]> git.proxmox.com Git - mirror_frr.git/blob - bgpd/bgp_mplsvpn.c
projects / mirror_frr.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #3878 from opensourcerouting/fix-6vpe
[mirror_frr.git] / bgpd / bgp_mplsvpn.c
1 /* MPLS-VPN
2 * Copyright (C) 2000 Kunihiro Ishiguro <kunihiro@zebra.org>
3 *
4 * This file is part of GNU Zebra.
5 *
6 * GNU Zebra is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 2, or (at your option) any
9 * later version.
10 *
11 * GNU Zebra is distributed in the hope that it will be useful, but
12 * WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; see the file COPYING; if not, write to the Free Software
18 * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
19 */
20
21 #include <zebra.h>
22
23 #include "command.h"
24 #include "prefix.h"
25 #include "log.h"
26 #include "memory.h"
27 #include "stream.h"
28 #include "queue.h"
29 #include "filter.h"
30 #include "mpls.h"
31 #include "json.h"
32 #include "zclient.h"
33
34 #include "bgpd/bgpd.h"
35 #include "bgpd/bgp_debug.h"
36 #include "bgpd/bgp_errors.h"
37 #include "bgpd/bgp_table.h"
38 #include "bgpd/bgp_route.h"
39 #include "bgpd/bgp_attr.h"
40 #include "bgpd/bgp_label.h"
41 #include "bgpd/bgp_mplsvpn.h"
42 #include "bgpd/bgp_packet.h"
43 #include "bgpd/bgp_vty.h"
44 #include "bgpd/bgp_vpn.h"
45 #include "bgpd/bgp_ecommunity.h"
46 #include "bgpd/bgp_zebra.h"
47 #include "bgpd/bgp_nexthop.h"
48 #include "bgpd/bgp_nht.h"
49
50 #if ENABLE_BGP_VNC
51 #include "bgpd/rfapi/rfapi_backend.h"
52 #endif
53
54 /*
55 * Definitions and external declarations.
56 */
57 extern struct zclient *zclient;
58
59 extern int argv_find_and_parse_vpnvx(struct cmd_token **argv, int argc,
60 int *index, afi_t *afi)
61 {
62 int ret = 0;
63 if (argv_find(argv, argc, "vpnv4", index)) {
64 ret = 1;
65 if (afi)
66 *afi = AFI_IP;
67 } else if (argv_find(argv, argc, "vpnv6", index)) {
68 ret = 1;
69 if (afi)
70 *afi = AFI_IP6;
71 }
72 return ret;
73 }
74
75 uint32_t decode_label(mpls_label_t *label_pnt)
76 {
77 uint32_t l;
78 uint8_t *pnt = (uint8_t *)label_pnt;
79
80 l = ((uint32_t)*pnt++ << 12);
81 l |= (uint32_t)*pnt++ << 4;
82 l |= (uint32_t)((*pnt & 0xf0) >> 4);
83 return l;
84 }
85
86 void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
87 {
88 uint8_t *pnt = (uint8_t *)label_pnt;
89 if (pnt == NULL)
90 return;
91 if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
92 *label_pnt = label;
93 return;
94 }
95 *pnt++ = (label >> 12) & 0xff;
96 *pnt++ = (label >> 4) & 0xff;
97 *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
98 }
99
100 int bgp_nlri_parse_vpn(struct peer *peer, struct attr *attr,
101 struct bgp_nlri *packet)
102 {
103 uint8_t *pnt;
104 uint8_t *lim;
105 struct prefix p;
106 int psize = 0;
107 int prefixlen;
108 uint16_t type;
109 struct rd_as rd_as;
110 struct rd_ip rd_ip;
111 struct prefix_rd prd;
112 mpls_label_t label = {0};
113 afi_t afi;
114 safi_t safi;
115 int addpath_encoded;
116 uint32_t addpath_id;
117
118 /* Make prefix_rd */
119 prd.family = AF_UNSPEC;
120 prd.prefixlen = 64;
121
122 pnt = packet->nlri;
123 lim = pnt + packet->length;
124 afi = packet->afi;
125 safi = packet->safi;
126 addpath_id = 0;
127
128 addpath_encoded =
129 (CHECK_FLAG(peer->af_cap[afi][safi], PEER_CAP_ADDPATH_AF_RX_ADV)
130 && CHECK_FLAG(peer->af_cap[afi][safi],
131 PEER_CAP_ADDPATH_AF_TX_RCV));
132
133 #define VPN_PREFIXLEN_MIN_BYTES (3 + 8) /* label + RD */
134 for (; pnt < lim; pnt += psize) {
135 /* Clear prefix structure. */
136 memset(&p, 0, sizeof(struct prefix));
137
138 if (addpath_encoded) {
139
140 /* When packet overflow occurs return immediately. */
141 if (pnt + BGP_ADDPATH_ID_LEN > lim)
142 return -1;
143
144 addpath_id = ntohl(*((uint32_t *)pnt));
145 pnt += BGP_ADDPATH_ID_LEN;
146 }
147
148 /* Fetch prefix length. */
149 prefixlen = *pnt++;
150 p.family = afi2family(packet->afi);
151 psize = PSIZE(prefixlen);
152
153 if (prefixlen < VPN_PREFIXLEN_MIN_BYTES * 8) {
154 flog_err(
155 EC_BGP_UPDATE_RCV,
156 "%s [Error] Update packet error / VPN (prefix length %d less than VPN min length)",
157 peer->host, prefixlen);
158 return -1;
159 }
160
161 /* sanity check against packet data */
162 if ((pnt + psize) > lim) {
163 flog_err(
164 EC_BGP_UPDATE_RCV,
165 "%s [Error] Update packet error / VPN (prefix length %d exceeds packet size %u)",
166 peer->host, prefixlen, (uint)(lim - pnt));
167 return -1;
168 }
169
170 /* sanity check against storage for the IP address portion */
171 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > (ssize_t)sizeof(p.u)) {
172 flog_err(
173 EC_BGP_UPDATE_RCV,
174 "%s [Error] Update packet error / VPN (psize %d exceeds storage size %zu)",
175 peer->host,
176 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
177 sizeof(p.u));
178 return -1;
179 }
180
181 /* Sanity check against max bitlen of the address family */
182 if ((psize - VPN_PREFIXLEN_MIN_BYTES) > prefix_blen(&p)) {
183 flog_err(
184 EC_BGP_UPDATE_RCV,
185 "%s [Error] Update packet error / VPN (psize %d exceeds family (%u) max byte len %u)",
186 peer->host,
187 prefixlen - VPN_PREFIXLEN_MIN_BYTES * 8,
188 p.family, prefix_blen(&p));
189 return -1;
190 }
191
192 /* Copy label to prefix. */
193 memcpy(&label, pnt, BGP_LABEL_BYTES);
194 bgp_set_valid_label(&label);
195
196 /* Copy routing distinguisher to rd. */
197 memcpy(&prd.val, pnt + BGP_LABEL_BYTES, 8);
198
199 /* Decode RD type. */
200 type = decode_rd_type(pnt + BGP_LABEL_BYTES);
201
202 switch (type) {
203 case RD_TYPE_AS:
204 decode_rd_as(pnt + 5, &rd_as);
205 break;
206
207 case RD_TYPE_AS4:
208 decode_rd_as4(pnt + 5, &rd_as);
209 break;
210
211 case RD_TYPE_IP:
212 decode_rd_ip(pnt + 5, &rd_ip);
213 break;
214
215 #if ENABLE_BGP_VNC
216 case RD_TYPE_VNC_ETH:
217 break;
218 #endif
219
220 default:
221 flog_err(EC_BGP_UPDATE_RCV, "Unknown RD type %d", type);
222 break; /* just report */
223 }
224
225 p.prefixlen =
226 prefixlen
227 - VPN_PREFIXLEN_MIN_BYTES * 8; /* exclude label & RD */
228 memcpy(p.u.val, pnt + VPN_PREFIXLEN_MIN_BYTES,
229 psize - VPN_PREFIXLEN_MIN_BYTES);
230
231 if (attr) {
232 bgp_update(peer, &p, addpath_id, attr, packet->afi,
233 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
234 BGP_ROUTE_NORMAL, &prd, &label, 1, 0, NULL);
235 } else {
236 bgp_withdraw(peer, &p, addpath_id, attr, packet->afi,
237 SAFI_MPLS_VPN, ZEBRA_ROUTE_BGP,
238 BGP_ROUTE_NORMAL, &prd, &label, 1, NULL);
239 }
240 }
241 /* Packet length consistency check. */
242 if (pnt != lim) {
243 flog_err(
244 EC_BGP_UPDATE_RCV,
245 "%s [Error] Update packet error / VPN (%zu data remaining after parsing)",
246 peer->host, lim - pnt);
247 return -1;
248 }
249
250 return 0;
251 #undef VPN_PREFIXLEN_MIN_BYTES
252 }
253
254 /*
255 * This function informs zebra of the label this vrf sets on routes
256 * leaked to VPN. Zebra should install this label in the kernel with
257 * an action of "pop label and then use this vrf's IP FIB to route the PDU."
