]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2641 from donaldsharp/pim_igmp_dr
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
1 /* MPLS-VPN
2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "command.h"
24 #include "prefix.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "stream.h"
28 #include "queue.h"
29 #include "filter.h"
30 #include "mpls.h"
31 #include "json.h"
32 #include "zclient.h"
33
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_table.h"
37 #include "bgpd/bgp_route.h"
38 #include "bgpd/bgp_attr.h"
39 #include "bgpd/bgp_label.h"
40 #include "bgpd/bgp_mplsvpn.h"
41 #include "bgpd/bgp_packet.h"
42 #include "bgpd/bgp_vty.h"
43 #include "bgpd/bgp_vpn.h"
44 #include "bgpd/bgp_ecommunity.h"
45 #include "bgpd/bgp_zebra.h"
46 #include "bgpd/bgp_nexthop.h"
47 #include "bgpd/bgp_nht.h"
48
49 #if ENABLE_BGP_VNC
50 #include "bgpd/rfapi/rfapi_backend.h"
51 #endif
52
53 /*
54 * Definitions and external declarations.
55 */
56 extern struct zclient *zclient;
57
58 extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
59 int *index, afi_t *afi)
60 {
61 int ret = 0;
62 if (argv_find(argv, argc, "vpnv4", index)) {
63 ret = 1;
64 if (afi)
65 *afi = AFI_IP;
66 } else if (argv_find(argv, argc, "vpnv6", index)) {
67 ret = 1;
68 if (afi)
69 *afi = AFI_IP6;
70 }
71 return ret;
72 }
73
74 uint32_t decode_label(mpls_label_t *label_pnt)
75 {
76 uint32_t l;
77 uint8_t *pnt = (uint8_t *)label_pnt;
78
79 l = ((uint32_t)*pnt++ << 12);
80 l |= (uint32_t)*pnt++ << 4;
81 l |= (uint32_t)((*pnt & 0xf0) >> 4);
82 return l;
83 }
84
85 void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
86 {
87 uint8_t *pnt = (uint8_t *)label_pnt;
88 if (pnt == NULL)
89 return;
90 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
91 *label_pnt = label;
92 return;
93 }
94 *pnt++ = (label >> 12) & 0xff;
95 *pnt++ = (label >> 4) & 0xff;
96 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
97 }
98
99 int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
100 struct bgp_nlri *packet)
101 {
102 uint8_t *pnt;
103 uint8_t *lim;
104 struct prefix p;
105 int psize = 0;
106 int prefixlen;
107 uint16_t type;
108 struct rd_as rd_as;
109 struct rd_ip rd_ip;
110 struct prefix_rd prd;
111 mpls_label_t label = {0};
112 afi_t afi;
113 safi_t safi;
114 int addpath_encoded;
115 uint32_t addpath_id;
116
117 /* Make prefix_rd */
118 prd.family = AF_UNSPEC;
119 prd.prefixlen = 64;
120
121 pnt = packet->nlri;
122 lim = pnt + packet->length;
123 afi = packet->afi;
124 safi = packet->safi;
125 addpath_id = 0;
126
127 addpath_encoded =
128 (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ADDPATH_AF_RX_ADV)
129 && CHECK_FLAG(peer->af_cap[afi][safi],
130 PEER_CAP_ADDPATH_AF_TX_RCV));
131
132 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
133 for (; pnt < lim; pnt += psize) {
134 /* Clear prefix structure. */
135 memset(&p, 0, sizeof(struct prefix));
136
137 if (addpath_encoded) {
138
139 /* When packet overflow occurs return immediately. */
140 if (pnt + BGP_ADDPATH_ID_LEN > lim)
141 return -1;
142
143 addpath_id = ntohl(*((uint32_t *)pnt));
144 pnt += BGP_ADDPATH_ID_LEN;
145 }
146
147 /* Fetch prefix length. */
148 prefixlen = *pnt++;
149 p.family = afi2family(packet->afi);
150 psize = PSIZE(prefixlen);
151
152 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
153 zlog_err(
154 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
155 peer->host, prefixlen);
156 return -1;
157 }
158
159 /* sanity check against packet data */
160 if ((pnt + psize) > lim) {
161 zlog_err(
162 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
163 peer->host, prefixlen, (uint)(lim - pnt));
164 return -1;
165 }
166
167 /* sanity check against storage for the IP address portion */
168 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
169 zlog_err(
170 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
171 peer->host,
172 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
173 sizeof(p.u));
174 return -1;
175 }
176
177 /* Sanity check against max bitlen of the address family */
178 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
179 zlog_err(
180 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
181 peer->host,
182 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
183 p.family, prefix_blen(&p));
184 return -1;
185 }
186
187 /* Copy label to prefix. */
188 memcpy(&label, pnt, BGP_LABEL_BYTES);
189 bgp_set_valid_label(&label);
190
191 /* Copy routing distinguisher to rd. */
192 memcpy(&prd.val, pnt + BGP_LABEL_BYTES, 8);
193
194 /* Decode RD type. */
195 type = decode_rd_type(pnt + BGP_LABEL_BYTES);
196
197 switch (type) {
198 case RD_TYPE_AS:
199 decode_rd_as(pnt + 5, &rd_as);
200 break;
201
202 case RD_TYPE_AS4:
203 decode_rd_as4(pnt + 5, &rd_as);
204 break;
205
206 case RD_TYPE_IP:
207 decode_rd_ip(pnt + 5, &rd_ip);
208 break;
209
210 #if ENABLE_BGP_VNC
211 case RD_TYPE_VNC_ETH:
212 break;
213 #endif
214
215 default:
216 zlog_err("Unknown RD type %d", type);
217 break; /* just report */
218 }
219
220 p.prefixlen =
221 prefixlen
222 - VPN_PREFIXLEN_MIN_BYTES * 8; /* exclude label & RD */
223 memcpy(p.u.val, pnt + VPN_PREFIXLEN_MIN_BYTES,
224 psize - VPN_PREFIXLEN_MIN_BYTES);
225
226 if (attr) {
227 bgp_update(peer, &p, addpath_id, attr, packet->afi,
228 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
229 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
230 } else {
231 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
232 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
233 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
234 }
235 }
236 /* Packet length consistency check. */
237 if (pnt != lim) {
238 zlog_err(
239 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
240 peer->host, lim - pnt);
241 return -1;
242 }
243
244 return 0;
245 #undef VPN_PREFIXLEN_MIN_BYTES
246 }
247
248 /*
249 * This function informs zebra of the label this vrf sets on routes
250 * leaked to VPN. Zebra should install this label in the kernel with
251 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
252 *
253 * Sending this vrf-label association is qualified by a) whether vrf->vpn
254 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
255 * are set) and b) whether vpn-policy label is set.
256 *
257 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
258 * for this vrf, which zebra interprets to mean "delete this vrf-label
259 * association."
