2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
4 * This file is part of GNU Zebra.
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_errors.h"
37 #include "bgpd/bgp_table.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_attr.h"
40 #include "bgpd/bgp_label.h"
41 #include "bgpd/bgp_mplsvpn.h"
42 #include "bgpd/bgp_packet.h"
43 #include "bgpd/bgp_vty.h"
44 #include "bgpd/bgp_vpn.h"
45 #include "bgpd/bgp_ecommunity.h"
46 #include "bgpd/bgp_zebra.h"
47 #include "bgpd/bgp_nexthop.h"
48 #include "bgpd/bgp_nht.h"
49 #include "bgpd/bgp_evpn.h"
52 #include "bgpd/rfapi/rfapi_backend.h"
56 * Definitions and external declarations.
58 extern struct zclient
*zclient
;
60 extern int argv_find_and_parse_vpnvx(struct cmd_token
**argv
, int argc
,
61 int *index
, afi_t
*afi
)
64 if (argv_find(argv
, argc
, "vpnv4", index
)) {
68 } else if (argv_find(argv
, argc
, "vpnv6", index
)) {
76 uint32_t decode_label(mpls_label_t
*label_pnt
)
79 uint8_t *pnt
= (uint8_t *)label_pnt
;
81 l
= ((uint32_t)*pnt
++ << 12);
82 l
|= (uint32_t)*pnt
++ << 4;
83 l
|= (uint32_t)((*pnt
& 0xf0) >> 4);
87 void encode_label(mpls_label_t label
, mpls_label_t
*label_pnt
)
89 uint8_t *pnt
= (uint8_t *)label_pnt
;
92 if (label
== BGP_PREVENT_VRF_2_VRF_LEAK
) {
96 *pnt
++ = (label
>> 12) & 0xff;
97 *pnt
++ = (label
>> 4) & 0xff;
98 *pnt
++ = ((label
<< 4) + 1) & 0xff; /* S=1 */
101 int bgp_nlri_parse_vpn(struct peer
*peer
, struct attr
*attr
,
102 struct bgp_nlri
*packet
)
110 struct prefix_rd prd
= {0};
111 mpls_label_t label
= {0};
119 prd
.family
= AF_UNSPEC
;
122 struct stream
*data
= stream_new(packet
->length
);
123 stream_put(data
, packet
->nlri
, packet
->length
);
129 (CHECK_FLAG(peer
->af_cap
[afi
][safi
], PEER_CAP_ADDPATH_AF_RX_ADV
)
130 && CHECK_FLAG(peer
->af_cap
[afi
][safi
],
131 PEER_CAP_ADDPATH_AF_TX_RCV
));
133 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
134 while (STREAM_READABLE(data
) > 0) {
135 /* Clear prefix structure. */
136 memset(&p
, 0, sizeof(struct prefix
));
138 if (addpath_encoded
) {
139 STREAM_GET(&addpath_id
, data
, BGP_ADDPATH_ID_LEN
);
140 addpath_id
= ntohl(addpath_id
);
143 if (STREAM_READABLE(data
) < 1) {
146 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no prefix length)",
147 peer
->host
, packet
->length
);
148 ret
= BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
152 /* Fetch prefix length. */
153 STREAM_GETC(data
, prefixlen
);
154 p
.family
= afi2family(packet
->afi
);
155 psize
= PSIZE(prefixlen
);
157 if (prefixlen
< VPN_PREFIXLEN_MIN_BYTES
* 8) {
160 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
161 peer
->host
, prefixlen
);
162 ret
= BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH
;
166 /* sanity check against packet data */
167 if (STREAM_READABLE(data
) < psize
) {
170 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
171 peer
->host
, prefixlen
, packet
->length
);
172 ret
= BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW
;
176 /* sanity check against storage for the IP address portion */
177 if ((psize
- VPN_PREFIXLEN_MIN_BYTES
) > (ssize_t
)sizeof(p
.u
)) {
180 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
182 prefixlen
- VPN_PREFIXLEN_MIN_BYTES
* 8,
184 ret
= BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
188 /* Sanity check against max bitlen of the address family */
189 if ((psize
- VPN_PREFIXLEN_MIN_BYTES
) > prefix_blen(&p
)) {
192 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
194 prefixlen
- VPN_PREFIXLEN_MIN_BYTES
* 8,
195 p
.family
, prefix_blen(&p
));
196 ret
= BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
200 /* Copy label to prefix. */
201 if (STREAM_READABLE(data
) < BGP_LABEL_BYTES
) {
204 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no label)",
205 peer
->host
, packet
->length
);
206 ret
= BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
210 STREAM_GET(&label
, data
, BGP_LABEL_BYTES
);
211 bgp_set_valid_label(&label
);
213 /* Copy routing distinguisher to rd. */
214 if (STREAM_READABLE(data
) < 8) {
217 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no RD)",
218 peer
->host
, packet
->length
);
219 ret
= BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
222 STREAM_GET(&prd
.val
, data
, 8);
224 /* Decode RD type. */
225 type
= decode_rd_type(prd
.val
);
229 decode_rd_as(&prd
.val
[2], &rd_as
);
233 decode_rd_as4(&prd
.val
[2], &rd_as
);
237 decode_rd_ip(&prd
.val
[2], &rd_ip
);
240 #ifdef ENABLE_BGP_VNC
241 case RD_TYPE_VNC_ETH
:
246 flog_err(EC_BGP_UPDATE_RCV
, "Unknown RD type %d", type
);
247 break; /* just report */
250 /* exclude label & RD */
251 p
.prefixlen
= prefixlen
- VPN_PREFIXLEN_MIN_BYTES
* 8;
252 STREAM_GET(p
.u
.val
, data
, psize
- VPN_PREFIXLEN_MIN_BYTES
);
255 bgp_update(peer
, &p
, addpath_id
, attr
, packet
->afi
,
256 SAFI_MPLS_VPN
, ZEBRA_ROUTE_BGP
,
257 BGP_ROUTE_NORMAL
, &prd
, &label
, 1, 0, NULL
);
259 bgp_withdraw(peer
, &p
, addpath_id
, attr
, packet
->afi
,
260 SAFI_MPLS_VPN
, ZEBRA_ROUTE_BGP
,
261 BGP_ROUTE_NORMAL
, &prd
, &label
, 1, NULL
);
264 /* Packet length consistency check. */
265 if (STREAM_READABLE(data
) != 0) {
268 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
269 peer
->host
, STREAM_READABLE(data
));
270 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
278 "%s [Error] Update packet error / VPN (NLRI of size %u - length error)",
279 peer
->host
, packet
->length
);
280 ret
= BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
286 #undef VPN_PREFIXLEN_MIN_BYTES
290 * This function informs zebra of the label this vrf sets on routes
291 * leaked to VPN. Zebra should install this label in the kernel with
292 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
294 * Sending this vrf-label association is qualified by a) whether vrf->vpn
295 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
296 * are set) and b) whether vpn-policy label is set.
298 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
299 * for this vrf, which zebra interprets to mean "delete this vrf-label
302 void vpn_leak_zebra_vrf_label_update(struct bgp
*bgp
, afi_t afi
)
304 mpls_label_t label
= MPLS_LABEL_NONE
;
305 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_LABEL
);
307 if (bgp
->vrf_id
== VRF_UNKNOWN
) {
310 "%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
311 __func__
, bgp
->name_pretty
, afi2str(afi
));
316 if (vpn_leak_to_vpn_active(bgp
, afi
, NULL
)) {
317 label
= bgp
->vpn_policy
[afi
].tovpn_label
;
321 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
322 __func__
, bgp
->name_pretty
, afi2str(afi
), label
,
326 if (label
== BGP_PREVENT_VRF_2_VRF_LEAK
)
327 label
= MPLS_LABEL_NONE
;
328 zclient_send_vrf_label(zclient
, bgp
->vrf_id
, afi
, label
, ZEBRA_LSP_BGP
);
329 bgp
->vpn_policy
[afi
].tovpn_zebra_vrf_label_last_sent
= label
;
333 * If zebra tells us vrf has become unconfigured, tell zebra not to
334 * use this label to forward to the vrf anymore
336 void vpn_leak_zebra_vrf_label_withdraw(struct bgp
*bgp
, afi_t afi
)
338 mpls_label_t label
= MPLS_LABEL_NONE
;
339 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_LABEL
);
341 if (bgp
->vrf_id
== VRF_UNKNOWN
) {
344 "%s: vrf_id not set, can't delete zebra vrf label",
351 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__
,
352 bgp
->name_pretty
, bgp
->vrf_id
);
355 zclient_send_vrf_label(zclient
, bgp
->vrf_id
, afi
, label
, ZEBRA_LSP_BGP
);
356 bgp
->vpn_policy
[afi
].tovpn_zebra_vrf_label_last_sent
= label
;
359 int vpn_leak_label_callback(
364 struct vpn_policy
*vp
= (struct vpn_policy
*)labelid
;
365 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_LABEL
);
368 zlog_debug("%s: label=%u, allocated=%d",
369 __func__
, label
, allocated
);
373 * previously-allocated label is now invalid
375 if (CHECK_FLAG(vp
->flags
, BGP_VPN_POLICY_TOVPN_LABEL_AUTO
) &&
376 (vp
->tovpn_label
!= MPLS_LABEL_NONE
)) {
378 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN
,
379 vp
->afi
, bgp_get_default(), vp
->bgp
);
380 vp
->tovpn_label
= MPLS_LABEL_NONE
;
381 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN
,
382 vp
->afi
, bgp_get_default(), vp
->bgp
);
388 * New label allocation
390 if (!CHECK_FLAG(vp
->flags
, BGP_VPN_POLICY_TOVPN_LABEL_AUTO
)) {
393 * not currently configured for auto label, reject allocation
398 if (vp
->tovpn_label
!= MPLS_LABEL_NONE
) {
399 if (label
== vp
->tovpn_label
) {
400 /* already have same label, accept but do nothing */
403 /* Shouldn't happen: different label allocation */
404 flog_err(EC_BGP_LABEL
,
405 "%s: %s had label %u but got new assignment %u",
406 __func__
, vp
->bgp
->name_pretty
, vp
->tovpn_label
,
411 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN
,
412 vp
->afi
, bgp_get_default(), vp
->bgp
);
413 vp
->tovpn_label
= label
;
414 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN
,
415 vp
->afi
, bgp_get_default(), vp
->bgp
);
420 static bool ecom_intersect(struct ecommunity
*e1
, struct ecommunity
*e2
)
426 for (i
= 0; i
< e1
->size
; ++i
) {
427 for (j
= 0; j
< e2
->size
; ++j
) {
428 if (!memcmp(e1
->val
+ (i
* e1
->unit_size
),
429 e2
->val
+ (j
* e2
->unit_size
),
439 static bool labels_same(struct bgp_path_info
*bpi
, mpls_label_t
*label
,
451 if (n
!= bpi
->extra
->num_labels
)
454 for (i
= 0; i
< n
; ++i
) {
455 if (label
[i
] != bpi
->extra
->label
[i
])
462 * make encoded route labels match specified encoded label set
464 static void setlabels(struct bgp_path_info
*bpi
,
465 mpls_label_t
*label
, /* array of labels */
470 assert(num_labels
<= BGP_MAX_LABELS
);
474 bpi
->extra
->num_labels
= 0;
478 struct bgp_path_info_extra
*extra
= bgp_path_info_extra_get(bpi
);
481 for (i
= 0; i
< num_labels
; ++i
) {
482 extra
->label
[i
] = label
[i
];
483 if (!bgp_is_valid_label(&label
[i
])) {
484 bgp_set_valid_label(&extra
->label
[i
]);
487 extra
->num_labels
= num_labels
;
491 * returns pointer to new bgp_path_info upon success
493 static struct bgp_path_info
*
494 leak_update(struct bgp
*bgp
, /* destination bgp instance */
495 struct bgp_dest
*bn
, struct attr
*new_attr
, /* already interned */
496 afi_t afi
, safi_t safi
, struct bgp_path_info
*source_bpi
,
497 mpls_label_t
*label
, uint32_t num_labels
, void *parent
,
498 struct bgp
*bgp_orig
, struct prefix
*nexthop_orig
,
499 int nexthop_self_flag
, int debug
)
501 const struct prefix
*p
= bgp_dest_get_prefix(bn
);
502 struct bgp_path_info
*bpi
;
503 struct bgp_path_info
*bpi_ultimate
;
504 struct bgp_path_info
*new;
508 "%s: entry: leak-to=%s, p=%pBD, type=%d, sub_type=%d",
509 __func__
, bgp
->name_pretty
, bn
, source_bpi
->type
,
510 source_bpi
->sub_type
);
513 * Routes that are redistributed into BGP from zebra do not get
514 * nexthop tracking. However, if those routes are subsequently
515 * imported to other RIBs within BGP, the leaked routes do not
516 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
517 * in order to determine if the route we are currently leaking
518 * should have nexthop tracking, we must find the ultimate
519 * parent so we can check its sub_type.