258 *
259 * Sending this vrf-label association is qualified by a) whether vrf->vpn
260 * exporting is active ("export vpn" is enabled, vpn-policy RD and RT list
261 * are set) and b) whether vpn-policy label is set.
262 *
263 * If any of these conditions do not hold, then we send MPLS_LABEL_NONE
264 * for this vrf, which zebra interprets to mean "delete this vrf-label
265 * association."
266 */
267 void vpn_leak_zebra_vrf_label_update(struct bgp *bgp, afi_t afi)
268 {
269 mpls_label_t label = MPLS_LABEL_NONE;
270 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
271
272 if (bgp->vrf_id == VRF_UNKNOWN) {
273 if (debug) {
274 zlog_debug(
275 "%s: vrf %s: afi %s: vrf_id not set, "
276 "can't set zebra vrf label",
277 __func__, bgp->name_pretty, afi2str(afi));
278 }
279 return;
280 }
281
282 if (vpn_leak_to_vpn_active(bgp, afi, NULL)) {
283 label = bgp->vpn_policy[afi].tovpn_label;
284 }
285
286 if (debug) {
287 zlog_debug("%s: vrf %s: afi %s: setting label %d for vrf id %d",
288 __func__, bgp->name_pretty, afi2str(afi), label,
289 bgp->vrf_id);
290 }
291
292 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
293 label = MPLS_LABEL_NONE;
294 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
295 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
296 }
297
298 /*
299 * If zebra tells us vrf has become unconfigured, tell zebra not to
300 * use this label to forward to the vrf anymore
301 */
302 void vpn_leak_zebra_vrf_label_withdraw(struct bgp *bgp, afi_t afi)
303 {
304 mpls_label_t label = MPLS_LABEL_NONE;
305 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
306
307 if (bgp->vrf_id == VRF_UNKNOWN) {
308 if (debug) {
309 zlog_debug(
310 "%s: vrf_id not set, can't delete zebra vrf label",
311 __func__);
312 }
313 return;
314 }
315
316 if (debug) {
317 zlog_debug("%s: deleting label for vrf %s (id=%d)", __func__,
318 bgp->name_pretty, bgp->vrf_id);
319 }
320
321 if (label == BGP_PREVENT_VRF_2_VRF_LEAK)
322 label = MPLS_LABEL_NONE;
323
324 zclient_send_vrf_label(zclient, bgp->vrf_id, afi, label, ZEBRA_LSP_BGP);
325 bgp->vpn_policy[afi].tovpn_zebra_vrf_label_last_sent = label;
326 }
327
328 int vpn_leak_label_callback(
329 mpls_label_t label,
330 void *labelid,
331 bool allocated)
332 {
333 struct vpn_policy *vp = (struct vpn_policy *)labelid;
334 int debug = BGP_DEBUG(vpn, VPN_LEAK_LABEL);
335
336 if (debug)
337 zlog_debug("%s: label=%u, allocated=%d",
338 __func__, label, allocated);
339
340 if (!allocated) {
341 /*
342 * previously-allocated label is now invalid
343 */
344 if (CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO) &&
345 (vp->tovpn_label != MPLS_LABEL_NONE)) {
346
347 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
348 vp->afi, bgp_get_default(), vp->bgp);
349 vp->tovpn_label = MPLS_LABEL_NONE;
350 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
351 vp->afi, bgp_get_default(), vp->bgp);
352 }
353 return 0;
354 }
355
356 /*
357 * New label allocation
358 */
359 if (!CHECK_FLAG(vp->flags, BGP_VPN_POLICY_TOVPN_LABEL_AUTO)) {
360
361 /*
362 * not currently configured for auto label, reject allocation
363 */
364 return -1;
365 }
366
367 if (vp->tovpn_label != MPLS_LABEL_NONE) {
368 if (label == vp->tovpn_label) {
369 /* already have same label, accept but do nothing */
370 return 0;
371 }
372 /* Shouldn't happen: different label allocation */
373 flog_err(EC_BGP_LABEL,
374 "%s: %s had label %u but got new assignment %u",
375 __func__, vp->bgp->name_pretty, vp->tovpn_label,
376 label);
377 /* use new one */
378 }
379
380 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN,
381 vp->afi, bgp_get_default(), vp->bgp);
382 vp->tovpn_label = label;
383 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN,
384 vp->afi, bgp_get_default(), vp->bgp);
385
386 return 0;
387 }
388
389 static int ecom_intersect(struct ecommunity *e1, struct ecommunity *e2)
390 {
391 int i;
392 int j;
393
394 if (!e1 || !e2)
395 return 0;
396
397 for (i = 0; i < e1->size; ++i) {
398 for (j = 0; j < e2->size; ++j) {
399 if (!memcmp(e1->val + (i * ECOMMUNITY_SIZE),
400 e2->val + (j * ECOMMUNITY_SIZE),
401 ECOMMUNITY_SIZE)) {
402
403 return 1;
404 }
405 }
406 }
407 return 0;
408 }
409
410 static bool labels_same(struct bgp_path_info *bpi, mpls_label_t *label,
411 uint32_t n)
412 {
413 uint32_t i;
414
415 if (!bpi->extra) {
416 if (!n)
417 return true;
418 else
419 return false;
420 }
421
422 if (n != bpi->extra->num_labels)
423 return false;
424
425 for (i = 0; i < n; ++i) {
426 if (label[i] != bpi->extra->label[i])
427 return false;
428 }
429 return true;
430 }
431
432 /*
433 * make encoded route labels match specified encoded label set
434 */
435 static void setlabels(struct bgp_path_info *bpi,
436 mpls_label_t *label, /* array of labels */
437 uint32_t num_labels)
438 {
439 if (num_labels)
440 assert(label);
441 assert(num_labels <= BGP_MAX_LABELS);
442
443 if (!num_labels) {
444 if (bpi->extra)
445 bpi->extra->num_labels = 0;
446 return;
447 }
448
449 struct bgp_path_info_extra *extra = bgp_path_info_extra_get(bpi);
450 uint32_t i;
451
452 for (i = 0; i < num_labels; ++i) {
453 extra->label[i] = label[i];
454 if (!bgp_is_valid_label(&label[i])) {
455 bgp_set_valid_label(&extra->label[i]);
456 }
457 }
458 extra->num_labels = num_labels;
459 }
460
461 /*
462 * returns pointer to new bgp_path_info upon success
463 */
464 static struct bgp_path_info *
465 leak_update(struct bgp *bgp, /* destination bgp instance */
466 struct bgp_node *bn, struct attr *new_attr, /* already interned */
467 afi_t afi, safi_t safi, struct bgp_path_info *source_bpi,
468 mpls_label_t *label, uint32_t num_labels, void *parent,
469 struct bgp *bgp_orig, struct prefix *nexthop_orig,
470 int nexthop_self_flag, int debug)
471 {
472 struct prefix *p = &bn->p;
473 struct bgp_path_info *bpi;
474 struct bgp_path_info *bpi_ultimate;
475 struct bgp_path_info *new;
476 char buf_prefix[PREFIX_STRLEN];
477
478 if (debug) {
479 prefix2str(&bn->p, buf_prefix, sizeof(buf_prefix));
480 zlog_debug("%s: entry: leak-to=%s, p=%s, type=%d, sub_type=%d",
481 __func__, bgp->name_pretty, buf_prefix,
482 source_bpi->type, source_bpi->sub_type);
483 }
484
485 /*
486 * Routes that are redistributed into BGP from zebra do not get
487 * nexthop tracking. However, if those routes are subsequently
488 * imported to other RIBs within BGP, the leaked routes do not
489 * carry the original BGP_ROUTE_REDISTRIBUTE sub_type. Therefore,
490 * in order to determine if the route we are currently leaking
491 * should have nexthop tracking, we must find the ultimate
492 * parent so we can check its sub_type.
493 *
494 * As of now, source_bpi may at most be a second-generation route
495 * (only one hop back to ultimate parent for vrf-vpn-vrf scheme).
496 * Using a loop here supports more complex intra-bgp import-export
497 * schemes that could be implemented in the future.
498 *
499 */
500 for (bpi_ultimate = source_bpi;
501 bpi_ultimate->extra && bpi_ultimate->extra->parent;
502 bpi_ultimate = bpi_ultimate->extra->parent)
503 ;
504
505 /*
506 * match parent
507 */
508 for (bpi = bgp_node_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
509 if (bpi->extra && bpi->extra->parent == parent)
510 break;
511 }
512
513 if (bpi) {
514 bool labelssame = labels_same(bpi, label, num_labels);
515
516 if (attrhash_cmp(bpi->attr, new_attr) && labelssame
517 && !CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED)) {
518
519 bgp_attr_unintern(&new_attr);
520 if (debug)
521 zlog_debug(
522 "%s: ->%s: %s: Found route, no change",
523 __func__, bgp->name_pretty,
524 buf_prefix);
525 return NULL;
526 }
527
528 /* attr is changed */
529 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ATTR_CHANGED);
530
531 /* Rewrite BGP route information. */
532 if (CHECK_FLAG(bpi->flags, BGP_PATH_REMOVED))
533 bgp_path_info_restore(bn, bpi);
534 else
535 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
536 bgp_attr_unintern(&bpi->attr);
537 bpi->attr = new_attr;
538 bpi->uptime = bgp_clock();
539
540 /*
541 * rewrite labels
542 */
543 if (!labelssame)
544 setlabels(bpi, label, num_labels);
545
546 if (nexthop_self_flag)
547 bgp_path_info_set_flag(bn, bpi, BGP_PATH_ANNC_NH_SELF);
548
549 struct bgp *bgp_nexthop = bgp;
550 int nh_valid;
551
552 if (bpi->extra && bpi->extra->bgp_orig)
553 bgp_nexthop = bpi->extra->bgp_orig;
554
555 /* No nexthop tracking for redistributed routes */
556 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE)
557 nh_valid = 1;
558 else
559 /*
560 * TBD do we need to do anything about the
561 * 'connected' parameter?
