0, uj);
2183 }
2184 return CMD_SUCCESS;
2185 }
2186
2187 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
2188 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
2189 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D routes [json]",
2190 SHOW_STR
2191 IP_STR
2192 BGP_STR
2193 BGP_VPNVX_HELP_STR
2194 "Display information for a route distinguisher\n"
2195 "VPN Route Distinguisher\n"
2196 "Detailed information on TCP and BGP neighbor connections\n"
2197 "Neighbor to display information about\n"
2198 "Display routes learned from neighbor\n"
2199 JSON_STR)
2200 {
2201 int idx_ext_community = 5;
2202 int idx_ipv4 = 7;
2203 int ret;
2204 union sockunion su;
2205 struct peer *peer;
2206 struct prefix_rd prd;
2207 bool uj = use_json(argc, argv);
2208 afi_t afi;
2209 int idx = 0;
2210
2211 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2212 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2213 if (!ret) {
2214 if (uj) {
2215 json_object *json_no = NULL;
2216 json_no = json_object_new_object();
2217 json_object_string_add(
2218 json_no, "warning",
2219 "Malformed Route Distinguisher");
2220 vty_out(vty, "%s\n",
2221 json_object_to_json_string(json_no));
2222 json_object_free(json_no);
2223 } else
2224 vty_out(vty,
2225 "%% Malformed Route Distinguisher\n");
2226 return CMD_WARNING;
2227 }
2228
2229 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2230 if (ret < 0) {
2231 if (uj) {
2232 json_object *json_no = NULL;
2233 json_no = json_object_new_object();
2234 json_object_string_add(json_no, "warning",
2235 "Malformed address");
2236 vty_out(vty, "%s\n",
2237 json_object_to_json_string(json_no));
2238 json_object_free(json_no);
2239 } else
2240 vty_out(vty, "Malformed address: %s\n",
2241 argv[idx_ext_community]->arg);
2242 return CMD_WARNING;
2243 }
2244
2245 peer = peer_lookup(NULL, &su);
2246 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2247 if (uj) {
2248 json_object *json_no = NULL;
2249 json_no = json_object_new_object();
2250 json_object_string_add(
2251 json_no, "warning",
2252 "No such neighbor or address family");
2253 vty_out(vty, "%s\n",
2254 json_object_to_json_string(json_no));
2255 json_object_free(json_no);
2256 } else
2257 vty_out(vty,
2258 "%% No such neighbor or address family\n");
2259 return CMD_WARNING;
2260 }
2261
2262 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_neighbor,
2263 &su, 0, uj);
2264 }
2265 return CMD_SUCCESS;
2266 }
2267
2268 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
2269 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
2270 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
2271 SHOW_STR
2272 IP_STR
2273 BGP_STR
2274 BGP_VPNVX_HELP_STR
2275 "Display information about all VPNv4/VPNv6 NLRIs\n"
2276 "Detailed information on TCP and BGP neighbor connections\n"
2277 "Neighbor to display information about\n"
2278 "Display the routes advertised to a BGP neighbor\n"
2279 JSON_STR)
2280 {
2281 int idx_ipv4 = 6;
2282 int ret;
2283 struct peer *peer;
2284 union sockunion su;
2285 bool uj = use_json(argc, argv);
2286 afi_t afi;
2287 int idx = 0;
2288
2289 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2290 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2291 if (ret < 0) {
2292 if (uj) {
2293 json_object *json_no = NULL;
2294 json_no = json_object_new_object();
2295 json_object_string_add(json_no, "warning",
2296 "Malformed address");
2297 vty_out(vty, "%s\n",
2298 json_object_to_json_string(json_no));
2299 json_object_free(json_no);
2300 } else
2301 vty_out(vty, "Malformed address: %s\n",
2302 argv[idx_ipv4]->arg);
2303 return CMD_WARNING;
2304 }
2305 peer = peer_lookup(NULL, &su);
2306 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2307 if (uj) {
2308 json_object *json_no = NULL;
2309 json_no = json_object_new_object();
2310 json_object_string_add(
2311 json_no, "warning",
2312 "No such neighbor or address family");
2313 vty_out(vty, "%s\n",
2314 json_object_to_json_string(json_no));
2315 json_object_free(json_no);
2316 } else
2317 vty_out(vty,
2318 "%% No such neighbor or address family\n");
2319 return CMD_WARNING;
2320 }
2321 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2322 SAFI_MPLS_VPN, uj);
2323 }
2324 return CMD_SUCCESS;
2325 }
2326
2327 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
2328 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
2329 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D advertised-routes [json]",
2330 SHOW_STR
2331 IP_STR
2332 BGP_STR
2333 BGP_VPNVX_HELP_STR
2334 "Display information for a route distinguisher\n"
2335 "VPN Route Distinguisher\n"
2336 "Detailed information on TCP and BGP neighbor connections\n"
2337 "Neighbor to display information about\n"
2338 "Display the routes advertised to a BGP neighbor\n"
2339 JSON_STR)
2340 {
2341 int idx_ext_community = 5;
2342 int idx_ipv4 = 7;
2343 int ret;
2344 struct peer *peer;
2345 struct prefix_rd prd;
2346 union sockunion su;
2347 bool uj = use_json(argc, argv);
2348 afi_t afi;
2349 int idx = 0;