521 * As of now, source_bpi may at most be a second-generation route
522 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
523 * Using a loop here supports more complex intra-bgp import-export
524 * schemes that could be implemented in the future.
527 for (bpi_ultimate
= source_bpi
;
528 bpi_ultimate
->extra
&& bpi_ultimate
->extra
->parent
;
529 bpi_ultimate
= bpi_ultimate
->extra
->parent
)
535 for (bpi
= bgp_dest_get_bgp_path_info(bn
); bpi
; bpi
= bpi
->next
) {
536 if (bpi
->extra
&& bpi
->extra
->parent
== parent
)
541 bool labelssame
= labels_same(bpi
, label
, num_labels
);
543 if (attrhash_cmp(bpi
->attr
, new_attr
) && labelssame
544 && !CHECK_FLAG(bpi
->flags
, BGP_PATH_REMOVED
)) {
546 bgp_attr_unintern(&new_attr
);
549 "%s: ->%s: %pBD: Found route, no change",
550 __func__
, bgp
->name_pretty
, bn
);
554 /* attr is changed */
555 bgp_path_info_set_flag(bn
, bpi
, BGP_PATH_ATTR_CHANGED
);
557 /* Rewrite BGP route information. */
558 if (CHECK_FLAG(bpi
->flags
, BGP_PATH_REMOVED
))
559 bgp_path_info_restore(bn
, bpi
);
561 bgp_aggregate_decrement(bgp
, p
, bpi
, afi
, safi
);
562 bgp_attr_unintern(&bpi
->attr
);
563 bpi
->attr
= new_attr
;
564 bpi
->uptime
= bgp_clock();
570 setlabels(bpi
, label
, num_labels
);
572 if (nexthop_self_flag
)
573 bgp_path_info_set_flag(bn
, bpi
, BGP_PATH_ANNC_NH_SELF
);
575 struct bgp
*bgp_nexthop
= bgp
;
578 if (bpi
->extra
&& bpi
->extra
->bgp_orig
)
579 bgp_nexthop
= bpi
->extra
->bgp_orig
;
582 * No nexthop tracking for redistributed routes or for
583 * EVPN-imported routes that get leaked.
585 if (bpi_ultimate
->sub_type
== BGP_ROUTE_REDISTRIBUTE
||
586 is_pi_family_evpn(bpi_ultimate
))
590 * TBD do we need to do anything about the
591 * 'connected' parameter?
593 nh_valid
= bgp_find_or_add_nexthop(
594 bgp
, bgp_nexthop
, afi
, safi
, bpi
, NULL
, 0);
597 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
598 __func__
, (nh_valid
? "" : "not "),
599 bgp_nexthop
->name_pretty
);
602 bgp_path_info_set_flag(bn
, bpi
, BGP_PATH_VALID
);
604 /* Process change. */
605 bgp_aggregate_increment(bgp
, p
, bpi
, afi
, safi
);
606 bgp_process(bgp
, bn
, afi
, safi
);
607 bgp_dest_unlock_node(bn
);
610 zlog_debug("%s: ->%s: %pBD Found route, changed attr",
611 __func__
, bgp
->name_pretty
, bn
);
616 new = info_make(ZEBRA_ROUTE_BGP
, BGP_ROUTE_IMPORTED
, 0,
617 bgp
->peer_self
, new_attr
, bn
);
619 if (nexthop_self_flag
)
620 bgp_path_info_set_flag(bn
, new, BGP_PATH_ANNC_NH_SELF
);
622 bgp_path_info_extra_get(new);
625 setlabels(new, label
, num_labels
);
627 new->extra
->parent
= bgp_path_info_lock(parent
);
629 (struct bgp_dest
*)((struct bgp_path_info
*)parent
)->net
);
631 new->extra
->bgp_orig
= bgp_lock(bgp_orig
);
633 new->extra
->nexthop_orig
= *nexthop_orig
;
636 * nexthop tracking for unicast routes
638 struct bgp
*bgp_nexthop
= bgp
;
641 if (new->extra
->bgp_orig
)
642 bgp_nexthop
= new->extra
->bgp_orig
;
645 * No nexthop tracking for redistributed routes because
646 * their originating protocols will do the tracking and
647 * withdraw those routes if the nexthops become unreachable
648 * This also holds good for EVPN-imported routes that get
651 if (bpi_ultimate
->sub_type
== BGP_ROUTE_REDISTRIBUTE
||
652 is_pi_family_evpn(bpi_ultimate
))
656 * TBD do we need to do anything about the
657 * 'connected' parameter?
659 nh_valid
= bgp_find_or_add_nexthop(bgp
, bgp_nexthop
, afi
, safi
,
663 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
664 __func__
, (nh_valid
? "" : "not "),
665 bgp_nexthop
->name_pretty
);
667 bgp_path_info_set_flag(bn
, new, BGP_PATH_VALID
);
669 bgp_aggregate_increment(bgp
, p
, new, afi
, safi
);
670 bgp_path_info_add(bn
, new);
672 bgp_dest_unlock_node(bn
);
673 bgp_process(bgp
, bn
, afi
, safi
);
676 zlog_debug("%s: ->%s: %pBD: Added new route", __func__
,
677 bgp
->name_pretty
, bn
);
682 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
683 void vpn_leak_from_vrf_update(struct bgp
*bgp_vpn
, /* to */
684 struct bgp
*bgp_vrf
, /* from */
685 struct bgp_path_info
*path_vrf
) /* route */
687 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
);
688 const struct prefix
*p
= bgp_dest_get_prefix(path_vrf
->net
);
689 afi_t afi
= family2afi(p
->family
);
690 struct attr static_attr
= {0};
691 struct attr
*new_attr
= NULL
;
692 safi_t safi
= SAFI_MPLS_VPN
;
693 mpls_label_t label_val
;
696 const char *debugmsg
;
697 int nexthop_self_flag
= 0;
700 zlog_debug("%s: from vrf %s", __func__
, bgp_vrf
->name_pretty
);
702 if (debug
&& path_vrf
->attr
->ecommunity
) {
703 char *s
= ecommunity_ecom2str(path_vrf
->attr
->ecommunity
,
704 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
706 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__
,
707 bgp_vrf
->name
, path_vrf
->type
, s
);
708 XFREE(MTYPE_ECOMMUNITY_STR
, s
);
716 zlog_debug("%s: can't get afi of prefix", __func__
);
720 /* Is this route exportable into the VPN table? */
721 if (!is_route_injectable_into_vpn(path_vrf
))
724 if (!vpn_leak_to_vpn_active(bgp_vrf
, afi
, &debugmsg
)) {
726 zlog_debug("%s: %s skipping: %s", __func__
,
727 bgp_vrf
->name
, debugmsg
);
732 static_attr
= *path_vrf
->attr
;
737 if (bgp_vrf
->vpn_policy
[afi
].rmap
[BGP_VPN_POLICY_DIR_TOVPN
]) {
738 struct bgp_path_info info
;
739 route_map_result_t ret
;
741 memset(&info
, 0, sizeof(info
));
742 info
.peer
= bgp_vpn
->peer_self
;
743 info
.attr
= &static_attr
;
744 ret
= route_map_apply(
745 bgp_vrf
->vpn_policy
[afi
].rmap
[BGP_VPN_POLICY_DIR_TOVPN
],
747 if (RMAP_DENYMATCH
== ret
) {
748 bgp_attr_flush(&static_attr
); /* free any added parts */
751 "%s: vrf %s route map \"%s\" says DENY, returning",
752 __func__
, bgp_vrf
->name_pretty
,
753 bgp_vrf
->vpn_policy
[afi
]
754 .rmap
[BGP_VPN_POLICY_DIR_TOVPN
]
760 if (debug
&& static_attr
.ecommunity
) {
761 char *s
= ecommunity_ecom2str(static_attr
.ecommunity
,
762 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
764 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
766 XFREE(MTYPE_ECOMMUNITY_STR
, s
);
770 * Add the vpn-policy rt-list
772 struct ecommunity
*old_ecom
;
773 struct ecommunity
*new_ecom
;
775 /* Export with the 'from' instance's export RTs. */
776 /* If doing VRF-to-VRF leaking, strip existing RTs first. */
777 old_ecom
= static_attr
.ecommunity
;
779 new_ecom
= ecommunity_dup(old_ecom
);
780 if (CHECK_FLAG(bgp_vrf
->af_flags
[afi
][SAFI_UNICAST
],
781 BGP_CONFIG_VRF_TO_VRF_EXPORT
))
782 ecommunity_strip_rts(new_ecom
);
783 new_ecom
= ecommunity_merge(new_ecom
,
784 bgp_vrf
->vpn_policy
[afi
]
785 .rtlist
[BGP_VPN_POLICY_DIR_TOVPN
]);
786 if (!old_ecom
->refcnt
)
787 ecommunity_free(&old_ecom
);
789 new_ecom
= ecommunity_dup(
790 bgp_vrf
->vpn_policy
[afi
]
791 .rtlist
[BGP_VPN_POLICY_DIR_TOVPN
]);
793 static_attr
.ecommunity
= new_ecom
;
794 SET_FLAG(static_attr
.flag
, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES
));
796 if (debug
&& static_attr
.ecommunity
) {
797 char *s
= ecommunity_ecom2str(static_attr
.ecommunity
,
798 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
800 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
802 XFREE(MTYPE_ECOMMUNITY_STR
, s
);
806 /* if policy nexthop not set, use 0 */
807 if (CHECK_FLAG(bgp_vrf
->vpn_policy
[afi
].flags
,
808 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET
)) {
809 struct prefix
*nexthop
=
810 &bgp_vrf
->vpn_policy
[afi
].tovpn_nexthop
;
812 switch (nexthop
->family
) {
814 /* prevent mp_nexthop_global_in <- self in bgp_route.c
816 static_attr
.nexthop
.s_addr
= nexthop
->u
.prefix4
.s_addr
;
818 static_attr
.mp_nexthop_global_in
= nexthop
->u
.prefix4
;
819 static_attr