562 */
563 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop,
564 afi, bpi, NULL, 0);
565
566 if (debug)
567 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
568 __func__, (nh_valid ? "" : "not "),
569 bgp_nexthop->name_pretty);
570
571 if (nh_valid)
572 bgp_path_info_set_flag(bn, bpi, BGP_PATH_VALID);
573
574 /* Process change. */
575 bgp_aggregate_increment(bgp, p, bpi, afi, safi);
576 bgp_process(bgp, bn, afi, safi);
577 bgp_unlock_node(bn);
578
579 if (debug)
580 zlog_debug("%s: ->%s: %s Found route, changed attr",
581 __func__, bgp->name_pretty, buf_prefix);
582
583 return bpi;
584 }
585
586 new = info_make(ZEBRA_ROUTE_BGP, BGP_ROUTE_IMPORTED, 0,
587 bgp->peer_self, new_attr, bn);
588
589 if (nexthop_self_flag)
590 bgp_path_info_set_flag(bn, new, BGP_PATH_ANNC_NH_SELF);
591
592 bgp_path_info_extra_get(new);
593
594 if (num_labels)
595 setlabels(new, label, num_labels);
596
597 new->extra->parent = bgp_path_info_lock(parent);
598 bgp_lock_node((struct bgp_node *)((struct bgp_path_info *)parent)->net);
599 if (bgp_orig)
600 new->extra->bgp_orig = bgp_lock(bgp_orig);
601 if (nexthop_orig)
602 new->extra->nexthop_orig = *nexthop_orig;
603
604 /*
605 * nexthop tracking for unicast routes
606 */
607 struct bgp *bgp_nexthop = bgp;
608 int nh_valid;
609
610 if (new->extra->bgp_orig)
611 bgp_nexthop = new->extra->bgp_orig;
612
613 /*
614 * No nexthop tracking for redistributed routes because
615 * their originating protocols will do the tracking and
616 * withdraw those routes if the nexthops become unreachable
617 */
618 if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE)
619 nh_valid = 1;
620 else
621 /*
622 * TBD do we need to do anything about the
623 * 'connected' parameter?
624 */
625 nh_valid = bgp_find_or_add_nexthop(bgp, bgp_nexthop,
626 afi, new, NULL, 0);
627
628 if (debug)
629 zlog_debug("%s: nexthop is %svalid (in vrf %s)",
630 __func__, (nh_valid ? "" : "not "),
631 bgp_nexthop->name_pretty);
632 if (nh_valid)
633 bgp_path_info_set_flag(bn, new, BGP_PATH_VALID);
634
635 bgp_aggregate_increment(bgp, p, new, afi, safi);
636 bgp_path_info_add(bn, new);
637
638 bgp_unlock_node(bn);
639 bgp_process(bgp, bn, afi, safi);
640
641 if (debug)
642 zlog_debug("%s: ->%s: %s: Added new route", __func__,
643 bgp->name_pretty, buf_prefix);
644
645 return new;
646 }
647
648 /* cf vnc_import_bgp_add_route_mode_nvegroup() and add_vnc_route() */
649 void vpn_leak_from_vrf_update(struct bgp *bgp_vpn, /* to */
650 struct bgp *bgp_vrf, /* from */
651 struct bgp_path_info *path_vrf) /* route */
652 {
653 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
654 struct prefix *p = &path_vrf->net->p;
655 afi_t afi = family2afi(p->family);
656 struct attr static_attr = {0};
657 struct attr *new_attr = NULL;
658 safi_t safi = SAFI_MPLS_VPN;
659 mpls_label_t label_val;
660 mpls_label_t label;
661 struct bgp_node *bn;
662 const char *debugmsg;
663 int nexthop_self_flag = 0;
664
665 if (debug)
666 zlog_debug("%s: from vrf %s", __func__, bgp_vrf->name_pretty);
667
668 if (debug && path_vrf->attr->ecommunity) {
669 char *s = ecommunity_ecom2str(path_vrf->attr->ecommunity,
670 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
671
672 zlog_debug("%s: %s path_vrf->type=%d, EC{%s}", __func__,
673 bgp_vrf->name, path_vrf->type, s);
674 XFREE(MTYPE_ECOMMUNITY_STR, s);
675 }
676
677 if (!bgp_vpn)
678 return;
679
680 if (!afi) {
681 if (debug)
682 zlog_debug("%s: can't get afi of prefix", __func__);
683 return;
684 }
685
686 /* loop check - should not be an imported route. */
687 if (path_vrf->extra && path_vrf->extra->bgp_orig)
688 return;
689
690
691 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
692 if (debug)
693 zlog_debug("%s: %s skipping: %s", __func__,
694 bgp_vrf->name, debugmsg);
695 return;
696 }
697
698 bgp_attr_dup(&static_attr, path_vrf->attr); /* shallow copy */
699
700 /*
701 * route map handling
702 */
703 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN]) {
704 struct bgp_path_info info;
705 route_map_result_t ret;
706
707 memset(&info, 0, sizeof(info));
708 info.peer = bgp_vpn->peer_self;
709 info.attr = &static_attr;
710 ret = route_map_apply(
711 bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN],
712 p, RMAP_BGP, &info);
713 if (RMAP_DENYMATCH == ret) {
714 bgp_attr_flush(&static_attr); /* free any added parts */
715 if (debug)
716 zlog_debug(
717 "%s: vrf %s route map \"%s\" says DENY, returning",
718 __func__, bgp_vrf->name_pretty,
719 bgp_vrf->vpn_policy[afi]
720 .rmap[BGP_VPN_POLICY_DIR_TOVPN]
721 ->name);
722 return;
723 }
724 }
725
726 if (debug && static_attr.ecommunity) {
727 char *s = ecommunity_ecom2str(static_attr.ecommunity,
728 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
729
730 zlog_debug("%s: post route map static_attr.ecommunity{%s}",
731 __func__, s);
732 XFREE(MTYPE_ECOMMUNITY_STR, s);
733 }
734
735 /*
736 * Add the vpn-policy rt-list
737 */
738 struct ecommunity *old_ecom;
739 struct ecommunity *new_ecom;
740
741 old_ecom = static_attr.ecommunity;
742 if (old_ecom) {
743 new_ecom = ecommunity_merge(
744 ecommunity_dup(old_ecom),
745 bgp_vrf->vpn_policy[afi]
746 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
747 if (!old_ecom->refcnt)
748 ecommunity_free(&old_ecom);
749 } else {
750 new_ecom = ecommunity_dup(
751 bgp_vrf->vpn_policy[afi]
752 .rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
753 }
754 static_attr.ecommunity = new_ecom;
755 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_EXT_COMMUNITIES));
756
757 if (debug && static_attr.ecommunity) {
758 char *s = ecommunity_ecom2str(static_attr.ecommunity,
759 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
760
761 zlog_debug("%s: post merge static_attr.ecommunity{%s}",
762 __func__, s);
763 XFREE(MTYPE_ECOMMUNITY_STR, s);
764 }
765
766 /* Nexthop */
767 /* if policy nexthop not set, use 0 */
768 if (CHECK_FLAG(bgp_vrf->vpn_policy[afi].flags,
769 BGP_VPN_POLICY_TOVPN_NEXTHOP_SET)) {
770 struct prefix *nexthop =
771 &bgp_vrf->vpn_policy[afi].tovpn_nexthop;
772
773 switch (nexthop->family) {
774 case AF_INET:
775 /* prevent mp_nexthop_global_in <- self in bgp_route.c
776 */
777 static_attr.nexthop.s_addr = nexthop->u.prefix4.s_addr;
778
779 static_attr.mp_nexthop_global_in = nexthop->u.prefix4;
780 static_attr.mp_nexthop_len = 4;
781 break;
782
783 case AF_INET6:
784 static_attr.mp_nexthop_global = nexthop->u.prefix6;
785 static_attr.mp_nexthop_len = 16;
786 break;
787
788 default:
789 assert(0);
790 }
791 } else {
792 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST],
793 BGP_CONFIG_VRF_TO_VRF_EXPORT)) {
794 if (afi == AFI_IP) {
795 /*
796 * For ipv4, copy to multiprotocol
797 * nexthop field
798 */
799 static_attr.mp_nexthop_global_in =
800 static_attr.nexthop;
801 static_attr.mp_nexthop_len = 4;
802 /*
803 * XXX Leave static_attr.nexthop
804 * intact for NHT
805 */
806 static_attr.flag &=
807 ~ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
808 }
809 } else {
810 /* Update based on next-hop family to account for
811 * RFC 5549 (BGP unnumbered) scenario. Note that
812 * specific action is only needed for the case of
813 * IPv4 nexthops as the attr has been copied
814 * otherwise.
