]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #8063 from ton31337/fix/typo_enum_bestpath
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
1 /* MPLS-VPN
2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "command.h"
24 #include "prefix.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "stream.h"
28 #include "queue.h"
29 #include "filter.h"
30 #include "mpls.h"
31 #include "json.h"
32 #include "zclient.h"
33
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_errors.h"
37 #include "bgpd/bgp_table.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_attr.h"
40 #include "bgpd/bgp_label.h"
41 #include "bgpd/bgp_mplsvpn.h"
42 #include "bgpd/bgp_packet.h"
43 #include "bgpd/bgp_vty.h"
44 #include "bgpd/bgp_vpn.h"
45 #include "bgpd/bgp_ecommunity.h"
46 #include "bgpd/bgp_zebra.h"
47 #include "bgpd/bgp_nexthop.h"
48 #include "bgpd/bgp_nht.h"
49 #include "bgpd/bgp_evpn.h"
50
51 #ifdef ENABLE_BGP_VNC
52 #include "bgpd/rfapi/rfapi_backend.h"
53 #endif
54
55 /*
56 * Definitions and external declarations.
57 */
58 extern struct zclient *zclient;
59
60 extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
61 int *index, afi_t *afi)
62 {
63 int ret = 0;
64 if (argv_find(argv, argc, "vpnv4", index)) {
65 ret = 1;
66 if (afi)
67 *afi = AFI_IP;
68 } else if (argv_find(argv, argc, "vpnv6", index)) {
69 ret = 1;
70 if (afi)
71 *afi = AFI_IP6;
72 }
73 return ret;
74 }
75
76 uint32_t decode_label(mpls_label_t *label_pnt)
77 {
78 uint32_t l;
79 uint8_t *pnt = (uint8_t *)label_pnt;
80
81 l = ((uint32_t)*pnt++ << 12);
82 l |= (uint32_t)*pnt++ << 4;
83 l |= (uint32_t)((*pnt & 0xf0) >> 4);
84 return l;
85 }
86
87 void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
88 {
89 uint8_t *pnt = (uint8_t *)label_pnt;
90 if (pnt == NULL)
91 return;
92 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
93 *label_pnt = label;
94 return;
95 }
96 *pnt++ = (label >> 12) & 0xff;
97 *pnt++ = (label >> 4) & 0xff;
98 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
99 }
100
101 int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
102 struct bgp_nlri *packet)
103 {
104 struct prefix p;
105 uint8_t psize = 0;
106 uint8_t prefixlen;
107 uint16_t type;
108 struct rd_as rd_as;
109 struct rd_ip rd_ip;
110 struct prefix_rd prd = {0};
111 mpls_label_t label = {0};
112 afi_t afi;
113 safi_t safi;
114 int addpath_encoded;
115 uint32_t addpath_id;
116 int ret = 0;
117
118 /* Make prefix_rd */
119 prd.family = AF_UNSPEC;
120 prd.prefixlen = 64;
121
122 struct stream *data = stream_new(packet->length);
123 stream_put(data, packet->nlri, packet->length);
124 afi = packet->afi;
125 safi = packet->safi;
126 addpath_id = 0;
127
128 addpath_encoded =
129 (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ADDPATH_AF_RX_ADV)
130 && CHECK_FLAG(peer->af_cap[afi][safi],
131 PEER_CAP_ADDPATH_AF_TX_RCV));
132
133 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
134 while (STREAM_READABLE(data) > 0) {
135 /* Clear prefix structure. */
136 memset(&p, 0, sizeof(struct prefix));
137
138 if (addpath_encoded) {
139 STREAM_GET(&addpath_id, data, BGP_ADDPATH_ID_LEN);
140 addpath_id = ntohl(addpath_id);
141 }
142
143 if (STREAM_READABLE(data) < 1) {
144 flog_err(
145 EC_BGP_UPDATE_RCV,
146 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no prefix length)",
147 peer->host, packet->length);
148 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
149 goto done;
150 }
151
152 /* Fetch prefix length. */
153 STREAM_GETC(data, prefixlen);
154 p.family = afi2family(packet->afi);
155 psize = PSIZE(prefixlen);
156
157 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
158 flog_err(
159 EC_BGP_UPDATE_RCV,
160 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
161 peer->host, prefixlen);
162 ret = BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH;
163 goto done;
164 }
165
166 /* sanity check against packet data */
167 if (STREAM_READABLE(data) < psize) {
168 flog_err(
169 EC_BGP_UPDATE_RCV,
170 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
171 peer->host, prefixlen, packet->length);
172 ret = BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
173 goto done;
174 }
175
176 /* sanity check against storage for the IP address portion */
177 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
178 flog_err(
179 EC_BGP_UPDATE_RCV,
180 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
181 peer->host,
182 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
183 sizeof(p.u));
184 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
185 goto done;
186 }
187
188 /* Sanity check against max bitlen of the address family */
189 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
190 flog_err(
191 EC_BGP_UPDATE_RCV,
192 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
193 peer->host,
194 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
195 p.family, prefix_blen(&p));
196 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
197 goto done;
198 }
199
200 /* Copy label to prefix. */
201 if (STREAM_READABLE(data) < BGP_LABEL_BYTES) {
202 flog_err(
203 EC_BGP_UPDATE_RCV,
204 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no label)",
205 peer->host, packet->length);
206 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
207 goto done;
208 }
209
210 STREAM_GET(&label, data, BGP_LABEL_BYTES);
211 bgp_set_valid_label(&label);
212
213 /* Copy routing distinguisher to rd. */
214 if (STREAM_READABLE(data) < 8) {
215 flog_err(
216 EC_BGP_UPDATE_RCV,
217 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no RD)",
218 peer->host, packet->length);
219 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
220 goto done;
221 }
222 STREAM_GET(&prd.val, data, 8);
223
224 /* Decode RD type. */
225 type = decode_rd_type(prd.val);
226
227 switch (type) {
228 case RD_TYPE_AS:
229 decode_rd_as(&prd.val[2], &rd_as);
230 break;
231
232 case RD_TYPE_AS4:
233 decode_rd_as4(&prd.val[2], &rd_as);
234 break;
235
236 case RD_TYPE_IP:
237 decode_rd_ip(&prd.val[2], &rd_ip);
238 break;
239
240 #ifdef ENABLE_BGP_VNC
241 case RD_TYPE_VNC_ETH:
242 break;
243 #endif
244
245 default:
246 flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type);
247 break; /* just report */
248 }
249
250 /* exclude label & RD */
251 p.prefixlen = prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8;
252 STREAM_GET(p.u.val, data, psize - VPN_PREFIXLEN_MIN_BYTES);
253
254 if (attr) {
255 bgp_update(peer, &p, addpath_id, attr, packet->afi,
256 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
257 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
258 } else {
259 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
260 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
261 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
262 }
263 }
264 /* Packet length consistency check. */
265 if (STREAM_READABLE(data) != 0) {
266 flog_err(
267 EC_BGP_UPDATE_RCV,
268 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
269 peer->host, STREAM_READABLE(data));
270 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
271 }
272
273 goto done;
274
275 stream_failure:
276 flog_err(
277 EC_BGP_UPDATE_RCV,
278 "%s [Error] Update packet error / VPN (NLRI of size %u - length error)",
279 peer->host, packet->length);
280 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
281
282 done:
283 stream_free(data);
284 return ret;
285
286 #undef VPN_PREFIXLEN_MIN_BYTES
287 }
288
289 /*
290 * This function informs zebra of the label this vrf sets on routes
291 * leaked to VPN. Zebra should install this label in the kernel with
292 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
293 *
294 * Sending this vrf-label association is qualified by a) whether vrf->vpn
295 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
296 * are set) and b) whether vpn-policy label is set.
297 *
298 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
299 * for this vrf, which zebra interprets to mean "delete this vrf-label
300 * association."