.mp_nexthop_len
= BGP_ATTR_NHLEN_IPV4
;
823 static_attr
.mp_nexthop_global
= nexthop
->u
.prefix6
;
824 static_attr
.mp_nexthop_len
= BGP_ATTR_NHLEN_IPV6_GLOBAL
;
831 if (!CHECK_FLAG(bgp_vrf
->af_flags
[afi
][SAFI_UNICAST
],
832 BGP_CONFIG_VRF_TO_VRF_EXPORT
)) {
835 * For ipv4, copy to multiprotocol
838 static_attr
.mp_nexthop_global_in
=
840 static_attr
.mp_nexthop_len
=
843 * XXX Leave static_attr.nexthop
847 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP
);
850 /* Update based on next-hop family to account for
851 * RFC 5549 (BGP unnumbered) scenario. Note that
852 * specific action is only needed for the case of
853 * IPv4 nexthops as the attr has been copied
857 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf
->attr
)) {
858 static_attr
.mp_nexthop_global_in
.s_addr
=
859 static_attr
.nexthop
.s_addr
;
860 static_attr
.mp_nexthop_len
=
863 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP
);
866 nexthop_self_flag
= 1;
869 label_val
= bgp_vrf
->vpn_policy
[afi
].tovpn_label
;
870 if (label_val
== MPLS_LABEL_NONE
) {
871 encode_label(MPLS_LABEL_IMPLICIT_NULL
, &label
);
873 encode_label(label_val
, &label
);
876 /* Set originator ID to "me" */
877 SET_FLAG(static_attr
.flag
, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID
));
878 static_attr
.originator_id
= bgp_vpn
->router_id
;
881 new_attr
= bgp_attr_intern(
882 &static_attr
); /* hashed refcounted everything */
883 bgp_attr_flush(&static_attr
); /* free locally-allocated parts */
885 if (debug
&& new_attr
->ecommunity
) {
886 char *s
= ecommunity_ecom2str(new_attr
->ecommunity
,
887 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
889 zlog_debug("%s: new_attr->ecommunity{%s}", __func__
, s
);
890 XFREE(MTYPE_ECOMMUNITY_STR
, s
);
893 /* Now new_attr is an allocated interned attr */
895 bn
= bgp_afi_node_get(bgp_vpn
->rib
[afi
][safi
], afi
, safi
, p
,
896 &(bgp_vrf
->vpn_policy
[afi
].tovpn_rd
));
898 struct bgp_path_info
*new_info
;
900 new_info
= leak_update(bgp_vpn
, bn
, new_attr
, afi
, safi
, path_vrf
,
901 &label
, 1, path_vrf
, bgp_vrf
, NULL
,
902 nexthop_self_flag
, debug
);
905 * Routes actually installed in the vpn RIB must also be
906 * offered to all vrfs (because now they originate from
909 * Acceptance into other vrfs depends on rt-lists.
910 * Originating vrf will not accept the looped back route
911 * because of loop checking.
914 vpn_leak_to_vrf_update(bgp_vrf
, new_info
);
917 void vpn_leak_from_vrf_withdraw(struct bgp
*bgp_vpn
, /* to */
918 struct bgp
*bgp_vrf
, /* from */
919 struct bgp_path_info
*path_vrf
) /* route */
921 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
);
922 const struct prefix
*p
= bgp_dest_get_prefix(path_vrf
->net
);
923 afi_t afi
= family2afi(p
->family
);
924 safi_t safi
= SAFI_MPLS_VPN
;
925 struct bgp_path_info
*bpi
;
927 const char *debugmsg
;
931 "%s: entry: leak-from=%s, p=%pBD, type=%d, sub_type=%d",
932 __func__
, bgp_vrf
->name_pretty
, path_vrf
->net
,
933 path_vrf
->type
, path_vrf
->sub_type
);
941 zlog_debug("%s: can't get afi of prefix", __func__
);
945 /* Is this route exportable into the VPN table? */
946 if (!is_route_injectable_into_vpn(path_vrf
))
949 if (!vpn_leak_to_vpn_active(bgp_vrf
, afi
, &debugmsg
)) {
951 zlog_debug("%s: skipping: %s", __func__
, debugmsg
);
956 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__
, path_vrf
);
958 bn
= bgp_afi_node_get(bgp_vpn
->rib
[afi
][safi
], afi
, safi
, p
,
959 &(bgp_vrf
->vpn_policy
[afi
].tovpn_rd
));
965 * match original bpi imported from
967 for (bpi
= bgp_dest_get_bgp_path_info(bn
); bpi
; bpi
= bpi
->next
) {
968 if (bpi
->extra
&& bpi
->extra
->parent
== path_vrf
) {
974 /* withdraw from looped vrfs as well */
975 vpn_leak_to_vrf_withdraw(bgp_vpn
, bpi
);
977 bgp_aggregate_decrement(bgp_vpn
, p
, bpi
, afi
, safi
);
978 bgp_path_info_delete(bn
, bpi
);
979 bgp_process(bgp_vpn
, bn
, afi
, safi
);
981 bgp_dest_unlock_node(bn
);
984 void vpn_leak_from_vrf_withdraw_all(struct bgp
*bgp_vpn
, /* to */
985 struct bgp
*bgp_vrf
, /* from */
988 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
);
989 struct bgp_dest
*pdest
;
990 safi_t safi
= SAFI_MPLS_VPN
;
993 * Walk vpn table, delete bpi with bgp_orig == bgp_vrf
995 for (pdest
= bgp_table_top(bgp_vpn
->rib
[afi
][safi
]); pdest
;
996 pdest
= bgp_route_next(pdest
)) {
998 struct bgp_table
*table
;
1000 struct bgp_path_info
*bpi
;
1002 /* This is the per-RD table of prefixes */
1003 table
= bgp_dest_get_bgp_table_info(pdest
);
1008 for (bn
= bgp_table_top(table
); bn
; bn
= bgp_route_next(bn
)) {
1009 bpi
= bgp_dest_get_bgp_path_info(bn
);
1011 zlog_debug("%s: looking at prefix %pBD",
1015 for (; bpi
; bpi
= bpi
->next
) {
1017 zlog_debug("%s: type %d, sub_type %d",
1018 __func__
, bpi
->type
,
1020 if (bpi
->sub_type
!= BGP_ROUTE_IMPORTED
)
1024 if ((struct bgp
*)bpi
->extra
->bgp_orig
1028 zlog_debug("%s: deleting it",
1030 bgp_aggregate_decrement(
1032 bgp_dest_get_prefix(bn
), bpi
,
1034 bgp_path_info_delete(bn
, bpi
);
1035 bgp_process(bgp_vpn
, bn
, afi
, safi
);
1042 void vpn_leak_from_vrf_update_all(struct bgp
*bgp_vpn
, /* to */
1043 struct bgp
*bgp_vrf
, /* from */
1046 struct bgp_dest
*bn
;
1047 struct bgp_path_info
*bpi
;
1048 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
);
1051 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__
, afi
,
1052 bgp_vrf
->name_pretty
);
1054 for (bn
= bgp_table_top(bgp_vrf
->rib
[afi
][SAFI_UNICAST
]); bn
;
1055 bn
= bgp_route_next(bn
)) {
1058 zlog_debug("%s: node=%p", __func__
, bn
);
1060 for (bpi
= bgp_dest_get_bgp_path_info(bn
); bpi
;
1064 "%s: calling vpn_leak_from_vrf_update",
1066 vpn_leak_from_vrf_update(bgp_vpn
, bgp_vrf
, bpi
);
1072 vpn_leak_to_vrf_update_onevrf(struct bgp
*bgp_vrf
, /* to */
1073 struct bgp
*bgp_vpn
, /* from */
1074 struct bgp_path_info
*path_vpn
) /* route */
1076 const struct prefix
*p
= bgp_dest_get_prefix(path_vpn
->net
);
1077 afi_t afi
= family2afi(p
->family
);
1079 struct attr static_attr
= {0};
1080 struct attr
*new_attr
= NULL
;
1081 struct bgp_dest
*bn
;
1082 safi_t safi
= SAFI_UNICAST
;
1083 const char *debugmsg
;
1084 struct prefix nexthop_orig
;
1085 mpls_label_t
*pLabels
= NULL
;
1086 uint32_t num_labels
= 0;
1087 int nexthop_self_flag
= 1;
1088 struct bgp_path_info
*bpi_ultimate
= NULL
;
1089 int origin_local
= 0;
1090 struct bgp
*src_vrf
;
1092 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
);
1094 if (!vpn_leak_from_vpn_active(bgp_vrf
, afi
, &debugmsg
)) {
1096 zlog_debug("%s: skipping: %s", __func__
, debugmsg
);
1100 /* Check for intersection of route targets */
1101 if (!ecom_intersect(
1102 bgp_vrf
->vpn_policy
[afi
].rtlist
[BGP_VPN_POLICY_DIR_FROMVPN
],
1103 path_vpn
->attr
->ecommunity
)) {
1109 zlog_debug("%s: updating %pFX to vrf %s", __func__
, p
,
1110 bgp_vrf
->name_pretty
);
1113 static_attr
= *path_vpn
->attr
;
1115 struct ecommunity
*old_ecom
;
1116 struct ecommunity
*new_ecom
;
1118 /* If doing VRF-to-VRF leaking, strip RTs. */
1119 old_ecom
= static_attr
.ecommunity
;
1120 if (old_ecom
&& CHECK_FLAG(bgp_vrf
->af_flags
[afi
][safi
],
1121 BGP_CONFIG_VRF_TO_VRF_IMPORT
)) {
1122 new_ecom
= ecommunity_dup(old_ecom
);
1123 ecommunity_strip_rts(new_ecom
);
1124 static_attr
.ecommunity
= new_ecom
;
1126 if (new_ecom
->size
== 0) {
1127 UNSET_FLAG(static_attr
.flag
,
1128 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES
));
1129 ecommunity_free(&new_ecom
);
1130 static_attr
.ecommunity
= NULL
;
1133 if (!old_ecom
->refcnt
)
1134 ecommunity_free(&old_ecom
);
1138 * Nexthop: stash and clear
1140 * Nexthop is valid in context of VPN core, but not in destination vrf.
