2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
4 * This file is part of GNU Zebra.
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_errors.h"
37 #include "bgpd/bgp_table.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_attr.h"
40 #include "bgpd/bgp_label.h"
41 #include "bgpd/bgp_mplsvpn.h"
42 #include "bgpd/bgp_packet.h"
43 #include "bgpd/bgp_vty.h"
44 #include "bgpd/bgp_vpn.h"
45 #include "bgpd/bgp_community.h"
46 #include "bgpd/bgp_ecommunity.h"
47 #include "bgpd/bgp_zebra.h"
48 #include "bgpd/bgp_nexthop.h"
49 #include "bgpd/bgp_nht.h"
50 #include "bgpd/bgp_evpn.h"
51 #include "bgpd/bgp_memory.h"
54 #include "bgpd/rfapi/rfapi_backend.h"
58 * Definitions and external declarations.
60 extern struct zclient
*zclient
;
62 extern int argv_find_and_parse_vpnvx(struct cmd_token
**argv
, int argc
,
63 int *index
, afi_t
*afi
)
66 if (argv_find(argv
, argc
, "vpnv4", index
)) {
70 } else if (argv_find(argv
, argc
, "vpnv6", index
)) {
78 uint32_t decode_label(mpls_label_t
*label_pnt
)
81 uint8_t *pnt
= (uint8_t *)label_pnt
;
83 l
= ((uint32_t)*pnt
++ << 12);
84 l
|= (uint32_t)*pnt
++ << 4;
85 l
|= (uint32_t)((*pnt
& 0xf0) >> 4);
89 void encode_label(mpls_label_t label
, mpls_label_t
*label_pnt
)
91 uint8_t *pnt
= (uint8_t *)label_pnt
;
94 if (label
== BGP_PREVENT_VRF_2_VRF_LEAK
) {
98 *pnt
++ = (label
>> 12) & 0xff;
99 *pnt
++ = (label
>> 4) & 0xff;
100 *pnt
++ = ((label
<< 4) + 1) & 0xff; /* S=1 */
103 int bgp_nlri_parse_vpn(struct peer
*peer
, struct attr
*attr
,
104 struct bgp_nlri
*packet
)
112 struct prefix_rd prd
= {0};
113 mpls_label_t label
= {0};
116 bool addpath_capable
;
121 prd
.family
= AF_UNSPEC
;
124 struct stream
*data
= stream_new(packet
->length
);
125 stream_put(data
, packet
->nlri
, packet
->length
);
130 addpath_capable
= bgp_addpath_encode_rx(peer
, afi
, safi
);
132 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
133 while (STREAM_READABLE(data
) > 0) {
134 /* Clear prefix structure. */
135 memset(&p
, 0, sizeof(p
));
137 if (addpath_capable
) {
138 STREAM_GET(&addpath_id
, data
, BGP_ADDPATH_ID_LEN
);
139 addpath_id
= ntohl(addpath_id
);
142 if (STREAM_READABLE(data
) < 1) {
145 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no prefix length)",
146 peer
->host
, packet
->length
);
147 ret
= BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
151 /* Fetch prefix length. */
152 STREAM_GETC(data
, prefixlen
);
153 p
.family
= afi2family(packet
->afi
);
154 psize
= PSIZE(prefixlen
);
156 if (prefixlen
< VPN_PREFIXLEN_MIN_BYTES
* 8) {
159 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
160 peer
->host
, prefixlen
);
161 ret
= BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH
;
165 /* sanity check against packet data */
166 if (STREAM_READABLE(data
) < psize
) {
169 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
170 peer
->host
, prefixlen
, packet
->length
);
171 ret
= BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW
;
175 /* sanity check against storage for the IP address portion */
176 if ((psize
- VPN_PREFIXLEN_MIN_BYTES
) > (ssize_t
)sizeof(p
.u
)) {
179 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
181 prefixlen
- VPN_PREFIXLEN_MIN_BYTES
* 8,
183 ret
= BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
187 /* Sanity check against max bitlen of the address family */
188 if ((psize
- VPN_PREFIXLEN_MIN_BYTES
) > prefix_blen(&p
)) {
191 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
193 prefixlen
- VPN_PREFIXLEN_MIN_BYTES
* 8,
194 p
.family
, prefix_blen(&p
));
195 ret
= BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
199 /* Copy label to prefix. */
200 if (STREAM_READABLE(data
) < BGP_LABEL_BYTES
) {
203 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no label)",
204 peer
->host
, packet
->length
);
205 ret
= BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
209 STREAM_GET(&label
, data
, BGP_LABEL_BYTES
);
210 bgp_set_valid_label(&label
);
212 /* Copy routing distinguisher to rd. */
213 if (STREAM_READABLE(data
) < 8) {
216 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no RD)",
217 peer
->host
, packet
->length
);
218 ret
= BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
221 STREAM_GET(&prd
.val
, data
, 8);
223 /* Decode RD type. */
224 type
= decode_rd_type(prd
.val
);
228 decode_rd_as(&prd
.val
[2], &rd_as
);
232 decode_rd_as4(&prd
.val
[2], &rd_as
);
236 decode_rd_ip(&prd
.val
[2], &rd_ip
);
239 #ifdef ENABLE_BGP_VNC
240 case RD_TYPE_VNC_ETH
:
245 flog_err(EC_BGP_UPDATE_RCV
, "Unknown RD type %d", type
);
246 break; /* just report */
249 /* exclude label & RD */
250 p
.prefixlen
= prefixlen
- VPN_PREFIXLEN_MIN_BYTES
* 8;
251 STREAM_GET(p
.u
.val
, data
, psize
- VPN_PREFIXLEN_MIN_BYTES
);
254 bgp_update(peer
, &p
, addpath_id
, attr
, packet
->afi
,
255 SAFI_MPLS_VPN
, ZEBRA_ROUTE_BGP
,
256 BGP_ROUTE_NORMAL
, &prd
, &label
, 1, 0, NULL
);
258 bgp_withdraw(peer
, &p
, addpath_id
, attr
, packet
->afi
,
259 SAFI_MPLS_VPN
, ZEBRA_ROUTE_BGP
,
260 BGP_ROUTE_NORMAL
, &prd
, &label
, 1, NULL
);
263 /* Packet length consistency check. */
264 if (STREAM_READABLE(data
) != 0) {
267 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
268 peer
->host
, STREAM_READABLE(data
));
269 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
277 "%s [Error] Update packet error / VPN (NLRI of size %u - length error)",
278 peer
->host
, packet
->length
);
279 ret
= BGP_NLRI_PARSE_ERROR_PACKET_LENGTH
;
285 #undef VPN_PREFIXLEN_MIN_BYTES
289 * This function informs zebra of the label this vrf sets on routes
290 * leaked to VPN. Zebra should install this label in the kernel with
291 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
293 * Sending this vrf-label association is qualified by a) whether vrf->vpn
294 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
295 * are set) and b) whether vpn-policy label is set.
297 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
298 * for this vrf, which zebra interprets to mean "delete this vrf-label
301 void vpn_leak_zebra_vrf_label_update(struct bgp
*bgp
, afi_t afi
)
303 mpls_label_t label
= MPLS_LABEL_NONE
;
304 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_LABEL
);
306 if (bgp
->vrf_id
== VRF_UNKNOWN
) {
309 "%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
310 __func__
, bgp
->name_pretty
, afi2str(afi
));
315 if (vpn_leak_to_vpn_active(bgp
, afi
, NULL
)) {
316 label
= bgp
->vpn_policy
[afi
].tovpn_label
;
320 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
321 __func__
, bgp
->name_pretty
, afi2str(afi
), label
,
325 if (label
== BGP_PREVENT_VRF_2_VRF_LEAK
)
326 label
= MPLS_LABEL_NONE
;
327 zclient_send_vrf_label(zclient
, bgp
->vrf_id
, afi
, label
, ZEBRA_LSP_BGP
);
328 bgp
->vpn_policy
[afi
].tovpn_zebra_vrf_label_last_sent
= label
;
332 * If zebra tells us vrf has become unconfigured, tell zebra not to
333 * use this label to forward to the vrf anymore
335 void vpn_leak_zebra_vrf_label_withdraw(struct bgp
*bgp
, afi_t afi
)
337 mpls_label_t label
= MPLS_LABEL_NONE
;
338 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_LABEL
);
340 if (bgp
->vrf_id
== VRF_UNKNOWN
) {
343 "%s: vrf_id not set, can't delete zebra vrf label",
350 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__
,
351 bgp
->name_pretty
, bgp
->vrf_id
);
354 zclient_send_vrf_label(zclient
, bgp
->vrf_id
, afi
, label
, ZEBRA_LSP_BGP
);
355 bgp
->vpn_policy
[afi
].tovpn_zebra_vrf_label_last_sent
= label
;
359 * This function informs zebra of the srv6-function this vrf sets on routes
360 * leaked to VPN. Zebra should install this srv6-function in the kernel with
361 * an action of "End.DT4/6's IP FIB to route the PDU."
363 void vpn_leak_zebra_vrf_sid_update_per_af(struct bgp
*bgp
, afi_t afi
)
365 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_LABEL
);
366 enum seg6local_action_t act
;
367 struct seg6local_context ctx
= {};
368 struct in6_addr
*tovpn_sid
= NULL
;
369 struct in6_addr
*tovpn_sid_ls
= NULL
;
372 if (bgp
->vrf_id
== VRF_UNKNOWN
) {
374 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
375 __func__
, bgp
->name_pretty
, afi2str(afi
));
379 tovpn_sid
= bgp
->vpn_policy
[afi
].tovpn_sid
;
382 zlog_debug("%s: vrf %s: afi %s: sid not set", __func__
,
383 bgp
->name_pretty
, afi2str(afi
));
388 zlog_debug("%s: vrf %s: afi %s: setting sid %pI6 for vrf id %d",
389 __func__
, bgp
->name_pretty
, afi2str(afi
), tovpn_sid
,
392 vrf
= vrf_lookup_by_id(bgp
->vrf_id
);
396 ctx
.table
= vrf
->data
.l
.table_id
;
397 act
= afi
== AFI_IP
? ZEBRA_SEG6_LOCAL_ACTION_END_DT4
398 : ZEBRA_SEG6_LOCAL_ACTION_END_DT6
;
399 zclient_send_localsid(zclient
, tovpn_sid
, bgp
->vrf_id
, act
, &ctx
);
401 tovpn_sid_ls
= XCALLOC(MTYPE_BGP_SRV6_SID
, sizeof(struct in6_addr
));
402 *tovpn_sid_ls
= *tovpn_sid
;
403 bgp
->vpn_policy
[afi
].tovpn_zebra_vrf_sid_last_sent
= tovpn_sid_ls
;
407 * This function informs zebra of the srv6-function this vrf sets on routes
408 * leaked to VPN. Zebra should install this srv6-function in the kernel with
409 * an action of "End.DT46's IP FIB to route the PDU."
411 void vpn_leak_zebra_vrf_sid_update_per_vrf(struct bgp
*bgp
)
413 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_LABEL
);
414 enum seg6local_action_t act
;
415 struct seg6local_context ctx
= {};
416 struct in6_addr
*tovpn_sid
= NULL
;
417 struct in6_addr
*tovpn_sid_ls
= NULL
;
420 if (bgp
->vrf_id
== VRF_UNKNOWN
) {
423 "%s: vrf %s: vrf_id not set, can't set zebra vrf label",
424 __func__
, bgp
->name_pretty
);
428 tovpn_sid
= bgp
->tovpn_sid
;
431 zlog_debug("%s: vrf %s: sid not set", __func__
,
437 zlog_debug("%s: vrf %s: setting sid %pI6 for vrf id %d",
438 __func__
, bgp
->name_pretty
, tovpn_sid
, bgp
->vrf_id
);
440 vrf
= vrf_lookup_by_id(bgp
->vrf_id
);
444 ctx
.table
= vrf
->data
.l
.table_id
;
445 act
= ZEBRA_SEG6_LOCAL_ACTION_END_DT46
;
446 zclient_send_localsid(zclient
, tovpn_sid
, bgp
->vrf_id
, act
, &ctx
);
448 tovpn_sid_ls
= XCALLOC(MTYPE_BGP_SRV6_SID
, sizeof(struct in6_addr
));
449 *tovpn_sid_ls
= *tovpn_sid
;
450 bgp
->tovpn_zebra_vrf_sid_last_sent
= tovpn_sid_ls
;
454 * This function informs zebra of the srv6-function this vrf sets on routes
455 * leaked to VPN. Zebra should install this srv6-function in the kernel with
456 * an action of "End.DT4/6/46's IP FIB to route the PDU."