301 */
302 void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
303 {
304 mpls_label_t label = MPLS_LABEL_NONE;
305 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
306
307 if (bgp->vrf_id == VRF_UNKNOWN) {
308 if (debug) {
309 zlog_debug(
310 "%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
311 __func__, bgp->name_pretty, afi2str(afi));
312 }
313 return;
314 }
315
316 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
317 label = bgp->vpn_policy[afi].tovpn_label;
318 }
319
320 if (debug) {
321 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
322 __func__, bgp->name_pretty, afi2str(afi), label,
323 bgp->vrf_id);
324 }
325
326 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
327 label = MPLS_LABEL_NONE;
328 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
329 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
330 }
331
332 /*
333 * If zebra tells us vrf has become unconfigured, tell zebra not to
334 * use this label to forward to the vrf anymore
335 */
336 void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
337 {
338 mpls_label_t label = MPLS_LABEL_NONE;
339 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
340
341 if (bgp->vrf_id == VRF_UNKNOWN) {
342 if (debug) {
343 zlog_debug(
344 "%s: vrf_id not set, can't delete zebra vrf label",
345 __func__);
346 }
347 return;
348 }
349
350 if (debug) {
351 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
352 bgp->name_pretty, bgp->vrf_id);
353 }
354
355 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
356 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
357 }
358
359 int vpn_leak_label_callback(
360 mpls_label_t label,
361 void *labelid,
362 bool allocated)
363 {
364 struct vpn_policy *vp = (struct vpn_policy *)labelid;
365 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
366
367 if (debug)
368 zlog_debug("%s: label=%u, allocated=%d",
369 __func__, label, allocated);
370
371 if (!allocated) {
372 /*
373 * previously-allocated label is now invalid
374 */
375 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
376 (vp->tovpn_label != MPLS_LABEL_NONE)) {
377
378 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
379 vp->afi, bgp_get_default(), vp->bgp);
380 vp->tovpn_label = MPLS_LABEL_NONE;
381 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
382 vp->afi, bgp_get_default(), vp->bgp);
383 }
384 return 0;
385 }
386
387 /*
388 * New label allocation
389 */
390 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
391
392 /*
393 * not currently configured for auto label, reject allocation
394 */
395 return -1;
396 }
397
398 if (vp->tovpn_label != MPLS_LABEL_NONE) {
399 if (label == vp->tovpn_label) {
400 /* already have same label, accept but do nothing */
401 return 0;
402 }
403 /* Shouldn't happen: different label allocation */
404 flog_err(EC_BGP_LABEL,
405 "%s: %s had label %u but got new assignment %u",
406 __func__, vp->bgp->name_pretty, vp->tovpn_label,
407 label);
408 /* use new one */
409 }
410
411 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
412 vp->afi, bgp_get_default(), vp->bgp);
413 vp->tovpn_label = label;
414 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
415 vp->afi, bgp_get_default(), vp->bgp);
416
417 return 0;
418 }
419
420 static bool ecom_intersect(struct ecommunity *e1, struct ecommunity *e2)
421 {
422 uint32_t i, j;
423
424 if (!e1 || !e2)
425 return false;
426 for (i = 0; i < e1->size; ++i) {
427 for (j = 0; j < e2->size; ++j) {
428 if (!memcmp(e1->val + (i * e1->unit_size),
429 e2->val + (j * e2->unit_size),
430 e1->unit_size)) {
431
432 return true;
433 }
434 }
435 }
436 return false;
437 }
438
439 static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label,
440 uint32_t n)
441 {
442 uint32_t i;
443
444 if (!bpi->extra) {
445 if (!n)
446 return true;
447 else
448 return false;
449 }
450
451 if (n != bpi->extra->num_labels)
452 return false;
453
454 for (i = 0; i < n; ++i) {
455 if (label[i] != bpi->extra->label[i])
456 return false;
457 }
458 return true;
459 }
460
461 /*
462 * make encoded route labels match specified encoded label set
463 */
464 static void setlabels(struct bgp_path_info *bpi,
465 mpls_label_t *label, /* array of labels */
466 uint32_t num_labels)
467 {
468 if (num_labels)
469 assert(label);
470 assert(num_labels <= BGP_MAX_LABELS);
471
472 if (!num_labels) {
473 if (bpi->extra)
474 bpi->extra->num_labels = 0;
475 return;
476 }
477
478 struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi);
479 uint32_t i;
480
481 for (i = 0; i < num_labels; ++i) {
482 extra->label[i] = label[i];
483 if (!bgp_is_valid_label(&label[i])) {
484 bgp_set_valid_label(&extra->label[i]);
485 }
486 }
487 extra->num_labels = num_labels;
488 }
489
490 /*
491 * returns pointer to new bgp_path_info upon success
492 */
493 static struct bgp_path_info *
494 leak_update(struct bgp *bgp, /* destination bgp instance */
495 struct bgp_dest *bn, struct attr *new_attr, /* already interned */
496 afi_t afi, safi_t safi, struct bgp_path_info *source_bpi,
497 mpls_label_t *label, uint32_t num_labels, void *parent,
498 struct bgp *bgp_orig, struct prefix *nexthop_orig,
499 int nexthop_self_flag, int debug)
500 {
501 const struct prefix *p = bgp_dest_get_prefix(bn);
502 struct bgp_path_info *bpi;
503 struct bgp_path_info *bpi_ultimate;
504 struct bgp_path_info *new;
505
506 if (debug)
507 zlog_debug(
508 "%s: entry: leak-to=%s, p=%pBD, type=%d, sub_type=%d",
509 __func__, bgp->name_pretty, bn, source_bpi->type,
510 source_bpi->sub_type);
511
512 /*
513 * Routes that are redistributed into BGP from zebra do not get
514 * nexthop tracking. However, if those routes are subsequently
515 * imported to other RIBs within BGP, the leaked routes do not
516 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
517 * in order to determine if the route we are currently leaking
518 * should have nexthop tracking, we must find the ultimate
519 * parent so we can check its sub_type.
520 *
521 * As of now, source_bpi may at most be a second-generation route
522 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
523 * Using a loop here supports more complex intra-bgp import-export
524 * schemes that could be implemented in the future.
525 *
526 */
527 for (bpi_ultimate = source_bpi;
528 bpi_ultimate->extra && bpi_ultimate->extra->parent;
529 bpi_ultimate = bpi_ultimate->extra->parent)
530 ;
531
532 /*
533 * match parent
534 */
535 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
536 if (bpi->extra && bpi->extra->parent == parent)
537 break;
538 }
539
540 if (bpi) {
541 bool labelssame = labels_same(bpi, label, num_labels);
542
543 if (attrhash_cmp(bpi->attr, new_attr) && labelssame
544 && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
545
546 bgp_attr_unintern(&new_attr);
547 if (debug)
548 zlog_debug(
549 "%s: ->%s: %pBD: Found route, no change",
550 __func__, bgp->name_pretty, bn);
551 return NULL;
552 }
553
554 /* attr is changed */
555 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED);
556
557 /* Rewrite BGP route information. */
558 if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED))
559 bgp_path_info_restore(bn, bpi);
560 else
561 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
562 bgp_attr_unintern(&bpi->attr);
563 bpi->attr = new_attr;
564 bpi->uptime = bgp_clock();
565
566 /*
567 * rewrite labels
568 */
569 if (!labelssame)
570 setlabels(bpi, label, num_labels);
571
572 if (nexthop_self_flag)
573 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF);
574
575 struct bgp *bgp_nexthop = bgp;
576 int nh_valid;
577
578 if (bpi->extra && bpi->extra->bgp_orig)
579 bgp_nexthop = bpi->extra->bgp_orig;
580
581 /*
582 * No nexthop tracking for redistributed routes or for
583 * EVPN-imported routes that get leaked.
584 */
585 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
586 is_pi_family_evpn(bpi_ultimate))
587 nh_valid = 1;
588 else
589 /*
590 * TBD do we need to do anything about the
591 * 'connected' parameter?
592 */
593 nh_valid = bgp_find_or_add_nexthop(
594 bgp, bgp_nexthop, afi, safi, bpi, NULL, 0);
595
596 if (debug)
597 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
598 __func__, (nh_valid ? "" : "not "),
599 bgp_nexthop->name_pretty);
600
601 if (nh_valid)
602 bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID);
603
604 /* Process change. */
605 bgp_aggregate_increment(bgp, p, bpi, afi, safi);
606 bgp_process(bgp, bn, afi, safi);
607 bgp_dest_unlock_node(bn);
608
609 if (debug)
610 zlog_debug("%s: ->%s: %pBD Found route, changed attr",
611 __func__, bgp->name_pretty, bn);
612
613 return bpi;
614 }
615
616 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
617 bgp->peer_self, new_attr, bn);
618
619 if (nexthop_self_flag)
620 bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF);
621
622 bgp_path_info_extra_get(new);
623
624 if (num_labels)
625 setlabels(new, label, num_labels);
626
627 new->extra->parent = bgp_path_info_lock(parent);
628 bgp_dest_lock_node(
629 (struct bgp_dest *)((struct bgp_path_info *)parent)->net);
630 if (bgp_orig)
631 new->extra->bgp_orig = bgp_lock(bgp_orig);
632 if (nexthop_orig)
633 new->extra->nexthop_orig = *nexthop_orig;
634
635 /*
636 * nexthop tracking for unicast routes
637 */
638 struct bgp *bgp_nexthop = bgp;
639 int nh_valid;
640
641 if (new->extra->bgp_orig)
642 bgp_nexthop = new->extra->bgp_orig;
643
644 /*
645 * No nexthop tracking for redistributed routes because
646 * their originating protocols will do the tracking and
647 * withdraw those routes if the nexthops become unreachable
648 * This also holds good for EVPN-imported routes that get
649 * leaked.
650 */
651 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
652 is_pi_family_evpn(bpi_ultimate))
653 nh_valid = 1;
654 else
655 /*
656 * TBD do we need to do anything about the
657 * 'connected' parameter?
