]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #2415 from qlyoung/pbr-table-range
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
1 /* MPLS-VPN
2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "command.h"
24 #include "prefix.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "stream.h"
28 #include "queue.h"
29 #include "filter.h"
30 #include "mpls.h"
31 #include "json.h"
32 #include "zclient.h"
33
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_table.h"
37 #include "bgpd/bgp_route.h"
38 #include "bgpd/bgp_attr.h"
39 #include "bgpd/bgp_label.h"
40 #include "bgpd/bgp_mplsvpn.h"
41 #include "bgpd/bgp_packet.h"
42 #include "bgpd/bgp_vty.h"
43 #include "bgpd/bgp_vpn.h"
44 #include "bgpd/bgp_ecommunity.h"
45 #include "bgpd/bgp_zebra.h"
46 #include "bgpd/bgp_nexthop.h"
47 #include "bgpd/bgp_nht.h"
48
49 #if ENABLE_BGP_VNC
50 #include "bgpd/rfapi/rfapi_backend.h"
51 #endif
52
53 /*
54 * Definitions and external declarations.
55 */
56 extern struct zclient *zclient;
57
58 extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
59 int *index, afi_t *afi)
60 {
61 int ret = 0;
62 if (argv_find(argv, argc, "vpnv4", index)) {
63 ret = 1;
64 if (afi)
65 *afi = AFI_IP;
66 } else if (argv_find(argv, argc, "vpnv6", index)) {
67 ret = 1;
68 if (afi)
69 *afi = AFI_IP6;
70 }
71 return ret;
72 }
73
74 uint32_t decode_label(mpls_label_t *label_pnt)
75 {
76 uint32_t l;
77 uint8_t *pnt = (uint8_t *)label_pnt;
78
79 l = ((uint32_t)*pnt++ << 12);
80 l |= (uint32_t)*pnt++ << 4;
81 l |= (uint32_t)((*pnt & 0xf0) >> 4);
82 return l;
83 }
84
85 void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
86 {
87 uint8_t *pnt = (uint8_t *)label_pnt;
88 if (pnt == NULL)
89 return;
90 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
91 *label_pnt = label;
92 return;
93 }
94 *pnt++ = (label >> 12) & 0xff;
95 *pnt++ = (label >> 4) & 0xff;
96 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
97 }
98
99 int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
100 struct bgp_nlri *packet)
101 {
102 uint8_t *pnt;
103 uint8_t *lim;
104 struct prefix p;
105 int psize = 0;
106 int prefixlen;
107 uint16_t type;
108 struct rd_as rd_as;
109 struct rd_ip rd_ip;
110 struct prefix_rd prd;
111 mpls_label_t label = {0};
112 afi_t afi;
113 safi_t safi;
114 int addpath_encoded;
115 uint32_t addpath_id;
116
117 /* Make prefix_rd */
118 prd.family = AF_UNSPEC;
119 prd.prefixlen = 64;
120
121 pnt = packet->nlri;
122 lim = pnt + packet->length;
123 afi = packet->afi;
124 safi = packet->safi;
125 addpath_id = 0;
126
127 addpath_encoded =
128 (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ADDPATH_AF_RX_ADV)
129 && CHECK_FLAG(peer->af_cap[afi][safi],
130 PEER_CAP_ADDPATH_AF_TX_RCV));
131
132 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
133 for (; pnt < lim; pnt += psize) {
134 /* Clear prefix structure. */
135 memset(&p, 0, sizeof(struct prefix));
136
137 if (addpath_encoded) {
138
139 /* When packet overflow occurs return immediately. */
140 if (pnt + BGP_ADDPATH_ID_LEN > lim)
141 return -1;
142
143 addpath_id = ntohl(*((uint32_t *)pnt));
144 pnt += BGP_ADDPATH_ID_LEN;
145 }
146
147 /* Fetch prefix length. */
148 prefixlen = *pnt++;
149 p.family = afi2family(packet->afi);
150 psize = PSIZE(prefixlen);
151
152 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
153 zlog_err(
154 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
155 peer->host, prefixlen);
156 return -1;
157 }
158
159 /* sanity check against packet data */
160 if ((pnt + psize) > lim) {
161 zlog_err(
162 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
163 peer->host, prefixlen, (uint)(lim - pnt));
164 return -1;
165 }
166
167 /* sanity check against storage for the IP address portion */
168 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
169 zlog_err(
170 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
171 peer->host,
172 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
173 sizeof(p.u));
174 return -1;
175 }
176
177 /* Sanity check against max bitlen of the address family */
178 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
179 zlog_err(
180 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
181 peer->host,
182 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
183 p.family, prefix_blen(&p));
184 return -1;
185 }
186
187 /* Copy label to prefix. */
188 memcpy(&label, pnt, BGP_LABEL_BYTES);
189 bgp_set_valid_label(&label);
190
191 /* Copy routing distinguisher to rd. */
192 memcpy(&prd.val, pnt + BGP_LABEL_BYTES, 8);
193
194 /* Decode RD type. */
195 type = decode_rd_type(pnt + BGP_LABEL_BYTES);
196
197 switch (type) {
198 case RD_TYPE_AS:
199 decode_rd_as(pnt + 5, &rd_as);
200 break;
201
202 case RD_TYPE_AS4:
203 decode_rd_as4(pnt + 5, &rd_as);
204 break;
205
206 case RD_TYPE_IP:
207 decode_rd_ip(pnt + 5, &rd_ip);
208 break;
209
210 #if ENABLE_BGP_VNC
211 case RD_TYPE_VNC_ETH:
212 break;
213 #endif
214
215 default:
216 zlog_err("Unknown RD type %d", type);
217 break; /* just report */
218 }
219
220 p.prefixlen =
221 prefixlen
222 - VPN_PREFIXLEN_MIN_BYTES * 8; /* exclude label & RD */
223 memcpy(&p.u.prefix, pnt + VPN_PREFIXLEN_MIN_BYTES,
224 psize - VPN_PREFIXLEN_MIN_BYTES);
225
226 if (attr) {
227 bgp_update(peer, &p, addpath_id, attr, packet->afi,
228 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
229 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
230 } else {
231 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
232 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
233 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
234 }
235 }
236 /* Packet length consistency check. */
237 if (pnt != lim) {
238 zlog_err(
239 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
240 peer->host, lim - pnt);
241 return -1;
242 }
243
244 return 0;
245 #undef VPN_PREFIXLEN_MIN_BYTES
246 }
247
248 /*
249 * This function informs zebra of the label this vrf sets on routes
250 * leaked to VPN. Zebra should install this label in the kernel with
251 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
252 *
253 * Sending this vrf-label association is qualified by a) whether vrf->vpn
254 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
255 * are set) and b) whether vpn-policy label is set.
256 *
257 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
258 * for this vrf, which zebra interprets to mean "delete this vrf-label
259 * association."