1141 * Stash it for later label resolution by vrf ingress path and then
1142 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1144 uint8_t nhfamily
= NEXTHOP_FAMILY(path_vpn
->attr
->mp_nexthop_len
);
1146 memset(&nexthop_orig
, 0, sizeof(nexthop_orig
));
1147 nexthop_orig
.family
= nhfamily
;
1152 nexthop_orig
.u
.prefix4
= path_vpn
->attr
->mp_nexthop_global_in
;
1153 nexthop_orig
.prefixlen
= 32;
1155 if (CHECK_FLAG(bgp_vrf
->af_flags
[afi
][safi
],
1156 BGP_CONFIG_VRF_TO_VRF_IMPORT
)) {
1157 static_attr
.nexthop
.s_addr
=
1158 nexthop_orig
.u
.prefix4
.s_addr
;
1160 static_attr
.mp_nexthop_global_in
=
1161 path_vpn
->attr
->mp_nexthop_global_in
;
1162 static_attr
.mp_nexthop_len
=
1163 path_vpn
->attr
->mp_nexthop_len
;
1165 static_attr
.flag
|= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP
);
1169 nexthop_orig
.u
.prefix6
= path_vpn
->attr
->mp_nexthop_global
;
1170 nexthop_orig
.prefixlen
= 128;
1172 if (CHECK_FLAG(bgp_vrf
->af_flags
[afi
][safi
],
1173 BGP_CONFIG_VRF_TO_VRF_IMPORT
)) {
1174 static_attr
.mp_nexthop_global
= nexthop_orig
.u
.prefix6
;
1180 * route map handling
1182 if (bgp_vrf
->vpn_policy
[afi
].rmap
[BGP_VPN_POLICY_DIR_FROMVPN
]) {
1183 struct bgp_path_info info
;
1184 route_map_result_t ret
;
1186 memset(&info
, 0, sizeof(info
));
1187 info
.peer
= bgp_vrf
->peer_self
;
1188 info
.attr
= &static_attr
;
1189 info
.extra
= path_vpn
->extra
; /* Used for source-vrf filter */
1190 ret
= route_map_apply(bgp_vrf
->vpn_policy
[afi
]
1191 .rmap
[BGP_VPN_POLICY_DIR_FROMVPN
],
1193 if (RMAP_DENYMATCH
== ret
) {
1194 bgp_attr_flush(&static_attr
); /* free any added parts */
1197 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
1198 __func__
, bgp_vrf
->name_pretty
,
1199 bgp_vrf
->vpn_policy
[afi
]
1200 .rmap
[BGP_VPN_POLICY_DIR_FROMVPN
]
1205 * if route-map changed nexthop, don't nexthop-self on output
1207 if (!CHECK_FLAG(static_attr
.rmap_change_flags
,
1208 BATTR_RMAP_NEXTHOP_UNCHANGED
))
1209 nexthop_self_flag
= 0;
1212 new_attr
= bgp_attr_intern(&static_attr
);
1213 bgp_attr_flush(&static_attr
);
1215 bn
= bgp_afi_node_get(bgp_vrf
->rib
[afi
][safi
], afi
, safi
, p
, NULL
);
1218 * ensure labels are copied
1220 * However, there is a special case: if the route originated in
1221 * another local VRF (as opposed to arriving via VPN), then the
1222 * nexthop is reached by hairpinning through this router (me)
1223 * using IP forwarding only (no LSP). Therefore, the route
1224 * imported to the VRF should not have labels attached. Note
1225 * that nexthop tracking is also involved: eliminating the
1226 * labels for these routes enables the non-labeled nexthops
1227 * from the originating VRF to be considered valid for this route.
1229 if (!CHECK_FLAG(bgp_vrf
->af_flags
[afi
][safi
],
1230 BGP_CONFIG_VRF_TO_VRF_IMPORT
)) {
1231 /* work back to original route */
1232 for (bpi_ultimate
= path_vpn
;
1233 bpi_ultimate
->extra
&& bpi_ultimate
->extra
->parent
;
1234 bpi_ultimate
= bpi_ultimate
->extra
->parent
)
1238 * if original route was unicast,
1239 * then it did not arrive over vpn
1241 if (bpi_ultimate
->net
) {
1242 struct bgp_table
*table
;
1244 table
= bgp_dest_table(bpi_ultimate
->net
);
1245 if (table
&& (table
->safi
== SAFI_UNICAST
))
1250 if (!origin_local
&& path_vpn
->extra
1251 && path_vpn
->extra
->num_labels
) {
1252 num_labels
= path_vpn
->extra
->num_labels
;
1253 if (num_labels
> BGP_MAX_LABELS
)
1254 num_labels
= BGP_MAX_LABELS
;
1255 pLabels
= path_vpn
->extra
->label
;
1260 zlog_debug("%s: pfx %pBD: num_labels %d", __func__
,
1261 path_vpn
->net
, num_labels
);
1264 * For VRF-2-VRF route-leaking,
1265 * the source will be the originating VRF.
1267 if (path_vpn
->extra
&& path_vpn
->extra
->bgp_orig
)
1268 src_vrf
= path_vpn
->extra
->bgp_orig
;
1272 leak_update(bgp_vrf
, bn
, new_attr
, afi
, safi
, path_vpn
, pLabels
,
1273 num_labels
, path_vpn
, /* parent */
1274 src_vrf
, &nexthop_orig
, nexthop_self_flag
, debug
);
1277 void vpn_leak_to_vrf_update(struct bgp
*bgp_vpn
, /* from */
1278 struct bgp_path_info
*path_vpn
) /* route */
1280 struct listnode
*mnode
, *mnnode
;
1283 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
);
1286 zlog_debug("%s: start (path_vpn=%p)", __func__
, path_vpn
);
1288 /* Loop over VRFs */
1289 for (ALL_LIST_ELEMENTS(bm
->bgp
, mnode
, mnnode
, bgp
)) {
1291 if (!path_vpn
->extra
1292 || path_vpn
->extra
->bgp_orig
!= bgp
) { /* no loop */
1293 vpn_leak_to_vrf_update_onevrf(bgp
, bgp_vpn
, path_vpn
);
1298 void vpn_leak_to_vrf_withdraw(struct bgp
*bgp_vpn
, /* from */
1299 struct bgp_path_info
*path_vpn
) /* route */
1301 const struct prefix
*p
;
1303 safi_t safi
= SAFI_UNICAST
;
1305 struct listnode
*mnode
, *mnnode
;
1306 struct bgp_dest
*bn
;
1307 struct bgp_path_info
*bpi
;
1308 const char *debugmsg
;
1310 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
);
1313 zlog_debug("%s: entry: p=%pBD, type=%d, sub_type=%d", __func__
,
1314 path_vpn
->net
, path_vpn
->type
, path_vpn
->sub_type
);
1317 zlog_debug("%s: start (path_vpn=%p)", __func__
, path_vpn
);
1319 if (!path_vpn
->net
) {
1320 #ifdef ENABLE_BGP_VNC
1321 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
1322 if (path_vpn
->type
== ZEBRA_ROUTE_BGP
1323 && path_vpn
->sub_type
== BGP_ROUTE_RFP
) {
1330 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
1335 p
= bgp_dest_get_prefix(path_vpn
->net
);
1336 afi
= family2afi(p
->family
);
1338 /* Loop over VRFs */
1339 for (ALL_LIST_ELEMENTS(bm
->bgp
, mnode
, mnnode
, bgp
)) {
1340 if (!vpn_leak_from_vpn_active(bgp
, afi
, &debugmsg
)) {
1342 zlog_debug("%s: skipping: %s", __func__
,
1347 /* Check for intersection of route targets */
1348 if (!ecom_intersect(bgp
->vpn_policy
[afi
]
1349 .rtlist
[BGP_VPN_POLICY_DIR_FROMVPN
],
1350 path_vpn
->attr
->ecommunity
)) {
1356 zlog_debug("%s: withdrawing from vrf %s", __func__
,
1359 bn
= bgp_afi_node_get(bgp
->rib
[afi
][safi
], afi
, safi
, p
, NULL
);
1361 for (bpi
= bgp_dest_get_bgp_path_info(bn
); bpi
;
1364 && (struct bgp_path_info
*)bpi
->extra
->parent
1372 zlog_debug("%s: deleting bpi %p", __func__
,
1374 bgp_aggregate_decrement(bgp
, p
, bpi
, afi
, safi
);
1375 bgp_path_info_delete(bn
, bpi
);
1376 bgp_process(bgp
, bn
, afi
, safi
);
1378 bgp_dest_unlock_node(bn
);
1382 void vpn_leak_to_vrf_withdraw_all(struct bgp
*bgp_vrf
, /* to */
1385 struct bgp_dest
*bn
;
1386 struct bgp_path_info
*bpi
;
1387 safi_t safi
= SAFI_UNICAST
;
1388 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
);
1391 zlog_debug("%s: entry", __func__
);
1393 * Walk vrf table, delete bpi with bgp_orig in a different vrf
1395 for (bn
= bgp_table_top(bgp_vrf
->rib
[afi
][safi
]); bn
;
1396 bn
= bgp_route_next(bn
)) {
1398 for (bpi
= bgp_dest_get_bgp_path_info(bn
); bpi
;
1401 && bpi
->extra
->bgp_orig
!= bgp_vrf
1402 && bpi
->extra
->parent
1403 && is_pi_family_vpn(bpi
->extra
->parent
)) {
1406 bgp_aggregate_decrement(bgp_vrf
,
1407 bgp_dest_get_prefix(bn
),
1409 bgp_path_info_delete(bn
, bpi
);
1410 bgp_process(bgp_vrf
, bn
, afi
, safi
);
1416 void vpn_leak_to_vrf_update_all(struct bgp
*bgp_vrf
, /* to */
1417 struct bgp
*bgp_vpn
, /* from */
1420 struct prefix_rd prd