658 */
659 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop, afi, safi,
660 new, NULL, 0);
661
662 if (debug)
663 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
664 __func__, (nh_valid ? "" : "not "),
665 bgp_nexthop->name_pretty);
666 if (nh_valid)
667 bgp_path_info_set_flag(bn, new, BGP_PATH_VALID);
668
669 bgp_aggregate_increment(bgp, p, new, afi, safi);
670 bgp_path_info_add(bn, new);
671
672 bgp_dest_unlock_node(bn);
673 bgp_process(bgp, bn, afi, safi);
674
675 if (debug)
676 zlog_debug("%s: ->%s: %pBD: Added new route", __func__,
677 bgp->name_pretty, bn);
678
679 return new;
680 }
681
682 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
683 void vpn_leak_from_vrf_update(struct bgp *bgp_vpn, /* to */
684 struct bgp *bgp_vrf, /* from */
685 struct bgp_path_info *path_vrf) /* route */
686 {
687 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
688 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
689 afi_t afi = family2afi(p->family);
690 struct attr static_attr = {0};
691 struct attr *new_attr = NULL;
692 safi_t safi = SAFI_MPLS_VPN;
693 mpls_label_t label_val;
694 mpls_label_t label;
695 struct bgp_dest *bn;
696 const char *debugmsg;
697 int nexthop_self_flag = 0;
698
699 if (debug)
700 zlog_debug("%s: from vrf %s", __func__, bgp_vrf->name_pretty);
701
702 if (debug && path_vrf->attr->ecommunity) {
703 char *s = ecommunity_ecom2str(path_vrf->attr->ecommunity,
704 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
705
706 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__,
707 bgp_vrf->name, path_vrf->type, s);
708 XFREE(MTYPE_ECOMMUNITY_STR, s);
709 }
710
711 if (!bgp_vpn)
712 return;
713
714 if (!afi) {
715 if (debug)
716 zlog_debug("%s: can't get afi of prefix", __func__);
717 return;
718 }
719
720 /* Is this route exportable into the VPN table? */
721 if (!is_route_injectable_into_vpn(path_vrf))
722 return;
723
724 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
725 if (debug)
726 zlog_debug("%s: %s skipping: %s", __func__,
727 bgp_vrf->name, debugmsg);
728 return;
729 }
730
731 /* shallow copy */
732 static_attr = *path_vrf->attr;
733
734 /*
735 * route map handling
736 */
737 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
738 struct bgp_path_info info;
739 route_map_result_t ret;
740
741 memset(&info, 0, sizeof(info));
742 info.peer = bgp_vpn->peer_self;
743 info.attr = &static_attr;
744 ret = route_map_apply(
745 bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN],
746 p, &info);
747 if (RMAP_DENYMATCH == ret) {
748 bgp_attr_flush(&static_attr); /* free any added parts */
749 if (debug)
750 zlog_debug(
751 "%s: vrf %s route map \"%s\" says DENY, returning",
752 __func__, bgp_vrf->name_pretty,
753 bgp_vrf->vpn_policy[afi]
754 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
755 ->name);
756 return;
757 }
758 }
759
760 if (debug && static_attr.ecommunity) {
761 char *s = ecommunity_ecom2str(static_attr.ecommunity,
762 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
763
764 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
765 __func__, s);
766 XFREE(MTYPE_ECOMMUNITY_STR, s);
767 }
768
769 /*
770 * Add the vpn-policy rt-list
771 */
772 struct ecommunity *old_ecom;
773 struct ecommunity *new_ecom;
774
775 /* Export with the 'from' instance's export RTs. */
776 /* If doing VRF-to-VRF leaking, strip existing RTs first. */
777 old_ecom = static_attr.ecommunity;
778 if (old_ecom) {
779 new_ecom = ecommunity_dup(old_ecom);
780 if (CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST],
781 BGP_CONFIG_VRF_TO_VRF_EXPORT))
782 ecommunity_strip_rts(new_ecom);
783 new_ecom = ecommunity_merge(new_ecom,
784 bgp_vrf->vpn_policy[afi]
785 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
786 if (!old_ecom->refcnt)
787 ecommunity_free(&old_ecom);
788 } else {
789 new_ecom = ecommunity_dup(
790 bgp_vrf->vpn_policy[afi]
791 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
792 }
793 static_attr.ecommunity = new_ecom;
794 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
795
796 if (debug && static_attr.ecommunity) {
797 char *s = ecommunity_ecom2str(static_attr.ecommunity,
798 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
799
800 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
801 __func__, s);
802 XFREE(MTYPE_ECOMMUNITY_STR, s);
803 }
804
805 /* Nexthop */
806 /* if policy nexthop not set, use 0 */
807 if (CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
808 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
809 struct prefix *nexthop =
810 &bgp_vrf->vpn_policy[afi].tovpn_nexthop;
811
812 switch (nexthop->family) {
813 case AF_INET:
814 /* prevent mp_nexthop_global_in <- self in bgp_route.c
815 */
816 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
817
818 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
819 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV4;
820 break;
821
822 case AF_INET6:
823 static_attr.mp_nexthop_global = nexthop->u.prefix6;
824 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL;
825 break;
826
827 default:
828 assert(0);
829 }
830 } else {
831 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST],
832 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
833 if (afi == AFI_IP) {
834 /*
835 * For ipv4, copy to multiprotocol
836 * nexthop field
837 */
838 static_attr.mp_nexthop_global_in =
839 static_attr.nexthop;
840 static_attr.mp_nexthop_len =
841 BGP_ATTR_NHLEN_IPV4;
842 /*
843 * XXX Leave static_attr.nexthop
844 * intact for NHT
845 */
846 static_attr.flag &=
847 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
848 }
849 } else {
850 /* Update based on next-hop family to account for
851 * RFC 5549 (BGP unnumbered) scenario. Note that
852 * specific action is only needed for the case of
853 * IPv4 nexthops as the attr has been copied
854 * otherwise.
855 */
856 if (afi == AFI_IP
857 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
858 static_attr.mp_nexthop_global_in.s_addr =
859 static_attr.nexthop.s_addr;
860 static_attr.mp_nexthop_len =
861 BGP_ATTR_NHLEN_IPV4;
862 static_attr.flag |=
863 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
864 }
865 }
866 nexthop_self_flag = 1;
867 }
868
869 label_val = bgp_vrf->vpn_policy[afi].tovpn_label;
870 if (label_val == MPLS_LABEL_NONE) {
871 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
872 } else {
873 encode_label(label_val, &label);
874 }
875
876 /* Set originator ID to "me" */
877 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
878 static_attr.originator_id = bgp_vpn->router_id;
879
880
881 new_attr = bgp_attr_intern(
882 &static_attr); /* hashed refcounted everything */
883 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
884
885 if (debug && new_attr->ecommunity) {
886 char *s = ecommunity_ecom2str(new_attr->ecommunity,
887 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
888
889 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
890 XFREE(MTYPE_ECOMMUNITY_STR, s);
891 }
892
893 /* Now new_attr is an allocated interned attr */
894
895 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
896 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
897
898 struct bgp_path_info *new_info;
899
900 new_info = leak_update(bgp_vpn, bn, new_attr, afi, safi, path_vrf,
901 &label, 1, path_vrf, bgp_vrf, NULL,
902 nexthop_self_flag, debug);
903
904 /*
905 * Routes actually installed in the vpn RIB must also be
906 * offered to all vrfs (because now they originate from
907 * the vpn RIB).
908 *
909 * Acceptance into other vrfs depends on rt-lists.
910 * Originating vrf will not accept the looped back route
911 * because of loop checking.
912 */
913 if (new_info)
914 vpn_leak_to_vrf_update(bgp_vrf, new_info);
915 }
916
917 void vpn_leak_from_vrf_withdraw(struct bgp *bgp_vpn, /* to */
918 struct bgp *bgp_vrf, /* from */
919 struct bgp_path_info *path_vrf) /* route */
920 {
921 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
922 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
923 afi_t afi = family2afi(p->family);
924 safi_t safi = SAFI_MPLS_VPN;
925 struct bgp_path_info *bpi;
926 struct bgp_dest *bn;
927 const char *debugmsg;
928
929 if (debug) {
930 zlog_debug(
931 "%s: entry: leak-from=%s, p=%pBD, type=%d, sub_type=%d",
932 __func__, bgp_vrf->name_pretty, path_vrf->net,
933 path_vrf->type, path_vrf->sub_type);
934 }
935
936 if (!bgp_vpn)
937 return;
938
939 if (!afi) {
940 if (debug)
941 zlog_debug("%s: can't get afi of prefix", __func__);
942 return;
943 }
944
945 /* Is this route exportable into the VPN table? */
946 if (!is_route_injectable_into_vpn(path_vrf))
947 return;
948
949 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
950 if (debug)
951 zlog_debug("%s: skipping: %s", __func__, debugmsg);
952 return;
953 }
954
955 if (debug)
956 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf);
957
958 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
959 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
960
961 if (!bn)
962 return;
963 /*
964 * vrf -> vpn
965 * match original bpi imported from
966 */
967 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
968 if (bpi->extra && bpi->extra->parent == path_vrf) {
969 break;
970 }
971 }
972
973 if (bpi) {
974 /* withdraw from looped vrfs as well */
975 vpn_leak_to_vrf_withdraw(bgp_vpn, bpi);
976
977 bgp_aggregate_decrement(bgp_vpn, p, bpi, afi, safi);
978 bgp_path_info_delete(bn, bpi);
979 bgp_process(bgp_vpn, bn, afi, safi);
980 }
981 bgp_dest_unlock_node(bn);
982 }
983
984 void vpn_leak_from_vrf_withdraw_all(struct bgp *bgp_vpn, /* to */
985 struct bgp *bgp_vrf, /* from */
986 afi_t afi)
987 {
988 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
989 struct bgp_dest *pdest;
990 safi_t safi = SAFI_MPLS_VPN;
991
992 /*
993 * Walk vpn table, delete bpi with bgp_orig == bgp_vrf
994 */
995 for (pdest = bgp_table_top(bgp_vpn->rib[afi][safi]); pdest;
996 pdest = bgp_route_next(pdest)) {
997
998 struct bgp_table *table;
999 struct bgp_dest *bn;
1000 struct bgp_path_info *bpi;
1001
1002 /* This is the per-RD table of prefixes */
1003 table = bgp_dest_get_bgp_table_info(pdest);
1004
1005 if (!table)
1006 continue;
1007
1008 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1009 bpi = bgp_dest_get_bgp_path_info(bn);
1010 if (debug && bpi) {
1011 zlog_debug("%s: looking at prefix %pBD",
1012 __func__, bn);
1013 }
1014
1015 for (; bpi; bpi = bpi->next) {
1016 if (debug)
1017 zlog_debug("%s: type %d, sub_type %d",
1018 __func__, bpi->type,
1019 bpi->sub_type);
1020 if (bpi->sub_type != BGP_ROUTE_IMPORTED)
1021 continue;
1022 if (!bpi->extra)
1023 continue;
1024 if ((struct bgp *)bpi->extra->bgp_orig
1025 == bgp_vrf) {
1026 /* delete route */
1027 if (debug)
1028 zlog_debug("%s: deleting it",
1029 __func__);
1030 bgp_aggregate_decrement(
1031 bgp_vpn,
1032 bgp_dest_get_prefix(bn), bpi,
1033 afi, safi);
1034 bgp_path_info_delete(bn, bpi);
1035 bgp_process(bgp_vpn, bn, afi, safi);
1036 }
1037 }
1038 }
1039 }
1040 }
1041
1042 void vpn_leak_from_vrf_update_all(struct bgp *bgp_vpn, /* to */
1043 struct bgp *bgp_vrf, /* from */
1044 afi_t afi)
1045 {
1046 struct bgp_dest *bn;
1047 struct bgp_path_info *bpi;
1048 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1049
1050 if (debug)
1051 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
1052 bgp_vrf->name_pretty);
1053
1054 for (bn = bgp_table_top(bgp_vrf->rib[afi][SAFI_UNICAST]); bn;
1055 bn = bgp_route_next(bn)) {
1056
1057 if (debug)
1058 zlog_debug("%s: node=%p", __func__, bn);
1059
1060 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1061 bpi = bpi->next) {
1062 if (debug)
1063 zlog_debug(
1064 "%s: calling vpn_leak_from_vrf_update",
1065 __func__);
1066 vpn_leak_from_vrf_update(bgp_vpn, bgp_vrf, bpi);
1067 }
1068 }
1069 }
1070
1071 static void
1072 vpn_leak_to_vrf_update_onevrf(struct bgp *bgp_vrf, /* to */
1073 struct bgp *bgp_vpn, /* from */
1074 struct bgp_path_info *path_vpn) /* route */
1075 {
1076 const struct prefix *p = bgp_dest_get_prefix(path_vpn->net);
1077 afi_t afi = family2afi(p->family);
1078
1079 struct attr static_attr = {0};
1080 struct attr *new_attr = NULL;
1081 struct bgp_dest *bn;
1082 safi_t safi = SAFI_UNICAST;
1083 const char *debugmsg;
1084 struct prefix nexthop_orig;
1085 mpls_label_t *pLabels = NULL;
1086 uint32_t num_labels = 0;
1087 int nexthop_self_flag = 1;
1088 struct bgp_path_info *bpi_ultimate = NULL;
1089 int origin_local = 0;
1090 struct bgp *src_vrf;
1091
1092 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1093
1094 if (!vpn_leak_from_vpn_active(bgp_vrf, afi, &debugmsg)) {
1095 if (debug)
1096 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1097 return;
1098 }
1099
1100 /* Check for intersection of route targets */
1101 if (!ecom_intersect(
1102 bgp_vrf->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1103 path_vpn->attr->ecommunity)) {
1104
1105 return;
1106 }
1107
1108 if (debug)
1109 zlog_debug("%s: updating %pFX to vrf %s", __func__, p,
1110 bgp_vrf->name_pretty);
1111
1112 /* shallow copy */
1113 static_attr = *path_vpn->attr;
1114
1115 struct ecommunity *old_ecom;
1116 struct ecommunity *new_ecom;
1117
1118 /* If doing VRF-to-VRF leaking, strip RTs. */
1119 old_ecom = static_attr.ecommunity;
1120 if (old_ecom && CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1121 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1122 new_ecom = ecommunity_dup(old_ecom);
1123 ecommunity_strip_rts(new_ecom);
1124 static_attr.ecommunity = new_ecom;
1125
1126 if (new_ecom->size == 0) {
1127 UNSET_FLAG(static_attr.flag,
1128 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
1129 ecommunity_free(&new_ecom);
1130 static_attr.ecommunity = NULL;
1131 }
1132
1133 if (!old_ecom->refcnt)
1134 ecommunity_free(&old_ecom);
1135 }
1136
1137 /*
1138 * Nexthop: stash and clear
1139 *
1140 * Nexthop is valid in context of VPN core, but not in destination vrf.