260 */
261 void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
262 {
263 mpls_label_t label = MPLS_LABEL_NONE;
264 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
265
266 if (bgp->vrf_id == VRF_UNKNOWN) {
267 if (debug) {
268 zlog_debug(
269 "%s: vrf %s: afi %s: vrf_id not set, "
270 "can't set zebra vrf label",
271 __func__, bgp->name_pretty, afi2str(afi));
272 }
273 return;
274 }
275
276 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
277 label = bgp->vpn_policy[afi].tovpn_label;
278 }
279
280 if (debug) {
281 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
282 __func__, bgp->name_pretty, afi2str(afi), label,
283 bgp->vrf_id);
284 }
285
286 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
287 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
288 }
289
290 /*
291 * If zebra tells us vrf has become unconfigured, tell zebra not to
292 * use this label to forward to the vrf anymore
293 */
294 void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
295 {
296 mpls_label_t label = MPLS_LABEL_NONE;
297 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
298
299 if (bgp->vrf_id == VRF_UNKNOWN) {
300 if (debug) {
301 zlog_debug(
302 "%s: vrf_id not set, can't delete zebra vrf label",
303 __func__);
304 }
305 return;
306 }
307
308 if (debug) {
309 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
310 bgp->name_pretty, bgp->vrf_id);
311 }
312
313 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
314 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
315 }
316
317 int vpn_leak_label_callback(
318 mpls_label_t label,
319 void *labelid,
320 bool allocated)
321 {
322 struct vpn_policy *vp = (struct vpn_policy *)labelid;
323 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
324
325 if (debug)
326 zlog_debug("%s: label=%u, allocated=%d",
327 __func__, label, allocated);
328
329 if (!allocated) {
330 /*
331 * previously-allocated label is now invalid
332 */
333 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
334 (vp->tovpn_label != MPLS_LABEL_NONE)) {
335
336 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
337 vp->afi, bgp_get_default(), vp->bgp);
338 vp->tovpn_label = MPLS_LABEL_NONE;
339 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
340 vp->afi, bgp_get_default(), vp->bgp);
341 }
342 return 0;
343 }
344
345 /*
346 * New label allocation
347 */
348 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
349
350 /*
351 * not currently configured for auto label, reject allocation
352 */
353 return -1;
354 }
355
356 if (vp->tovpn_label != MPLS_LABEL_NONE) {
357 if (label == vp->tovpn_label) {
358 /* already have same label, accept but do nothing */
359 return 0;
360 }
361 /* Shouldn't happen: different label allocation */
362 zlog_err("%s: %s had label %u but got new assignment %u",
363 __func__, vp->bgp->name_pretty, vp->tovpn_label, label);
364 /* use new one */
365 }
366
367 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
368 vp->afi, bgp_get_default(), vp->bgp);
369 vp->tovpn_label = label;
370 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
371 vp->afi, bgp_get_default(), vp->bgp);
372
373 return 0;
374 }
375
376 static int ecom_intersect(struct ecommunity *e1, struct ecommunity *e2)
377 {
378 int i;
379 int j;
380
381 if (!e1 || !e2)
382 return 0;
383
384 for (i = 0; i < e1->size; ++i) {
385 for (j = 0; j < e2->size; ++j) {
386 if (!memcmp(e1->val + (i * ECOMMUNITY_SIZE),
387 e2->val + (j * ECOMMUNITY_SIZE),
388 ECOMMUNITY_SIZE)) {
389
390 return 1;
391 }
392 }
393 }
394 return 0;
395 }
396
397 static bool labels_same(struct bgp_info *bi, mpls_label_t *label, uint32_t n)
398 {
399 uint32_t i;
400
401 if (!bi->extra) {
402 if (!n)
403 return true;
404 else
405 return false;
406 }
407
408 if (n != bi->extra->num_labels)
409 return false;
410
411 for (i = 0; i < n; ++i) {
412 if (label[i] != bi->extra->label[i])
413 return false;
414 }
415 return true;
416 }
417
418 /*
419 * make encoded route labels match specified encoded label set
420 */
421 static void setlabels(
422 struct bgp_info *bi,
423 mpls_label_t *label, /* array of labels */
424 uint32_t num_labels)
425 {
426 if (num_labels)
427 assert(label);
428 assert(num_labels <= BGP_MAX_LABELS);
429
430 if (!num_labels) {
431 if (bi->extra)
432 bi->extra->num_labels = 0;
433 return;
434 }
435
436 struct bgp_info_extra *extra = bgp_info_extra_get(bi);
437 uint32_t i;
438
439 for (i = 0; i < num_labels; ++i) {
440 extra->label[i] = label[i];
441 if (!bgp_is_valid_label(&label[i])) {
442 bgp_set_valid_label(&extra->label[i]);
443 }
444 }
445 extra->num_labels = num_labels;
446 }
447
448 /*
449 * returns pointer to new bgp_info upon success
450 */
451 static struct bgp_info *
452 leak_update(
453 struct bgp *bgp, /* destination bgp instance */
454 struct bgp_node *bn,
455 struct attr *new_attr, /* already interned */
456 afi_t afi,
457 safi_t safi,
458 struct bgp_info *source_bi,
459 mpls_label_t *label,
460 uint32_t num_labels,
461 void *parent,
462 struct bgp *bgp_orig,
463 struct prefix *nexthop_orig,
464 int nexthop_self_flag,
465 int debug)
466 {
467 struct prefix *p = &bn->p;
468 struct bgp_info *bi;
469 struct bgp_info *new;
470 char buf_prefix[PREFIX_STRLEN];
471
472 if (debug) {
473 prefix2str(&bn->p, buf_prefix, sizeof(buf_prefix));
474 zlog_debug("%s: entry: leak-to=%s, p=%s, type=%d, sub_type=%d",
475 __func__, bgp->name_pretty, buf_prefix,
476 source_bi->type, source_bi->sub_type);
477 }
478
479 /*
480 * match parent
481 */
482 for (bi = bn->info; bi; bi = bi->next) {
483 if (bi->extra && bi->extra->parent == parent)
484 break;
485 }
486
487 if (bi) {
488 bool labelssame = labels_same(bi, label, num_labels);
489
490 if (attrhash_cmp(bi->attr, new_attr)
491 && labelssame
492 && !CHECK_FLAG(bi->flags, BGP_INFO_REMOVED)) {
493
494 bgp_attr_unintern(&new_attr);
495 if (debug)
496 zlog_debug(
497 "%s: ->%s: %s: Found route, no change",
498 __func__, bgp->name_pretty,
499 buf_prefix);
500 return NULL;
501 }
502
503 /* attr is changed */
504 bgp_info_set_flag(bn, bi, BGP_INFO_ATTR_CHANGED);
505
506 /* Rewrite BGP route information. */
507 if (CHECK_FLAG(bi->flags, BGP_INFO_REMOVED))
508 bgp_info_restore(bn, bi);
509 else
510 bgp_aggregate_decrement(bgp, p, bi, afi, safi);
511 bgp_attr_unintern(&bi->attr);
512 bi->attr = new_attr;
513 bi->uptime = bgp_clock();
514
515 /*
516 * rewrite labels
517 */
518 if (!labelssame)
519 setlabels(bi, label, num_labels);
520
521 if (nexthop_self_flag)
522 bgp_info_set_flag(bn, bi, BGP_INFO_ANNC_NH_SELF);
523
524 struct bgp *bgp_nexthop = bgp;
525 int nh_valid;
526
527 if (bi->extra && bi->extra->bgp_orig)
528 bgp_nexthop = bi->extra->bgp_orig;
529
530 /* No nexthop tracking for redistributed routes */
531 if (source_bi->sub_type == BGP_ROUTE_REDISTRIBUTE)
532 nh_valid = 1;
533 else
534 /*
535 * TBD do we need to do anything about the
536 * 'connected' parameter?
537 */
538 nh_valid = bgp_find_or_add_nexthop(
539 bgp, bgp_nexthop,
540 afi, bi, NULL, 0);
541
542 if (debug)
543 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
544 __func__, (nh_valid ? "" : "not "),
545 bgp_nexthop->name_pretty);
546
547 if (nh_valid)
548 bgp_info_set_flag(bn, bi, BGP_INFO_VALID);
549
550 /* Process change. */
551 bgp_aggregate_increment(bgp, p, bi, afi, safi);
552 bgp_process(bgp, bn, afi, safi);
553 bgp_unlock_node(bn);
554
555 if (debug)
556 zlog_debug("%s: ->%s: %s Found route, changed attr",
557 __func__, bgp->name_pretty, buf_prefix);
558
559 return NULL;
560 }
561
562 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
563 bgp->peer_self, new_attr, bn);
564
565 if (nexthop_self_flag)
566 bgp_info_set_flag(bn, new, BGP_INFO_ANNC_NH_SELF);
567
568 bgp_info_extra_get(new);
569
570 if (num_labels)
571 setlabels(new, label, num_labels);
572
573 new->extra->parent = bgp_info_lock(parent);
574 bgp_lock_node((struct bgp_node *)((struct bgp_info *)parent)->net);
575 if (bgp_orig)
576 new->extra->bgp_orig = bgp_lock(bgp_orig);
577 if (nexthop_orig)
578 new->extra->nexthop_orig = *nexthop_orig;
579
580 /*
581 * nexthop tracking for unicast routes
582 */
583 struct bgp *bgp_nexthop = bgp;
584 int nh_valid;
585
586 if (new->extra->bgp_orig)
587 bgp_nexthop = new->extra->bgp_orig;
588
589 /*
590 * No nexthop tracking for redistributed routes because
591 * their originating protocols will do the tracking and
592 * withdraw those routes if the nexthops become unreachable
593 */
594 if (source_bi->sub_type == BGP_ROUTE_REDISTRIBUTE)
595 nh_valid = 1;
596 else
597 /*
598 * TBD do we need to do anything about the
599 * 'connected' parameter?
