]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #12313 from louis-6wind/fix-lfa-topo
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
1 /* MPLS-VPN
2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "command.h"
24 #include "prefix.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "stream.h"
28 #include "queue.h"
29 #include "filter.h"
30 #include "mpls.h"
31 #include "json.h"
32 #include "zclient.h"
33
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_errors.h"
37 #include "bgpd/bgp_table.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_attr.h"
40 #include "bgpd/bgp_label.h"
41 #include "bgpd/bgp_mplsvpn.h"
42 #include "bgpd/bgp_packet.h"
43 #include "bgpd/bgp_vty.h"
44 #include "bgpd/bgp_vpn.h"
45 #include "bgpd/bgp_community.h"
46 #include "bgpd/bgp_ecommunity.h"
47 #include "bgpd/bgp_zebra.h"
48 #include "bgpd/bgp_nexthop.h"
49 #include "bgpd/bgp_nht.h"
50 #include "bgpd/bgp_evpn.h"
51 #include "bgpd/bgp_memory.h"
52
53 #ifdef ENABLE_BGP_VNC
54 #include "bgpd/rfapi/rfapi_backend.h"
55 #endif
56
57 /*
58 * Definitions and external declarations.
59 */
60 extern struct zclient *zclient;
61
62 extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
63 int *index, afi_t *afi)
64 {
65 int ret = 0;
66 if (argv_find(argv, argc, "vpnv4", index)) {
67 ret = 1;
68 if (afi)
69 *afi = AFI_IP;
70 } else if (argv_find(argv, argc, "vpnv6", index)) {
71 ret = 1;
72 if (afi)
73 *afi = AFI_IP6;
74 }
75 return ret;
76 }
77
78 uint32_t decode_label(mpls_label_t *label_pnt)
79 {
80 uint32_t l;
81 uint8_t *pnt = (uint8_t *)label_pnt;
82
83 l = ((uint32_t)*pnt++ << 12);
84 l |= (uint32_t)*pnt++ << 4;
85 l |= (uint32_t)((*pnt & 0xf0) >> 4);
86 return l;
87 }
88
89 void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
90 {
91 uint8_t *pnt = (uint8_t *)label_pnt;
92 if (pnt == NULL)
93 return;
94 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
95 *label_pnt = label;
96 return;
97 }
98 *pnt++ = (label >> 12) & 0xff;
99 *pnt++ = (label >> 4) & 0xff;
100 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
101 }
102
103 int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
104 struct bgp_nlri *packet)
105 {
106 struct prefix p;
107 uint8_t psize = 0;
108 uint8_t prefixlen;
109 uint16_t type;
110 struct rd_as rd_as;
111 struct rd_ip rd_ip;
112 struct prefix_rd prd = {0};
113 mpls_label_t label = {0};
114 afi_t afi;
115 safi_t safi;
116 bool addpath_capable;
117 uint32_t addpath_id;
118 int ret = 0;
119
120 /* Make prefix_rd */
121 prd.family = AF_UNSPEC;
122 prd.prefixlen = 64;
123
124 struct stream *data = stream_new(packet->length);
125 stream_put(data, packet->nlri, packet->length);
126 afi = packet->afi;
127 safi = packet->safi;
128 addpath_id = 0;
129
130 addpath_capable = bgp_addpath_encode_rx(peer, afi, safi);
131
132 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
133 while (STREAM_READABLE(data) > 0) {
134 /* Clear prefix structure. */
135 memset(&p, 0, sizeof(p));
136
137 if (addpath_capable) {
138 STREAM_GET(&addpath_id, data, BGP_ADDPATH_ID_LEN);
139 addpath_id = ntohl(addpath_id);
140 }
141
142 if (STREAM_READABLE(data) < 1) {
143 flog_err(
144 EC_BGP_UPDATE_RCV,
145 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no prefix length)",
146 peer->host, packet->length);
147 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
148 goto done;
149 }
150
151 /* Fetch prefix length. */
152 STREAM_GETC(data, prefixlen);
153 p.family = afi2family(packet->afi);
154 psize = PSIZE(prefixlen);
155
156 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
157 flog_err(
158 EC_BGP_UPDATE_RCV,
159 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
160 peer->host, prefixlen);
161 ret = BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH;
162 goto done;
163 }
164
165 /* sanity check against packet data */
166 if (STREAM_READABLE(data) < psize) {
167 flog_err(
168 EC_BGP_UPDATE_RCV,
169 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
170 peer->host, prefixlen, packet->length);
171 ret = BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
172 goto done;
173 }
174
175 /* sanity check against storage for the IP address portion */
176 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
177 flog_err(
178 EC_BGP_UPDATE_RCV,
179 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
180 peer->host,
181 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
182 sizeof(p.u));
183 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
184 goto done;
185 }
186
187 /* Sanity check against max bitlen of the address family */
188 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
189 flog_err(
190 EC_BGP_UPDATE_RCV,
191 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
192 peer->host,
193 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
194 p.family, prefix_blen(&p));
195 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
196 goto done;
197 }
198
199 /* Copy label to prefix. */
200 if (STREAM_READABLE(data) < BGP_LABEL_BYTES) {
201 flog_err(
202 EC_BGP_UPDATE_RCV,
203 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no label)",
204 peer->host, packet->length);
205 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
206 goto done;
207 }
208
209 STREAM_GET(&label, data, BGP_LABEL_BYTES);
210 bgp_set_valid_label(&label);
211
212 /* Copy routing distinguisher to rd. */
213 if (STREAM_READABLE(data) < 8) {
214 flog_err(
215 EC_BGP_UPDATE_RCV,
216 "%s [Error] Update packet error / VPN (truncated NLRI of size %u; no RD)",
217 peer->host, packet->length);
218 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
219 goto done;
220 }
221 STREAM_GET(&prd.val, data, 8);
222
223 /* Decode RD type. */
224 type = decode_rd_type(prd.val);
225
226 switch (type) {
227 case RD_TYPE_AS:
228 decode_rd_as(&prd.val[2], &rd_as);
229 break;
230
231 case RD_TYPE_AS4:
232 decode_rd_as4(&prd.val[2], &rd_as);
233 break;
234
235 case RD_TYPE_IP:
236 decode_rd_ip(&prd.val[2], &rd_ip);
237 break;
238
239 #ifdef ENABLE_BGP_VNC
240 case RD_TYPE_VNC_ETH:
241 break;
242 #endif
243
244 default:
245 flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type);
246 break; /* just report */
247 }
248
249 /* exclude label & RD */
250 p.prefixlen = prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8;
251 STREAM_GET(p.u.val, data, psize - VPN_PREFIXLEN_MIN_BYTES);
252
253 if (attr) {
254 bgp_update(peer, &p, addpath_id, attr, packet->afi,
255 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
256 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
257 } else {
258 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
259 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
260 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
261 }
262 }
263 /* Packet length consistency check. */
264 if (STREAM_READABLE(data) != 0) {
265 flog_err(
266 EC_BGP_UPDATE_RCV,
267 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
268 peer->host, STREAM_READABLE(data));
269 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
270 }
271
272 goto done;
273
274 stream_failure:
275 flog_err(
276 EC_BGP_UPDATE_RCV,
277 "%s [Error] Update packet error / VPN (NLRI of size %u - length error)",
278 peer->host, packet->length);
279 ret = BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
280
281 done:
282 stream_free(data);
283 return ret;
284
285 #undef VPN_PREFIXLEN_MIN_BYTES
286 }
287
288 /*
289 * This function informs zebra of the label this vrf sets on routes
290 * leaked to VPN. Zebra should install this label in the kernel with
291 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
292 *
293 * Sending this vrf-label association is qualified by a) whether vrf->vpn
294 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
295 * are set) and b) whether vpn-policy label is set.
296 *
297 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
298 * for this vrf, which zebra interprets to mean "delete this vrf-label
299 * association."
300 */
301 void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
302 {
303 mpls_label_t label = MPLS_LABEL_NONE;
304 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
305
306 if (bgp->vrf_id == VRF_UNKNOWN) {
307 if (debug) {
308 zlog_debug(
309 "%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
310 __func__, bgp->name_pretty, afi2str(afi));
311 }
312 return;
313 }
314
315 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
316 label = bgp->vpn_policy[afi].tovpn_label;
317 }
318
319 if (debug) {
320 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
321 __func__, bgp->name_pretty, afi2str(afi), label,
322 bgp->vrf_id);
323 }
324
325 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
326 label = MPLS_LABEL_NONE;
327 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
328 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
329 }
330
331 /*
332 * If zebra tells us vrf has become unconfigured, tell zebra not to
333 * use this label to forward to the vrf anymore
334 */
335 void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
336 {
337 mpls_label_t label = MPLS_LABEL_NONE;
338 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
339
340 if (bgp->vrf_id == VRF_UNKNOWN) {
341 if (debug) {
342 zlog_debug(
343 "%s: vrf_id not set, can't delete zebra vrf label",
344 __func__);
345 }
346 return;
347 }
348
349 if (debug) {
350 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
351 bgp->name_pretty, bgp->vrf_id);
352 }
353
354 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
355 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
356 }
357
358 /*
359 * This function informs zebra of the srv6-function this vrf sets on routes
360 * leaked to VPN. Zebra should install this srv6-function in the kernel with
361 * an action of "End.DT4/6's IP FIB to route the PDU."
362 */
363 void vpn_leak_zebra_vrf_sid_update_per_af(struct bgp *bgp, afi_t afi)
364 {
365 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
366 enum seg6local_action_t act;
367 struct seg6local_context ctx = {};
368 struct in6_addr *tovpn_sid = NULL;
369 struct in6_addr *tovpn_sid_ls = NULL;
370 struct vrf *vrf;
371
372 if (bgp->vrf_id == VRF_UNKNOWN) {
373 if (debug)
374 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
375 __func__, bgp->name_pretty, afi2str(afi));
376 return;
377 }
378
379 tovpn_sid = bgp->vpn_policy[afi].tovpn_sid;
380 if (!tovpn_sid) {
381 if (debug)
382 zlog_debug("%s: vrf %s: afi %s: sid not set", __func__,
383 bgp->name_pretty, afi2str(afi));
384 return;
385 }
386
387 if (debug)
388 zlog_debug("%s: vrf %s: afi %s: setting sid %pI6 for vrf id %d",
389 __func__, bgp->name_pretty, afi2str(afi), tovpn_sid,
390 bgp->vrf_id);
391
392 vrf = vrf_lookup_by_id(bgp->vrf_id);
393 if (!vrf)
394 return;
395
396 ctx.table = vrf->data.l.table_id;
397 act = afi == AFI_IP ? ZEBRA_SEG6_LOCAL_ACTION_END_DT4
398 : ZEBRA_SEG6_LOCAL_ACTION_END_DT6;
399 zclient_send_localsid(zclient, tovpn_sid, bgp->vrf_id, act, &ctx);
400
401 tovpn_sid_ls = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
402 *tovpn_sid_ls = *tovpn_sid;
403 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent = tovpn_sid_ls;
404 }
405
406 /*
407 * This function informs zebra of the srv6-function this vrf sets on routes
408 * leaked to VPN. Zebra should install this srv6-function in the kernel with
409 * an action of "End.DT46's IP FIB to route the PDU."
410 */
411 void vpn_leak_zebra_vrf_sid_update_per_vrf(struct bgp *bgp)
412 {
413 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
414 enum seg6local_action_t act;
415 struct seg6local_context ctx = {};
416 struct in6_addr *tovpn_sid = NULL;
417 struct in6_addr *tovpn_sid_ls = NULL;
418 struct vrf *vrf;
419
420 if (bgp->vrf_id == VRF_UNKNOWN) {
421 if (debug)
422 zlog_debug(
423 "%s: vrf %s: vrf_id not set, can't set zebra vrf label",
424 __func__, bgp->name_pretty);
425 return;
426 }
427
428 tovpn_sid = bgp->tovpn_sid;
429 if (!tovpn_sid) {
430 if (debug)
431 zlog_debug("%s: vrf %s: sid not set", __func__,
432 bgp->name_pretty);
433 return;
434 }
435
436 if (debug)
437 zlog_debug("%s: vrf %s: setting sid %pI6 for vrf id %d",
438 __func__, bgp->name_pretty, tovpn_sid, bgp->vrf_id);
439
440 vrf = vrf_lookup_by_id(bgp->vrf_id);
441 if (!vrf)
442 return;
443
444 ctx.table = vrf->data.l.table_id;
445 act = ZEBRA_SEG6_LOCAL_ACTION_END_DT46;
446 zclient_send_localsid(zclient, tovpn_sid, bgp->vrf_id, act, &ctx);
447
448 tovpn_sid_ls = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
449 *tovpn_sid_ls = *tovpn_sid;
450 bgp->tovpn_zebra_vrf_sid_last_sent = tovpn_sid_ls;
451 }
452
453 /*
454 * This function informs zebra of the srv6-function this vrf sets on routes
455 * leaked to VPN. Zebra should install this srv6-function in the kernel with
456 * an action of "End.DT4/6/46's IP FIB to route the PDU."