1141 * Stash it for later label resolution by vrf ingress path and then
1142 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1143 */
1144 uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len);
1145
1146 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1147 nexthop_orig.family = nhfamily;
1148
1149 switch (nhfamily) {
1150 case AF_INET:
1151 /* save */
1152 nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in;
1153 nexthop_orig.prefixlen = 32;
1154
1155 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1156 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1157 static_attr.nexthop.s_addr =
1158 nexthop_orig.u.prefix4.s_addr;
1159
1160 static_attr.mp_nexthop_global_in =
1161 path_vpn->attr->mp_nexthop_global_in;
1162 static_attr.mp_nexthop_len =
1163 path_vpn->attr->mp_nexthop_len;
1164 }
1165 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1166 break;
1167 case AF_INET6:
1168 /* save */
1169 nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global;
1170 nexthop_orig.prefixlen = 128;
1171
1172 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1173 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1174 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
1175 }
1176 break;
1177 }
1178
1179 /*
1180 * route map handling
1181 */
1182 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
1183 struct bgp_path_info info;
1184 route_map_result_t ret;
1185
1186 memset(&info, 0, sizeof(info));
1187 info.peer = bgp_vrf->peer_self;
1188 info.attr = &static_attr;
1189 info.extra = path_vpn->extra; /* Used for source-vrf filter */
1190 ret = route_map_apply(bgp_vrf->vpn_policy[afi]
1191 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
1192 p, &info);
1193 if (RMAP_DENYMATCH == ret) {
1194 bgp_attr_flush(&static_attr); /* free any added parts */
1195 if (debug)
1196 zlog_debug(
1197 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
1198 __func__, bgp_vrf->name_pretty,
1199 bgp_vrf->vpn_policy[afi]
1200 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
1201 ->name);
1202 return;
1203 }
1204 /*
1205 * if route-map changed nexthop, don't nexthop-self on output
1206 */
1207 if (!CHECK_FLAG(static_attr.rmap_change_flags,
1208 BATTR_RMAP_NEXTHOP_UNCHANGED))
1209 nexthop_self_flag = 0;
1210 }
1211
1212 new_attr = bgp_attr_intern(&static_attr);
1213 bgp_attr_flush(&static_attr);
1214
1215 bn = bgp_afi_node_get(bgp_vrf->rib[afi][safi], afi, safi, p, NULL);
1216
1217 /*
1218 * ensure labels are copied
1219 *
1220 * However, there is a special case: if the route originated in
1221 * another local VRF (as opposed to arriving via VPN), then the
1222 * nexthop is reached by hairpinning through this router (me)
1223 * using IP forwarding only (no LSP). Therefore, the route
1224 * imported to the VRF should not have labels attached. Note
1225 * that nexthop tracking is also involved: eliminating the
1226 * labels for these routes enables the non-labeled nexthops
1227 * from the originating VRF to be considered valid for this route.
1228 */
1229 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1230 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1231 /* work back to original route */
1232 for (bpi_ultimate = path_vpn;
1233 bpi_ultimate->extra && bpi_ultimate->extra->parent;
1234 bpi_ultimate = bpi_ultimate->extra->parent)
1235 ;
1236
1237 /*
1238 * if original route was unicast,
1239 * then it did not arrive over vpn
1240 */
1241 if (bpi_ultimate->net) {
1242 struct bgp_table *table;
1243
1244 table = bgp_dest_table(bpi_ultimate->net);
1245 if (table && (table->safi == SAFI_UNICAST))
1246 origin_local = 1;
1247 }
1248
1249 /* copy labels */
1250 if (!origin_local && path_vpn->extra
1251 && path_vpn->extra->num_labels) {
1252 num_labels = path_vpn->extra->num_labels;
1253 if (num_labels > BGP_MAX_LABELS)
1254 num_labels = BGP_MAX_LABELS;
1255 pLabels = path_vpn->extra->label;
1256 }
1257 }
1258
1259 if (debug)
1260 zlog_debug("%s: pfx %pBD: num_labels %d", __func__,
1261 path_vpn->net, num_labels);
1262
1263 /*
1264 * For VRF-2-VRF route-leaking,
1265 * the source will be the originating VRF.
1266 */
1267 if (path_vpn->extra && path_vpn->extra->bgp_orig)
1268 src_vrf = path_vpn->extra->bgp_orig;
1269 else
1270 src_vrf = bgp_vpn;
1271
1272 leak_update(bgp_vrf, bn, new_attr, afi, safi, path_vpn, pLabels,
1273 num_labels, path_vpn, /* parent */
1274 src_vrf, &nexthop_orig, nexthop_self_flag, debug);
1275 }
1276
1277 void vpn_leak_to_vrf_update(struct bgp *bgp_vpn, /* from */
1278 struct bgp_path_info *path_vpn) /* route */
1279 {
1280 struct listnode *mnode, *mnnode;
1281 struct bgp *bgp;
1282
1283 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1284
1285 if (debug)
1286 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1287
1288 /* Loop over VRFs */
1289 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1290
1291 if (!path_vpn->extra
1292 || path_vpn->extra->bgp_orig != bgp) { /* no loop */
1293 vpn_leak_to_vrf_update_onevrf(bgp, bgp_vpn, path_vpn);
1294 }
1295 }
1296 }
1297
1298 void vpn_leak_to_vrf_withdraw(struct bgp *bgp_vpn, /* from */
1299 struct bgp_path_info *path_vpn) /* route */
1300 {
1301 const struct prefix *p;
1302 afi_t afi;
1303 safi_t safi = SAFI_UNICAST;
1304 struct bgp *bgp;
1305 struct listnode *mnode, *mnnode;
1306 struct bgp_dest *bn;
1307 struct bgp_path_info *bpi;
1308 const char *debugmsg;
1309
1310 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1311
1312 if (debug)
1313 zlog_debug("%s: entry: p=%pBD, type=%d, sub_type=%d", __func__,
1314 path_vpn->net, path_vpn->type, path_vpn->sub_type);
1315
1316 if (debug)
1317 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1318
1319 if (!path_vpn->net) {
1320 #ifdef ENABLE_BGP_VNC
1321 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
1322 if (path_vpn->type == ZEBRA_ROUTE_BGP
1323 && path_vpn->sub_type == BGP_ROUTE_RFP) {
1324
1325 return;
1326 }
1327 #endif
1328 if (debug)
1329 zlog_debug(
1330 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
1331 __func__);
1332 return;
1333 }
1334
1335 p = bgp_dest_get_prefix(path_vpn->net);
1336 afi = family2afi(p->family);
1337
1338 /* Loop over VRFs */
1339 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1340 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
1341 if (debug)
1342 zlog_debug("%s: skipping: %s", __func__,
1343 debugmsg);
1344 continue;
1345 }
1346
1347 /* Check for intersection of route targets */
1348 if (!ecom_intersect(bgp->vpn_policy[afi]
1349 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1350 path_vpn->attr->ecommunity)) {
1351
1352 continue;
1353 }
1354
1355 if (debug)
1356 zlog_debug("%s: withdrawing from vrf %s", __func__,
1357 bgp->name_pretty);
1358
1359 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
1360
1361 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1362 bpi = bpi->next) {
1363 if (bpi->extra
1364 && (struct bgp_path_info *)bpi->extra->parent
1365 == path_vpn) {
1366 break;
1367 }
1368 }
1369
1370 if (bpi) {
1371 if (debug)
1372 zlog_debug("%s: deleting bpi %p", __func__,
1373 bpi);
1374 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
1375 bgp_path_info_delete(bn, bpi);
1376 bgp_process(bgp, bn, afi, safi);
1377 }
1378 bgp_dest_unlock_node(bn);
1379 }
1380 }
1381
1382 void vpn_leak_to_vrf_withdraw_all(struct bgp *bgp_vrf, /* to */
1383 afi_t afi)
1384 {
1385 struct bgp_dest *bn;
1386 struct bgp_path_info *bpi;
1387 safi_t safi = SAFI_UNICAST;
1388 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1389
1390 if (debug)
1391 zlog_debug("%s: entry", __func__);
1392 /*
1393 * Walk vrf table, delete bpi with bgp_orig in a different vrf
1394 */
1395 for (bn = bgp_table_top(bgp_vrf->rib[afi][safi]); bn;
1396 bn = bgp_route_next(bn)) {
1397
1398 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1399 bpi = bpi->next) {
1400 if (bpi->extra
1401 && bpi->extra->bgp_orig != bgp_vrf
1402 && bpi->extra->parent
1403 && is_pi_family_vpn(bpi->extra->parent)) {
1404
1405 /* delete route */
1406 bgp_aggregate_decrement(bgp_vrf,
1407 bgp_dest_get_prefix(bn),
1408 bpi, afi, safi);
1409 bgp_path_info_delete(bn, bpi);
1410 bgp_process(bgp_vrf, bn, afi, safi);
1411 }
1412 }
1413 }
1414 }
1415
1416 void vpn_leak_to_vrf_update_all(struct bgp *bgp_vrf, /* to */
1417 struct bgp *bgp_vpn, /* from */
1418 afi_t afi)
1419 {
1420 struct prefix_rd prd;
1421 struct bgp_dest *pdest;
1422 safi_t safi = SAFI_MPLS_VPN;
1423
1424 assert(bgp_vpn);
1425
1426 /*
1427 * Walk vpn table
1428 */
1429 for (pdest = bgp_table_top(bgp_vpn->rib[afi][safi]); pdest;
1430 pdest = bgp_route_next(pdest)) {
1431 const struct prefix *p = bgp_dest_get_prefix(pdest);
1432 struct bgp_table *table;
1433 struct bgp_dest *bn;