600 */
601 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop,
602 afi, new, NULL, 0);
603
604 if (debug)
605 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
606 __func__, (nh_valid ? "" : "not "),
607 bgp_nexthop->name_pretty);
608 if (nh_valid)
609 bgp_info_set_flag(bn, new, BGP_INFO_VALID);
610
611 bgp_aggregate_increment(bgp, p, new, afi, safi);
612 bgp_info_add(bn, new);
613
614 bgp_unlock_node(bn);
615 bgp_process(bgp, bn, afi, safi);
616
617 if (debug)
618 zlog_debug("%s: ->%s: %s: Added new route", __func__,
619 bgp->name_pretty, buf_prefix);
620
621 return new;
622 }
623
624 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
625 void vpn_leak_from_vrf_update(struct bgp *bgp_vpn, /* to */
626 struct bgp *bgp_vrf, /* from */
627 struct bgp_info *info_vrf) /* route */
628 {
629 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
630 struct prefix *p = &info_vrf->net->p;
631 afi_t afi = family2afi(p->family);
632 struct attr static_attr = {0};
633 struct attr *new_attr = NULL;
634 safi_t safi = SAFI_MPLS_VPN;
635 mpls_label_t label_val;
636 mpls_label_t label;
637 struct bgp_node *bn;
638 const char *debugmsg;
639 int nexthop_self_flag = 0;
640
641 if (debug)
642 zlog_debug("%s: from vrf %s", __func__, bgp_vrf->name_pretty);
643
644 if (debug && info_vrf->attr->ecommunity) {
645 char *s = ecommunity_ecom2str(info_vrf->attr->ecommunity,
646 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
647
648 zlog_debug("%s: %s info_vrf->type=%d, EC{%s}", __func__,
649 bgp_vrf->name, info_vrf->type, s);
650 XFREE(MTYPE_ECOMMUNITY_STR, s);
651 }
652
653 if (!bgp_vpn)
654 return;
655
656 if (!afi) {
657 if (debug)
658 zlog_debug("%s: can't get afi of prefix", __func__);
659 return;
660 }
661
662 /* loop check - should not be an imported route. */
663 if (info_vrf->extra && info_vrf->extra->bgp_orig)
664 return;
665
666
667 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
668 if (debug)
669 zlog_debug("%s: %s skipping: %s", __func__,
670 bgp_vrf->name, debugmsg);
671 return;
672 }
673
674 bgp_attr_dup(&static_attr, info_vrf->attr); /* shallow copy */
675
676 /*
677 * route map handling
678 */
679 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
680 struct bgp_info info;
681 route_map_result_t ret;
682
683 memset(&info, 0, sizeof(info));
684 info.peer = bgp_vpn->peer_self;
685 info.attr = &static_attr;
686 ret = route_map_apply(
687 bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN],
688 p, RMAP_BGP, &info);
689 if (RMAP_DENYMATCH == ret) {
690 bgp_attr_flush(&static_attr); /* free any added parts */
691 if (debug)
692 zlog_debug(
693 "%s: vrf %s route map \"%s\" says DENY, returning",
694 __func__, bgp_vrf->name_pretty,
695 bgp_vrf->vpn_policy[afi]
696 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
697 ->name);
698 return;
699 }
700 }
701
702 if (debug && static_attr.ecommunity) {
703 char *s = ecommunity_ecom2str(static_attr.ecommunity,
704 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
705
706 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
707 __func__, s);
708 XFREE(MTYPE_ECOMMUNITY_STR, s);
709 }
710
711 /*
712 * Add the vpn-policy rt-list
713 */
714 struct ecommunity *old_ecom;
715 struct ecommunity *new_ecom;
716
717 old_ecom = static_attr.ecommunity;
718 if (old_ecom) {
719 new_ecom = ecommunity_merge(
720 ecommunity_dup(old_ecom),
721 bgp_vrf->vpn_policy[afi]
722 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
723 if (!old_ecom->refcnt)
724 ecommunity_free(&old_ecom);
725 } else {
726 new_ecom = ecommunity_dup(
727 bgp_vrf->vpn_policy[afi]
728 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
729 }
730 static_attr.ecommunity = new_ecom;
731 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
732
733 if (debug && static_attr.ecommunity) {
734 char *s = ecommunity_ecom2str(static_attr.ecommunity,
735 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
736
737 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
738 __func__, s);
739 XFREE(MTYPE_ECOMMUNITY_STR, s);
740 }
741
742 /* Nexthop */
743 /* if policy nexthop not set, use 0 */
744 if (CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
745 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
746 struct prefix *nexthop =
747 &bgp_vrf->vpn_policy[afi].tovpn_nexthop;
748
749 switch (nexthop->family) {
750 case AF_INET:
751 /* prevent mp_nexthop_global_in <- self in bgp_route.c
752 */
753 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
754
755 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
756 static_attr.mp_nexthop_len = 4;
757 break;
758
759 case AF_INET6:
760 static_attr.mp_nexthop_global = nexthop->u.prefix6;
761 static_attr.mp_nexthop_len = 16;
762 break;
763
764 default:
765 assert(0);
766 }
767 } else {
768 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST],
769 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
770 if (afi == AFI_IP) {
771 /*
772 * For ipv4, copy to multiprotocol
773 * nexthop field
774 */
775 static_attr.mp_nexthop_global_in =
776 static_attr.nexthop;
777 static_attr.mp_nexthop_len = 4;
778 /*
779 * XXX Leave static_attr.nexthop
780 * intact for NHT
781 */
782 static_attr.flag &=
783 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
784 }
785 } else {
786 /* Update based on next-hop family to account for
787 * RFC 5549 (BGP unnumbered) scenario. Note that
788 * specific action is only needed for the case of
789 * IPv4 nexthops as the attr has been copied
790 * otherwise.
791 */
792 if (afi == AFI_IP &&
793 !BGP_ATTR_NEXTHOP_AFI_IP6(info_vrf->attr)) {
794 static_attr.mp_nexthop_global_in.s_addr =
795 static_attr.nexthop.s_addr;
796 static_attr.mp_nexthop_len = 4;
797 static_attr.flag |=
798 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
799 }
800 }
801 nexthop_self_flag = 1;
802 }
803
804 label_val = bgp_vrf->vpn_policy[afi].tovpn_label;
805 if (label_val == MPLS_LABEL_NONE) {
806 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
807 } else {
808 encode_label(label_val, &label);
809 }
810
811 /* Set originator ID to "me" */
812 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
813 static_attr.originator_id = bgp_vpn->router_id;
814
815
816 new_attr = bgp_attr_intern(
817 &static_attr); /* hashed refcounted everything */
818 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
819
820 if (debug && new_attr->ecommunity) {
821 char *s = ecommunity_ecom2str(new_attr->ecommunity,
822 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
823
824 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
825 XFREE(MTYPE_ECOMMUNITY_STR, s);
826 }
827
828 /* Now new_attr is an allocated interned attr */
829
830 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
831 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
832
833 struct bgp_info *new_info;
834
835 new_info = leak_update(bgp_vpn, bn, new_attr, afi, safi, info_vrf,
836 &label, 1, info_vrf, bgp_vrf, NULL,
837 nexthop_self_flag, debug);
838
839 /*
840 * Routes actually installed in the vpn RIB must also be
841 * offered to all vrfs (because now they originate from
842 * the vpn RIB).
843 *
844 * Acceptance into other vrfs depends on rt-lists.
845 * Originating vrf will not accept the looped back route
846 * because of loop checking.
