]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #4159 from sworleys/WQ-ErrFunc-Fix
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
1 /* MPLS-VPN
2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "command.h"
24 #include "prefix.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "stream.h"
28 #include "queue.h"
29 #include "filter.h"
30 #include "mpls.h"
31 #include "json.h"
32 #include "zclient.h"
33
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_errors.h"
37 #include "bgpd/bgp_table.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_attr.h"
40 #include "bgpd/bgp_label.h"
41 #include "bgpd/bgp_mplsvpn.h"
42 #include "bgpd/bgp_packet.h"
43 #include "bgpd/bgp_vty.h"
44 #include "bgpd/bgp_vpn.h"
45 #include "bgpd/bgp_ecommunity.h"
46 #include "bgpd/bgp_zebra.h"
47 #include "bgpd/bgp_nexthop.h"
48 #include "bgpd/bgp_nht.h"
49 #include "bgpd/bgp_evpn.h"
50
51 #if ENABLE_BGP_VNC
52 #include "bgpd/rfapi/rfapi_backend.h"
53 #endif
54
55 /*
56 * Definitions and external declarations.
57 */
58 extern struct zclient *zclient;
59
60 extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
61 int *index, afi_t *afi)
62 {
63 int ret = 0;
64 if (argv_find(argv, argc, "vpnv4", index)) {
65 ret = 1;
66 if (afi)
67 *afi = AFI_IP;
68 } else if (argv_find(argv, argc, "vpnv6", index)) {
69 ret = 1;
70 if (afi)
71 *afi = AFI_IP6;
72 }
73 return ret;
74 }
75
76 uint32_t decode_label(mpls_label_t *label_pnt)
77 {
78 uint32_t l;
79 uint8_t *pnt = (uint8_t *)label_pnt;
80
81 l = ((uint32_t)*pnt++ << 12);
82 l |= (uint32_t)*pnt++ << 4;
83 l |= (uint32_t)((*pnt & 0xf0) >> 4);
84 return l;
85 }
86
87 void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
88 {
89 uint8_t *pnt = (uint8_t *)label_pnt;
90 if (pnt == NULL)
91 return;
92 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
93 *label_pnt = label;
94 return;
95 }
96 *pnt++ = (label >> 12) & 0xff;
97 *pnt++ = (label >> 4) & 0xff;
98 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
99 }
100
101 int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
102 struct bgp_nlri *packet)
103 {
104 uint8_t *pnt;
105 uint8_t *lim;
106 struct prefix p;
107 int psize = 0;
108 int prefixlen;
109 uint16_t type;
110 struct rd_as rd_as;
111 struct rd_ip rd_ip;
112 struct prefix_rd prd;
113 mpls_label_t label = {0};
114 afi_t afi;
115 safi_t safi;
116 int addpath_encoded;
117 uint32_t addpath_id;
118
119 /* Make prefix_rd */
120 prd.family = AF_UNSPEC;
121 prd.prefixlen = 64;
122
123 pnt = packet->nlri;
124 lim = pnt + packet->length;
125 afi = packet->afi;
126 safi = packet->safi;
127 addpath_id = 0;
128
129 addpath_encoded =
130 (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ADDPATH_AF_RX_ADV)
131 && CHECK_FLAG(peer->af_cap[afi][safi],
132 PEER_CAP_ADDPATH_AF_TX_RCV));
133
134 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
135 for (; pnt < lim; pnt += psize) {
136 /* Clear prefix structure. */
137 memset(&p, 0, sizeof(struct prefix));
138
139 if (addpath_encoded) {
140
141 /* When packet overflow occurs return immediately. */
142 if (pnt + BGP_ADDPATH_ID_LEN > lim)
143 return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
144
145 addpath_id = ntohl(*((uint32_t *)pnt));
146 pnt += BGP_ADDPATH_ID_LEN;
147 }
148
149 /* Fetch prefix length. */
150 prefixlen = *pnt++;
151 p.family = afi2family(packet->afi);
152 psize = PSIZE(prefixlen);
153
154 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
155 flog_err(
156 EC_BGP_UPDATE_RCV,
157 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
158 peer->host, prefixlen);
159 return BGP_NLRI_PARSE_ERROR_PREFIX_LENGTH;
160 }
161
162 /* sanity check against packet data */
163 if ((pnt + psize) > lim) {
164 flog_err(
165 EC_BGP_UPDATE_RCV,
166 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
167 peer->host, prefixlen, (uint)(lim - pnt));
168 return BGP_NLRI_PARSE_ERROR_PACKET_OVERFLOW;
169 }
170
171 /* sanity check against storage for the IP address portion */
172 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
173 flog_err(
174 EC_BGP_UPDATE_RCV,
175 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
176 peer->host,
177 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
178 sizeof(p.u));
179 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
180 }
181
182 /* Sanity check against max bitlen of the address family */
183 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
184 flog_err(
185 EC_BGP_UPDATE_RCV,
186 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
187 peer->host,
188 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
189 p.family, prefix_blen(&p));
190 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
191 }
192
193 /* Copy label to prefix. */
194 memcpy(&label, pnt, BGP_LABEL_BYTES);
195 bgp_set_valid_label(&label);
196
197 /* Copy routing distinguisher to rd. */
198 memcpy(&prd.val, pnt + BGP_LABEL_BYTES, 8);
199
200 /* Decode RD type. */
201 type = decode_rd_type(pnt + BGP_LABEL_BYTES);
202
203 switch (type) {
204 case RD_TYPE_AS:
205 decode_rd_as(pnt + 5, &rd_as);
206 break;
207
208 case RD_TYPE_AS4:
209 decode_rd_as4(pnt + 5, &rd_as);
210 break;
211
212 case RD_TYPE_IP:
213 decode_rd_ip(pnt + 5, &rd_ip);
214 break;
215
216 #if ENABLE_BGP_VNC
217 case RD_TYPE_VNC_ETH:
218 break;
219 #endif
220
221 default:
222 flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type);
223 break; /* just report */
224 }
225
226 p.prefixlen =
227 prefixlen
228 - VPN_PREFIXLEN_MIN_BYTES * 8; /* exclude label & RD */
229 memcpy(p.u.val, pnt + VPN_PREFIXLEN_MIN_BYTES,
230 psize - VPN_PREFIXLEN_MIN_BYTES);
231
232 if (attr) {
233 bgp_update(peer, &p, addpath_id, attr, packet->afi,
234 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
235 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
236 } else {
237 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
238 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
239 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
240 }
241 }
242 /* Packet length consistency check. */
243 if (pnt != lim) {
244 flog_err(
245 EC_BGP_UPDATE_RCV,
246 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
247 peer->host, lim - pnt);
248 return BGP_NLRI_PARSE_ERROR_PACKET_LENGTH;
249 }
250
251 return 0;
252 #undef VPN_PREFIXLEN_MIN_BYTES
253 }
254
255 /*
256 * This function informs zebra of the label this vrf sets on routes
257 * leaked to VPN. Zebra should install this label in the kernel with
258 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
259 *
260 * Sending this vrf-label association is qualified by a) whether vrf->vpn
261 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
262 * are set) and b) whether vpn-policy label is set.
263 *
264 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
265 * for this vrf, which zebra interprets to mean "delete this vrf-label
266 * association."