1434 struct bgp_path_info *bpi;
1435
1436 memset(&prd, 0, sizeof(prd));
1437 prd.family = AF_UNSPEC;
1438 prd.prefixlen = 64;
1439 memcpy(prd.val, &p->u.val, 8);
1440
1441 /* This is the per-RD table of prefixes */
1442 table = bgp_dest_get_bgp_table_info(pdest);
1443
1444 if (!table)
1445 continue;
1446
1447 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1448
1449 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1450 bpi = bpi->next) {
1451
1452 if (bpi->extra
1453 && bpi->extra->bgp_orig == bgp_vrf)
1454 continue;
1455
1456 vpn_leak_to_vrf_update_onevrf(bgp_vrf, bgp_vpn,
1457 bpi);
1458 }
1459 }
1460 }
1461 }
1462
1463 /*
1464 * This function is called for definition/deletion/change to a route-map
1465 */
1466 static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
1467 {
1468 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1469 afi_t afi;
1470 struct route_map *rmap;
1471
1472 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1473 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
1474
1475 return;
1476 }
1477
1478 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
1479
1480 for (afi = 0; afi < AFI_MAX; ++afi) {
1481
1482 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
1483 && !strcmp(rmap_name,
1484 bgp->vpn_policy[afi]
1485 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
1486
1487 if (debug)
1488 zlog_debug(
1489 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
1490 __func__, rmap_name, bgp->as,
1491 afi2str(afi));
1492
1493 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1494 bgp_get_default(), bgp);
1495 if (debug)
1496 zlog_debug("%s: after vpn_leak_prechange",
1497 __func__);
1498
1499 /* in case of definition/deletion */
1500 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
1501 rmap;
1502
1503 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1504 bgp_get_default(), bgp);
1505
1506 if (debug)
1507 zlog_debug("%s: after vpn_leak_postchange",
1508 __func__);
1509 }
1510
1511 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
1512 && !strcmp(rmap_name,
1513 bgp->vpn_policy[afi]
1514 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
1515
1516 if (debug) {
1517 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
1518 __func__, rmap_name, bgp->as,
1519 afi2str(afi));
1520 }
1521
1522 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1523 bgp_get_default(), bgp);
1524
1525 /* in case of definition/deletion */
1526 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
1527 rmap;
1528
1529 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1530 bgp_get_default(), bgp);
1531 }
1532 }
1533 }
1534
1535 /* This API is used during router-id change, reflect VPNs
1536 * auto RD and RT values and readvertise routes to VPN table.
1537 */
1538 void vpn_handle_router_id_update(struct bgp *bgp, bool withdraw,
1539 bool is_config)
1540 {
1541 afi_t afi;
1542 int debug;
1543 char *vname;
1544 const char *export_name;
1545 char buf[RD_ADDRSTRLEN];
1546 struct bgp *bgp_import;
1547 struct listnode *node;
1548 struct ecommunity *ecom;
1549 vpn_policy_direction_t idir, edir;
1550
1551 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1552 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
1553 return;
1554
1555 export_name = bgp->name ? bgp->name : VRF_DEFAULT_NAME;
1556 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1557 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1558
1559 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1560 edir = BGP_VPN_POLICY_DIR_TOVPN;
1561
1562 for (afi = 0; afi < AFI_MAX; ++afi) {
1563 if (!vpn_leak_to_vpn_active(bgp, afi, NULL))
1564 continue;
1565
1566 if (withdraw) {
1567 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
1568 afi, bgp_get_default(), bgp);
1569 if (debug)
1570 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
1571 __func__, export_name);
1572
1573 /* Remove import RT from VRFs */
1574 ecom = bgp->vpn_policy[afi].rtlist[edir];
1575 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1576 export_vrf, node, vname)) {
1577 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
1578 bgp_import = bgp_get_default();
1579 else
1580 bgp_import = bgp_lookup_by_name(vname);
1581 if (!bgp_import)
1582 continue;
1583
1584 ecommunity_del_val(bgp_import->vpn_policy[afi].
1585 rtlist[idir],
1586 (struct ecommunity_val *)ecom->val);
1587
1588 }
1589 } else {
1590 /*
1591 * Router-id changes that are not explicit config
1592 * changes should not replace configured RD/RT.
1593 */
1594 if (!is_config) {
1595 if (CHECK_FLAG(bgp->vpn_policy[afi].flags,
1596 BGP_VPN_POLICY_TOVPN_RD_SET)) {
1597 if (debug)
1598 zlog_debug("%s: auto router-id change skipped",
1599 __func__);
1600 goto postchange;
1601 }
1602 }
1603
1604 /* New router-id derive auto RD and RT and export
1605 * to VPN
1606 */
1607 form_auto_rd(bgp->router_id, bgp->vrf_rd_id,
1608 &bgp->vrf_prd_auto);
1609 bgp->vpn_policy[afi].tovpn_rd = bgp->vrf_prd_auto;
1610 prefix_rd2str(&bgp->vpn_policy[afi].tovpn_rd, buf,
1611 sizeof(buf));
1612 bgp->vpn_policy[afi].rtlist[edir] =
1613 ecommunity_str2com(buf,
1614 ECOMMUNITY_ROUTE_TARGET, 0);
1615
1616 /* Update import_vrf rt_list */
1617 ecom = bgp->vpn_policy[afi].rtlist[edir];
1618 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1619 export_vrf, node, vname)) {
1620 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
1621 bgp_import = bgp_get_default();
1622 else
1623 bgp_import = bgp_lookup_by_name(vname);
1624 if (!bgp_import)
1625 continue;
1626 if (bgp_import->vpn_policy[afi].rtlist[idir])
1627 bgp_import->vpn_policy[afi].rtlist[idir]
1628 = ecommunity_merge(
1629 bgp_import->vpn_policy[afi]
1630 .rtlist[idir], ecom);
1631 else
1632 bgp_import->vpn_policy[afi].rtlist[idir]
1633 = ecommunity_dup(ecom);
1634
1635 }
1636
1637 postchange:
1638 /* Update routes to VPN */
1639 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
1640 afi, bgp_get_default(),
1641 bgp);
1642 if (debug)
1643 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
1644 __func__, export_name);
1645 }
1646 }
1647 }
1648
1649 void vpn_policy_routemap_event(const char *rmap_name)
1650 {
1651 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1652 struct listnode *mnode, *mnnode;
1653 struct bgp *bgp;
1654
1655 if (debug)
1656 zlog_debug("%s: entry", __func__);
1657
1658 if (bm->bgp == NULL) /* may be called during cleanup */
1659 return;
1660
1661 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
1662 vpn_policy_routemap_update(bgp, rmap_name);
1663 }
1664
1665 void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
1666 afi_t afi, safi_t safi)
1667 {
1668 const char *export_name;
1669 vpn_policy_direction_t idir, edir;
1670 char *vname, *tmp_name;
1671 char buf[RD_ADDRSTRLEN];
1672 struct ecommunity *ecom;
1673 bool first_export = false;
1674 int debug;
1675 struct listnode *node;
1676 bool is_inst_match = false;
1677
1678 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
1679 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1680 edir = BGP_VPN_POLICY_DIR_TOVPN;
1681
1682 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1683 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1684
1685 /*
1686 * Cross-ref both VRFs. Also, note if this is the first time
1687 * any VRF is importing from "import_vrf".
1688 */
1689 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
1690 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
1691
1692 /* Check the import_vrf list of destination vrf for the source vrf name,
1693 * insert otherwise.
1694 */
1695 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf,
1696 node, tmp_name)) {
1697 if (strcmp(vname, tmp_name) == 0) {
1698 is_inst_match = true;
1699 break;
1700 }
1701 }
1702 if (!is_inst_match)
1703 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
1704 vname);
1705 else
1706 XFREE(MTYPE_TMP, vname);
1707
1708 /* Check if the source vrf already exports to any vrf,
1709 * first time export requires to setup auto derived RD/RT values.
1710 * Add the destination vrf name to export vrf list if it is
1711 * not present.
1712 */
1713 is_inst_match = false;
1714 vname = XSTRDUP(MTYPE_TMP, export_name);
1715 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
1716 first_export = true;
1717 } else {
1718 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
1719 node, tmp_name)) {
1720 if (strcmp(vname, tmp_name) == 0) {
1721 is_inst_match = true;
1722 break;
1723 }
1724 }
1725 }
1726 if (!is_inst_match)
1727 listnode_add(from_bgp->vpn_policy[afi].export_vrf,
1728 vname);
1729 else
1730 XFREE(MTYPE_TMP, vname);
1731
1732 /* Update import RT for current VRF using export RT of the VRF we're
1733 * importing from. First though, make sure "import_vrf" has that
1734 * set.