457 */
458 void vpn_leak_zebra_vrf_sid_update(struct bgp *bgp, afi_t afi)
459 {
460 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
461
462 if (bgp->vpn_policy[afi].tovpn_sid)
463 return vpn_leak_zebra_vrf_sid_update_per_af(bgp, afi);
464
465 if (bgp->tovpn_sid)
466 return vpn_leak_zebra_vrf_sid_update_per_vrf(bgp);
467
468 if (debug)
469 zlog_debug("%s: vrf %s: afi %s: sid not set", __func__,
470 bgp->name_pretty, afi2str(afi));
471 }
472
473 /*
474 * If zebra tells us vrf has become unconfigured, tell zebra not to
475 * use this srv6-function to forward to the vrf anymore
476 */
477 void vpn_leak_zebra_vrf_sid_withdraw_per_af(struct bgp *bgp, afi_t afi)
478 {
479 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
480
481 if (bgp->vrf_id == VRF_UNKNOWN) {
482 if (debug)
483 zlog_debug("%s: vrf %s: afi %s: vrf_id not set, can't set zebra vrf label",
484 __func__, bgp->name_pretty, afi2str(afi));
485 return;
486 }
487
488 if (debug)
489 zlog_debug("%s: deleting sid for vrf %s afi (id=%d)", __func__,
490 bgp->name_pretty, bgp->vrf_id);
491
492 zclient_send_localsid(zclient,
493 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent,
494 bgp->vrf_id, ZEBRA_SEG6_LOCAL_ACTION_UNSPEC, NULL);
495 XFREE(MTYPE_BGP_SRV6_SID,
496 bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent);
497 }
498
499 /*
500 * If zebra tells us vrf has become unconfigured, tell zebra not to
501 * use this srv6-function to forward to the vrf anymore
502 */
503 void vpn_leak_zebra_vrf_sid_withdraw_per_vrf(struct bgp *bgp)
504 {
505 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
506
507 if (bgp->vrf_id == VRF_UNKNOWN) {
508 if (debug)
509 zlog_debug(
510 "%s: vrf %s: vrf_id not set, can't set zebra vrf label",
511 __func__, bgp->name_pretty);
512 return;
513 }
514
515 if (debug)
516 zlog_debug("%s: deleting sid for vrf %s (id=%d)", __func__,
517 bgp->name_pretty, bgp->vrf_id);
518
519 zclient_send_localsid(zclient, bgp->tovpn_zebra_vrf_sid_last_sent,
520 bgp->vrf_id, ZEBRA_SEG6_LOCAL_ACTION_UNSPEC,
521 NULL);
522 XFREE(MTYPE_BGP_SRV6_SID, bgp->tovpn_zebra_vrf_sid_last_sent);
523 }
524
525 /*
526 * If zebra tells us vrf has become unconfigured, tell zebra not to
527 * use this srv6-function to forward to the vrf anymore
528 */
529 void vpn_leak_zebra_vrf_sid_withdraw(struct bgp *bgp, afi_t afi)
530 {
531 if (bgp->vpn_policy[afi].tovpn_zebra_vrf_sid_last_sent)
532 vpn_leak_zebra_vrf_sid_withdraw_per_af(bgp, afi);
533
534 if (bgp->tovpn_zebra_vrf_sid_last_sent)
535 vpn_leak_zebra_vrf_sid_withdraw_per_vrf(bgp);
536 }
537
538 int vpn_leak_label_callback(
539 mpls_label_t label,
540 void *labelid,
541 bool allocated)
542 {
543 struct vpn_policy *vp = (struct vpn_policy *)labelid;
544 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
545
546 if (debug)
547 zlog_debug("%s: label=%u, allocated=%d",
548 __func__, label, allocated);
549
550 if (!allocated) {
551 /*
552 * previously-allocated label is now invalid
553 */
554 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
555 (vp->tovpn_label != MPLS_LABEL_NONE)) {
556
557 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
558 vp->afi, bgp_get_default(), vp->bgp);
559 vp->tovpn_label = MPLS_LABEL_NONE;
560 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
561 vp->afi, bgp_get_default(), vp->bgp);
562 }
563 return 0;
564 }
565
566 /*
567 * New label allocation
568 */
569 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
570
571 /*
572 * not currently configured for auto label, reject allocation
573 */
574 return -1;
575 }
576
577 if (vp->tovpn_label != MPLS_LABEL_NONE) {
578 if (label == vp->tovpn_label) {
579 /* already have same label, accept but do nothing */
580 return 0;
581 }
582 /* Shouldn't happen: different label allocation */
583 flog_err(EC_BGP_LABEL,
584 "%s: %s had label %u but got new assignment %u",
585 __func__, vp->bgp->name_pretty, vp->tovpn_label,
586 label);
587 /* use new one */
588 }
589
590 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
591 vp->afi, bgp_get_default(), vp->bgp);
592 vp->tovpn_label = label;
593 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
594 vp->afi, bgp_get_default(), vp->bgp);
595
596 return 0;
597 }
598
599 static void sid_register(struct bgp *bgp, const struct in6_addr *sid,
600 const char *locator_name)
601 {
602 struct bgp_srv6_function *func;
603 func = XCALLOC(MTYPE_BGP_SRV6_FUNCTION,
604 sizeof(struct bgp_srv6_function));
605 func->sid = *sid;
606 snprintf(func->locator_name, sizeof(func->locator_name),
607 "%s", locator_name);
608 listnode_add(bgp->srv6_functions, func);
609 }
610
611 static void sid_unregister(struct bgp *bgp, const struct in6_addr *sid)
612 {
613 struct listnode *node, *nnode;
614 struct bgp_srv6_function *func;
615
616 for (ALL_LIST_ELEMENTS(bgp->srv6_functions, node, nnode, func))
617 if (sid_same(&func->sid, sid)) {
618 listnode_delete(bgp->srv6_functions, func);
619 XFREE(MTYPE_BGP_SRV6_FUNCTION, func);
620 }
621 }
622
623 static bool sid_exist(struct bgp *bgp, const struct in6_addr *sid)
624 {
625 struct listnode *node;
626 struct bgp_srv6_function *func;
627
628 for (ALL_LIST_ELEMENTS_RO(bgp->srv6_functions, node, func))
629 if (sid_same(&func->sid, sid))
630 return true;
631 return false;
632 }
633
634 /*
635 * This function generates a new SID based on bgp->srv6_locator_chunks and
636 * index. The locator and generated SID are stored in arguments sid_locator
637 * and sid, respectively.
638 *
639 * if index != 0: try to allocate as index-mode
640 * else: try to allocate as auto-mode
641 */
642 static uint32_t alloc_new_sid(struct bgp *bgp, uint32_t index,
643 struct srv6_locator_chunk *sid_locator_chunk,
644 struct in6_addr *sid)
645 {
646 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
647 struct listnode *node;
648 struct srv6_locator_chunk *chunk;
649 bool alloced = false;
650 int label = 0;
651 uint8_t offset = 0;
652 uint8_t func_len = 0, shift_len = 0;
653 uint32_t index_max = 0;
654
655 if (!bgp || !sid_locator_chunk || !sid)
656 return false;
657
658 for (ALL_LIST_ELEMENTS_RO(bgp->srv6_locator_chunks, node, chunk)) {
659 if (chunk->function_bits_length >
660 BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH) {
661 if (debug)
662 zlog_debug(
663 "%s: invalid SRv6 Locator chunk (%pFX): Function Length must be less or equal to %d",
664 __func__, &chunk->prefix,
665 BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH);
666 continue;
667 }
668
669 index_max = (1 << chunk->function_bits_length) - 1;
670
671 if (index > index_max) {
672 if (debug)
673 zlog_debug(
674 "%s: skipped SRv6 Locator chunk (%pFX): Function Length is too short to support specified index (%u)",
675 __func__, &chunk->prefix, index);
676 continue;
677 }
678
679 *sid = chunk->prefix.prefix;
680 *sid_locator_chunk = *chunk;
681 offset = chunk->block_bits_length + chunk->node_bits_length;
682 func_len = chunk->function_bits_length;
683 shift_len = BGP_PREFIX_SID_SRV6_MAX_FUNCTION_LENGTH - func_len;
684
685 if (index != 0) {
686 label = index << shift_len;
687 if (label < MPLS_LABEL_UNRESERVED_MIN) {
688 if (debug)
689 zlog_debug(
690 "%s: skipped to allocate SRv6 SID (%pFX): Label (%u) is too small to use",
691 __func__, &chunk->prefix,
692 label);
693 continue;
694 }
695
696 transpose_sid(sid, label, offset, func_len);
697 if (sid_exist(bgp, sid))
698 continue;
699 alloced = true;
700 break;
701 }
702
703 for (uint32_t i = 1; i < index_max; i++) {
704 label = i << shift_len;
705 if (label < MPLS_LABEL_UNRESERVED_MIN) {
706 if (debug)
707 zlog_debug(
708 "%s: skipped to allocate SRv6 SID (%pFX): Label (%u) is too small to use",
709 __func__, &chunk->prefix,
710 label);
711 continue;
712 }
713 transpose_sid(sid, label, offset, func_len);
714 if (sid_exist(bgp, sid))
715 continue;
716 alloced = true;
717 break;
718 }
719 }
720
721 if (!alloced)
722 return 0;
723
724 sid_register(bgp, sid, bgp->srv6_locator_name);
725 return label;
726 }
727
728 void ensure_vrf_tovpn_sid_per_af(struct bgp *bgp_vpn, struct bgp *bgp_vrf,
729 afi_t afi)
730 {
731 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
732 struct srv6_locator_chunk *tovpn_sid_locator;
733 struct in6_addr *tovpn_sid;
734 uint32_t tovpn_sid_index = 0, tovpn_sid_transpose_label;
735 bool tovpn_sid_auto = false;
736
737 if (debug)
738 zlog_debug("%s: try to allocate new SID for vrf %s: afi %s",
739 __func__, bgp_vrf->name_pretty, afi2str(afi));
740
741 /* skip when tovpn sid is already allocated on vrf instance */
742 if (bgp_vrf->vpn_policy[afi].tovpn_sid)
743 return;
744
745 /*
746 * skip when bgp vpn instance ins't allocated
747 * or srv6 locator chunk isn't allocated
748 */
749 if (!bgp_vpn || !bgp_vpn->srv6_locator_chunks)
750 return;
751
752 tovpn_sid_index = bgp_vrf->vpn_policy[afi].tovpn_sid_index;
753 tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
754 BGP_VPN_POLICY_TOVPN_SID_AUTO);
755
756 /* skip when VPN isn't configured on vrf-instance */
757 if (tovpn_sid_index == 0 && !tovpn_sid_auto)
758 return;
759
760 /* check invalid case both configured index and auto */
761 if (tovpn_sid_index != 0 && tovpn_sid_auto) {
762 zlog_err("%s: index-mode and auto-mode both selected. ignored.",
763 __func__);
764 return;
765 }
766
767 tovpn_sid_locator = srv6_locator_chunk_alloc();
768 tovpn_sid = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
769
770 tovpn_sid_transpose_label = alloc_new_sid(bgp_vpn, tovpn_sid_index,
771 tovpn_sid_locator, tovpn_sid);
772
773 if (tovpn_sid_transpose_label == 0) {
774 if (debug)
775 zlog_debug(
776 "%s: not allocated new sid for vrf %s: afi %s",
777 __func__, bgp_vrf->name_pretty, afi2str(afi));
778 srv6_locator_chunk_free(&tovpn_sid_locator);
779 XFREE(MTYPE_BGP_SRV6_SID, tovpn_sid);
780 return;
781 }
782
783 if (debug)
784 zlog_debug("%s: new sid %pI6 allocated for vrf %s: afi %s",
785 __func__, tovpn_sid, bgp_vrf->name_pretty,
786 afi2str(afi));
787
788 bgp_vrf->vpn_policy[afi].tovpn_sid = tovpn_sid;
789 bgp_vrf->vpn_policy[afi].tovpn_sid_locator = tovpn_sid_locator;
790 bgp_vrf->vpn_policy[afi].tovpn_sid_transpose_label =
791 tovpn_sid_transpose_label;
792 }
793
794 void ensure_vrf_tovpn_sid_per_vrf(struct bgp *bgp_vpn, struct bgp *bgp_vrf)
795 {
796 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
797 struct srv6_locator_chunk *tovpn_sid_locator;
798 struct in6_addr *tovpn_sid;
799 uint32_t tovpn_sid_index = 0, tovpn_sid_transpose_label;
800 bool tovpn_sid_auto = false;
801
802 if (debug)
803 zlog_debug("%s: try to allocate new SID for vrf %s", __func__,
804 bgp_vrf->name_pretty);
805
806 /* skip when tovpn sid is already allocated on vrf instance */
807 if (bgp_vrf->tovpn_sid)
808 return;
809
810 /*
811 * skip when bgp vpn instance ins't allocated
812 * or srv6 locator chunk isn't allocated
813 */
814 if (!bgp_vpn || !bgp_vpn->srv6_locator_chunks)
815 return;
816
817 tovpn_sid_index = bgp_vrf->tovpn_sid_index;
818 tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_AUTO);
819
820 /* skip when VPN isn't configured on vrf-instance */
821 if (tovpn_sid_index == 0 && !tovpn_sid_auto)
822 return;
823
824 /* check invalid case both configured index and auto */
825 if (tovpn_sid_index != 0 && tovpn_sid_auto) {
826 zlog_err("%s: index-mode and auto-mode both selected. ignored.",
827 __func__);
828 return;
829 }
830
831 tovpn_sid_locator = srv6_locator_chunk_alloc();
832 tovpn_sid = XCALLOC(MTYPE_BGP_SRV6_SID, sizeof(struct in6_addr));
833
834 tovpn_sid_transpose_label = alloc_new_sid(bgp_vpn, tovpn_sid_index,
835 tovpn_sid_locator, tovpn_sid);
836
837 if (tovpn_sid_transpose_label == 0) {
838 if (debug)
839 zlog_debug("%s: not allocated new sid for vrf %s",
840 __func__, bgp_vrf->name_pretty);
841 srv6_locator_chunk_free(&tovpn_sid_locator);
842 XFREE(MTYPE_BGP_SRV6_SID, tovpn_sid);
843 return;
844 }
845
846 if (debug)
847 zlog_debug("%s: new sid %pI6 allocated for vrf %s", __func__,
848 tovpn_sid, bgp_vrf->name_pretty);
849
850 bgp_vrf->tovpn_sid = tovpn_sid;
851 bgp_vrf->tovpn_sid_locator = tovpn_sid_locator;
852 bgp_vrf->tovpn_sid_transpose_label = tovpn_sid_transpose_label;
853 }
854
855 void ensure_vrf_tovpn_sid(struct bgp *bgp_vpn, struct bgp *bgp_vrf, afi_t afi)
856 {
857 /* per-af sid */
858 if (bgp_vrf->vpn_policy[afi].tovpn_sid_index != 0 ||
859 CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
860 BGP_VPN_POLICY_TOVPN_SID_AUTO))
861 return ensure_vrf_tovpn_sid_per_af(bgp_vpn, bgp_vrf, afi);
862
863 /* per-vrf sid */
864 if (bgp_vrf->tovpn_sid_index != 0 ||
865 CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VRF_TOVPN_SID_AUTO))
866 return ensure_vrf_tovpn_sid_per_vrf(bgp_vpn, bgp_vrf);
867 }
868
869 void delete_vrf_tovpn_sid_per_af(struct bgp *bgp_vpn, struct bgp *bgp_vrf,
870 afi_t afi)
871 {
872 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
873 uint32_t tovpn_sid_index = 0;
874 bool tovpn_sid_auto = false;
875
876 if (debug)
877 zlog_debug("%s: try to remove SID for vrf %s: afi %s", __func__,
878 bgp_vrf->name_pretty, afi2str(afi));
879
880 tovpn_sid_index = bgp_vrf->vpn_policy[afi].tovpn_sid_index;
881 tovpn_sid_auto = CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
882 BGP_VPN_POLICY_TOVPN_SID_AUTO);
883
884 /* skip when VPN is configured on vrf-instance */
885 if (tovpn_sid_index != 0 || tovpn_sid_auto)
886 return;
887
888 srv6_locator_chunk_free(&bgp_vrf->vpn_policy[afi].tovpn_sid_locator);
889
890 if (bgp_vrf->vpn_policy[afi].tovpn_sid) {
891 sid_unregister(bgp_vrf, bgp_vrf->vpn_policy[afi].tovpn_sid);
892 XFREE(MTYPE_BGP_SRV6_SID, bgp_vrf->vpn_policy[afi].tovpn_sid);
893 }
894 bgp_vrf->vpn_policy[afi].tovpn_sid_transpose_label = 0;
895 }
896
897 void delete_vrf_tovpn_sid_per_vrf(struct bgp *bgp_vpn, struct bgp *bgp_vrf)
898 {
899 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
900 uint32_t tovpn_sid_index = 0;
901 bool tovpn_sid_auto = false;
902
903 if (debug)
904 zlog_debug("%s: try to remove SID for vrf %s", __func__,
905 bgp_vrf->name_pretty);
906
907 tovpn_sid_index = bgp_vrf->tovpn_sid_index;
908 tovpn_sid_auto =
909 CHECK_FLAG(bgp_vrf->vrf_flags, BGP_VPN_POLICY_TOVPN_SID_AUTO);
910
911 /* skip when VPN is configured on vrf-instance */
912 if (tovpn_sid_index != 0 || tovpn_sid_auto)
913 return;
914
915 srv6_locator_chunk_free(&bgp_vrf->tovpn_sid_locator);
916
917 if (bgp_vrf->tovpn_sid) {
918 sid_unregister(bgp_vrf, bgp_vrf->tovpn_sid);
919 XFREE(MTYPE_BGP_SRV6_SID, bgp_vrf->tovpn_sid);
920 }
921 bgp_vrf->tovpn_sid_transpose_label = 0;
922 }
923
924 void delete_vrf_tovpn_sid(struct bgp *bgp_vpn, struct bgp *bgp_vrf, afi_t afi)
925 {
926 delete_vrf_tovpn_sid_per_af(bgp_vpn, bgp_vrf, afi);
927 delete_vrf_tovpn_sid_per_vrf(bgp_vpn, bgp_vrf);
928 }
929
930 /*
931 * This function embeds upper `len` bits of `label` in `sid`,
932 * starting at offset `offset` as seen from the MSB of `sid`.