267 */
268 void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
269 {
270 mpls_label_t label = MPLS_LABEL_NONE;
271 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
272
273 if (bgp->vrf_id == VRF_UNKNOWN) {
274 if (debug) {
275 zlog_debug(
276 "%s: vrf %s: afi %s: vrf_id not set, "
277 "can't set zebra vrf label",
278 __func__, bgp->name_pretty, afi2str(afi));
279 }
280 return;
281 }
282
283 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
284 label = bgp->vpn_policy[afi].tovpn_label;
285 }
286
287 if (debug) {
288 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
289 __func__, bgp->name_pretty, afi2str(afi), label,
290 bgp->vrf_id);
291 }
292
293 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
294 label = MPLS_LABEL_NONE;
295 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
296 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
297 }
298
299 /*
300 * If zebra tells us vrf has become unconfigured, tell zebra not to
301 * use this label to forward to the vrf anymore
302 */
303 void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
304 {
305 mpls_label_t label = MPLS_LABEL_NONE;
306 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
307
308 if (bgp->vrf_id == VRF_UNKNOWN) {
309 if (debug) {
310 zlog_debug(
311 "%s: vrf_id not set, can't delete zebra vrf label",
312 __func__);
313 }
314 return;
315 }
316
317 if (debug) {
318 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
319 bgp->name_pretty, bgp->vrf_id);
320 }
321
322 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
323 label = MPLS_LABEL_NONE;
324
325 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
326 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
327 }
328
329 int vpn_leak_label_callback(
330 mpls_label_t label,
331 void *labelid,
332 bool allocated)
333 {
334 struct vpn_policy *vp = (struct vpn_policy *)labelid;
335 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
336
337 if (debug)
338 zlog_debug("%s: label=%u, allocated=%d",
339 __func__, label, allocated);
340
341 if (!allocated) {
342 /*
343 * previously-allocated label is now invalid
344 */
345 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
346 (vp->tovpn_label != MPLS_LABEL_NONE)) {
347
348 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
349 vp->afi, bgp_get_default(), vp->bgp);
350 vp->tovpn_label = MPLS_LABEL_NONE;
351 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
352 vp->afi, bgp_get_default(), vp->bgp);
353 }
354 return 0;
355 }
356
357 /*
358 * New label allocation
359 */
360 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
361
362 /*
363 * not currently configured for auto label, reject allocation
364 */
365 return -1;
366 }
367
368 if (vp->tovpn_label != MPLS_LABEL_NONE) {
369 if (label == vp->tovpn_label) {
370 /* already have same label, accept but do nothing */
371 return 0;
372 }
373 /* Shouldn't happen: different label allocation */
374 flog_err(EC_BGP_LABEL,
375 "%s: %s had label %u but got new assignment %u",
376 __func__, vp->bgp->name_pretty, vp->tovpn_label,
377 label);
378 /* use new one */
379 }
380
381 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
382 vp->afi, bgp_get_default(), vp->bgp);
383 vp->tovpn_label = label;
384 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
385 vp->afi, bgp_get_default(), vp->bgp);
386
387 return 0;
388 }
389
390 static int ecom_intersect(struct ecommunity *e1, struct ecommunity *e2)
391 {
392 int i;
393 int j;
394
395 if (!e1 || !e2)
396 return 0;
397
398 for (i = 0; i < e1->size; ++i) {
399 for (j = 0; j < e2->size; ++j) {
400 if (!memcmp(e1->val + (i * ECOMMUNITY_SIZE),
401 e2->val + (j * ECOMMUNITY_SIZE),
402 ECOMMUNITY_SIZE)) {
403
404 return 1;
405 }
406 }
407 }
408 return 0;
409 }
410
411 static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label,
412 uint32_t n)
413 {
414 uint32_t i;
415
416 if (!bpi->extra) {
417 if (!n)
418 return true;
419 else
420 return false;
421 }
422
423 if (n != bpi->extra->num_labels)
424 return false;
425
426 for (i = 0; i < n; ++i) {
427 if (label[i] != bpi->extra->label[i])
428 return false;
429 }
430 return true;
431 }
432
433 /*
434 * make encoded route labels match specified encoded label set
435 */
436 static void setlabels(struct bgp_path_info *bpi,
437 mpls_label_t *label, /* array of labels */
438 uint32_t num_labels)
439 {
440 if (num_labels)
441 assert(label);
442 assert(num_labels <= BGP_MAX_LABELS);
443
444 if (!num_labels) {
445 if (bpi->extra)
446 bpi->extra->num_labels = 0;
447 return;
448 }
449
450 struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi);
451 uint32_t i;
452
453 for (i = 0; i < num_labels; ++i) {
454 extra->label[i] = label[i];
455 if (!bgp_is_valid_label(&label[i])) {
456 bgp_set_valid_label(&extra->label[i]);
457 }
458 }
459 extra->num_labels = num_labels;
460 }
461
462 /*
463 * returns pointer to new bgp_path_info upon success
464 */
465 static struct bgp_path_info *
466 leak_update(struct bgp *bgp, /* destination bgp instance */
467 struct bgp_node *bn, struct attr *new_attr, /* already interned */
468 afi_t afi, safi_t safi, struct bgp_path_info *source_bpi,
469 mpls_label_t *label, uint32_t num_labels, void *parent,
470 struct bgp *bgp_orig, struct prefix *nexthop_orig,
471 int nexthop_self_flag, int debug)
472 {
473 struct prefix *p = &bn->p;
474 struct bgp_path_info *bpi;
475 struct bgp_path_info *bpi_ultimate;
476 struct bgp_path_info *new;
477 char buf_prefix[PREFIX_STRLEN];
478
479 if (debug) {
480 prefix2str(&bn->p, buf_prefix, sizeof(buf_prefix));
481 zlog_debug("%s: entry: leak-to=%s, p=%s, type=%d, sub_type=%d",
482 __func__, bgp->name_pretty, buf_prefix,
483 source_bpi->type, source_bpi->sub_type);
484 }
485
486 /*
487 * Routes that are redistributed into BGP from zebra do not get
488 * nexthop tracking. However, if those routes are subsequently
489 * imported to other RIBs within BGP, the leaked routes do not
490 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
491 * in order to determine if the route we are currently leaking
492 * should have nexthop tracking, we must find the ultimate
493 * parent so we can check its sub_type.
494 *
495 * As of now, source_bpi may at most be a second-generation route
496 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
497 * Using a loop here supports more complex intra-bgp import-export
498 * schemes that could be implemented in the future.
499 *
500 */
501 for (bpi_ultimate = source_bpi;
502 bpi_ultimate->extra && bpi_ultimate->extra->parent;
503 bpi_ultimate = bpi_ultimate->extra->parent)
504 ;
505
506 /*
507 * match parent
508 */
509 for (bpi = bgp_node_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
510 if (bpi->extra && bpi->extra->parent == parent)
511 break;
512 }
513
514 if (bpi) {
515 bool labelssame = labels_same(bpi, label, num_labels);
516
517 if (attrhash_cmp(bpi->attr, new_attr) && labelssame
518 && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
519
520 bgp_attr_unintern(&new_attr);
521 if (debug)
522 zlog_debug(
523 "%s: ->%s: %s: Found route, no change",
524 __func__, bgp->name_pretty,
525 buf_prefix);
526 return NULL;
527 }
528
529 /* attr is changed */
530 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED);
531
532 /* Rewrite BGP route information. */
533 if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED))
534 bgp_path_info_restore(bn, bpi);
535 else
536 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
537 bgp_attr_unintern(&bpi->attr);
538 bpi->attr = new_attr;
539 bpi->uptime = bgp_clock();
540
541 /*
542 * rewrite labels
543 */
544 if (!labelssame)
545 setlabels(bpi, label, num_labels);
546
547 if (nexthop_self_flag)
548 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF);
549
550 struct bgp *bgp_nexthop = bgp;
551 int nh_valid;
552
553 if (bpi->extra && bpi->extra->bgp_orig)
554 bgp_nexthop = bpi->extra->bgp_orig;
555
556 /*
557 * No nexthop tracking for redistributed routes or for
558 * EVPN-imported routes that get leaked.
559 */
560 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
561 is_pi_family_evpn(bpi_ultimate))
562 nh_valid = 1;
563 else
564 /*
565 * TBD do we need to do anything about the
566 * 'connected' parameter?
567 */
568 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop,
569 afi, bpi, NULL, 0);
570
571 if (debug)
572 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
573 __func__, (nh_valid ? "" : "not "),
574 bgp_nexthop->name_pretty);
575
576 if (nh_valid)
577 bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID);
578
579 /* Process change. */
580 bgp_aggregate_increment(bgp, p, bpi, afi, safi);
581 bgp_process(bgp, bn, afi, safi);
582 bgp_unlock_node(bn);
583
584 if (debug)
585 zlog_debug("%s: ->%s: %s Found route, changed attr",
586 __func__, bgp->name_pretty, buf_prefix);
587
588 return bpi;
589 }
590
591 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
592 bgp->peer_self, new_attr, bn);
593
594 if (nexthop_self_flag)
595 bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF);
596
597 bgp_path_info_extra_get(new);
598
599 if (num_labels)
600 setlabels(new, label, num_labels);
601
602 new->extra->parent = bgp_path_info_lock(parent);
603 bgp_lock_node((struct bgp_node *)((struct bgp_path_info *)parent)->net);
604 if (bgp_orig)
605 new->extra->bgp_orig = bgp_lock(bgp_orig);
606 if (nexthop_orig)
607 new->extra->nexthop_orig = *nexthop_orig;
608
609 /*
610 * nexthop tracking for unicast routes
611 */
612 struct bgp *bgp_nexthop = bgp;
613 int nh_valid;
614
615 if (new->extra->bgp_orig)
616 bgp_nexthop = new->extra->bgp_orig;
617
618 /*
619 * No nexthop tracking for redistributed routes because
620 * their originating protocols will do the tracking and
621 * withdraw those routes if the nexthops become unreachable
622 * This also holds good for EVPN-imported routes that get
623 * leaked.
624 */
625 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE ||
626 is_pi_family_evpn(bpi_ultimate))
627 nh_valid = 1;
628 else
629 /*
630 * TBD do we need to do anything about the
631 * 'connected' parameter?