260 */
261 void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
262 {
263 mpls_label_t label = MPLS_LABEL_NONE;
264 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
265
266 if (bgp->vrf_id == VRF_UNKNOWN) {
267 if (debug) {
268 zlog_debug(
269 "%s: vrf %s: afi %s: vrf_id not set, "
270 "can't set zebra vrf label",
271 __func__, bgp->name_pretty, afi2str(afi));
272 }
273 return;
274 }
275
276 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
277 label = bgp->vpn_policy[afi].tovpn_label;
278 }
279
280 if (debug) {
281 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
282 __func__, bgp->name_pretty, afi2str(afi), label,
283 bgp->vrf_id);
284 }
285
286 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
287 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
288 }
289
290 /*
291 * If zebra tells us vrf has become unconfigured, tell zebra not to
292 * use this label to forward to the vrf anymore
293 */
294 void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
295 {
296 mpls_label_t label = MPLS_LABEL_NONE;
297 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
298
299 if (bgp->vrf_id == VRF_UNKNOWN) {
300 if (debug) {
301 zlog_debug(
302 "%s: vrf_id not set, can't delete zebra vrf label",
303 __func__);
304 }
305 return;
306 }
307
308 if (debug) {
309 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
310 bgp->name_pretty, bgp->vrf_id);
311 }
312
313 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
314 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
315 }
316
317 int vpn_leak_label_callback(
318 mpls_label_t label,
319 void *labelid,
320 bool allocated)
321 {
322 struct vpn_policy *vp = (struct vpn_policy *)labelid;
323 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
324
325 if (debug)
326 zlog_debug("%s: label=%u, allocated=%d",
327 __func__, label, allocated);
328
329 if (!allocated) {
330 /*
331 * previously-allocated label is now invalid
332 */
333 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
334 (vp->tovpn_label != MPLS_LABEL_NONE)) {
335
336 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
337 vp->afi, bgp_get_default(), vp->bgp);
338 vp->tovpn_label = MPLS_LABEL_NONE;
339 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
340 vp->afi, bgp_get_default(), vp->bgp);
341 }
342 return 0;
343 }
344
345 /*
346 * New label allocation
347 */
348 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
349
350 /*
351 * not currently configured for auto label, reject allocation
352 */
353 return -1;
354 }
355
356 if (vp->tovpn_label != MPLS_LABEL_NONE) {
357 if (label == vp->tovpn_label) {
358 /* already have same label, accept but do nothing */
359 return 0;
360 }
361 /* Shouldn't happen: different label allocation */
362 zlog_err("%s: %s had label %u but got new assignment %u",
363 __func__, vp->bgp->name_pretty, vp->tovpn_label, label);
364 /* use new one */
365 }
366
367 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
368 vp->afi, bgp_get_default(), vp->bgp);
369 vp->tovpn_label = label;
370 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
371 vp->afi, bgp_get_default(), vp->bgp);
372
373 return 0;
374 }
375
376 static int ecom_intersect(struct ecommunity *e1, struct ecommunity *e2)
377 {
378 int i;
379 int j;
380
381 if (!e1 || !e2)
382 return 0;
383
384 for (i = 0; i < e1->size; ++i) {
385 for (j = 0; j < e2->size; ++j) {
386 if (!memcmp(e1->val + (i * ECOMMUNITY_SIZE),
387 e2->val + (j * ECOMMUNITY_SIZE),
388 ECOMMUNITY_SIZE)) {
389
390 return 1;
391 }
392 }
393 }
394 return 0;
395 }
396
397 static bool labels_same(struct bgp_info *bi, mpls_label_t *label, uint32_t n)
398 {
399 uint32_t i;
400
401 if (!bi->extra) {
402 if (!n)
403 return true;
404 else
405 return false;
406 }
407
408 if (n != bi->extra->num_labels)
409 return false;
410
411 for (i = 0; i < n; ++i) {
412 if (label[i] != bi->extra->label[i])
413 return false;
414 }
415 return true;
416 }
417
418 /*
419 * make encoded route labels match specified encoded label set
420 */
421 static void setlabels(
422 struct bgp_info *bi,
423 mpls_label_t *label, /* array of labels */
424 uint32_t num_labels)
425 {
426 if (num_labels)
427 assert(label);
428 assert(num_labels <= BGP_MAX_LABELS);
429
430 if (!num_labels) {
431 if (bi->extra)
432 bi->extra->num_labels = 0;
433 return;
434 }
435
436 struct bgp_info_extra *extra = bgp_info_extra_get(bi);
437 uint32_t i;
438
439 for (i = 0; i < num_labels; ++i) {
440 extra->label[i] = label[i];
441 if (!bgp_is_valid_label(&label[i])) {
442 bgp_set_valid_label(&extra->label[i]);
443 }
444 }
445 extra->num_labels = num_labels;
446 }
447
448 /*
449 * returns pointer to new bgp_info upon success
450 */
451 static struct bgp_info *
452 leak_update(
453 struct bgp *bgp, /* destination bgp instance */
454 struct bgp_node *bn,
455 struct attr *new_attr, /* already interned */
456 afi_t afi,
457 safi_t safi,
458 struct bgp_info *source_bi,
459 mpls_label_t *label,
460 uint32_t num_labels,
461 void *parent,
462 struct bgp *bgp_orig,
463 struct prefix *nexthop_orig,
464 int nexthop_self_flag,
465 int debug)
466 {
467 struct prefix *p = &bn->p;
468 struct bgp_info *bi;
469 struct bgp_info *bi_ultimate;
470 struct bgp_info *new;
471 char buf_prefix[PREFIX_STRLEN];
472
473 if (debug) {
474 prefix2str(&bn->p, buf_prefix, sizeof(buf_prefix));
475 zlog_debug("%s: entry: leak-to=%s, p=%s, type=%d, sub_type=%d",
476 __func__, bgp->name_pretty, buf_prefix,
477 source_bi->type, source_bi->sub_type);
478 }
479
480 /*
481 * Routes that are redistributed into BGP from zebra do not get
482 * nexthop tracking. However, if those routes are subsequently
483 * imported to other RIBs within BGP, the leaked routes do not
484 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
485 * in order to determine if the route we are currently leaking
486 * should have nexthop tracking, we must find the ultimate
487 * parent so we can check its sub_type.
488 *
489 * As of now, source_bi may at most be a second-generation route
490 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
491 * Using a loop here supports more complex intra-bgp import-export
492 * schemes that could be implemented in the future.
493 *
494 */
495 for (bi_ultimate = source_bi;
496 bi_ultimate->extra && bi_ultimate->extra->parent;
497 bi_ultimate = bi_ultimate->extra->parent)
498 ;
499
500 /*
501 * match parent
502 */
503 for (bi = bn->info; bi; bi = bi->next) {
504 if (bi->extra && bi->extra->parent == parent)
505 break;
506 }
507
508 if (bi) {
509 bool labelssame = labels_same(bi, label, num_labels);
510
511 if (attrhash_cmp(bi->attr, new_attr)
512 && labelssame
513 && !CHECK_FLAG(bi->flags, BGP_INFO_REMOVED)) {
514
515 bgp_attr_unintern(&new_attr);
516 if (debug)
517 zlog_debug(
518 "%s: ->%s: %s: Found route, no change",
519 __func__, bgp->name_pretty,
520 buf_prefix);
521 return NULL;
522 }
523
524 /* attr is changed */
525 bgp_info_set_flag(bn, bi, BGP_INFO_ATTR_CHANGED);
526
527 /* Rewrite BGP route information. */
528 if (CHECK_FLAG(bi->flags, BGP_INFO_REMOVED))
529 bgp_info_restore(bn, bi);
530 else
531 bgp_aggregate_decrement(bgp, p, bi, afi, safi);
532 bgp_attr_unintern(&bi->attr);
533 bi->attr = new_attr;
534 bi->uptime = bgp_clock();
535
536 /*
537 * rewrite labels
538 */
539 if (!labelssame)
540 setlabels(bi, label, num_labels);
541
542 if (nexthop_self_flag)
543 bgp_info_set_flag(bn, bi, BGP_INFO_ANNC_NH_SELF);
544
545 struct bgp *bgp_nexthop = bgp;
546 int nh_valid;
547
548 if (bi->extra && bi->extra->bgp_orig)
549 bgp_nexthop = bi->extra->bgp_orig;
550
551 /* No nexthop tracking for redistributed routes */
552 if (bi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE)
553 nh_valid = 1;
554 else
555 /*
556 * TBD do we need to do anything about the
557 * 'connected' parameter?
558 */
559 nh_valid = bgp_find_or_add_nexthop(
560 bgp, bgp_nexthop,
561 afi, bi, NULL, 0);
562
563 if (debug)
564 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
565 __func__, (nh_valid ? "" : "not "),
566 bgp_nexthop->name_pretty);
567
568 if (nh_valid)
569 bgp_info_set_flag(bn, bi, BGP_INFO_VALID);
570
571 /* Process change. */
572 bgp_aggregate_increment(bgp, p, bi, afi, safi);
573 bgp_process(bgp, bn, afi, safi);
574 bgp_unlock_node(bn);
575
576 if (debug)
577 zlog_debug("%s: ->%s: %s Found route, changed attr",
578 __func__, bgp->name_pretty, buf_prefix);
579
580 return NULL;
581 }
582
583 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
584 bgp->peer_self, new_attr, bn);
585
586 if (nexthop_self_flag)
587 bgp_info_set_flag(bn, new, BGP_INFO_ANNC_NH_SELF);
588
589 bgp_info_extra_get(new);
590
591 if (num_labels)
592 setlabels(new, label, num_labels);
593
594 new->extra->parent = bgp_info_lock(parent);
595 bgp_lock_node((struct bgp_node *)((struct bgp_info *)parent)->net);
596 if (bgp_orig)
597 new->extra->bgp_orig = bgp_lock(bgp_orig);
598 if (nexthop_orig)
599 new->extra->nexthop_orig = *nexthop_orig;
600
601 /*
602 * nexthop tracking for unicast routes
603 */
604 struct bgp *bgp_nexthop = bgp;
605 int nh_valid;
606
607 if (new->extra->bgp_orig)
608 bgp_nexthop = new->extra->bgp_orig;
609
610 /*
611 * No nexthop tracking for redistributed routes because
612 * their originating protocols will do the tracking and
613 * withdraw those routes if the nexthops become unreachable
614 */
615 if (bi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE)
616 nh_valid = 1;
617 else
618 /*
619 * TBD do we need to do anything about the
620 * 'connected' parameter?