933 *
934 * e.g. Given that `label` is 0x12345 and `len` is 16,
935 * then `label` will be embedded in `sid` as follows:
936 *
937 * <---- len ----->
938 * label: 0001 0002 0003 0004 0005
939 * sid: .... 0001 0002 0003 0004
940 * <---- len ----->
941 * ^
942 * |
943 * offset from MSB
944 *
945 * e.g. Given that `label` is 0x12345 and `len` is 8,
946 * `label` will be embedded in `sid` as follows:
947 *
948 * <- len ->
949 * label: 0001 0002 0003 0004 0005
950 * sid: .... 0001 0002 0000 0000
951 * <- len ->
952 * ^
953 * |
954 * offset from MSB
955 */
956 void transpose_sid(struct in6_addr *sid, uint32_t label, uint8_t offset,
957 uint8_t len)
958 {
959 for (uint8_t idx = 0; idx < len; idx++) {
960 uint8_t tidx = offset + idx;
961 sid->s6_addr[tidx / 8] &= ~(0x1 << (7 - tidx % 8));
962 if (label >> (19 - idx) & 0x1)
963 sid->s6_addr[tidx / 8] |= 0x1 << (7 - tidx % 8);
964 }
965 }
966
967 static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label,
968 uint32_t n)
969 {
970 uint32_t i;
971
972 if (!bpi->extra) {
973 if (!n)
974 return true;
975 else
976 return false;
977 }
978
979 if (n != bpi->extra->num_labels)
980 return false;
981
982 for (i = 0; i < n; ++i) {
983 if (label[i] != bpi->extra->label[i])
984 return false;
985 }
986 return true;
987 }
988
989 /*
990 * make encoded route labels match specified encoded label set
991 */
992 static void setlabels(struct bgp_path_info *bpi,
993 mpls_label_t *label, /* array of labels */
994 uint32_t num_labels)
995 {
996 if (num_labels)
997 assert(label);
998 assert(num_labels <= BGP_MAX_LABELS);
999
1000 if (!num_labels) {
1001 if (bpi->extra)
1002 bpi->extra->num_labels = 0;
1003 return;
1004 }
1005
1006 struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi);
1007 uint32_t i;
1008
1009 for (i = 0; i < num_labels; ++i) {
1010 extra->label[i] = label[i];
1011 if (!bgp_is_valid_label(&label[i])) {
1012 bgp_set_valid_label(&extra->label[i]);
1013 }
1014 }
1015 extra->num_labels = num_labels;
1016 }
1017
1018 /*
1019 * make encoded route SIDs match specified encoded sid set
1020 */
1021 static void setsids(struct bgp_path_info *bpi,
1022 struct in6_addr *sid,
1023 uint32_t num_sids)
1024 {
1025 uint32_t i;
1026 struct bgp_path_info_extra *extra;
1027
1028 if (num_sids)
1029 assert(sid);
1030 assert(num_sids <= BGP_MAX_SIDS);
1031
1032 if (!num_sids) {
1033 if (bpi->extra)
1034 bpi->extra->num_sids = 0;
1035 return;
1036 }
1037
1038 extra = bgp_path_info_extra_get(bpi);
1039 for (i = 0; i < num_sids; i++)
1040 memcpy(&extra->sid[i].sid, &sid[i], sizeof(struct in6_addr));
1041 extra->num_sids = num_sids;
1042 }
1043
1044 static void unsetsids(struct bgp_path_info *bpi)
1045 {
1046 struct bgp_path_info_extra *extra;
1047
1048 extra = bgp_path_info_extra_get(bpi);
1049 extra->num_sids = 0;
1050 memset(extra->sid, 0, sizeof(extra->sid));
1051 }
1052
1053 static bool leak_update_nexthop_valid(struct bgp *to_bgp, struct bgp_dest *bn,
1054 struct attr *new_attr, afi_t afi,
1055 safi_t safi,
1056 struct bgp_path_info *source_bpi,
1057 struct bgp_path_info *bpi,
1058 struct bgp *bgp_orig,
1059 const struct prefix *p, int debug)
1060 {
1061 struct bgp_path_info *bpi_ultimate;
1062 struct bgp *bgp_nexthop;
1063 bool nh_valid;
1064
1065 bpi_ultimate = bgp_get_imported_bpi_ultimate(source_bpi);
1066
1067 if (bpi->extra && bpi->extra->bgp_orig)
1068 bgp_nexthop = bpi->extra->bgp_orig;
1069 else
1070 bgp_nexthop = bgp_orig;
1071
1072 /*
1073 * No nexthop tracking for redistributed routes or for
1074 * EVPN-imported routes that get leaked.
1075 */
1076 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
1077 is_pi_family_evpn(bpi_ultimate))
1078 nh_valid = 1;
1079 else
1080 /*
1081 * TBD do we need to do anything about the
1082 * 'connected' parameter?
1083 */
1084 nh_valid = bgp_find_or_add_nexthop(to_bgp, bgp_nexthop, afi,
1085 safi, bpi, NULL, 0, p);
1086
1087 /*
1088 * If you are using SRv6 VPN instead of MPLS, it need to check
1089 * the SID allocation. If the sid is not allocated, the rib
1090 * will be invalid.
1091 */
1092 if (to_bgp->srv6_enabled &&
1093 (!new_attr->srv6_l3vpn && !new_attr->srv6_vpn)) {
1094 nh_valid = false;
1095 }
1096
1097 if (debug)
1098 zlog_debug("%s: %pFX nexthop is %svalid (in vrf %s)", __func__,
1099 p, (nh_valid ? "" : "not "),
1100 bgp_nexthop->name_pretty);
1101
1102 return nh_valid;
1103 }
1104
1105 /*
1106 * returns pointer to new bgp_path_info upon success
1107 */
1108 static struct bgp_path_info *
1109 leak_update(struct bgp *to_bgp, struct bgp_dest *bn,
1110 struct attr *new_attr, /* already interned */
1111 afi_t afi, safi_t safi, struct bgp_path_info *source_bpi,
1112 mpls_label_t *label, uint32_t num_labels, struct bgp *bgp_orig,
1113 struct prefix *nexthop_orig, int nexthop_self_flag, int debug)
1114 {
1115 const struct prefix *p = bgp_dest_get_prefix(bn);
1116 struct bgp_path_info *bpi;
1117 struct bgp_path_info *new;
1118 struct bgp_path_info_extra *extra;
1119 uint32_t num_sids = 0;
1120 void *parent = source_bpi;
1121
1122 if (new_attr->srv6_l3vpn || new_attr->srv6_vpn)
1123 num_sids = 1;
1124
1125 if (debug)
1126 zlog_debug(
1127 "%s: entry: leak-to=%s, p=%pBD, type=%d, sub_type=%d",
1128 __func__, to_bgp->name_pretty, bn, source_bpi->type,
1129 source_bpi->sub_type);
1130
1131 /*
1132 * Routes that are redistributed into BGP from zebra do not get
1133 * nexthop tracking. However, if those routes are subsequently
1134 * imported to other RIBs within BGP, the leaked routes do not
1135 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
1136 * in order to determine if the route we are currently leaking
1137 * should have nexthop tracking, we must find the ultimate
1138 * parent so we can check its sub_type.
1139 *
1140 * As of now, source_bpi may at most be a second-generation route
1141 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
1142 * Using a loop here supports more complex intra-bgp import-export
1143 * schemes that could be implemented in the future.
1144 *
1145 */
1146
1147 /*
1148 * match parent
1149 */
1150 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
1151 if (bpi->extra && bpi->extra->parent == parent)
1152 break;
1153 }
1154
1155 if (bpi) {
1156 bool labelssame = labels_same(bpi, label, num_labels);
1157
1158 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_REMOVED)
1159 && CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
1160 if (debug) {
1161 zlog_debug(
1162 "%s: ->%s(s_flags: 0x%x b_flags: 0x%x): %pFX: Found route, being removed, not leaking",
1163 __func__, to_bgp->name_pretty,
1164 source_bpi->flags, bpi->flags, p);
1165 }
1166 return NULL;
1167 }
1168
1169 if (attrhash_cmp(bpi->attr, new_attr) && labelssame
1170 && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
1171
1172 bgp_attr_unintern(&new_attr);
1173 if (debug)
1174 zlog_debug(
1175 "%s: ->%s: %pBD: Found route, no change",
1176 __func__, to_bgp->name_pretty, bn);
1177 return NULL;
1178 }
1179
1180 /* If the RT was changed via extended communities as an
1181 * import/export list, we should withdraw implicitly the old
1182 * path from VRFs.
1183 * For instance, RT list was modified using route-maps:
1184 * route-map test permit 10
1185 * set extcommunity rt none
1186 */
1187 if (CHECK_FLAG(bpi->attr->flag,
1188 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES)) &&
1189 CHECK_FLAG(new_attr->flag,
1190 ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES))) {
1191 if (!ecommunity_cmp(
1192 bgp_attr_get_ecommunity(bpi->attr),
1193 bgp_attr_get_ecommunity(new_attr))) {
1194 vpn_leak_to_vrf_withdraw(to_bgp, bpi);
1195 bgp_aggregate_decrement(to_bgp, p, bpi, afi,
1196 safi);
1197 bgp_path_info_delete(bn, bpi);
1198 }
1199 }
1200
1201 /* attr is changed */
1202 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED);
1203
1204 /* Rewrite BGP route information. */
1205 if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED))
1206 bgp_path_info_restore(bn, bpi);
1207 else
1208 bgp_aggregate_decrement(to_bgp, p, bpi, afi, safi);
1209 bgp_attr_unintern(&bpi->attr);
1210 bpi->attr = new_attr;
1211 bpi->uptime = monotime(NULL);
1212
1213 /*
1214 * rewrite labels
1215 */
1216 if (!labelssame)
1217 setlabels(bpi, label, num_labels);
1218
1219 /*
1220 * rewrite sid
1221 */
1222 if (num_sids) {
1223 if (new_attr->srv6_l3vpn) {
1224 setsids(bpi, &new_attr->srv6_l3vpn->sid,
1225 num_sids);
1226
1227 extra = bgp_path_info_extra_get(bpi);
1228
1229 extra->sid[0].loc_block_len =
1230 new_attr->srv6_l3vpn->loc_block_len;
1231 extra->sid[0].loc_node_len =
1232 new_attr->srv6_l3vpn->loc_node_len;
1233 extra->sid[0].func_len =
1234 new_attr->srv6_l3vpn->func_len;
1235 extra->sid[0].arg_len =
1236 new_attr->srv6_l3vpn->arg_len;
1237 extra->sid[0].transposition_len =
1238 new_attr->srv6_l3vpn->transposition_len;
1239 extra->sid[0].transposition_offset =
1240 new_attr->srv6_l3vpn
1241 ->transposition_offset;
1242 } else if (new_attr->srv6_vpn)
1243 setsids(bpi, &new_attr->srv6_vpn->sid,
1244 num_sids);
1245 } else
1246 unsetsids(bpi);
1247
1248 if (nexthop_self_flag)
1249 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF);
1250
1251 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_ACCEPT_OWN))
1252 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ACCEPT_OWN);
1253
1254 if (leak_update_nexthop_valid(to_bgp, bn, new_attr, afi, safi,
1255 source_bpi, bpi, bgp_orig, p,
1256 debug))
1257 bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID);
1258 else
1259 bgp_path_info_unset_flag(bn, bpi, BGP_PATH_VALID);
1260
1261 /* Process change. */
1262 bgp_aggregate_increment(to_bgp, p, bpi, afi, safi);
1263 bgp_process(to_bgp, bn, afi, safi);
1264 bgp_dest_unlock_node(bn);
1265
1266 if (debug)
1267 zlog_debug("%s: ->%s: %pBD Found route, changed attr",
1268 __func__, to_bgp->name_pretty, bn);
1269
1270 return bpi;
1271 }
1272
1273 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_REMOVED)) {
1274 if (debug) {
1275 zlog_debug(
1276 "%s: ->%s(s_flags: 0x%x): %pFX: New route, being removed, not leaking",
1277 __func__, to_bgp->name_pretty,
1278 source_bpi->flags, p);
1279 }
1280 return NULL;
1281 }
1282
1283 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
1284 to_bgp->peer_self, new_attr, bn);
1285
1286 if (source_bpi->peer) {
1287 extra = bgp_path_info_extra_get(new);
1288 extra->peer_orig = peer_lock(source_bpi->peer);
1289 }
1290
1291 if (nexthop_self_flag)
1292 bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF);
1293
1294 if (CHECK_FLAG(source_bpi->flags, BGP_PATH_ACCEPT_OWN))
1295 bgp_path_info_set_flag(bn, new, BGP_PATH_ACCEPT_OWN);
1296
1297 bgp_path_info_extra_get(new);
1298
1299 /*
1300 * rewrite sid
1301 */
1302 if (num_sids) {
1303 if (new_attr->srv6_l3vpn) {
1304 setsids(new, &new_attr->srv6_l3vpn->sid, num_sids);
1305
1306 extra = bgp_path_info_extra_get(new);
1307
1308 extra->sid[0].loc_block_len =
1309 new_attr->srv6_l3vpn->loc_block_len;
1310 extra->sid[0].loc_node_len =
1311 new_attr->srv6_l3vpn->loc_node_len;
1312 extra->sid[0].func_len = new_attr->srv6_l3vpn->func_len;
1313 extra->sid[0].arg_len = new_attr->srv6_l3vpn->arg_len;
1314 extra->sid[0].transposition_len =
1315 new_attr->srv6_l3vpn->transposition_len;
1316 extra->sid[0].transposition_offset =
1317 new_attr->srv6_l3vpn->transposition_offset;
1318 } else if (new_attr->srv6_vpn)
1319 setsids(new, &new_attr->srv6_vpn->sid, num_sids);