847 */
848 if (new_info)
849 vpn_leak_to_vrf_update(bgp_vrf, new_info);
850 }
851
852 void vpn_leak_from_vrf_withdraw(struct bgp *bgp_vpn, /* to */
853 struct bgp *bgp_vrf, /* from */
854 struct bgp_info *info_vrf) /* route */
855 {
856 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
857 struct prefix *p = &info_vrf->net->p;
858 afi_t afi = family2afi(p->family);
859 safi_t safi = SAFI_MPLS_VPN;
860 struct bgp_info *bi;
861 struct bgp_node *bn;
862 const char *debugmsg;
863 char buf_prefix[PREFIX_STRLEN];
864
865 if (debug) {
866 prefix2str(p, buf_prefix, sizeof(buf_prefix));
867 zlog_debug(
868 "%s: entry: leak-from=%s, p=%s, type=%d, sub_type=%d",
869 __func__, bgp_vrf->name_pretty, buf_prefix,
870 info_vrf->type, info_vrf->sub_type);
871 }
872
873 if (info_vrf->sub_type != BGP_ROUTE_NORMAL
874 && info_vrf->sub_type != BGP_ROUTE_STATIC
875 && info_vrf->sub_type != BGP_ROUTE_REDISTRIBUTE) {
876
877 if (debug)
878 zlog_debug("%s: wrong sub_type %d", __func__,
879 info_vrf->sub_type);
880 return;
881 }
882 if (!bgp_vpn)
883 return;
884
885 if (!afi) {
886 if (debug)
887 zlog_debug("%s: can't get afi of prefix", __func__);
888 return;
889 }
890
891 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
892 if (debug)
893 zlog_debug("%s: skipping: %s", __func__, debugmsg);
894 return;
895 }
896
897 if (debug)
898 zlog_debug("%s: withdrawing (info_vrf=%p)", __func__, info_vrf);
899
900 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
901 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
902
903 /*
904 * vrf -> vpn
905 * match original bi imported from
906 */
907 for (bi = (bn ? bn->info : NULL); bi; bi = bi->next) {
908 if (bi->extra && bi->extra->parent == info_vrf) {
909 break;
910 }
911 }
912
913 if (bi) {
914 /* withdraw from looped vrfs as well */
915 vpn_leak_to_vrf_withdraw(bgp_vpn, bi);
916
917 bgp_aggregate_decrement(bgp_vpn, p, bi, afi, safi);
918 bgp_info_delete(bn, bi);
919 bgp_process(bgp_vpn, bn, afi, safi);
920 }
921 bgp_unlock_node(bn);
922 }
923
924 void vpn_leak_from_vrf_withdraw_all(struct bgp *bgp_vpn, /* to */
925 struct bgp *bgp_vrf, /* from */
926 afi_t afi)
927 {
928 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
929 struct bgp_node *prn;
930 safi_t safi = SAFI_MPLS_VPN;
931
932 /*
933 * Walk vpn table, delete bi with bgp_orig == bgp_vrf
934 */
935 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
936 prn = bgp_route_next(prn)) {
937
938 struct bgp_table *table;
939 struct bgp_node *bn;
940 struct bgp_info *bi;
941
942 /* This is the per-RD table of prefixes */
943 table = prn->info;
944
945 if (!table)
946 continue;
947
948 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
949
950 char buf[PREFIX2STR_BUFFER];
951
952 if (debug && bn->info) {
953 zlog_debug(
954 "%s: looking at prefix %s", __func__,
955 prefix2str(&bn->p, buf, sizeof(buf)));
956 }
957
958 for (bi = bn->info; bi; bi = bi->next) {
959 if (debug)
960 zlog_debug("%s: type %d, sub_type %d",
961 __func__, bi->type,
962 bi->sub_type);
963 if (bi->sub_type != BGP_ROUTE_IMPORTED)
964 continue;
965 if (!bi->extra)
966 continue;
967 if ((struct bgp *)bi->extra->bgp_orig
968 == bgp_vrf) {
969 /* delete route */
970 if (debug)
971 zlog_debug("%s: deleting it\n",
972 __func__);
973 bgp_aggregate_decrement(bgp_vpn, &bn->p,
974 bi, afi, safi);
975 bgp_info_delete(bn, bi);
976 bgp_process(bgp_vpn, bn, afi, safi);
977 }
978 }
979 }
980 }
981 }
982
983 void vpn_leak_from_vrf_update_all(struct bgp *bgp_vpn, /* to */
984 struct bgp *bgp_vrf, /* from */
985 afi_t afi)
986 {
987 struct bgp_node *bn;
988 struct bgp_info *bi;
989 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
990
991 if (debug)
992 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
993 bgp_vrf->name_pretty);
994
995 for (bn = bgp_table_top(bgp_vrf->rib[afi][SAFI_UNICAST]); bn;
996 bn = bgp_route_next(bn)) {
997
998 if (debug)
999 zlog_debug("%s: node=%p", __func__, bn);
1000
1001 for (bi = bn->info; bi; bi = bi->next) {
1002 if (debug)
1003 zlog_debug(
1004 "%s: calling vpn_leak_from_vrf_update",
1005 __func__);
1006 vpn_leak_from_vrf_update(bgp_vpn, bgp_vrf, bi);
1007 }
1008 }
1009 }
1010
1011 static void vpn_leak_to_vrf_update_onevrf(struct bgp *bgp_vrf, /* to */
1012 struct bgp *bgp_vpn, /* from */
1013 struct bgp_info *info_vpn) /* route */
1014 {
1015 struct prefix *p = &info_vpn->net->p;
1016 afi_t afi = family2afi(p->family);
1017
1018 struct attr static_attr = {0};
1019 struct attr *new_attr = NULL;
1020 struct bgp_node *bn;
1021 safi_t safi = SAFI_UNICAST;
1022 const char *debugmsg;
1023 struct prefix nexthop_orig;
1024 mpls_label_t *pLabels = NULL;
1025 uint32_t num_labels = 0;
1026 int nexthop_self_flag = 1;
1027 struct bgp_info *bi_ultimate = NULL;
1028 int origin_local = 0;
1029 struct bgp *src_vrf;
1030
1031 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1032
1033 if (!vpn_leak_from_vpn_active(bgp_vrf, afi, &debugmsg)) {
1034 if (debug)
1035 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1036 return;
1037 }
1038
1039 /* Check for intersection of route targets */
1040 if (!ecom_intersect(
1041 bgp_vrf->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1042 info_vpn->attr->ecommunity)) {
1043
1044 return;
1045 }
1046
1047 if (debug)
1048 zlog_debug("%s: updating to vrf %s", __func__,
1049 bgp_vrf->name_pretty);
1050
1051 bgp_attr_dup(&static_attr, info_vpn->attr); /* shallow copy */
1052
1053 /*
1054 * Nexthop: stash and clear
1055 *
1056 * Nexthop is valid in context of VPN core, but not in destination vrf.
1057 * Stash it for later label resolution by vrf ingress path and then
1058 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1059 */
1060 uint8_t nhfamily = NEXTHOP_FAMILY(info_vpn->attr->mp_nexthop_len);
1061
1062 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1063 nexthop_orig.family = nhfamily;
1064
1065 switch (nhfamily) {
1066 case AF_INET:
1067 /* save */
1068 nexthop_orig.u.prefix4 = info_vpn->attr->mp_nexthop_global_in;
1069 nexthop_orig.prefixlen = 32;
1070
1071 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1072 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1073 static_attr.nexthop.s_addr =
1074 nexthop_orig.u.prefix4.s_addr;
1075
1076 static_attr.mp_nexthop_global_in =
1077 info_vpn->attr->mp_nexthop_global_in;
1078 static_attr.mp_nexthop_len =
1079 info_vpn->attr->mp_nexthop_len;
1080 }
1081 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1082 break;
1083 case AF_INET6:
1084 /* save */
1085 nexthop_orig.u.prefix6 = info_vpn->attr->mp_nexthop_global;
1086 nexthop_orig.prefixlen = 128;
1087
1088 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1089 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1090 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
1091 }
1092 break;
1093 }
1094
1095 /*
1096 * route map handling
1097 */
1098 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
1099 struct bgp_info info;
1100 route_map_result_t ret;
1101
1102 memset(&info, 0, sizeof(info));
1103 info.peer = bgp_vrf->peer_self;
1104 info.attr = &static_attr;
1105 ret = route_map_apply(bgp_vrf->vpn_policy[afi]
1106 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
1107 p, RMAP_BGP, &info);
1108 if (RMAP_DENYMATCH == ret) {
1109 bgp_attr_flush(&static_attr); /* free any added parts */
1110 if (debug)
1111 zlog_debug(
1112 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
1113 __func__, bgp_vrf->name_pretty,
1114 bgp_vrf->vpn_policy[afi]
1115 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
1116 ->name);
1117 return;
1118 }
1119 /*
1120 * if route-map changed nexthop, don't nexthop-self on output
1121 */
1122 if (!CHECK_FLAG(static_attr.rmap_change_flags,
1123 BATTR_RMAP_NEXTHOP_UNCHANGED))
1124 nexthop_self_flag = 0;
1125 }
1126
1127 new_attr = bgp_attr_intern(&static_attr);
1128 bgp_attr_flush(&static_attr);
1129
1130 bn = bgp_afi_node_get(bgp_vrf->rib[afi][safi], afi, safi, p, NULL);
1131
1132 /*
1133 * ensure labels are copied
1134 *
1135 * However, there is a special case: if the route originated in
1136 * another local VRF (as opposed to arriving via VPN), then the
1137 * nexthop is reached by hairpinning through this router (me)
1138 * using IP forwarding only (no LSP). Therefore, the route
1139 * imported to the VRF should not have labels attached. Note
1140 * that nexthop tracking is also involved: eliminating the
1141 * labels for these routes enables the non-labeled nexthops
1142 * from the originating VRF to be considered valid for this route.