458 void vpn_leak_zebra_vrf_sid_update(struct bgp
*bgp
, afi_t afi
)
460 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_LABEL
);
462 if (bgp
->vpn_policy
[afi
].tovpn_sid
)
463 return vpn_leak_zebra_vrf_sid_update_per_af(bgp
, afi
);
466 return vpn_leak_zebra_vrf_sid_update_per_vrf(bgp
);
469 zlog_debug("%s: vrf %s: afi %s: sid not set", __func__
,
470 bgp
->name_pretty
, afi2str(afi
));
474 * If zebra tells us vrf has become unconfigured, tell zebra not to
475 * use this srv6-function to forward to the vrf anymore
477 void vpn_leak_zebra_vrf_sid_withdraw_per_af(struct bgp
*bgp
, afi_t afi
)
479 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_LABEL
);
481 if (bgp
->vrf_id
== VRF_UNKNOWN
) {
483 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
484 __func__
, bgp
->name_pretty
, afi2str(afi
));
489 zlog_debug("%s: deleting sid for vrf %s afi (id=%d)", __func__
,
490 bgp
->name_pretty
, bgp
->vrf_id
);
492 zclient_send_localsid(zclient
,
493 bgp
->vpn_policy
[afi
].tovpn_zebra_vrf_sid_last_sent
,
494 bgp
->vrf_id
, ZEBRA_SEG6_LOCAL_ACTION_UNSPEC
, NULL
);
495 XFREE(MTYPE_BGP_SRV6_SID
,
496 bgp
->vpn_policy
[afi
].tovpn_zebra_vrf_sid_last_sent
);
500 * If zebra tells us vrf has become unconfigured, tell zebra not to
501 * use this srv6-function to forward to the vrf anymore
503 void vpn_leak_zebra_vrf_sid_withdraw_per_vrf(struct bgp
*bgp
)
505 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_LABEL
);
507 if (bgp
->vrf_id
== VRF_UNKNOWN
) {
510 "%s: vrf %s: vrf_id not set, can't set zebra vrf label",
511 __func__
, bgp
->name_pretty
);
516 zlog_debug("%s: deleting sid for vrf %s (id=%d)", __func__
,
517 bgp
->name_pretty
, bgp
->vrf_id
);
519 zclient_send_localsid(zclient
, bgp
->tovpn_zebra_vrf_sid_last_sent
,
520 bgp
->vrf_id
, ZEBRA_SEG6_LOCAL_ACTION_UNSPEC
,
522 XFREE(MTYPE_BGP_SRV6_SID
, bgp
->tovpn_zebra_vrf_sid_last_sent
);
526 * If zebra tells us vrf has become unconfigured, tell zebra not to
527 * use this srv6-function to forward to the vrf anymore
529 void vpn_leak_zebra_vrf_sid_withdraw(struct bgp
*bgp
, afi_t afi
)
531 if (bgp
->vpn_policy
[afi
].tovpn_zebra_vrf_sid_last_sent
)
532 vpn_leak_zebra_vrf_sid_withdraw_per_af(bgp
, afi
);
534 if (bgp
->tovpn_zebra_vrf_sid_last_sent
)
535 vpn_leak_zebra_vrf_sid_withdraw_per_vrf(bgp
);
538 int vpn_leak_label_callback(
543 struct vpn_policy
*vp
= (struct vpn_policy
*)labelid
;
544 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_LABEL
);
547 zlog_debug("%s: label=%u, allocated=%d",
548 __func__
, label
, allocated
);
552 * previously-allocated label is now invalid
554 if (CHECK_FLAG(vp
->flags
, BGP_VPN_POLICY_TOVPN_LABEL_AUTO
) &&
555 (vp
->tovpn_label
!= MPLS_LABEL_NONE
)) {
557 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN
,
558 vp
->afi
, bgp_get_default(), vp
->bgp
);
559 vp
->tovpn_label
= MPLS_LABEL_NONE
;
560 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN
,
561 vp
->afi
, bgp_get_default(), vp
->bgp
);
567 * New label allocation
569 if (!CHECK_FLAG(vp
->flags
, BGP_VPN_POLICY_TOVPN_LABEL_AUTO
)) {
572 * not currently configured for auto label, reject allocation
577 if (vp
->tovpn_label
!= MPLS_LABEL_NONE
) {
578 if (label
== vp
->tovpn_label
) {
579 /* already have same label, accept but do nothing */
582 /* Shouldn't happen: different label allocation */
583 flog_err(EC_BGP_LABEL
,
584 "%s: %s had label %u but got new assignment %u",
585 __func__
, vp
->bgp
->name_pretty
, vp
->tovpn_label
,
590 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN
,
591 vp
->afi
, bgp_get_default(), vp
->bgp
);
592 vp
->tovpn_label
= label
;
593 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN
,
594 vp
->afi
, bgp_get_default(), vp
->bgp
);
599 static void sid_register(struct bgp
*bgp
, const struct in6_addr
*sid
,
600 const char *locator_name
)
602 struct bgp_srv6_function
*func
;
603 func
= XCALLOC(MTYPE_BGP_SRV6_FUNCTION
,
604 sizeof(struct bgp_srv6_function
));
606 snprintf(func
->locator_name
, sizeof(func
->locator_name
),
608 listnode_add(bgp
->srv6_functions
, func
);
611 static void sid_unregister(struct bgp
*bgp
, const struct in6_addr
*sid
)
613 struct listnode
*node
, *nnode
;
614 struct bgp_srv6_function
*func
;
616 for (ALL_LIST_ELEMENTS(bgp
->srv6_functions
, node
, nnode
, func
))
617 if (sid_same(&func
->sid
, sid
)) {
618 listnode_delete(bgp
->srv6_functions
, func
);
619 XFREE(MTYPE_BGP_SRV6_FUNCTION
, func
);
623 static bool sid_exist(struct bgp
*bgp
, const struct in6_addr
*sid
)
625 struct listnode
*node
;
626 struct bgp_srv6_function
*func
;
628 for (ALL_LIST_ELEMENTS_RO(bgp
->srv6_functions
, node
, func
))
629 if (sid_same(&func
->sid
, sid
))
635 * This function generates a new SID based on bgp->srv6_locator_chunks and
636 * index. The locator and generated SID are stored in arguments sid_locator
637 * and sid, respectively.
639 * if index != 0: try to allocate as index-mode
640 * else: try to allocate as auto-mode
642 static uint32_t alloc_new_sid(struct bgp
*bgp
, uint32_t index
,
643 struct srv6_locator_chunk
*sid_locator_chunk
,
644 struct in6_addr
*sid
)
646 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_LABEL
);
647 struct listnode
*node
;
648 struct srv6_locator_chunk
*chunk
;
649 bool alloced
= false;
652 uint8_t func_len
= 0, shift_len
= 0;
653 uint32_t index_max
= 0;
655 if (!bgp
|| !sid_locator_chunk
|| !sid
)
658 for (ALL_LIST_ELEMENTS_RO(bgp
->srv6_locator_chunks
, node
, chunk
)) {
659 if (chunk
->function_bits_length
>
660 BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH
) {
663 "%s: invalid SRv6 Locator chunk (%pFX): Function Length must be less or equal to %d",
664 __func__
, &chunk
->prefix
,
665 BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH
);
669 index_max
= (1 << chunk
->function_bits_length
) - 1;
671 if (index
> index_max
) {
674 "%s: skipped SRv6 Locator chunk (%pFX): Function Length is too short to support specified index (%u)",
675 __func__
, &chunk
->prefix
, index
);
679 *sid
= chunk
->prefix
.prefix
;
680 *sid_locator_chunk
= *chunk
;
681 offset
= chunk
->block_bits_length
+ chunk
->node_bits_length
;
682 func_len
= chunk
->function_bits_length
;
683 shift_len
= BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH
- func_len
;
686 label
= index
<< shift_len
;
687 if (label
< MPLS_LABEL_UNRESERVED_MIN
) {
690 "%s: skipped to allocate SRv6 SID (%pFX): Label (%u) is too small to use",
691 __func__
, &chunk
->prefix
,
696 transpose_sid(sid
, label
, offset
, func_len
);
697 if (sid_exist(bgp
, sid
))
703 for (uint32_t i
= 1; i
< index_max
; i
++) {
704 label
= i
<< shift_len
;
705 if (label
< MPLS_LABEL_UNRESERVED_MIN
) {
708 "%s: skipped to allocate SRv6 SID (%pFX): Label (%u) is too small to use",
709 __func__
, &chunk
->prefix
,
713 transpose_sid(sid
, label
, offset
, func_len
);
714 if (sid_exist(bgp
, sid
))
724 sid_register(bgp
, sid
, bgp
->srv6_locator_name
);
728 void ensure_vrf_tovpn_sid_per_af(struct bgp
*bgp_vpn
, struct bgp
*bgp_vrf
,
731 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
);
732 struct srv6_locator_chunk
*tovpn_sid_locator
;
733 struct in6_addr
*tovpn_sid
;
734 uint32_t tovpn_sid_index
= 0, tovpn_sid_transpose_label
;
735 bool tovpn_sid_auto
= false;
738 zlog_debug("%s: try to allocate new SID for vrf %s: afi %s",
739 __func__
, bgp_vrf
->name_pretty
, afi2str(afi
));
741 /* skip when tovpn sid is already allocated on vrf instance */
742 if (bgp_vrf
->vpn_policy
[afi
].tovpn_sid
)
746 * skip when bgp vpn instance ins't allocated
747 * or srv6 locator chunk isn't allocated
749 if (!bgp_vpn
|| !bgp_vpn
->srv6_locator_chunks
)
752 tovpn_sid_index
= bgp_vrf
->vpn_policy
[afi
].tovpn_sid_index
;
753 tovpn_sid_auto
= CHECK_FLAG(bgp_vrf
->vpn_policy
[afi
].flags
,
754 BGP_VPN_POLICY_TOVPN_SID_AUTO
);
756 /* skip when VPN isn't configured on vrf-instance */
757 if (tovpn_sid_index
== 0 && !tovpn_sid_auto
)
760 /* check invalid case both configured index and auto */
761 if (tovpn_sid_index
!= 0 && tovpn_sid_auto
) {
762 zlog_err("%s: index-mode and auto-mode both selected. ignored.",
767 tovpn_sid_locator
= srv6_locator_chunk_alloc();
768 tovpn_sid
= XCALLOC(MTYPE_BGP_SRV6_SID
, sizeof(struct in6_addr
));
770 tovpn_sid_transpose_label
= alloc_new_sid(bgp_vpn
, tovpn_sid_index
,
771 tovpn_sid_locator
, tovpn_sid
);
773 if (tovpn_sid_transpose_label
== 0) {
776 "%s: not allocated new sid for vrf %s: afi %s",
777 __func__
, bgp_vrf
->name_pretty
, afi2str(afi
));
778 srv6_locator_chunk_free(&tovpn_sid_locator
);
779 XFREE(MTYPE_BGP_SRV6_SID
, tovpn_sid
);
784 zlog_debug("%s: new sid %pI6 allocated for vrf %s: afi %s",
785 __func__
, tovpn_sid
, bgp_vrf
->name_pretty
,
788 bgp_vrf
->vpn_policy
[afi
].tovpn_sid
= tovpn_sid
;
789 bgp_vrf
->vpn_policy
[afi
].tovpn_sid_locator
= tovpn_sid_locator
;
790 bgp_vrf
->vpn_policy
[afi
].tovpn_sid_transpose_label
=
791 tovpn_sid_transpose_label
;
794 void ensure_vrf_tovpn_sid_per_vrf(struct bgp
*bgp_vpn
, struct bgp
*bgp_vrf
)
796 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
);
797 struct srv6_locator_chunk
*tovpn_sid_locator
;
798 struct in6_addr
*tovpn_sid
;
799 uint32_t tovpn_sid_index
= 0, tovpn_sid_transpose_label
;
800 bool tovpn_sid_auto
= false;
803 zlog_debug("%s: try to allocate new SID for vrf %s", __func__
,
804 bgp_vrf
->name_pretty
);
806 /* skip when tovpn sid is already allocated on vrf instance */
807 if (bgp_vrf
->tovpn_sid
)
811 * skip when bgp vpn instance ins't allocated
812 * or srv6 locator chunk isn't allocated
814 if (!bgp_vpn
|| !bgp_vpn
->srv6_locator_chunks
)
817 tovpn_sid_index
= bgp_vrf
->tovpn_sid_index
;
818 tovpn_sid_auto
= CHECK_FLAG(bgp_vrf
->vrf_flags
, BGP_VRF_TOVPN_SID_AUTO
);
820 /* skip when VPN isn't configured on vrf-instance */
821 if (tovpn_sid_index
== 0 && !tovpn_sid_auto
)
824 /* check invalid case both configured index and auto */
825 if (tovpn_sid_index
!= 0 && tovpn_sid_auto
) {
826 zlog_err("%s: index-mode and auto-mode both selected. ignored.",
831 tovpn_sid_locator
= srv6_locator_chunk_alloc();
832 tovpn_sid
= XCALLOC(MTYPE_BGP_SRV6_SID
, sizeof(struct in6_addr
));
834 tovpn_sid_transpose_label
= alloc_new_sid(bgp_vpn
, tovpn_sid_index
,
835 tovpn_sid_locator
, tovpn_sid
);
837 if (tovpn_sid_transpose_label
== 0) {
839 zlog_debug("%s: not allocated new sid for vrf %s",
840 __func__
, bgp_vrf
->name_pretty
);
841 srv6_locator_chunk_free(&tovpn_sid_locator
);
842 XFREE(MTYPE_BGP_SRV6_SID
, tovpn_sid
);
847 zlog_debug("%s: new sid %pI6 allocated for vrf %s", __func__
,
848 tovpn_sid
, bgp_vrf
->name_pretty
);
850 bgp_vrf
->tovpn_sid
= tovpn_sid
;
851 bgp_vrf
->tovpn_sid_locator
= tovpn_sid_locator
;
852 bgp_vrf
->tovpn_sid_transpose_label
= tovpn_sid_transpose_label
;
855 void ensure_vrf_tovpn_sid(struct bgp
*bgp_vpn
, struct bgp
*bgp_vrf
, afi_t afi
)
858 if (bgp_vrf
->vpn_policy
[afi
].tovpn_sid_index
!= 0 ||
859 CHECK_FLAG(bgp_vrf
->vpn_policy
[afi
].flags
,
860 BGP_VPN_POLICY_TOVPN_SID_AUTO
))
861 return ensure_vrf_tovpn_sid_per_af(bgp_vpn
, bgp_vrf
, afi
);
864 if (bgp_vrf
->tovpn_sid_index
!= 0 ||
865 CHECK_FLAG(bgp_vrf
->vrf_flags
, BGP_VRF_TOVPN_SID_AUTO
))
866 return ensure_vrf_tovpn_sid_per_vrf(bgp_vpn
, bgp_vrf
);
869 void delete_vrf_tovpn_sid_per_af(struct bgp
*bgp_vpn
, struct bgp
*bgp_vrf
,
872 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
);
873 uint32_t tovpn_sid_index
= 0;
874 bool tovpn_sid_auto
= false;
877 zlog_debug("%s: try to remove SID for vrf %s: afi %s", __func__
,
878 bgp_vrf
->name_pretty
, afi2str(afi
));
880 tovpn_sid_index
= bgp_vrf
->vpn_policy
[afi
].tovpn_sid_index
;
881 tovpn_sid_auto
= CHECK_FLAG(bgp_vrf
->vpn_policy
[afi
].flags
,
882 BGP_VPN_POLICY_TOVPN_SID_AUTO
);
884 /* skip when VPN is configured on vrf-instance */
885 if (tovpn_sid_index
!= 0 || tovpn_sid_auto
)
888 srv6_locator_chunk_free(&bgp_vrf
->vpn_policy
[afi
].tovpn_sid_locator
);
890 if (bgp_vrf
->vpn_policy
[afi
].tovpn_sid
) {
891 sid_unregister(bgp_vpn
, bgp_vrf
->vpn_policy
[afi
].tovpn_sid
);
892 XFREE(MTYPE_BGP_SRV6_SID
, bgp_vrf
->vpn_policy
[afi
].tovpn_sid
);
894 bgp_vrf
->vpn_policy
[afi
].tovpn_sid_transpose_label
= 0;
897 void delete_vrf_tovpn_sid_per_vrf(struct bgp
*bgp_vpn
, struct bgp
*bgp_vrf
)
899 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
);
900 uint32_t tovpn_sid_index
= 0;
901 bool tovpn_sid_auto
= false;
904 zlog_debug("%s: try to remove SID for vrf %s", __func__
,
905 bgp_vrf
->name_pretty
);
907 tovpn_sid_index
= bgp_vrf
->tovpn_sid_index
;
909 CHECK_FLAG(bgp_vrf
->vrf_flags
, BGP_VPN_POLICY_TOVPN_SID_AUTO
);
911 /* skip when VPN is configured on vrf-instance */
912 if (tovpn_sid_index
!= 0 || tovpn_sid_auto
)
915 srv6_locator_chunk_free(&bgp_vrf
->tovpn_sid_locator
);
917 if (bgp_vrf
->tovpn_sid
) {
918 sid_unregister(bgp_vpn
, bgp_vrf
->tovpn_sid
);
919 XFREE(MTYPE_BGP_SRV6_SID
, bgp_vrf
->tovpn_sid
);
921 bgp_vrf
->tovpn_sid_transpose_label
= 0;
924 void delete_vrf_tovpn_sid(struct bgp
*bgp_vpn
, struct bgp
*bgp_vrf
, afi_t afi
)
926 delete_vrf_tovpn_sid_per_af(bgp_vpn
, bgp_vrf
, afi
);
927 delete_vrf_tovpn_sid_per_vrf(bgp_vpn
, bgp_vrf
);
931 * This function embeds upper `len` bits of `label` in `sid`,
932 * starting at offset `offset` as seen from the MSB of `sid`.