2350
2351 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2352 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2353 if (ret < 0) {
2354 if (uj) {
2355 json_object *json_no = NULL;
2356 json_no = json_object_new_object();
2357 json_object_string_add(json_no, "warning",
2358 "Malformed address");
2359 vty_out(vty, "%s\n",
2360 json_object_to_json_string(json_no));
2361 json_object_free(json_no);
2362 } else
2363 vty_out(vty, "Malformed address: %s\n",
2364 argv[idx_ext_community]->arg);
2365 return CMD_WARNING;
2366 }
2367 peer = peer_lookup(NULL, &su);
2368 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2369 if (uj) {
2370 json_object *json_no = NULL;
2371 json_no = json_object_new_object();
2372 json_object_string_add(
2373 json_no, "warning",
2374 "No such neighbor or address family");
2375 vty_out(vty, "%s\n",
2376 json_object_to_json_string(json_no));
2377 json_object_free(json_no);
2378 } else
2379 vty_out(vty,
2380 "%% No such neighbor or address family\n");
2381 return CMD_WARNING;
2382 }
2383
2384 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2385 if (!ret) {
2386 if (uj) {
2387 json_object *json_no = NULL;
2388 json_no = json_object_new_object();
2389 json_object_string_add(
2390 json_no, "warning",
2391 "Malformed Route Distinguisher");
2392 vty_out(vty, "%s\n",
2393 json_object_to_json_string(json_no));
2394 json_object_free(json_no);
2395 } else
2396 vty_out(vty,
2397 "%% Malformed Route Distinguisher\n");
2398 return CMD_WARNING;
2399 }
2400
2401 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
2402 SAFI_MPLS_VPN, uj);
2403 }
2404 return CMD_SUCCESS;
2405 }
2406 #endif /* KEEP_OLD_VPN_COMMANDS */
2407
2408 void bgp_mplsvpn_init(void)
2409 {
2410 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
2411 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
2412 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
2413
2414 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
2415 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
2416
2417 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
2418 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
2419 #ifdef KEEP_OLD_VPN_COMMANDS
2420 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
2421 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
2422 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
2423 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
2424 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
2425 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
2426 install_element(VIEW_NODE,
2427 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
2428 install_element(VIEW_NODE,
2429 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
2430 #endif /* KEEP_OLD_VPN_COMMANDS */
2431 }
2432
2433 vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
2434 {
2435 struct listnode *mnode, *mnnode;
2436 struct bgp *bgp;
2437
2438 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2439 struct ecommunity *ec;
2440
2441 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2442 continue;
2443
2444 ec = bgp->vpn_policy[AFI_IP].import_redirect_rtlist;
2445
2446 if (ecom_intersect(ec, eckey))
2447 return bgp->vrf_id;
2448 }
2449 return VRF_UNKNOWN;
2450 }
2451
2452 /*
2453 * The purpose of this function is to process leaks that were deferred
2454 * from earlier per-vrf configuration due to not-yet-existing default
2455 * vrf, in other words, configuration such as:
2456 *
2457 * router bgp MMM vrf FOO
2458 * address-family ipv4 unicast
2459 * rd vpn export 1:1
2460 * exit-address-family
2461 *
2462 * router bgp NNN
2463 * ...
2464 *
2465 * This function gets called when the default instance ("router bgp NNN")
2466 * is created.
2467 */
2468 void vpn_leak_postchange_all(void)
2469 {
2470 struct listnode *next;
2471 struct bgp *bgp;
2472 struct bgp *bgp_default = bgp_get_default();
2473
2474 assert(bgp_default);
2475
2476 /* First, do any exporting from VRFs to the single VPN RIB */
2477 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2478
2479 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2480 continue;
2481
2482 vpn_leak_postchange(
2483 BGP_VPN_POLICY_DIR_TOVPN,
2484 AFI_IP,
2485 bgp_default,
2486 bgp);
2487
2488 vpn_leak_postchange(
2489 BGP_VPN_POLICY_DIR_TOVPN,
2490 AFI_IP6,
2491 bgp_default,
2492 bgp);
2493 }
2494
2495 /* Now, do any importing to VRFs from the single VPN RIB */
2496 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2497
2498 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2499 continue;
2500
2501 vpn_leak_postchange(
2502 BGP_VPN_POLICY_DIR_FROMVPN,
2503 AFI_IP,
2504 bgp_default,
2505 bgp);
2506
2507 vpn_leak_postchange(
2508 BGP_VPN_POLICY_DIR_FROMVPN,
2509 AFI_IP6,
2510 bgp_default,
2511 bgp);
2512 }
2513 }
2514
2515 /* When a bgp vrf instance is unconfigured, remove its routes
2516 * from the VPN table and this vrf could be importing routes from other
2517 * bgp vrf instnaces, unimport them.
2518 * VRF X and VRF Y are exporting routes to each other.