;
1421 struct bgp_dest
*pdest
;
1422 safi_t safi
= SAFI_MPLS_VPN
;
1429 for (pdest
= bgp_table_top(bgp_vpn
->rib
[afi
][safi
]); pdest
;
1430 pdest
= bgp_route_next(pdest
)) {
1431 const struct prefix
*p
= bgp_dest_get_prefix(pdest
);
1432 struct bgp_table
*table
;
1433 struct bgp_dest
*bn
;
1434 struct bgp_path_info
*bpi
;
1436 memset(&prd
, 0, sizeof(prd
));
1437 prd
.family
= AF_UNSPEC
;
1439 memcpy(prd
.val
, &p
->u
.val
, 8);
1441 /* This is the per-RD table of prefixes */
1442 table
= bgp_dest_get_bgp_table_info(pdest
);
1447 for (bn
= bgp_table_top(table
); bn
; bn
= bgp_route_next(bn
)) {
1449 for (bpi
= bgp_dest_get_bgp_path_info(bn
); bpi
;
1453 && bpi
->extra
->bgp_orig
== bgp_vrf
)
1456 vpn_leak_to_vrf_update_onevrf(bgp_vrf
, bgp_vpn
,
1464 * This function is called for definition/deletion/change to a route-map
1466 static void vpn_policy_routemap_update(struct bgp
*bgp
, const char *rmap_name
)
1468 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_RMAP_EVENT
);
1470 struct route_map
*rmap
;
1472 if (bgp
->inst_type
!= BGP_INSTANCE_TYPE_DEFAULT
1473 && bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
) {
1478 rmap
= route_map_lookup_by_name(rmap_name
); /* NULL if deleted */
1480 for (afi
= 0; afi
< AFI_MAX
; ++afi
) {
1482 if (bgp
->vpn_policy
[afi
].rmap_name
[BGP_VPN_POLICY_DIR_TOVPN
]
1483 && !strcmp(rmap_name
,
1484 bgp
->vpn_policy
[afi
]
1485 .rmap_name
[BGP_VPN_POLICY_DIR_TOVPN
])) {
1489 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
1490 __func__
, rmap_name
, bgp
->as
,
1493 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN
, afi
,
1494 bgp_get_default(), bgp
);
1496 zlog_debug("%s: after vpn_leak_prechange",
1499 /* in case of definition/deletion */
1500 bgp
->vpn_policy
[afi
].rmap
[BGP_VPN_POLICY_DIR_TOVPN
] =
1503 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN
, afi
,
1504 bgp_get_default(), bgp
);
1507 zlog_debug("%s: after vpn_leak_postchange",
1511 if (bgp
->vpn_policy
[afi
].rmap_name
[BGP_VPN_POLICY_DIR_FROMVPN
]
1512 && !strcmp(rmap_name
,
1513 bgp
->vpn_policy
[afi
]
1514 .rmap_name
[BGP_VPN_POLICY_DIR_FROMVPN
])) {
1517 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
1518 __func__
, rmap_name
, bgp
->as
,
1522 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN
, afi
,
1523 bgp_get_default(), bgp
);
1525 /* in case of definition/deletion */
1526 bgp
->vpn_policy
[afi
].rmap
[BGP_VPN_POLICY_DIR_FROMVPN
] =
1529 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN
, afi
,
1530 bgp_get_default(), bgp
);
1535 /* This API is used during router-id change, reflect VPNs
1536 * auto RD and RT values and readvertise routes to VPN table.
1538 void vpn_handle_router_id_update(struct bgp
*bgp
, bool withdraw
,
1544 const char *export_name
;
1545 char buf
[RD_ADDRSTRLEN
];
1546 struct bgp
*bgp_import
;
1547 struct listnode
*node
;
1548 struct ecommunity
*ecom
;
1549 vpn_policy_direction_t idir
, edir
;
1551 if (bgp
->inst_type
!= BGP_INSTANCE_TYPE_DEFAULT
1552 && bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
)
1555 export_name
= bgp
->name
? bgp
->name
: VRF_DEFAULT_NAME
;
1556 debug
= (BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
) |
1557 BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
));
1559 idir
= BGP_VPN_POLICY_DIR_FROMVPN
;
1560 edir
= BGP_VPN_POLICY_DIR_TOVPN
;
1562 for (afi
= 0; afi
< AFI_MAX
; ++afi
) {
1563 if (!vpn_leak_to_vpn_active(bgp
, afi
, NULL
))
1567 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN
,
1568 afi
, bgp_get_default(), bgp
);
1570 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
1571 __func__
, export_name
);
1573 /* Remove import RT from VRFs */
1574 ecom
= bgp
->vpn_policy
[afi
].rtlist
[edir
];
1575 for (ALL_LIST_ELEMENTS_RO(bgp
->vpn_policy
[afi
].
1576 export_vrf
, node
, vname
)) {
1577 if (strcmp(vname
, VRF_DEFAULT_NAME
) == 0)
1578 bgp_import
= bgp_get_default();
1580 bgp_import
= bgp_lookup_by_name(vname
);
1584 ecommunity_del_val(bgp_import
->vpn_policy
[afi
].
1586 (struct ecommunity_val
*)ecom
->val
);
1591 * Router-id changes that are not explicit config
1592 * changes should not replace configured RD/RT.
1595 if (CHECK_FLAG(bgp
->vpn_policy
[afi
].flags
,
1596 BGP_VPN_POLICY_TOVPN_RD_SET
)) {
1598 zlog_debug("%s: auto router-id change skipped",
1604 /* New router-id derive auto RD and RT and export
1607 form_auto_rd(bgp
->router_id
, bgp
->vrf_rd_id
,
1608 &bgp
->vrf_prd_auto
);
1609 bgp
->vpn_policy
[afi
].tovpn_rd
= bgp
->vrf_prd_auto
;
1610 prefix_rd2str(&bgp
->vpn_policy
[afi
].tovpn_rd
, buf
,
1612 bgp
->vpn_policy
[afi
].rtlist
[edir
] =
1613 ecommunity_str2com(buf
,
1614 ECOMMUNITY_ROUTE_TARGET
, 0);
1616 /* Update import_vrf rt_list */
1617 ecom
= bgp
->vpn_policy
[afi
].rtlist
[edir
];
1618 for (ALL_LIST_ELEMENTS_RO(bgp
->vpn_policy
[afi
].
1619 export_vrf
, node
, vname
)) {
1620 if (strcmp(vname
, VRF_DEFAULT_NAME
) == 0)
1621 bgp_import
= bgp_get_default();
1623 bgp_import
= bgp_lookup_by_name(vname
);
1626 if (bgp_import
->vpn_policy
[afi
].rtlist
[idir
])
1627 bgp_import
->vpn_policy
[afi
].rtlist
[idir
]
1629 bgp_import
->vpn_policy
[afi
]
1630 .rtlist
[idir
], ecom
);
1632 bgp_import
->vpn_policy
[afi
].rtlist
[idir
]
1633 = ecommunity_dup(ecom
);
1638 /* Update routes to VPN */
1639 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN
,
1640 afi
, bgp_get_default(),
1643 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
1644 __func__
, export_name
);
1649 void vpn_policy_routemap_event(const char *rmap_name
)
1651 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_RMAP_EVENT
);
1652 struct listnode
*mnode
, *mnnode
;
1656 zlog_debug("%s: entry", __func__
);
1658 if (bm
->bgp
== NULL
) /* may be called during cleanup */
1661 for (ALL_LIST_ELEMENTS(bm
->bgp
, mnode
, mnnode
, bgp
))
1662 vpn_policy_routemap_update(bgp
, rmap_name
);
1665 void vrf_import_from_vrf(struct bgp
*to_bgp
, struct bgp
*from_bgp
,
1666 afi_t afi
, safi_t safi
)
1668 const char *export_name
;
1669 vpn_policy_direction_t idir
, edir
;
1670 char *vname
, *tmp_name
;
1671 char buf
[RD_ADDRSTRLEN
];
1672 struct ecommunity
*ecom
;
1673 bool first_export
= false;
1675 struct listnode
*node
;
1676 bool is_inst_match
= false;
1678 export_name
= to_bgp
->name
? to_bgp
->name
: VRF_DEFAULT_NAME
;
1679 idir
= BGP_VPN_POLICY_DIR_FROMVPN
;
1680 edir
= BGP_VPN_POLICY_DIR_TOVPN
;
1682 debug
= (BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
) |
1683 BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
));
1686 * Cross-ref both VRFs. Also, note if this is the first time
1687 * any VRF is importing from "import_vrf".
1689 vname
= (from_bgp
->name
? XSTRDUP(MTYPE_TMP
, from_bgp
->name
)
1690 : XSTRDUP(MTYPE_TMP
, VRF_DEFAULT_NAME
));
1692 /* Check the import_vrf list of destination vrf for the source vrf name,
1695 for (ALL_LIST_ELEMENTS_RO(to_bgp
->vpn_policy
[afi
].import_vrf
,
1697 if (strcmp(vname
, tmp_name
) == 0) {
1698 is_inst_match
= true;
1703 listnode_add(to_bgp
->vpn_policy
[afi
].import_vrf
,
1706 XFREE(MTYPE_TMP
, vname
);
1708 /* Check if the source vrf already exports to any vrf,
1709 * first time export requires to setup auto derived RD/RT values.