934 * e.g. Given that `label` is 0x12345 and `len` is 16,
935 * then `label` will be embedded in `sid` as follows:
938 * label: 0001 0002 0003 0004 0005
939 * sid: .... 0001 0002 0003 0004
945 * e.g. Given that `label` is 0x12345 and `len` is 8,
946 * `label` will be embedded in `sid` as follows:
949 * label: 0001 0002 0003 0004 0005
950 * sid: .... 0001 0002 0000 0000
956 void transpose_sid(struct in6_addr
*sid
, uint32_t label
, uint8_t offset
,
959 for (uint8_t idx
= 0; idx
< len
; idx
++) {
960 uint8_t tidx
= offset
+ idx
;
961 sid
->s6_addr
[tidx
/ 8] &= ~(0x1 << (7 - tidx
% 8));
962 if (label
>> (19 - idx
) & 0x1)
963 sid
->s6_addr
[tidx
/ 8] |= 0x1 << (7 - tidx
% 8);
967 static bool labels_same(struct bgp_path_info
*bpi
, mpls_label_t
*label
,
979 if (n
!= bpi
->extra
->num_labels
)
982 for (i
= 0; i
< n
; ++i
) {
983 if (label
[i
] != bpi
->extra
->label
[i
])
990 * make encoded route labels match specified encoded label set
992 static void setlabels(struct bgp_path_info
*bpi
,
993 mpls_label_t
*label
, /* array of labels */
998 assert(num_labels
<= BGP_MAX_LABELS
);
1002 bpi
->extra
->num_labels
= 0;
1006 struct bgp_path_info_extra
*extra
= bgp_path_info_extra_get(bpi
);
1009 for (i
= 0; i
< num_labels
; ++i
) {
1010 extra
->label
[i
] = label
[i
];
1011 if (!bgp_is_valid_label(&label
[i
])) {
1012 bgp_set_valid_label(&extra
->label
[i
]);
1015 extra
->num_labels
= num_labels
;
1019 * make encoded route SIDs match specified encoded sid set
1021 static void setsids(struct bgp_path_info
*bpi
,
1022 struct in6_addr
*sid
,
1026 struct bgp_path_info_extra
*extra
;
1030 assert(num_sids
<= BGP_MAX_SIDS
);
1034 bpi
->extra
->num_sids
= 0;
1038 extra
= bgp_path_info_extra_get(bpi
);
1039 for (i
= 0; i
< num_sids
; i
++)
1040 memcpy(&extra
->sid
[i
].sid
, &sid
[i
], sizeof(struct in6_addr
));
1041 extra
->num_sids
= num_sids
;
1044 static void unsetsids(struct bgp_path_info
*bpi
)
1046 struct bgp_path_info_extra
*extra
;
1048 extra
= bgp_path_info_extra_get(bpi
);
1049 extra
->num_sids
= 0;
1050 memset(extra
->sid
, 0, sizeof(extra
->sid
));
1053 static bool leak_update_nexthop_valid(struct bgp
*to_bgp
, struct bgp_dest
*bn
,
1054 struct attr
*new_attr
, afi_t afi
,
1056 struct bgp_path_info
*source_bpi
,
1057 struct bgp_path_info
*bpi
,
1058 struct bgp
*bgp_orig
,
1059 const struct prefix
*p
, int debug
)
1061 struct bgp_path_info
*bpi_ultimate
;
1062 struct bgp
*bgp_nexthop
;
1063 struct bgp_table
*table
;
1066 bpi_ultimate
= bgp_get_imported_bpi_ultimate(source_bpi
);
1067 table
= bgp_dest_table(bpi_ultimate
->net
);
1069 if (bpi
->extra
&& bpi
->extra
->bgp_orig
)
1070 bgp_nexthop
= bpi
->extra
->bgp_orig
;
1072 bgp_nexthop
= bgp_orig
;
1075 * No nexthop tracking for redistributed routes,
1076 * for static (i.e. coming from the bgp network statement or for
1077 * EVPN-imported routes that get leaked.
1079 if (bpi_ultimate
->sub_type
== BGP_ROUTE_REDISTRIBUTE
||
1080 is_pi_family_evpn(bpi_ultimate
))
1082 else if (bpi_ultimate
->type
== ZEBRA_ROUTE_BGP
&&
1083 bpi_ultimate
->sub_type
== BGP_ROUTE_STATIC
&& table
&&
1084 (table
->safi
== SAFI_UNICAST
||
1085 table
->safi
== SAFI_LABELED_UNICAST
)) {
1086 /* Routes from network statement */
1087 if (CHECK_FLAG(bgp_nexthop
->flags
, BGP_FLAG_IMPORT_CHECK
))
1088 nh_valid
= bgp_find_or_add_nexthop(
1089 to_bgp
, bgp_nexthop
, afi
, safi
, bpi_ultimate
,
1095 * TBD do we need to do anything about the
1096 * 'connected' parameter?
1098 nh_valid
= bgp_find_or_add_nexthop(to_bgp
, bgp_nexthop
, afi
,
1099 safi
, bpi
, NULL
, 0, p
);
1102 * If you are using SRv6 VPN instead of MPLS, it need to check
1103 * the SID allocation. If the sid is not allocated, the rib
1106 if (to_bgp
->srv6_enabled
&&
1107 (!new_attr
->srv6_l3vpn
&& !new_attr
->srv6_vpn
)) {
1112 zlog_debug("%s: %pFX nexthop is %svalid (in vrf %s)", __func__
,
1113 p
, (nh_valid
? "" : "not "),
1114 bgp_nexthop
->name_pretty
);
1120 * returns pointer to new bgp_path_info upon success
1122 static struct bgp_path_info
*
1123 leak_update(struct bgp
*to_bgp
, struct bgp_dest
*bn
,
1124 struct attr
*new_attr
, /* already interned */
1125 afi_t afi
, safi_t safi
, struct bgp_path_info
*source_bpi
,
1126 mpls_label_t
*label
, uint32_t num_labels
, struct bgp
*bgp_orig
,
1127 struct prefix
*nexthop_orig
, int nexthop_self_flag
, int debug
)
1129 const struct prefix
*p
= bgp_dest_get_prefix(bn
);
1130 struct bgp_path_info
*bpi
;
1131 struct bgp_path_info
*new;
1132 struct bgp_path_info_extra
*extra
;
1133 uint32_t num_sids
= 0;
1134 void *parent
= source_bpi
;
1136 if (new_attr
->srv6_l3vpn
|| new_attr
->srv6_vpn
)
1141 "%s: entry: leak-to=%s, p=%pBD, type=%d, sub_type=%d",
1142 __func__
, to_bgp
->name_pretty
, bn
, source_bpi
->type
,
1143 source_bpi
->sub_type
);
1146 * Routes that are redistributed into BGP from zebra do not get
1147 * nexthop tracking. However, if those routes are subsequently
1148 * imported to other RIBs within BGP, the leaked routes do not
1149 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
1150 * in order to determine if the route we are currently leaking
1151 * should have nexthop tracking, we must find the ultimate
1152 * parent so we can check its sub_type.
1154 * As of now, source_bpi may at most be a second-generation route
1155 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
1156 * Using a loop here supports more complex intra-bgp import-export
1157 * schemes that could be implemented in the future.
1164 for (bpi
= bgp_dest_get_bgp_path_info(bn
); bpi
; bpi
= bpi
->next
) {
1165 if (bpi
->extra
&& bpi
->extra
->parent
== parent
)
1170 bool labelssame
= labels_same(bpi
, label
, num_labels
);
1172 if (CHECK_FLAG(source_bpi
->flags
, BGP_PATH_REMOVED
)
1173 && CHECK_FLAG(bpi
->flags
, BGP_PATH_REMOVED
)) {
1176 "%s: ->%s(s_flags: 0x%x b_flags: 0x%x): %pFX: Found route, being removed, not leaking",
1177 __func__
, to_bgp
->name_pretty
,
1178 source_bpi
->flags
, bpi
->flags
, p
);
1183 if (attrhash_cmp(bpi
->attr
, new_attr
) && labelssame
1184 && !CHECK_FLAG(bpi
->flags
, BGP_PATH_REMOVED
)) {
1186 bgp_attr_unintern(&new_attr
);
1189 "%s: ->%s: %pBD: Found route, no change",
1190 __func__
, to_bgp
->name_pretty
, bn
);
1194 /* If the RT was changed via extended communities as an
1195 * import/export list, we should withdraw implicitly the old
1197 * For instance, RT list was modified using route-maps:
1198 * route-map test permit 10
1199 * set extcommunity rt none
1201 if (CHECK_FLAG(bpi
->attr
->flag
,
1202 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES
)) &&
1203 CHECK_FLAG(new_attr
->flag
,
1204 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES
))) {
1205 if (!ecommunity_cmp(
1206 bgp_attr_get_ecommunity(bpi
->attr
),
1207 bgp_attr_get_ecommunity(new_attr
))) {
1208 vpn_leak_to_vrf_withdraw(to_bgp
, bpi
);
1209 bgp_aggregate_decrement(to_bgp
, p
, bpi
, afi
,
1211 bgp_path_info_delete(bn
, bpi
);
1215 /* attr is changed */
1216 bgp_path_info_set_flag(bn
, bpi
, BGP_PATH_ATTR_CHANGED
);
1218 /* Rewrite BGP route information. */
1219 if (CHECK_FLAG(bpi
->flags
, BGP_PATH_REMOVED
))
1220 bgp_path_info_restore(bn
, bpi
);
1222 bgp_aggregate_decrement(to_bgp
, p
, bpi
, afi
, safi
);
1223 bgp_attr_unintern(&bpi
->attr
);
1224 bpi
->attr
= new_attr
;
1225 bpi
->uptime
= monotime(NULL
);
1231 setlabels(bpi
, label
, num_labels
);
1237 if (new_attr
->srv6_l3vpn
) {
1238 setsids(bpi
, &new_attr
->srv6_l3vpn
->sid
,
1241 extra
= bgp_path_info_extra_get(bpi
);
1243 extra
->sid
[0].loc_block_len
=
1244 new_attr
->srv6_l3vpn
->loc_block_len
;
1245 extra
->sid
[0].loc_node_len
=
1246 new_attr
->srv6_l3vpn
->loc_node_len
;
1247 extra
->sid
[0].func_len
=
1248 new_attr
->srv6_l3vpn
->func_len
;
1249 extra
->sid
[0].arg_len
=
1250 new_attr
->srv6_l3vpn
->arg_len
;
1251 extra
->sid
[0].transposition_len
=
1252 new_attr
->srv6_l3vpn
->transposition_len
;
1253 extra
->sid
[0].transposition_offset
=
1254 new_attr
->srv6_l3vpn
1255 ->transposition_offset
;
1256 } else if (new_attr
->srv6_vpn
)
1257 setsids(bpi
, &new_attr
->srv6_vpn
->sid
,
1262 if (nexthop_self_flag
)
1263 bgp_path_info_set_flag(bn
, bpi
, BGP_PATH_ANNC_NH_SELF
);
1265 if (CHECK_FLAG(source_bpi
->flags
, BGP_PATH_ACCEPT_OWN
))
1266 bgp_path_info_set_flag(bn
, bpi
, BGP_PATH_ACCEPT_OWN
);
1268 if (leak_update_nexthop_valid(to_bgp
, bn
, new_attr
, afi
, safi
,
1269 source_bpi
, bpi
, bgp_orig
, p
,
1271 bgp_path_info_set_flag(bn
, bpi
, BGP_PATH_VALID
);
1273 bgp_path_info_unset_flag(bn
, bpi
, BGP_PATH_VALID
);
1275 /* Process change. */
1276 bgp_aggregate_increment(to_bgp
, p
, bpi
, afi
, safi
);
1277 bgp_process(to_bgp
, bn
, afi
, safi
);
1278 bgp_dest_unlock_node(bn
);
1281 zlog_debug("%s: ->%s: %pBD Found route, changed attr",
1282 __func__
, to_bgp
->name_pretty
, bn
);
1287 if (CHECK_FLAG(source_bpi
->flags
, BGP_PATH_REMOVED
)) {
1290 "%s: ->%s(s_flags: 0x%x): %pFX: New route, being removed, not leaking",
1291 __func__
, to_bgp
->name_pretty
,
1292 source_bpi
->flags
, p
);
1297 new = info_make(ZEBRA_ROUTE_BGP
, BGP_ROUTE_IMPORTED
, 0,
1298 to_bgp
->peer_self
, new_attr
, bn
);
1300 if (source_bpi
->peer
) {
1301 extra
= bgp_path_info_extra_get(new);
1302 extra
->peer_orig
= peer_lock(source_bpi
->peer
);
1305 if (nexthop_self_flag
)
1306 bgp_path_info_set_flag(bn
, new, BGP_PATH_ANNC_NH_SELF
);
1308 if (CHECK_FLAG(source_bpi
->flags
, BGP_PATH_ACCEPT_OWN
))
1309 bgp_path_info_set_flag(bn
, new, BGP_PATH_ACCEPT_OWN
);
1311 bgp_path_info_extra_get(new);
1317 if (new_attr
->srv6_l3vpn
) {
1318 setsids(new, &new_attr
->srv6_l3vpn
->sid
, num_sids
);
1320 extra
= bgp_path_info_extra_get(new);
1322 extra
->sid
[0].loc_block_len
=
1323 new_attr
->srv6_l3vpn
->loc_block_len
;
1324 extra
->sid
[0].loc_node_len
=
1325 new_attr
->srv6_l3vpn
->loc_node_len
;
1326 extra
->sid
[0].func_len
= new_attr
->srv6_l3vpn
->func_len
;
1327 extra
->sid
[0].arg_len
= new_attr
->srv6_l3vpn
->arg_len
;
1328 extra
->sid
[0].transposition_len
=
1329 new_attr
->srv6_l3vpn
->transposition_len
;
1330 extra
->sid
[0].transposition_offset
=
1331 new_attr
->srv6_l3vpn
->transposition_offset
;
1332 } else if (new_attr
->srv6_vpn
)
1333 setsids(new, &new_attr
->srv6_vpn
->sid
, num_sids
);
1338 setlabels(new, label
, num_labels
);
1340 new->extra
->parent
= bgp_path_info_lock(parent
);
1342 (struct bgp_dest
*)((struct bgp_path_info