1143 */
1144 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1145 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1146 /* work back to original route */
1147 for (bi_ultimate = info_vpn;
1148 bi_ultimate->extra && bi_ultimate->extra->parent;
1149 bi_ultimate = bi_ultimate->extra->parent)
1150 ;
1151
1152 /*
1153 * if original route was unicast,
1154 * then it did not arrive over vpn
1155 */
1156 if (bi_ultimate->net) {
1157 struct bgp_table *table;
1158
1159 table = bgp_node_table(bi_ultimate->net);
1160 if (table && (table->safi == SAFI_UNICAST))
1161 origin_local = 1;
1162 }
1163
1164 /* copy labels */
1165 if (!origin_local &&
1166 info_vpn->extra && info_vpn->extra->num_labels) {
1167 num_labels = info_vpn->extra->num_labels;
1168 if (num_labels > BGP_MAX_LABELS)
1169 num_labels = BGP_MAX_LABELS;
1170 pLabels = info_vpn->extra->label;
1171 }
1172 }
1173
1174 if (debug) {
1175 char buf_prefix[PREFIX_STRLEN];
1176 prefix2str(p, buf_prefix, sizeof(buf_prefix));
1177 zlog_debug("%s: pfx %s: num_labels %d", __func__, buf_prefix,
1178 num_labels);
1179 }
1180
1181 /*
1182 * For VRF-2-VRF route-leaking,
1183 * the source will be the originating VRF.
1184 */
1185 if (info_vpn->extra && info_vpn->extra->bgp_orig)
1186 src_vrf = info_vpn->extra->bgp_orig;
1187 else
1188 src_vrf = bgp_vpn;
1189
1190 leak_update(bgp_vrf, bn, new_attr, afi, safi, info_vpn,
1191 pLabels, num_labels,
1192 info_vpn, /* parent */
1193 src_vrf, &nexthop_orig, nexthop_self_flag, debug);
1194 }
1195
1196 void vpn_leak_to_vrf_update(struct bgp *bgp_vpn, /* from */
1197 struct bgp_info *info_vpn) /* route */
1198 {
1199 struct listnode *mnode, *mnnode;
1200 struct bgp *bgp;
1201
1202 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1203
1204 if (debug)
1205 zlog_debug("%s: start (info_vpn=%p)", __func__, info_vpn);
1206
1207 /* Loop over VRFs */
1208 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1209
1210 if (!info_vpn->extra
1211 || info_vpn->extra->bgp_orig != bgp) { /* no loop */
1212 vpn_leak_to_vrf_update_onevrf(bgp, bgp_vpn, info_vpn);
1213 }
1214 }
1215 }
1216
1217 void vpn_leak_to_vrf_withdraw(struct bgp *bgp_vpn, /* from */
1218 struct bgp_info *info_vpn) /* route */
1219 {
1220 struct prefix *p;
1221 afi_t afi;
1222 safi_t safi = SAFI_UNICAST;
1223 struct bgp *bgp;
1224 struct listnode *mnode, *mnnode;
1225 struct bgp_node *bn;
1226 struct bgp_info *bi;
1227 const char *debugmsg;
1228 char buf_prefix[PREFIX_STRLEN];
1229
1230 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1231
1232 if (debug) {
1233 prefix2str(&info_vpn->net->p, buf_prefix, sizeof(buf_prefix));
1234 zlog_debug("%s: entry: p=%s, type=%d, sub_type=%d",
1235 __func__, buf_prefix,
1236 info_vpn->type, info_vpn->sub_type);
1237 }
1238
1239 if (debug)
1240 zlog_debug("%s: start (info_vpn=%p)", __func__, info_vpn);
1241
1242 if (!info_vpn->net) {
1243 #if ENABLE_BGP_VNC
1244 /* BGP_ROUTE_RFP routes do not have info_vpn->net set (yet) */
1245 if (info_vpn->type == ZEBRA_ROUTE_BGP &&
1246 info_vpn->sub_type == BGP_ROUTE_RFP) {
1247
1248 return;
1249 }
1250 #endif
1251 if (debug)
1252 zlog_debug("%s: info_vpn->net unexpectedly NULL, no prefix, bailing",
1253 __func__);
1254 return;
1255 }
1256
1257 p = &info_vpn->net->p;
1258 afi = family2afi(p->family);
1259
1260 /* Loop over VRFs */
1261 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1262 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
1263 if (debug)
1264 zlog_debug("%s: skipping: %s", __func__,
1265 debugmsg);
1266 continue;
1267 }
1268
1269 /* Check for intersection of route targets */
1270 if (!ecom_intersect(bgp->vpn_policy[afi]
1271 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1272 info_vpn->attr->ecommunity)) {
1273
1274 continue;
1275 }
1276
1277 if (debug)
1278 zlog_debug("%s: withdrawing from vrf %s", __func__,
1279 bgp->name_pretty);
1280
1281 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
1282 for (bi = (bn ? bn->info : NULL); bi; bi = bi->next) {
1283 if (bi->extra
1284 && (struct bgp_info *)bi->extra->parent
1285 == info_vpn) {
1286 break;
1287 }
1288 }
1289
1290 if (bi) {
1291 if (debug)
1292 zlog_debug("%s: deleting bi %p", __func__, bi);
1293 bgp_aggregate_decrement(bgp, p, bi, afi, safi);
1294 bgp_info_delete(bn, bi);
1295 bgp_process(bgp, bn, afi, safi);
1296 }
1297 bgp_unlock_node(bn);
1298 }
1299 }
1300
1301 void vpn_leak_to_vrf_withdraw_all(struct bgp *bgp_vrf, /* to */
1302 afi_t afi)
1303 {
1304 struct bgp_node *bn;
1305 struct bgp_info *bi;
1306 safi_t safi = SAFI_UNICAST;
1307 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1308
1309 if (debug)
1310 zlog_debug("%s: entry", __func__);
1311 /*
1312 * Walk vrf table, delete bi with bgp_orig in a different vrf
1313 */
1314 for (bn = bgp_table_top(bgp_vrf->rib[afi][safi]); bn;
1315 bn = bgp_route_next(bn)) {
1316
1317 for (bi = bn->info; bi; bi = bi->next) {
1318 if (bi->extra && bi->extra->bgp_orig != bgp_vrf) {
1319
1320 /* delete route */
1321 bgp_aggregate_decrement(bgp_vrf, &bn->p, bi,
1322 afi, safi);
1323 bgp_info_delete(bn, bi);
1324 bgp_process(bgp_vrf, bn, afi, safi);
1325 }
1326 }
1327 }
1328 }
1329
1330 void vpn_leak_to_vrf_update_all(struct bgp *bgp_vrf, /* to */
1331 struct bgp *bgp_vpn, /* from */
1332 afi_t afi)
1333 {
1334 struct prefix_rd prd;
1335 struct bgp_node *prn;
1336 safi_t safi = SAFI_MPLS_VPN;
1337
1338 if (!bgp_vpn)
1339 return;
1340
1341 /*
1342 * Walk vpn table
1343 */
1344 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
1345 prn = bgp_route_next(prn)) {
1346
1347 struct bgp_table *table;
1348 struct bgp_node *bn;
1349 struct bgp_info *bi;
1350
1351 memset(&prd, 0, sizeof(prd));
1352 prd.family = AF_UNSPEC;
1353 prd.prefixlen = 64;
1354 memcpy(prd.val, prn->p.u.val, 8);
1355
1356 /* This is the per-RD table of prefixes */
1357 table = prn->info;
1358
1359 if (!table)
1360 continue;
1361
1362 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1363
1364 for (bi = bn->info; bi; bi = bi->next) {
1365
1366 if (bi->extra && bi->extra->bgp_orig == bgp_vrf)
1367 continue;
1368
1369 vpn_leak_to_vrf_update_onevrf(bgp_vrf, bgp_vpn,
1370 bi);
1371 }
1372 }
1373 }
1374 }
1375
1376 /*
1377 * This function is called for definition/deletion/change to a route-map
1378 */
1379 static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
1380 {
1381 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1382 afi_t afi;
1383 struct route_map *rmap;
1384
1385 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1386 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
1387
1388 return;
1389 }
1390
1391 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
1392
1393 for (afi = 0; afi < AFI_MAX; ++afi) {
1394
1395 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
1396 && !strcmp(rmap_name,
1397 bgp->vpn_policy[afi]
1398 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
1399
1400 if (debug)
1401 zlog_debug(
1402 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
1403 __func__, rmap_name, bgp->as,
1404 afi2str(afi));
1405
1406 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1407 bgp_get_default(), bgp);
1408 if (debug)
1409 zlog_debug("%s: after vpn_leak_prechange",
1410 __func__);
1411
1412 /* in case of definition/deletion */
1413 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
1414 rmap;
1415
1416 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1417 bgp_get_default(), bgp);
1418
1419 if (debug)
1420 zlog_debug("%s: after vpn_leak_postchange",
1421 __func__);
1422 }
1423
1424 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
1425 && !strcmp(rmap_name,
1426 bgp->vpn_policy[afi]
1427 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
1428
1429 if (debug) {
1430 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
1431 __func__, rmap_name, bgp->as,
1432 afi2str(afi));
1433 }
1434
1435 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1436 bgp_get_default(), bgp);
1437
1438 /* in case of definition/deletion */
1439 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
1440 rmap;
1441
1442 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1443 bgp_get_default(), bgp);
1444 }
1445 }
1446 }
1447
1448 void vpn_policy_routemap_event(const char *rmap_name)
1449 {
1450 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1451 struct listnode *mnode, *mnnode;
1452 struct bgp *bgp;
1453
1454 if (debug)
1455 zlog_debug("%s: entry", __func__);
1456
1457 if (bm->bgp == NULL) /* may be called during cleanup */
1458 return;
1459
1460 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
1461 vpn_policy_routemap_update(bgp, rmap_name);
1462 }
1463
1464 void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
1465 afi_t afi, safi_t safi)
1466 {
1467 const char *export_name;
1468 vpn_policy_direction_t idir, edir;
1469 char *vname;
1470 char buf[1000];
1471 struct ecommunity *ecom;
1472 bool first_export = false;
1473
1474 export_name = to_bgp->name ? to_bgp->name : BGP_DEFAULT_NAME;
1475 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1476 edir = BGP_VPN_POLICY_DIR_TOVPN;
1477
1478 /*
1479 * Cross-ref both VRFs. Also, note if this is the first time
1480 * any VRF is importing from "import_vrf".