632 */
633 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop,
634 afi, new, NULL, 0);
635
636 if (debug)
637 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
638 __func__, (nh_valid ? "" : "not "),
639 bgp_nexthop->name_pretty);
640 if (nh_valid)
641 bgp_path_info_set_flag(bn, new, BGP_PATH_VALID);
642
643 bgp_aggregate_increment(bgp, p, new, afi, safi);
644 bgp_path_info_add(bn, new);
645
646 bgp_unlock_node(bn);
647 bgp_process(bgp, bn, afi, safi);
648
649 if (debug)
650 zlog_debug("%s: ->%s: %s: Added new route", __func__,
651 bgp->name_pretty, buf_prefix);
652
653 return new;
654 }
655
656 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
657 void vpn_leak_from_vrf_update(struct bgp *bgp_vpn, /* to */
658 struct bgp *bgp_vrf, /* from */
659 struct bgp_path_info *path_vrf) /* route */
660 {
661 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
662 struct prefix *p = &path_vrf->net->p;
663 afi_t afi = family2afi(p->family);
664 struct attr static_attr = {0};
665 struct attr *new_attr = NULL;
666 safi_t safi = SAFI_MPLS_VPN;
667 mpls_label_t label_val;
668 mpls_label_t label;
669 struct bgp_node *bn;
670 const char *debugmsg;
671 int nexthop_self_flag = 0;
672
673 if (debug)
674 zlog_debug("%s: from vrf %s", __func__, bgp_vrf->name_pretty);
675
676 if (debug && path_vrf->attr->ecommunity) {
677 char *s = ecommunity_ecom2str(path_vrf->attr->ecommunity,
678 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
679
680 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__,
681 bgp_vrf->name, path_vrf->type, s);
682 XFREE(MTYPE_ECOMMUNITY_STR, s);
683 }
684
685 if (!bgp_vpn)
686 return;
687
688 if (!afi) {
689 if (debug)
690 zlog_debug("%s: can't get afi of prefix", __func__);
691 return;
692 }
693
694 /* Is this route exportable into the VPN table? */
695 if (!is_route_injectable_into_vpn(path_vrf))
696 return;
697
698 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
699 if (debug)
700 zlog_debug("%s: %s skipping: %s", __func__,
701 bgp_vrf->name, debugmsg);
702 return;
703 }
704
705 bgp_attr_dup(&static_attr, path_vrf->attr); /* shallow copy */
706
707 /*
708 * route map handling
709 */
710 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
711 struct bgp_path_info info;
712 route_map_result_t ret;
713
714 memset(&info, 0, sizeof(info));
715 info.peer = bgp_vpn->peer_self;
716 info.attr = &static_attr;
717 ret = route_map_apply(
718 bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN],
719 p, RMAP_BGP, &info);
720 if (RMAP_DENYMATCH == ret) {
721 bgp_attr_flush(&static_attr); /* free any added parts */
722 if (debug)
723 zlog_debug(
724 "%s: vrf %s route map \"%s\" says DENY, returning",
725 __func__, bgp_vrf->name_pretty,
726 bgp_vrf->vpn_policy[afi]
727 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
728 ->name);
729 return;
730 }
731 }
732
733 if (debug && static_attr.ecommunity) {
734 char *s = ecommunity_ecom2str(static_attr.ecommunity,
735 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
736
737 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
738 __func__, s);
739 XFREE(MTYPE_ECOMMUNITY_STR, s);
740 }
741
742 /*
743 * Add the vpn-policy rt-list
744 */
745 struct ecommunity *old_ecom;
746 struct ecommunity *new_ecom;
747
748 old_ecom = static_attr.ecommunity;
749 if (old_ecom) {
750 new_ecom = ecommunity_merge(
751 ecommunity_dup(old_ecom),
752 bgp_vrf->vpn_policy[afi]
753 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
754 if (!old_ecom->refcnt)
755 ecommunity_free(&old_ecom);
756 } else {
757 new_ecom = ecommunity_dup(
758 bgp_vrf->vpn_policy[afi]
759 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
760 }
761 static_attr.ecommunity = new_ecom;
762 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
763
764 if (debug && static_attr.ecommunity) {
765 char *s = ecommunity_ecom2str(static_attr.ecommunity,
766 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
767
768 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
769 __func__, s);
770 XFREE(MTYPE_ECOMMUNITY_STR, s);
771 }
772
773 /* Nexthop */
774 /* if policy nexthop not set, use 0 */
775 if (CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
776 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
777 struct prefix *nexthop =
778 &bgp_vrf->vpn_policy[afi].tovpn_nexthop;
779
780 switch (nexthop->family) {
781 case AF_INET:
782 /* prevent mp_nexthop_global_in <- self in bgp_route.c
783 */
784 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
785
786 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
787 static_attr.mp_nexthop_len = 4;
788 break;
789
790 case AF_INET6:
791 static_attr.mp_nexthop_global = nexthop->u.prefix6;
792 static_attr.mp_nexthop_len = 16;
793 break;
794
795 default:
796 assert(0);
797 }
798 } else {
799 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST],
800 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
801 if (afi == AFI_IP) {
802 /*
803 * For ipv4, copy to multiprotocol
804 * nexthop field
805 */
806 static_attr.mp_nexthop_global_in =
807 static_attr.nexthop;
808 static_attr.mp_nexthop_len = 4;
809 /*
810 * XXX Leave static_attr.nexthop
811 * intact for NHT
812 */
813 static_attr.flag &=
814 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
815 }
816 } else {
817 /* Update based on next-hop family to account for
818 * RFC 5549 (BGP unnumbered) scenario. Note that
819 * specific action is only needed for the case of
820 * IPv4 nexthops as the attr has been copied
821 * otherwise.
822 */
823 if (afi == AFI_IP
824 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
825 static_attr.mp_nexthop_global_in.s_addr =
826 static_attr.nexthop.s_addr;
827 static_attr.mp_nexthop_len = 4;
828 static_attr.flag |=
829 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
830 }
831 }
832 nexthop_self_flag = 1;
833 }
834
835 label_val = bgp_vrf->vpn_policy[afi].tovpn_label;
836 if (label_val == MPLS_LABEL_NONE) {
837 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
838 } else {
839 encode_label(label_val, &label);
840 }
841
842 /* Set originator ID to "me" */
843 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
844 static_attr.originator_id = bgp_vpn->router_id;
845
846
847 new_attr = bgp_attr_intern(
848 &static_attr); /* hashed refcounted everything */
849 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
850
851 if (debug && new_attr->ecommunity) {
852 char *s = ecommunity_ecom2str(new_attr->ecommunity,
853 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
854
855 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
856 XFREE(MTYPE_ECOMMUNITY_STR, s);
857 }
858
859 /* Now new_attr is an allocated interned attr */
860
861 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
862 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
863
864 struct bgp_path_info *new_info;
865
866 new_info = leak_update(bgp_vpn, bn, new_attr, afi, safi, path_vrf,
867 &label, 1, path_vrf, bgp_vrf, NULL,
868 nexthop_self_flag, debug);
869
870 /*
871 * Routes actually installed in the vpn RIB must also be
872 * offered to all vrfs (because now they originate from
873 * the vpn RIB).
874 *
875 * Acceptance into other vrfs depends on rt-lists.
876 * Originating vrf will not accept the looped back route
877 * because of loop checking.
878 */
879 if (new_info)
880 vpn_leak_to_vrf_update(bgp_vrf, new_info);
881 }
882
883 void vpn_leak_from_vrf_withdraw(struct bgp *bgp_vpn, /* to */
884 struct bgp *bgp_vrf, /* from */
885 struct bgp_path_info *path_vrf) /* route */
886 {
887 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
888 struct prefix *p = &path_vrf->net->p;
889 afi_t afi = family2afi(p->family);
890 safi_t safi = SAFI_MPLS_VPN;
891 struct bgp_path_info *bpi;
892 struct bgp_node *bn;
893 const char *debugmsg;
894 char buf_prefix[PREFIX_STRLEN];
895
896 if (debug) {
897 prefix2str(p, buf_prefix, sizeof(buf_prefix));
898 zlog_debug(
899 "%s: entry: leak-from=%s, p=%s, type=%d, sub_type=%d",
900 __func__, bgp_vrf->name_pretty, buf_prefix,
901 path_vrf->type, path_vrf->sub_type);
902 }
903
904 if (!bgp_vpn)
905 return;
906
907 if (!afi) {
908 if (debug)
909 zlog_debug("%s: can't get afi of prefix", __func__);
910 return;
911 }
912
913 /* Is this route exportable into the VPN table? */
914 if (!is_route_injectable_into_vpn(path_vrf))
915 return;
916
917 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
918 if (debug)
919 zlog_debug("%s: skipping: %s", __func__, debugmsg);
920 return;
921 }
922
923 if (debug)
924 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf);
925
926 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