621 */
622 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop,
623 afi, new, NULL, 0);
624
625 if (debug)
626 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
627 __func__, (nh_valid ? "" : "not "),
628 bgp_nexthop->name_pretty);
629 if (nh_valid)
630 bgp_info_set_flag(bn, new, BGP_INFO_VALID);
631
632 bgp_aggregate_increment(bgp, p, new, afi, safi);
633 bgp_info_add(bn, new);
634
635 bgp_unlock_node(bn);
636 bgp_process(bgp, bn, afi, safi);
637
638 if (debug)
639 zlog_debug("%s: ->%s: %s: Added new route", __func__,
640 bgp->name_pretty, buf_prefix);
641
642 return new;
643 }
644
645 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
646 void vpn_leak_from_vrf_update(struct bgp *bgp_vpn, /* to */
647 struct bgp *bgp_vrf, /* from */
648 struct bgp_info *info_vrf) /* route */
649 {
650 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
651 struct prefix *p = &info_vrf->net->p;
652 afi_t afi = family2afi(p->family);
653 struct attr static_attr = {0};
654 struct attr *new_attr = NULL;
655 safi_t safi = SAFI_MPLS_VPN;
656 mpls_label_t label_val;
657 mpls_label_t label;
658 struct bgp_node *bn;
659 const char *debugmsg;
660 int nexthop_self_flag = 0;
661
662 if (debug)
663 zlog_debug("%s: from vrf %s", __func__, bgp_vrf->name_pretty);
664
665 if (debug && info_vrf->attr->ecommunity) {
666 char *s = ecommunity_ecom2str(info_vrf->attr->ecommunity,
667 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
668
669 zlog_debug("%s: %s info_vrf->type=%d, EC{%s}", __func__,
670 bgp_vrf->name, info_vrf->type, s);
671 XFREE(MTYPE_ECOMMUNITY_STR, s);
672 }
673
674 if (!bgp_vpn)
675 return;
676
677 if (!afi) {
678 if (debug)
679 zlog_debug("%s: can't get afi of prefix", __func__);
680 return;
681 }
682
683 /* loop check - should not be an imported route. */
684 if (info_vrf->extra && info_vrf->extra->bgp_orig)
685 return;
686
687
688 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
689 if (debug)
690 zlog_debug("%s: %s skipping: %s", __func__,
691 bgp_vrf->name, debugmsg);
692 return;
693 }
694
695 bgp_attr_dup(&static_attr, info_vrf->attr); /* shallow copy */
696
697 /*
698 * route map handling
699 */
700 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
701 struct bgp_info info;
702 route_map_result_t ret;
703
704 memset(&info, 0, sizeof(info));
705 info.peer = bgp_vpn->peer_self;
706 info.attr = &static_attr;
707 ret = route_map_apply(
708 bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN],
709 p, RMAP_BGP, &info);
710 if (RMAP_DENYMATCH == ret) {
711 bgp_attr_flush(&static_attr); /* free any added parts */
712 if (debug)
713 zlog_debug(
714 "%s: vrf %s route map \"%s\" says DENY, returning",
715 __func__, bgp_vrf->name_pretty,
716 bgp_vrf->vpn_policy[afi]
717 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
718 ->name);
719 return;
720 }
721 }
722
723 if (debug && static_attr.ecommunity) {
724 char *s = ecommunity_ecom2str(static_attr.ecommunity,
725 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
726
727 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
728 __func__, s);
729 XFREE(MTYPE_ECOMMUNITY_STR, s);
730 }
731
732 /*
733 * Add the vpn-policy rt-list
734 */
735 struct ecommunity *old_ecom;
736 struct ecommunity *new_ecom;
737
738 old_ecom = static_attr.ecommunity;
739 if (old_ecom) {
740 new_ecom = ecommunity_merge(
741 ecommunity_dup(old_ecom),
742 bgp_vrf->vpn_policy[afi]
743 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
744 if (!old_ecom->refcnt)
745 ecommunity_free(&old_ecom);
746 } else {
747 new_ecom = ecommunity_dup(
748 bgp_vrf->vpn_policy[afi]
749 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
750 }
751 static_attr.ecommunity = new_ecom;
752 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
753
754 if (debug && static_attr.ecommunity) {
755 char *s = ecommunity_ecom2str(static_attr.ecommunity,
756 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
757
758 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
759 __func__, s);
760 XFREE(MTYPE_ECOMMUNITY_STR, s);
761 }
762
763 /* Nexthop */
764 /* if policy nexthop not set, use 0 */
765 if (CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
766 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
767 struct prefix *nexthop =
768 &bgp_vrf->vpn_policy[afi].tovpn_nexthop;
769
770 switch (nexthop->family) {
771 case AF_INET:
772 /* prevent mp_nexthop_global_in <- self in bgp_route.c
773 */
774 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
775
776 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
777 static_attr.mp_nexthop_len = 4;
778 break;
779
780 case AF_INET6:
781 static_attr.mp_nexthop_global = nexthop->u.prefix6;
782 static_attr.mp_nexthop_len = 16;
783 break;
784
785 default:
786 assert(0);
787 }
788 } else {
789 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST],
790 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
791 if (afi == AFI_IP) {
792 /*
793 * For ipv4, copy to multiprotocol
794 * nexthop field
795 */
796 static_attr.mp_nexthop_global_in =
797 static_attr.nexthop;
798 static_attr.mp_nexthop_len = 4;
799 /*
800 * XXX Leave static_attr.nexthop
801 * intact for NHT
802 */
803 static_attr.flag &=
804 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
805 }
806 } else {
807 /* Update based on next-hop family to account for
808 * RFC 5549 (BGP unnumbered) scenario. Note that
809 * specific action is only needed for the case of
810 * IPv4 nexthops as the attr has been copied
811 * otherwise.
812 */
813 if (afi == AFI_IP &&
814 !BGP_ATTR_NEXTHOP_AFI_IP6(info_vrf->attr)) {
815 static_attr.mp_nexthop_global_in.s_addr =
816 static_attr.nexthop.s_addr;
817 static_attr.mp_nexthop_len = 4;
818 static_attr.flag |=
819 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
820 }
821 }
822 nexthop_self_flag = 1;
823 }
824
825 label_val = bgp_vrf->vpn_policy[afi].tovpn_label;
826 if (label_val == MPLS_LABEL_NONE) {
827 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
828 } else {
829 encode_label(label_val, &label);
830 }
831
832 /* Set originator ID to "me" */
833 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
834 static_attr.originator_id = bgp_vpn->router_id;
835
836
837 new_attr = bgp_attr_intern(
838 &static_attr); /* hashed refcounted everything */
839 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
840
841 if (debug && new_attr->ecommunity) {
842 char *s = ecommunity_ecom2str(new_attr->ecommunity,
843 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
844
845 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
846 XFREE(MTYPE_ECOMMUNITY_STR, s);
847 }
848
849 /* Now new_attr is an allocated interned attr */
850
851 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
852 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
853
854 struct bgp_info *new_info;
855
856 new_info = leak_update(bgp_vpn, bn, new_attr, afi, safi, info_vrf,
857 &label, 1, info_vrf, bgp_vrf, NULL,
858 nexthop_self_flag, debug);
859
860 /*
861 * Routes actually installed in the vpn RIB must also be
862 * offered to all vrfs (because now they originate from
863 * the vpn RIB).
864 *
865 * Acceptance into other vrfs depends on rt-lists.
866 * Originating vrf will not accept the looped back route
867 * because of loop checking.