1481 */
1482 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
1483 : XSTRDUP(MTYPE_TMP, BGP_DEFAULT_NAME));
1484
1485 listnode_add(to_bgp->vpn_policy[afi].import_vrf, vname);
1486
1487 if (!listcount(from_bgp->vpn_policy[afi].export_vrf))
1488 first_export = true;
1489 vname = XSTRDUP(MTYPE_TMP, export_name);
1490 listnode_add(from_bgp->vpn_policy[afi].export_vrf, vname);
1491
1492 /* Update import RT for current VRF using export RT of the VRF we're
1493 * importing from. First though, make sure "import_vrf" has that
1494 * set.
1495 */
1496 if (first_export) {
1497 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
1498 &from_bgp->vrf_prd_auto);
1499 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
1500 SET_FLAG(from_bgp->vpn_policy[afi].flags,
1501 BGP_VPN_POLICY_TOVPN_RD_SET);
1502 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
1503 buf, sizeof(buf));
1504 from_bgp->vpn_policy[afi].rtlist[edir] =
1505 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
1506 SET_FLAG(from_bgp->af_flags[afi][safi],
1507 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1508 from_bgp->vpn_policy[afi].tovpn_label =
1509 BGP_PREVENT_VRF_2_VRF_LEAK;
1510 }
1511 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1512 if (to_bgp->vpn_policy[afi].rtlist[idir])
1513 to_bgp->vpn_policy[afi].rtlist[idir] =
1514 ecommunity_merge(to_bgp->vpn_policy[afi]
1515 .rtlist[idir], ecom);
1516 else
1517 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
1518 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
1519
1520 /* Does "import_vrf" first need to export its routes or that
1521 * is already done and we just need to import those routes
1522 * from the global table?
1523 */
1524 if (first_export)
1525 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
1526 else
1527 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
1528 }
1529
1530 void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
1531 afi_t afi, safi_t safi)
1532 {
1533 const char *export_name, *tmp_name;
1534 vpn_policy_direction_t idir, edir;
1535 char *vname;
1536 struct ecommunity *ecom;
1537 struct listnode *node;
1538
1539 export_name = to_bgp->name ? to_bgp->name : BGP_DEFAULT_NAME;
1540 tmp_name = from_bgp->name ? from_bgp->name : BGP_DEFAULT_NAME;
1541 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1542 edir = BGP_VPN_POLICY_DIR_TOVPN;
1543
1544 /* Were we importing from "import_vrf"? */
1545 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
1546 vname)) {
1547 if (strcmp(vname, tmp_name) == 0)
1548 break;
1549 }
1550
1551 /*
1552 * We do not check in the cli if the passed in bgp
1553 * instance is actually imported into us before
1554 * we call this function. As such if we do not
1555 * find this in the import_vrf list than
1556 * we just need to return safely.
1557 */
1558 if (!vname)
1559 return;
1560
1561 /* Remove "import_vrf" from our import list. */
1562 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
1563 XFREE(MTYPE_TMP, vname);
1564
1565 /* Remove routes imported from "import_vrf". */
1566 /* TODO: In the current logic, we have to first remove all
1567 * imported routes and then (if needed) import back routes
1568 */
1569 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
1570
1571 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
1572 UNSET_FLAG(to_bgp->af_flags[afi][safi],
1573 BGP_CONFIG_VRF_TO_VRF_IMPORT);
1574 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
1575 } else {
1576 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1577 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
1578 (struct ecommunity_val *)ecom->val);
1579 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
1580 }
1581
1582 /*
1583 * What?
1584 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
1585 * below is checking for NULL that export_vrf can be
1586 * NULL, consequently it is complaining( like a cabbage )
1587 * that we could dereference and crash in the listcount(..)
1588 * check below.
1589 * So make it happy, under protest, with liberty and justice
1590 * for all.
1591 */
1592 assert(from_bgp->vpn_policy[afi].export_vrf);
1593
1594 /* Remove us from "import_vrf's" export list. If no other VRF
1595 * is importing from "import_vrf", cleanup appropriately.
1596 */
1597 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
1598 node, vname)) {
1599 if (strcmp(vname, export_name) == 0)
1600 break;
1601 }
1602
1603 /*
1604 * If we have gotten to this point then the vname must
1605 * exist. If not, we are in a world of trouble and
1606 * have slag sitting around.
1607 *
1608 * import_vrf and export_vrf must match in having
1609 * the in/out names as appropriate.
1610 */
1611 assert(vname);
1612
1613 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
1614 XFREE(MTYPE_TMP, vname);
1615
1616 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
1617 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
1618 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
1619 UNSET_FLAG(from_bgp->af_flags[afi][safi],
1620 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1621 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
1622 sizeof(struct prefix_rd));
1623 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
1624 BGP_VPN_POLICY_TOVPN_RD_SET);
1625 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
1626
1627 }
1628 }
1629
1630 /* For testing purpose, static route of MPLS-VPN. */
1631 DEFUN (vpnv4_network,
1632 vpnv4_network_cmd,
1633 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1634 "Specify a network to announce via BGP\n"
1635 "IPv4 prefix\n"
1636 "Specify Route Distinguisher\n"
1637 "VPN Route Distinguisher\n"
1638 "VPN NLRI label (tag)\n"
1639 "VPN NLRI label (tag)\n"
1640 "Label value\n")
1641 {
1642 int idx_ipv4_prefixlen = 1;
1643 int idx_ext_community = 3;
1644 int idx_label = 5;
1645 return bgp_static_set_safi(
1646 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1647 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
1648 NULL, NULL, NULL, NULL);
1649 }
1650
1651 DEFUN (vpnv4_network_route_map,
1652 vpnv4_network_route_map_cmd,
1653 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map WORD",
1654 "Specify a network to announce via BGP\n"
1655 "IPv4 prefix\n"
1656 "Specify Route Distinguisher\n"
1657 "VPN Route Distinguisher\n"
1658 "VPN NLRI label (tag)\n"
1659 "VPN NLRI label (tag)\n"
1660 "Label value\n"
1661 "route map\n"
1662 "route map name\n")
1663 {
1664 int idx_ipv4_prefixlen = 1;
1665 int idx_ext_community = 3;
1666 int idx_label = 5;
1667 int idx_word_2 = 7;
1668 return bgp_static_set_safi(
1669 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1670 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1671 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1672 }
1673
1674 /* For testing purpose, static route of MPLS-VPN. */
1675 DEFUN (no_vpnv4_network,
1676 no_vpnv4_network_cmd,
1677 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1678 NO_STR
1679 "Specify a network to announce via BGP\n"
1680 "IPv4 prefix\n"
1681 "Specify Route Distinguisher\n"
1682 "VPN Route Distinguisher\n"
1683 "VPN NLRI label (tag)\n"
1684 "VPN NLRI label (tag)\n"
1685 "Label value\n")
1686 {
1687 int idx_ipv4_prefixlen = 2;
1688 int idx_ext_community = 4;
1689 int idx_label = 6;
1690 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
1691 argv[idx_ipv4_prefixlen]->arg,
1692 argv[idx_ext_community]->arg,
1693 argv[idx_label]->arg, 0, NULL, NULL, NULL);
1694 }
1695
1696 DEFUN (vpnv6_network,
1697 vpnv6_network_cmd,
1698 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map WORD]",
1699 "Specify a network to announce via BGP\n"
1700 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1701 "Specify Route Distinguisher\n"
1702 "VPN Route Distinguisher\n"
1703 "VPN NLRI label (tag)\n"
1704 "VPN NLRI label (tag)\n"
1705 "Label value\n"
1706 "route map\n"