*)parent
)->net
);
1344 new->extra
->bgp_orig
= bgp_lock(bgp_orig
);
1346 new->extra
->nexthop_orig
= *nexthop_orig
;
1348 if (leak_update_nexthop_valid(to_bgp
, bn
, new_attr
, afi
, safi
,
1349 source_bpi
, new, bgp_orig
, p
, debug
))
1350 bgp_path_info_set_flag(bn
, new, BGP_PATH_VALID
);
1352 bgp_path_info_unset_flag(bn
, new, BGP_PATH_VALID
);
1354 bgp_aggregate_increment(to_bgp
, p
, new, afi
, safi
);
1355 bgp_path_info_add(bn
, new);
1357 bgp_dest_unlock_node(bn
);
1358 bgp_process(to_bgp
, bn
, afi
, safi
);
1361 zlog_debug("%s: ->%s: %pBD: Added new route", __func__
,
1362 to_bgp
->name_pretty
, bn
);
1367 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
1368 void vpn_leak_from_vrf_update(struct bgp
*to_bgp
, /* to */
1369 struct bgp
*from_bgp
, /* from */
1370 struct bgp_path_info
*path_vrf
) /* route */
1372 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
);
1373 const struct prefix
*p
= bgp_dest_get_prefix(path_vrf
->net
);
1374 afi_t afi
= family2afi(p
->family
);
1375 struct attr static_attr
= {0};
1376 struct attr
*new_attr
= NULL
;
1377 safi_t safi
= SAFI_MPLS_VPN
;
1378 mpls_label_t label_val
;
1380 struct bgp_dest
*bn
;
1381 const char *debugmsg
;
1382 int nexthop_self_flag
= 0;
1385 zlog_debug("%s: from vrf %s", __func__
, from_bgp
->name_pretty
);
1387 if (debug
&& bgp_attr_get_ecommunity(path_vrf
->attr
)) {
1388 char *s
= ecommunity_ecom2str(
1389 bgp_attr_get_ecommunity(path_vrf
->attr
),
1390 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
1392 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__
,
1393 from_bgp
->name
, path_vrf
->type
, s
);
1394 XFREE(MTYPE_ECOMMUNITY_STR
, s
);
1402 zlog_debug("%s: can't get afi of prefix", __func__
);
1406 /* Is this route exportable into the VPN table? */
1407 if (!is_route_injectable_into_vpn(path_vrf
))
1410 if (!vpn_leak_to_vpn_active(from_bgp
, afi
, &debugmsg
)) {
1412 zlog_debug("%s: %s skipping: %s", __func__
,
1413 from_bgp
->name
, debugmsg
);
1418 static_attr
= *path_vrf
->attr
;
1421 * route map handling
1423 if (from_bgp
->vpn_policy
[afi
].rmap
[BGP_VPN_POLICY_DIR_TOVPN
]) {
1424 struct bgp_path_info info
;
1425 route_map_result_t ret
;
1427 memset(&info
, 0, sizeof(info
));
1428 info
.peer
= to_bgp
->peer_self
;
1429 info
.attr
= &static_attr
;
1430 ret
= route_map_apply(from_bgp
->vpn_policy
[afi
]
1431 .rmap
[BGP_VPN_POLICY_DIR_TOVPN
],
1433 if (RMAP_DENYMATCH
== ret
) {
1434 bgp_attr_flush(&static_attr
); /* free any added parts */
1437 "%s: vrf %s route map \"%s\" says DENY, returning",
1438 __func__
, from_bgp
->name_pretty
,
1439 from_bgp
->vpn_policy
[afi
]
1440 .rmap
[BGP_VPN_POLICY_DIR_TOVPN
]
1446 if (debug
&& bgp_attr_get_ecommunity(&static_attr
)) {
1447 char *s
= ecommunity_ecom2str(
1448 bgp_attr_get_ecommunity(&static_attr
),
1449 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
1451 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
1453 XFREE(MTYPE_ECOMMUNITY_STR
, s
);
1457 * Add the vpn-policy rt-list
1459 struct ecommunity
*old_ecom
;
1460 struct ecommunity
*new_ecom
;
1462 /* Export with the 'from' instance's export RTs. */
1463 /* If doing VRF-to-VRF leaking, strip existing RTs first. */
1464 old_ecom
= bgp_attr_get_ecommunity(&static_attr
);
1466 new_ecom
= ecommunity_dup(old_ecom
);
1467 if (CHECK_FLAG(from_bgp
->af_flags
[afi
][SAFI_UNICAST
],
1468 BGP_CONFIG_VRF_TO_VRF_EXPORT
))
1469 ecommunity_strip_rts(new_ecom
);
1470 new_ecom
= ecommunity_merge(
1471 new_ecom
, from_bgp
->vpn_policy
[afi
]
1472 .rtlist
[BGP_VPN_POLICY_DIR_TOVPN
]);
1473 if (!old_ecom
->refcnt
)
1474 ecommunity_free(&old_ecom
);
1476 new_ecom
= ecommunity_dup(
1477 from_bgp
->vpn_policy
[afi
]
1478 .rtlist
[BGP_VPN_POLICY_DIR_TOVPN
]);
1480 bgp_attr_set_ecommunity(&static_attr
, new_ecom
);
1482 if (debug
&& bgp_attr_get_ecommunity(&static_attr
)) {
1483 char *s
= ecommunity_ecom2str(
1484 bgp_attr_get_ecommunity(&static_attr
),
1485 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
1487 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
1489 XFREE(MTYPE_ECOMMUNITY_STR
, s
);
1492 community_strip_accept_own(&static_attr
);
1495 /* if policy nexthop not set, use 0 */
1496 if (CHECK_FLAG(from_bgp
->vpn_policy
[afi
].flags
,
1497 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET
)) {
1498 struct prefix
*nexthop
=
1499 &from_bgp
->vpn_policy
[afi
].tovpn_nexthop
;
1501 switch (nexthop
->family
) {
1503 /* prevent mp_nexthop_global_in <- self in bgp_route.c
1505 static_attr
.nexthop
.s_addr
= nexthop
->u
.prefix4
.s_addr
;
1507 static_attr
.mp_nexthop_global_in
= nexthop
->u
.prefix4
;
1508 static_attr
.mp_nexthop_len
= BGP_ATTR_NHLEN_IPV4
;
1512 static_attr
.mp_nexthop_global
= nexthop
->u
.prefix6
;
1513 static_attr
.mp_nexthop_len
= BGP_ATTR_NHLEN_IPV6_GLOBAL
;
1520 if (!CHECK_FLAG(from_bgp
->af_flags
[afi
][SAFI_UNICAST
],
1521 BGP_CONFIG_VRF_TO_VRF_EXPORT
)) {
1522 if (afi
== AFI_IP
&&
1523 !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf
->attr
)) {
1525 * For ipv4, copy to multiprotocol
1528 static_attr
.mp_nexthop_global_in
=
1529 static_attr
.nexthop
;
1530 static_attr
.mp_nexthop_len
=
1531 BGP_ATTR_NHLEN_IPV4
;
1533 * XXX Leave static_attr.nexthop
1537 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP
);
1540 /* Update based on next-hop family to account for
1541 * RFC 5549 (BGP unnumbered) scenario. Note that
1542 * specific action is only needed for the case of
1543 * IPv4 nexthops as the attr has been copied
1547 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf
->attr
)) {
1548 static_attr
.mp_nexthop_global_in
.s_addr
=
1549 static_attr
.nexthop
.s_addr
;
1550 static_attr
.mp_nexthop_len
=
1551 BGP_ATTR_NHLEN_IPV4
;
1553 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP
);
1556 nexthop_self_flag
= 1;
1559 label_val
= from_bgp
->vpn_policy
[afi
].tovpn_label
;
1560 if (label_val
== MPLS_LABEL_NONE
) {
1561 encode_label(MPLS_LABEL_IMPLICIT_NULL
, &label
);
1563 encode_label(label_val
, &label
);
1566 /* Set originator ID to "me" */
1567 SET_FLAG(static_attr
.flag
, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID
));
1568 static_attr
.originator_id
= to_bgp
->router_id
;
1570 /* Set SID for SRv6 VPN */
1571 if (from_bgp
->vpn_policy
[afi
].tovpn_sid_locator
) {
1572 struct srv6_locator_chunk
*locator
=
1573 from_bgp
->vpn_policy
[afi
].tovpn_sid_locator
;
1575 from_bgp
->vpn_policy
[afi
].tovpn_sid_transpose_label
,
1577 static_attr
.srv6_l3vpn
= XCALLOC(MTYPE_BGP_SRV6_L3VPN
,
1578 sizeof(struct bgp_attr_srv6_l3vpn
));
1579 static_attr
.srv6_l3vpn
->sid_flags
= 0x00;
1580 static_attr
.srv6_l3vpn
->endpoint_behavior
=
1582 ? (CHECK_FLAG(locator
->flags
, SRV6_LOCATOR_USID
)
1583 ? SRV6_ENDPOINT_BEHAVIOR_END_DT4_USID
1584 : SRV6_ENDPOINT_BEHAVIOR_END_DT4
)
1585 : (CHECK_FLAG(locator
->flags
, SRV6_LOCATOR_USID
)
1586 ? SRV6_ENDPOINT_BEHAVIOR_END_DT6_USID
1587 : SRV6_ENDPOINT_BEHAVIOR_END_DT6
);
1588 static_attr
.srv6_l3vpn
->loc_block_len
=
1589 from_bgp
->vpn_policy
[afi
]
1590 .tovpn_sid_locator
->block_bits_length
;
1591 static_attr
.srv6_l3vpn
->loc_node_len
=
1592 from_bgp
->vpn_policy
[afi
]
1593 .tovpn_sid_locator
->node_bits_length
;
1594 static_attr
.srv6_l3vpn
->func_len
=
1595 from_bgp
->vpn_policy
[afi
]
1596 .tovpn_sid_locator
->function_bits_length
;
1597 static_attr
.srv6_l3vpn
->arg_len
=
1598 from_bgp
->vpn_policy
[afi
]
1599 .tovpn_sid_locator
->argument_bits_length
;
1600 static_attr
.srv6_l3vpn
->transposition_len
=
1601 from_bgp
->vpn_policy
[afi
]
1602 .tovpn_sid_locator
->function_bits_length
;
1603 static_attr
.srv6_l3vpn
->transposition_offset
=
1604 from_bgp
->vpn_policy
[afi
]
1605 .tovpn_sid_locator
->block_bits_length
+
1606 from_bgp
->vpn_policy
[afi
]
1607 .tovpn_sid_locator
->node_bits_length
;
1609 memcpy(&static_attr
.srv6_l3vpn
->sid
,
1610 &from_bgp
->vpn_policy
[afi
]
1611 .tovpn_sid_locator
->prefix
.prefix
,
1612 sizeof(struct in6_addr
));
1613 } else if (from_bgp
->tovpn_sid_locator
) {
1614 struct srv6_locator_chunk
*locator
=
1615 from_bgp
->tovpn_sid_locator
;
1616 encode_label(from_bgp
->tovpn_sid_transpose_label
, &label
);
1617 static_attr
.srv6_l3vpn
=
1618 XCALLOC(MTYPE_BGP_SRV6_L3VPN
,
1619 sizeof(struct bgp_attr_srv6_l3vpn
));
1620 static_attr
.srv6_l3vpn
->sid_flags
= 0x00;
1621 static_attr
.srv6_l3vpn
->endpoint_behavior
=
1622 CHECK_FLAG(locator
->flags
, SRV6_LOCATOR_USID
)
1623 ? SRV6_ENDPOINT_BEHAVIOR_END_DT46_USID
1624 : SRV6_ENDPOINT_BEHAVIOR_END_DT46
;
1625 static_attr
.srv6_l3vpn
->loc_block_len
=
1626 from_bgp
->tovpn_sid_locator
->block_bits_length
;
1627 static_attr
.srv6_l3vpn
->loc_node_len
=
1628 from_bgp
->tovpn_sid_locator
->node_bits_length
;
1629 static_attr
.srv6_l3vpn
->func_len
=
1630 from_bgp
->tovpn_sid_locator
->function_bits_length
;
1631 static_attr
.srv6_l3vpn
->arg_len
=
1632 from_bgp
->tovpn_sid_locator
->argument_bits_length
;
1633 static_attr
.srv6_l3vpn
->transposition_len
=
1634 from_bgp
->tovpn_sid_locator
->function_bits_length
;
1635 static_attr
.srv6_l3vpn
->transposition_offset
=
1636 from_bgp
->tovpn_sid_locator
->block_bits_length
+
1637 from_bgp
->tovpn_sid_locator
->node_bits_length
;
1638 memcpy(&static_attr
.srv6_l3vpn
->sid
,
1639 &from_bgp
->tovpn_sid_locator
->prefix
.prefix
,
1640 sizeof(struct in6_addr
));
1644 new_attr
= bgp_attr_intern(
1645 &static_attr
); /* hashed refcounted everything */
1646 bgp_attr_flush(&static_attr
); /* free locally-allocated parts */
1648 if (debug
&& bgp_attr_get_ecommunity(new_attr
)) {
1649 char *s
= ecommunity_ecom2str(bgp_attr_get_ecommunity(new_attr
),
1650 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
1652 zlog_debug("%s: new_attr->ecommunity{%s}", __func__
, s
);
1653 XFREE(MTYPE_ECOMMUNITY_STR
, s
);
1656 /* Now new_attr is an allocated interned attr */
1658 bn
= bgp_afi_node_get(to_bgp
->rib
[afi
][safi
], afi
, safi
, p
,
1659 &(from_bgp
->vpn_policy
[afi
].tovpn_rd
));
1661 struct bgp_path_info
*new_info
;
1664 leak_update(to_bgp
, bn
, new_attr
, afi
, safi
, path_vrf
, &label
,
1665 1, from_bgp
, NULL
, nexthop_self_flag
, debug
);
1668 * Routes actually installed in the vpn RIB must also be
1669 * offered to all vrfs (because now they originate from
1672 * Acceptance into other vrfs depends on rt-lists.
1673 * Originating vrf will not accept the looped back route
1674 * because of loop checking.