868 */
869 if (new_info)
870 vpn_leak_to_vrf_update(bgp_vrf, new_info);
871 }
872
873 void vpn_leak_from_vrf_withdraw(struct bgp *bgp_vpn, /* to */
874 struct bgp *bgp_vrf, /* from */
875 struct bgp_info *info_vrf) /* route */
876 {
877 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
878 struct prefix *p = &info_vrf->net->p;
879 afi_t afi = family2afi(p->family);
880 safi_t safi = SAFI_MPLS_VPN;
881 struct bgp_info *bi;
882 struct bgp_node *bn;
883 const char *debugmsg;
884 char buf_prefix[PREFIX_STRLEN];
885
886 if (debug) {
887 prefix2str(p, buf_prefix, sizeof(buf_prefix));
888 zlog_debug(
889 "%s: entry: leak-from=%s, p=%s, type=%d, sub_type=%d",
890 __func__, bgp_vrf->name_pretty, buf_prefix,
891 info_vrf->type, info_vrf->sub_type);
892 }
893
894 if (info_vrf->sub_type != BGP_ROUTE_NORMAL
895 && info_vrf->sub_type != BGP_ROUTE_STATIC
896 && info_vrf->sub_type != BGP_ROUTE_REDISTRIBUTE) {
897
898 if (debug)
899 zlog_debug("%s: wrong sub_type %d", __func__,
900 info_vrf->sub_type);
901 return;
902 }
903 if (!bgp_vpn)
904 return;
905
906 if (!afi) {
907 if (debug)
908 zlog_debug("%s: can't get afi of prefix", __func__);
909 return;
910 }
911
912 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
913 if (debug)
914 zlog_debug("%s: skipping: %s", __func__, debugmsg);
915 return;
916 }
917
918 if (debug)
919 zlog_debug("%s: withdrawing (info_vrf=%p)", __func__, info_vrf);
920
921 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
922 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
923
924 /*
925 * vrf -> vpn
926 * match original bi imported from
927 */
928 for (bi = (bn ? bn->info : NULL); bi; bi = bi->next) {
929 if (bi->extra && bi->extra->parent == info_vrf) {
930 break;
931 }
932 }
933
934 if (bi) {
935 /* withdraw from looped vrfs as well */
936 vpn_leak_to_vrf_withdraw(bgp_vpn, bi);
937
938 bgp_aggregate_decrement(bgp_vpn, p, bi, afi, safi);
939 bgp_info_delete(bn, bi);
940 bgp_process(bgp_vpn, bn, afi, safi);
941 }
942 bgp_unlock_node(bn);
943 }
944
945 void vpn_leak_from_vrf_withdraw_all(struct bgp *bgp_vpn, /* to */
946 struct bgp *bgp_vrf, /* from */
947 afi_t afi)
948 {
949 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
950 struct bgp_node *prn;
951 safi_t safi = SAFI_MPLS_VPN;
952
953 /*
954 * Walk vpn table, delete bi with bgp_orig == bgp_vrf
955 */
956 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
957 prn = bgp_route_next(prn)) {
958
959 struct bgp_table *table;
960 struct bgp_node *bn;
961 struct bgp_info *bi;
962
963 /* This is the per-RD table of prefixes */
964 table = prn->info;
965
966 if (!table)
967 continue;
968
969 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
970
971 char buf[PREFIX2STR_BUFFER];
972
973 if (debug && bn->info) {
974 zlog_debug(
975 "%s: looking at prefix %s", __func__,
976 prefix2str(&bn->p, buf, sizeof(buf)));
977 }
978
979 for (bi = bn->info; bi; bi = bi->next) {
980 if (debug)
981 zlog_debug("%s: type %d, sub_type %d",
982 __func__, bi->type,
983 bi->sub_type);
984 if (bi->sub_type != BGP_ROUTE_IMPORTED)
985 continue;
986 if (!bi->extra)
987 continue;
988 if ((struct bgp *)bi->extra->bgp_orig
989 == bgp_vrf) {
990 /* delete route */
991 if (debug)
992 zlog_debug("%s: deleting it\n",
993 __func__);
994 bgp_aggregate_decrement(bgp_vpn, &bn->p,
995 bi, afi, safi);
996 bgp_info_delete(bn, bi);
997 bgp_process(bgp_vpn, bn, afi, safi);
998 }
999 }
1000 }
1001 }
1002 }
1003
1004 void vpn_leak_from_vrf_update_all(struct bgp *bgp_vpn, /* to */
1005 struct bgp *bgp_vrf, /* from */
1006 afi_t afi)
1007 {
1008 struct bgp_node *bn;
1009 struct bgp_info *bi;
1010 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1011
1012 if (debug)
1013 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
1014 bgp_vrf->name_pretty);
1015
1016 for (bn = bgp_table_top(bgp_vrf->rib[afi][SAFI_UNICAST]); bn;
1017 bn = bgp_route_next(bn)) {
1018
1019 if (debug)
1020 zlog_debug("%s: node=%p", __func__, bn);
1021
1022 for (bi = bn->info; bi; bi = bi->next) {
1023 if (debug)
1024 zlog_debug(
1025 "%s: calling vpn_leak_from_vrf_update",
1026 __func__);
1027 vpn_leak_from_vrf_update(bgp_vpn, bgp_vrf, bi);
1028 }
1029 }
1030 }
1031
1032 static void vpn_leak_to_vrf_update_onevrf(struct bgp *bgp_vrf, /* to */
1033 struct bgp *bgp_vpn, /* from */
1034 struct bgp_info *info_vpn) /* route */
1035 {
1036 struct prefix *p = &info_vpn->net->p;
1037 afi_t afi = family2afi(p->family);
1038
1039 struct attr static_attr = {0};
1040 struct attr *new_attr = NULL;
1041 struct bgp_node *bn;
1042 safi_t safi = SAFI_UNICAST;
1043 const char *debugmsg;
1044 struct prefix nexthop_orig;
1045 mpls_label_t *pLabels = NULL;
1046 uint32_t num_labels = 0;
1047 int nexthop_self_flag = 1;
1048 struct bgp_info *bi_ultimate = NULL;
1049 int origin_local = 0;
1050 struct bgp *src_vrf;
1051
1052 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1053
1054 if (!vpn_leak_from_vpn_active(bgp_vrf, afi, &debugmsg)) {
1055 if (debug)
1056 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1057 return;
1058 }
1059
1060 /* Check for intersection of route targets */
1061 if (!ecom_intersect(
1062 bgp_vrf->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1063 info_vpn->attr->ecommunity)) {
1064
1065 return;
1066 }
1067
1068 if (debug)
1069 zlog_debug("%s: updating to vrf %s", __func__,
1070 bgp_vrf->name_pretty);
1071
1072 bgp_attr_dup(&static_attr, info_vpn->attr); /* shallow copy */
1073
1074 /*
1075 * Nexthop: stash and clear
1076 *
1077 * Nexthop is valid in context of VPN core, but not in destination vrf.
1078 * Stash it for later label resolution by vrf ingress path and then
1079 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1080 */
1081 uint8_t nhfamily = NEXTHOP_FAMILY(info_vpn->attr->mp_nexthop_len);
1082
1083 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1084 nexthop_orig.family = nhfamily;
1085
1086 switch (nhfamily) {
1087 case AF_INET:
1088 /* save */
1089 nexthop_orig.u.prefix4 = info_vpn->attr->mp_nexthop_global_in;
1090 nexthop_orig.prefixlen = 32;
1091
1092 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1093 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1094 static_attr.nexthop.s_addr =
1095 nexthop_orig.u.prefix4.s_addr;
1096
1097 static_attr.mp_nexthop_global_in =
1098 info_vpn->attr->mp_nexthop_global_in;
1099 static_attr.mp_nexthop_len =
1100 info_vpn->attr->mp_nexthop_len;
1101 }
1102 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1103 break;
1104 case AF_INET6:
1105 /* save */
1106 nexthop_orig.u.prefix6 = info_vpn->attr->mp_nexthop_global;
1107 nexthop_orig.prefixlen = 128;
1108
1109 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1110 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1111 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
1112 }
1113 break;
1114 }
1115
1116 /*
1117 * route map handling
1118 */
1119 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
1120 struct bgp_info info;
1121 route_map_result_t ret;
1122
1123 memset(&info, 0, sizeof(info));
1124 info.peer = bgp_vrf->peer_self;
1125 info.attr = &static_attr;
1126 ret = route_map_apply(bgp_vrf->vpn_policy[afi]
1127 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
1128 p, RMAP_BGP, &info);
1129 if (RMAP_DENYMATCH == ret) {
1130 bgp_attr_flush(&static_attr); /* free any added parts */
1131 if (debug)
1132 zlog_debug(
1133 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
1134 __func__, bgp_vrf->name_pretty,
1135 bgp_vrf->vpn_policy[afi]
1136 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
1137 ->name);
1138 return;
1139 }
1140 /*
1141 * if route-map changed nexthop, don't nexthop-self on output
1142 */
1143 if (!CHECK_FLAG(static_attr.rmap_change_flags,
1144 BATTR_RMAP_NEXTHOP_UNCHANGED))
1145 nexthop_self_flag = 0;
1146 }
1147
1148 new_attr = bgp_attr_intern(&static_attr);
1149 bgp_attr_flush(&static_attr);
1150
1151 bn = bgp_afi_node_get(bgp_vrf->rib[afi][safi], afi, safi, p, NULL);
1152
1153 /*
1154 * ensure labels are copied
1155 *
1156 * However, there is a special case: if the route originated in
1157 * another local VRF (as opposed to arriving via VPN), then the
1158 * nexthop is reached by hairpinning through this router (me)
1159 * using IP forwarding only (no LSP). Therefore, the route
1160 * imported to the VRF should not have labels attached. Note
1161 * that nexthop tracking is also involved: eliminating the
1162 * labels for these routes enables the non-labeled nexthops
1163 * from the originating VRF to be considered valid for this route.
1164 */
1165 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1166 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1167 /* work back to original route */
1168 for (bi_ultimate = info_vpn;
1169 bi_ultimate->extra && bi_ultimate->extra->parent;
1170 bi_ultimate = bi_ultimate->extra->parent)
1171 ;
1172
1173 /*
1174 * if original route was unicast,
1175 * then it did not arrive over vpn
1176 */
1177 if (bi_ultimate->net) {
1178 struct bgp_table *table;
1179
1180 table = bgp_node_table(bi_ultimate->net);
1181 if (table && (table->safi == SAFI_UNICAST))
1182 origin_local = 1;
1183 }
1184
1185 /* copy labels */
1186 if (!origin_local &&
1187 info_vpn->extra && info_vpn->extra->num_labels) {
1188 num_labels = info_vpn->extra->num_labels;
1189 if (num_labels > BGP_MAX_LABELS)
1190 num_labels = BGP_MAX_LABELS;
1191 pLabels = info_vpn->extra->label;
1192 }
1193 }
1194
1195 if (debug) {
1196 char buf_prefix[PREFIX_STRLEN];
1197 prefix2str(p, buf_prefix, sizeof(buf_prefix));
1198 zlog_debug("%s: pfx %s: num_labels %d", __func__, buf_prefix,
1199 num_labels);
1200 }
1201
1202 /*
1203 * For VRF-2-VRF route-leaking,
1204 * the source will be the originating VRF.