1320 } else
1321 unsetsids(new);
1322
1323 if (num_labels)
1324 setlabels(new, label, num_labels);
1325
1326 new->extra->parent = bgp_path_info_lock(parent);
1327 bgp_dest_lock_node(
1328 (struct bgp_dest *)((struct bgp_path_info *)parent)->net);
1329 if (bgp_orig)
1330 new->extra->bgp_orig = bgp_lock(bgp_orig);
1331 if (nexthop_orig)
1332 new->extra->nexthop_orig = *nexthop_orig;
1333
1334 if (leak_update_nexthop_valid(to_bgp, bn, new_attr, afi, safi,
1335 source_bpi, new, bgp_orig, p, debug))
1336 bgp_path_info_set_flag(bn, new, BGP_PATH_VALID);
1337 else
1338 bgp_path_info_unset_flag(bn, new, BGP_PATH_VALID);
1339
1340 bgp_aggregate_increment(to_bgp, p, new, afi, safi);
1341 bgp_path_info_add(bn, new);
1342
1343 bgp_dest_unlock_node(bn);
1344 bgp_process(to_bgp, bn, afi, safi);
1345
1346 if (debug)
1347 zlog_debug("%s: ->%s: %pBD: Added new route", __func__,
1348 to_bgp->name_pretty, bn);
1349
1350 return new;
1351 }
1352
1353 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
1354 void vpn_leak_from_vrf_update(struct bgp *to_bgp, /* to */
1355 struct bgp *from_bgp, /* from */
1356 struct bgp_path_info *path_vrf) /* route */
1357 {
1358 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1359 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
1360 afi_t afi = family2afi(p->family);
1361 struct attr static_attr = {0};
1362 struct attr *new_attr = NULL;
1363 safi_t safi = SAFI_MPLS_VPN;
1364 mpls_label_t label_val;
1365 mpls_label_t label;
1366 struct bgp_dest *bn;
1367 const char *debugmsg;
1368 int nexthop_self_flag = 0;
1369
1370 if (debug)
1371 zlog_debug("%s: from vrf %s", __func__, from_bgp->name_pretty);
1372
1373 if (debug && bgp_attr_get_ecommunity(path_vrf->attr)) {
1374 char *s = ecommunity_ecom2str(
1375 bgp_attr_get_ecommunity(path_vrf->attr),
1376 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1377
1378 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__,
1379 from_bgp->name, path_vrf->type, s);
1380 XFREE(MTYPE_ECOMMUNITY_STR, s);
1381 }
1382
1383 if (!to_bgp)
1384 return;
1385
1386 if (!afi) {
1387 if (debug)
1388 zlog_debug("%s: can't get afi of prefix", __func__);
1389 return;
1390 }
1391
1392 /* Is this route exportable into the VPN table? */
1393 if (!is_route_injectable_into_vpn(path_vrf))
1394 return;
1395
1396 if (!vpn_leak_to_vpn_active(from_bgp, afi, &debugmsg)) {
1397 if (debug)
1398 zlog_debug("%s: %s skipping: %s", __func__,
1399 from_bgp->name, debugmsg);
1400 return;
1401 }
1402
1403 /* shallow copy */
1404 static_attr = *path_vrf->attr;
1405
1406 /*
1407 * route map handling
1408 */
1409 if (from_bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
1410 struct bgp_path_info info;
1411 route_map_result_t ret;
1412
1413 memset(&info, 0, sizeof(info));
1414 info.peer = to_bgp->peer_self;
1415 info.attr = &static_attr;
1416 ret = route_map_apply(from_bgp->vpn_policy[afi]
1417 .rmap[BGP_VPN_POLICY_DIR_TOVPN],
1418 p, &info);
1419 if (RMAP_DENYMATCH == ret) {
1420 bgp_attr_flush(&static_attr); /* free any added parts */
1421 if (debug)
1422 zlog_debug(
1423 "%s: vrf %s route map \"%s\" says DENY, returning",
1424 __func__, from_bgp->name_pretty,
1425 from_bgp->vpn_policy[afi]
1426 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
1427 ->name);
1428 return;
1429 }
1430 }
1431
1432 if (debug && bgp_attr_get_ecommunity(&static_attr)) {
1433 char *s = ecommunity_ecom2str(
1434 bgp_attr_get_ecommunity(&static_attr),
1435 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1436
1437 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
1438 __func__, s);
1439 XFREE(MTYPE_ECOMMUNITY_STR, s);
1440 }
1441
1442 /*
1443 * Add the vpn-policy rt-list
1444 */
1445 struct ecommunity *old_ecom;
1446 struct ecommunity *new_ecom;
1447
1448 /* Export with the 'from' instance's export RTs. */
1449 /* If doing VRF-to-VRF leaking, strip existing RTs first. */
1450 old_ecom = bgp_attr_get_ecommunity(&static_attr);
1451 if (old_ecom) {
1452 new_ecom = ecommunity_dup(old_ecom);
1453 if (CHECK_FLAG(from_bgp->af_flags[afi][SAFI_UNICAST],
1454 BGP_CONFIG_VRF_TO_VRF_EXPORT))
1455 ecommunity_strip_rts(new_ecom);
1456 new_ecom = ecommunity_merge(
1457 new_ecom, from_bgp->vpn_policy[afi]
1458 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
1459 if (!old_ecom->refcnt)
1460 ecommunity_free(&old_ecom);
1461 } else {
1462 new_ecom = ecommunity_dup(
1463 from_bgp->vpn_policy[afi]
1464 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
1465 }
1466 bgp_attr_set_ecommunity(&static_attr, new_ecom);
1467
1468 if (debug && bgp_attr_get_ecommunity(&static_attr)) {
1469 char *s = ecommunity_ecom2str(
1470 bgp_attr_get_ecommunity(&static_attr),
1471 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1472
1473 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
1474 __func__, s);
1475 XFREE(MTYPE_ECOMMUNITY_STR, s);
1476 }
1477
1478 community_strip_accept_own(&static_attr);
1479
1480 /* Nexthop */
1481 /* if policy nexthop not set, use 0 */
1482 if (CHECK_FLAG(from_bgp->vpn_policy[afi].flags,
1483 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
1484 struct prefix *nexthop =
1485 &from_bgp->vpn_policy[afi].tovpn_nexthop;
1486
1487 switch (nexthop->family) {
1488 case AF_INET:
1489 /* prevent mp_nexthop_global_in <- self in bgp_route.c
1490 */
1491 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
1492
1493 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
1494 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV4;
1495 break;
1496
1497 case AF_INET6:
1498 static_attr.mp_nexthop_global = nexthop->u.prefix6;
1499 static_attr.mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL;
1500 break;
1501
1502 default:
1503 assert(0);
1504 }
1505 } else {
1506 if (!CHECK_FLAG(from_bgp->af_flags[afi][SAFI_UNICAST],
1507 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
1508 if (afi == AFI_IP) {
1509 /*
1510 * For ipv4, copy to multiprotocol
1511 * nexthop field
1512 */
1513 static_attr.mp_nexthop_global_in =
1514 static_attr.nexthop;
1515 static_attr.mp_nexthop_len =
1516 BGP_ATTR_NHLEN_IPV4;
1517 /*
1518 * XXX Leave static_attr.nexthop
1519 * intact for NHT
1520 */
1521 static_attr.flag &=
1522 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1523 }
1524 } else {
1525 /* Update based on next-hop family to account for
1526 * RFC 5549 (BGP unnumbered) scenario. Note that
1527 * specific action is only needed for the case of
1528 * IPv4 nexthops as the attr has been copied
1529 * otherwise.
1530 */
1531 if (afi == AFI_IP
1532 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
1533 static_attr.mp_nexthop_global_in.s_addr =
1534 static_attr.nexthop.s_addr;
1535 static_attr.mp_nexthop_len =
1536 BGP_ATTR_NHLEN_IPV4;
1537 static_attr.flag |=
1538 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1539 }
1540 }
1541 nexthop_self_flag = 1;
1542 }
1543
1544 label_val = from_bgp->vpn_policy[afi].tovpn_label;
1545 if (label_val == MPLS_LABEL_NONE) {
1546 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
1547 } else {
1548 encode_label(label_val, &label);
1549 }
1550
1551 /* Set originator ID to "me" */
1552 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
1553 static_attr.originator_id = to_bgp->router_id;
1554
1555 /* Set SID for SRv6 VPN */
1556 if (from_bgp->vpn_policy[afi].tovpn_sid_locator) {
1557 struct srv6_locator_chunk *locator =
1558 from_bgp->vpn_policy[afi].tovpn_sid_locator;
1559 encode_label(
1560 from_bgp->vpn_policy[afi].tovpn_sid_transpose_label,
1561 &label);
1562 static_attr.srv6_l3vpn = XCALLOC(MTYPE_BGP_SRV6_L3VPN,
1563 sizeof(struct bgp_attr_srv6_l3vpn));
1564 static_attr.srv6_l3vpn->sid_flags = 0x00;
1565 static_attr.srv6_l3vpn->endpoint_behavior =
1566 afi == AFI_IP
1567 ? (CHECK_FLAG(locator->flags, SRV6_LOCATOR_USID)
1568 ? SRV6_ENDPOINT_BEHAVIOR_END_DT4_USID
1569 : SRV6_ENDPOINT_BEHAVIOR_END_DT4)
1570 : (CHECK_FLAG(locator->flags, SRV6_LOCATOR_USID)
1571 ? SRV6_ENDPOINT_BEHAVIOR_END_DT6_USID
1572 : SRV6_ENDPOINT_BEHAVIOR_END_DT6);
1573 static_attr.srv6_l3vpn->loc_block_len =
1574 from_bgp->vpn_policy[afi]
1575 .tovpn_sid_locator->block_bits_length;
1576 static_attr.srv6_l3vpn->loc_node_len =
1577 from_bgp->vpn_policy[afi]
1578 .tovpn_sid_locator->node_bits_length;
1579 static_attr.srv6_l3vpn->func_len =
1580 from_bgp->vpn_policy[afi]
1581 .tovpn_sid_locator->function_bits_length;
1582 static_attr.srv6_l3vpn->arg_len =
1583 from_bgp->vpn_policy[afi]
1584 .tovpn_sid_locator->argument_bits_length;
1585 static_attr.srv6_l3vpn->transposition_len =
1586 from_bgp->vpn_policy[afi]
1587 .tovpn_sid_locator->function_bits_length;
1588 static_attr.srv6_l3vpn->transposition_offset =
1589 from_bgp->vpn_policy[afi]
1590 .tovpn_sid_locator->block_bits_length +
1591 from_bgp->vpn_policy[afi]
1592 .tovpn_sid_locator->node_bits_length;
1593 ;
1594 memcpy(&static_attr.srv6_l3vpn->sid,
1595 &from_bgp->vpn_policy[afi]
1596 .tovpn_sid_locator->prefix.prefix,
1597 sizeof(struct in6_addr));
1598 } else if (from_bgp->tovpn_sid_locator) {
1599 struct srv6_locator_chunk *locator =
1600 from_bgp->tovpn_sid_locator;
1601 encode_label(from_bgp->tovpn_sid_transpose_label, &label);
1602 static_attr.srv6_l3vpn =
1603 XCALLOC(MTYPE_BGP_SRV6_L3VPN,
1604 sizeof(struct bgp_attr_srv6_l3vpn));
1605 static_attr.srv6_l3vpn->sid_flags = 0x00;
1606 static_attr.srv6_l3vpn->endpoint_behavior =
1607 CHECK_FLAG(locator->flags, SRV6_LOCATOR_USID)
1608 ? SRV6_ENDPOINT_BEHAVIOR_END_DT46_USID
1609 : SRV6_ENDPOINT_BEHAVIOR_END_DT46;
1610 static_attr.srv6_l3vpn->loc_block_len =
1611 from_bgp->tovpn_sid_locator->block_bits_length;
1612 static_attr.srv6_l3vpn->loc_node_len =
1613 from_bgp->tovpn_sid_locator->node_bits_length;
1614 static_attr.srv6_l3vpn->func_len =
1615 from_bgp->tovpn_sid_locator->function_bits_length;
1616 static_attr.srv6_l3vpn->arg_len =
1617 from_bgp->tovpn_sid_locator->argument_bits_length;
1618 static_attr.srv6_l3vpn->transposition_len =
1619 from_bgp->tovpn_sid_locator->function_bits_length;
1620 static_attr.srv6_l3vpn->transposition_offset =
1621 from_bgp->tovpn_sid_locator->block_bits_length +
1622 from_bgp->tovpn_sid_locator->node_bits_length;
1623 memcpy(&static_attr.srv6_l3vpn->sid,
1624 &from_bgp->tovpn_sid_locator->prefix.prefix,
1625 sizeof(struct in6_addr));
1626 }
1627
1628
1629 new_attr = bgp_attr_intern(
1630 &static_attr); /* hashed refcounted everything */
1631 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
1632
1633 if (debug && bgp_attr_get_ecommunity(new_attr)) {
1634 char *s = ecommunity_ecom2str(bgp_attr_get_ecommunity(new_attr),
1635 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
1636
1637 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
1638 XFREE(MTYPE_ECOMMUNITY_STR, s);
1639 }
1640
1641 /* Now new_attr is an allocated interned attr */
1642
1643 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p,
1644 &(from_bgp->vpn_policy[afi].tovpn_rd));
1645
1646 struct bgp_path_info *new_info;
1647
1648 new_info =
1649 leak_update(to_bgp, bn, new_attr, afi, safi, path_vrf, &label,
1650 1, from_bgp, NULL, nexthop_self_flag, debug);
1651
1652 /*
1653 * Routes actually installed in the vpn RIB must also be
1654 * offered to all vrfs (because now they originate from
1655 * the vpn RIB).
1656 *
1657 * Acceptance into other vrfs depends on rt-lists.
1658 * Originating vrf will not accept the looped back route
1659 * because of loop checking.