815 */
816 if (afi == AFI_IP
817 && !BGP_ATTR_NEXTHOP_AFI_IP6(path_vrf->attr)) {
818 static_attr.mp_nexthop_global_in.s_addr =
819 static_attr.nexthop.s_addr;
820 static_attr.mp_nexthop_len = 4;
821 static_attr.flag |=
822 ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
823 }
824 }
825 nexthop_self_flag = 1;
826 }
827
828 label_val = bgp_vrf->vpn_policy[afi].tovpn_label;
829 if (label_val == MPLS_LABEL_NONE) {
830 encode_label(MPLS_LABEL_IMPLICIT_NULL, &label);
831 } else {
832 encode_label(label_val, &label);
833 }
834
835 /* Set originator ID to "me" */
836 SET_FLAG(static_attr.flag, ATTR_FLAG_BIT(BGP_ATTR_ORIGINATOR_ID));
837 static_attr.originator_id = bgp_vpn->router_id;
838
839
840 new_attr = bgp_attr_intern(
841 &static_attr); /* hashed refcounted everything */
842 bgp_attr_flush(&static_attr); /* free locally-allocated parts */
843
844 if (debug && new_attr->ecommunity) {
845 char *s = ecommunity_ecom2str(new_attr->ecommunity,
846 ECOMMUNITY_FORMAT_ROUTE_MAP, 0);
847
848 zlog_debug("%s: new_attr->ecommunity{%s}", __func__, s);
849 XFREE(MTYPE_ECOMMUNITY_STR, s);
850 }
851
852 /* Now new_attr is an allocated interned attr */
853
854 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
855 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
856
857 struct bgp_path_info *new_info;
858
859 new_info = leak_update(bgp_vpn, bn, new_attr, afi, safi, path_vrf,
860 &label, 1, path_vrf, bgp_vrf, NULL,
861 nexthop_self_flag, debug);
862
863 /*
864 * Routes actually installed in the vpn RIB must also be
865 * offered to all vrfs (because now they originate from
866 * the vpn RIB).
867 *
868 * Acceptance into other vrfs depends on rt-lists.
869 * Originating vrf will not accept the looped back route
870 * because of loop checking.
871 */
872 if (new_info)
873 vpn_leak_to_vrf_update(bgp_vrf, new_info);
874 }
875
876 void vpn_leak_from_vrf_withdraw(struct bgp *bgp_vpn, /* to */
877 struct bgp *bgp_vrf, /* from */
878 struct bgp_path_info *path_vrf) /* route */
879 {
880 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
881 struct prefix *p = &path_vrf->net->p;
882 afi_t afi = family2afi(p->family);
883 safi_t safi = SAFI_MPLS_VPN;
884 struct bgp_path_info *bpi;
885 struct bgp_node *bn;
886 const char *debugmsg;
887 char buf_prefix[PREFIX_STRLEN];
888
889 if (debug) {
890 prefix2str(p, buf_prefix, sizeof(buf_prefix));
891 zlog_debug(
892 "%s: entry: leak-from=%s, p=%s, type=%d, sub_type=%d",
893 __func__, bgp_vrf->name_pretty, buf_prefix,
894 path_vrf->type, path_vrf->sub_type);
895 }
896
897 if (path_vrf->sub_type != BGP_ROUTE_NORMAL
898 && path_vrf->sub_type != BGP_ROUTE_STATIC
899 && path_vrf->sub_type != BGP_ROUTE_REDISTRIBUTE) {
900
901 if (debug)
902 zlog_debug("%s: wrong sub_type %d", __func__,
903 path_vrf->sub_type);
904 return;
905 }
906 if (!bgp_vpn)
907 return;
908
909 if (!afi) {
910 if (debug)
911 zlog_debug("%s: can't get afi of prefix", __func__);
912 return;
913 }
914
915 if (!vpn_leak_to_vpn_active(bgp_vrf, afi, &debugmsg)) {
916 if (debug)
917 zlog_debug("%s: skipping: %s", __func__, debugmsg);
918 return;
919 }
920
921 if (debug)
922 zlog_debug("%s: withdrawing (path_vrf=%p)", __func__, path_vrf);
923
924 bn = bgp_afi_node_get(bgp_vpn->rib[afi][safi], afi, safi, p,
925 &(bgp_vrf->vpn_policy[afi].tovpn_rd));
926
927 if (!bn)
928 return;
929 /*
930 * vrf -> vpn
931 * match original bpi imported from
932 */
933 for (bpi = bgp_node_get_bgp_path_info(bn); bpi; bpi = bpi->next) {
934 if (bpi->extra && bpi->extra->parent == path_vrf) {
935 break;
936 }
937 }
938
939 if (bpi) {
940 /* withdraw from looped vrfs as well */
941 vpn_leak_to_vrf_withdraw(bgp_vpn, bpi);
942
943 bgp_aggregate_decrement(bgp_vpn, p, bpi, afi, safi);
944 bgp_path_info_delete(bn, bpi);
945 bgp_process(bgp_vpn, bn, afi, safi);
946 }
947 bgp_unlock_node(bn);
948 }
949
950 void vpn_leak_from_vrf_withdraw_all(struct bgp *bgp_vpn, /* to */
951 struct bgp *bgp_vrf, /* from */
952 afi_t afi)
953 {
954 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
955 struct bgp_node *prn;
956 safi_t safi = SAFI_MPLS_VPN;
957
958 /*
959 * Walk vpn table, delete bpi with bgp_orig == bgp_vrf
960 */
961 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
962 prn = bgp_route_next(prn)) {
963
964 struct bgp_table *table;
965 struct bgp_node *bn;
966 struct bgp_path_info *bpi;
967
968 /* This is the per-RD table of prefixes */
969 table = bgp_node_get_bgp_table_info(prn);
970
971 if (!table)
972 continue;
973
974 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
975
976 char buf[PREFIX2STR_BUFFER];
977
978 bpi = bgp_node_get_bgp_path_info(bn);
979 if (debug && bpi) {
980 zlog_debug(
981 "%s: looking at prefix %s", __func__,
982 prefix2str(&bn->p, buf, sizeof(buf)));
983 }
984
985 for (; bpi; bpi = bpi->next) {
986 if (debug)
987 zlog_debug("%s: type %d, sub_type %d",
988 __func__, bpi->type,
989 bpi->sub_type);
990 if (bpi->sub_type != BGP_ROUTE_IMPORTED)
991 continue;
992 if (!bpi->extra)
993 continue;
994 if ((struct bgp *)bpi->extra->bgp_orig
995 == bgp_vrf) {
996 /* delete route */
997 if (debug)
998 zlog_debug("%s: deleting it\n",
999 __func__);
1000 bgp_aggregate_decrement(bgp_vpn, &bn->p,
1001 bpi, afi, safi);
1002 bgp_path_info_delete(bn, bpi);
1003 bgp_process(bgp_vpn, bn, afi, safi);
1004 }
1005 }
1006 }
1007 }
1008 }
1009
1010 void vpn_leak_from_vrf_update_all(struct bgp *bgp_vpn, /* to */
1011 struct bgp *bgp_vrf, /* from */
1012 afi_t afi)
1013 {
1014 struct bgp_node *bn;
1015 struct bgp_path_info *bpi;
1016 int debug = BGP_DEBUG(vpn, VPN_LEAK_FROM_VRF);
1017
1018 if (debug)
1019 zlog_debug("%s: entry, afi=%d, vrf=%s", __func__, afi,
1020 bgp_vrf->name_pretty);
1021
1022 for (bn = bgp_table_top(bgp_vrf->rib[afi][SAFI_UNICAST]); bn;
1023 bn = bgp_route_next(bn)) {
1024
1025 if (debug)
1026 zlog_debug("%s: node=%p", __func__, bn);
1027
1028 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1029 bpi = bpi->next) {
1030 if (debug)
1031 zlog_debug(
1032 "%s: calling vpn_leak_from_vrf_update",
1033 __func__);
1034 vpn_leak_from_vrf_update(bgp_vpn, bgp_vrf, bpi);
1035 }
1036 }
1037 }
1038
1039 static void
1040 vpn_leak_to_vrf_update_onevrf(struct bgp *bgp_vrf, /* to */
1041 struct bgp *bgp_vpn, /* from */
1042 struct bgp_path_info *path_vpn) /* route */
1043 {
1044 struct prefix *p = &path_vpn->net->p;
1045 afi_t afi = family2afi(p->family);
1046
1047 struct attr static_attr = {0};
1048 struct attr *new_attr = NULL;
1049 struct bgp_node *bn;
1050 safi_t safi = SAFI_UNICAST;
1051 const char *debugmsg;
1052 struct prefix nexthop_orig;
1053 mpls_label_t *pLabels = NULL;
1054 uint32_t num_labels = 0;
1055 int nexthop_self_flag = 1;
1056 struct bgp_path_info *bpi_ultimate = NULL;
1057 int origin_local = 0;
1058 struct bgp *src_vrf;
1059
1060 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1061
1062 if (!vpn_leak_from_vpn_active(bgp_vrf, afi, &debugmsg)) {
1063 if (debug)
1064 zlog_debug("%s: skipping: %s", __func__, debugmsg);
1065 return;
1066 }
1067
1068 /* Check for intersection of route targets */
1069 if (!ecom_intersect(
1070 bgp_vrf->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1071 path_vpn->attr->ecommunity)) {
1072
1073 return;
1074 }
1075
1076 if (debug) {
1077 char buf_prefix[PREFIX_STRLEN];
1078
1079 prefix2str(p, buf_prefix, sizeof(buf_prefix));
1080 zlog_debug("%s: updating %s to vrf %s", __func__,
1081 buf_prefix, bgp_vrf->name_pretty);
1082 }
1083
1084 bgp_attr_dup(&static_attr, path_vpn->attr); /* shallow copy */
1085
1086 /*
1087 * Nexthop: stash and clear
1088 *
1089 * Nexthop is valid in context of VPN core, but not in destination vrf.