1677 vpn_leak_to_vrf_update(from_bgp
, new_info
, NULL
);
1680 void vpn_leak_from_vrf_withdraw(struct bgp
*to_bgp
, /* to */
1681 struct bgp
*from_bgp
, /* from */
1682 struct bgp_path_info
*path_vrf
) /* route */
1684 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
);
1685 const struct prefix
*p
= bgp_dest_get_prefix(path_vrf
->net
);
1686 afi_t afi
= family2afi(p
->family
);
1687 safi_t safi
= SAFI_MPLS_VPN
;
1688 struct bgp_path_info
*bpi
;
1689 struct bgp_dest
*bn
;
1690 const char *debugmsg
;
1694 "%s: entry: leak-from=%s, p=%pBD, type=%d, sub_type=%d",
1695 __func__
, from_bgp
->name_pretty
, path_vrf
->net
,
1696 path_vrf
->type
, path_vrf
->sub_type
);
1704 zlog_debug("%s: can't get afi of prefix", __func__
);
1708 /* Is this route exportable into the VPN table? */
1709 if (!is_route_injectable_into_vpn(path_vrf
))
1712 if (!vpn_leak_to_vpn_active(from_bgp
, afi
, &debugmsg
)) {
1714 zlog_debug("%s: skipping: %s", __func__
, debugmsg
);
1719 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__
, path_vrf
);
1721 bn
= bgp_afi_node_get(to_bgp
->rib
[afi
][safi
], afi
, safi
, p
,
1722 &(from_bgp
->vpn_policy
[afi
].tovpn_rd
));
1728 * match original bpi imported from
1730 for (bpi
= bgp_dest_get_bgp_path_info(bn
); bpi
; bpi
= bpi
->next
) {
1731 if (bpi
->extra
&& bpi
->extra
->parent
== path_vrf
) {
1737 /* withdraw from looped vrfs as well */
1738 vpn_leak_to_vrf_withdraw(to_bgp
, bpi
);
1740 bgp_aggregate_decrement(to_bgp
, p
, bpi
, afi
, safi
);
1741 bgp_path_info_delete(bn
, bpi
);
1742 bgp_process(to_bgp
, bn
, afi
, safi
);
1744 bgp_dest_unlock_node(bn
);
1747 void vpn_leak_from_vrf_withdraw_all(struct bgp
*to_bgp
, struct bgp
*from_bgp
,
1750 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
);
1751 struct bgp_dest
*pdest
;
1752 safi_t safi
= SAFI_MPLS_VPN
;
1755 * Walk vpn table, delete bpi with bgp_orig == from_bgp
1757 for (pdest
= bgp_table_top(to_bgp
->rib
[afi
][safi
]); pdest
;
1758 pdest
= bgp_route_next(pdest
)) {
1760 struct bgp_table
*table
;
1761 struct bgp_dest
*bn
;
1762 struct bgp_path_info
*bpi
;
1764 /* This is the per-RD table of prefixes */
1765 table
= bgp_dest_get_bgp_table_info(pdest
);
1770 for (bn
= bgp_table_top(table
); bn
; bn
= bgp_route_next(bn
)) {
1771 bpi
= bgp_dest_get_bgp_path_info(bn
);
1773 zlog_debug("%s: looking at prefix %pBD",
1777 for (; bpi
; bpi
= bpi
->next
) {
1779 zlog_debug("%s: type %d, sub_type %d",
1780 __func__
, bpi
->type
,
1782 if (bpi
->sub_type
!= BGP_ROUTE_IMPORTED
)
1786 if ((struct bgp
*)bpi
->extra
->bgp_orig
==
1790 zlog_debug("%s: deleting it",
1792 /* withdraw from leak-to vrfs as well */
1793 vpn_leak_to_vrf_withdraw(to_bgp
, bpi
);
1794 bgp_aggregate_decrement(
1795 to_bgp
, bgp_dest_get_prefix(bn
),
1797 bgp_path_info_delete(bn
, bpi
);
1798 bgp_process(to_bgp
, bn
, afi
, safi
);
1805 void vpn_leak_from_vrf_update_all(struct bgp
*to_bgp
, struct bgp
*from_bgp
,
1808 struct bgp_dest
*bn
;
1809 struct bgp_path_info
*bpi
;
1810 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
);
1813 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__
, afi
,
1814 from_bgp
->name_pretty
);
1816 for (bn
= bgp_table_top(from_bgp
->rib
[afi
][SAFI_UNICAST
]); bn
;
1817 bn
= bgp_route_next(bn
)) {
1820 zlog_debug("%s: node=%p", __func__
, bn
);
1822 for (bpi
= bgp_dest_get_bgp_path_info(bn
); bpi
;
1826 "%s: calling vpn_leak_from_vrf_update",
1828 vpn_leak_from_vrf_update(to_bgp
, from_bgp
, bpi
);
1833 static struct bgp
*bgp_lookup_by_rd(struct bgp_path_info
*bpi
,
1834 struct prefix_rd
*rd
, afi_t afi
)
1836 struct listnode
*node
, *nnode
;
1842 /* If ACCEPT_OWN is not enabled for this path - return. */
1843 if (!CHECK_FLAG(bpi
->flags
, BGP_PATH_ACCEPT_OWN
))
1846 for (ALL_LIST_ELEMENTS(bm
->bgp
, node
, nnode
, bgp
)) {
1847 if (bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
)
1850 if (!CHECK_FLAG(bgp
->vpn_policy
[afi
].flags
,
1851 BGP_VPN_POLICY_TOVPN_RD_SET
))
1854 /* Check if we have source VRF by RD value */
1855 if (memcmp(&bgp
->vpn_policy
[afi
].tovpn_rd
.val
, rd
->val
,
1856 ECOMMUNITY_SIZE
) == 0)
1863 static bool vpn_leak_to_vrf_update_onevrf(struct bgp
*to_bgp
, /* to */
1864 struct bgp
*from_bgp
, /* from */
1865 struct bgp_path_info
*path_vpn
,
1866 struct prefix_rd
*prd
)
1868 const struct prefix
*p
= bgp_dest_get_prefix(path_vpn
->net
);
1869 afi_t afi
= family2afi(p
->family
);
1871 struct attr static_attr
= {0};
1872 struct attr
*new_attr
= NULL
;
1873 struct bgp_dest
*bn
;
1874 safi_t safi
= SAFI_UNICAST
;
1875 const char *debugmsg
;
1876 struct prefix nexthop_orig
;
1877 mpls_label_t
*pLabels
= NULL
;
1878 uint32_t num_labels
= 0;
1879 int nexthop_self_flag
= 1;
1880 struct bgp_path_info
*bpi_ultimate
= NULL
;
1881 int origin_local
= 0;
1882 struct bgp
*src_vrf
;
1884 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
);
1887 * For VRF-2-VRF route-leaking,
1888 * the source will be the originating VRF.
1890 * If ACCEPT_OWN mechanism is enabled, then we SHOULD(?)
1891 * get the source VRF (BGP) by looking at the RD.
1893 struct bgp
*src_bgp
= bgp_lookup_by_rd(path_vpn
, prd
, afi
);
1895 if (path_vpn
->extra
&& path_vpn
->extra
->bgp_orig
)
1896 src_vrf
= path_vpn
->extra
->bgp_orig
;
1902 bn
= bgp_afi_node_get(to_bgp
->rib
[afi
][safi
], afi
, safi
, p
, NULL
);
1904 if (!vpn_leak_from_vpn_active(to_bgp
, afi
, &debugmsg
)) {
1906 zlog_debug("%s: skipping: %s", __func__
, debugmsg
);
1910 /* Check for intersection of route targets */
1911 if (!ecommunity_include(
1912 to_bgp
->vpn_policy
[afi
].rtlist
[BGP_VPN_POLICY_DIR_FROMVPN
],
1913 bgp_attr_get_ecommunity(path_vpn
->attr
))) {
1916 "from vpn (%s) to vrf (%s), skipping after no intersection of route targets",
1917 from_bgp
->name_pretty
, to_bgp
->name_pretty
);
1921 /* A route MUST NOT ever be accepted back into its source VRF, even if
1922 * it carries one or more RTs that match that VRF.
1924 if (prd
&& memcmp(&prd
->val
, &to_bgp
->vpn_policy
[afi
].tovpn_rd
.val
,
1925 ECOMMUNITY_SIZE
) == 0) {
1928 "%s: skipping import, match RD (%pRD) of src VRF (%s) and the prefix (%pFX)",
1929 __func__
, prd
, to_bgp
->name_pretty
, p
);
1935 zlog_debug("%s: updating RD %pRD, %pFX to vrf %s", __func__
,
1936 prd
, p
, to_bgp
->name_pretty
);
1939 static_attr
= *path_vpn
->attr
;
1941 struct ecommunity
*old_ecom
;
1942 struct ecommunity
*new_ecom
;
1944 /* If doing VRF-to-VRF leaking, strip RTs. */
1945 old_ecom
= bgp_attr_get_ecommunity(&static_attr
);
1946 if (old_ecom
&& CHECK_FLAG(to_bgp
->af_flags
[afi
][safi
],
1947 BGP_CONFIG_VRF_TO_VRF_IMPORT
)) {
1948 new_ecom
= ecommunity_dup(old_ecom
);
1949 ecommunity_strip_rts(new_ecom
);
1950 bgp_attr_set_ecommunity(&static_attr
, new_ecom
);
1952 if (new_ecom
->size
== 0) {
1953 ecommunity_free(&new_ecom
);
1954 bgp_attr_set_ecommunity(&static_attr
, NULL
);
1957 if (!old_ecom
->refcnt
)
1958 ecommunity_free(&old_ecom
);
1961 community_strip_accept_own(&static_attr
);
1964 * Nexthop: stash and clear
1966 * Nexthop is valid in context of VPN core, but not in destination vrf.
1967 * Stash it for later label resolution by vrf ingress path and then
1968 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1970 uint8_t nhfamily
= NEXTHOP_FAMILY(path_vpn
->attr
->mp_nexthop_len
);
1972 memset(&nexthop_orig
, 0, sizeof(nexthop_orig
));
1973 nexthop_orig
.family
= nhfamily
;
1978 nexthop_orig
.u
.prefix4
= path_vpn
->attr
->mp_nexthop_global_in
;
1979 nexthop_orig
.prefixlen
= IPV4_MAX_BITLEN
;
1981 if (CHECK_FLAG(to_bgp
->af_flags
[afi
][safi
],
1982 BGP_CONFIG_VRF_TO_VRF_IMPORT
)) {
1983 static_attr
.nexthop
.s_addr
=
1984 nexthop_orig
.u
.prefix4
.s_addr
;
1986 static_attr
.mp_nexthop_global_in
=
1987 path_vpn
->attr
->mp_nexthop_global_in
;
1988 static_attr
.mp_nexthop_len
=
1989 path_vpn
->attr
->mp_nexthop_len
;
1991 static_attr
.flag
|= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP
);
1995 nexthop_orig
.u
.prefix6
= path_vpn
->attr
->mp_nexthop_global
;
1996 nexthop_orig
.prefixlen
= IPV6_MAX_BITLEN
;
1998 if (CHECK_FLAG(to_bgp
->af_flags
[afi
][safi
],
1999 BGP_CONFIG_VRF_TO_VRF_IMPORT
)) {
2000 static_attr
.mp_nexthop_global
= nexthop_orig
.u
.prefix6
;
2006 * route map handling
2008 if (to_bgp
->vpn_policy
[afi
].rmap
[BGP_VPN_POLICY_DIR_FROMVPN
]) {
2009 struct bgp_path_info info
;
2010 route_map_result_t ret
;
2012 memset(&info
, 0, sizeof(info
));
2013 info
.peer
= to_bgp
->peer_self
;
2014 info
.attr
= &static_attr
;
2015 info
.extra
= path_vpn
->extra
; /* Used for source-vrf filter */
2016 ret
= route_map_apply(to_bgp
->vpn_policy
[afi
]
2017 .rmap
[BGP_VPN_POLICY_DIR_FROMVPN
],
2019 if (RMAP_DENYMATCH
== ret
) {
2020 bgp_attr_flush(&static_attr
); /* free any added parts */
2023 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
2024 __func__
, to_bgp
->name_pretty
,
2025 to_bgp
->vpn_policy
[afi
]
2026 .rmap
[BGP_VPN_POLICY_DIR_FROMVPN
]
2031 * if route-map changed nexthop, don't nexthop-self on output
2033 if (!CHECK_FLAG(static_attr
.rmap_change_flags
,
2034 BATTR_RMAP_NEXTHOP_UNCHANGED
))
2035 nexthop_self_flag
= 0;
2038 new_attr
= bgp_attr_intern(&static_attr
);
2039 bgp_attr_flush(&static_attr
);
2041 bn
= bgp_afi_node_get(to_bgp
->rib
[afi
][safi
], afi
, safi
, p
, NULL
);
2044 * ensure labels are copied
2046 * However, there is a special case: if the route originated in
2047 * another local VRF (as opposed to arriving via VPN), then the
2048 * nexthop is reached by hairpinning through this router (me)
2049 * using IP forwarding only (no LSP). Therefore, the route
2050 * imported to the VRF should not have labels attached. Note
2051 * that nexthop tracking is also involved: eliminating the
2052 * labels for these routes enables the non-labeled nexthops
2053 * from the originating VRF to be considered valid for this route.