1660 */
1661 if (new_info)
1662 vpn_leak_to_vrf_update(from_bgp, new_info, NULL);
1663 }
1664
1665 void vpn_leak_from_vrf_withdraw(struct bgp *to_bgp, /* to */
1666 struct bgp *from_bgp, /* from */
1667 struct bgp_path_info *path_vrf) /* route */
1668 {
1669 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1670 const struct prefix *p = bgp_dest_get_prefix(path_vrf->net);
1671 afi_t afi = family2afi(p->family);
1672 safi_t safi = SAFI_MPLS_VPN;
1673 struct bgp_path_info *bpi;
1674 struct bgp_dest *bn;
1675 const char *debugmsg;
1676
1677 if (debug) {
1678 zlog_debug(
1679 "%s: entry: leak-from=%s, p=%pBD, type=%d, sub_type=%d",
1680 __func__, from_bgp->name_pretty, path_vrf->net,
1681 path_vrf->type, path_vrf->sub_type);
1682 }
1683
1684 if (!to_bgp)
1685 return;
1686
1687 if (!afi) {
1688 if (debug)
1689 zlog_debug("%s: can't get afi of prefix", __func__);
1690 return;
1691 }
1692
1693 /* Is this route exportable into the VPN table? */
1694 if (!is_route_injectable_into_vpn(path_vrf))
1695 return;
1696
1697 if (!vpn_leak_to_vpn_active(from_bgp, afi, &debugmsg)) {
1698 if (debug)
1699 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1700 return;
1701 }
1702
1703 if (debug)
1704 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf);
1705
1706 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p,
1707 &(from_bgp->vpn_policy[afi].tovpn_rd));
1708
1709 if (!bn)
1710 return;
1711 /*
1712 * vrf -> vpn
1713 * match original bpi imported from
1714 */
1715 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
1716 if (bpi->extra && bpi->extra->parent == path_vrf) {
1717 break;
1718 }
1719 }
1720
1721 if (bpi) {
1722 /* withdraw from looped vrfs as well */
1723 vpn_leak_to_vrf_withdraw(to_bgp, bpi);
1724
1725 bgp_aggregate_decrement(to_bgp, p, bpi, afi, safi);
1726 bgp_path_info_delete(bn, bpi);
1727 bgp_process(to_bgp, bn, afi, safi);
1728 }
1729 bgp_dest_unlock_node(bn);
1730 }
1731
1732 void vpn_leak_from_vrf_withdraw_all(struct bgp *to_bgp, struct bgp *from_bgp,
1733 afi_t afi)
1734 {
1735 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1736 struct bgp_dest *pdest;
1737 safi_t safi = SAFI_MPLS_VPN;
1738
1739 /*
1740 * Walk vpn table, delete bpi with bgp_orig == from_bgp
1741 */
1742 for (pdest = bgp_table_top(to_bgp->rib[afi][safi]); pdest;
1743 pdest = bgp_route_next(pdest)) {
1744
1745 struct bgp_table *table;
1746 struct bgp_dest *bn;
1747 struct bgp_path_info *bpi;
1748
1749 /* This is the per-RD table of prefixes */
1750 table = bgp_dest_get_bgp_table_info(pdest);
1751
1752 if (!table)
1753 continue;
1754
1755 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1756 bpi = bgp_dest_get_bgp_path_info(bn);
1757 if (debug && bpi) {
1758 zlog_debug("%s: looking at prefix %pBD",
1759 __func__, bn);
1760 }
1761
1762 for (; bpi; bpi = bpi->next) {
1763 if (debug)
1764 zlog_debug("%s: type %d, sub_type %d",
1765 __func__, bpi->type,
1766 bpi->sub_type);
1767 if (bpi->sub_type != BGP_ROUTE_IMPORTED)
1768 continue;
1769 if (!bpi->extra)
1770 continue;
1771 if ((struct bgp *)bpi->extra->bgp_orig ==
1772 from_bgp) {
1773 /* delete route */
1774 if (debug)
1775 zlog_debug("%s: deleting it",
1776 __func__);
1777 /* withdraw from leak-to vrfs as well */
1778 vpn_leak_to_vrf_withdraw(to_bgp, bpi);
1779 bgp_aggregate_decrement(
1780 to_bgp, bgp_dest_get_prefix(bn),
1781 bpi, afi, safi);
1782 bgp_path_info_delete(bn, bpi);
1783 bgp_process(to_bgp, bn, afi, safi);
1784 }
1785 }
1786 }
1787 }
1788 }
1789
1790 void vpn_leak_from_vrf_update_all(struct bgp *to_bgp, struct bgp *from_bgp,
1791 afi_t afi)
1792 {
1793 struct bgp_dest *bn;
1794 struct bgp_path_info *bpi;
1795 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1796
1797 if (debug)
1798 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
1799 from_bgp->name_pretty);
1800
1801 for (bn = bgp_table_top(from_bgp->rib[afi][SAFI_UNICAST]); bn;
1802 bn = bgp_route_next(bn)) {
1803
1804 if (debug)
1805 zlog_debug("%s: node=%p", __func__, bn);
1806
1807 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
1808 bpi = bpi->next) {
1809 if (debug)
1810 zlog_debug(
1811 "%s: calling vpn_leak_from_vrf_update",
1812 __func__);
1813 vpn_leak_from_vrf_update(to_bgp, from_bgp, bpi);
1814 }
1815 }
1816 }
1817
1818 static struct bgp *bgp_lookup_by_rd(struct bgp_path_info *bpi,
1819 struct prefix_rd *rd, afi_t afi)
1820 {
1821 struct listnode *node, *nnode;
1822 struct bgp *bgp;
1823
1824 if (!rd)
1825 return NULL;
1826
1827 /* If ACCEPT_OWN is not enabled for this path - return. */
1828 if (!CHECK_FLAG(bpi->flags, BGP_PATH_ACCEPT_OWN))
1829 return NULL;
1830
1831 for (ALL_LIST_ELEMENTS(bm->bgp, node, nnode, bgp)) {
1832 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
1833 continue;
1834
1835 if (!CHECK_FLAG(bgp->vpn_policy[afi].flags,
1836 BGP_VPN_POLICY_TOVPN_RD_SET))
1837 continue;
1838
1839 /* Check if we have source VRF by RD value */
1840 if (memcmp(&bgp->vpn_policy[afi].tovpn_rd.val, rd->val,
1841 ECOMMUNITY_SIZE) == 0)
1842 return bgp;
1843 }
1844
1845 return NULL;
1846 }
1847
1848 static bool vpn_leak_to_vrf_update_onevrf(struct bgp *to_bgp, /* to */
1849 struct bgp *from_bgp, /* from */
1850 struct bgp_path_info *path_vpn,
1851 struct prefix_rd *prd)
1852 {
1853 const struct prefix *p = bgp_dest_get_prefix(path_vpn->net);
1854 afi_t afi = family2afi(p->family);
1855
1856 struct attr static_attr = {0};
1857 struct attr *new_attr = NULL;
1858 struct bgp_dest *bn;
1859 safi_t safi = SAFI_UNICAST;
1860 const char *debugmsg;
1861 struct prefix nexthop_orig;
1862 mpls_label_t *pLabels = NULL;
1863 uint32_t num_labels = 0;
1864 int nexthop_self_flag = 1;
1865 struct bgp_path_info *bpi_ultimate = NULL;
1866 int origin_local = 0;
1867 struct bgp *src_vrf;
1868
1869 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1870
1871 if (!vpn_leak_from_vpn_active(to_bgp, afi, &debugmsg)) {
1872 if (debug)
1873 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1874 return false;
1875 }
1876
1877 /* Check for intersection of route targets */
1878 if (!ecommunity_include(
1879 to_bgp->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1880 bgp_attr_get_ecommunity(path_vpn->attr))) {
1881 if (debug)
1882 zlog_debug(
1883 "from vpn (%s) to vrf (%s), skipping after no intersection of route targets",
1884 from_bgp->name_pretty, to_bgp->name_pretty);
1885 return false;
1886 }
1887
1888 /* A route MUST NOT ever be accepted back into its source VRF, even if
1889 * it carries one or more RTs that match that VRF.
1890 */
1891 if (prd && memcmp(&prd->val, &to_bgp->vpn_policy[afi].tovpn_rd.val,
1892 ECOMMUNITY_SIZE) == 0) {
1893 if (debug)
1894 zlog_debug(
1895 "%s: skipping import, match RD (%pRD) of src VRF (%s) and the prefix (%pFX)",
1896 __func__, prd, to_bgp->name_pretty, p);
1897
1898 return false;
1899 }
1900
1901 if (debug)
1902 zlog_debug("%s: updating RD %pRD, %pFX to vrf %s", __func__,
1903 prd, p, to_bgp->name_pretty);
1904
1905 /* shallow copy */
1906 static_attr = *path_vpn->attr;
1907
1908 struct ecommunity *old_ecom;
1909 struct ecommunity *new_ecom;
1910
1911 /* If doing VRF-to-VRF leaking, strip RTs. */
1912 old_ecom = bgp_attr_get_ecommunity(&static_attr);
1913 if (old_ecom && CHECK_FLAG(to_bgp->af_flags[afi][safi],
1914 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1915 new_ecom = ecommunity_dup(old_ecom);
1916 ecommunity_strip_rts(new_ecom);
1917 bgp_attr_set_ecommunity(&static_attr, new_ecom);
1918
1919 if (new_ecom->size == 0) {
1920 ecommunity_free(&new_ecom);
1921 bgp_attr_set_ecommunity(&static_attr, NULL);
1922 }
1923
1924 if (!old_ecom->refcnt)
1925 ecommunity_free(&old_ecom);
1926 }
1927
1928 community_strip_accept_own(&static_attr);
1929
1930 /*
1931 * Nexthop: stash and clear
1932 *
1933 * Nexthop is valid in context of VPN core, but not in destination vrf.
1934 * Stash it for later label resolution by vrf ingress path and then
1935 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1936 */
1937 uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len);
1938
1939 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1940 nexthop_orig.family = nhfamily;
1941
1942 switch (nhfamily) {
1943 case AF_INET:
1944 /* save */
1945 nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in;
1946 nexthop_orig.prefixlen = IPV4_MAX_BITLEN;
1947
1948 if (CHECK_FLAG(to_bgp->af_flags[afi][safi],
1949 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1950 static_attr.nexthop.s_addr =
1951 nexthop_orig.u.prefix4.s_addr;
1952
1953 static_attr.mp_nexthop_global_in =
1954 path_vpn->attr->mp_nexthop_global_in;
1955 static_attr.mp_nexthop_len =
1956 path_vpn->attr->mp_nexthop_len;
1957 }
1958 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1959 break;
1960 case AF_INET6:
1961 /* save */
1962 nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global;
1963 nexthop_orig.prefixlen = IPV6_MAX_BITLEN;
1964
1965 if (CHECK_FLAG(to_bgp->af_flags[afi][safi],
1966 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1967 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
1968 }
1969 break;
1970 }
1971
1972 /*
1973 * route map handling
1974 */
1975 if (to_bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
1976 struct bgp_path_info info;
1977 route_map_result_t ret;
1978
1979 memset(&info, 0, sizeof(info));
1980 info.peer = to_bgp->peer_self;
1981 info.attr = &static_attr;
1982 info.extra = path_vpn->extra; /* Used for source-vrf filter */
1983 ret = route_map_apply(to_bgp->vpn_policy[afi]
1984 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
1985 p, &info);
1986 if (RMAP_DENYMATCH == ret) {
1987 bgp_attr_flush(&static_attr); /* free any added parts */
1988 if (debug)
1989 zlog_debug(
1990 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
1991 __func__, to_bgp->name_pretty,
1992 to_bgp->vpn_policy[afi]
1993 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
1994 ->name);
1995 return false;
1996 }
1997 /*
1998 * if route-map changed nexthop, don't nexthop-self on output
1999 */
2000 if (!CHECK_FLAG(static_attr.rmap_change_flags,
2001 BATTR_RMAP_NEXTHOP_UNCHANGED))
2002 nexthop_self_flag = 0;
2003 }
2004
2005 new_attr = bgp_attr_intern(&static_attr);
2006 bgp_attr_flush(&static_attr);
2007
2008 bn = bgp_afi_node_get(to_bgp->rib[afi][safi], afi, safi, p, NULL);
2009
2010 /*
2011 * ensure labels are copied
2012 *
2013 * However, there is a special case: if the route originated in
2014 * another local VRF (as opposed to arriving via VPN), then the
2015 * nexthop is reached by hairpinning through this router (me)
2016 * using IP forwarding only (no LSP). Therefore, the route
2017 * imported to the VRF should not have labels attached. Note
2018 * that nexthop tracking is also involved: eliminating the
2019 * labels for these routes enables the non-labeled nexthops
2020 * from the originating VRF to be considered valid for this route.
2021 */
2022 if (!CHECK_FLAG(to_bgp->af_flags[afi][safi],
2023 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
2024 /* work back to original route */
2025 bpi_ultimate = bgp_get_imported_bpi_ultimate(path_vpn);
2026
2027 /*
2028 * if original route was unicast,
2029 * then it did not arrive over vpn
2030 */
2031 if (bpi_ultimate->net) {
2032 struct bgp_table *table;
2033
2034 table = bgp_dest_table(bpi_ultimate->net);
2035 if (table && (table->safi == SAFI_UNICAST))
2036 origin_local = 1;
2037 }
2038
2039 /* copy labels */
2040 if (!origin_local && path_vpn->extra
2041 && path_vpn->extra->num_labels) {
2042 num_labels = path_vpn->extra->num_labels;
2043 if (num_labels > BGP_MAX_LABELS)
2044 num_labels = BGP_MAX_LABELS;
2045 pLabels = path_vpn->extra->label;
2046 }
2047 }
2048
2049 if (debug)
2050 zlog_debug("%s: pfx %pBD: num_labels %d", __func__,
2051 path_vpn->net, num_labels);
2052
2053 /*
2054 * For VRF-2-VRF route-leaking,
2055 * the source will be the originating VRF.
2056 *
2057 * If ACCEPT_OWN mechanism is enabled, then we SHOULD(?)
2058 * get the source VRF (BGP) by looking at the RD.