1090 * Stash it for later label resolution by vrf ingress path and then
1091 * overwrite with 0, i.e., "me", for the sake of vrf advertisement.
1092 */
1093 uint8_t nhfamily = NEXTHOP_FAMILY(path_vpn->attr->mp_nexthop_len);
1094
1095 memset(&nexthop_orig, 0, sizeof(nexthop_orig));
1096 nexthop_orig.family = nhfamily;
1097
1098 switch (nhfamily) {
1099 case AF_INET:
1100 /* save */
1101 nexthop_orig.u.prefix4 = path_vpn->attr->mp_nexthop_global_in;
1102 nexthop_orig.prefixlen = 32;
1103
1104 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1105 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1106 static_attr.nexthop.s_addr =
1107 nexthop_orig.u.prefix4.s_addr;
1108
1109 static_attr.mp_nexthop_global_in =
1110 path_vpn->attr->mp_nexthop_global_in;
1111 static_attr.mp_nexthop_len =
1112 path_vpn->attr->mp_nexthop_len;
1113 }
1114 static_attr.flag |= ATTR_FLAG_BIT(BGP_ATTR_NEXT_HOP);
1115 break;
1116 case AF_INET6:
1117 /* save */
1118 nexthop_orig.u.prefix6 = path_vpn->attr->mp_nexthop_global;
1119 nexthop_orig.prefixlen = 128;
1120
1121 if (CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1122 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1123 static_attr.mp_nexthop_global = nexthop_orig.u.prefix6;
1124 }
1125 break;
1126 }
1127
1128 /*
1129 * route map handling
1130 */
1131 if (bgp_vrf->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN]) {
1132 struct bgp_path_info info;
1133 route_map_result_t ret;
1134
1135 memset(&info, 0, sizeof(info));
1136 info.peer = bgp_vrf->peer_self;
1137 info.attr = &static_attr;
1138 info.extra = path_vpn->extra; /* Used for source-vrf filter */
1139 ret = route_map_apply(bgp_vrf->vpn_policy[afi]
1140 .rmap[BGP_VPN_POLICY_DIR_FROMVPN],
1141 p, RMAP_BGP, &info);
1142 if (RMAP_DENYMATCH == ret) {
1143 bgp_attr_flush(&static_attr); /* free any added parts */
1144 if (debug)
1145 zlog_debug(
1146 "%s: vrf %s vpn-policy route map \"%s\" says DENY, returning",
1147 __func__, bgp_vrf->name_pretty,
1148 bgp_vrf->vpn_policy[afi]
1149 .rmap[BGP_VPN_POLICY_DIR_FROMVPN]
1150 ->name);
1151 return;
1152 }
1153 /*
1154 * if route-map changed nexthop, don't nexthop-self on output
1155 */
1156 if (!CHECK_FLAG(static_attr.rmap_change_flags,
1157 BATTR_RMAP_NEXTHOP_UNCHANGED))
1158 nexthop_self_flag = 0;
1159 }
1160
1161 new_attr = bgp_attr_intern(&static_attr);
1162 bgp_attr_flush(&static_attr);
1163
1164 bn = bgp_afi_node_get(bgp_vrf->rib[afi][safi], afi, safi, p, NULL);
1165
1166 /*
1167 * ensure labels are copied
1168 *
1169 * However, there is a special case: if the route originated in
1170 * another local VRF (as opposed to arriving via VPN), then the
1171 * nexthop is reached by hairpinning through this router (me)
1172 * using IP forwarding only (no LSP). Therefore, the route
1173 * imported to the VRF should not have labels attached. Note
1174 * that nexthop tracking is also involved: eliminating the
1175 * labels for these routes enables the non-labeled nexthops
1176 * from the originating VRF to be considered valid for this route.
1177 */
1178 if (!CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
1179 BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
1180 /* work back to original route */
1181 for (bpi_ultimate = path_vpn;
1182 bpi_ultimate->extra && bpi_ultimate->extra->parent;
1183 bpi_ultimate = bpi_ultimate->extra->parent)
1184 ;
1185
1186 /*
1187 * if original route was unicast,
1188 * then it did not arrive over vpn
1189 */
1190 if (bpi_ultimate->net) {
1191 struct bgp_table *table;
1192
1193 table = bgp_node_table(bpi_ultimate->net);
1194 if (table && (table->safi == SAFI_UNICAST))
1195 origin_local = 1;
1196 }
1197
1198 /* copy labels */
1199 if (!origin_local && path_vpn->extra
1200 && path_vpn->extra->num_labels) {
1201 num_labels = path_vpn->extra->num_labels;
1202 if (num_labels > BGP_MAX_LABELS)
1203 num_labels = BGP_MAX_LABELS;
1204 pLabels = path_vpn->extra->label;
1205 }
1206 }
1207
1208 if (debug) {
1209 char buf_prefix[PREFIX_STRLEN];
1210 prefix2str(p, buf_prefix, sizeof(buf_prefix));
1211 zlog_debug("%s: pfx %s: num_labels %d", __func__, buf_prefix,
1212 num_labels);
1213 }
1214
1215 /*
1216 * For VRF-2-VRF route-leaking,
1217 * the source will be the originating VRF.