2055 if (!CHECK_FLAG(to_bgp
->af_flags
[afi
][safi
],
2056 BGP_CONFIG_VRF_TO_VRF_IMPORT
)) {
2057 /* work back to original route */
2058 bpi_ultimate
= bgp_get_imported_bpi_ultimate(path_vpn
);
2061 * if original route was unicast,
2062 * then it did not arrive over vpn
2064 if (bpi_ultimate
->net
) {
2065 struct bgp_table
*table
;
2067 table
= bgp_dest_table(bpi_ultimate
->net
);
2068 if (table
&& (table
->safi
== SAFI_UNICAST
))
2073 if (!origin_local
&& path_vpn
->extra
2074 && path_vpn
->extra
->num_labels
) {
2075 num_labels
= path_vpn
->extra
->num_labels
;
2076 if (num_labels
> BGP_MAX_LABELS
)
2077 num_labels
= BGP_MAX_LABELS
;
2078 pLabels
= path_vpn
->extra
->label
;
2083 zlog_debug("%s: pfx %pBD: num_labels %d", __func__
,
2084 path_vpn
->net
, num_labels
);
2086 leak_update(to_bgp
, bn
, new_attr
, afi
, safi
, path_vpn
, pLabels
,
2087 num_labels
, src_vrf
, &nexthop_orig
, nexthop_self_flag
,
2092 bool vpn_leak_to_vrf_update(struct bgp
*from_bgp
,
2093 struct bgp_path_info
*path_vpn
,
2094 struct prefix_rd
*prd
)
2096 struct listnode
*mnode
, *mnnode
;
2098 bool leak_success
= false;
2100 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
);
2103 zlog_debug("%s: start (path_vpn=%p)", __func__
, path_vpn
);
2105 /* Loop over VRFs */
2106 for (ALL_LIST_ELEMENTS(bm
->bgp
, mnode
, mnnode
, bgp
)) {
2108 if (!path_vpn
->extra
2109 || path_vpn
->extra
->bgp_orig
!= bgp
) { /* no loop */
2110 leak_success
|= vpn_leak_to_vrf_update_onevrf(
2111 bgp
, from_bgp
, path_vpn
, prd
);
2114 return leak_success
;
2117 void vpn_leak_to_vrf_withdraw(struct bgp
*from_bgp
, /* from */
2118 struct bgp_path_info
*path_vpn
) /* route */
2120 const struct prefix
*p
;
2122 safi_t safi
= SAFI_UNICAST
;
2124 struct listnode
*mnode
, *mnnode
;
2125 struct bgp_dest
*bn
;
2126 struct bgp_path_info
*bpi
;
2127 const char *debugmsg
;
2129 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
);
2132 zlog_debug("%s: entry: p=%pBD, type=%d, sub_type=%d", __func__
,
2133 path_vpn
->net
, path_vpn
->type
, path_vpn
->sub_type
);
2136 zlog_debug("%s: start (path_vpn=%p)", __func__
, path_vpn
);
2138 if (!path_vpn
->net
) {
2139 #ifdef ENABLE_BGP_VNC
2140 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
2141 if (path_vpn
->type
== ZEBRA_ROUTE_BGP
2142 && path_vpn
->sub_type
== BGP_ROUTE_RFP
) {
2149 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
2154 p
= bgp_dest_get_prefix(path_vpn
->net
);
2155 afi
= family2afi(p
->family
);
2157 /* Loop over VRFs */
2158 for (ALL_LIST_ELEMENTS(bm
->bgp
, mnode
, mnnode
, bgp
)) {
2159 if (!vpn_leak_from_vpn_active(bgp
, afi
, &debugmsg
)) {
2161 zlog_debug("%s: skipping: %s", __func__
,
2166 /* Check for intersection of route targets */
2167 if (!ecommunity_include(
2168 bgp
->vpn_policy
[afi
]
2169 .rtlist
[BGP_VPN_POLICY_DIR_FROMVPN
],
2170 bgp_attr_get_ecommunity(path_vpn
->attr
))) {
2176 zlog_debug("%s: withdrawing from vrf %s", __func__
,
2179 bn
= bgp_afi_node_get(bgp
->rib
[afi
][safi
], afi
, safi
, p
, NULL
);
2181 for (bpi
= bgp_dest_get_bgp_path_info(bn
); bpi
;
2184 && (struct bgp_path_info
*)bpi
->extra
->parent
2192 zlog_debug("%s: deleting bpi %p", __func__
,
2194 bgp_aggregate_decrement(bgp
, p
, bpi
, afi
, safi
);
2195 bgp_path_info_delete(bn
, bpi
);
2196 bgp_process(bgp
, bn
, afi
, safi
);
2198 bgp_dest_unlock_node(bn
);
2202 void vpn_leak_to_vrf_withdraw_all(struct bgp
*to_bgp
, afi_t afi
)
2204 struct bgp_dest
*bn
;
2205 struct bgp_path_info
*bpi
;
2206 safi_t safi
= SAFI_UNICAST
;
2207 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
);
2210 zlog_debug("%s: entry", __func__
);
2212 * Walk vrf table, delete bpi with bgp_orig in a different vrf
2214 for (bn
= bgp_table_top(to_bgp
->rib
[afi
][safi
]); bn
;
2215 bn
= bgp_route_next(bn
)) {
2217 for (bpi
= bgp_dest_get_bgp_path_info(bn
); bpi
;
2219 if (bpi
->extra
&& bpi
->extra
->bgp_orig
!= to_bgp
&&
2220 bpi
->extra
->parent
&&
2221 is_pi_family_vpn(bpi
->extra
->parent
)) {
2224 bgp_aggregate_decrement(to_bgp
,
2225 bgp_dest_get_prefix(bn
),
2227 bgp_path_info_delete(bn
, bpi
);
2228 bgp_process(to_bgp
, bn
, afi
, safi
);
2234 void vpn_leak_to_vrf_update_all(struct bgp
*to_bgp
, struct bgp
*vpn_from
,
2237 struct bgp_dest
*pdest
;
2238 safi_t safi
= SAFI_MPLS_VPN
;
2245 for (pdest
= bgp_table_top(vpn_from
->rib
[afi
][safi
]); pdest
;
2246 pdest
= bgp_route_next(pdest
)) {
2247 struct bgp_table
*table
;
2248 struct bgp_dest
*bn
;
2249 struct bgp_path_info
*bpi
;
2251 /* This is the per-RD table of prefixes */
2252 table
= bgp_dest_get_bgp_table_info(pdest
);
2257 for (bn
= bgp_table_top(table
); bn
; bn
= bgp_route_next(bn
)) {
2259 for (bpi
= bgp_dest_get_bgp_path_info(bn
); bpi
;
2263 bpi
->extra
->bgp_orig
== to_bgp
)
2266 vpn_leak_to_vrf_update_onevrf(to_bgp
, vpn_from
,
2274 * This function is called for definition/deletion/change to a route-map
2276 static void vpn_policy_routemap_update(struct bgp
*bgp
, const char *rmap_name
)
2278 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_RMAP_EVENT
);
2280 struct route_map
*rmap
;
2282 if (bgp
->inst_type
!= BGP_INSTANCE_TYPE_DEFAULT
2283 && bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
) {
2288 rmap
= route_map_lookup_by_name(rmap_name
); /* NULL if deleted */
2290 for (afi
= 0; afi
< AFI_MAX
; ++afi
) {
2292 if (bgp
->vpn_policy
[afi
].rmap_name
[BGP_VPN_POLICY_DIR_TOVPN
]
2293 && !strcmp(rmap_name
,
2294 bgp
->vpn_policy
[afi
]
2295 .rmap_name
[BGP_VPN_POLICY_DIR_TOVPN
])) {
2299 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
2300 __func__
, rmap_name
, bgp
->as
,
2303 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN
, afi
,
2304 bgp_get_default(), bgp
);
2306 zlog_debug("%s: after vpn_leak_prechange",
2309 /* in case of definition/deletion */
2310 bgp
->vpn_policy
[afi
].rmap
[BGP_VPN_POLICY_DIR_TOVPN
] =
2313 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN
, afi
,
2314 bgp_get_default(), bgp
);
2317 zlog_debug("%s: after vpn_leak_postchange",
2321 if (bgp
->vpn_policy
[afi
].rmap_name
[BGP_VPN_POLICY_DIR_FROMVPN
]
2322 && !strcmp(rmap_name
,
2323 bgp
->vpn_policy
[afi
]
2324 .rmap_name
[BGP_VPN_POLICY_DIR_FROMVPN
])) {
2327 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
2328 __func__
, rmap_name
, bgp
->as
,
2332 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN
, afi
,
2333 bgp_get_default(), bgp
);
2335 /* in case of definition/deletion */
2336 bgp
->vpn_policy
[afi
].rmap
[BGP_VPN_POLICY_DIR_FROMVPN
] =
2339 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN
, afi
,
2340 bgp_get_default(), bgp
);
2345 /* This API is used during router-id change, reflect VPNs
2346 * auto RD and RT values and readvertise routes to VPN table.
2348 void vpn_handle_router_id_update(struct bgp
*bgp
, bool withdraw
,
2352 int debug
= (BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
)
2353 | BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
));
2355 const char *export_name
;
2356 char buf
[RD_ADDRSTRLEN
];
2357 struct bgp
*bgp_import
;
2358 struct listnode
*node
;
2359 struct ecommunity
*ecom
;
2360 enum vpn_policy_direction idir
, edir
;
2363 * Router-id change that is not explicitly configured
2364 * (a change from zebra, frr restart for example)
2365 * should not replace a configured vpn RD/RT.
2369 zlog_debug("%s: skipping non explicit router-id change",
2374 if (bgp
->inst_type
!= BGP_INSTANCE_TYPE_DEFAULT
2375 && bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
)
2378 export_name
= bgp
->name
? bgp
->name
: VRF_DEFAULT_NAME
;
2379 idir
= BGP_VPN_POLICY_DIR_FROMVPN
;
2380 edir
= BGP_VPN_POLICY_DIR_TOVPN
;
2382 for (afi
= 0; afi
< AFI_MAX
; ++afi
) {
2383 if (!vpn_leak_to_vpn_active(bgp
, afi
, NULL
))
2387 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN
,
2388 afi
, bgp_get_default(), bgp
);
2390 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
2391 __func__
, export_name
);
2393 /* Remove import RT from VRFs */
2394 ecom
= bgp
->vpn_policy
[afi
].rtlist
[edir
];
2395 for (ALL_LIST_ELEMENTS_RO(bgp
->vpn_policy
[afi
].
2396 export_vrf
, node
, vname
)) {
2397 if (strcmp(vname
, VRF_DEFAULT_NAME
) == 0)
2398 bgp_import
= bgp_get_default();
2400 bgp_import
= bgp_lookup_by_name(vname
);
2405 bgp_import
->vpn_policy
[afi
]
2407 (struct ecommunity_val
*)ecom
->val
);
2410 /* New router-id derive auto RD and RT and export
2413 form_auto_rd(bgp
->router_id
, bgp
->vrf_rd_id
,
2414 &bgp
->vrf_prd_auto
);
2415 bgp
->vpn_policy
[afi
].tovpn_rd
= bgp
->vrf_prd_auto
;
2416 prefix_rd2str(&bgp
->vpn_policy
[afi
].tovpn_rd
, buf
,
2419 /* free up pre-existing memory if any and allocate
2420 * the ecommunity attribute with new RD/RT
2422 if (bgp
->vpn_policy
[afi
].rtlist
[edir
])
2424 &bgp
->vpn_policy
[afi
].rtlist
[edir
]);
2425 bgp
->vpn_policy
[afi
].rtlist
[edir
] = ecommunity_str2com(
2426 buf
, ECOMMUNITY_ROUTE_TARGET
, 0);
2428 /* Update import_vrf rt_list */
2429 ecom
= bgp
->vpn_policy
[afi
].rtlist
[edir
];
2430 for (ALL_LIST_ELEMENTS_RO(bgp
->vpn_policy
[afi
].
2431 export_vrf
, node
, vname
)) {
2432 if (strcmp(vname
, VRF_DEFAULT_NAME
) == 0)
2433 bgp_import
= bgp_get_default();
2435 bgp_import
= bgp_lookup_by_name(vname
);
2438 if (bgp_import
->vpn_policy
[afi
].rtlist
[idir
])
2439 bgp_import
->vpn_policy
[afi
].rtlist
[idir
]
2441 bgp_import
->vpn_policy
[afi
]
2442 .rtlist
[idir
], ecom
);
2444 bgp_import
->vpn_policy
[afi
].rtlist
[idir
]
2445 = ecommunity_dup(ecom
);
2448 /* Update routes to VPN */
2449 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN
,
2450 afi
, bgp_get_default(),
2453 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
2454 __func__
, export_name
);
2459 void vpn_policy_routemap_event(const char *rmap_name
)
2461 int debug
= BGP_DEBUG(vpn
, VPN_LEAK_RMAP_EVENT
);
2462 struct listnode
*mnode
, *mnnode
;
2466 zlog_debug("%s: entry", __func__
);
2468 if (bm
->bgp
== NULL
) /* may be called during cleanup */
2471 for (ALL_LIST_ELEMENTS(bm
->bgp
, mnode
, mnnode
, bgp
))
2472 vpn_policy_routemap_update(bgp
, rmap_name
);
2475 void vrf_import_from_vrf(struct bgp
*to_bgp
, struct bgp
*from_bgp
,
2476 afi_t afi
, safi_t safi
)
2478 const char *export_name
;
2479 enum vpn_policy_direction idir
, edir
;
2480 char *vname
, *tmp_name
;
2481 char buf
[RD_ADDRSTRLEN
];
2482 struct ecommunity
*ecom
;
2483 bool first_export
= false;
2485 struct listnode
*node
;
2486 bool is_inst_match
= false;
2488 export_name
= to_bgp
->name
? to_bgp
->name
: VRF_DEFAULT_NAME
;
2489 idir
= BGP_VPN_POLICY_DIR_FROMVPN
;
2490 edir
= BGP_VPN_POLICY_DIR_TOVPN
;
2492 debug
= (BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
) |
2493 BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
));
2496 * Cross-ref both VRFs. Also, note if this is the first time
2497 * any VRF is importing from "import_vrf".
2499 vname
= (from_bgp
->name
? XSTRDUP(MTYPE_TMP
, from_bgp
->name
)
2500 : XSTRDUP(MTYPE_TMP
, VRF_DEFAULT_NAME
));
2502 /* Check the import_vrf list of destination vrf for the source vrf name,
2505 for (ALL_LIST_ELEMENTS_RO(to_bgp
->vpn_policy
[afi
].import_vrf
,
2507 if (strcmp(vname
, tmp_name
) == 0) {
2508 is_inst_match
= true;
2513 listnode_add(to_bgp
->vpn_policy
[afi
].import_vrf
,
2516 XFREE(MTYPE_TMP
, vname
);
2518 /* Check if the source vrf already exports to any vrf,
2519 * first time export requires to setup auto derived RD/RT values.
2520 * Add the destination vrf name to export vrf list if it is
2523 is_inst_match
= false;
2524 vname
= XSTRDUP(MTYPE_TMP
, export_name
);
2525 if (!listcount(from_bgp
->vpn_policy
[afi
].export_vrf
)) {
2526 first_export
= true;
2528 for (ALL_LIST_ELEMENTS_RO(from_bgp
->vpn_policy
[afi
].export_vrf
,
2530 if (strcmp(vname
, tmp_name
) == 0) {
2531 is_inst_match
= true;
2537 listnode_add(from_bgp
->vpn_policy
[afi
].export_vrf
,
2540 XFREE(MTYPE_TMP
, vname
);
2542 /* Update import RT for current VRF using export RT of the VRF we're
2543 * importing from. First though, make sure "import_vrf" has that
2547 form_auto_rd(from_bgp
->router_id
, from_bgp
->vrf_rd_id
,
2548 &from_bgp
->vrf_prd_auto
);
2549 from_bgp
->vpn_policy
[afi
].tovpn_rd
= from_bgp
->vrf_prd_auto
;
2550 SET_FLAG(from_bgp
->vpn_policy
[afi
].flags
,
2551 BGP_VPN_POLICY_TOVPN_RD_SET
);
2552 prefix_rd2str(&from_bgp
->vpn_policy
[afi
].tovpn_rd
,
2554 from_bgp
->vpn_policy
[afi
].rtlist
[edir
] =
2555 ecommunity_str2com(buf
, ECOMMUNITY_ROUTE_TARGET
, 0);
2556 SET_FLAG(from_bgp
->af_flags
[afi
][safi
],
2557 BGP_CONFIG_VRF_TO_VRF_EXPORT
);
2558 from_bgp
->vpn_policy
[afi
].tovpn_label
=
2559 BGP_PREVENT_VRF_2_VRF_LEAK
;
2561 ecom
= from_bgp
->vpn_policy
[afi
].rtlist
[edir
];
2562 if (to_bgp
->vpn_policy
[afi
].rtlist
[idir
])
2563 to_bgp
->vpn_policy
[afi
].rtlist
[idir
] =
2564 ecommunity_merge(to_bgp
->vpn_policy
[afi
]
2565 .rtlist
[idir
], ecom
);
2567 to_bgp
->vpn_policy
[afi
].rtlist
[idir
] = ecommunity_dup(ecom
);
2568 SET_FLAG(to_bgp
->af_flags
[afi
][safi
], BGP_CONFIG_VRF_TO_VRF_IMPORT
);
2571 const char *from_name
;
2572 char *ecom1
, *ecom2
;
2574 from_name
= from_bgp
->name
? from_bgp
->name
:
2577 ecom1
= ecommunity_ecom2str(
2578 to_bgp
->vpn_policy
[afi
].rtlist
[idir
],
2579 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
2581 ecom2
= ecommunity_ecom2str(
2582 to_bgp
->vpn_policy
[afi
].rtlist
[edir
],
2583 ECOMMUNITY_FORMAT_ROUTE_MAP
, 0);
2586 "%s from %s to %s first_export %u import-rt %s export-rt %s",
2587 __func__
, from_name
, export_name
, first_export
, ecom1
,
2590 ecommunity_strfree(&ecom1
);
2591 ecommunity_strfree(&ecom2
);
2594 /* Does "import_vrf" first need to export its routes or that
2595 * is already done and we just need to import those routes
2596 * from the global table?
2599 vpn_leak_postchange(edir
, afi
, bgp_get_default(), from_bgp
);
2601 vpn_leak_postchange(idir
, afi
, bgp_get_default(), to_bgp
);
2604 void vrf_unimport_from_vrf(struct bgp
*to_bgp
, struct bgp
*from_bgp
,
2605 afi_t afi
, safi_t safi
)
2607 const char *export_name
, *tmp_name
;
2608 enum vpn_policy_direction idir
, edir
;
2610 struct ecommunity
*ecom
= NULL
;
2611 struct listnode
*node
;
2614 export_name
= to_bgp
->name
? to_bgp
->name
: VRF_DEFAULT_NAME
;
2615 tmp_name
= from_bgp
->name
? from_bgp
->name
: VRF_DEFAULT_NAME
;
2616 idir
= BGP_VPN_POLICY_DIR_FROMVPN
;
2617 edir
= BGP_VPN_POLICY_DIR_TOVPN
;
2619 debug
= (BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
) |
2620 BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
));
2622 /* Were we importing from "import_vrf"? */
2623 for (ALL_LIST_ELEMENTS_RO(to_bgp
->vpn_policy
[afi
].import_vrf
, node
,
2625 if (strcmp(vname
, tmp_name
) == 0)
2630 * We do not check in the cli if the passed in bgp
2631 * instance is actually imported into us before
2632 * we call this function. As such if we do not
2633 * find this in the import_vrf list than
2634 * we just need to return safely.