1710 * Add the destination vrf name to export vrf list if it is
1713 is_inst_match
= false;
1714 vname
= XSTRDUP(MTYPE_TMP
, export_name
);
1715 if (!listcount(from_bgp
->vpn_policy
[afi
].export_vrf
)) {
1716 first_export
= true;
1718 for (ALL_LIST_ELEMENTS_RO(from_bgp
->vpn_policy
[afi
].export_vrf
,
1720 if (strcmp(vname
, tmp_name
) == 0) {
1721 is_inst_match
= true;
1727 listnode_add(from_bgp
->vpn_policy
[afi
].export_vrf
,
1730 XFREE(MTYPE_TMP
, vname
);
1732 /* Update import RT for current VRF using export RT of the VRF we're
1733 * importing from. First though, make sure "import_vrf" has that
1737 form_auto_rd(from_bgp
->router_id
, from_bgp
->vrf_rd_id
,
1738 &from_bgp
->vrf_prd_auto
);
1739 from_bgp
->vpn_policy
[afi
].tovpn_rd
= from_bgp
->vrf_prd_auto
;
1740 SET_FLAG(from_bgp
->vpn_policy
[afi
].flags
,
1741 BGP_VPN_POLICY_TOVPN_RD_SET
);
1742 prefix_rd2str(&from_bgp
->vpn_policy
[afi
].tovpn_rd
,
1744 from_bgp
->vpn_policy
[afi
].rtlist
[edir
] =
1745 ecommunity_str2com(buf
, ECOMMUNITY_ROUTE_TARGET
, 0);
1746 SET_FLAG(from_bgp
->af_flags
[afi
][safi
],
1747 BGP_CONFIG_VRF_TO_VRF_EXPORT
);
1748 from_bgp
->vpn_policy
[afi
].tovpn_label
=
1749 BGP_PREVENT_VRF_2_VRF_LEAK
;
1751 ecom
= from_bgp
->vpn_policy
[afi
].rtlist
[edir
];
1752 if (to_bgp
->vpn_policy
[afi
].rtlist
[idir
])
1753 to_bgp
->vpn_policy
[afi
].rtlist
[idir
] =
1754 ecommunity_merge(to_bgp
->vpn_policy
[afi
]
1755 .rtlist
[idir
], ecom
);
1757 to_bgp
->vpn_policy
[afi
].rtlist
[idir
] = ecommunity_dup(ecom
);
1758 SET_FLAG(to_bgp
->af_flags
[afi
][safi
], BGP_CONFIG_VRF_TO_VRF_IMPORT
);
1761 const char *from_name
;
1762 char *ecom1
, *ecom2
;
1764 from_name
= from_bgp
->name
? from_bgp
->name
:
1767 ecom1
= ecommunity_ecom2str(
1768 to_bgp
->vpn_policy
[afi
].rtlist
[idir
],
1769 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
1771 ecom2
= ecommunity_ecom2str(
1772 to_bgp
->vpn_policy
[afi
].rtlist
[edir
],
1773 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
1776 "%s from %s to %s first_export %u import-rt %s export-rt %s",
1777 __func__
, from_name
, export_name
, first_export
, ecom1
,
1780 ecommunity_strfree(&ecom1
);
1781 ecommunity_strfree(&ecom2
);
1784 /* Does "import_vrf" first need to export its routes or that
1785 * is already done and we just need to import those routes
1786 * from the global table?
1789 vpn_leak_postchange(edir
, afi
, bgp_get_default(), from_bgp
);
1791 vpn_leak_postchange(idir
, afi
, bgp_get_default(), to_bgp
);
1794 void vrf_unimport_from_vrf(struct bgp
*to_bgp
, struct bgp
*from_bgp
,
1795 afi_t afi
, safi_t safi
)
1797 const char *export_name
, *tmp_name
;
1798 vpn_policy_direction_t idir
, edir
;
1800 struct ecommunity
*ecom
= NULL
;
1801 struct listnode
*node
;
1804 export_name
= to_bgp
->name
? to_bgp
->name
: VRF_DEFAULT_NAME
;
1805 tmp_name
= from_bgp
->name
? from_bgp
->name
: VRF_DEFAULT_NAME
;
1806 idir
= BGP_VPN_POLICY_DIR_FROMVPN
;
1807 edir
= BGP_VPN_POLICY_DIR_TOVPN
;
1809 debug
= (BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
) |
1810 BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
));
1812 /* Were we importing from "import_vrf"? */
1813 for (ALL_LIST_ELEMENTS_RO(to_bgp
->vpn_policy
[afi
].import_vrf
, node
,
1815 if (strcmp(vname
, tmp_name
) == 0)
1820 * We do not check in the cli if the passed in bgp
1821 * instance is actually imported into us before
1822 * we call this function. As such if we do not
1823 * find this in the import_vrf list than
1824 * we just need to return safely.
1830 zlog_debug("%s from %s to %s", __func__
, tmp_name
, export_name
);
1832 /* Remove "import_vrf" from our import list. */
1833 listnode_delete(to_bgp
->vpn_policy
[afi
].import_vrf
, vname
);
1834 XFREE(MTYPE_TMP
, vname
);
1836 /* Remove routes imported from "import_vrf". */
1837 /* TODO: In the current logic, we have to first remove all
1838 * imported routes and then (if needed) import back routes
1840 vpn_leak_prechange(idir
, afi
, bgp_get_default(), to_bgp
);
1842 if (to_bgp
->vpn_policy
[afi
].import_vrf
->count
== 0) {
1843 if (!to_bgp
->vpn_policy
[afi
].rmap
[idir
])
1844 UNSET_FLAG(to_bgp
->af_flags
[afi
][safi
],
1845 BGP_CONFIG_VRF_TO_VRF_IMPORT
);
1846 if (to_bgp
->vpn_policy
[afi
].rtlist
[idir
])
1847 ecommunity_free(&to_bgp
->vpn_policy
[afi
].rtlist
[idir
]);
1849 ecom
= from_bgp
->vpn_policy
[afi
].rtlist
[edir
];
1851 ecommunity_del_val(to_bgp
->vpn_policy
[afi
].rtlist
[idir
],
1852 (struct ecommunity_val
*)ecom
->val
);
1853 vpn_leak_postchange(idir
, afi
, bgp_get_default(), to_bgp
);
1858 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
1859 * below is checking for NULL that export_vrf can be
1860 * NULL, consequently it is complaining( like a cabbage )
1861 * that we could dereference and crash in the listcount(..)
1863 * So make it happy, under protest, with liberty and justice
1866 assert(from_bgp
->vpn_policy
[afi
].export_vrf
);
1868 /* Remove us from "import_vrf's" export list. If no other VRF
1869 * is importing from "import_vrf", cleanup appropriately.
1871 for (ALL_LIST_ELEMENTS_RO(from_bgp
->vpn_policy
[afi
].export_vrf
,
1873 if (strcmp(vname
, export_name
) == 0)
1878 * If we have gotten to this point then the vname must
1879 * exist. If not, we are in a world of trouble and
1880 * have slag sitting around.
1882 * import_vrf and export_vrf must match in having
1883 * the in/out names as appropriate.
1884 * export_vrf list could have been cleaned up
1885 * as part of no router bgp source instnace.
1890 listnode_delete(from_bgp
->vpn_policy
[afi
].export_vrf
, vname
);
1891 XFREE(MTYPE_TMP
, vname
);
1893 if (!listcount(from_bgp
->vpn_policy
[afi
].export_vrf
)) {
1894 vpn_leak_prechange(edir
, afi
, bgp_get_default(), from_bgp
);
1895 ecommunity_free(&from_bgp
->vpn_policy
[afi
].rtlist
[edir
]);
1896 UNSET_FLAG(from_bgp
->af_flags
[afi
][safi
],
1897 BGP_CONFIG_VRF_TO_VRF_EXPORT
);
1898 memset(&from_bgp
->vpn_policy
[afi
].tovpn_rd
, 0,
1899 sizeof(struct prefix_rd
));
1900 UNSET_FLAG(from_bgp
->vpn_policy
[afi
].flags
,
1901 BGP_VPN_POLICY_TOVPN_RD_SET
);
1902 from_bgp
->vpn_policy
[afi
].tovpn_label
= MPLS_LABEL_NONE
;
1907 /* For testing purpose, static route of MPLS-VPN. */
1908 DEFUN (vpnv4_network
,
1910 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1911 "Specify a network to announce via BGP\n"
1913 "Specify Route Distinguisher\n"
1914 "VPN Route Distinguisher\n"
1915 "VPN NLRI label (tag)\n"
1916 "VPN NLRI label (tag)\n"
1919 int idx_ipv4_prefixlen
= 1;
1920 int idx_ext_community
= 3;
1922 return bgp_static_set_safi(
1923 AFI_IP
, SAFI_MPLS_VPN
, vty
, argv
[idx_ipv4_prefixlen
]->arg
,
1924 argv
[idx_ext_community
]->arg
, argv
[idx_label
]->arg
, NULL
, 0,
1925 NULL
, NULL
, NULL
, NULL
);
1928 DEFUN (vpnv4_network_route_map
,
1929 vpnv4_network_route_map_cmd
,
1930 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map WORD",
1931 "Specify a network to announce via BGP\n"
1933 "Specify Route Distinguisher\n"
1934 "VPN Route Distinguisher\n"
1935 "VPN NLRI label (tag)\n"
1936 "VPN NLRI label (tag)\n"
1941 int idx_ipv4_prefixlen
= 1;
1942 int idx_ext_community
= 3;
1945 return bgp_static_set_safi(
1946 AFI_IP
, SAFI_MPLS_VPN
, vty
, argv
[idx_ipv4_prefixlen
]->arg
,
1947 argv
[idx_ext_community
]->arg
, argv
[idx_label
]->arg
,
1948 argv
[idx_word_2
]->arg
, 0, NULL
, NULL
, NULL
, NULL
);
1951 /* For testing purpose, static route of MPLS-VPN. */
1952 DEFUN (no_vpnv4_network
,
1953 no_vpnv4_network_cmd
,
1954 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1956 "Specify a network to announce via BGP\n"
1958 "Specify Route Distinguisher\n"
1959 "VPN Route Distinguisher\n"
1960 "VPN NLRI label (tag)\n"
1961 "VPN NLRI label (tag)\n"
1964 int idx_ipv4_prefixlen
= 2;
1965 int idx_ext_community
= 4;
1967 return bgp_static_unset_safi(AFI_IP
, SAFI_MPLS_VPN
, vty
,
1968 argv
[idx_ipv4_prefixlen
]->arg
,
1969 argv
[idx_ext_community
]->arg
,
1970 argv
[idx_label
]->arg
, 0, NULL
, NULL
, NULL
);
1973 DEFUN (vpnv6_network
,
1975 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map WORD]",
1976 "Specify a network to announce via BGP\n"
1977 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1978 "Specify Route Distinguisher\n"
1979 "VPN Route Distinguisher\n"
1980 "VPN NLRI label (tag)\n"
1981 "VPN NLRI label (tag)\n"
1986 int idx_ipv6_prefix
= 1;
1987 int idx_ext_community
= 3;
1991 return bgp_static_set_safi(
1992 AFI_IP6
, SAFI_MPLS_VPN
, vty
, argv
[idx_ipv6_prefix
]->arg
,
1993 argv
[idx_ext_community
]->arg
, argv
[idx_label
]->arg
,
1994 argv
[idx_word_2
]->arg
, 0, NULL
, NULL
, NULL
, NULL
);
1996 return bgp_static_set_safi(
1997 AFI_IP6
, SAFI_MPLS_VPN
, vty
, argv
[idx_ipv6_prefix
]->arg
,
1998 argv