927 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
928
929 if (!bn)
930 return;
931 /*
932 * vrf -> vpn
933 * match original bpi imported from
934 */
935 for (bpi = bgp_node_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
936 if (bpi->extra && bpi->extra->parent == path_vrf) {
937 break;
938 }
939 }
940
941 if (bpi) {
942 /* withdraw from looped vrfs as well */
943 vpn_leak_to_vrf_withdraw(bgp_vpn, bpi);
944
945 bgp_aggregate_decrement(bgp_vpn, p, bpi, afi, safi);
946 bgp_path_info_delete(bn, bpi);
947 bgp_process(bgp_vpn, bn, afi, safi);
948 }
949 bgp_unlock_node(bn);
950 }
951
952 void vpn_leak_from_vrf_withdraw_all(struct bgp *bgp_vpn, /* to */
953 struct bgp *bgp_vrf, /* from */
954 afi_t afi)
955 {
956 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
957 struct bgp_node *prn;
958 safi_t safi = SAFI_MPLS_VPN;
959
960 /*
961 * Walk vpn table, delete bpi with bgp_orig == bgp_vrf
962 */
963 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
964 prn = bgp_route_next(prn)) {
965
966 struct bgp_table *table;
967 struct bgp_node *bn;
968 struct bgp_path_info *bpi;
969
970 /* This is the per-RD table of prefixes */
971 table = bgp_node_get_bgp_table_info(prn);
972
973 if (!table)
974 continue;
975
976 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
977
978 char buf[PREFIX2STR_BUFFER];
979
980 bpi = bgp_node_get_bgp_path_info(bn);
981 if (debug && bpi) {
982 zlog_debug(
983 "%s: looking at prefix %s", __func__,
984 prefix2str(&bn->p, buf, sizeof(buf)));
985 }
986
987 for (; bpi; bpi = bpi->next) {
988 if (debug)
989 zlog_debug("%s: type %d, sub_type %d",
990 __func__, bpi->type,
991 bpi->sub_type);
992 if (bpi->sub_type != BGP_ROUTE_IMPORTED)
993 continue;
994 if (!bpi->extra)
995 continue;
996 if ((struct bgp *)bpi->extra->bgp_orig
997 == bgp_vrf) {
998 /* delete route */
999 if (debug)
1000 zlog_debug("%s: deleting it",
1001 __func__);
1002 bgp_aggregate_decrement(bgp_vpn, &bn->p,
1003 bpi, afi, safi);
1004 bgp_path_info_delete(bn, bpi);
1005 bgp_process(bgp_vpn, bn, afi, safi);
1006 }
1007 }
1008 }
1009 }
1010 }
1011
1012 void vpn_leak_from_vrf_update_all(struct bgp *bgp_vpn, /* to */
1013 struct bgp *bgp_vrf, /* from */
1014 afi_t afi)
1015 {
1016 struct bgp_node *bn;
1017 struct bgp_path_info *bpi;
1018 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1019
1020 if (debug)
1021 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
1022 bgp_vrf->name_pretty);
1023
1024 for (bn = bgp_table_top(bgp_vrf->rib[afi][SAFI_UNICAST]); bn;
1025 bn = bgp_route_next(bn)) {
1026
1027 if (debug)
1028 zlog_debug("%s: node=%p", __func__, bn);
1029
1030 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1031 bpi = bpi->next) {
1032 if (debug)
1033 zlog_debug(
1034 "%s: calling vpn_leak_from_vrf_update",
1035 __func__);
1036 vpn_leak_from_vrf_update(bgp_vpn, bgp_vrf, bpi);
1037 }
1038 }
1039 }
1040
1041 static void
1042 vpn_leak_to_vrf_update_onevrf(struct bgp *bgp_vrf, /* to */
1043 struct bgp *bgp_vpn, /* from */
1044 struct bgp_path_info *path_vpn) /* route */
1045 {
1046 struct prefix *p = &path_vpn->net->p;
1047 afi_t afi = family2afi(p->family);
1048
1049 struct attr static_attr = {0};
1050 struct attr *new_attr = NULL;
1051 struct bgp_node *bn;
1052 safi_t safi = SAFI_UNICAST;
1053 const char *debugmsg;
1054 struct prefix nexthop_orig;
1055 mpls_label_t *pLabels = NULL;
1056 uint32_t num_labels = 0;
1057 int nexthop_self_flag = 1;
1058 struct bgp_path_info *bpi_ultimate = NULL;
1059 int origin_local = 0;
1060 struct bgp *src_vrf;
1061
1062 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1063
1064 if (!vpn_leak_from_vpn_active(bgp_vrf, afi, &debugmsg)) {
1065 if (debug)
1066 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1067 return;
1068 }
1069
1070 /* Check for intersection of route targets */
1071 if (!ecom_intersect(
1072 bgp_vrf->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1073 path_vpn->attr->ecommunity)) {
1074
1075 return;
1076 }
1077
1078 if (debug) {
1079 char buf_prefix[PREFIX_STRLEN];
1080
1081 prefix2str(p, buf_prefix, sizeof(buf_prefix));
1082 zlog_debug("%s: updating %s to vrf %s", __func__,
1083 buf_prefix, bgp_vrf->name_pretty);
1084 }
1085
1086 bgp_attr_dup(&static_attr, path_vpn->attr); /* shallow copy */
1087
1088 /*
1089 * Nexthop: stash and clear
1090 *
1091 * Nexthop is valid in context of VPN core, but not in destination vrf.
1092 * Stash it for later label resolution by vrf ingress path and then
1093 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1094 */
1095 uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len);
1096
1097 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1098 nexthop_orig.family = nhfamily;
1099
1100 switch (nhfamily) {
1101 case AF_INET:
1102 /* save */
1103 nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in;
1104 nexthop_orig.prefixlen = 32;
1105
1106 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1107 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1108 static_attr.nexthop.s_addr =
1109 nexthop_orig.u.prefix4.s_addr;
1110
1111 static_attr.mp_nexthop_global_in =
1112 path_vpn->attr->mp_nexthop_global_in;
1113 static_attr.mp_nexthop_len =
1114 path_vpn->attr->mp_nexthop_len;
1115 }
1116 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1117 break;
1118 case AF_INET6:
1119 /* save */
1120 nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global;
1121 nexthop_orig.prefixlen = 128;
1122
1123 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1124 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1125 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
1126 }
1127 break;
1128 }
1129
1130 /*
1131 * route map handling
1132 */
1133 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
1134 struct bgp_path_info info;
1135 route_map_result_t ret;
1136
1137 memset(&info, 0, sizeof(info));
1138 info.peer = bgp_vrf->peer_self;
1139 info.attr = &static_attr;
1140 info.extra = path_vpn->extra; /* Used for source-vrf filter */
1141 ret = route_map_apply(bgp_vrf->vpn_policy[afi]
1142 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
1143 p, RMAP_BGP, &info);
1144 if (RMAP_DENYMATCH == ret) {
1145 bgp_attr_flush(&static_attr); /* free any added parts */
1146 if (debug)
1147 zlog_debug(
1148 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
1149 __func__, bgp_vrf->name_pretty,
1150 bgp_vrf->vpn_policy[afi]
1151 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
1152 ->name);
1153 return;
1154 }
1155 /*
1156 * if route-map changed nexthop, don't nexthop-self on output
1157 */
1158 if (!CHECK_FLAG(static_attr.rmap_change_flags,
1159 BATTR_RMAP_NEXTHOP_UNCHANGED))
1160 nexthop_self_flag = 0;
1161 }
1162
1163 new_attr = bgp_attr_intern(&static_attr);
1164 bgp_attr_flush(&static_attr);
1165
1166 bn = bgp_afi_node_get(bgp_vrf->rib[afi][safi], afi, safi, p, NULL);
1167
1168 /*
1169 * ensure labels are copied
1170 *
1171 * However, there is a special case: if the route originated in
1172 * another local VRF (as opposed to arriving via VPN), then the
1173 * nexthop is reached by hairpinning through this router (me)
1174 * using IP forwarding only (no LSP). Therefore, the route
1175 * imported to the VRF should not have labels attached. Note
1176 * that nexthop tracking is also involved: eliminating the
1177 * labels for these routes enables the non-labeled nexthops
1178 * from the originating VRF to be considered valid for this route.
1179 */
1180 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1181 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1182 /* work back to original route */
1183 for (bpi_ultimate = path_vpn;
1184 bpi_ultimate->extra && bpi_ultimate->extra->parent;
1185 bpi_ultimate = bpi_ultimate->extra->parent)
1186 ;
1187
1188 /*
1189 * if original route was unicast,
1190 * then it did not arrive over vpn
1191 */
1192 if (bpi_ultimate->net) {
1193 struct bgp_table *table;
1194
1195 table = bgp_node_table(bpi_ultimate->net);
1196 if (table && (table->safi == SAFI_UNICAST))
1197 origin_local = 1;
1198 }
1199
1200 /* copy labels */
1201 if (!origin_local && path_vpn->extra
1202 && path_vpn->extra->num_labels) {
1203 num_labels = path_vpn->extra->num_labels;
1204 if (num_labels > BGP_MAX_LABELS)
1205 num_labels = BGP_MAX_LABELS;
1206 pLabels = path_vpn->extra->label;
1207 }
1208 }
1209
1210 if (debug) {
1211 char buf_prefix[PREFIX_STRLEN];
1212 prefix2str(p, buf_prefix, sizeof(buf_prefix));
1213 zlog_debug("%s: pfx %s: num_labels %d", __func__, buf_prefix,
1214 num_labels);
1215 }
1216
1217 /*
1218 * For VRF-2-VRF route-leaking,
1219 * the source will be the originating VRF.