2640 zlog_debug("%s from %s to %s", __func__
, tmp_name
, export_name
);
2642 /* Remove "import_vrf" from our import list. */
2643 listnode_delete(to_bgp
->vpn_policy
[afi
].import_vrf
, vname
);
2644 XFREE(MTYPE_TMP
, vname
);
2646 /* Remove routes imported from "import_vrf". */
2647 /* TODO: In the current logic, we have to first remove all
2648 * imported routes and then (if needed) import back routes
2650 vpn_leak_prechange(idir
, afi
, bgp_get_default(), to_bgp
);
2652 if (to_bgp
->vpn_policy
[afi
].import_vrf
->count
== 0) {
2653 if (!to_bgp
->vpn_policy
[afi
].rmap
[idir
])
2654 UNSET_FLAG(to_bgp
->af_flags
[afi
][safi
],
2655 BGP_CONFIG_VRF_TO_VRF_IMPORT
);
2656 if (to_bgp
->vpn_policy
[afi
].rtlist
[idir
])
2657 ecommunity_free(&to_bgp
->vpn_policy
[afi
].rtlist
[idir
]);
2659 ecom
= from_bgp
->vpn_policy
[afi
].rtlist
[edir
];
2661 ecommunity_del_val(to_bgp
->vpn_policy
[afi
].rtlist
[idir
],
2662 (struct ecommunity_val
*)ecom
->val
);
2663 vpn_leak_postchange(idir
, afi
, bgp_get_default(), to_bgp
);
2668 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
2669 * below is checking for NULL that export_vrf can be
2670 * NULL, consequently it is complaining( like a cabbage )
2671 * that we could dereference and crash in the listcount(..)
2673 * So make it happy, under protest, with liberty and justice
2676 assert(from_bgp
->vpn_policy
[afi
].export_vrf
);
2678 /* Remove us from "import_vrf's" export list. If no other VRF
2679 * is importing from "import_vrf", cleanup appropriately.
2681 for (ALL_LIST_ELEMENTS_RO(from_bgp
->vpn_policy
[afi
].export_vrf
,
2683 if (strcmp(vname
, export_name
) == 0)
2688 * If we have gotten to this point then the vname must
2689 * exist. If not, we are in a world of trouble and
2690 * have slag sitting around.
2692 * import_vrf and export_vrf must match in having
2693 * the in/out names as appropriate.
2694 * export_vrf list could have been cleaned up
2695 * as part of no router bgp source instnace.
2700 listnode_delete(from_bgp
->vpn_policy
[afi
].export_vrf
, vname
);
2701 XFREE(MTYPE_TMP
, vname
);
2703 if (!listcount(from_bgp
->vpn_policy
[afi
].export_vrf
)) {
2704 vpn_leak_prechange(edir
, afi
, bgp_get_default(), from_bgp
);
2705 ecommunity_free(&from_bgp
->vpn_policy
[afi
].rtlist
[edir
]);
2706 UNSET_FLAG(from_bgp
->af_flags
[afi
][safi
],
2707 BGP_CONFIG_VRF_TO_VRF_EXPORT
);
2708 memset(&from_bgp
->vpn_policy
[afi
].tovpn_rd
, 0,
2709 sizeof(struct prefix_rd
));
2710 UNSET_FLAG(from_bgp
->vpn_policy
[afi
].flags
,
2711 BGP_VPN_POLICY_TOVPN_RD_SET
);
2712 from_bgp
->vpn_policy
[afi
].tovpn_label
= MPLS_LABEL_NONE
;
2717 /* For testing purpose, static route of MPLS-VPN. */
2718 DEFUN (vpnv4_network
,
2720 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2721 "Specify a network to announce via BGP\n"
2723 "Specify Route Distinguisher\n"
2724 "VPN Route Distinguisher\n"
2725 "VPN NLRI label (tag)\n"
2726 "VPN NLRI label (tag)\n"
2729 int idx_ipv4_prefixlen
= 1;
2730 int idx_ext_community
= 3;
2732 return bgp_static_set_safi(
2733 AFI_IP
, SAFI_MPLS_VPN
, vty
, argv
[idx_ipv4_prefixlen
]->arg
,
2734 argv
[idx_ext_community
]->arg
, argv
[idx_label
]->arg
, NULL
, 0,
2735 NULL
, NULL
, NULL
, NULL
);
2738 DEFUN (vpnv4_network_route_map
,
2739 vpnv4_network_route_map_cmd
,
2740 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map RMAP_NAME",
2741 "Specify a network to announce via BGP\n"
2743 "Specify Route Distinguisher\n"
2744 "VPN Route Distinguisher\n"
2745 "VPN NLRI label (tag)\n"
2746 "VPN NLRI label (tag)\n"
2751 int idx_ipv4_prefixlen
= 1;
2752 int idx_ext_community
= 3;
2755 return bgp_static_set_safi(
2756 AFI_IP
, SAFI_MPLS_VPN
, vty
, argv
[idx_ipv4_prefixlen
]->arg
,
2757 argv
[idx_ext_community
]->arg
, argv
[idx_label
]->arg
,
2758 argv
[idx_word_2
]->arg
, 0, NULL
, NULL
, NULL
, NULL
);
2761 /* For testing purpose, static route of MPLS-VPN. */
2762 DEFUN (no_vpnv4_network
,
2763 no_vpnv4_network_cmd
,
2764 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2766 "Specify a network to announce via BGP\n"
2768 "Specify Route Distinguisher\n"
2769 "VPN Route Distinguisher\n"
2770 "VPN NLRI label (tag)\n"
2771 "VPN NLRI label (tag)\n"
2774 int idx_ipv4_prefixlen
= 2;
2775 int idx_ext_community
= 4;
2777 return bgp_static_unset_safi(AFI_IP
, SAFI_MPLS_VPN
, vty
,
2778 argv
[idx_ipv4_prefixlen
]->arg
,
2779 argv
[idx_ext_community
]->arg
,
2780 argv
[idx_label
]->arg
, 0, NULL
, NULL
, NULL
);
2783 DEFUN (vpnv6_network
,
2785 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map RMAP_NAME]",
2786 "Specify a network to announce via BGP\n"
2787 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2788 "Specify Route Distinguisher\n"
2789 "VPN Route Distinguisher\n"
2790 "VPN NLRI label (tag)\n"
2791 "VPN NLRI label (tag)\n"
2796 int idx_ipv6_prefix
= 1;
2797 int idx_ext_community
= 3;
2801 return bgp_static_set_safi(
2802 AFI_IP6
, SAFI_MPLS_VPN
, vty
, argv
[idx_ipv6_prefix
]->arg
,
2803 argv
[idx_ext_community
]->arg
, argv
[idx_label
]->arg
,
2804 argv
[idx_word_2
]->arg
, 0, NULL
, NULL
, NULL
, NULL
);
2806 return bgp_static_set_safi(
2807 AFI_IP6
, SAFI_MPLS_VPN
, vty
, argv
[idx_ipv6_prefix
]->arg
,
2808 argv
[idx_ext_community
]->arg
, argv
[idx_label
]->arg
,
2809 NULL
, 0, NULL
, NULL
, NULL
, NULL
);
2812 /* For testing purpose, static route of MPLS-VPN. */
2813 DEFUN (no_vpnv6_network
,
2814 no_vpnv6_network_cmd
,
2815 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2817 "Specify a network to announce via BGP\n"
2818 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2819 "Specify Route Distinguisher\n"
2820 "VPN Route Distinguisher\n"
2821 "VPN NLRI label (tag)\n"
2822 "VPN NLRI label (tag)\n"
2825 int idx_ipv6_prefix
= 2;
2826 int idx_ext_community
= 4;
2828 return bgp_static_unset_safi(AFI_IP6
, SAFI_MPLS_VPN
, vty
,
2829 argv
[idx_ipv6_prefix
]->arg
,
2830 argv
[idx_ext_community
]->arg
,
2831 argv
[idx_label
]->arg
, 0, NULL
, NULL
, NULL
);
2834 int bgp_show_mpls_vpn(struct vty
*vty
, afi_t afi
, struct prefix_rd
*prd
,
2835 enum bgp_show_type type
, void *output_arg
, int tags
,
2839 struct bgp_table
*table
;
2841 bgp
= bgp_get_default();
2844 vty_out(vty
, "No BGP process is configured\n");
2846 vty_out(vty
, "{}\n");
2849 table
= bgp
->rib
[afi
][SAFI_MPLS_VPN
];
2850 return bgp_show_table_rd(vty
, bgp
, SAFI_MPLS_VPN
, table
, prd
, type
,
2851 output_arg
, use_json
);
2854 DEFUN (show_bgp_ip_vpn_all_rd
,
2855 show_bgp_ip_vpn_all_rd_cmd
,
2856 "show bgp "BGP_AFI_CMD_STR
" vpn all [rd <ASN:NN_OR_IP-ADDRESS:NN|all>] [json]",
2860 "Display VPN NLRI specific information\n"
2861 "Display VPN NLRI specific information\n"
2862 "Display information for a route distinguisher\n"
2863 "VPN Route Distinguisher\n"
2864 "All VPN Route Distinguishers\n"
2868 struct prefix_rd prd
;
2872 if (argv_find_and_parse_afi(argv
, argc
, &idx
, &afi
)) {
2873 /* Constrain search if user supplies RD && RD != "all" */
2874 if (argv_find(argv
, argc
, "rd", &idx
)
2875 && strcmp(argv
[idx
+ 1]->arg
, "all")) {
2876 ret
= str2prefix_rd(argv
[idx
+ 1]->arg
, &prd
);
2879 "%% Malformed Route Distinguisher\n");
2882 return bgp_show_mpls_vpn(vty
, afi
, &prd
,
2883 bgp_show_type_normal
, NULL
, 0,
2884 use_json(argc
, argv
));
2886 return bgp_show_mpls_vpn(vty
, afi
, NULL
,
2887 bgp_show_type_normal
, NULL
, 0,
2888 use_json(argc
, argv
));
2894 ALIAS(show_bgp_ip_vpn_all_rd
,
2895 show_bgp_ip_vpn_rd_cmd
,
2896 "show bgp "BGP_AFI_CMD_STR
" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all> [json]",
2900 "Display VPN NLRI specific information\n"
2901 "Display information for a route distinguisher\n"
2902 "VPN Route Distinguisher\n"
2903 "All VPN Route Distinguishers\n"
2906 #ifdef KEEP_OLD_VPN_COMMANDS
2907 DEFUN (show_ip_bgp_vpn_rd
,
2908 show_ip_bgp_vpn_rd_cmd
,
2909 "show ip bgp "BGP_AFI_CMD_STR
" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all>",
2915 "Display information for a route distinguisher\n"
2916 "VPN Route Distinguisher\n"
2917 "All VPN Route Distinguishers\n")
2919 int idx_ext_community
= argc
- 1;
2921 struct prefix_rd prd
;
2925 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
)) {
2926 if (!strcmp(argv
[idx_ext_community
]->arg
, "all"))
2927 return bgp_show_mpls_vpn(vty
, afi
, NULL
,
2928 bgp_show_type_normal
, NULL
, 0,
2930 ret
= str2prefix_rd(argv
[idx_ext_community
]->arg
, &prd
);
2932 vty_out(vty
, "%% Malformed Route Distinguisher\n");
2935 return bgp_show_mpls_vpn(vty
, afi
, &prd
, bgp_show_type_normal
,
2941 DEFUN (show_ip_bgp_vpn_all
,
2942 show_ip_bgp_vpn_all_cmd
,
2943 "show [ip] bgp <vpnv4|vpnv6>",
2952 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
))
2953 return bgp_show_mpls_vpn(vty
, afi
, NULL
, bgp_show_type_normal
,
2958 DEFUN (show_ip_bgp_vpn_all_tags
,
2959 show_ip_bgp_vpn_all_tags_cmd
,
2960 "show [ip] bgp <vpnv4|vpnv6> all tags",
2965 "Display information about all VPNv4/VPNV6 NLRIs\n"
2966 "Display BGP tags for prefixes\n")
2971 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
))
2972 return bgp_show_mpls_vpn(vty
, afi
, NULL
, bgp_show_type_normal
,
2977 DEFUN (show_ip_bgp_vpn_rd_tags
,
2978 show_ip_bgp_vpn_rd_tags_cmd
,
2979 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> tags",
2984 "Display information for a route distinguisher\n"
2985 "VPN Route Distinguisher\n"
2986 "All VPN Route Distinguishers\n"
2987 "Display BGP tags for prefixes\n")
2989 int idx_ext_community
= 5;
2991 struct prefix_rd prd
;
2995 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
)) {
2996 if (!strcmp(argv
[idx_ext_community
]->arg
, "all"))
2997 return bgp_show_mpls_vpn(vty
, afi
, NULL
,
2998 bgp_show_type_normal
, NULL
, 1,
3000 ret
= str2prefix_rd(argv
[idx_ext_community
]->arg
, &prd
);
3002 vty_out(vty
, "%% Malformed Route Distinguisher\n");
3005 return bgp_show_mpls_vpn(vty
, afi
, &prd
, bgp_show_type_normal
,
3011 DEFUN (show_ip_bgp_vpn_all_neighbor_routes
,
3012 show_ip_bgp_vpn_all_neighbor_routes_cmd
,
3013 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
3018 "Display information about all VPNv4/VPNv6 NLRIs\n"
3019 "Detailed information on TCP and BGP neighbor connections\n"
3020 "Neighbor to display information about\n"
3021 "Display routes learned from neighbor\n"
3028 bool uj
= use_json(argc
, argv
);
3032 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
)) {
3033 ret
= str2sockunion(argv
[idx_ipv4
]->arg
, &su
);
3036 json_object
*json_no
= NULL
;
3037 json_no
= json_object_new_object();
3038 json_object_string_add(json_no
, "warning",
3039 "Malformed address");
3040 vty_out(vty
, "%s\n",
3041 json_object_to_json_string(json_no
));
3042 json_object_free(json_no
);
3044 vty_out(vty
, "Malformed address: %s\n",
3045 argv
[idx_ipv4
]->arg
);
3049 peer
= peer_lookup(NULL
, &su
);
3050 if (!peer
|| !peer
->afc
[afi
][SAFI_MPLS_VPN
]) {
3052 json_object
*json_no
= NULL
;
3053 json_no
= json_object_new_object();
3054 json_object_string_add(
3056 "No such neighbor or address family");
3057 vty_out(vty
, "%s\n",
3058 json_object_to_json_string(json_no
));
3059 json_object_free(json_no
);
3062 "%% No such neighbor or address family\n");
3066 return bgp_show_mpls_vpn(vty
, afi
, NULL
, bgp_show_type_neighbor
,
3072 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes
,
3073 show_ip_bgp_vpn_rd_neighbor_routes_cmd
,
3074 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D routes [json]",
3079 "Display information for a route distinguisher\n"
3080 "VPN Route Distinguisher\n"
3081 "All VPN Route Distinguishers\n"
3082 "Detailed information on TCP and BGP neighbor connections\n"
3083 "Neighbor to display information about\n"
3084 "Display routes learned from neighbor\n"
3087 int idx_ext_community
= 5;
3092 struct prefix_rd prd
;
3093 bool prefix_rd_all
= false;
3094 bool uj