1218 */
1219 if (path_vpn->extra && path_vpn->extra->bgp_orig)
1220 src_vrf = path_vpn->extra->bgp_orig;
1221 else
1222 src_vrf = bgp_vpn;
1223
1224 leak_update(bgp_vrf, bn, new_attr, afi, safi, path_vpn, pLabels,
1225 num_labels, path_vpn, /* parent */
1226 src_vrf, &nexthop_orig, nexthop_self_flag, debug);
1227 }
1228
1229 void vpn_leak_to_vrf_update(struct bgp *bgp_vpn, /* from */
1230 struct bgp_path_info *path_vpn) /* route */
1231 {
1232 struct listnode *mnode, *mnnode;
1233 struct bgp *bgp;
1234
1235 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1236
1237 if (debug)
1238 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1239
1240 /* Loop over VRFs */
1241 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1242
1243 if (!path_vpn->extra
1244 || path_vpn->extra->bgp_orig != bgp) { /* no loop */
1245 vpn_leak_to_vrf_update_onevrf(bgp, bgp_vpn, path_vpn);
1246 }
1247 }
1248 }
1249
1250 void vpn_leak_to_vrf_withdraw(struct bgp *bgp_vpn, /* from */
1251 struct bgp_path_info *path_vpn) /* route */
1252 {
1253 struct prefix *p;
1254 afi_t afi;
1255 safi_t safi = SAFI_UNICAST;
1256 struct bgp *bgp;
1257 struct listnode *mnode, *mnnode;
1258 struct bgp_node *bn;
1259 struct bgp_path_info *bpi;
1260 const char *debugmsg;
1261 char buf_prefix[PREFIX_STRLEN];
1262
1263 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1264
1265 if (debug) {
1266 prefix2str(&path_vpn->net->p, buf_prefix, sizeof(buf_prefix));
1267 zlog_debug("%s: entry: p=%s, type=%d, sub_type=%d", __func__,
1268 buf_prefix, path_vpn->type, path_vpn->sub_type);
1269 }
1270
1271 if (debug)
1272 zlog_debug("%s: start (path_vpn=%p)", __func__, path_vpn);
1273
1274 if (!path_vpn->net) {
1275 #if ENABLE_BGP_VNC
1276 /* BGP_ROUTE_RFP routes do not have path_vpn->net set (yet) */
1277 if (path_vpn->type == ZEBRA_ROUTE_BGP
1278 && path_vpn->sub_type == BGP_ROUTE_RFP) {
1279
1280 return;
1281 }
1282 #endif
1283 if (debug)
1284 zlog_debug(
1285 "%s: path_vpn->net unexpectedly NULL, no prefix, bailing",
1286 __func__);
1287 return;
1288 }
1289
1290 p = &path_vpn->net->p;
1291 afi = family2afi(p->family);
1292
1293 /* Loop over VRFs */
1294 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
1295 if (!vpn_leak_from_vpn_active(bgp, afi, &debugmsg)) {
1296 if (debug)
1297 zlog_debug("%s: skipping: %s", __func__,
1298 debugmsg);
1299 continue;
1300 }
1301
1302 /* Check for intersection of route targets */
1303 if (!ecom_intersect(bgp->vpn_policy[afi]
1304 .rtlist[BGP_VPN_POLICY_DIR_FROMVPN],
1305 path_vpn->attr->ecommunity)) {
1306
1307 continue;
1308 }
1309
1310 if (debug)
1311 zlog_debug("%s: withdrawing from vrf %s", __func__,
1312 bgp->name_pretty);
1313
1314 bn = bgp_afi_node_get(bgp->rib[afi][safi], afi, safi, p, NULL);
1315
1316 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1317 bpi = bpi->next) {
1318 if (bpi->extra
1319 && (struct bgp_path_info *)bpi->extra->parent
1320 == path_vpn) {
1321 break;
1322 }
1323 }
1324
1325 if (bpi) {
1326 if (debug)
1327 zlog_debug("%s: deleting bpi %p", __func__,
1328 bpi);
1329 bgp_aggregate_decrement(bgp, p, bpi, afi, safi);
1330 bgp_path_info_delete(bn, bpi);
1331 bgp_process(bgp, bn, afi, safi);
1332 }
1333 bgp_unlock_node(bn);
1334 }
1335 }
1336
1337 void vpn_leak_to_vrf_withdraw_all(struct bgp *bgp_vrf, /* to */
1338 afi_t afi)
1339 {
1340 struct bgp_node *bn;
1341 struct bgp_path_info *bpi;
1342 safi_t safi = SAFI_UNICAST;
1343 int debug = BGP_DEBUG(vpn, VPN_LEAK_TO_VRF);
1344
1345 if (debug)
1346 zlog_debug("%s: entry", __func__);
1347 /*
1348 * Walk vrf table, delete bpi with bgp_orig in a different vrf
1349 */
1350 for (bn = bgp_table_top(bgp_vrf->rib[afi][safi]); bn;
1351 bn = bgp_route_next(bn)) {
1352
1353 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1354 bpi = bpi->next) {
1355 if (bpi->extra && bpi->extra->bgp_orig != bgp_vrf) {
1356
1357 /* delete route */
1358 bgp_aggregate_decrement(bgp_vrf, &bn->p, bpi,
1359 afi, safi);
1360 bgp_path_info_delete(bn, bpi);
1361 bgp_process(bgp_vrf, bn, afi, safi);
1362 }
1363 }
1364 }
1365 }
1366
1367 void vpn_leak_to_vrf_update_all(struct bgp *bgp_vrf, /* to */
1368 struct bgp *bgp_vpn, /* from */
1369 afi_t afi)
1370 {
1371 struct prefix_rd prd;
1372 struct bgp_node *prn;
1373 safi_t safi = SAFI_MPLS_VPN;
1374
1375 assert(bgp_vpn);
1376
1377 /*
1378 * Walk vpn table
1379 */
1380 for (prn = bgp_table_top(bgp_vpn->rib[afi][safi]); prn;
1381 prn = bgp_route_next(prn)) {
1382
1383 struct bgp_table *table;
1384 struct bgp_node *bn;
1385 struct bgp_path_info *bpi;
1386
1387 memset(&prd, 0, sizeof(prd));
1388 prd.family = AF_UNSPEC;
1389 prd.prefixlen = 64;
1390 memcpy(prd.val, prn->p.u.val, 8);
1391
1392 /* This is the per-RD table of prefixes */
1393 table = bgp_node_get_bgp_table_info(prn);
1394
1395 if (!table)
1396 continue;
1397
1398 for (bn = bgp_table_top(table); bn; bn = bgp_route_next(bn)) {
1399
1400 for (bpi = bgp_node_get_bgp_path_info(bn); bpi;
1401 bpi = bpi->next) {
1402
1403 if (bpi->extra
1404 && bpi->extra->bgp_orig == bgp_vrf)
1405 continue;
1406
1407 vpn_leak_to_vrf_update_onevrf(bgp_vrf, bgp_vpn,
1408 bpi);
1409 }
1410 }
1411 }
1412 }
1413
1414 /*
1415 * This function is called for definition/deletion/change to a route-map
1416 */
1417 static void vpn_policy_routemap_update(struct bgp *bgp, const char *rmap_name)
1418 {
1419 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1420 afi_t afi;
1421 struct route_map *rmap;
1422
1423 if (bgp->inst_type != BGP_INSTANCE_TYPE_DEFAULT
1424 && bgp->inst_type != BGP_INSTANCE_TYPE_VRF) {
1425
1426 return;
1427 }
1428
1429 rmap = route_map_lookup_by_name(rmap_name); /* NULL if deleted */
1430
1431 for (afi = 0; afi < AFI_MAX; ++afi) {
1432
1433 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_TOVPN]
1434 && !strcmp(rmap_name,
1435 bgp->vpn_policy[afi]
1436 .rmap_name[BGP_VPN_POLICY_DIR_TOVPN])) {
1437
1438 if (debug)
1439 zlog_debug(
1440 "%s: rmap \"%s\" matches vrf-policy tovpn for as %d afi %s",
1441 __func__, rmap_name, bgp->as,
1442 afi2str(afi));
1443
1444 vpn_leak_prechange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1445 bgp_get_default(), bgp);
1446 if (debug)
1447 zlog_debug("%s: after vpn_leak_prechange",
1448 __func__);
1449
1450 /* in case of definition/deletion */
1451 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_TOVPN] =
1452 rmap;
1453
1454 vpn_leak_postchange(BGP_VPN_POLICY_DIR_TOVPN, afi,
1455 bgp_get_default(), bgp);
1456
1457 if (debug)
1458 zlog_debug("%s: after vpn_leak_postchange",
1459 __func__);
1460 }
1461
1462 if (bgp->vpn_policy[afi].rmap_name[BGP_VPN_POLICY_DIR_FROMVPN]
1463 && !strcmp(rmap_name,
1464 bgp->vpn_policy[afi]
1465 .rmap_name[BGP_VPN_POLICY_DIR_FROMVPN])) {
1466
1467 if (debug) {
1468 zlog_debug("%s: rmap \"%s\" matches vrf-policy fromvpn for as %d afi %s",
1469 __func__, rmap_name, bgp->as,
1470 afi2str(afi));
1471 }
1472
1473 vpn_leak_prechange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1474 bgp_get_default(), bgp);
1475
1476 /* in case of definition/deletion */
1477 bgp->vpn_policy[afi].rmap[BGP_VPN_POLICY_DIR_FROMVPN] =
1478 rmap;
1479
1480 vpn_leak_postchange(BGP_VPN_POLICY_DIR_FROMVPN, afi,
1481 bgp_get_default(), bgp);
1482 }
1483 }
1484 }
1485
1486 void vpn_policy_routemap_event(const char *rmap_name)
1487 {
1488 int debug = BGP_DEBUG(vpn, VPN_LEAK_RMAP_EVENT);
1489 struct listnode *mnode, *mnnode;
1490 struct bgp *bgp;
1491
1492 if (debug)
1493 zlog_debug("%s: entry", __func__);
1494
1495 if (bm->bgp == NULL) /* may be called during cleanup */
1496 return;
1497
1498 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp))
1499 vpn_policy_routemap_update(bgp, rmap_name);
1500 }
1501
1502 void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
1503 afi_t afi, safi_t safi)
1504 {
1505 const char *export_name;
1506 vpn_policy_direction_t idir, edir;
1507 char *vname;
1508 char buf[1000];
1509 struct ecommunity *ecom;
1510 bool first_export = false;
1511
1512 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
1513 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1514 edir = BGP_VPN_POLICY_DIR_TOVPN;
1515
1516 /*
1517 * Cross-ref both VRFs. Also, note if this is the first time
1518 * any VRF is importing from "import_vrf".
1519 */
1520 vname = (from_bgp->name ? XSTRDUP(MTYPE_TMP, from_bgp->name)
1521 : XSTRDUP(MTYPE_TMP, VRF_DEFAULT_NAME));
1522
1523 listnode_add(to_bgp->vpn_policy[afi].import_vrf, vname);
1524
1525 if (!listcount(from_bgp->vpn_policy[afi].export_vrf))
1526 first_export = true;
1527 vname = XSTRDUP(MTYPE_TMP, export_name);
1528 listnode_add(from_bgp->vpn_policy[afi].export_vrf, vname);
1529
1530 /* Update import RT for current VRF using export RT of the VRF we're
1531 * importing from. First though, make sure "import_vrf" has that
1532 * set.