1220 */
1221 if (path_vpn->extra && path_vpn->extra->bgp_orig)
1222 src_vrf = path_vpn->extra->bgp_orig;
1223 else
1224 src_vrf = bgp_vpn;
1225
1226 leak_update(bgp_vrf, bn, new_attr, afi, safi, path_vpn, pLabels,
1227 num_labels, path_vpn, /* parent */
1228 src_vrf, &nexthop_orig, nexthop_self_flag, debug);
1229 }
1230
1231 void vpn_leak_to_vrf_update(struct bgp *bgp_vpn, /* from */
1232 struct bgp_path_info *path_vpn) /* route */
1233 {
1234 struct listnode *mnode, *mnnode;
1235 struct bgp *bgp;
1236
1237 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1238
1239 if (debug)
1240 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1241
1242 /* Loop over VRFs */
1243 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1244
1245 if (!path_vpn->extra
1246 || path_vpn->extra->bgp_orig != bgp) { /* no loop */
1247 vpn_leak_to_vrf_update_onevrf(bgp, bgp_vpn, path_vpn);
1248 }
1249 }
1250 }
1251
1252 void vpn_leak_to_vrf_withdraw(struct bgp *bgp_vpn, /* from */
1253 struct bgp_path_info *path_vpn) /* route */
1254 {
1255 struct prefix *p;
1256 afi_t afi;
1257 safi_t safi = SAFI_UNICAST;
1258 struct bgp *bgp;
1259 struct listnode *mnode, *mnnode;
1260 struct bgp_node *bn;
1261 struct bgp_path_info *bpi;
1262 const char *debugmsg;
1263 char buf_prefix[PREFIX_STRLEN];
1264
1265 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1266
1267 if (debug) {
1268 prefix2str(&path_vpn->net->p, buf_prefix, sizeof(buf_prefix));
1269 zlog_debug("%s: entry: p=%s, type=%d, sub_type=%d", __func__,
1270 buf_prefix, path_vpn->type, path_vpn->sub_type);
1271 }
1272
1273 if (debug)
1274 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1275
1276 if (!path_vpn->net) {
1277 #if ENABLE_BGP_VNC
1278 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
1279 if (path_vpn->type == ZEBRA_ROUTE_BGP
1280 && path_vpn->sub_type == BGP_ROUTE_RFP) {
1281
1282 return;
1283 }
1284 #endif
1285 if (debug)
1286 zlog_debug(
1287 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
1288 __func__);
1289 return;
1290 }
1291
1292 p = &path_vpn->net->p;
1293 afi = family2afi(p->family);
1294
1295 /* Loop over VRFs */
1296 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1297 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
1298 if (debug)
1299 zlog_debug("%s: skipping: %s", __func__,
1300 debugmsg);
1301 continue;
1302 }
1303
1304 /* Check for intersection of route targets */
1305 if (!ecom_intersect(bgp->vpn_policy[afi]
1306 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1307 path_vpn->attr->ecommunity)) {
1308
1309 continue;
1310 }
1311
1312 if (debug)
1313 zlog_debug("%s: withdrawing from vrf %s", __func__,
1314 bgp->name_pretty);
1315
1316 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
1317
1318 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1319 bpi = bpi->next) {
1320 if (bpi->extra
1321 && (struct bgp_path_info *)bpi->extra->parent
1322 == path_vpn) {
1323 break;
1324 }
1325 }
1326
1327 if (bpi) {
1328 if (debug)
1329 zlog_debug("%s: deleting bpi %p", __func__,
1330 bpi);
1331 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
1332 bgp_path_info_delete(bn, bpi);
1333 bgp_process(bgp, bn, afi, safi);
1334 }
1335 bgp_unlock_node(bn);
1336 }
1337 }
1338
1339 void vpn_leak_to_vrf_withdraw_all(struct bgp *bgp_vrf, /* to */
1340 afi_t afi)
1341 {
1342 struct bgp_node *bn;
1343 struct bgp_path_info *bpi;
1344 safi_t safi = SAFI_UNICAST;
1345 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1346
1347 if (debug)
1348 zlog_debug("%s: entry", __func__);
1349 /*
1350 * Walk vrf table, delete bpi with bgp_orig in a different vrf
1351 */
1352 for (bn = bgp_table_top(bgp_vrf->rib[afi][safi]); bn;
1353 bn = bgp_route_next(bn)) {
1354
1355 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1356 bpi = bpi->next) {
1357 if (bpi->extra
1358 && bpi->extra->bgp_orig != bgp_vrf
1359 && bpi->extra->parent
1360 && is_pi_family_vpn(bpi->extra->parent)) {
1361
1362 /* delete route */
1363 bgp_aggregate_decrement(bgp_vrf, &bn->p, bpi,
1364 afi, safi);
1365 bgp_path_info_delete(bn, bpi);
1366 bgp_process(bgp_vrf, bn, afi, safi);
1367 }
1368 }
1369 }
1370 }
1371
1372 void vpn_leak_to_vrf_update_all(struct bgp *bgp_vrf, /* to */
1373 struct bgp *bgp_vpn, /* from */
1374 afi_t afi)
1375 {
1376 struct prefix_rd prd;
1377 struct bgp_node *prn;
1378 safi_t safi = SAFI_MPLS_VPN;
1379
1380 assert(bgp_vpn);
1381
1382 /*
1383 * Walk vpn table
1384 */
1385 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
1386 prn = bgp_route_next(prn)) {
1387
1388 struct bgp_table *table;
1389 struct bgp_node *bn;
1390 struct bgp_path_info *bpi;
1391
1392 memset(&prd, 0, sizeof(prd));
1393 prd.family = AF_UNSPEC;
1394 prd.prefixlen = 64;
1395 memcpy(prd.val, prn->p.u.val, 8);
1396
1397 /* This is the per-RD table of prefixes */
1398 table = bgp_node_get_bgp_table_info(prn);
1399
1400 if (!table)
1401 continue;
1402
1403 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1404
1405 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1406 bpi = bpi->next) {
1407
1408 if (bpi->extra
1409 && bpi->extra->bgp_orig == bgp_vrf)
1410 continue;
1411
1412 vpn_leak_to_vrf_update_onevrf(bgp_vrf, bgp_vpn,
1413 bpi);
1414 }
1415 }
1416 }
1417 }
1418
1419 /*
1420 * This function is called for definition/deletion/change to a route-map
1421 */
1422 static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
1423 {
1424 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1425 afi_t afi;
1426 struct route_map *rmap;
1427
1428 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1429 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
1430
1431 return;
1432 }
1433
1434 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
1435
1436 for (afi = 0; afi < AFI_MAX; ++afi) {
1437
1438 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
1439 && !strcmp(rmap_name,
1440 bgp->vpn_policy[afi]
1441 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
1442
1443 if (debug)
1444 zlog_debug(
1445 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
1446 __func__, rmap_name, bgp->as,
1447 afi2str(afi));
1448
1449 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1450 bgp_get_default(), bgp);
1451 if (debug)
1452 zlog_debug("%s: after vpn_leak_prechange",
1453 __func__);
1454
1455 /* in case of definition/deletion */
1456 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
1457 rmap;
1458
1459 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1460 bgp_get_default(), bgp);
1461
1462 if (debug)
1463 zlog_debug("%s: after vpn_leak_postchange",
1464 __func__);
1465 }
1466
1467 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
1468 && !strcmp(rmap_name,
1469 bgp->vpn_policy[afi]
1470 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
1471
1472 if (debug) {
1473 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
1474 __func__, rmap_name, bgp->as,
1475 afi2str(afi));
1476 }
1477
1478 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1479 bgp_get_default(), bgp);
1480
1481 /* in case of definition/deletion */
1482 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
1483 rmap;
1484
1485 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1486 bgp_get_default(), bgp);
1487 }
1488 }
1489 }
1490
1491 /* This API is used during router-id change, reflect VPNs
1492 * auto RD and RT values and readvertise routes to VPN table.
1493 */
1494 void vpn_handle_router_id_update(struct bgp *bgp, bool withdraw)
1495 {
1496 afi_t afi;
1497 int debug;
1498 char *vname;
1499 const char *export_name;
1500 char buf[RD_ADDRSTRLEN];
1501 struct bgp *bgp_import;
1502 struct listnode *node;
1503 struct ecommunity *ecom;
1504 vpn_policy_direction_t idir, edir;
1505
1506 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1507 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
1508 return;
1509
1510 export_name = bgp->name ? bgp->name : VRF_DEFAULT_NAME;
1511 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1512 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1513
1514 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1515 edir = BGP_VPN_POLICY_DIR_TOVPN;
1516
1517 for (afi = 0; afi < AFI_MAX; ++afi) {
1518 if (!vpn_leak_to_vpn_active(bgp, afi, NULL))
1519 continue;
1520
1521 if (withdraw) {
1522 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
1523 afi, bgp_get_default(), bgp);
1524 if (debug)
1525 zlog_debug("%s: %s after to_vpn vpn_leak_prechange",
1526 __func__, export_name);
1527
1528 /* Remove import RT from VRFs */
1529 ecom = bgp->vpn_policy[afi].rtlist[edir];
1530 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1531 export_vrf, node, vname)) {
1532 bgp_import = bgp_lookup_by_name(vname);
1533 if (!bgp_import)
1534 continue;
1535
1536 ecommunity_del_val(bgp_import->vpn_policy[afi].
1537 rtlist[idir],
1538 (struct ecommunity_val *)ecom->val);
1539
1540 }
1541 } else {
1542 /* New router-id derive auto RD and RT and export
1543 * to VPN
1544 */
1545 form_auto_rd(bgp->router_id, bgp->vrf_rd_id,
1546 &bgp->vrf_prd_auto);
1547 bgp->vpn_policy[afi].tovpn_rd = bgp->vrf_prd_auto;
1548 prefix_rd2str(&bgp->vpn_policy[afi].tovpn_rd, buf,
1549 sizeof(buf));
1550 bgp->vpn_policy[afi].rtlist[edir] =
1551 ecommunity_str2com(buf,
1552 ECOMMUNITY_ROUTE_TARGET, 0);
1553
1554 /* Update import_vrf rt_list */
1555 ecom = bgp->vpn_policy[afi].rtlist[edir];
1556 for (ALL_LIST_ELEMENTS_RO(bgp->vpn_policy[afi].