1735 */
1736 if (first_export) {
1737 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
1738 &from_bgp->vrf_prd_auto);
1739 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
1740 SET_FLAG(from_bgp->vpn_policy[afi].flags,
1741 BGP_VPN_POLICY_TOVPN_RD_SET);
1742 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
1743 buf, sizeof(buf));
1744 from_bgp->vpn_policy[afi].rtlist[edir] =
1745 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
1746 SET_FLAG(from_bgp->af_flags[afi][safi],
1747 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1748 from_bgp->vpn_policy[afi].tovpn_label =
1749 BGP_PREVENT_VRF_2_VRF_LEAK;
1750 }
1751 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1752 if (to_bgp->vpn_policy[afi].rtlist[idir])
1753 to_bgp->vpn_policy[afi].rtlist[idir] =
1754 ecommunity_merge(to_bgp->vpn_policy[afi]
1755 .rtlist[idir], ecom);
1756 else
1757 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
1758 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
1759
1760 if (debug) {
1761 const char *from_name;
1762 char *ecom1, *ecom2;
1763
1764 from_name = from_bgp->name ? from_bgp->name :
1765 VRF_DEFAULT_NAME;
1766
1767 ecom1 = ecommunity_ecom2str(
1768 to_bgp->vpn_policy[afi].rtlist[idir],
1769 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1770
1771 ecom2 = ecommunity_ecom2str(
1772 to_bgp->vpn_policy[afi].rtlist[edir],
1773 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1774
1775 zlog_debug(
1776 "%s from %s to %s first_export %u import-rt %s export-rt %s",
1777 __func__, from_name, export_name, first_export, ecom1,
1778 ecom2);
1779
1780 ecommunity_strfree(&ecom1);
1781 ecommunity_strfree(&ecom2);
1782 }
1783
1784 /* Does "import_vrf" first need to export its routes or that
1785 * is already done and we just need to import those routes
1786 * from the global table?
1787 */
1788 if (first_export)
1789 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
1790 else
1791 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
1792 }
1793
1794 void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
1795 afi_t afi, safi_t safi)
1796 {
1797 const char *export_name, *tmp_name;
1798 vpn_policy_direction_t idir, edir;
1799 char *vname;
1800 struct ecommunity *ecom = NULL;
1801 struct listnode *node;
1802 int debug;
1803
1804 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
1805 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
1806 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1807 edir = BGP_VPN_POLICY_DIR_TOVPN;
1808
1809 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1810 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1811
1812 /* Were we importing from "import_vrf"? */
1813 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
1814 vname)) {
1815 if (strcmp(vname, tmp_name) == 0)
1816 break;
1817 }
1818
1819 /*
1820 * We do not check in the cli if the passed in bgp
1821 * instance is actually imported into us before
1822 * we call this function. As such if we do not
1823 * find this in the import_vrf list than
1824 * we just need to return safely.
1825 */
1826 if (!vname)
1827 return;
1828
1829 if (debug)
1830 zlog_debug("%s from %s to %s", __func__, tmp_name, export_name);
1831
1832 /* Remove "import_vrf" from our import list. */
1833 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
1834 XFREE(MTYPE_TMP, vname);
1835
1836 /* Remove routes imported from "import_vrf". */
1837 /* TODO: In the current logic, we have to first remove all
1838 * imported routes and then (if needed) import back routes
1839 */
1840 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
1841
1842 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
1843 if (!to_bgp->vpn_policy[afi].rmap[idir])
1844 UNSET_FLAG(to_bgp->af_flags[afi][safi],
1845 BGP_CONFIG_VRF_TO_VRF_IMPORT);
1846 if (to_bgp->vpn_policy[afi].rtlist[idir])
1847 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
1848 } else {
1849 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1850 if (ecom)
1851 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
1852 (struct ecommunity_val *)ecom->val);
1853 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
1854 }
1855
1856 /*
1857 * What?
1858 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
1859 * below is checking for NULL that export_vrf can be
1860 * NULL, consequently it is complaining( like a cabbage )
1861 * that we could dereference and crash in the listcount(..)
1862 * check below.
1863 * So make it happy, under protest, with liberty and justice
1864 * for all.
1865 */
1866 assert(from_bgp->vpn_policy[afi].export_vrf);
1867
1868 /* Remove us from "import_vrf's" export list. If no other VRF
1869 * is importing from "import_vrf", cleanup appropriately.
1870 */
1871 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
1872 node, vname)) {
1873 if (strcmp(vname, export_name) == 0)
1874 break;
1875 }
1876
1877 /*
1878 * If we have gotten to this point then the vname must
1879 * exist. If not, we are in a world of trouble and
1880 * have slag sitting around.
1881 *
1882 * import_vrf and export_vrf must match in having
1883 * the in/out names as appropriate.
1884 * export_vrf list could have been cleaned up
1885 * as part of no router bgp source instnace.
1886 */
1887 if (!vname)
1888 return;
1889
1890 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
1891 XFREE(MTYPE_TMP, vname);
1892
1893 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
1894 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
1895 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
1896 UNSET_FLAG(from_bgp->af_flags[afi][safi],
1897 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1898 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
1899 sizeof(struct prefix_rd));
1900 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
1901 BGP_VPN_POLICY_TOVPN_RD_SET);
1902 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
1903
1904 }
1905 }
1906
1907 /* For testing purpose, static route of MPLS-VPN. */
1908 DEFUN (vpnv4_network,
1909 vpnv4_network_cmd,
1910 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1911 "Specify a network to announce via BGP\n"
1912 "IPv4 prefix\n"
1913 "Specify Route Distinguisher\n"
1914 "VPN Route Distinguisher\n"
1915 "VPN NLRI label (tag)\n"
1916 "VPN NLRI label (tag)\n"
1917 "Label value\n")
1918 {
1919 int idx_ipv4_prefixlen = 1;
1920 int idx_ext_community = 3;
1921 int idx_label = 5;
1922 return bgp_static_set_safi(
1923 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1924 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
1925 NULL, NULL, NULL, NULL);
1926 }
1927
1928 DEFUN (vpnv4_network_route_map,
1929 vpnv4_network_route_map_cmd,
1930 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map WORD",
1931 "Specify a network to announce via BGP\n"
1932 "IPv4 prefix\n"
1933 "Specify Route Distinguisher\n"
1934 "VPN Route Distinguisher\n"
1935 "VPN NLRI label (tag)\n"
1936 "VPN NLRI label (tag)\n"
1937 "Label value\n"
1938 "route map\n"
1939 "route map name\n")
1940 {
1941 int idx_ipv4_prefixlen = 1;
1942 int idx_ext_community = 3;
1943 int idx_label = 5;
1944 int idx_word_2 = 7;
1945 return bgp_static_set_safi(
1946 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1947 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1948 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1949 }
1950
1951 /* For testing purpose, static route of MPLS-VPN. */
1952 DEFUN (no_vpnv4_network,
1953 no_vpnv4_network_cmd,
1954 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1955 NO_STR
1956 "Specify a network to announce via BGP\n"
1957 "IPv4 prefix\n"
1958 "Specify Route Distinguisher\n"
1959 "VPN Route Distinguisher\n"
1960 "VPN NLRI label (tag)\n"
1961 "VPN NLRI label (tag)\n"
1962 "Label value\n")
1963 {
1964 int idx_ipv4_prefixlen = 2;
1965 int idx_ext_community = 4;
1966 int idx_label = 6;
1967 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
1968 argv[idx_ipv4_prefixlen]->arg,
1969 argv[idx_ext_community]->arg,
1970 argv[idx_label]->arg, 0, NULL, NULL, NULL);
1971 }
1972
1973 DEFUN (vpnv6_network,
1974 vpnv6_network_cmd,
1975 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map WORD]",
1976 "Specify a network to announce via BGP\n"
1977 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1978 "Specify Route Distinguisher\n"
1979 "VPN Route Distinguisher\n"
1980 "VPN NLRI label (tag)\n"
1981 "VPN NLRI label (tag)\n"
1982 "Label value\n"
1983 "route map\n"
1984 "route map name\n")
1985 {
1986 int idx_ipv6_prefix = 1;
1987 int idx_ext_community = 3;
1988 int idx_label = 5;
1989 int idx_word_2 = 7;
1990 if (argc == 8)
1991 return bgp_static_set_safi(
1992 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1993 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1994 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1995 else
1996 return bgp_static_set_safi(
1997 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1998 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1999 NULL, 0, NULL, NULL, NULL, NULL);
2000 }
2001
2002 /* For testing purpose, static route of MPLS-VPN. */
2003 DEFUN (no_vpnv6_network,
2004 no_vpnv6_network_cmd,
2005 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2006 NO_STR
2007 "Specify a network to announce via BGP\n"
2008 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2009 "Specify Route Distinguisher\n"
2010 "VPN Route Distinguisher\n"
2011 "VPN NLRI label (tag)\n"
2012 "VPN NLRI label (tag)\n"
2013 "Label value\n")
2014 {
2015 int idx_ipv6_prefix = 2;
2016 int idx_ext_community = 4;
2017 int idx_label = 6;
2018 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
2019 argv[idx_ipv6_prefix]->arg,
2020 argv[idx_ext_community]->arg,
2021 argv[idx_label]->arg, 0, NULL, NULL, NULL);
2022 }
2023
2024 int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
2025 enum bgp_show_type type, void *output_arg, int tags,
2026 bool use_json)
2027 {
2028 struct bgp *bgp;
2029 struct bgp_table *table;
2030
2031 bgp = bgp_get_default();
2032 if (bgp == NULL) {
2033 if (!use_json)
2034 vty_out(vty, "No BGP process is configured\n");
2035 else
2036 vty_out(vty, "{}\n");
2037 return CMD_WARNING;
2038 }
2039 table = bgp->rib[afi][SAFI_MPLS_VPN];
2040 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