2059 */
2060 struct bgp *src_bgp = bgp_lookup_by_rd(path_vpn, prd, afi);
2061
2062 if (path_vpn->extra && path_vpn->extra->bgp_orig)
2063 src_vrf = path_vpn->extra->bgp_orig;
2064 else if (src_bgp)
2065 src_vrf = src_bgp;
2066 else
2067 src_vrf = from_bgp;
2068
2069 leak_update(to_bgp, bn, new_attr, afi, safi, path_vpn, pLabels,
2070 num_labels, src_vrf, &nexthop_orig, nexthop_self_flag,
2071 debug);
2072 return true;
2073 }
2074
2075 bool vpn_leak_to_vrf_update(struct bgp *from_bgp,
2076 struct bgp_path_info *path_vpn,
2077 struct prefix_rd *prd)
2078 {
2079 struct listnode *mnode, *mnnode;
2080 struct bgp *bgp;
2081 bool leak_success = false;
2082
2083 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
2084
2085 if (debug)
2086 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
2087
2088 /* Loop over VRFs */
2089 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2090
2091 if (!path_vpn->extra
2092 || path_vpn->extra->bgp_orig != bgp) { /* no loop */
2093 leak_success |= vpn_leak_to_vrf_update_onevrf(
2094 bgp, from_bgp, path_vpn, prd);
2095 }
2096 }
2097 return leak_success;
2098 }
2099
2100 void vpn_leak_to_vrf_withdraw(struct bgp *from_bgp, /* from */
2101 struct bgp_path_info *path_vpn) /* route */
2102 {
2103 const struct prefix *p;
2104 afi_t afi;
2105 safi_t safi = SAFI_UNICAST;
2106 struct bgp *bgp;
2107 struct listnode *mnode, *mnnode;
2108 struct bgp_dest *bn;
2109 struct bgp_path_info *bpi;
2110 const char *debugmsg;
2111
2112 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
2113
2114 if (debug)
2115 zlog_debug("%s: entry: p=%pBD, type=%d, sub_type=%d", __func__,
2116 path_vpn->net, path_vpn->type, path_vpn->sub_type);
2117
2118 if (debug)
2119 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
2120
2121 if (!path_vpn->net) {
2122 #ifdef ENABLE_BGP_VNC
2123 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
2124 if (path_vpn->type == ZEBRA_ROUTE_BGP
2125 && path_vpn->sub_type == BGP_ROUTE_RFP) {
2126
2127 return;
2128 }
2129 #endif
2130 if (debug)
2131 zlog_debug(
2132 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
2133 __func__);
2134 return;
2135 }
2136
2137 p = bgp_dest_get_prefix(path_vpn->net);
2138 afi = family2afi(p->family);
2139
2140 /* Loop over VRFs */
2141 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2142 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
2143 if (debug)
2144 zlog_debug("%s: skipping: %s", __func__,
2145 debugmsg);
2146 continue;
2147 }
2148
2149 /* Check for intersection of route targets */
2150 if (!ecommunity_include(
2151 bgp->vpn_policy[afi]
2152 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
2153 bgp_attr_get_ecommunity(path_vpn->attr))) {
2154
2155 continue;
2156 }
2157
2158 if (debug)
2159 zlog_debug("%s: withdrawing from vrf %s", __func__,
2160 bgp->name_pretty);
2161
2162 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
2163
2164 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
2165 bpi = bpi->next) {
2166 if (bpi->extra
2167 && (struct bgp_path_info *)bpi->extra->parent
2168 == path_vpn) {
2169 break;
2170 }
2171 }
2172
2173 if (bpi) {
2174 if (debug)
2175 zlog_debug("%s: deleting bpi %p", __func__,
2176 bpi);
2177 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
2178 bgp_path_info_delete(bn, bpi);
2179 bgp_process(bgp, bn, afi, safi);
2180 }
2181 bgp_dest_unlock_node(bn);
2182 }
2183 }
2184
2185 void vpn_leak_to_vrf_withdraw_all(struct bgp *to_bgp, afi_t afi)
2186 {
2187 struct bgp_dest *bn;
2188 struct bgp_path_info *bpi;
2189 safi_t safi = SAFI_UNICAST;
2190 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
2191
2192 if (debug)
2193 zlog_debug("%s: entry", __func__);
2194 /*
2195 * Walk vrf table, delete bpi with bgp_orig in a different vrf
2196 */
2197 for (bn = bgp_table_top(to_bgp->rib[afi][safi]); bn;
2198 bn = bgp_route_next(bn)) {
2199
2200 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
2201 bpi = bpi->next) {
2202 if (bpi->extra && bpi->extra->bgp_orig != to_bgp &&
2203 bpi->extra->parent &&
2204 is_pi_family_vpn(bpi->extra->parent)) {
2205
2206 /* delete route */
2207 bgp_aggregate_decrement(to_bgp,
2208 bgp_dest_get_prefix(bn),
2209 bpi, afi, safi);
2210 bgp_path_info_delete(bn, bpi);
2211 bgp_process(to_bgp, bn, afi, safi);
2212 }
2213 }
2214 }
2215 }
2216
2217 void vpn_leak_to_vrf_update_all(struct bgp *to_bgp, struct bgp *vpn_from,
2218 afi_t afi)
2219 {
2220 struct bgp_dest *pdest;
2221 safi_t safi = SAFI_MPLS_VPN;
2222
2223 assert(vpn_from);
2224
2225 /*
2226 * Walk vpn table
2227 */
2228 for (pdest = bgp_table_top(vpn_from->rib[afi][safi]); pdest;
2229 pdest = bgp_route_next(pdest)) {
2230 struct bgp_table *table;
2231 struct bgp_dest *bn;
2232 struct bgp_path_info *bpi;
2233
2234 /* This is the per-RD table of prefixes */
2235 table = bgp_dest_get_bgp_table_info(pdest);
2236
2237 if (!table)
2238 continue;
2239
2240 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
2241
2242 for (bpi = bgp_dest_get_bgp_path_info(bn); bpi;
2243 bpi = bpi->next) {
2244
2245 if (bpi->extra &&
2246 bpi->extra->bgp_orig == to_bgp)
2247 continue;
2248
2249 vpn_leak_to_vrf_update_onevrf(to_bgp, vpn_from,
2250 bpi, NULL);
2251 }
2252 }
2253 }
2254 }
2255
2256 /*
2257 * This function is called for definition/deletion/change to a route-map
2258 */
2259 static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
2260 {
2261 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
2262 afi_t afi;
2263 struct route_map *rmap;
2264
2265 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
2266 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
2267
2268 return;
2269 }
2270
2271 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
2272
2273 for (afi = 0; afi < AFI_MAX; ++afi) {
2274
2275 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
2276 && !strcmp(rmap_name,
2277 bgp->vpn_policy[afi]
2278 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
2279
2280 if (debug)
2281 zlog_debug(
2282 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
2283 __func__, rmap_name, bgp->as,
2284 afi2str(afi));
2285
2286 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
2287 bgp_get_default(), bgp);
2288 if (debug)
2289 zlog_debug("%s: after vpn_leak_prechange",
2290 __func__);
2291
2292 /* in case of definition/deletion */
2293 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
2294 rmap;
2295
2296 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
2297 bgp_get_default(), bgp);
2298
2299 if (debug)
2300 zlog_debug("%s: after vpn_leak_postchange",
2301 __func__);
2302 }
2303
2304 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
2305 && !strcmp(rmap_name,
2306 bgp->vpn_policy[afi]
2307 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
2308
2309 if (debug) {
2310 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
2311 __func__, rmap_name, bgp->as,
2312 afi2str(afi));
2313 }
2314
2315 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
2316 bgp_get_default(), bgp);
2317
2318 /* in case of definition/deletion */
2319 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
2320 rmap;
2321
2322 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
2323 bgp_get_default(), bgp);
2324 }
2325 }
2326 }
2327
2328 /* This API is used during router-id change, reflect VPNs
2329 * auto RD and RT values and readvertise routes to VPN table.
2330 */
2331 void vpn_handle_router_id_update(struct bgp *bgp, bool withdraw,
2332 bool is_config)
2333 {
2334 afi_t afi;
2335 int debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF)
2336 | BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2337 char *vname;
2338 const char *export_name;
2339 char buf[RD_ADDRSTRLEN];
2340 struct bgp *bgp_import;
2341 struct listnode *node;
2342 struct ecommunity *ecom;
2343 enum vpn_policy_direction idir, edir;
2344
2345 /*
2346 * Router-id change that is not explicitly configured
2347 * (a change from zebra, frr restart for example)
2348 * should not replace a configured vpn RD/RT.
2349 */
2350 if (!is_config) {
2351 if (debug)
2352 zlog_debug("%s: skipping non explicit router-id change",
2353 __func__);
2354 return;
2355 }
2356
2357 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
2358 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2359 return;
2360
2361 export_name = bgp->name ? bgp->name : VRF_DEFAULT_NAME;
2362 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2363 edir = BGP_VPN_POLICY_DIR_TOVPN;
2364
2365 for (afi = 0; afi < AFI_MAX; ++afi) {
2366 if (!vpn_leak_to_vpn_active(bgp, afi, NULL))
2367 continue;
2368
2369 if (withdraw) {
2370 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
2371 afi, bgp_get_default(), bgp);
2372 if (debug)
2373 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
2374 __func__, export_name);
2375
2376 /* Remove import RT from VRFs */
2377 ecom = bgp->vpn_policy[afi].rtlist[edir];
2378 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
2379 export_vrf, node, vname)) {
2380 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
2381 bgp_import = bgp_get_default();
2382 else
2383 bgp_import = bgp_lookup_by_name(vname);
2384 if (!bgp_import)
2385 continue;
2386
2387 ecommunity_del_val(
2388 bgp_import->vpn_policy[afi]
2389 .rtlist[idir],
2390 (struct ecommunity_val *)ecom->val);
2391 }
2392 } else {
2393 /* New router-id derive auto RD and RT and export
2394 * to VPN
2395 */
2396 form_auto_rd(bgp->router_id, bgp->vrf_rd_id,
2397 &bgp->vrf_prd_auto);
2398 bgp->vpn_policy[afi].tovpn_rd = bgp->vrf_prd_auto;
2399 prefix_rd2str(&bgp->vpn_policy[afi].tovpn_rd, buf,
2400 sizeof(buf));
2401
2402 /* free up pre-existing memory if any and allocate
2403 * the ecommunity attribute with new RD/RT
2404 */
2405 if (bgp->vpn_policy[afi].rtlist[edir])
2406 ecommunity_free(
2407 &bgp->vpn_policy[afi].rtlist[edir]);
2408 bgp->vpn_policy[afi].rtlist[edir] = ecommunity_str2com(
2409 buf, ECOMMUNITY_ROUTE_TARGET, 0);
2410
2411 /* Update import_vrf rt_list */
2412 ecom = bgp->vpn_policy[afi].rtlist[edir];
2413 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
2414 export_vrf, node, vname)) {
2415 if (strcmp(vname, VRF_DEFAULT_NAME) == 0)
2416 bgp_import = bgp_get_default();
2417 else
2418 bgp_import = bgp_lookup_by_name(vname);
2419 if (!bgp_import)
2420 continue;
2421 if (bgp_import->vpn_policy[afi].rtlist[idir])
2422 bgp_import->vpn_policy[afi].rtlist[idir]
2423 = ecommunity_merge(
2424 bgp_import->vpn_policy[afi]
2425 .rtlist[idir], ecom);
2426 else
2427 bgp_import->vpn_policy[afi].rtlist[idir]
2428 = ecommunity_dup(ecom);
2429 }
2430
2431 /* Update routes to VPN */
2432 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
2433 afi, bgp_get_default(),
2434 bgp);
2435 if (debug)
2436 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
2437 __func__, export_name);
2438 }
2439 }
2440 }
2441
2442 void vpn_policy_routemap_event(const char *rmap_name)
2443 {
2444 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
2445 struct listnode *mnode, *mnnode;
2446 struct bgp *bgp;
2447
2448 if (debug)
2449 zlog_debug("%s: entry", __func__);
2450
2451 if (bm->bgp == NULL) /* may be called during cleanup */
2452 return;
2453
2454 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
2455 vpn_policy_routemap_update(bgp, rmap_name);
2456 }
2457
2458 void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
2459 afi_t afi, safi_t safi)
2460 {
2461 const char *export_name;
2462 enum vpn_policy_direction idir, edir;
2463 char *vname, *tmp_name;
2464 char buf[RD_ADDRSTRLEN];
2465 struct ecommunity *ecom;
2466 bool first_export = false;
2467 int debug;
2468 struct listnode *node;
2469 bool is_inst_match = false;
2470
2471 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
2472 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2473 edir = BGP_VPN_POLICY_DIR_TOVPN;
2474
2475 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2476 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2477
2478 /*
2479 * Cross-ref both VRFs. Also, note if this is the first time
2480 * any VRF is importing from "import_vrf".
2481 */
2482 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
2483 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
2484
2485 /* Check the import_vrf list of destination vrf for the source vrf name,
2486 * insert otherwise.
2487 */
2488 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf,
2489 node, tmp_name)) {
2490 if (strcmp(vname, tmp_name) == 0) {
2491 is_inst_match = true;
2492 break;
2493 }
2494 }
2495 if (!is_inst_match)
2496 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
2497 vname);
2498 else
2499 XFREE(MTYPE_TMP, vname);
2500
2501 /* Check if the source vrf already exports to any vrf,
2502 * first time export requires to setup auto derived RD/RT values.
2503 * Add the destination vrf name to export vrf list if it is
2504 * not present.
2505 */
2506 is_inst_match = false;
2507 vname = XSTRDUP(MTYPE_TMP, export_name);
2508 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
2509 first_export = true;
2510 } else {
2511 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
2512 node, tmp_name)) {
2513 if (strcmp(vname, tmp_name) == 0) {
2514 is_inst_match = true;
2515 break;
2516 }
2517 }
2518 }
2519 if (!is_inst_match)
2520 listnode_add(from_bgp->vpn_policy[afi].export_vrf,
2521 vname);
2522 else
2523 XFREE(MTYPE_TMP, vname);
2524
2525 /* Update import RT for current VRF using export RT of the VRF we're
2526 * importing from. First though, make sure "import_vrf" has that
2527 * set.
2528 */
2529 if (first_export) {
2530 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
2531 &from_bgp->vrf_prd_auto);
2532 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
2533 SET_FLAG(from_bgp->vpn_policy[afi].flags,
2534 BGP_VPN_POLICY_TOVPN_RD_SET);
2535 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
2536 buf, sizeof(buf));
2537 from_bgp->vpn_policy[afi].rtlist[edir] =
2538 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
2539 SET_FLAG(from_bgp->af_flags[afi][safi],
2540 BGP_CONFIG_VRF_TO_VRF_EXPORT);
2541 from_bgp->vpn_policy[afi].tovpn_label =
2542 BGP_PREVENT_VRF_2_VRF_LEAK;
2543 }
2544 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2545 if (to_bgp->vpn_policy[afi].rtlist[idir])
2546 to_bgp->vpn_policy[afi].rtlist[idir] =
2547 ecommunity_merge(to_bgp->vpn_policy[afi]
2548 .rtlist[idir], ecom);
2549 else
2550 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
2551 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
2552
2553 if (debug) {
2554 const char *from_name;
2555 char *ecom1, *ecom2;
2556
2557 from_name = from_bgp->name ? from_bgp->name :
2558 VRF_DEFAULT_NAME;
2559
2560 ecom1 = ecommunity_ecom2str(
2561 to_bgp->vpn_policy[afi].rtlist[idir],
2562 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
2563
2564 ecom2 = ecommunity_ecom2str(
2565 to_bgp->vpn_policy[afi].rtlist[edir],
2566 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
2567
2568 zlog_debug(
2569 "%s from %s to %s first_export %u import-rt %s export-rt %s",
2570 __func__, from_name, export_name, first_export, ecom1,
2571 ecom2);
2572
2573 ecommunity_strfree(&ecom1);
2574 ecommunity_strfree(&ecom2);
2575 }
2576
2577 /* Does "import_vrf" first need to export its routes or that
2578 * is already done and we just need to import those routes
2579 * from the global table?
2580 */
2581 if (first_export)
2582 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
2583 else
2584 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
2585 }
2586
2587 void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
2588 afi_t afi, safi_t safi)
2589 {
2590 const char *export_name, *tmp_name;
2591 enum vpn_policy_direction idir, edir;
2592 char *vname;
2593 struct ecommunity *ecom = NULL;
2594 struct listnode *node;
2595 int debug;
2596
2597 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
2598 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
2599 idir = BGP_VPN_POLICY_DIR_FROMVPN;
2600 edir = BGP_VPN_POLICY_DIR_TOVPN;
2601
2602 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
2603 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
2604
2605 /* Were we importing from "import_vrf"? */
2606 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
2607 vname)) {
2608 if (strcmp(vname, tmp_name) == 0)
2609 break;
2610 }
2611
2612 /*
2613 * We do not check in the cli if the passed in bgp
2614 * instance is actually imported into us before
2615 * we call this function. As such if we do not
2616 * find this in the import_vrf list than
2617 * we just need to return safely.
2618 */
2619 if (!vname)
2620 return;
2621
2622 if (debug)
2623 zlog_debug("%s from %s to %s", __func__, tmp_name, export_name);
2624
2625 /* Remove "import_vrf" from our import list. */
2626 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
2627 XFREE(MTYPE_TMP, vname);
2628
2629 /* Remove routes imported from "import_vrf". */
2630 /* TODO: In the current logic, we have to first remove all
2631 * imported routes and then (if needed) import back routes
2632 */
2633 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
2634
2635 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
2636 if (!to_bgp->vpn_policy[afi].rmap[idir])
2637 UNSET_FLAG(to_bgp->af_flags[afi][safi],
2638 BGP_CONFIG_VRF_TO_VRF_IMPORT);
2639 if (to_bgp->vpn_policy[afi].rtlist[idir])
2640 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
2641 } else {
2642 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
2643 if (ecom)
2644 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
2645 (struct ecommunity_val *)ecom->val);
2646 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
2647 }
2648
2649 /*
2650 * What?