1557 export_vrf, node, vname)) {
1558 bgp_import = bgp_lookup_by_name(vname);
1559 if (!bgp_import)
1560 continue;
1561 if (bgp_import->vpn_policy[afi].rtlist[idir])
1562 bgp_import->vpn_policy[afi].rtlist[idir]
1563 = ecommunity_merge(
1564 bgp_import->vpn_policy[afi]
1565 .rtlist[idir], ecom);
1566 else
1567 bgp_import->vpn_policy[afi].rtlist[idir]
1568 = ecommunity_dup(ecom);
1569
1570 }
1571 /* Update routes to VPN */
1572 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
1573 afi, bgp_get_default(),
1574 bgp);
1575 if (debug)
1576 zlog_debug("%s: %s after to_vpn vpn_leak_postchange",
1577 __func__, export_name);
1578 }
1579 }
1580 }
1581
1582 void vpn_policy_routemap_event(const char *rmap_name)
1583 {
1584 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1585 struct listnode *mnode, *mnnode;
1586 struct bgp *bgp;
1587
1588 if (debug)
1589 zlog_debug("%s: entry", __func__);
1590
1591 if (bm->bgp == NULL) /* may be called during cleanup */
1592 return;
1593
1594 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
1595 vpn_policy_routemap_update(bgp, rmap_name);
1596 }
1597
1598 void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
1599 afi_t afi, safi_t safi)
1600 {
1601 const char *export_name;
1602 vpn_policy_direction_t idir, edir;
1603 char *vname;
1604 char buf[1000];
1605 struct ecommunity *ecom;
1606 bool first_export = false;
1607 int debug;
1608
1609 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
1610 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1611 edir = BGP_VPN_POLICY_DIR_TOVPN;
1612
1613 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1614 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1615
1616 /*
1617 * Cross-ref both VRFs. Also, note if this is the first time
1618 * any VRF is importing from "import_vrf".
1619 */
1620 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
1621 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
1622
1623 listnode_add(to_bgp->vpn_policy[afi].import_vrf, vname);
1624
1625 if (!listcount(from_bgp->vpn_policy[afi].export_vrf))
1626 first_export = true;
1627 vname = XSTRDUP(MTYPE_TMP, export_name);
1628 listnode_add(from_bgp->vpn_policy[afi].export_vrf, vname);
1629
1630 /* Update import RT for current VRF using export RT of the VRF we're
1631 * importing from. First though, make sure "import_vrf" has that
1632 * set.
1633 */
1634 if (first_export) {
1635 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
1636 &from_bgp->vrf_prd_auto);
1637 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
1638 SET_FLAG(from_bgp->vpn_policy[afi].flags,
1639 BGP_VPN_POLICY_TOVPN_RD_SET);
1640 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
1641 buf, sizeof(buf));
1642 from_bgp->vpn_policy[afi].rtlist[edir] =
1643 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
1644 SET_FLAG(from_bgp->af_flags[afi][safi],
1645 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1646 from_bgp->vpn_policy[afi].tovpn_label =
1647 BGP_PREVENT_VRF_2_VRF_LEAK;
1648 }
1649 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1650 if (to_bgp->vpn_policy[afi].rtlist[idir])
1651 to_bgp->vpn_policy[afi].rtlist[idir] =
1652 ecommunity_merge(to_bgp->vpn_policy[afi]
1653 .rtlist[idir], ecom);
1654 else
1655 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
1656 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
1657
1658 if (debug) {
1659 const char *from_name;
1660
1661 from_name = from_bgp->name ? from_bgp->name :
1662 VRF_DEFAULT_NAME;
1663 zlog_debug("%s from %s to %s first_export %u import-rt %s export-rt %s",
1664 __func__, from_name, export_name, first_export,
1665 to_bgp->vpn_policy[afi].rtlist[idir] ?
1666 (ecommunity_ecom2str(to_bgp->vpn_policy[afi].
1667 rtlist[idir],
1668 ECOMMUNITY_FORMAT_ROUTE_MAP, 0)) : " ",
1669 to_bgp->vpn_policy[afi].rtlist[edir] ?
1670 (ecommunity_ecom2str(to_bgp->vpn_policy[afi].
1671 rtlist[edir],
1672 ECOMMUNITY_FORMAT_ROUTE_MAP, 0)) : " ");
1673 }
1674
1675 /* Does "import_vrf" first need to export its routes or that
1676 * is already done and we just need to import those routes
1677 * from the global table?
1678 */
1679 if (first_export)
1680 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
1681 else
1682 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
1683 }
1684
1685 void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
1686 afi_t afi, safi_t safi)
1687 {
1688 const char *export_name, *tmp_name;
1689 vpn_policy_direction_t idir, edir;
1690 char *vname;
1691 struct ecommunity *ecom;
1692 struct listnode *node;
1693 int debug;
1694
1695 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
1696 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
1697 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1698 edir = BGP_VPN_POLICY_DIR_TOVPN;
1699
1700 debug = (BGP_DEBUG(vpn, VPN_LEAK_TO_VRF) |
1701 BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF));
1702
1703 /* Were we importing from "import_vrf"? */
1704 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
1705 vname)) {
1706 if (strcmp(vname, tmp_name) == 0)
1707 break;
1708 }
1709
1710 /*
1711 * We do not check in the cli if the passed in bgp
1712 * instance is actually imported into us before
1713 * we call this function. As such if we do not
1714 * find this in the import_vrf list than
1715 * we just need to return safely.
1716 */
1717 if (!vname)
1718 return;
1719
1720 if (debug)
1721 zlog_debug("%s from %s to %s", __func__, tmp_name, export_name);
1722
1723 /* Remove "import_vrf" from our import list. */
1724 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
1725 XFREE(MTYPE_TMP, vname);
1726
1727 /* Remove routes imported from "import_vrf". */
1728 /* TODO: In the current logic, we have to first remove all
1729 * imported routes and then (if needed) import back routes
1730 */
1731 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
1732
1733 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
1734 UNSET_FLAG(to_bgp->af_flags[afi][safi],
1735 BGP_CONFIG_VRF_TO_VRF_IMPORT);
1736 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
1737 } else {
1738 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1739 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
1740 (struct ecommunity_val *)ecom->val);
1741 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
1742 }
1743
1744 /*
1745 * What?
1746 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
1747 * below is checking for NULL that export_vrf can be
1748 * NULL, consequently it is complaining( like a cabbage )
1749 * that we could dereference and crash in the listcount(..)
1750 * check below.
1751 * So make it happy, under protest, with liberty and justice
1752 * for all.
1753 */
1754 assert(from_bgp->vpn_policy[afi].export_vrf);
1755
1756 /* Remove us from "import_vrf's" export list. If no other VRF
1757 * is importing from "import_vrf", cleanup appropriately.
1758 */
1759 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
1760 node, vname)) {
1761 if (strcmp(vname, export_name) == 0)
1762 break;
1763 }
1764
1765 /*
1766 * If we have gotten to this point then the vname must
1767 * exist. If not, we are in a world of trouble and
1768 * have slag sitting around.
1769 *
1770 * import_vrf and export_vrf must match in having
1771 * the in/out names as appropriate.