1707 "route map name\n")
1708 {
1709 int idx_ipv6_prefix = 1;
1710 int idx_ext_community = 3;
1711 int idx_label = 5;
1712 int idx_word_2 = 7;
1713 if (argc == 8)
1714 return bgp_static_set_safi(
1715 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1716 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1717 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1718 else
1719 return bgp_static_set_safi(
1720 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1721 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1722 NULL, 0, NULL, NULL, NULL, NULL);
1723 }
1724
1725 /* For testing purpose, static route of MPLS-VPN. */
1726 DEFUN (no_vpnv6_network,
1727 no_vpnv6_network_cmd,
1728 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1729 NO_STR
1730 "Specify a network to announce via BGP\n"
1731 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1732 "Specify Route Distinguisher\n"
1733 "VPN Route Distinguisher\n"
1734 "VPN NLRI label (tag)\n"
1735 "VPN NLRI label (tag)\n"
1736 "Label value\n")
1737 {
1738 int idx_ipv6_prefix = 2;
1739 int idx_ext_community = 4;
1740 int idx_label = 6;
1741 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
1742 argv[idx_ipv6_prefix]->arg,
1743 argv[idx_ext_community]->arg,
1744 argv[idx_label]->arg, 0, NULL, NULL, NULL);
1745 }
1746
1747 int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
1748 enum bgp_show_type type, void *output_arg, int tags,
1749 uint8_t use_json)
1750 {
1751 struct bgp *bgp;
1752 struct bgp_table *table;
1753
1754 bgp = bgp_get_default();
1755 if (bgp == NULL) {
1756 if (!use_json)
1757 vty_out(vty, "No BGP process is configured\n");
1758 else
1759 vty_out(vty, "{}\n");
1760 return CMD_WARNING;
1761 }
1762 table = bgp->rib[afi][SAFI_MPLS_VPN];
1763 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
1764 output_arg, use_json);
1765 }
1766
1767 DEFUN (show_bgp_ip_vpn_all_rd,
1768 show_bgp_ip_vpn_all_rd_cmd,
1769 "show bgp "BGP_AFI_CMD_STR" vpn all [rd ASN:NN_OR_IP-ADDRESS:NN] [json]",
1770 SHOW_STR
1771 BGP_STR
1772 BGP_VPNVX_HELP_STR
1773 "Display VPN NLRI specific information\n"
1774 "Display VPN NLRI specific information\n"
1775 "Display information for a route distinguisher\n"
1776 "VPN Route Distinguisher\n"
1777 JSON_STR)
1778 {
1779 int ret;
1780 struct prefix_rd prd;
1781 afi_t afi;
1782 int idx = 0;
1783
1784 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
1785 if (argv_find(argv, argc, "rd", &idx)) {
1786 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
1787 if (!ret) {
1788 vty_out(vty,
1789 "%% Malformed Route Distinguisher\n");
1790 return CMD_WARNING;
1791 }
1792 return bgp_show_mpls_vpn(vty, afi, &prd,
1793 bgp_show_type_normal, NULL, 0,
1794 use_json(argc, argv));
1795 } else {
1796 return bgp_show_mpls_vpn(vty, afi, NULL,
1797 bgp_show_type_normal, NULL, 0,
1798 use_json(argc, argv));
1799 }
1800 }
1801 return CMD_SUCCESS;
1802 }
1803
1804 ALIAS(show_bgp_ip_vpn_all_rd,
1805 show_bgp_ip_vpn_rd_cmd,
1806 "show bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN [json]",
1807 SHOW_STR
1808 BGP_STR
1809 BGP_VPNVX_HELP_STR
1810 "Display VPN NLRI specific information\n"
1811 "Display information for a route distinguisher\n"
1812 "VPN Route Distinguisher\n"
1813 JSON_STR)
1814
1815 #ifdef KEEP_OLD_VPN_COMMANDS
1816 DEFUN (show_ip_bgp_vpn_rd,
1817 show_ip_bgp_vpn_rd_cmd,
1818 "show ip bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN",
1819 SHOW_STR
1820 IP_STR
1821 BGP_STR
1822 BGP_AFI_HELP_STR
1823 "Address Family modifier\n"
1824 "Display information for a route distinguisher\n"
1825 "VPN Route Distinguisher\n")
1826 {
1827 int idx_ext_community = argc - 1;
1828 int ret;
1829 struct prefix_rd prd;
1830 afi_t afi;
1831 int idx = 0;
1832
1833 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
1834 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
1835 if (!ret) {
1836 vty_out(vty, "%% Malformed Route Distinguisher\n");
1837 return CMD_WARNING;
1838 }
1839 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
1840 NULL, 0, 0);
1841 }
1842 return CMD_SUCCESS;
1843 }
1844
1845 DEFUN (show_ip_bgp_vpn_all,
1846 show_ip_bgp_vpn_all_cmd,
1847 "show [ip] bgp <vpnv4|vpnv6>",
1848 SHOW_STR
1849 IP_STR
1850 BGP_STR
1851 BGP_VPNVX_HELP_STR)
1852 {
1853 afi_t afi;
1854 int idx = 0;
1855
1856 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
1857 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
1858 NULL, 0, 0);
1859 return CMD_SUCCESS;
1860 }
1861
1862 DEFUN (show_ip_bgp_vpn_all_tags,
1863 show_ip_bgp_vpn_all_tags_cmd,
1864 "show [ip] bgp <vpnv4|vpnv6> all tags",
1865 SHOW_STR
1866 IP_STR
1867 BGP_STR
1868 BGP_VPNVX_HELP_STR
1869 "Display information about all VPNv4/VPNV6 NLRIs\n"
1870 "Display BGP tags for prefixes\n")
1871 {
1872 afi_t afi;
1873 int idx = 0;
1874
1875 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
1876 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
1877 NULL, 1, 0);
1878 return CMD_SUCCESS;
1879 }
1880
1881 DEFUN (show_ip_bgp_vpn_rd_tags,
1882 show_ip_bgp_vpn_rd_tags_cmd,
1883 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN tags",
1884 SHOW_STR
1885 IP_STR
1886 BGP_STR
1887 BGP_VPNVX_HELP_STR
1888 "Display information for a route distinguisher\n"
1889 "VPN Route Distinguisher\n"
1890 "Display BGP tags for prefixes\n")
1891 {
1892 int idx_ext_community = 5;
1893 int ret;
1894 struct prefix_rd prd;
1895 afi_t afi;
1896 int idx = 0;
1897
1898 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
1899 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
1900 if (!ret) {
1901 vty_out(vty, "%% Malformed Route Distinguisher\n");
1902 return CMD_WARNING;
1903 }
1904 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
1905 NULL, 1, 0);
1906 }
1907 return CMD_SUCCESS;
1908 }
1909
1910 DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
1911 show_ip_bgp_vpn_all_neighbor_routes_cmd,
1912 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
1913 SHOW_STR
1914 IP_STR
1915 BGP_STR
1916 BGP_VPNVX_HELP_STR
1917 "Display information about all VPNv4/VPNv6 NLRIs\n"
1918 "Detailed information on TCP and BGP neighbor connections\n"
1919 "Neighbor to display information about\n"
1920 "Display routes learned from neighbor\n"
1921 JSON_STR)
1922 {
1923 int idx_ipv4 = 6;
1924 union sockunion su;
1925 struct peer *peer;
1926 int ret;
1927 uint8_t uj = use_json(argc, argv);
1928 afi_t afi;
1929 int idx = 0;
1930
1931 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
1932 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
1933 if (ret < 0) {
1934 if (uj) {
1935 json_object *json_no = NULL;
1936 json_no = json_object_new_object();
1937 json_object_string_add(json_no, "warning",
1938 "Malformed address");
1939 vty_out(vty, "%s\n",
1940 json_object_to_json_string(json_no));
1941 json_object_free(json_no);
1942 } else
1943 vty_out(vty, "Malformed address: %s\n",
1944 argv[idx_ipv4]->arg);
1945 return CMD_WARNING;
1946 }
1947
1948 peer = peer_lookup(NULL, &su);
1949 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
1950 if (uj) {
1951 json_object *json_no = NULL;
1952 json_no = json_object_new_object();
1953 json_object_string_add(
1954 json_no, "warning",
1955 "No such neighbor or address family");
1956 vty_out(vty, "%s\n",
1957 json_object_to_json_string(json_no));
1958 json_object_free(json_no);
1959 } else
1960 vty_out(vty,
1961 "%% No such neighbor or address family\n");
1962 return CMD_WARNING;
1963 }
1964
1965 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
1966 &su, 0, uj);
1967 }
1968 return CMD_SUCCESS;
1969 }
1970
1971 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
1972 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
1973 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D routes [json]",
1974 SHOW_STR
1975 IP_STR
1976 BGP_STR
1977 BGP_VPNVX_HELP_STR
1978 "Display information for a route distinguisher\n"
1979 "VPN Route Distinguisher\n"