1533 */
1534 if (first_export) {
1535 form_auto_rd(from_bgp->router_id, from_bgp->vrf_rd_id,
1536 &from_bgp->vrf_prd_auto);
1537 from_bgp->vpn_policy[afi].tovpn_rd = from_bgp->vrf_prd_auto;
1538 SET_FLAG(from_bgp->vpn_policy[afi].flags,
1539 BGP_VPN_POLICY_TOVPN_RD_SET);
1540 prefix_rd2str(&from_bgp->vpn_policy[afi].tovpn_rd,
1541 buf, sizeof(buf));
1542 from_bgp->vpn_policy[afi].rtlist[edir] =
1543 ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
1544 SET_FLAG(from_bgp->af_flags[afi][safi],
1545 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1546 from_bgp->vpn_policy[afi].tovpn_label =
1547 BGP_PREVENT_VRF_2_VRF_LEAK;
1548 }
1549 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1550 if (to_bgp->vpn_policy[afi].rtlist[idir])
1551 to_bgp->vpn_policy[afi].rtlist[idir] =
1552 ecommunity_merge(to_bgp->vpn_policy[afi]
1553 .rtlist[idir], ecom);
1554 else
1555 to_bgp->vpn_policy[afi].rtlist[idir] = ecommunity_dup(ecom);
1556 SET_FLAG(to_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_IMPORT);
1557
1558 /* Does "import_vrf" first need to export its routes or that
1559 * is already done and we just need to import those routes
1560 * from the global table?
1561 */
1562 if (first_export)
1563 vpn_leak_postchange(edir, afi, bgp_get_default(), from_bgp);
1564 else
1565 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
1566 }
1567
1568 void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
1569 afi_t afi, safi_t safi)
1570 {
1571 const char *export_name, *tmp_name;
1572 vpn_policy_direction_t idir, edir;
1573 char *vname;
1574 struct ecommunity *ecom;
1575 struct listnode *node;
1576
1577 export_name = to_bgp->name ? to_bgp->name : VRF_DEFAULT_NAME;
1578 tmp_name = from_bgp->name ? from_bgp->name : VRF_DEFAULT_NAME;
1579 idir = BGP_VPN_POLICY_DIR_FROMVPN;
1580 edir = BGP_VPN_POLICY_DIR_TOVPN;
1581
1582 /* Were we importing from "import_vrf"? */
1583 for (ALL_LIST_ELEMENTS_RO(to_bgp->vpn_policy[afi].import_vrf, node,
1584 vname)) {
1585 if (strcmp(vname, tmp_name) == 0)
1586 break;
1587 }
1588
1589 /*
1590 * We do not check in the cli if the passed in bgp
1591 * instance is actually imported into us before
1592 * we call this function. As such if we do not
1593 * find this in the import_vrf list than
1594 * we just need to return safely.
1595 */
1596 if (!vname)
1597 return;
1598
1599 /* Remove "import_vrf" from our import list. */
1600 listnode_delete(to_bgp->vpn_policy[afi].import_vrf, vname);
1601 XFREE(MTYPE_TMP, vname);
1602
1603 /* Remove routes imported from "import_vrf". */
1604 /* TODO: In the current logic, we have to first remove all
1605 * imported routes and then (if needed) import back routes
1606 */
1607 vpn_leak_prechange(idir, afi, bgp_get_default(), to_bgp);
1608
1609 if (to_bgp->vpn_policy[afi].import_vrf->count == 0) {
1610 UNSET_FLAG(to_bgp->af_flags[afi][safi],
1611 BGP_CONFIG_VRF_TO_VRF_IMPORT);
1612 ecommunity_free(&to_bgp->vpn_policy[afi].rtlist[idir]);
1613 } else {
1614 ecom = from_bgp->vpn_policy[afi].rtlist[edir];
1615 ecommunity_del_val(to_bgp->vpn_policy[afi].rtlist[idir],
1616 (struct ecommunity_val *)ecom->val);
1617 vpn_leak_postchange(idir, afi, bgp_get_default(), to_bgp);
1618 }
1619
1620 /*
1621 * What?
1622 * So SA is assuming that since the ALL_LIST_ELEMENTS_RO
1623 * below is checking for NULL that export_vrf can be
1624 * NULL, consequently it is complaining( like a cabbage )
1625 * that we could dereference and crash in the listcount(..)
1626 * check below.
1627 * So make it happy, under protest, with liberty and justice
1628 * for all.
1629 */
1630 assert(from_bgp->vpn_policy[afi].export_vrf);
1631
1632 /* Remove us from "import_vrf's" export list. If no other VRF
1633 * is importing from "import_vrf", cleanup appropriately.
1634 */
1635 for (ALL_LIST_ELEMENTS_RO(from_bgp->vpn_policy[afi].export_vrf,
1636 node, vname)) {
1637 if (strcmp(vname, export_name) == 0)
1638 break;
1639 }
1640
1641 /*
1642 * If we have gotten to this point then the vname must
1643 * exist. If not, we are in a world of trouble and
1644 * have slag sitting around.
1645 *
1646 * import_vrf and export_vrf must match in having
1647 * the in/out names as appropriate.
1648 */
1649 assert(vname);
1650
1651 listnode_delete(from_bgp->vpn_policy[afi].export_vrf, vname);
1652 XFREE(MTYPE_TMP, vname);
1653
1654 if (!listcount(from_bgp->vpn_policy[afi].export_vrf)) {
1655 vpn_leak_prechange(edir, afi, bgp_get_default(), from_bgp);
1656 ecommunity_free(&from_bgp->vpn_policy[afi].rtlist[edir]);
1657 UNSET_FLAG(from_bgp->af_flags[afi][safi],
1658 BGP_CONFIG_VRF_TO_VRF_EXPORT);
1659 memset(&from_bgp->vpn_policy[afi].tovpn_rd, 0,
1660 sizeof(struct prefix_rd));
1661 UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
1662 BGP_VPN_POLICY_TOVPN_RD_SET);
1663 from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
1664
1665 }
1666 }
1667
1668 /* For testing purpose, static route of MPLS-VPN. */
1669 DEFUN (vpnv4_network,
1670 vpnv4_network_cmd,
1671 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1672 "Specify a network to announce via BGP\n"
1673 "IPv4 prefix\n"
1674 "Specify Route Distinguisher\n"
1675 "VPN Route Distinguisher\n"
1676 "VPN NLRI label (tag)\n"
1677 "VPN NLRI label (tag)\n"
1678 "Label value\n")
1679 {
1680 int idx_ipv4_prefixlen = 1;
1681 int idx_ext_community = 3;
1682 int idx_label = 5;
1683 return bgp_static_set_safi(
1684 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1685 argv[idx_ext_community]->arg, argv[idx_label]->arg, NULL, 0,
1686 NULL, NULL, NULL, NULL);
1687 }
1688
1689 DEFUN (vpnv4_network_route_map,
1690 vpnv4_network_route_map_cmd,
1691 "network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) route-map WORD",
1692 "Specify a network to announce via BGP\n"
1693 "IPv4 prefix\n"
1694 "Specify Route Distinguisher\n"
1695 "VPN Route Distinguisher\n"
1696 "VPN NLRI label (tag)\n"
1697 "VPN NLRI label (tag)\n"
1698 "Label value\n"
1699 "route map\n"
1700 "route map name\n")
1701 {
1702 int idx_ipv4_prefixlen = 1;
1703 int idx_ext_community = 3;
1704 int idx_label = 5;
1705 int idx_word_2 = 7;
1706 return bgp_static_set_safi(
1707 AFI_IP, SAFI_MPLS_VPN, vty, argv[idx_ipv4_prefixlen]->arg,
1708 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1709 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1710 }
1711
1712 /* For testing purpose, static route of MPLS-VPN. */
1713 DEFUN (no_vpnv4_network,
1714 no_vpnv4_network_cmd,
1715 "no network A.B.C.D/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1716 NO_STR
1717 "Specify a network to announce via BGP\n"
1718 "IPv4 prefix\n"
1719 "Specify Route Distinguisher\n"
1720 "VPN Route Distinguisher\n"
1721 "VPN NLRI label (tag)\n"
1722 "VPN NLRI label (tag)\n"
1723 "Label value\n")
1724 {
1725 int idx_ipv4_prefixlen = 2;
1726 int idx_ext_community = 4;
1727 int idx_label = 6;
1728 return bgp_static_unset_safi(AFI_IP, SAFI_MPLS_VPN, vty,
1729 argv[idx_ipv4_prefixlen]->arg,
1730 argv[idx_ext_community]->arg,
1731 argv[idx_label]->arg, 0, NULL, NULL, NULL);
1732 }
1733
1734 DEFUN (vpnv6_network,
1735 vpnv6_network_cmd,
1736 "network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575) [route-map WORD]",
1737 "Specify a network to announce via BGP\n"
1738 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1739 "Specify Route Distinguisher\n"
1740 "VPN Route Distinguisher\n"
1741 "VPN NLRI label (tag)\n"