1772 */
1773 assert(vname);
1774
1775 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
1776 XFREE(MTYPE_TMP, vname);
1777
1778 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
1779 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
1780 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
1781 UNSET_FLAG(from_bgp->af_flags[afi][safi],
1782 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1783 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
1784 sizeof(struct prefix_rd));
1785 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
1786 BGP_VPN_POLICY_TOVPN_RD_SET);
1787 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
1788
1789 }
1790 }
1791
1792 /* For testing purpose, static route of MPLS-VPN. */
1793 DEFUN (vpnv4_network,
1794 vpnv4_network_cmd,
1795 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1796 "Specify a network to announce via BGP\n"
1797 "IPv4 prefix\n"
1798 "Specify Route Distinguisher\n"
1799 "VPN Route Distinguisher\n"
1800 "VPN NLRI label (tag)\n"
1801 "VPN NLRI label (tag)\n"
1802 "Label value\n")
1803 {
1804 int idx_ipv4_prefixlen = 1;
1805 int idx_ext_community = 3;
1806 int idx_label = 5;
1807 return bgp_static_set_safi(
1808 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1809 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
1810 NULL, NULL, NULL, NULL);
1811 }
1812
1813 DEFUN (vpnv4_network_route_map,
1814 vpnv4_network_route_map_cmd,
1815 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map WORD",
1816 "Specify a network to announce via BGP\n"
1817 "IPv4 prefix\n"
1818 "Specify Route Distinguisher\n"
1819 "VPN Route Distinguisher\n"
1820 "VPN NLRI label (tag)\n"
1821 "VPN NLRI label (tag)\n"
1822 "Label value\n"
1823 "route map\n"
1824 "route map name\n")
1825 {
1826 int idx_ipv4_prefixlen = 1;
1827 int idx_ext_community = 3;
1828 int idx_label = 5;
1829 int idx_word_2 = 7;
1830 return bgp_static_set_safi(
1831 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1832 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1833 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1834 }
1835
1836 /* For testing purpose, static route of MPLS-VPN. */
1837 DEFUN (no_vpnv4_network,
1838 no_vpnv4_network_cmd,
1839 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1840 NO_STR
1841 "Specify a network to announce via BGP\n"
1842 "IPv4 prefix\n"
1843 "Specify Route Distinguisher\n"
1844 "VPN Route Distinguisher\n"
1845 "VPN NLRI label (tag)\n"
1846 "VPN NLRI label (tag)\n"
1847 "Label value\n")
1848 {
1849 int idx_ipv4_prefixlen = 2;
1850 int idx_ext_community = 4;
1851 int idx_label = 6;
1852 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
1853 argv[idx_ipv4_prefixlen]->arg,
1854 argv[idx_ext_community]->arg,
1855 argv[idx_label]->arg, 0, NULL, NULL, NULL);
1856 }
1857
1858 DEFUN (vpnv6_network,
1859 vpnv6_network_cmd,
1860 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map WORD]",
1861 "Specify a network to announce via BGP\n"
1862 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1863 "Specify Route Distinguisher\n"
1864 "VPN Route Distinguisher\n"
1865 "VPN NLRI label (tag)\n"
1866 "VPN NLRI label (tag)\n"
1867 "Label value\n"
1868 "route map\n"
1869 "route map name\n")
1870 {
1871 int idx_ipv6_prefix = 1;
1872 int idx_ext_community = 3;
1873 int idx_label = 5;
1874 int idx_word_2 = 7;
1875 if (argc == 8)
1876 return bgp_static_set_safi(
1877 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1878 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1879 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1880 else
1881 return bgp_static_set_safi(
1882 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1883 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1884 NULL, 0, NULL, NULL, NULL, NULL);
1885 }
1886
1887 /* For testing purpose, static route of MPLS-VPN. */
1888 DEFUN (no_vpnv6_network,
1889 no_vpnv6_network_cmd,
1890 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1891 NO_STR
1892 "Specify a network to announce via BGP\n"
1893 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1894 "Specify Route Distinguisher\n"
1895 "VPN Route Distinguisher\n"
1896 "VPN NLRI label (tag)\n"
1897 "VPN NLRI label (tag)\n"
1898 "Label value\n")
1899 {
1900 int idx_ipv6_prefix = 2;
1901 int idx_ext_community = 4;
1902 int idx_label = 6;
1903 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
1904 argv[idx_ipv6_prefix]->arg,
1905 argv[idx_ext_community]->arg,
1906 argv[idx_label]->arg, 0, NULL, NULL, NULL);
1907 }
1908
1909 int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
1910 enum bgp_show_type type, void *output_arg, int tags,
1911 bool use_json)
1912 {
1913 struct bgp *bgp;
1914 struct bgp_table *table;
1915
1916 bgp = bgp_get_default();
1917 if (bgp == NULL) {
1918 if (!use_json)
1919 vty_out(vty, "No BGP process is configured\n");
1920 else
1921 vty_out(vty, "{}\n");
1922 return CMD_WARNING;
1923 }
1924 table = bgp->rib[afi][SAFI_MPLS_VPN];
1925 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
1926 output_arg, use_json);
1927 }
1928
1929 DEFUN (show_bgp_ip_vpn_all_rd,
1930 show_bgp_ip_vpn_all_rd_cmd,
1931 "show bgp "BGP_AFI_CMD_STR" vpn all [rd ASN:NN_OR_IP-ADDRESS:NN] [json]",
1932 SHOW_STR
1933 BGP_STR
1934 BGP_VPNVX_HELP_STR
1935 "Display VPN NLRI specific information\n"
1936 "Display VPN NLRI specific information\n"
1937 "Display information for a route distinguisher\n"
1938 "VPN Route Distinguisher\n"
1939 JSON_STR)
1940 {
1941 int ret;
1942 struct prefix_rd prd;
1943 afi_t afi;
1944 int idx = 0;
1945
1946 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
1947 if (argv_find(argv, argc, "rd", &idx)) {
1948 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
1949 if (!ret) {
1950 vty_out(vty,
1951 "%% Malformed Route Distinguisher\n");
1952 return CMD_WARNING;
1953 }
1954 return bgp_show_mpls_vpn(vty, afi, &prd,
1955 bgp_show_type_normal, NULL, 0,
1956 use_json(argc, argv));
1957 } else {
1958 return bgp_show_mpls_vpn(vty, afi, NULL,
1959 bgp_show_type_normal, NULL, 0,
1960 use_json(argc, argv));
1961 }
1962 }
1963 return CMD_SUCCESS;
1964 }
1965
1966 ALIAS(show_bgp_ip_vpn_all_rd,
1967 show_bgp_ip_vpn_rd_cmd,
1968 "show bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN [json]",
1969 SHOW_STR
1970 BGP_STR
1971 BGP_VPNVX_HELP_STR
1972 "Display VPN NLRI specific information\n"
1973 "Display information for a route distinguisher\n"
1974 "VPN Route Distinguisher\n"
1975 JSON_STR)
1976
1977 #ifdef KEEP_OLD_VPN_COMMANDS
1978 DEFUN (show_ip_bgp_vpn_rd,
1979 show_ip_bgp_vpn_rd_cmd,
1980 "show ip bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN",
1981 SHOW_STR
1982 IP_STR
1983 BGP_STR
1984 BGP_AFI_HELP_STR
1985 "Address Family modifier\n"
1986 "Display information for a route distinguisher\n"
1987 "VPN Route Distinguisher\n")
1988 {
1989 int idx_ext_community = argc - 1;
1990 int ret;
1991 struct prefix_rd prd;
1992 afi_t afi;
1993 int idx = 0;
1994
1995 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
1996 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
1997 if (!ret) {
1998 vty_out(vty, "%% Malformed Route Distinguisher\n");
1999 return CMD_WARNING;
2000 }
2001 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2002 NULL, 0, 0);
2003 }
2004 return CMD_SUCCESS;
2005 }
2006
2007 DEFUN (show_ip_bgp_vpn_all,
2008 show_ip_bgp_vpn_all_cmd,
2009 "show [ip] bgp <vpnv4|vpnv6>",
2010 SHOW_STR
2011 IP_STR
2012 BGP_STR
2013 BGP_VPNVX_HELP_STR)
2014 {
2015 afi_t afi;
2016 int idx = 0;
2017
2018 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2019 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2020 NULL, 0, 0);
2021 return CMD_SUCCESS;
2022 }
2023
2024 DEFUN (show_ip_bgp_vpn_all_tags,
2025 show_ip_bgp_vpn_all_tags_cmd,
2026 "show [ip] bgp <vpnv4|vpnv6> all tags",
2027 SHOW_STR
2028 IP_STR
2029 BGP_STR
2030 BGP_VPNVX_HELP_STR
2031 "Display information about all VPNv4/VPNV6 NLRIs\n"
2032 "Display BGP tags for prefixes\n")
2033 {
2034 afi_t afi;
2035 int idx = 0;
2036
2037 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
2038 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
2039 NULL, 1, 0);
2040 return CMD_SUCCESS;
2041 }
2042
2043 DEFUN (show_ip_bgp_vpn_rd_tags,
2044 show_ip_bgp_vpn_rd_tags_cmd,
2045 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN tags",
2046 SHOW_STR
2047 IP_STR
2048 BGP_STR
2049 BGP_VPNVX_HELP_STR
2050 "Display information for a route distinguisher\n"
2051 "VPN Route Distinguisher\n"
2052 "Display BGP tags for prefixes\n")
2053 {
2054 int idx_ext_community = 5;
2055 int ret;
2056 struct prefix_rd prd;
2057 afi_t afi;
2058 int idx = 0;
2059
2060 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2061 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2062 if (!ret) {
2063 vty_out(vty, "%% Malformed Route Distinguisher\n");
2064 return CMD_WARNING;
2065 }
2066 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
2067 NULL, 1, 0);
2068 }
2069 return CMD_SUCCESS;
2070 }
2071
2072 DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
2073 show_ip_bgp_vpn_all_neighbor_routes_cmd,
2074 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
2075 SHOW_STR
2076 IP_STR
2077 BGP_STR
2078 BGP_VPNVX_HELP_STR
2079 "Display information about all VPNv4/VPNv6 NLRIs\n"
2080 "Detailed information on TCP and BGP neighbor connections\n"
2081 "Neighbor to display information about\n"
2082 "Display routes learned from neighbor\n"
2083 JSON_STR)
2084 {
2085 int idx_ipv4 = 6;
2086 union sockunion su;
2087 struct peer *peer;
2088 int ret;
2089 bool uj = use_json(argc, argv);
2090 afi_t afi;
2091 int idx = 0;
2092
2093 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2094 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2095 if (ret < 0) {
2096 if (uj) {
2097 json_object *json_no = NULL;
2098 json_no = json_object_new_object();
2099 json_object_string_add(json_no, "warning",
2100 "Malformed address");
2101 vty_out(vty, "%s\n",
2102 json_object_to_json_string(json_no));
2103 json_object_free(json_no);
2104 } else
2105 vty_out(vty, "Malformed address: %s\n",
2106 argv[idx_ipv4]->arg);
2107 return CMD_WARNING;
2108 }
2109
2110 peer = peer_lookup(NULL, &su);
2111 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2112 if (uj) {
2113 json_object *json_no = NULL;