1205 */
1206 if (info_vpn->extra && info_vpn->extra->bgp_orig)
1207 src_vrf = info_vpn->extra->bgp_orig;
1208 else
1209 src_vrf = bgp_vpn;
1210
1211 leak_update(bgp_vrf, bn, new_attr, afi, safi, info_vpn,
1212 pLabels, num_labels,
1213 info_vpn, /* parent */
1214 src_vrf, &nexthop_orig, nexthop_self_flag, debug);
1215 }
1216
1217 void vpn_leak_to_vrf_update(struct bgp *bgp_vpn, /* from */
1218 struct bgp_info *info_vpn) /* route */
1219 {
1220 struct listnode *mnode, *mnnode;
1221 struct bgp *bgp;
1222
1223 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1224
1225 if (debug)
1226 zlog_debug("%s: start (info_vpn=%p)", __func__, info_vpn);
1227
1228 /* Loop over VRFs */
1229 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1230
1231 if (!info_vpn->extra
1232 || info_vpn->extra->bgp_orig != bgp) { /* no loop */
1233 vpn_leak_to_vrf_update_onevrf(bgp, bgp_vpn, info_vpn);
1234 }
1235 }
1236 }
1237
1238 void vpn_leak_to_vrf_withdraw(struct bgp *bgp_vpn, /* from */
1239 struct bgp_info *info_vpn) /* route */
1240 {
1241 struct prefix *p;
1242 afi_t afi;
1243 safi_t safi = SAFI_UNICAST;
1244 struct bgp *bgp;
1245 struct listnode *mnode, *mnnode;
1246 struct bgp_node *bn;
1247 struct bgp_info *bi;
1248 const char *debugmsg;
1249 char buf_prefix[PREFIX_STRLEN];
1250
1251 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1252
1253 if (debug) {
1254 prefix2str(&info_vpn->net->p, buf_prefix, sizeof(buf_prefix));
1255 zlog_debug("%s: entry: p=%s, type=%d, sub_type=%d",
1256 __func__, buf_prefix,
1257 info_vpn->type, info_vpn->sub_type);
1258 }
1259
1260 if (debug)
1261 zlog_debug("%s: start (info_vpn=%p)", __func__, info_vpn);
1262
1263 if (!info_vpn->net) {
1264 #if ENABLE_BGP_VNC
1265 /* BGP_ROUTE_RFP routes do not have info_vpn->net set (yet) */
1266 if (info_vpn->type == ZEBRA_ROUTE_BGP &&
1267 info_vpn->sub_type == BGP_ROUTE_RFP) {
1268
1269 return;
1270 }
1271 #endif
1272 if (debug)
1273 zlog_debug("%s: info_vpn->net unexpectedly NULL, no prefix, bailing",
1274 __func__);
1275 return;
1276 }
1277
1278 p = &info_vpn->net->p;
1279 afi = family2afi(p->family);
1280
1281 /* Loop over VRFs */
1282 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1283 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
1284 if (debug)
1285 zlog_debug("%s: skipping: %s", __func__,
1286 debugmsg);
1287 continue;
1288 }
1289
1290 /* Check for intersection of route targets */
1291 if (!ecom_intersect(bgp->vpn_policy[afi]
1292 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1293 info_vpn->attr->ecommunity)) {
1294
1295 continue;
1296 }
1297
1298 if (debug)
1299 zlog_debug("%s: withdrawing from vrf %s", __func__,
1300 bgp->name_pretty);
1301
1302 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
1303 for (bi = (bn ? bn->info : NULL); bi; bi = bi->next) {
1304 if (bi->extra
1305 && (struct bgp_info *)bi->extra->parent
1306 == info_vpn) {
1307 break;
1308 }
1309 }
1310
1311 if (bi) {
1312 if (debug)
1313 zlog_debug("%s: deleting bi %p", __func__, bi);
1314 bgp_aggregate_decrement(bgp, p, bi, afi, safi);
1315 bgp_info_delete(bn, bi);
1316 bgp_process(bgp, bn, afi, safi);
1317 }
1318 bgp_unlock_node(bn);
1319 }
1320 }
1321
1322 void vpn_leak_to_vrf_withdraw_all(struct bgp *bgp_vrf, /* to */
1323 afi_t afi)
1324 {
1325 struct bgp_node *bn;
1326 struct bgp_info *bi;
1327 safi_t safi = SAFI_UNICAST;
1328 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1329
1330 if (debug)
1331 zlog_debug("%s: entry", __func__);
1332 /*
1333 * Walk vrf table, delete bi with bgp_orig in a different vrf
1334 */
1335 for (bn = bgp_table_top(bgp_vrf->rib[afi][safi]); bn;
1336 bn = bgp_route_next(bn)) {
1337
1338 for (bi = bn->info; bi; bi = bi->next) {
1339 if (bi->extra && bi->extra->bgp_orig != bgp_vrf) {
1340
1341 /* delete route */
1342 bgp_aggregate_decrement(bgp_vrf, &bn->p, bi,
1343 afi, safi);
1344 bgp_info_delete(bn, bi);
1345 bgp_process(bgp_vrf, bn, afi, safi);
1346 }
1347 }
1348 }
1349 }
1350
1351 void vpn_leak_to_vrf_update_all(struct bgp *bgp_vrf, /* to */
1352 struct bgp *bgp_vpn, /* from */
1353 afi_t afi)
1354 {
1355 struct prefix_rd prd;
1356 struct bgp_node *prn;
1357 safi_t safi = SAFI_MPLS_VPN;
1358
1359 assert(bgp_vpn);
1360
1361 /*
1362 * Walk vpn table
1363 */
1364 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
1365 prn = bgp_route_next(prn)) {
1366
1367 struct bgp_table *table;
1368 struct bgp_node *bn;
1369 struct bgp_info *bi;
1370
1371 memset(&prd, 0, sizeof(prd));
1372 prd.family = AF_UNSPEC;
1373 prd.prefixlen = 64;
1374 memcpy(prd.val, prn->p.u.val, 8);
1375
1376 /* This is the per-RD table of prefixes */
1377 table = prn->info;
1378
1379 if (!table)
1380 continue;
1381
1382 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1383
1384 for (bi = bn->info; bi; bi = bi->next) {
1385
1386 if (bi->extra && bi->extra->bgp_orig == bgp_vrf)
1387 continue;
1388
1389 vpn_leak_to_vrf_update_onevrf(bgp_vrf, bgp_vpn,
1390 bi);
1391 }
1392 }
1393 }
1394 }
1395
1396 /*
1397 * This function is called for definition/deletion/change to a route-map
1398 */
1399 static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
1400 {
1401 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1402 afi_t afi;
1403 struct route_map *rmap;
1404
1405 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1406 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
1407
1408 return;
1409 }
1410
1411 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
1412
1413 for (afi = 0; afi < AFI_MAX; ++afi) {
1414
1415 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
1416 && !strcmp(rmap_name,
1417 bgp->vpn_policy[afi]
1418 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
1419
1420 if (debug)
1421 zlog_debug(
1422 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
1423 __func__, rmap_name, bgp->as,
1424 afi2str(afi));
1425
1426 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1427 bgp_get_default(), bgp);
1428 if (debug)
1429 zlog_debug("%s: after vpn_leak_prechange",
1430 __func__);
1431
1432 /* in case of definition/deletion */
1433 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
1434 rmap;
1435
1436 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1437 bgp_get_default(), bgp);
1438
1439 if (debug)
1440 zlog_debug("%s: after vpn_leak_postchange",
1441 __func__);
1442 }
1443
1444 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
1445 && !strcmp(rmap_name,
1446 bgp->vpn_policy[afi]
1447 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
1448
1449 if (debug) {
1450 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
1451 __func__, rmap_name, bgp->as,
1452 afi2str(afi));
1453 }
1454
1455 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1456 bgp_get_default(), bgp);
1457
1458 /* in case of definition/deletion */
1459 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
1460 rmap;
1461
1462 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1463 bgp_get_default(), bgp);
1464 }
1465 }
1466 }
1467
1468 void vpn_policy_routemap_event(const char *rmap_name)
1469 {
1470 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1471 struct listnode *mnode, *mnnode;
1472 struct bgp *bgp;
1473
1474 if (debug)
1475 zlog_debug("%s: entry", __func__);
1476
1477 if (bm->bgp == NULL) /* may be called during cleanup */
1478 return;
1479
1480 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
1481 vpn_policy_routemap_update(bgp, rmap_name);
1482 }
1483
1484 void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
1485 afi_t afi, safi_t safi)
1486 {
1487 const char *export_name;
1488 vpn_policy_direction_t idir, edir;
1489 char *vname;
1490 char buf[1000];
1491 struct ecommunity *ecom;
1492 bool first_export = false;
1493
1494 export_name = to_bgp->name ? to_bgp->name : BGP_DEFAULT_NAME;
1495 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1496 edir = BGP_VPN_POLICY_DIR_TOVPN;
1497
1498 /*
1499 * Cross-ref both VRFs. Also, note if this is the first time
1500 * any VRF is importing from "import_vrf".