2651 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
2652 * below is checking for NULL that export_vrf can be
2653 * NULL, consequently it is complaining( like a cabbage )
2654 * that we could dereference and crash in the listcount(..)
2655 * check below.
2656 * So make it happy, under protest, with liberty and justice
2657 * for all.
2658 */
2659 assert(from_bgp->vpn_policy[afi].export_vrf);
2660
2661 /* Remove us from "import_vrf's" export list. If no other VRF
2662 * is importing from "import_vrf", cleanup appropriately.
2663 */
2664 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
2665 node, vname)) {
2666 if (strcmp(vname, export_name) == 0)
2667 break;
2668 }
2669
2670 /*
2671 * If we have gotten to this point then the vname must
2672 * exist. If not, we are in a world of trouble and
2673 * have slag sitting around.
2674 *
2675 * import_vrf and export_vrf must match in having
2676 * the in/out names as appropriate.
2677 * export_vrf list could have been cleaned up
2678 * as part of no router bgp source instnace.
2679 */
2680 if (!vname)
2681 return;
2682
2683 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
2684 XFREE(MTYPE_TMP, vname);
2685
2686 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
2687 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
2688 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
2689 UNSET_FLAG(from_bgp->af_flags[afi][safi],
2690 BGP_CONFIG_VRF_TO_VRF_EXPORT);
2691 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
2692 sizeof(struct prefix_rd));
2693 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
2694 BGP_VPN_POLICY_TOVPN_RD_SET);
2695 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
2696
2697 }
2698 }
2699
2700 /* For testing purpose, static route of MPLS-VPN. */
2701 DEFUN (vpnv4_network,
2702 vpnv4_network_cmd,
2703 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2704 "Specify a network to announce via BGP\n"
2705 "IPv4 prefix\n"
2706 "Specify Route Distinguisher\n"
2707 "VPN Route Distinguisher\n"
2708 "VPN NLRI label (tag)\n"
2709 "VPN NLRI label (tag)\n"
2710 "Label value\n")
2711 {
2712 int idx_ipv4_prefixlen = 1;
2713 int idx_ext_community = 3;
2714 int idx_label = 5;
2715 return bgp_static_set_safi(
2716 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
2717 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
2718 NULL, NULL, NULL, NULL);
2719 }
2720
2721 DEFUN (vpnv4_network_route_map,
2722 vpnv4_network_route_map_cmd,
2723 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map RMAP_NAME",
2724 "Specify a network to announce via BGP\n"
2725 "IPv4 prefix\n"
2726 "Specify Route Distinguisher\n"
2727 "VPN Route Distinguisher\n"
2728 "VPN NLRI label (tag)\n"
2729 "VPN NLRI label (tag)\n"
2730 "Label value\n"
2731 "route map\n"
2732 "route map name\n")
2733 {
2734 int idx_ipv4_prefixlen = 1;
2735 int idx_ext_community = 3;
2736 int idx_label = 5;
2737 int idx_word_2 = 7;
2738 return bgp_static_set_safi(
2739 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
2740 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2741 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
2742 }
2743
2744 /* For testing purpose, static route of MPLS-VPN. */
2745 DEFUN (no_vpnv4_network,
2746 no_vpnv4_network_cmd,
2747 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2748 NO_STR
2749 "Specify a network to announce via BGP\n"
2750 "IPv4 prefix\n"
2751 "Specify Route Distinguisher\n"
2752 "VPN Route Distinguisher\n"
2753 "VPN NLRI label (tag)\n"
2754 "VPN NLRI label (tag)\n"
2755 "Label value\n")
2756 {
2757 int idx_ipv4_prefixlen = 2;
2758 int idx_ext_community = 4;
2759 int idx_label = 6;
2760 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
2761 argv[idx_ipv4_prefixlen]->arg,
2762 argv[idx_ext_community]->arg,
2763 argv[idx_label]->arg, 0, NULL, NULL, NULL);
2764 }
2765
2766 DEFUN (vpnv6_network,
2767 vpnv6_network_cmd,
2768 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map RMAP_NAME]",
2769 "Specify a network to announce via BGP\n"
2770 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2771 "Specify Route Distinguisher\n"
2772 "VPN Route Distinguisher\n"
2773 "VPN NLRI label (tag)\n"
2774 "VPN NLRI label (tag)\n"
2775 "Label value\n"
2776 "route map\n"
2777 "route map name\n")
2778 {
2779 int idx_ipv6_prefix = 1;
2780 int idx_ext_community = 3;
2781 int idx_label = 5;
2782 int idx_word_2 = 7;
2783 if (argc == 8)
2784 return bgp_static_set_safi(
2785 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
2786 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2787 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
2788 else
2789 return bgp_static_set_safi(
2790 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
2791 argv[idx_ext_community]->arg, argv[idx_label]->arg,
2792 NULL, 0, NULL, NULL, NULL, NULL);
2793 }
2794
2795 /* For testing purpose, static route of MPLS-VPN. */
2796 DEFUN (no_vpnv6_network,
2797 no_vpnv6_network_cmd,
2798 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
2799 NO_STR
2800 "Specify a network to announce via BGP\n"
2801 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
2802 "Specify Route Distinguisher\n"
2803 "VPN Route Distinguisher\n"
2804 "VPN NLRI label (tag)\n"
2805 "VPN NLRI label (tag)\n"
2806 "Label value\n")
2807 {
2808 int idx_ipv6_prefix = 2;
2809 int idx_ext_community = 4;
2810 int idx_label = 6;
2811 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
2812 argv[idx_ipv6_prefix]->arg,
2813 argv[idx_ext_community]->arg,
2814 argv[idx_label]->arg, 0, NULL, NULL, NULL);
2815 }
2816
2817 int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
2818 enum bgp_show_type type, void *output_arg, int tags,
2819 bool use_json)
2820 {
2821 struct bgp *bgp;
2822 struct bgp_table *table;
2823
2824 bgp = bgp_get_default();
2825 if (bgp == NULL) {
2826 if (!use_json)
2827 vty_out(vty, "No BGP process is configured\n");
2828 else
2829 vty_out(vty, "{}\n");
2830 return CMD_WARNING;
2831 }
2832 table = bgp->rib[afi][SAFI_MPLS_VPN];
2833 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
2834 output_arg, use_json);
2835 }
2836
2837 DEFUN (show_bgp_ip_vpn_all_rd,
2838 show_bgp_ip_vpn_all_rd_cmd,
2839 "show bgp "BGP_AFI_CMD_STR" vpn all [rd <ASN:NN_OR_IP-ADDRESS:NN|all>] [json]",
2840 SHOW_STR
2841 BGP_STR
2842 BGP_VPNVX_HELP_STR
2843 "Display VPN NLRI specific information\n"
2844 "Display VPN NLRI specific information\n"
2845 "Display information for a route distinguisher\n"
2846 "VPN Route Distinguisher\n"
2847 "All VPN Route Distinguishers\n"
2848 JSON_STR)
2849 {
2850 int ret;
2851 struct prefix_rd prd;
2852 afi_t afi;
2853 int idx = 0;
2854
2855 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
2856 /* Constrain search if user supplies RD && RD != "all" */
2857 if (argv_find(argv, argc, "rd", &idx)
2858 && strcmp(argv[idx + 1]->arg, "all")) {
2859 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
2860 if (!ret) {
2861 vty_out(vty,
2862 "%% Malformed Route Distinguisher\n");
2863 return CMD_WARNING;
2864 }
2865 return bgp_show_mpls_vpn(vty, afi, &prd,
2866 bgp_show_type_normal, NULL, 0,
2867 use_json(argc, argv));
2868 } else {
2869 return bgp_show_mpls_vpn(vty, afi, NULL,
2870 bgp_show_type_normal, NULL, 0,
2871 use_json(argc, argv));
2872 }
2873 }
2874 return CMD_SUCCESS;
2875 }
2876
2877 ALIAS(show_bgp_ip_vpn_all_rd,
2878 show_bgp_ip_vpn_rd_cmd,
2879 "show bgp "BGP_AFI_CMD_STR" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all> [json]",
2880 SHOW_STR
2881 BGP_STR
2882 BGP_VPNVX_HELP_STR
2883 "Display VPN NLRI specific information\n"
2884 "Display information for a route distinguisher\n"
2885 "VPN Route Distinguisher\n"
2886 "All VPN Route Distinguishers\n"
2887 JSON_STR)
2888
2889 #ifdef KEEP_OLD_VPN_COMMANDS
2890 DEFUN (show_ip_bgp_vpn_rd,
2891 show_ip_bgp_vpn_rd_cmd,
2892 "show ip bgp "BGP_AFI_CMD_STR" vpn rd <ASN:NN_OR_IP-ADDRESS:NN|all>",
2893 SHOW_STR
2894 IP_STR
2895 BGP_STR
2896 BGP_AFI_HELP_STR
2897 BGP_AF_MODIFIER_STR
2898 "Display information for a route distinguisher\n"
2899 "VPN Route Distinguisher\n"
2900 "All VPN Route Distinguishers\n")
2901 {
2902 int idx_ext_community = argc - 1;
2903 int ret;
2904 struct prefix_rd prd;
2905 afi_t afi;
2906 int idx = 0;
2907
2908 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2909 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2910 return bgp_show_mpls_vpn(vty, afi, NULL,
2911 bgp_show_type_normal, NULL, 0,
2912 0);
2913 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2914 if (!ret) {
2915 vty_out(vty, "%% Malformed Route Distinguisher\n");
2916 return CMD_WARNING;
2917 }
2918 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2919 NULL, 0, 0);
2920 }
2921 return CMD_SUCCESS;
2922 }
2923
2924 DEFUN (show_ip_bgp_vpn_all,
2925 show_ip_bgp_vpn_all_cmd,
2926 "show [ip] bgp <vpnv4|vpnv6>",
2927 SHOW_STR
2928 IP_STR
2929 BGP_STR
2930 BGP_VPNVX_HELP_STR)
2931 {
2932 afi_t afi;
2933 int idx = 0;
2934
2935 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2936 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2937 NULL, 0, 0);
2938 return CMD_SUCCESS;
2939 }
2940
2941 DEFUN (show_ip_bgp_vpn_all_tags,
2942 show_ip_bgp_vpn_all_tags_cmd,
2943 "show [ip] bgp <vpnv4|vpnv6> all tags",
2944 SHOW_STR
2945 IP_STR
2946 BGP_STR
2947 BGP_VPNVX_HELP_STR
2948 "Display information about all VPNv4/VPNV6 NLRIs\n"
2949 "Display BGP tags for prefixes\n")
2950 {
2951 afi_t afi;
2952 int idx = 0;
2953
2954 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2955 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2956 NULL, 1, 0);
2957 return CMD_SUCCESS;
2958 }
2959
2960 DEFUN (show_ip_bgp_vpn_rd_tags,
2961 show_ip_bgp_vpn_rd_tags_cmd,
2962 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> tags",
2963 SHOW_STR
2964 IP_STR
2965 BGP_STR
2966 BGP_VPNVX_HELP_STR
2967 "Display information for a route distinguisher\n"
2968 "VPN Route Distinguisher\n"
2969 "All VPN Route Distinguishers\n"
2970 "Display BGP tags for prefixes\n")
2971 {
2972 int idx_ext_community = 5;
2973 int ret;
2974 struct prefix_rd prd;
2975 afi_t afi;
2976 int idx = 0;
2977
2978 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2979 if (!strcmp(argv[idx_ext_community]->arg, "all"))
2980 return bgp_show_mpls_vpn(vty, afi, NULL,
2981 bgp_show_type_normal, NULL, 1,
2982 0);
2983 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2984 if (!ret) {
2985 vty_out(vty, "%% Malformed Route Distinguisher\n");
2986 return CMD_WARNING;
2987 }
2988 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2989 NULL, 1, 0);
2990 }
2991 return CMD_SUCCESS;
2992 }
2993
2994 DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
2995 show_ip_bgp_vpn_all_neighbor_routes_cmd,
2996 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
2997 SHOW_STR
2998 IP_STR
2999 BGP_STR
3000 BGP_VPNVX_HELP_STR
3001 "Display information about all VPNv4/VPNv6 NLRIs\n"
3002 "Detailed information on TCP and BGP neighbor connections\n"
3003 "Neighbor to display information about\n"
3004 "Display routes learned from neighbor\n"
3005 JSON_STR)
3006 {
3007 int idx_ipv4 = 6;
3008 union sockunion su;
3009 struct peer *peer;
3010 int ret;
3011 bool uj = use_json(argc, argv);
3012 afi_t afi;
3013 int idx = 0;
3014
3015 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3016 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
3017 if (ret < 0) {
3018 if (uj) {
3019 json_object *json_no = NULL;
3020 json_no = json_object_new_object();
3021 json_object_string_add(json_no, "warning",
3022 "Malformed address");
3023 vty_out(vty, "%s\n",
3024 json_object_to_json_string(json_no));
3025 json_object_free(json_no);
3026 } else
3027 vty_out(vty, "Malformed address: %s\n",
3028 argv[idx_ipv4]->arg);
3029 return CMD_WARNING;
3030 }
3031
3032 peer = peer_lookup(NULL, &su);
3033 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
3034 if (uj) {
3035 json_object *json_no = NULL;
3036 json_no = json_object_new_object();
3037 json_object_string_add(
3038 json_no, "warning",
3039 "No such neighbor or address family");
3040 vty_out(vty, "%s\n",
3041 json_object_to_json_string(json_no));
3042 json_object_free(json_no);
3043 } else
3044 vty_out(vty,
3045 "%% No such neighbor or address family\n");
3046 return CMD_WARNING;
3047 }
3048
3049 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
3050 &su, 0, uj);
3051 }
3052 return CMD_SUCCESS;
3053 }
3054
3055 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
3056 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
3057 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D routes [json]",
3058 SHOW_STR
3059 IP_STR
3060 BGP_STR
3061 BGP_VPNVX_HELP_STR
3062 "Display information for a route distinguisher\n"
3063 "VPN Route Distinguisher\n"
3064 "All VPN Route Distinguishers\n"
3065 "Detailed information on TCP and BGP neighbor connections\n"
3066 "Neighbor to display information about\n"
3067 "Display routes learned from neighbor\n"
3068 JSON_STR)
3069 {
3070 int idx_ext_community = 5;
3071 int idx_ipv4 = 7;
3072 int ret;
3073 union sockunion su;
3074 struct peer *peer;
3075 struct prefix_rd prd;
3076 bool prefix_rd_all = false;
3077 bool uj = use_json(argc, argv);
3078 afi_t afi;
3079 int idx = 0;
3080
3081 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3082 if (!strcmp(argv[idx_ext_community]->arg, "all"))
3083 prefix_rd_all = true;
3084 else {
3085 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
3086 if (!ret) {
3087 if (uj) {
3088 json_object *json_no = NULL;
3089 json_no = json_object_new_object();
3090 json_object_string_add(
3091 json_no, "warning",
3092 "Malformed Route Distinguisher");
3093 vty_out(vty, "%s\n",
3094 json_object_to_json_string(
3095 json_no));
3096 json_object_free(json_no);
3097 } else
3098 vty_out(vty,
3099 "%% Malformed Route Distinguisher\n");
3100 return CMD_WARNING;
3101 }
3102 }
3103
3104 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