[idx_ext_community
]->arg
, argv
[idx_label
]->arg
,
1999 NULL
, 0, NULL
, NULL
, NULL
, NULL
);
2002 /* For testing purpose, static route of MPLS-VPN. */
2003 DEFUN (no_vpnv6_network
,
2004 no_vpnv6_network_cmd
,
2005 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2007 "Specify a network to announce via BGP\n"
2008 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2009 "Specify Route Distinguisher\n"
2010 "VPN Route Distinguisher\n"
2011 "VPN NLRI label (tag)\n"
2012 "VPN NLRI label (tag)\n"
2015 int idx_ipv6_prefix
= 2;
2016 int idx_ext_community
= 4;
2018 return bgp_static_unset_safi(AFI_IP6
, SAFI_MPLS_VPN
, vty
,
2019 argv
[idx_ipv6_prefix
]->arg
,
2020 argv
[idx_ext_community
]->arg
,
2021 argv
[idx_label
]->arg
, 0, NULL
, NULL
, NULL
);
2024 int bgp_show_mpls_vpn(struct vty
*vty
, afi_t afi
, struct prefix_rd
*prd
,
2025 enum bgp_show_type type
, void *output_arg
, int tags
,
2029 struct bgp_table
*table
;
2031 bgp
= bgp_get_default();
2034 vty_out(vty
, "No BGP process is configured\n");
2036 vty_out(vty
, "{}\n");
2039 table
= bgp
->rib
[afi
][SAFI_MPLS_VPN
];
2040 return bgp_show_table_rd(vty
, bgp
, SAFI_MPLS_VPN
, table
, prd
, type
,
2041 output_arg
, use_json
);
2044 DEFUN (show_bgp_ip_vpn_all_rd
,
2045 show_bgp_ip_vpn_all_rd_cmd
,
2046 "show bgp "BGP_AFI_CMD_STR
" vpn all [rd ASN:NN_OR_IP-ADDRESS:NN] [json]",
2050 "Display VPN NLRI specific information\n"
2051 "Display VPN NLRI specific information\n"
2052 "Display information for a route distinguisher\n"
2053 "VPN Route Distinguisher\n"
2057 struct prefix_rd prd
;
2061 if (argv_find_and_parse_afi(argv
, argc
, &idx
, &afi
)) {
2062 if (argv_find(argv
, argc
, "rd", &idx
)) {
2063 ret
= str2prefix_rd(argv
[idx
+ 1]->arg
, &prd
);
2066 "%% Malformed Route Distinguisher\n");
2069 return bgp_show_mpls_vpn(vty
, afi
, &prd
,
2070 bgp_show_type_normal
, NULL
, 0,
2071 use_json(argc
, argv
));
2073 return bgp_show_mpls_vpn(vty
, afi
, NULL
,
2074 bgp_show_type_normal
, NULL
, 0,
2075 use_json(argc
, argv
));
2081 ALIAS(show_bgp_ip_vpn_all_rd
,
2082 show_bgp_ip_vpn_rd_cmd
,
2083 "show bgp "BGP_AFI_CMD_STR
" vpn rd ASN:NN_OR_IP-ADDRESS:NN [json]",
2087 "Display VPN NLRI specific information\n"
2088 "Display information for a route distinguisher\n"
2089 "VPN Route Distinguisher\n"
2092 #ifdef KEEP_OLD_VPN_COMMANDS
2093 DEFUN (show_ip_bgp_vpn_rd
,
2094 show_ip_bgp_vpn_rd_cmd
,
2095 "show ip bgp "BGP_AFI_CMD_STR
" vpn rd ASN:NN_OR_IP-ADDRESS:NN",
2100 "Address Family modifier\n"
2101 "Display information for a route distinguisher\n"
2102 "VPN Route Distinguisher\n")
2104 int idx_ext_community
= argc
- 1;
2106 struct prefix_rd prd
;
2110 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
)) {
2111 ret
= str2prefix_rd(argv
[idx_ext_community
]->arg
, &prd
);
2113 vty_out(vty
, "%% Malformed Route Distinguisher\n");
2116 return bgp_show_mpls_vpn(vty
, afi
, &prd
, bgp_show_type_normal
,
2122 DEFUN (show_ip_bgp_vpn_all
,
2123 show_ip_bgp_vpn_all_cmd
,
2124 "show [ip] bgp <vpnv4|vpnv6>",
2133 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
))
2134 return bgp_show_mpls_vpn(vty
, afi
, NULL
, bgp_show_type_normal
,
2139 DEFUN (show_ip_bgp_vpn_all_tags
,
2140 show_ip_bgp_vpn_all_tags_cmd
,
2141 "show [ip] bgp <vpnv4|vpnv6> all tags",
2146 "Display information about all VPNv4/VPNV6 NLRIs\n"
2147 "Display BGP tags for prefixes\n")
2152 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
))
2153 return bgp_show_mpls_vpn(vty
, afi
, NULL
, bgp_show_type_normal
,
2158 DEFUN (show_ip_bgp_vpn_rd_tags
,
2159 show_ip_bgp_vpn_rd_tags_cmd
,
2160 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN tags",
2165 "Display information for a route distinguisher\n"
2166 "VPN Route Distinguisher\n"
2167 "Display BGP tags for prefixes\n")
2169 int idx_ext_community
= 5;
2171 struct prefix_rd prd
;
2175 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
)) {
2176 ret
= str2prefix_rd(argv
[idx_ext_community
]->arg
, &prd
);
2178 vty_out(vty
, "%% Malformed Route Distinguisher\n");
2181 return bgp_show_mpls_vpn(vty
, afi
, &prd
, bgp_show_type_normal
,
2187 DEFUN (show_ip_bgp_vpn_all_neighbor_routes
,
2188 show_ip_bgp_vpn_all_neighbor_routes_cmd
,
2189 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
2194 "Display information about all VPNv4/VPNv6 NLRIs\n"
2195 "Detailed information on TCP and BGP neighbor connections\n"
2196 "Neighbor to display information about\n"
2197 "Display routes learned from neighbor\n"
2204 bool uj
= use_json(argc
, argv
);
2208 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
)) {
2209 ret
= str2sockunion(argv
[idx_ipv4
]->arg
, &su
);
2212 json_object
*json_no
= NULL
;
2213 json_no
= json_object_new_object();
2214 json_object_string_add(json_no
, "warning",
2215 "Malformed address");
2216 vty_out(vty
, "%s\n",
2217 json_object_to_json_string(json_no
));
2218 json_object_free(json_no
);
2220 vty_out(vty
, "Malformed address: %s\n",
2221 argv
[idx_ipv4
]->arg
);
2225 peer
= peer_lookup(NULL
, &su
);
2226 if (!peer
|| !peer
->afc
[afi
][SAFI_MPLS_VPN
]) {
2228 json_object
*json_no
= NULL
;
2229 json_no
= json_object_new_object();
2230 json_object_string_add(
2232 "No such neighbor or address family");
2233 vty_out(vty
, "%s\n",
2234 json_object_to_json_string(json_no
));
2235 json_object_free(json_no
);
2238 "%% No such neighbor or address family\n");
2242 return bgp_show_mpls_vpn(vty
, afi
, NULL
, bgp_show_type_neighbor
,
2248 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes
,
2249 show_ip_bgp_vpn_rd_neighbor_routes_cmd
,
2250 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D routes [json]",
2255 "Display information for a route distinguisher\n"
2256 "VPN Route Distinguisher\n"
2257 "Detailed information on TCP and BGP neighbor connections\n"
2258 "Neighbor to display information about\n"
2259 "Display routes learned from neighbor\n"
2262 int idx_ext_community
= 5;
2267 struct prefix_rd prd
;
2268 bool uj
= use_json(argc
, argv
);
2272 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
)) {
2273 ret
= str2prefix_rd(argv
[idx_ext_community
]->arg
, &prd
);
2276 json_object
*json_no
= NULL
;
2277 json_no
= json_object_new_object();
2278 json_object_string_add(
2280 "Malformed Route Distinguisher");
2281 vty_out(vty
, "%s\n",
2282 json_object_to_json_string(json_no
));
2283 json_object_free(json_no
);
2286 "%% Malformed Route Distinguisher\n");
2290 ret
= str2sockunion(argv
[idx_ipv4
]->arg
, &su
);
2293 json_object
*json_no
= NULL
;
2294 json_no
= json_object_new_object();
2295 json_object_string_add(json_no
, "warning",
2296 "Malformed address");
2297 vty_out(vty
, "%s\n",
2298 json_object_to_json_string(json_no
));
2299 json_object_free(json_no
);
2301 vty_out(vty
, "Malformed address: %s\n",
2302 argv
[idx_ext_community
]->arg
);
2306 peer
= peer_lookup(NULL
, &su
);
2307 if (!peer
|| !peer
->afc
[afi
][SAFI_MPLS_VPN
]) {
2309 json_object
*json_no
= NULL
;
2310 json_no
= json_object_new_object();
2311 json_object_string_add(
2313 "No such neighbor or address family");
2314 vty_out(vty
, "%s\n",
2315 json_object_to_json_string(json_no
));
2316 json_object_free(json_no
);
2319 "%% No such neighbor or address family\n");
2323 return bgp_show_mpls_vpn(vty
, afi
, &prd
, bgp_show_type_neighbor
,
2329 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes
,
2330 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd
,
2331 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
2336 "Display information about all VPNv4/VPNv6 NLRIs\n"
2337 "Detailed information on TCP and BGP neighbor connections\n"
2338 "Neighbor to display information about\n"
2339 "Display the routes advertised to a BGP neighbor\n"
2346 bool uj
= use_json(argc
, argv
);
2350 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
)) {
2351 ret
= str2sockunion(argv
[idx_ipv4
]->arg
, &su
);
2354 json_object
*json_no
= NULL
;
2355 json_no
= json_object_new_object();
2356 json_object_string_add(json_no
, "warning",
2357 "Malformed address");
2358 vty_out(vty
, "%s\n",
2359 json_object_to_json_string(json_no
));
2360 json_object_free(json_no
);
2362 vty_out(vty
, "Malformed address: %s\n",
2363 argv
[idx_ipv4
]->arg
);
2366 peer
= peer_lookup(NULL
, &su
);
2367 if (!peer
|| !peer
->afc
[afi
][SAFI_MPLS_VPN
]) {
2369 json_object
*json_no
= NULL
;
2370 json_no
= json_object_new_object();
2371 json_object_string_add(
2373 "No such neighbor or address family");
2374 vty_out(vty
, "%s\n",
2375 json_object_to_json_string(json_no
));
2376 json_object_free(json_no
);
2379 "%% No such neighbor or address family\n");
2382 return show_adj_route_vpn(vty
, peer
, NULL
, AFI_IP
,
2388 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes
,
2389 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd
,
2390 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D advertised-routes [json]",
2395 "Display information for a route distinguisher\n"
2396 "VPN Route Distinguisher\n"
2397 "Detailed information on TCP and BGP neighbor connections\n"
2398 "Neighbor to display information about\n"
2399 "Display the routes advertised to a BGP neighbor\n"
2402 int idx_ext_community
= 5;
2406 struct prefix_rd prd
;
2408 bool uj
= use_json(argc
, argv
);
2412 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
)) {
2413 ret
= str2sockunion(argv
[idx_ipv4
]->arg
, &su
);
2416 json_object
*json_no
= NULL
;
2417 json_no
= json_object_new_object();
2418 json_object_string_add(json_no
, "warning",
2419 "Malformed address");
2420 vty_out(vty
, "%s\n",
2421 json_object_to_json_string(json_no
));
2422 json_object_free(json_no
);
2424 vty_out(vty
, "Malformed address: %s\n",
2425 argv
[idx_ext_community
]->arg
);
2428 peer
= peer_lookup(NULL
, &su
);
2429 if (!peer
|| !peer
->afc
[afi
][SAFI_MPLS_VPN
]) {
2431 json_object
*json_no
= NULL
;
2432 json_no
= json_object_new_object();
2433 json_object_string_add(
2435 "No such neighbor or address family");
2436 vty_out(vty
, "%s\n",
2437 json_object_to_json_string(json_no
));
2438 json_object_free(json_no
);
2441 "%% No such neighbor or address family\n");
2445 ret
= str2prefix_rd(argv
[idx_ext_community
]->arg
, &prd
);
2448 json_object
*json_no
= NULL
;
2449 json_no
= json_object_new_object();
2450 json_object_string_add(
2452 "Malformed Route Distinguisher");
2453 vty_out(vty
, "%s\n",
2454 json_object_to_json_string(json_no
));
2455 json_object_free(json_no
);
2458 "%% Malformed Route Distinguisher\n");
2462 return show_adj_route_vpn(vty
, peer
, &prd
, AFI_IP
,
2467 #endif /* KEEP_OLD_VPN_COMMANDS */
2469 void bgp_mplsvpn_init(void)
2471 install_element(BGP_VPNV4_NODE
, &vpnv4_network_cmd
);
2472 install_element(BGP_VPNV4_NODE
, &vpnv4_network_route_map_cmd
);
2473 install_element(BGP_VPNV4_NODE
, &no_vpnv4_network_cmd
);
2475 install_element(BGP_VPNV6_NODE
, &vpnv6_network_cmd
);
2476 install_element(BGP_VPNV6_NODE
, &no_vpnv6_network_cmd
);
2478 install_element(VIEW_NODE
, &show_bgp_ip_vpn_all_rd_cmd
);
2479 install_element(VIEW_NODE
, &show_bgp_ip_vpn_rd_cmd
);
2480 #ifdef KEEP_OLD_VPN_COMMANDS
2481 install_element(VIEW_NODE
, &show_ip_bgp_vpn_rd_cmd
);
2482 install_element(VIEW_NODE
, &show_ip_bgp_vpn_all_cmd
);
2483 install_element(VIEW_NODE
, &show_ip_bgp_vpn_all_tags_cmd
);
2484 install_element(VIEW_NODE
, &show_ip_bgp_vpn_rd_tags_cmd
);
2485 install_element(VIEW_NODE
, &show_ip_bgp_vpn_all_neighbor_routes_cmd
);
2486 install_element(VIEW_NODE
, &show_ip_bgp_vpn_rd_neighbor_routes_cmd
);
2487 install_element(VIEW_NODE
,
2488 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd
);
2489 install_element(VIEW_NODE
,
2490 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd
);
2491 #endif /* KEEP_OLD_VPN_COMMANDS */
2494 vrf_id_t
get_first_vrf_for_redirect_with_rt(struct ecommunity
*eckey
)
2496 struct listnode
*mnode
, *mnnode
;
2500 if (eckey
->unit_size
== IPV6_ECOMMUNITY_SIZE
)
2503 for (ALL_LIST_ELEMENTS(bm
->bgp
, mnode
, mnnode
, bgp
)) {
2504 struct ecommunity
*ec
;
2506 if (bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
)
2509 ec
= bgp
->vpn_policy
[afi
].import_redirect_rtlist
;
2511 if (ec
&& eckey
->unit_size
!= ec
->unit_size
)
2514 if (ecom_intersect(ec
, eckey
))
2521 * The purpose of this function is to process leaks that were deferred
2522 * from earlier per-vrf configuration due to not-yet-existing default
2523 * vrf, in other words, configuration such as:
2525 * router bgp MMM vrf FOO
2526 * address-family ipv4 unicast
2528 * exit-address-family
2533 * This function gets called when the default instance ("router bgp NNN")
2536 void vpn_leak_postchange_all(void)
2538 struct listnode
*next
;
2540 struct bgp
*bgp_default
= bgp_get_default();
2542 assert(bgp_default
);
2544 /* First, do any exporting from VRFs to the single VPN RIB */
2545 for (ALL_LIST_ELEMENTS_RO(bm
->bgp
, next
, bgp
)) {
2547 if (bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
)
2550 vpn_leak_postchange(
2551 BGP_VPN_POLICY_DIR_TOVPN
,
2556 vpn_leak_postchange(
2557 BGP_VPN_POLICY_DIR_TOVPN
,
2563 /* Now, do any importing to VRFs from the single VPN RIB */
2564 for (ALL_LIST_ELEMENTS_RO(bm
->bgp
, next
, bgp
)) {
2566 if (bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
)
2569 vpn_leak_postchange(
2570 BGP_VPN_POLICY_DIR_FROMVPN
,
2575 vpn_leak_postchange(
2576 BGP_VPN_POLICY_DIR_FROMVPN
,
2583 /* When a bgp vrf instance is unconfigured, remove its routes
2584 * from the VPN table and this vrf could be importing routes from other
2585 * bgp vrf instnaces, unimport them.
2586 * VRF X and VRF Y are exporting routes to each other.
2587 * When VRF X is deleted, unimport its routes from all target vrfs,
2588 * also VRF Y should unimport its routes from VRF X table.
2589 * This will ensure VPN table is cleaned up appropriately.
2591 void bgp_vpn_leak_unimport(struct bgp
*from_bgp
)
2594 const char *tmp_name
;
2596 struct listnode
*node
, *next
;
2597 safi_t safi
= SAFI_UNICAST
;
2599 bool is_vrf_leak_bind
;
2602 if (from_bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
)
2605 debug
= (BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
) |
2606 BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
));
2608 tmp_name
= from_bgp
->name
? from_bgp
->name
: VRF_DEFAULT_NAME
;
2610 for (afi
= 0; afi
< AFI_MAX
; ++afi
) {
2611 /* vrf leak is for IPv4 and IPv6 Unicast only */
2612 if (afi
!= AFI_IP
&& afi
!= AFI_IP6
)
2615 for (ALL_LIST_ELEMENTS_RO(bm
->bgp
, next
, to_bgp
)) {
2616 if (from_bgp
== to_bgp
)
2619 /* Unimport and remove source vrf from the
2620 * other vrfs import list.
2622 struct vpn_policy
*to_vpolicy
;
2624 is_vrf_leak_bind
= false;
2625 to_vpolicy
= &(to_bgp
->vpn_policy
[afi
]);
2626 for (ALL_LIST_ELEMENTS_RO(to_vpolicy
->import_vrf
, node
,
2628 if (strcmp(vname
, tmp_name
) == 0) {
2629 is_vrf_leak_bind
= true;
2633 /* skip this bgp instance as there is no leak to this
2636 if (!is_vrf_leak_bind
)
2640 zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u",
2641 __func__
, from_bgp
->name_pretty
,
2642 to_bgp
->name_pretty
, afi2str(afi
),
2643 to_vpolicy
->import_vrf
->count
);
2645 vrf_unimport_from_vrf(to_bgp
, from_bgp
, afi
, safi
);
2647 /* readd vrf name as unimport removes import vrf name
2648 * from the destination vrf's import list where the
2649 * `import vrf` configuration still exist.
2651 vname
= XSTRDUP(MTYPE_TMP
, tmp_name
);
2652 listnode_add(to_bgp
->vpn_policy
[afi
].import_vrf
,
2654 SET_FLAG(to_bgp
->af_flags
[afi
][safi
],
2655 BGP_CONFIG_VRF_TO_VRF_IMPORT
);
2657 /* If to_bgp exports its routes to the bgp vrf
2658 * which is being deleted, un-import the
2659 * to_bgp routes from VPN.
2661 for (ALL_LIST_ELEMENTS_RO(to_bgp
->vpn_policy
[afi
]
2664 if (strcmp(vname
, tmp_name
) == 0) {
2665 vrf_unimport_from_vrf(from_bgp
, to_bgp
,
2675 /* When a router bgp is configured, there could be a bgp vrf
2676 * instance importing routes from this newly configured
2677 * bgp vrf instance. Export routes from configured
2679 * VRF Y has import from bgp vrf x,
2680 * when a bgp vrf x instance is created, export its routes
2681 * to VRF Y instance.
2683 void bgp_vpn_leak_export(struct bgp
*from_bgp
)
2686 const char *export_name
;
2688 struct listnode
*node
, *next
;
2689 struct ecommunity
*ecom
;
2690 vpn_policy_direction_t idir
, edir
;
2691 safi_t safi
= SAFI_UNICAST
;
2695 debug
= (BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
) |
2696 BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
));
2698 idir
= BGP_VPN_POLICY_DIR_FROMVPN
;
2699 edir
= BGP_VPN_POLICY_DIR_TOVPN
;
2701 export_name
= from_bgp
->name
? from_bgp
->name
: VRF_DEFAULT_NAME
;
2703 for (afi
= 0; afi
< AFI_MAX
; ++afi
) {
2704 /* vrf leak is for IPv4 and IPv6 Unicast only */
2705 if (afi
!= AFI_IP
&& afi
!= AFI_IP6
)
2708 for (ALL_LIST_ELEMENTS_RO(bm
->bgp
, next
, to_bgp
)) {
2709 if (from_bgp
== to_bgp
)
2712 /* bgp instance has import list, check to see if newly
2713 * configured bgp instance is the list.
2715 struct vpn_policy
*to_vpolicy
;
2717 to_vpolicy
= &(to_bgp
->vpn_policy
[afi
]);
2718 for (ALL_LIST_ELEMENTS_RO(to_vpolicy
->import_vrf
,
2720 if (strcmp(vname
, export_name
) != 0)
2724 zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.",
2726 export_name
, to_bgp
->name_pretty
);
2728 ecom
= from_bgp
->vpn_policy
[afi
].rtlist
[edir
];
2729 /* remove import rt, it will be readded
2730 * as part of import from vrf.
2734 to_vpolicy
->rtlist
[idir
],
2735 (struct ecommunity_val
*)
2737 vrf_import_from_vrf(to_bgp
, from_bgp
,