1501 */
1502 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
1503 : XSTRDUP(MTYPE_TMP, BGP_DEFAULT_NAME));
1504
1505 listnode_add(to_bgp->vpn_policy[afi].import_vrf, vname);
1506
1507 if (!listcount(from_bgp->vpn_policy[afi].export_vrf))
1508 first_export = true;
1509 vname = XSTRDUP(MTYPE_TMP, export_name);
1510 listnode_add(from_bgp->vpn_policy[afi].export_vrf, vname);
1511
1512 /* Update import RT for current VRF using export RT of the VRF we're
1513 * importing from. First though, make sure "import_vrf" has that
1514 * set.
1515 */
1516 if (first_export) {
1517 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
1518 &from_bgp->vrf_prd_auto);
1519 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
1520 SET_FLAG(from_bgp->vpn_policy[afi].flags,
1521 BGP_VPN_POLICY_TOVPN_RD_SET);
1522 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
1523 buf, sizeof(buf));
1524 from_bgp->vpn_policy[afi].rtlist[edir] =
1525 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
1526 SET_FLAG(from_bgp->af_flags[afi][safi],
1527 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1528 from_bgp->vpn_policy[afi].tovpn_label =
1529 BGP_PREVENT_VRF_2_VRF_LEAK;
1530 }
1531 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1532 if (to_bgp->vpn_policy[afi].rtlist[idir])
1533 to_bgp->vpn_policy[afi].rtlist[idir] =
1534 ecommunity_merge(to_bgp->vpn_policy[afi]
1535 .rtlist[idir], ecom);
1536 else
1537 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
1538 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
1539
1540 /* Does "import_vrf" first need to export its routes or that
1541 * is already done and we just need to import those routes
1542 * from the global table?
1543 */
1544 if (first_export)
1545 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
1546 else
1547 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
1548 }
1549
1550 void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
1551 afi_t afi, safi_t safi)
1552 {
1553 const char *export_name, *tmp_name;
1554 vpn_policy_direction_t idir, edir;
1555 char *vname;
1556 struct ecommunity *ecom;
1557 struct listnode *node;
1558
1559 export_name = to_bgp->name ? to_bgp->name : BGP_DEFAULT_NAME;
1560 tmp_name = from_bgp->name ? from_bgp->name : BGP_DEFAULT_NAME;
1561 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1562 edir = BGP_VPN_POLICY_DIR_TOVPN;
1563
1564 /* Were we importing from "import_vrf"? */
1565 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
1566 vname)) {
1567 if (strcmp(vname, tmp_name) == 0)
1568 break;
1569 }
1570
1571 /*
1572 * We do not check in the cli if the passed in bgp
1573 * instance is actually imported into us before
1574 * we call this function. As such if we do not
1575 * find this in the import_vrf list than
1576 * we just need to return safely.
1577 */
1578 if (!vname)
1579 return;
1580
1581 /* Remove "import_vrf" from our import list. */
1582 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
1583 XFREE(MTYPE_TMP, vname);
1584
1585 /* Remove routes imported from "import_vrf". */
1586 /* TODO: In the current logic, we have to first remove all
1587 * imported routes and then (if needed) import back routes
1588 */
1589 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
1590
1591 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
1592 UNSET_FLAG(to_bgp->af_flags[afi][safi],
1593 BGP_CONFIG_VRF_TO_VRF_IMPORT);
1594 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
1595 } else {
1596 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1597 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
1598 (struct ecommunity_val *)ecom->val);
1599 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
1600 }
1601
1602 /*
1603 * What?
1604 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
1605 * below is checking for NULL that export_vrf can be
1606 * NULL, consequently it is complaining( like a cabbage )
1607 * that we could dereference and crash in the listcount(..)
1608 * check below.
1609 * So make it happy, under protest, with liberty and justice
1610 * for all.
1611 */
1612 assert(from_bgp->vpn_policy[afi].export_vrf);
1613
1614 /* Remove us from "import_vrf's" export list. If no other VRF
1615 * is importing from "import_vrf", cleanup appropriately.
1616 */
1617 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
1618 node, vname)) {
1619 if (strcmp(vname, export_name) == 0)
1620 break;
1621 }
1622
1623 /*
1624 * If we have gotten to this point then the vname must
1625 * exist. If not, we are in a world of trouble and
1626 * have slag sitting around.
1627 *
1628 * import_vrf and export_vrf must match in having
1629 * the in/out names as appropriate.
1630 */
1631 assert(vname);
1632
1633 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
1634 XFREE(MTYPE_TMP, vname);
1635
1636 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
1637 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
1638 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
1639 UNSET_FLAG(from_bgp->af_flags[afi][safi],
1640 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1641 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
1642 sizeof(struct prefix_rd));
1643 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
1644 BGP_VPN_POLICY_TOVPN_RD_SET);
1645 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
1646
1647 }
1648 }
1649
1650 /* For testing purpose, static route of MPLS-VPN. */
1651 DEFUN (vpnv4_network,
1652 vpnv4_network_cmd,
1653 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1654 "Specify a network to announce via BGP\n"
1655 "IPv4 prefix\n"
1656 "Specify Route Distinguisher\n"
1657 "VPN Route Distinguisher\n"
1658 "VPN NLRI label (tag)\n"
1659 "VPN NLRI label (tag)\n"
1660 "Label value\n")
1661 {
1662 int idx_ipv4_prefixlen = 1;
1663 int idx_ext_community = 3;
1664 int idx_label = 5;
1665 return bgp_static_set_safi(
1666 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1667 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
1668 NULL, NULL, NULL, NULL);
1669 }
1670
1671 DEFUN (vpnv4_network_route_map,
1672 vpnv4_network_route_map_cmd,
1673 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map WORD",
1674 "Specify a network to announce via BGP\n"
1675 "IPv4 prefix\n"
1676 "Specify Route Distinguisher\n"
1677 "VPN Route Distinguisher\n"
1678 "VPN NLRI label (tag)\n"
1679 "VPN NLRI label (tag)\n"
1680 "Label value\n"
1681 "route map\n"
1682 "route map name\n")
1683 {
1684 int idx_ipv4_prefixlen = 1;
1685 int idx_ext_community = 3;
1686 int idx_label = 5;
1687 int idx_word_2 = 7;
1688 return bgp_static_set_safi(
1689 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1690 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1691 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1692 }
1693
1694 /* For testing purpose, static route of MPLS-VPN. */
1695 DEFUN (no_vpnv4_network,
1696 no_vpnv4_network_cmd,
1697 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1698 NO_STR
1699 "Specify a network to announce via BGP\n"
1700 "IPv4 prefix\n"
1701 "Specify Route Distinguisher\n"
1702 "VPN Route Distinguisher\n"
1703 "VPN NLRI label (tag)\n"
1704 "VPN NLRI label (tag)\n"
1705 "Label value\n")
1706 {
1707 int idx_ipv4_prefixlen = 2;
1708 int idx_ext_community = 4;
1709 int idx_label = 6;
1710 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
1711 argv[idx_ipv4_prefixlen]->arg,
1712 argv[idx_ext_community]->arg,
1713 argv[idx_label]->arg, 0, NULL, NULL, NULL);
1714 }
1715
1716 DEFUN (vpnv6_network,
1717 vpnv6_network_cmd,
1718 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map WORD]",
1719 "Specify a network to announce via BGP\n"
1720 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1721 "Specify Route Distinguisher\n"
1722 "VPN Route Distinguisher\n"
1723 "VPN NLRI label (tag)\n"
1724 "VPN NLRI label (tag)\n"
1725 "Label value\n"
1726 "route map\n"
1727 "route map name\n")
1728 {
1729 int idx_ipv6_prefix = 1;
1730 int idx_ext_community = 3;
1731 int idx_label = 5;
1732 int idx_word_2 = 7;
1733 if (argc == 8)
1734 return bgp_static_set_safi(
1735 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1736 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1737 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1738 else
1739 return bgp_static_set_safi(
1740 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1741 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1742 NULL, 0, NULL, NULL, NULL, NULL);