3105 if (ret < 0) {
3106 if (uj) {
3107 json_object *json_no = NULL;
3108 json_no = json_object_new_object();
3109 json_object_string_add(json_no, "warning",
3110 "Malformed address");
3111 vty_out(vty, "%s\n",
3112 json_object_to_json_string(json_no));
3113 json_object_free(json_no);
3114 } else
3115 vty_out(vty, "Malformed address: %s\n",
3116 argv[idx_ext_community]->arg);
3117 return CMD_WARNING;
3118 }
3119
3120 peer = peer_lookup(NULL, &su);
3121 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
3122 if (uj) {
3123 json_object *json_no = NULL;
3124 json_no = json_object_new_object();
3125 json_object_string_add(
3126 json_no, "warning",
3127 "No such neighbor or address family");
3128 vty_out(vty, "%s\n",
3129 json_object_to_json_string(json_no));
3130 json_object_free(json_no);
3131 } else
3132 vty_out(vty,
3133 "%% No such neighbor or address family\n");
3134 return CMD_WARNING;
3135 }
3136
3137 if (prefix_rd_all)
3138 return bgp_show_mpls_vpn(vty, afi, NULL,
3139 bgp_show_type_neighbor, &su, 0,
3140 uj);
3141 else
3142 return bgp_show_mpls_vpn(vty, afi, &prd,
3143 bgp_show_type_neighbor, &su, 0,
3144 uj);
3145 }
3146 return CMD_SUCCESS;
3147 }
3148
3149 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
3150 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
3151 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
3152 SHOW_STR
3153 IP_STR
3154 BGP_STR
3155 BGP_VPNVX_HELP_STR
3156 "Display information about all VPNv4/VPNv6 NLRIs\n"
3157 "Detailed information on TCP and BGP neighbor connections\n"
3158 "Neighbor to display information about\n"
3159 "Display the routes advertised to a BGP neighbor\n"
3160 JSON_STR)
3161 {
3162 int idx_ipv4 = 6;
3163 int ret;
3164 struct peer *peer;
3165 union sockunion su;
3166 bool uj = use_json(argc, argv);
3167 afi_t afi;
3168 int idx = 0;
3169
3170 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3171 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
3172 if (ret < 0) {
3173 if (uj) {
3174 json_object *json_no = NULL;
3175 json_no = json_object_new_object();
3176 json_object_string_add(json_no, "warning",
3177 "Malformed address");
3178 vty_out(vty, "%s\n",
3179 json_object_to_json_string(json_no));
3180 json_object_free(json_no);
3181 } else
3182 vty_out(vty, "Malformed address: %s\n",
3183 argv[idx_ipv4]->arg);
3184 return CMD_WARNING;
3185 }
3186 peer = peer_lookup(NULL, &su);
3187 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
3188 if (uj) {
3189 json_object *json_no = NULL;
3190 json_no = json_object_new_object();
3191 json_object_string_add(
3192 json_no, "warning",
3193 "No such neighbor or address family");
3194 vty_out(vty, "%s\n",
3195 json_object_to_json_string(json_no));
3196 json_object_free(json_no);
3197 } else
3198 vty_out(vty,
3199 "%% No such neighbor or address family\n");
3200 return CMD_WARNING;
3201 }
3202 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
3203 SAFI_MPLS_VPN, uj);
3204 }
3205 return CMD_SUCCESS;
3206 }
3207
3208 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
3209 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
3210 "show [ip] bgp <vpnv4|vpnv6> rd <ASN:NN_OR_IP-ADDRESS:NN|all> neighbors A.B.C.D advertised-routes [json]",
3211 SHOW_STR
3212 IP_STR
3213 BGP_STR
3214 BGP_VPNVX_HELP_STR
3215 "Display information for a route distinguisher\n"
3216 "VPN Route Distinguisher\n"
3217 "All VPN Route Distinguishers\n"
3218 "Detailed information on TCP and BGP neighbor connections\n"
3219 "Neighbor to display information about\n"
3220 "Display the routes advertised to a BGP neighbor\n"
3221 JSON_STR)
3222 {
3223 int idx_ext_community = 5;
3224 int idx_ipv4 = 7;
3225 int ret;
3226 struct peer *peer;
3227 struct prefix_rd prd;
3228 union sockunion su;
3229 bool uj = use_json(argc, argv);
3230 afi_t afi;
3231 int idx = 0;
3232
3233 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
3234 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
3235 if (ret < 0) {
3236 if (uj) {
3237 json_object *json_no = NULL;
3238 json_no = json_object_new_object();
3239 json_object_string_add(json_no, "warning",
3240 "Malformed address");
3241 vty_out(vty, "%s\n",
3242 json_object_to_json_string(json_no));
3243 json_object_free(json_no);
3244 } else
3245 vty_out(vty, "Malformed address: %s\n",
3246 argv[idx_ext_community]->arg);
3247 return CMD_WARNING;
3248 }
3249 peer = peer_lookup(NULL, &su);
3250 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
3251 if (uj) {
3252 json_object *json_no = NULL;
3253 json_no = json_object_new_object();
3254 json_object_string_add(
3255 json_no, "warning",
3256 "No such neighbor or address family");
3257 vty_out(vty, "%s\n",
3258 json_object_to_json_string(json_no));
3259 json_object_free(json_no);
3260 } else
3261 vty_out(vty,
3262 "%% No such neighbor or address family\n");
3263 return CMD_WARNING;
3264 }
3265
3266 if (!strcmp(argv[idx_ext_community]->arg, "all"))
3267 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
3268 SAFI_MPLS_VPN, uj);
3269 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
3270 if (!ret) {
3271 if (uj) {
3272 json_object *json_no = NULL;
3273 json_no = json_object_new_object();
3274 json_object_string_add(
3275 json_no, "warning",
3276 "Malformed Route Distinguisher");
3277 vty_out(vty, "%s\n",
3278 json_object_to_json_string(json_no));
3279 json_object_free(json_no);
3280 } else
3281 vty_out(vty,
3282 "%% Malformed Route Distinguisher\n");
3283 return CMD_WARNING;
3284 }
3285
3286 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
3287 SAFI_MPLS_VPN, uj);
3288 }
3289 return CMD_SUCCESS;
3290 }
3291 #endif /* KEEP_OLD_VPN_COMMANDS */
3292
3293 void bgp_mplsvpn_init(void)
3294 {
3295 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
3296 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
3297 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
3298
3299 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
3300 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
3301
3302 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
3303 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
3304 #ifdef KEEP_OLD_VPN_COMMANDS
3305 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
3306 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
3307 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
3308 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
3309 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
3310 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
3311 install_element(VIEW_NODE,
3312 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
3313 install_element(VIEW_NODE,
3314 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
3315 #endif /* KEEP_OLD_VPN_COMMANDS */
3316 }
3317
3318 vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
3319 {
3320 struct listnode *mnode, *mnnode;
3321 struct bgp *bgp;
3322 afi_t afi = AFI_IP;
3323
3324 if (eckey->unit_size == IPV6_ECOMMUNITY_SIZE)
3325 afi = AFI_IP6;
3326
3327 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
3328 struct ecommunity *ec;
3329
3330 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3331 continue;
3332
3333 ec = bgp->vpn_policy[afi].import_redirect_rtlist;
3334
3335 if (ec && eckey->unit_size != ec->unit_size)
3336 continue;
3337
3338 if (ecommunity_include(ec, eckey))
3339 return bgp->vrf_id;
3340 }
3341 return VRF_UNKNOWN;
3342 }
3343
3344 /*
3345 * The purpose of this function is to process leaks that were deferred
3346 * from earlier per-vrf configuration due to not-yet-existing default
3347 * vrf, in other words, configuration such as:
3348 *
3349 * router bgp MMM vrf FOO
3350 * address-family ipv4 unicast
3351 * rd vpn export 1:1
3352 * exit-address-family
3353 *
3354 * router bgp NNN
3355 * ...
3356 *
3357 * This function gets called when the default instance ("router bgp NNN")
3358 * is created.
3359 */
3360 void vpn_leak_postchange_all(void)
3361 {
3362 struct listnode *next;
3363 struct bgp *bgp;
3364 struct bgp *bgp_default = bgp_get_default();
3365
3366 assert(bgp_default);
3367
3368 /* First, do any exporting from VRFs to the single VPN RIB */
3369 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
3370
3371 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3372 continue;
3373
3374 vpn_leak_postchange(
3375 BGP_VPN_POLICY_DIR_TOVPN,
3376 AFI_IP,
3377 bgp_default,
3378 bgp);
3379
3380 vpn_leak_postchange(
3381 BGP_VPN_POLICY_DIR_TOVPN,
3382 AFI_IP6,
3383 bgp_default,
3384 bgp);
3385 }
3386
3387 /* Now, do any importing to VRFs from the single VPN RIB */
3388 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
3389
3390 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3391 continue;
3392
3393 vpn_leak_postchange(
3394 BGP_VPN_POLICY_DIR_FROMVPN,
3395 AFI_IP,
3396 bgp_default,
3397 bgp);
3398
3399 vpn_leak_postchange(
3400 BGP_VPN_POLICY_DIR_FROMVPN,
3401 AFI_IP6,
3402 bgp_default,
3403 bgp);
3404 }
3405 }
3406
3407 /* When a bgp vrf instance is unconfigured, remove its routes
3408 * from the VPN table and this vrf could be importing routes from other
3409 * bgp vrf instnaces, unimport them.
3410 * VRF X and VRF Y are exporting routes to each other.
3411 * When VRF X is deleted, unimport its routes from all target vrfs,
3412 * also VRF Y should unimport its routes from VRF X table.
3413 * This will ensure VPN table is cleaned up appropriately.
3414 */
3415 void bgp_vpn_leak_unimport(struct bgp *from_bgp)
3416 {
3417 struct bgp *to_bgp;
3418 const char *tmp_name;
3419 char *vname;
3420 struct listnode *node, *next;
3421 safi_t safi = SAFI_UNICAST;
3422 afi_t afi;
3423 bool is_vrf_leak_bind;
3424 int debug;
3425
3426 if (from_bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
3427 return;
3428
3429 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
3430 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
3431
3432 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
3433
3434 for (afi = 0; afi < AFI_MAX; ++afi) {
3435 /* vrf leak is for IPv4 and IPv6 Unicast only */
3436 if (afi != AFI_IP && afi != AFI_IP6)
3437 continue;
3438
3439 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
3440 if (from_bgp == to_bgp)
3441 continue;
3442
3443 /* Unimport and remove source vrf from the
3444 * other vrfs import list.
3445 */
3446 struct vpn_policy *to_vpolicy;
3447
3448 is_vrf_leak_bind = false;
3449 to_vpolicy = &(to_bgp->vpn_policy[afi]);
3450 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf, node,
3451 vname)) {
3452 if (strcmp(vname, tmp_name) == 0) {
3453 is_vrf_leak_bind = true;
3454 break;
3455 }
3456 }
3457 /* skip this bgp instance as there is no leak to this
3458 * vrf instance.
3459 */
3460 if (!is_vrf_leak_bind)
3461 continue;
3462
3463 if (debug)
3464 zlog_debug("%s: unimport routes from %s to_bgp %s afi %s import vrfs count %u",
3465 __func__, from_bgp->name_pretty,
3466 to_bgp->name_pretty, afi2str(afi),
3467 to_vpolicy->import_vrf->count);
3468
3469 vrf_unimport_from_vrf(to_bgp, from_bgp, afi, safi);
3470
3471 /* readd vrf name as unimport removes import vrf name
3472 * from the destination vrf's import list where the
3473 * `import vrf` configuration still exist.
3474 */
3475 vname = XSTRDUP(MTYPE_TMP, tmp_name);
3476 listnode_add(to_bgp->vpn_policy[afi].import_vrf,
3477 vname);
3478 SET_FLAG(to_bgp->af_flags[afi][safi],
3479 BGP_CONFIG_VRF_TO_VRF_IMPORT);
3480
3481 /* If to_bgp exports its routes to the bgp vrf
3482 * which is being deleted, un-import the
3483 * to_bgp routes from VPN.
3484 */
3485 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi]
3486 .export_vrf, node,
3487 vname)) {
3488 if (strcmp(vname, tmp_name) == 0) {
3489 vrf_unimport_from_vrf(from_bgp, to_bgp,
3490 afi, safi);
3491 break;
3492 }
3493 }
3494 }
3495 }
3496 return;
3497 }
3498
3499 /* When a router bgp is configured, there could be a bgp vrf
3500 * instance importing routes from this newly configured
3501 * bgp vrf instance. Export routes from configured
3502 * bgp vrf to VPN.
3503 * VRF Y has import from bgp vrf x,
3504 * when a bgp vrf x instance is created, export its routes
3505 * to VRF Y instance.
3506 */
3507 void bgp_vpn_leak_export(struct bgp *from_bgp)
3508 {
3509 afi_t afi;
3510 const char *export_name;
3511 char *vname;
3512 struct listnode *node, *next;
3513 struct ecommunity *ecom;
3514 enum vpn_policy_direction idir, edir;
3515 safi_t safi = SAFI_UNICAST;
3516 struct bgp *to_bgp;
3517 int debug;
3518
3519 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
3520 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
3521
3522 idir = BGP_VPN_POLICY_DIR_FROMVPN;
3523 edir = BGP_VPN_POLICY_DIR_TOVPN;
3524
3525 export_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
3526
3527 for (afi = 0; afi < AFI_MAX; ++afi) {
3528 /* vrf leak is for IPv4 and IPv6 Unicast only */
3529 if (afi != AFI_IP && afi != AFI_IP6)
3530 continue;
3531
3532 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, to_bgp)) {
3533 if (from_bgp == to_bgp)
3534 continue;
3535
3536 /* bgp instance has import list, check to see if newly
3537 * configured bgp instance is the list.
3538 */
3539 struct vpn_policy *to_vpolicy;
3540
3541 to_vpolicy = &(to_bgp->vpn_policy[afi]);
3542 for (ALL_LIST_ELEMENTS_RO(to_vpolicy->import_vrf,
3543 node, vname)) {
3544 if (strcmp(vname, export_name) != 0)
3545 continue;
3546
3547 if (debug)
3548 zlog_debug("%s: found from_bgp %s in to_bgp %s import list, import routes.",
3549 __func__,
3550 export_name, to_bgp->name_pretty);
3551
3552 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
3553 /* remove import rt, it will be readded
3554 * as part of import from vrf.
3555 */
3556 if (ecom)
3557 ecommunity_del_val(
3558 to_vpolicy->rtlist[idir],
3559 (struct ecommunity_val *)
3560 ecom->val);
3561 vrf_import_from_vrf(to_bgp, from_bgp,
3562 afi, safi);
3563 break;
3564
3565 }
3566 }
3567 }
3568 }
FRRouting mirror