2519 * When VRF X is deleted, unimport its routes from all target vrfs,
2520 * also VRF Y should unimport its routes from VRF X table.
2521 * This will ensure VPN table is cleaned up appropriately.
2522 */
2523 int bgp_vpn_leak_unimport(struct bgp *from_bgp, struct vty *vty)
2524 {
2525 struct bgp *to_bgp;
2526 const char *tmp_name;
2527 char *vname;
2528 struct listnode *node, *next;
2529 safi_t safi = SAFI_UNICAST;
2530 afi_t afi;
2531 bool is_vrf_leak_bind;
2532 int debug;
2533
2534 if (from_bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2535 return 0;
2536
2537 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2538 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2539
2540 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
2541
2542 for (afi = 0; afi < AFI_MAX; ++afi) {
2543 /* vrf leak is for IPv4 and IPv6 Unicast only */
2544 if (afi != AFI_IP && afi != AFI_IP6)
2545 continue;
2546
2547 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
2548 if (from_bgp == to_bgp)
2549 continue;
2550
2551 /* Unimport and remove source vrf from the
2552 * other vrfs import list.
2553 */
2554 struct vpn_policy *to_vpolicy;
2555
2556 is_vrf_leak_bind = false;
2557 to_vpolicy = &(to_bgp->vpn_policy[afi]);
2558 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf, node,
2559 vname)) {
2560 if (strcmp(vname, tmp_name) == 0) {
2561 is_vrf_leak_bind = true;
2562 break;
2563 }
2564 }
2565 /* skip this bgp instance as there is no leak to this
2566 * vrf instance.
2567 */
2568 if (!is_vrf_leak_bind)
2569 continue;
2570
2571 if (debug)
2572 zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u",
2573 __func__, from_bgp->name_pretty,
2574 to_bgp->name_pretty, afi2str(afi),
2575 to_vpolicy->import_vrf->count);
2576
2577 vrf_unimport_from_vrf(to_bgp, from_bgp, afi, safi);
2578
2579 /* readd vrf name as unimport removes import vrf name
2580 * from the destination vrf's import list where the
2581 * `import vrf` configuration still exist.
2582 */
2583 vname = XSTRDUP(MTYPE_TMP, tmp_name);
2584 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
2585 vname);
2586 SET_FLAG(to_bgp->af_flags[afi][safi],
2587 BGP_CONFIG_VRF_TO_VRF_IMPORT);
2588
2589 /* If to_bgp exports its routes to the bgp vrf
2590 * which is being deleted, un-import the
2591 * to_bgp routes from VPN.
2592 */
2593 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi]
2594 .export_vrf, node,
2595 vname)) {
2596 if (strcmp(vname, tmp_name) == 0) {
2597 vrf_unimport_from_vrf(from_bgp, to_bgp,
2598 afi, safi);
2599 break;
2600 }
2601 }
2602 }
2603 }
2604 return 0;
2605 }
2606
2607 /* When a router bgp is configured, there could be a bgp vrf
2608 * instance importing routes from this newly configured
2609 * bgp vrf instance. Export routes from configured
2610 * bgp vrf to VPN.
2611 * VRF Y has import from bgp vrf x,
2612 * when a bgp vrf x instance is created, export its routes
2613 * to VRF Y instance.
2614 */
2615 void bgp_vpn_leak_export(struct bgp *from_bgp)
2616 {
2617 afi_t afi;
2618 const char *export_name;
2619 char *vname;
2620 struct listnode *node, *next;
2621 struct ecommunity *ecom;
2622 vpn_policy_direction_t idir, edir;
2623 safi_t safi = SAFI_UNICAST;
2624 struct bgp *to_bgp;
2625 int debug;
2626
2627 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2628 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2629
2630 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2631 edir = BGP_VPN_POLICY_DIR_TOVPN;
2632
2633 export_name = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
2634 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
2635
2636 for (afi = 0; afi < AFI_MAX; ++afi) {
2637 /* vrf leak is for IPv4 and IPv6 Unicast only */
2638 if (afi != AFI_IP && afi != AFI_IP6)
2639 continue;
2640
2641 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
2642 if (from_bgp == to_bgp)
2643 continue;
2644
2645 /* bgp instance has import list, check to see if newly
2646 * configured bgp instance is the list.
2647 */
2648 struct vpn_policy *to_vpolicy;
2649
2650 to_vpolicy = &(to_bgp->vpn_policy[afi]);
2651 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf,
2652 node, vname)) {
2653 if (strcmp(vname, export_name) != 0)
2654 continue;
2655
2656 if (debug)
2657 zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.",
2658 __func__,
2659 export_name, to_bgp->name_pretty);
2660
2661 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2662 /* remove import rt, it will be readded
2663 * as part of import from vrf.
2664 */
2665 if (ecom)
2666 ecommunity_del_val(
2667 to_vpolicy->rtlist[idir],
2668 (struct ecommunity_val *)
2669 ecom->val);
2670 vrf_import_from_vrf(to_bgp, from_bgp,
2671 afi, safi);
2672 break;
2673
2674 }
2675 }
2676 }
2677 }
FRRouting mirror