2041 output_arg, use_json);
2042 }
2043
2044 DEFUN (show_bgp_ip_vpn_all_rd,
2045 show_bgp_ip_vpn_all_rd_cmd,
2046 "show bgp "BGP_AFI_CMD_STR" vpn all [rd ASN:NN_OR_IP-ADDRESS:NN] [json]",
2047 SHOW_STR
2048 BGP_STR
2049 BGP_VPNVX_HELP_STR
2050 "Display VPN NLRI specific information\n"
2051 "Display VPN NLRI specific information\n"
2052 "Display information for a route distinguisher\n"
2053 "VPN Route Distinguisher\n"
2054 JSON_STR)
2055 {
2056 int ret;
2057 struct prefix_rd prd;
2058 afi_t afi;
2059 int idx = 0;
2060
2061 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
2062 if (argv_find(argv, argc, "rd", &idx)) {
2063 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
2064 if (!ret) {
2065 vty_out(vty,
2066 "%% Malformed Route Distinguisher\n");
2067 return CMD_WARNING;
2068 }
2069 return bgp_show_mpls_vpn(vty, afi, &prd,
2070 bgp_show_type_normal, NULL, 0,
2071 use_json(argc, argv));
2072 } else {
2073 return bgp_show_mpls_vpn(vty, afi, NULL,
2074 bgp_show_type_normal, NULL, 0,
2075 use_json(argc, argv));
2076 }
2077 }
2078 return CMD_SUCCESS;
2079 }
2080
2081 ALIAS(show_bgp_ip_vpn_all_rd,
2082 show_bgp_ip_vpn_rd_cmd,
2083 "show bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN [json]",
2084 SHOW_STR
2085 BGP_STR
2086 BGP_VPNVX_HELP_STR
2087 "Display VPN NLRI specific information\n"
2088 "Display information for a route distinguisher\n"
2089 "VPN Route Distinguisher\n"
2090 JSON_STR)
2091
2092 #ifdef KEEP_OLD_VPN_COMMANDS
2093 DEFUN (show_ip_bgp_vpn_rd,
2094 show_ip_bgp_vpn_rd_cmd,
2095 "show ip bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN",
2096 SHOW_STR
2097 IP_STR
2098 BGP_STR
2099 BGP_AFI_HELP_STR
2100 "Address Family modifier\n"
2101 "Display information for a route distinguisher\n"
2102 "VPN Route Distinguisher\n")
2103 {
2104 int idx_ext_community = argc - 1;
2105 int ret;
2106 struct prefix_rd prd;
2107 afi_t afi;
2108 int idx = 0;
2109
2110 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2111 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2112 if (!ret) {
2113 vty_out(vty, "%% Malformed Route Distinguisher\n");
2114 return CMD_WARNING;
2115 }
2116 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2117 NULL, 0, 0);
2118 }
2119 return CMD_SUCCESS;
2120 }
2121
2122 DEFUN (show_ip_bgp_vpn_all,
2123 show_ip_bgp_vpn_all_cmd,
2124 "show [ip] bgp <vpnv4|vpnv6>",
2125 SHOW_STR
2126 IP_STR
2127 BGP_STR
2128 BGP_VPNVX_HELP_STR)
2129 {
2130 afi_t afi;
2131 int idx = 0;
2132
2133 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2134 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2135 NULL, 0, 0);
2136 return CMD_SUCCESS;
2137 }
2138
2139 DEFUN (show_ip_bgp_vpn_all_tags,
2140 show_ip_bgp_vpn_all_tags_cmd,
2141 "show [ip] bgp <vpnv4|vpnv6> all tags",
2142 SHOW_STR
2143 IP_STR
2144 BGP_STR
2145 BGP_VPNVX_HELP_STR
2146 "Display information about all VPNv4/VPNV6 NLRIs\n"
2147 "Display BGP tags for prefixes\n")
2148 {
2149 afi_t afi;
2150 int idx = 0;
2151
2152 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2153 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2154 NULL, 1, 0);
2155 return CMD_SUCCESS;
2156 }
2157
2158 DEFUN (show_ip_bgp_vpn_rd_tags,
2159 show_ip_bgp_vpn_rd_tags_cmd,
2160 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN tags",
2161 SHOW_STR
2162 IP_STR
2163 BGP_STR
2164 BGP_VPNVX_HELP_STR
2165 "Display information for a route distinguisher\n"
2166 "VPN Route Distinguisher\n"
2167 "Display BGP tags for prefixes\n")
2168 {
2169 int idx_ext_community = 5;
2170 int ret;
2171 struct prefix_rd prd;
2172 afi_t afi;
2173 int idx = 0;
2174
2175 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2176 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2177 if (!ret) {
2178 vty_out(vty, "%% Malformed Route Distinguisher\n");
2179 return CMD_WARNING;
2180 }
2181 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2182 NULL, 1, 0);
2183 }
2184 return CMD_SUCCESS;
2185 }
2186
2187 DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
2188 show_ip_bgp_vpn_all_neighbor_routes_cmd,
2189 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
2190 SHOW_STR
2191 IP_STR
2192 BGP_STR
2193 BGP_VPNVX_HELP_STR
2194 "Display information about all VPNv4/VPNv6 NLRIs\n"
2195 "Detailed information on TCP and BGP neighbor connections\n"
2196 "Neighbor to display information about\n"
2197 "Display routes learned from neighbor\n"
2198 JSON_STR)
2199 {
2200 int idx_ipv4 = 6;
2201 union sockunion su;
2202 struct peer *peer;
2203 int ret;
2204 bool uj = use_json(argc, argv);
2205 afi_t afi;
2206 int idx = 0;
2207
2208 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2209 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2210 if (ret < 0) {
2211 if (uj) {
2212 json_object *json_no = NULL;
2213 json_no = json_object_new_object();
2214 json_object_string_add(json_no, "warning",
2215 "Malformed address");
2216 vty_out(vty, "%s\n",
2217 json_object_to_json_string(json_no));
2218 json_object_free(json_no);
2219 } else
2220 vty_out(vty, "Malformed address: %s\n",
2221 argv[idx_ipv4]->arg);
2222 return CMD_WARNING;
2223 }
2224
2225 peer = peer_lookup(NULL, &su);
2226 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2227 if (uj) {
2228 json_object *json_no = NULL;
2229 json_no = json_object_new_object();
2230 json_object_string_add(
2231 json_no, "warning",
2232 "No such neighbor or address family");
2233 vty_out(vty, "%s\n",
2234 json_object_to_json_string(json_no));
2235 json_object_free(json_no);
2236 } else
2237 vty_out(vty,
2238 "%% No such neighbor or address family\n");
2239 return CMD_WARNING;
2240 }
2241
2242 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
2243 &su, 0, uj);
2244 }
2245 return CMD_SUCCESS;
2246 }
2247
2248 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
2249 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
2250 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D routes [json]",
2251 SHOW_STR
2252 IP_STR
2253 BGP_STR
2254 BGP_VPNVX_HELP_STR
2255 "Display information for a route distinguisher\n"
2256 "VPN Route Distinguisher\n"
2257 "Detailed information on TCP and BGP neighbor connections\n"
2258 "Neighbor to display information about\n"
2259 "Display routes learned from neighbor\n"
2260 JSON_STR)
2261 {
2262 int idx_ext_community = 5;
2263 int idx_ipv4 = 7;
2264 int ret;
2265 union sockunion su;
2266 struct peer *peer;
2267 struct prefix_rd prd;
2268 bool uj = use_json(argc, argv);
2269 afi_t afi;
2270 int idx = 0;
2271
2272 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2273 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2274 if (!ret) {
2275 if (uj) {
2276 json_object *json_no = NULL;
2277 json_no = json_object_new_object();
2278 json_object_string_add(
2279 json_no, "warning",
2280 "Malformed Route Distinguisher");
2281 vty_out(vty, "%s\n",
2282 json_object_to_json_string(json_no));
2283 json_object_free(json_no);
2284 } else
2285 vty_out(vty,
2286 "%% Malformed Route Distinguisher\n");
2287 return CMD_WARNING;
2288 }
2289
2290 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2291 if (ret < 0) {
2292 if (uj) {
2293 json_object *json_no = NULL;
2294 json_no = json_object_new_object();
2295 json_object_string_add(json_no, "warning",
2296 "Malformed address");
2297 vty_out(vty, "%s\n",
2298 json_object_to_json_string(json_no));
2299 json_object_free(json_no);
2300 } else
2301 vty_out(vty, "Malformed address: %s\n",
2302 argv[idx_ext_community]->arg);
2303 return CMD_WARNING;
2304 }
2305
2306 peer = peer_lookup(NULL, &su);
2307 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2308 if (uj) {
2309 json_object *json_no = NULL;
2310 json_no = json_object_new_object();
2311 json_object_string_add(
2312 json_no, "warning",
2313 "No such neighbor or address family");
2314 vty_out(vty, "%s\n",
2315 json_object_to_json_string(json_no));
2316 json_object_free(json_no);
2317 } else
2318 vty_out(vty,
2319 "%% No such neighbor or address family\n");
2320 return CMD_WARNING;
2321 }
2322
2323 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_neighbor,
2324 &su, 0, uj);
2325 }
2326 return CMD_SUCCESS;
2327 }
2328
2329 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
2330 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
2331 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
2332 SHOW_STR
2333 IP_STR
2334 BGP_STR
2335 BGP_VPNVX_HELP_STR
2336 "Display information about all VPNv4/VPNv6 NLRIs\n"
2337 "Detailed information on TCP and BGP neighbor connections\n"
2338 "Neighbor to display information about\n"
2339 "Display the routes advertised to a BGP neighbor\n"
2340 JSON_STR)
2341 {
2342 int idx_ipv4 = 6;
2343 int ret;
2344 struct peer *peer;
2345 union sockunion su;
2346 bool uj = use_json(argc, argv);
2347 afi_t afi;
2348 int idx = 0;
2349
2350 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2351 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2352 if (ret < 0) {
2353 if (uj) {
2354 json_object *json_no = NULL;
2355 json_no = json_object_new_object();
2356 json_object_string_add(json_no, "warning",
2357 "Malformed address");
2358 vty_out(vty, "%s\n",
2359 json_object_to_json_string(json_no));
2360 json_object_free(json_no);
2361 } else
2362 vty_out(vty, "Malformed address: %s\n",
2363 argv[idx_ipv4]->arg);
2364 return CMD_WARNING;
2365 }
2366 peer = peer_lookup(NULL, &su);
2367 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2368 if (uj) {
2369 json_object *json_no = NULL;
2370 json_no = json_object_new_object();
2371 json_object_string_add(
2372 json_no, "warning",
2373 "No such neighbor or address family");
2374 vty_out(vty, "%s\n",
2375 json_object_to_json_string(json_no));
2376 json_object_free(json_no);
2377 } else
2378 vty_out(vty,
2379 "%% No such neighbor or address family\n");
2380 return CMD_WARNING;
2381 }
2382 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2383 SAFI_MPLS_VPN, uj);
2384 }
2385 return CMD_SUCCESS;
2386 }
2387
2388 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
2389 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
2390 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D advertised-routes [json]",
2391 SHOW_STR
2392 IP_STR
2393 BGP_STR
2394 BGP_VPNVX_HELP_STR
2395 "Display information for a route distinguisher\n"
2396 "VPN Route Distinguisher\n"