2114 json_no = json_object_new_object();
2115 json_object_string_add(
2116 json_no, "warning",
2117 "No such neighbor or address family");
2118 vty_out(vty, "%s\n",
2119 json_object_to_json_string(json_no));
2120 json_object_free(json_no);
2121 } else
2122 vty_out(vty,
2123 "%% No such neighbor or address family\n");
2124 return CMD_WARNING;
2125 }
2126
2127 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
2128 &su, 0, uj);
2129 }
2130 return CMD_SUCCESS;
2131 }
2132
2133 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
2134 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
2135 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D routes [json]",
2136 SHOW_STR
2137 IP_STR
2138 BGP_STR
2139 BGP_VPNVX_HELP_STR
2140 "Display information for a route distinguisher\n"
2141 "VPN Route Distinguisher\n"
2142 "Detailed information on TCP and BGP neighbor connections\n"
2143 "Neighbor to display information about\n"
2144 "Display routes learned from neighbor\n"
2145 JSON_STR)
2146 {
2147 int idx_ext_community = 5;
2148 int idx_ipv4 = 7;
2149 int ret;
2150 union sockunion su;
2151 struct peer *peer;
2152 struct prefix_rd prd;
2153 bool uj = use_json(argc, argv);
2154 afi_t afi;
2155 int idx = 0;
2156
2157 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2158 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2159 if (!ret) {
2160 if (uj) {
2161 json_object *json_no = NULL;
2162 json_no = json_object_new_object();
2163 json_object_string_add(
2164 json_no, "warning",
2165 "Malformed Route Distinguisher");
2166 vty_out(vty, "%s\n",
2167 json_object_to_json_string(json_no));
2168 json_object_free(json_no);
2169 } else
2170 vty_out(vty,
2171 "%% Malformed Route Distinguisher\n");
2172 return CMD_WARNING;
2173 }
2174
2175 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2176 if (ret < 0) {
2177 if (uj) {
2178 json_object *json_no = NULL;
2179 json_no = json_object_new_object();
2180 json_object_string_add(json_no, "warning",
2181 "Malformed address");
2182 vty_out(vty, "%s\n",
2183 json_object_to_json_string(json_no));
2184 json_object_free(json_no);
2185 } else
2186 vty_out(vty, "Malformed address: %s\n",
2187 argv[idx_ext_community]->arg);
2188 return CMD_WARNING;
2189 }
2190
2191 peer = peer_lookup(NULL, &su);
2192 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2193 if (uj) {
2194 json_object *json_no = NULL;
2195 json_no = json_object_new_object();
2196 json_object_string_add(
2197 json_no, "warning",
2198 "No such neighbor or address family");
2199 vty_out(vty, "%s\n",
2200 json_object_to_json_string(json_no));
2201 json_object_free(json_no);
2202 } else
2203 vty_out(vty,
2204 "%% No such neighbor or address family\n");
2205 return CMD_WARNING;
2206 }
2207
2208 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_neighbor,
2209 &su, 0, uj);
2210 }
2211 return CMD_SUCCESS;
2212 }
2213
2214 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
2215 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
2216 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
2217 SHOW_STR
2218 IP_STR
2219 BGP_STR
2220 BGP_VPNVX_HELP_STR
2221 "Display information about all VPNv4/VPNv6 NLRIs\n"
2222 "Detailed information on TCP and BGP neighbor connections\n"
2223 "Neighbor to display information about\n"
2224 "Display the routes advertised to a BGP neighbor\n"
2225 JSON_STR)
2226 {
2227 int idx_ipv4 = 6;
2228 int ret;
2229 struct peer *peer;
2230 union sockunion su;
2231 bool uj = use_json(argc, argv);
2232 afi_t afi;
2233 int idx = 0;
2234
2235 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2236 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2237 if (ret < 0) {
2238 if (uj) {
2239 json_object *json_no = NULL;
2240 json_no = json_object_new_object();
2241 json_object_string_add(json_no, "warning",
2242 "Malformed address");
2243 vty_out(vty, "%s\n",
2244 json_object_to_json_string(json_no));
2245 json_object_free(json_no);
2246 } else
2247 vty_out(vty, "Malformed address: %s\n",
2248 argv[idx_ipv4]->arg);
2249 return CMD_WARNING;
2250 }
2251 peer = peer_lookup(NULL, &su);
2252 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2253 if (uj) {
2254 json_object *json_no = NULL;
2255 json_no = json_object_new_object();
2256 json_object_string_add(
2257 json_no, "warning",
2258 "No such neighbor or address family");
2259 vty_out(vty, "%s\n",
2260 json_object_to_json_string(json_no));
2261 json_object_free(json_no);
2262 } else
2263 vty_out(vty,
2264 "%% No such neighbor or address family\n");
2265 return CMD_WARNING;
2266 }
2267 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2268 SAFI_MPLS_VPN, uj);
2269 }
2270 return CMD_SUCCESS;
2271 }
2272
2273 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
2274 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
2275 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D advertised-routes [json]",
2276 SHOW_STR
2277 IP_STR
2278 BGP_STR
2279 BGP_VPNVX_HELP_STR
2280 "Display information for a route distinguisher\n"
2281 "VPN Route Distinguisher\n"
2282 "Detailed information on TCP and BGP neighbor connections\n"
2283 "Neighbor to display information about\n"
2284 "Display the routes advertised to a BGP neighbor\n"
2285 JSON_STR)
2286 {
2287 int idx_ext_community = 5;
2288 int idx_ipv4 = 7;
2289 int ret;
2290 struct peer *peer;
2291 struct prefix_rd prd;
2292 union sockunion su;
2293 bool uj = use_json(argc, argv);
2294 afi_t afi;
2295 int idx = 0;
2296
2297 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2298 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2299 if (ret < 0) {
2300 if (uj) {
2301 json_object *json_no = NULL;
2302 json_no = json_object_new_object();
2303 json_object_string_add(json_no, "warning",
2304 "Malformed address");
2305 vty_out(vty, "%s\n",
2306 json_object_to_json_string(json_no));
2307 json_object_free(json_no);
2308 } else
2309 vty_out(vty, "Malformed address: %s\n",
2310 argv[idx_ext_community]->arg);
2311 return CMD_WARNING;
2312 }
2313 peer = peer_lookup(NULL, &su);
2314 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2315 if (uj) {
2316 json_object *json_no = NULL;
2317 json_no = json_object_new_object();
2318 json_object_string_add(
2319 json_no, "warning",
2320 "No such neighbor or address family");
2321 vty_out(vty, "%s\n",
2322 json_object_to_json_string(json_no));
2323 json_object_free(json_no);
2324 } else
2325 vty_out(vty,
2326 "%% No such neighbor or address family\n");
2327 return CMD_WARNING;
2328 }
2329
2330 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2331 if (!ret) {
2332 if (uj) {
2333 json_object *json_no = NULL;
2334 json_no = json_object_new_object();
2335 json_object_string_add(
2336 json_no, "warning",
2337 "Malformed Route Distinguisher");
2338 vty_out(vty, "%s\n",
2339 json_object_to_json_string(json_no));
2340 json_object_free(json_no);
2341 } else
2342 vty_out(vty,
2343 "%% Malformed Route Distinguisher\n");
2344 return CMD_WARNING;
2345 }
2346
2347 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
2348 SAFI_MPLS_VPN, uj);
2349 }
2350 return CMD_SUCCESS;
2351 }
2352 #endif /* KEEP_OLD_VPN_COMMANDS */
2353
2354 void bgp_mplsvpn_init(void)
2355 {
2356 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
2357 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
2358 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
2359
2360 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
2361 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
2362
2363 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
2364 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
2365 #ifdef KEEP_OLD_VPN_COMMANDS
2366 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
2367 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
2368 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
2369 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
2370 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
2371 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
2372 install_element(VIEW_NODE,
2373 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
2374 install_element(VIEW_NODE,
2375 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
2376 #endif /* KEEP_OLD_VPN_COMMANDS */
2377 }
2378
2379 vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
2380 {
2381 struct listnode *mnode, *mnnode;
2382 struct bgp *bgp;
2383
2384 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2385 struct ecommunity *ec;
2386
2387 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2388 continue;
2389
2390 ec = bgp->vpn_policy[AFI_IP].import_redirect_rtlist;
2391
2392 if (ecom_intersect(ec, eckey))
2393 return bgp->vrf_id;
2394 }
2395 return VRF_UNKNOWN;
2396 }
2397
2398 /*
2399 * The purpose of this function is to process leaks that were deferred
2400 * from earlier per-vrf configuration due to not-yet-existing default
2401 * vrf, in other words, configuration such as:
2402 *
2403 * router bgp MMM vrf FOO
2404 * address-family ipv4 unicast
2405 * rd vpn export 1:1
2406 * exit-address-family
2407 *
2408 * router bgp NNN
2409 * ...
2410 *
2411 * This function gets called when the default instance ("router bgp NNN")
2412 * is created.
2413 */
2414 void vpn_leak_postchange_all(void)
2415 {
2416 struct listnode *next;
2417 struct bgp *bgp;
2418 struct bgp *bgp_default = bgp_get_default();
2419
2420 assert(bgp_default);
2421
2422 /* First, do any exporting from VRFs to the single VPN RIB */
2423 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2424
2425 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2426 continue;
2427
2428 vpn_leak_postchange(
2429 BGP_VPN_POLICY_DIR_TOVPN,
2430 AFI_IP,
2431 bgp_default,
2432 bgp);
2433
2434 vpn_leak_postchange(
2435 BGP_VPN_POLICY_DIR_TOVPN,
2436 AFI_IP6,
2437 bgp_default,
2438 bgp);
2439 }
2440
2441 /* Now, do any importing to VRFs from the single VPN RIB */
2442 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2443
2444 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2445 continue;
2446
2447 vpn_leak_postchange(
2448 BGP_VPN_POLICY_DIR_FROMVPN,
2449 AFI_IP,
2450 bgp_default,
2451 bgp);
2452
2453 vpn_leak_postchange(
2454 BGP_VPN_POLICY_DIR_FROMVPN,
2455 AFI_IP6,
2456 bgp_default,
2457 bgp);
2458 }
2459 }
FRRouting mirror