1743 }
1744
1745 /* For testing purpose, static route of MPLS-VPN. */
1746 DEFUN (no_vpnv6_network,
1747 no_vpnv6_network_cmd,
1748 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1749 NO_STR
1750 "Specify a network to announce via BGP\n"
1751 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1752 "Specify Route Distinguisher\n"
1753 "VPN Route Distinguisher\n"
1754 "VPN NLRI label (tag)\n"
1755 "VPN NLRI label (tag)\n"
1756 "Label value\n")
1757 {
1758 int idx_ipv6_prefix = 2;
1759 int idx_ext_community = 4;
1760 int idx_label = 6;
1761 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
1762 argv[idx_ipv6_prefix]->arg,
1763 argv[idx_ext_community]->arg,
1764 argv[idx_label]->arg, 0, NULL, NULL, NULL);
1765 }
1766
1767 int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
1768 enum bgp_show_type type, void *output_arg, int tags,
1769 uint8_t use_json)
1770 {
1771 struct bgp *bgp;
1772 struct bgp_table *table;
1773
1774 bgp = bgp_get_default();
1775 if (bgp == NULL) {
1776 if (!use_json)
1777 vty_out(vty, "No BGP process is configured\n");
1778 else
1779 vty_out(vty, "{}\n");
1780 return CMD_WARNING;
1781 }
1782 table = bgp->rib[afi][SAFI_MPLS_VPN];
1783 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
1784 output_arg, use_json);
1785 }
1786
1787 DEFUN (show_bgp_ip_vpn_all_rd,
1788 show_bgp_ip_vpn_all_rd_cmd,
1789 "show bgp "BGP_AFI_CMD_STR" vpn all [rd ASN:NN_OR_IP-ADDRESS:NN] [json]",
1790 SHOW_STR
1791 BGP_STR
1792 BGP_VPNVX_HELP_STR
1793 "Display VPN NLRI specific information\n"
1794 "Display VPN NLRI specific information\n"
1795 "Display information for a route distinguisher\n"
1796 "VPN Route Distinguisher\n"
1797 JSON_STR)
1798 {
1799 int ret;
1800 struct prefix_rd prd;
1801 afi_t afi;
1802 int idx = 0;
1803
1804 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
1805 if (argv_find(argv, argc, "rd", &idx)) {
1806 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
1807 if (!ret) {
1808 vty_out(vty,
1809 "%% Malformed Route Distinguisher\n");
1810 return CMD_WARNING;
1811 }
1812 return bgp_show_mpls_vpn(vty, afi, &prd,
1813 bgp_show_type_normal, NULL, 0,
1814 use_json(argc, argv));
1815 } else {
1816 return bgp_show_mpls_vpn(vty, afi, NULL,
1817 bgp_show_type_normal, NULL, 0,
1818 use_json(argc, argv));
1819 }
1820 }
1821 return CMD_SUCCESS;
1822 }
1823
1824 ALIAS(show_bgp_ip_vpn_all_rd,
1825 show_bgp_ip_vpn_rd_cmd,
1826 "show bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN [json]",
1827 SHOW_STR
1828 BGP_STR
1829 BGP_VPNVX_HELP_STR
1830 "Display VPN NLRI specific information\n"
1831 "Display information for a route distinguisher\n"
1832 "VPN Route Distinguisher\n"
1833 JSON_STR)
1834
1835 #ifdef KEEP_OLD_VPN_COMMANDS
1836 DEFUN (show_ip_bgp_vpn_rd,
1837 show_ip_bgp_vpn_rd_cmd,
1838 "show ip bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN",
1839 SHOW_STR
1840 IP_STR
1841 BGP_STR
1842 BGP_AFI_HELP_STR
1843 "Address Family modifier\n"
1844 "Display information for a route distinguisher\n"
1845 "VPN Route Distinguisher\n")
1846 {
1847 int idx_ext_community = argc - 1;
1848 int ret;
1849 struct prefix_rd prd;
1850 afi_t afi;
1851 int idx = 0;
1852
1853 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
1854 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
1855 if (!ret) {
1856 vty_out(vty, "%% Malformed Route Distinguisher\n");
1857 return CMD_WARNING;
1858 }
1859 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
1860 NULL, 0, 0);
1861 }
1862 return CMD_SUCCESS;
1863 }
1864
1865 DEFUN (show_ip_bgp_vpn_all,
1866 show_ip_bgp_vpn_all_cmd,
1867 "show [ip] bgp <vpnv4|vpnv6>",
1868 SHOW_STR
1869 IP_STR
1870 BGP_STR
1871 BGP_VPNVX_HELP_STR)
1872 {
1873 afi_t afi;
1874 int idx = 0;
1875
1876 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
1877 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
1878 NULL, 0, 0);
1879 return CMD_SUCCESS;
1880 }
1881
1882 DEFUN (show_ip_bgp_vpn_all_tags,
1883 show_ip_bgp_vpn_all_tags_cmd,
1884 "show [ip] bgp <vpnv4|vpnv6> all tags",
1885 SHOW_STR
1886 IP_STR
1887 BGP_STR
1888 BGP_VPNVX_HELP_STR
1889 "Display information about all VPNv4/VPNV6 NLRIs\n"
1890 "Display BGP tags for prefixes\n")
1891 {
1892 afi_t afi;
1893 int idx = 0;
1894
1895 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
1896 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
1897 NULL, 1, 0);
1898 return CMD_SUCCESS;
1899 }
1900
1901 DEFUN (show_ip_bgp_vpn_rd_tags,
1902 show_ip_bgp_vpn_rd_tags_cmd,
1903 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN tags",
1904 SHOW_STR
1905 IP_STR
1906 BGP_STR
1907 BGP_VPNVX_HELP_STR
1908 "Display information for a route distinguisher\n"
1909 "VPN Route Distinguisher\n"
1910 "Display BGP tags for prefixes\n")
1911 {
1912 int idx_ext_community = 5;
1913 int ret;
1914 struct prefix_rd prd;
1915 afi_t afi;
1916 int idx = 0;
1917
1918 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
1919 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
1920 if (!ret) {
1921 vty_out(vty, "%% Malformed Route Distinguisher\n");
1922 return CMD_WARNING;
1923 }
1924 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
1925 NULL, 1, 0);
1926 }
1927 return CMD_SUCCESS;
1928 }
1929
1930 DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
1931 show_ip_bgp_vpn_all_neighbor_routes_cmd,
1932 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
1933 SHOW_STR
1934 IP_STR
1935 BGP_STR
1936 BGP_VPNVX_HELP_STR
1937 "Display information about all VPNv4/VPNv6 NLRIs\n"
1938 "Detailed information on TCP and BGP neighbor connections\n"
1939 "Neighbor to display information about\n"
1940 "Display routes learned from neighbor\n"
1941 JSON_STR)
1942 {
1943 int idx_ipv4 = 6;
1944 union sockunion su;
1945 struct peer *peer;
1946 int ret;
1947 uint8_t uj = use_json(argc, argv);
1948 afi_t afi;
1949 int idx = 0;
1950
1951 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
1952 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
1953 if (ret < 0) {
1954 if (uj) {
1955 json_object *json_no = NULL;
1956 json_no = json_object_new_object();
1957 json_object_string_add(json_no, "warning",
1958 "Malformed address");
1959 vty_out(vty, "%s\n",
1960 json_object_to_json_string(json_no));
1961 json_object_free(json_no);
1962 } else
1963 vty_out(vty, "Malformed address: %s\n",
1964 argv[idx_ipv4]->arg);
1965 return CMD_WARNING;
1966 }
1967
1968 peer = peer_lookup(NULL, &su);
1969 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
1970 if (uj) {
1971 json_object *json_no = NULL;
1972 json_no = json_object_new_object();
1973 json_object_string_add(
1974 json_no, "warning",
1975 "No such neighbor or address family");
1976 vty_out(vty, "%s\n",
1977 json_object_to_json_string(json_no));
1978 json_object_free(json_no);
1979 } else
1980 vty_out(vty,
1981 "%% No such neighbor or address family\n");
1982 return CMD_WARNING;
1983 }
1984
1985 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
1986 &su, 0, uj);
1987 }
1988 return CMD_SUCCESS;
1989 }
1990
1991 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
1992 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
1993 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D routes [json]",
1994 SHOW_STR
1995 IP_STR
1996 BGP_STR
1997 BGP_VPNVX_HELP_STR
1998 "Display information for a route distinguisher\n"
1999 "VPN Route Distinguisher\n"
2000 "Detailed information on TCP and BGP neighbor connections\n"
2001 "Neighbor to display information about\n"
2002 "Display routes learned from neighbor\n"
2003 JSON_STR)
2004 {
2005 int idx_ext_community = 5;
2006 int idx_ipv4 = 7;
2007 int ret;
2008 union sockunion su;
2009 struct peer *peer;
2010 struct prefix_rd prd;
2011 uint8_t uj = use_json(argc, argv);
2012 afi_t afi;
2013 int idx = 0;
2014
2015 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2016 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2017 if (!ret) {
2018 if (uj) {
2019 json_object *json_no = NULL;
2020 json_no = json_object_new_object();
2021 json_object_string_add(
2022 json_no, "warning",
2023 "Malformed Route Distinguisher");
2024 vty_out(vty, "%s\n",
2025 json_object_to_json_string(json_no));
2026 json_object_free(json_no);
2027 } else
2028 vty_out(vty,
2029 "%% Malformed Route Distinguisher\n");
2030 return CMD_WARNING;
2031 }
2032
2033 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2034 if (ret < 0) {