1980 "Detailed information on TCP and BGP neighbor connections\n"
1981 "Neighbor to display information about\n"
1982 "Display routes learned from neighbor\n"
1983 JSON_STR)
1984 {
1985 int idx_ext_community = 5;
1986 int idx_ipv4 = 7;
1987 int ret;
1988 union sockunion su;
1989 struct peer *peer;
1990 struct prefix_rd prd;
1991 uint8_t uj = use_json(argc, argv);
1992 afi_t afi;
1993 int idx = 0;
1994
1995 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
1996 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
1997 if (!ret) {
1998 if (uj) {
1999 json_object *json_no = NULL;
2000 json_no = json_object_new_object();
2001 json_object_string_add(
2002 json_no, "warning",
2003 "Malformed Route Distinguisher");
2004 vty_out(vty, "%s\n",
2005 json_object_to_json_string(json_no));
2006 json_object_free(json_no);
2007 } else
2008 vty_out(vty,
2009 "%% Malformed Route Distinguisher\n");
2010 return CMD_WARNING;
2011 }
2012
2013 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2014 if (ret < 0) {
2015 if (uj) {
2016 json_object *json_no = NULL;
2017 json_no = json_object_new_object();
2018 json_object_string_add(json_no, "warning",
2019 "Malformed address");
2020 vty_out(vty, "%s\n",
2021 json_object_to_json_string(json_no));
2022 json_object_free(json_no);
2023 } else
2024 vty_out(vty, "Malformed address: %s\n",
2025 argv[idx_ext_community]->arg);
2026 return CMD_WARNING;
2027 }
2028
2029 peer = peer_lookup(NULL, &su);
2030 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2031 if (uj) {
2032 json_object *json_no = NULL;
2033 json_no = json_object_new_object();
2034 json_object_string_add(
2035 json_no, "warning",
2036 "No such neighbor or address family");
2037 vty_out(vty, "%s\n",
2038 json_object_to_json_string(json_no));
2039 json_object_free(json_no);
2040 } else
2041 vty_out(vty,
2042 "%% No such neighbor or address family\n");
2043 return CMD_WARNING;
2044 }
2045
2046 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_neighbor,
2047 &su, 0, uj);
2048 }
2049 return CMD_SUCCESS;
2050 }
2051
2052 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
2053 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
2054 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
2055 SHOW_STR
2056 IP_STR
2057 BGP_STR
2058 BGP_VPNVX_HELP_STR
2059 "Display information about all VPNv4/VPNv6 NLRIs\n"
2060 "Detailed information on TCP and BGP neighbor connections\n"
2061 "Neighbor to display information about\n"
2062 "Display the routes advertised to a BGP neighbor\n"
2063 JSON_STR)
2064 {
2065 int idx_ipv4 = 6;
2066 int ret;
2067 struct peer *peer;
2068 union sockunion su;
2069 uint8_t uj = use_json(argc, argv);
2070 afi_t afi;
2071 int idx = 0;
2072
2073 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2074 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2075 if (ret < 0) {
2076 if (uj) {
2077 json_object *json_no = NULL;
2078 json_no = json_object_new_object();
2079 json_object_string_add(json_no, "warning",
2080 "Malformed address");
2081 vty_out(vty, "%s\n",
2082 json_object_to_json_string(json_no));
2083 json_object_free(json_no);
2084 } else
2085 vty_out(vty, "Malformed address: %s\n",
2086 argv[idx_ipv4]->arg);
2087 return CMD_WARNING;
2088 }
2089 peer = peer_lookup(NULL, &su);
2090 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2091 if (uj) {
2092 json_object *json_no = NULL;
2093 json_no = json_object_new_object();
2094 json_object_string_add(
2095 json_no, "warning",
2096 "No such neighbor or address family");
2097 vty_out(vty, "%s\n",
2098 json_object_to_json_string(json_no));
2099 json_object_free(json_no);
2100 } else
2101 vty_out(vty,
2102 "%% No such neighbor or address family\n");
2103 return CMD_WARNING;
2104 }
2105 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2106 SAFI_MPLS_VPN, uj);
2107 }
2108 return CMD_SUCCESS;
2109 }
2110
2111 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
2112 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
2113 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D advertised-routes [json]",
2114 SHOW_STR
2115 IP_STR
2116 BGP_STR
2117 BGP_VPNVX_HELP_STR
2118 "Display information for a route distinguisher\n"
2119 "VPN Route Distinguisher\n"
2120 "Detailed information on TCP and BGP neighbor connections\n"
2121 "Neighbor to display information about\n"
2122 "Display the routes advertised to a BGP neighbor\n"
2123 JSON_STR)
2124 {
2125 int idx_ext_community = 5;
2126 int idx_ipv4 = 7;
2127 int ret;
2128 struct peer *peer;
2129 struct prefix_rd prd;
2130 union sockunion su;
2131 uint8_t uj = use_json(argc, argv);
2132 afi_t afi;
2133 int idx = 0;
2134
2135 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2136 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2137 if (ret < 0) {
2138 if (uj) {
2139 json_object *json_no = NULL;
2140 json_no = json_object_new_object();
2141 json_object_string_add(json_no, "warning",
2142 "Malformed address");
2143 vty_out(vty, "%s\n",
2144 json_object_to_json_string(json_no));
2145 json_object_free(json_no);
2146 } else
2147 vty_out(vty, "Malformed address: %s\n",
2148 argv[idx_ext_community]->arg);
2149 return CMD_WARNING;
2150 }
2151 peer = peer_lookup(NULL, &su);
2152 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2153 if (uj) {
2154 json_object *json_no = NULL;
2155 json_no = json_object_new_object();
2156 json_object_string_add(
2157 json_no, "warning",
2158 "No such neighbor or address family");
2159 vty_out(vty, "%s\n",
2160 json_object_to_json_string(json_no));
2161 json_object_free(json_no);
2162 } else
2163 vty_out(vty,
2164 "%% No such neighbor or address family\n");
2165 return CMD_WARNING;
2166 }
2167
2168 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2169 if (!ret) {
2170 if (uj) {
2171 json_object *json_no = NULL;
2172 json_no = json_object_new_object();
2173 json_object_string_add(
2174 json_no, "warning",
2175 "Malformed Route Distinguisher");
2176 vty_out(vty, "%s\n",
2177 json_object_to_json_string(json_no));
2178 json_object_free(json_no);
2179 } else
2180 vty_out(vty,
2181 "%% Malformed Route Distinguisher\n");
2182 return CMD_WARNING;
2183 }
2184
2185 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
2186 SAFI_MPLS_VPN, uj);
2187 }
2188 return CMD_SUCCESS;
2189 }
2190 #endif /* KEEP_OLD_VPN_COMMANDS */
2191
2192 void bgp_mplsvpn_init(void)
2193 {
2194 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
2195 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
2196 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
2197
2198 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
2199 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
2200
2201 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
2202 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
2203 #ifdef KEEP_OLD_VPN_COMMANDS
2204 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
2205 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
2206 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
2207 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
2208 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
2209 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
2210 install_element(VIEW_NODE,
2211 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
2212 install_element(VIEW_NODE,
2213 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
2214 #endif /* KEEP_OLD_VPN_COMMANDS */
2215 }
2216
2217 vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
2218 {
2219 struct listnode *mnode, *mnnode;
2220 struct bgp *bgp;
2221
2222 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2223 struct ecommunity *ec;
2224
2225 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2226 continue;
2227
2228 ec = bgp->vpn_policy[AFI_IP].import_redirect_rtlist;
2229
2230 if (ecom_intersect(ec, eckey))
2231 return bgp->vrf_id;
2232 }
2233 return VRF_UNKNOWN;
2234 }
FRRouting mirror