2397 "Detailed information on TCP and BGP neighbor connections\n"
2398 "Neighbor to display information about\n"
2399 "Display the routes advertised to a BGP neighbor\n"
2400 JSON_STR)
2401 {
2402 int idx_ext_community = 5;
2403 int idx_ipv4 = 7;
2404 int ret;
2405 struct peer *peer;
2406 struct prefix_rd prd;
2407 union sockunion su;
2408 bool uj = use_json(argc, argv);
2409 afi_t afi;
2410 int idx = 0;
2411
2412 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2413 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2414 if (ret < 0) {
2415 if (uj) {
2416 json_object *json_no = NULL;
2417 json_no = json_object_new_object();
2418 json_object_string_add(json_no, "warning",
2419 "Malformed address");
2420 vty_out(vty, "%s\n",
2421 json_object_to_json_string(json_no));
2422 json_object_free(json_no);
2423 } else
2424 vty_out(vty, "Malformed address: %s\n",
2425 argv[idx_ext_community]->arg);
2426 return CMD_WARNING;
2427 }
2428 peer = peer_lookup(NULL, &su);
2429 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2430 if (uj) {
2431 json_object *json_no = NULL;
2432 json_no = json_object_new_object();
2433 json_object_string_add(
2434 json_no, "warning",
2435 "No such neighbor or address family");
2436 vty_out(vty, "%s\n",
2437 json_object_to_json_string(json_no));
2438 json_object_free(json_no);
2439 } else
2440 vty_out(vty,
2441 "%% No such neighbor or address family\n");
2442 return CMD_WARNING;
2443 }
2444
2445 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2446 if (!ret) {
2447 if (uj) {
2448 json_object *json_no = NULL;
2449 json_no = json_object_new_object();
2450 json_object_string_add(
2451 json_no, "warning",
2452 "Malformed Route Distinguisher");
2453 vty_out(vty, "%s\n",
2454 json_object_to_json_string(json_no));
2455 json_object_free(json_no);
2456 } else
2457 vty_out(vty,
2458 "%% Malformed Route Distinguisher\n");
2459 return CMD_WARNING;
2460 }
2461
2462 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
2463 SAFI_MPLS_VPN, uj);
2464 }
2465 return CMD_SUCCESS;
2466 }
2467 #endif /* KEEP_OLD_VPN_COMMANDS */
2468
2469 void bgp_mplsvpn_init(void)
2470 {
2471 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
2472 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
2473 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
2474
2475 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
2476 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
2477
2478 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
2479 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
2480 #ifdef KEEP_OLD_VPN_COMMANDS
2481 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
2482 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
2483 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
2484 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
2485 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
2486 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
2487 install_element(VIEW_NODE,
2488 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
2489 install_element(VIEW_NODE,
2490 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
2491 #endif /* KEEP_OLD_VPN_COMMANDS */
2492 }
2493
2494 vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
2495 {
2496 struct listnode *mnode, *mnnode;
2497 struct bgp *bgp;
2498 afi_t afi = AFI_IP;
2499
2500 if (eckey->unit_size == IPV6_ECOMMUNITY_SIZE)
2501 afi = AFI_IP6;
2502
2503 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2504 struct ecommunity *ec;
2505
2506 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2507 continue;
2508
2509 ec = bgp->vpn_policy[afi].import_redirect_rtlist;
2510
2511 if (ec && eckey->unit_size != ec->unit_size)
2512 continue;
2513
2514 if (ecom_intersect(ec, eckey))
2515 return bgp->vrf_id;
2516 }
2517 return VRF_UNKNOWN;
2518 }
2519
2520 /*
2521 * The purpose of this function is to process leaks that were deferred
2522 * from earlier per-vrf configuration due to not-yet-existing default
2523 * vrf, in other words, configuration such as:
2524 *
2525 * router bgp MMM vrf FOO
2526 * address-family ipv4 unicast
2527 * rd vpn export 1:1
2528 * exit-address-family
2529 *
2530 * router bgp NNN
2531 * ...
2532 *
2533 * This function gets called when the default instance ("router bgp NNN")
2534 * is created.
2535 */
2536 void vpn_leak_postchange_all(void)
2537 {
2538 struct listnode *next;
2539 struct bgp *bgp;
2540 struct bgp *bgp_default = bgp_get_default();
2541
2542 assert(bgp_default);
2543
2544 /* First, do any exporting from VRFs to the single VPN RIB */
2545 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2546
2547 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2548 continue;
2549
2550 vpn_leak_postchange(
2551 BGP_VPN_POLICY_DIR_TOVPN,
2552 AFI_IP,
2553 bgp_default,
2554 bgp);
2555
2556 vpn_leak_postchange(
2557 BGP_VPN_POLICY_DIR_TOVPN,
2558 AFI_IP6,
2559 bgp_default,
2560 bgp);
2561 }
2562
2563 /* Now, do any importing to VRFs from the single VPN RIB */
2564 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2565
2566 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2567 continue;
2568
2569 vpn_leak_postchange(
2570 BGP_VPN_POLICY_DIR_FROMVPN,
2571 AFI_IP,
2572 bgp_default,
2573 bgp);
2574
2575 vpn_leak_postchange(
2576 BGP_VPN_POLICY_DIR_FROMVPN,
2577 AFI_IP6,
2578 bgp_default,
2579 bgp);
2580 }
2581 }
2582
2583 /* When a bgp vrf instance is unconfigured, remove its routes
2584 * from the VPN table and this vrf could be importing routes from other
2585 * bgp vrf instnaces, unimport them.
2586 * VRF X and VRF Y are exporting routes to each other.
2587 * When VRF X is deleted, unimport its routes from all target vrfs,
2588 * also VRF Y should unimport its routes from VRF X table.
2589 * This will ensure VPN table is cleaned up appropriately.
2590 */
2591 void bgp_vpn_leak_unimport(struct bgp *from_bgp)
2592 {
2593 struct bgp *to_bgp;
2594 const char *tmp_name;
2595 char *vname;
2596 struct listnode *node, *next;
2597 safi_t safi = SAFI_UNICAST;
2598 afi_t afi;
2599 bool is_vrf_leak_bind;
2600 int debug;
2601
2602 if (from_bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2603 return;
2604
2605 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2606 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2607
2608 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
2609
2610 for (afi = 0; afi < AFI_MAX; ++afi) {
2611 /* vrf leak is for IPv4 and IPv6 Unicast only */
2612 if (afi != AFI_IP && afi != AFI_IP6)
2613 continue;
2614
2615 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
2616 if (from_bgp == to_bgp)
2617 continue;
2618
2619 /* Unimport and remove source vrf from the
2620 * other vrfs import list.
2621 */
2622 struct vpn_policy *to_vpolicy;
2623
2624 is_vrf_leak_bind = false;
2625 to_vpolicy = &(to_bgp->vpn_policy[afi]);
2626 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf, node,
2627 vname)) {
2628 if (strcmp(vname, tmp_name) == 0) {
2629 is_vrf_leak_bind = true;
2630 break;
2631 }
2632 }
2633 /* skip this bgp instance as there is no leak to this
2634 * vrf instance.
2635 */
2636 if (!is_vrf_leak_bind)
2637 continue;
2638
2639 if (debug)
2640 zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u",
2641 __func__, from_bgp->name_pretty,
2642 to_bgp->name_pretty, afi2str(afi),
2643 to_vpolicy->import_vrf->count);
2644
2645 vrf_unimport_from_vrf(to_bgp, from_bgp, afi, safi);
2646
2647 /* readd vrf name as unimport removes import vrf name
2648 * from the destination vrf's import list where the
2649 * `import vrf` configuration still exist.
2650 */
2651 vname = XSTRDUP(MTYPE_TMP, tmp_name);
2652 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
2653 vname);
2654 SET_FLAG(to_bgp->af_flags[afi][safi],
2655 BGP_CONFIG_VRF_TO_VRF_IMPORT);
2656
2657 /* If to_bgp exports its routes to the bgp vrf
2658 * which is being deleted, un-import the
2659 * to_bgp routes from VPN.
2660 */
2661 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi]
2662 .export_vrf, node,
2663 vname)) {
2664 if (strcmp(vname, tmp_name) == 0) {
2665 vrf_unimport_from_vrf(from_bgp, to_bgp,
2666 afi, safi);
2667 break;
2668 }
2669 }
2670 }
2671 }
2672 return;
2673 }
2674
2675 /* When a router bgp is configured, there could be a bgp vrf
2676 * instance importing routes from this newly configured
2677 * bgp vrf instance. Export routes from configured
2678 * bgp vrf to VPN.
2679 * VRF Y has import from bgp vrf x,
2680 * when a bgp vrf x instance is created, export its routes
2681 * to VRF Y instance.
2682 */
2683 void bgp_vpn_leak_export(struct bgp *from_bgp)
2684 {
2685 afi_t afi;
2686 const char *export_name;
2687 char *vname;
2688 struct listnode *node, *next;
2689 struct ecommunity *ecom;
2690 vpn_policy_direction_t idir, edir;
2691 safi_t safi = SAFI_UNICAST;
2692 struct bgp *to_bgp;
2693 int debug;
2694
2695 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2696 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2697
2698 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2699 edir = BGP_VPN_POLICY_DIR_TOVPN;
2700
2701 export_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
2702
2703 for (afi = 0; afi < AFI_MAX; ++afi) {
2704 /* vrf leak is for IPv4 and IPv6 Unicast only */
2705 if (afi != AFI_IP && afi != AFI_IP6)
2706 continue;
2707
2708 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
2709 if (from_bgp == to_bgp)
2710 continue;
2711
2712 /* bgp instance has import list, check to see if newly
2713 * configured bgp instance is the list.
2714 */
2715 struct vpn_policy *to_vpolicy;
2716
2717 to_vpolicy = &(to_bgp->vpn_policy[afi]);
2718 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf,
2719 node, vname)) {
2720 if (strcmp(vname, export_name) != 0)
2721 continue;
2722
2723 if (debug)
2724 zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.",
2725 __func__,
2726 export_name, to_bgp->name_pretty);
2727
2728 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2729 /* remove import rt, it will be readded
2730 * as part of import from vrf.
2731 */
2732 if (ecom)
2733 ecommunity_del_val(
2734 to_vpolicy->rtlist[idir],
2735 (struct ecommunity_val *)
2736 ecom->val);
2737 vrf_import_from_vrf(to_bgp, from_bgp,
2738 afi, safi);
2739 break;
2740
2741 }
2742 }
2743 }
2744 }
FRRouting mirror