2035 if (uj) {
2036 json_object *json_no = NULL;
2037 json_no = json_object_new_object();
2038 json_object_string_add(json_no, "warning",
2039 "Malformed address");
2040 vty_out(vty, "%s\n",
2041 json_object_to_json_string(json_no));
2042 json_object_free(json_no);
2043 } else
2044 vty_out(vty, "Malformed address: %s\n",
2045 argv[idx_ext_community]->arg);
2046 return CMD_WARNING;
2047 }
2048
2049 peer = peer_lookup(NULL, &su);
2050 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2051 if (uj) {
2052 json_object *json_no = NULL;
2053 json_no = json_object_new_object();
2054 json_object_string_add(
2055 json_no, "warning",
2056 "No such neighbor or address family");
2057 vty_out(vty, "%s\n",
2058 json_object_to_json_string(json_no));
2059 json_object_free(json_no);
2060 } else
2061 vty_out(vty,
2062 "%% No such neighbor or address family\n");
2063 return CMD_WARNING;
2064 }
2065
2066 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_neighbor,
2067 &su, 0, uj);
2068 }
2069 return CMD_SUCCESS;
2070 }
2071
2072 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
2073 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
2074 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
2075 SHOW_STR
2076 IP_STR
2077 BGP_STR
2078 BGP_VPNVX_HELP_STR
2079 "Display information about all VPNv4/VPNv6 NLRIs\n"
2080 "Detailed information on TCP and BGP neighbor connections\n"
2081 "Neighbor to display information about\n"
2082 "Display the routes advertised to a BGP neighbor\n"
2083 JSON_STR)
2084 {
2085 int idx_ipv4 = 6;
2086 int ret;
2087 struct peer *peer;
2088 union sockunion su;
2089 uint8_t uj = use_json(argc, argv);
2090 afi_t afi;
2091 int idx = 0;
2092
2093 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2094 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2095 if (ret < 0) {
2096 if (uj) {
2097 json_object *json_no = NULL;
2098 json_no = json_object_new_object();
2099 json_object_string_add(json_no, "warning",
2100 "Malformed address");
2101 vty_out(vty, "%s\n",
2102 json_object_to_json_string(json_no));
2103 json_object_free(json_no);
2104 } else
2105 vty_out(vty, "Malformed address: %s\n",
2106 argv[idx_ipv4]->arg);
2107 return CMD_WARNING;
2108 }
2109 peer = peer_lookup(NULL, &su);
2110 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2111 if (uj) {
2112 json_object *json_no = NULL;
2113 json_no = json_object_new_object();
2114 json_object_string_add(
2115 json_no, "warning",
2116 "No such neighbor or address family");
2117 vty_out(vty, "%s\n",
2118 json_object_to_json_string(json_no));
2119 json_object_free(json_no);
2120 } else
2121 vty_out(vty,
2122 "%% No such neighbor or address family\n");
2123 return CMD_WARNING;
2124 }
2125 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2126 SAFI_MPLS_VPN, uj);
2127 }
2128 return CMD_SUCCESS;
2129 }
2130
2131 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
2132 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
2133 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D advertised-routes [json]",
2134 SHOW_STR
2135 IP_STR
2136 BGP_STR
2137 BGP_VPNVX_HELP_STR
2138 "Display information for a route distinguisher\n"
2139 "VPN Route Distinguisher\n"
2140 "Detailed information on TCP and BGP neighbor connections\n"
2141 "Neighbor to display information about\n"
2142 "Display the routes advertised to a BGP neighbor\n"
2143 JSON_STR)
2144 {
2145 int idx_ext_community = 5;
2146 int idx_ipv4 = 7;
2147 int ret;
2148 struct peer *peer;
2149 struct prefix_rd prd;
2150 union sockunion su;
2151 uint8_t uj = use_json(argc, argv);
2152 afi_t afi;
2153 int idx = 0;
2154
2155 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2156 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2157 if (ret < 0) {
2158 if (uj) {
2159 json_object *json_no = NULL;
2160 json_no = json_object_new_object();
2161 json_object_string_add(json_no, "warning",
2162 "Malformed address");
2163 vty_out(vty, "%s\n",
2164 json_object_to_json_string(json_no));
2165 json_object_free(json_no);
2166 } else
2167 vty_out(vty, "Malformed address: %s\n",
2168 argv[idx_ext_community]->arg);
2169 return CMD_WARNING;
2170 }
2171 peer = peer_lookup(NULL, &su);
2172 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2173 if (uj) {
2174 json_object *json_no = NULL;
2175 json_no = json_object_new_object();
2176 json_object_string_add(
2177 json_no, "warning",
2178 "No such neighbor or address family");
2179 vty_out(vty, "%s\n",
2180 json_object_to_json_string(json_no));
2181 json_object_free(json_no);
2182 } else
2183 vty_out(vty,
2184 "%% No such neighbor or address family\n");
2185 return CMD_WARNING;
2186 }
2187
2188 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2189 if (!ret) {
2190 if (uj) {
2191 json_object *json_no = NULL;
2192 json_no = json_object_new_object();
2193 json_object_string_add(
2194 json_no, "warning",
2195 "Malformed Route Distinguisher");
2196 vty_out(vty, "%s\n",
2197 json_object_to_json_string(json_no));
2198 json_object_free(json_no);
2199 } else
2200 vty_out(vty,
2201 "%% Malformed Route Distinguisher\n");
2202 return CMD_WARNING;
2203 }
2204
2205 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
2206 SAFI_MPLS_VPN, uj);
2207 }
2208 return CMD_SUCCESS;
2209 }
2210 #endif /* KEEP_OLD_VPN_COMMANDS */
2211
2212 void bgp_mplsvpn_init(void)
2213 {
2214 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
2215 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
2216 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
2217
2218 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
2219 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
2220
2221 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
2222 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
2223 #ifdef KEEP_OLD_VPN_COMMANDS
2224 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
2225 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
2226 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
2227 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
2228 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
2229 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
2230 install_element(VIEW_NODE,
2231 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
2232 install_element(VIEW_NODE,
2233 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
2234 #endif /* KEEP_OLD_VPN_COMMANDS */
2235 }
2236
2237 vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
2238 {
2239 struct listnode *mnode, *mnnode;
2240 struct bgp *bgp;
2241
2242 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2243 struct ecommunity *ec;
2244
2245 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2246 continue;
2247
2248 ec = bgp->vpn_policy[AFI_IP].import_redirect_rtlist;
2249
2250 if (ecom_intersect(ec, eckey))
2251 return bgp->vrf_id;
2252 }
2253 return VRF_UNKNOWN;
2254 }
2255
2256 /*
2257 * The purpose of this function is to process leaks that were deferred
2258 * from earlier per-vrf configuration due to not-yet-existing default
2259 * vrf, in other words, configuration such as:
2260 *
2261 * router bgp MMM vrf FOO
2262 * address-family ipv4 unicast
2263 * rd vpn export 1:1
2264 * exit-address-family
2265 *
2266 * router bgp NNN
2267 * ...
2268 *
2269 * This function gets called when the default instance ("router bgp NNN")
2270 * is created.
2271 */
2272 void vpn_leak_postchange_all(void)
2273 {
2274 struct listnode *next;
2275 struct bgp *bgp;
2276 struct bgp *bgp_default = bgp_get_default();
2277
2278 assert(bgp_default);
2279
2280 /* First, do any exporting from VRFs to the single VPN RIB */
2281 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2282
2283 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2284 continue;
2285
2286 vpn_leak_postchange(
2287 BGP_VPN_POLICY_DIR_TOVPN,
2288 AFI_IP,
2289 bgp_default,
2290 bgp);
2291
2292 vpn_leak_postchange(
2293 BGP_VPN_POLICY_DIR_TOVPN,
2294 AFI_IP6,
2295 bgp_default,
2296 bgp);
2297 }
2298
2299 /* Now, do any importing to VRFs from the single VPN RIB */
2300 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2301
2302 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2303 continue;
2304
2305 vpn_leak_postchange(
2306 BGP_VPN_POLICY_DIR_FROMVPN,
2307 AFI_IP,
2308 bgp_default,
2309 bgp);
2310
2311 vpn_leak_postchange(
2312 BGP_VPN_POLICY_DIR_FROMVPN,
2313 AFI_IP6,
2314 bgp_default,
2315 bgp);
2316 }
2317 }
FRRouting mirror