= use_json(argc
, argv
);
3098 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
)) {
3099 if (!strcmp(argv
[idx_ext_community
]->arg
, "all"))
3100 prefix_rd_all
= true;
3102 ret
= str2prefix_rd(argv
[idx_ext_community
]->arg
, &prd
);
3105 json_object
*json_no
= NULL
;
3106 json_no
= json_object_new_object();
3107 json_object_string_add(
3109 "Malformed Route Distinguisher");
3110 vty_out(vty
, "%s\n",
3111 json_object_to_json_string(
3113 json_object_free(json_no
);
3116 "%% Malformed Route Distinguisher\n");
3121 ret
= str2sockunion(argv
[idx_ipv4
]->arg
, &su
);
3124 json_object
*json_no
= NULL
;
3125 json_no
= json_object_new_object();
3126 json_object_string_add(json_no
, "warning",
3127 "Malformed address");
3128 vty_out(vty
, "%s\n",
3129 json_object_to_json_string(json_no
));
3130 json_object_free(json_no
);
3132 vty_out(vty
, "Malformed address: %s\n",
3133 argv
[idx_ext_community
]->arg
);
3137 peer
= peer_lookup(NULL
, &su
);
3138 if (!peer
|| !peer
->afc
[afi
][SAFI_MPLS_VPN
]) {
3140 json_object
*json_no
= NULL
;
3141 json_no
= json_object_new_object();
3142 json_object_string_add(
3144 "No such neighbor or address family");
3145 vty_out(vty
, "%s\n",
3146 json_object_to_json_string(json_no
));
3147 json_object_free(json_no
);
3150 "%% No such neighbor or address family\n");
3155 return bgp_show_mpls_vpn(vty
, afi
, NULL
,
3156 bgp_show_type_neighbor
, &su
, 0,
3159 return bgp_show_mpls_vpn(vty
, afi
, &prd
,
3160 bgp_show_type_neighbor
, &su
, 0,
3166 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes
,
3167 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd
,
3168 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
3173 "Display information about all VPNv4/VPNv6 NLRIs\n"
3174 "Detailed information on TCP and BGP neighbor connections\n"
3175 "Neighbor to display information about\n"
3176 "Display the routes advertised to a BGP neighbor\n"
3183 bool uj
= use_json(argc
, argv
);
3187 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
)) {
3188 ret
= str2sockunion(argv
[idx_ipv4
]->arg
, &su
);
3191 json_object
*json_no
= NULL
;
3192 json_no
= json_object_new_object();
3193 json_object_string_add(json_no
, "warning",
3194 "Malformed address");
3195 vty_out(vty
, "%s\n",
3196 json_object_to_json_string(json_no
));
3197 json_object_free(json_no
);
3199 vty_out(vty
, "Malformed address: %s\n",
3200 argv
[idx_ipv4
]->arg
);
3203 peer
= peer_lookup(NULL
, &su
);
3204 if (!peer
|| !peer
->afc
[afi
][SAFI_MPLS_VPN
]) {
3206 json_object
*json_no
= NULL
;
3207 json_no
= json_object_new_object();
3208 json_object_string_add(
3210 "No such neighbor or address family");
3211 vty_out(vty
, "%s\n",
3212 json_object_to_json_string(json_no
));
3213 json_object_free(json_no
);
3216 "%% No such neighbor or address family\n");
3219 return show_adj_route_vpn(vty
, peer
, NULL
, AFI_IP
,
3225 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes
,
3226 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd
,
3227 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D advertised-routes [json]",
3232 "Display information for a route distinguisher\n"
3233 "VPN Route Distinguisher\n"
3234 "All VPN Route Distinguishers\n"
3235 "Detailed information on TCP and BGP neighbor connections\n"
3236 "Neighbor to display information about\n"
3237 "Display the routes advertised to a BGP neighbor\n"
3240 int idx_ext_community
= 5;
3244 struct prefix_rd prd
;
3246 bool uj
= use_json(argc
, argv
);
3250 if (argv_find_and_parse_vpnvx(argv
, argc
, &idx
, &afi
)) {
3251 ret
= str2sockunion(argv
[idx_ipv4
]->arg
, &su
);
3254 json_object
*json_no
= NULL
;
3255 json_no
= json_object_new_object();
3256 json_object_string_add(json_no
, "warning",
3257 "Malformed address");
3258 vty_out(vty
, "%s\n",
3259 json_object_to_json_string(json_no
));
3260 json_object_free(json_no
);
3262 vty_out(vty
, "Malformed address: %s\n",
3263 argv
[idx_ext_community
]->arg
);
3266 peer
= peer_lookup(NULL
, &su
);
3267 if (!peer
|| !peer
->afc
[afi
][SAFI_MPLS_VPN
]) {
3269 json_object
*json_no
= NULL
;
3270 json_no
= json_object_new_object();
3271 json_object_string_add(
3273 "No such neighbor or address family");
3274 vty_out(vty
, "%s\n",
3275 json_object_to_json_string(json_no
));
3276 json_object_free(json_no
);
3279 "%% No such neighbor or address family\n");
3283 if (!strcmp(argv
[idx_ext_community
]->arg
, "all"))
3284 return show_adj_route_vpn(vty
, peer
, NULL
, AFI_IP
,
3286 ret
= str2prefix_rd(argv
[idx_ext_community
]->arg
, &prd
);
3289 json_object
*json_no
= NULL
;
3290 json_no
= json_object_new_object();
3291 json_object_string_add(
3293 "Malformed Route Distinguisher");
3294 vty_out(vty
, "%s\n",
3295 json_object_to_json_string(json_no
));
3296 json_object_free(json_no
);
3299 "%% Malformed Route Distinguisher\n");
3303 return show_adj_route_vpn(vty
, peer
, &prd
, AFI_IP
,
3308 #endif /* KEEP_OLD_VPN_COMMANDS */
3310 void bgp_mplsvpn_init(void)
3312 install_element(BGP_VPNV4_NODE
, &vpnv4_network_cmd
);
3313 install_element(BGP_VPNV4_NODE
, &vpnv4_network_route_map_cmd
);
3314 install_element(BGP_VPNV4_NODE
, &no_vpnv4_network_cmd
);
3316 install_element(BGP_VPNV6_NODE
, &vpnv6_network_cmd
);
3317 install_element(BGP_VPNV6_NODE
, &no_vpnv6_network_cmd
);
3319 install_element(VIEW_NODE
, &show_bgp_ip_vpn_all_rd_cmd
);
3320 install_element(VIEW_NODE
, &show_bgp_ip_vpn_rd_cmd
);
3321 #ifdef KEEP_OLD_VPN_COMMANDS
3322 install_element(VIEW_NODE
, &show_ip_bgp_vpn_rd_cmd
);
3323 install_element(VIEW_NODE
, &show_ip_bgp_vpn_all_cmd
);
3324 install_element(VIEW_NODE
, &show_ip_bgp_vpn_all_tags_cmd
);
3325 install_element(VIEW_NODE
, &show_ip_bgp_vpn_rd_tags_cmd
);
3326 install_element(VIEW_NODE
, &show_ip_bgp_vpn_all_neighbor_routes_cmd
);
3327 install_element(VIEW_NODE
, &show_ip_bgp_vpn_rd_neighbor_routes_cmd
);
3328 install_element(VIEW_NODE
,
3329 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd
);
3330 install_element(VIEW_NODE
,
3331 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd
);
3332 #endif /* KEEP_OLD_VPN_COMMANDS */
3335 vrf_id_t
get_first_vrf_for_redirect_with_rt(struct ecommunity
*eckey
)
3337 struct listnode
*mnode
, *mnnode
;
3341 if (eckey
->unit_size
== IPV6_ECOMMUNITY_SIZE
)
3344 for (ALL_LIST_ELEMENTS(bm
->bgp
, mnode
, mnnode
, bgp
)) {
3345 struct ecommunity
*ec
;
3347 if (bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
)
3350 ec
= bgp
->vpn_policy
[afi
].import_redirect_rtlist
;
3352 if (ec
&& eckey
->unit_size
!= ec
->unit_size
)
3355 if (ecommunity_include(ec
, eckey
))
3362 * The purpose of this function is to process leaks that were deferred
3363 * from earlier per-vrf configuration due to not-yet-existing default
3364 * vrf, in other words, configuration such as:
3366 * router bgp MMM vrf FOO
3367 * address-family ipv4 unicast
3369 * exit-address-family
3374 * This function gets called when the default instance ("router bgp NNN")
3377 void vpn_leak_postchange_all(void)
3379 struct listnode
*next
;
3381 struct bgp
*bgp_default
= bgp_get_default();
3383 assert(bgp_default
);
3385 /* First, do any exporting from VRFs to the single VPN RIB */
3386 for (ALL_LIST_ELEMENTS_RO(bm
->bgp
, next
, bgp
)) {
3388 if (bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
)
3391 vpn_leak_postchange(
3392 BGP_VPN_POLICY_DIR_TOVPN
,
3397 vpn_leak_postchange(
3398 BGP_VPN_POLICY_DIR_TOVPN
,
3404 /* Now, do any importing to VRFs from the single VPN RIB */
3405 for (ALL_LIST_ELEMENTS_RO(bm
->bgp
, next
, bgp
)) {
3407 if (bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
)
3410 vpn_leak_postchange(
3411 BGP_VPN_POLICY_DIR_FROMVPN
,
3416 vpn_leak_postchange(
3417 BGP_VPN_POLICY_DIR_FROMVPN
,
3424 /* When a bgp vrf instance is unconfigured, remove its routes
3425 * from the VPN table and this vrf could be importing routes from other
3426 * bgp vrf instnaces, unimport them.
3427 * VRF X and VRF Y are exporting routes to each other.
3428 * When VRF X is deleted, unimport its routes from all target vrfs,
3429 * also VRF Y should unimport its routes from VRF X table.
3430 * This will ensure VPN table is cleaned up appropriately.
3432 void bgp_vpn_leak_unimport(struct bgp
*from_bgp
)
3435 const char *tmp_name
;
3437 struct listnode
*node
, *next
;
3438 safi_t safi
= SAFI_UNICAST
;
3440 bool is_vrf_leak_bind
;
3443 if (from_bgp
->inst_type
!= BGP_INSTANCE_TYPE_VRF
)
3446 debug
= (BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
) |
3447 BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
));
3449 tmp_name
= from_bgp
->name
? from_bgp
->name
: VRF_DEFAULT_NAME
;
3451 for (afi
= 0; afi
< AFI_MAX
; ++afi
) {
3452 /* vrf leak is for IPv4 and IPv6 Unicast only */
3453 if (afi
!= AFI_IP
&& afi
!= AFI_IP6
)
3456 for (ALL_LIST_ELEMENTS_RO(bm
->bgp
, next
, to_bgp
)) {
3457 if (from_bgp
== to_bgp
)
3460 /* Unimport and remove source vrf from the
3461 * other vrfs import list.
3463 struct vpn_policy
*to_vpolicy
;
3465 is_vrf_leak_bind
= false;
3466 to_vpolicy
= &(to_bgp
->vpn_policy
[afi
]);
3467 for (ALL_LIST_ELEMENTS_RO(to_vpolicy
->import_vrf
, node
,
3469 if (strcmp(vname
, tmp_name
) == 0) {
3470 is_vrf_leak_bind
= true;
3474 /* skip this bgp instance as there is no leak to this
3477 if (!is_vrf_leak_bind
)
3481 zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u",
3482 __func__
, from_bgp
->name_pretty
,
3483 to_bgp
->name_pretty
, afi2str(afi
),
3484 to_vpolicy
->import_vrf
->count
);
3486 vrf_unimport_from_vrf(to_bgp
, from_bgp
, afi
, safi
);
3488 /* readd vrf name as unimport removes import vrf name
3489 * from the destination vrf's import list where the
3490 * `import vrf` configuration still exist.
3492 vname
= XSTRDUP(MTYPE_TMP
, tmp_name
);
3493 listnode_add(to_bgp
->vpn_policy
[afi
].import_vrf
,
3495 SET_FLAG(to_bgp
->af_flags
[afi
][safi
],
3496 BGP_CONFIG_VRF_TO_VRF_IMPORT
);
3498 /* If to_bgp exports its routes to the bgp vrf
3499 * which is being deleted, un-import the
3500 * to_bgp routes from VPN.
3502 for (ALL_LIST_ELEMENTS_RO(to_bgp
->vpn_policy
[afi
]
3505 if (strcmp(vname
, tmp_name
) == 0) {
3506 vrf_unimport_from_vrf(from_bgp
, to_bgp
,
3516 /* When a router bgp is configured, there could be a bgp vrf
3517 * instance importing routes from this newly configured
3518 * bgp vrf instance. Export routes from configured
3520 * VRF Y has import from bgp vrf x,
3521 * when a bgp vrf x instance is created, export its routes
3522 * to VRF Y instance.
3524 void bgp_vpn_leak_export(struct bgp
*from_bgp
)
3527 const char *export_name
;
3529 struct listnode
*node
, *next
;
3530 struct ecommunity
*ecom
;
3531 enum vpn_policy_direction idir
, edir
;
3532 safi_t safi
= SAFI_UNICAST
;
3536 debug
= (BGP_DEBUG(vpn
, VPN_LEAK_TO_VRF
) |
3537 BGP_DEBUG(vpn
, VPN_LEAK_FROM_VRF
));
3539 idir
= BGP_VPN_POLICY_DIR_FROMVPN
;
3540 edir
= BGP_VPN_POLICY_DIR_TOVPN
;
3542 export_name
= from_bgp
->name
? from_bgp
->name
: VRF_DEFAULT_NAME
;
3544 for (afi
= 0; afi
< AFI_MAX
; ++afi
) {
3545 /* vrf leak is for IPv4 and IPv6 Unicast only */
3546 if (afi
!= AFI_IP
&& afi
!= AFI_IP6
)
3549 for (ALL_LIST_ELEMENTS_RO(bm
->bgp
, next
, to_bgp
)) {
3550 if (from_bgp
== to_bgp
)
3553 /* bgp instance has import list, check to see if newly
3554 * configured bgp instance is the list.
3556 struct vpn_policy
*to_vpolicy
;
3558 to_vpolicy
= &(to_bgp
->vpn_policy
[afi
]);
3559 for (ALL_LIST_ELEMENTS_RO(to_vpolicy
->import_vrf
,
3561 if (strcmp(vname
, export_name
) != 0)
3565 zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.",
3567 export_name
, to_bgp
->name_pretty
);
3569 ecom
= from_bgp
->vpn_policy
[afi
].rtlist
[edir
];
3570 /* remove import rt, it will be readded
3571 * as part of import from vrf.
3575 to_vpolicy
->rtlist
[idir
],
3576 (struct ecommunity_val
*)
3578 vrf_import_from_vrf(to_bgp
, from_bgp
,