1742 "VPN NLRI label (tag)\n"
1743 "Label value\n"
1744 "route map\n"
1745 "route map name\n")
1746 {
1747 int idx_ipv6_prefix = 1;
1748 int idx_ext_community = 3;
1749 int idx_label = 5;
1750 int idx_word_2 = 7;
1751 if (argc == 8)
1752 return bgp_static_set_safi(
1753 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1754 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1755 argv[idx_word_2]->arg, 0, NULL, NULL, NULL, NULL);
1756 else
1757 return bgp_static_set_safi(
1758 AFI_IP6, SAFI_MPLS_VPN, vty, argv[idx_ipv6_prefix]->arg,
1759 argv[idx_ext_community]->arg, argv[idx_label]->arg,
1760 NULL, 0, NULL, NULL, NULL, NULL);
1761 }
1762
1763 /* For testing purpose, static route of MPLS-VPN. */
1764 DEFUN (no_vpnv6_network,
1765 no_vpnv6_network_cmd,
1766 "no network X:X::X:X/M rd ASN:NN_OR_IP-ADDRESS:NN <tag|label> (0-1048575)",
1767 NO_STR
1768 "Specify a network to announce via BGP\n"
1769 "IPv6 prefix <network>/<length>, e.g., 3ffe::/16\n"
1770 "Specify Route Distinguisher\n"
1771 "VPN Route Distinguisher\n"
1772 "VPN NLRI label (tag)\n"
1773 "VPN NLRI label (tag)\n"
1774 "Label value\n")
1775 {
1776 int idx_ipv6_prefix = 2;
1777 int idx_ext_community = 4;
1778 int idx_label = 6;
1779 return bgp_static_unset_safi(AFI_IP6, SAFI_MPLS_VPN, vty,
1780 argv[idx_ipv6_prefix]->arg,
1781 argv[idx_ext_community]->arg,
1782 argv[idx_label]->arg, 0, NULL, NULL, NULL);
1783 }
1784
1785 int bgp_show_mpls_vpn(struct vty *vty, afi_t afi, struct prefix_rd *prd,
1786 enum bgp_show_type type, void *output_arg, int tags,
1787 bool use_json)
1788 {
1789 struct bgp *bgp;
1790 struct bgp_table *table;
1791
1792 bgp = bgp_get_default();
1793 if (bgp == NULL) {
1794 if (!use_json)
1795 vty_out(vty, "No BGP process is configured\n");
1796 else
1797 vty_out(vty, "{}\n");
1798 return CMD_WARNING;
1799 }
1800 table = bgp->rib[afi][SAFI_MPLS_VPN];
1801 return bgp_show_table_rd(vty, bgp, SAFI_MPLS_VPN, table, prd, type,
1802 output_arg, use_json);
1803 }
1804
1805 DEFUN (show_bgp_ip_vpn_all_rd,
1806 show_bgp_ip_vpn_all_rd_cmd,
1807 "show bgp "BGP_AFI_CMD_STR" vpn all [rd ASN:NN_OR_IP-ADDRESS:NN] [json]",
1808 SHOW_STR
1809 BGP_STR
1810 BGP_VPNVX_HELP_STR
1811 "Display VPN NLRI specific information\n"
1812 "Display VPN NLRI specific information\n"
1813 "Display information for a route distinguisher\n"
1814 "VPN Route Distinguisher\n"
1815 JSON_STR)
1816 {
1817 int ret;
1818 struct prefix_rd prd;
1819 afi_t afi;
1820 int idx = 0;
1821
1822 if (argv_find_and_parse_afi(argv, argc, &idx, &afi)) {
1823 if (argv_find(argv, argc, "rd", &idx)) {
1824 ret = str2prefix_rd(argv[idx + 1]->arg, &prd);
1825 if (!ret) {
1826 vty_out(vty,
1827 "%% Malformed Route Distinguisher\n");
1828 return CMD_WARNING;
1829 }
1830 return bgp_show_mpls_vpn(vty, afi, &prd,
1831 bgp_show_type_normal, NULL, 0,
1832 use_json(argc, argv));
1833 } else {
1834 return bgp_show_mpls_vpn(vty, afi, NULL,
1835 bgp_show_type_normal, NULL, 0,
1836 use_json(argc, argv));
1837 }
1838 }
1839 return CMD_SUCCESS;
1840 }
1841
1842 ALIAS(show_bgp_ip_vpn_all_rd,
1843 show_bgp_ip_vpn_rd_cmd,
1844 "show bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN [json]",
1845 SHOW_STR
1846 BGP_STR
1847 BGP_VPNVX_HELP_STR
1848 "Display VPN NLRI specific information\n"
1849 "Display information for a route distinguisher\n"
1850 "VPN Route Distinguisher\n"
1851 JSON_STR)
1852
1853 #ifdef KEEP_OLD_VPN_COMMANDS
1854 DEFUN (show_ip_bgp_vpn_rd,
1855 show_ip_bgp_vpn_rd_cmd,
1856 "show ip bgp "BGP_AFI_CMD_STR" vpn rd ASN:NN_OR_IP-ADDRESS:NN",
1857 SHOW_STR
1858 IP_STR
1859 BGP_STR
1860 BGP_AFI_HELP_STR
1861 "Address Family modifier\n"
1862 "Display information for a route distinguisher\n"
1863 "VPN Route Distinguisher\n")
1864 {
1865 int idx_ext_community = argc - 1;
1866 int ret;
1867 struct prefix_rd prd;
1868 afi_t afi;
1869 int idx = 0;
1870
1871 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
1872 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
1873 if (!ret) {
1874 vty_out(vty, "%% Malformed Route Distinguisher\n");
1875 return CMD_WARNING;
1876 }
1877 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
1878 NULL, 0, 0);
1879 }
1880 return CMD_SUCCESS;
1881 }
1882
1883 DEFUN (show_ip_bgp_vpn_all,
1884 show_ip_bgp_vpn_all_cmd,
1885 "show [ip] bgp <vpnv4|vpnv6>",
1886 SHOW_STR
1887 IP_STR
1888 BGP_STR
1889 BGP_VPNVX_HELP_STR)
1890 {
1891 afi_t afi;
1892 int idx = 0;
1893
1894 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
1895 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
1896 NULL, 0, 0);
1897 return CMD_SUCCESS;
1898 }
1899
1900 DEFUN (show_ip_bgp_vpn_all_tags,
1901 show_ip_bgp_vpn_all_tags_cmd,
1902 "show [ip] bgp <vpnv4|vpnv6> all tags",
1903 SHOW_STR
1904 IP_STR
1905 BGP_STR
1906 BGP_VPNVX_HELP_STR
1907 "Display information about all VPNv4/VPNV6 NLRIs\n"
1908 "Display BGP tags for prefixes\n")
1909 {
1910 afi_t afi;
1911 int idx = 0;
1912
1913 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi))
1914 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_normal,
1915 NULL, 1, 0);
1916 return CMD_SUCCESS;
1917 }
1918
1919 DEFUN (show_ip_bgp_vpn_rd_tags,
1920 show_ip_bgp_vpn_rd_tags_cmd,
1921 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN tags",
1922 SHOW_STR
1923 IP_STR
1924 BGP_STR
1925 BGP_VPNVX_HELP_STR
1926 "Display information for a route distinguisher\n"
1927 "VPN Route Distinguisher\n"
1928 "Display BGP tags for prefixes\n")
1929 {
1930 int idx_ext_community = 5;
1931 int ret;
1932 struct prefix_rd prd;
1933 afi_t afi;
1934 int idx = 0;
1935
1936 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
1937 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
1938 if (!ret) {
1939 vty_out(vty, "%% Malformed Route Distinguisher\n");
1940 return CMD_WARNING;
1941 }
1942 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_normal,
1943 NULL, 1, 0);
1944 }
1945 return CMD_SUCCESS;
1946 }
1947
1948 DEFUN (show_ip_bgp_vpn_all_neighbor_routes,
1949 show_ip_bgp_vpn_all_neighbor_routes_cmd,
1950 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D routes [json]",
1951 SHOW_STR
1952 IP_STR
1953 BGP_STR
1954 BGP_VPNVX_HELP_STR
1955 "Display information about all VPNv4/VPNv6 NLRIs\n"
1956 "Detailed information on TCP and BGP neighbor connections\n"
1957 "Neighbor to display information about\n"
1958 "Display routes learned from neighbor\n"
1959 JSON_STR)
1960 {
1961 int idx_ipv4 = 6;
1962 union sockunion su;
1963 struct peer *peer;
1964 int ret;
1965 bool uj = use_json(argc, argv);
1966 afi_t afi;
1967 int idx = 0;
1968
1969 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
1970 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
1971 if (ret < 0) {
1972 if (uj) {
1973 json_object *json_no = NULL;
1974 json_no = json_object_new_object();
1975 json_object_string_add(json_no, "warning",
1976 "Malformed address");
1977 vty_out(vty, "%s\n",
1978 json_object_to_json_string(json_no));
1979 json_object_free(json_no);
1980 } else
1981 vty_out(vty, "Malformed address: %s\n",
1982 argv[idx_ipv4]->arg);
1983 return CMD_WARNING;
1984 }
1985
1986 peer = peer_lookup(NULL, &su);
1987 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
1988 if (uj) {
1989 json_object *json_no = NULL;
1990 json_no = json_object_new_object();
1991 json_object_string_add(
1992 json_no, "warning",
1993 "No such neighbor or address family");
1994 vty_out(vty, "%s\n",
1995 json_object_to_json_string(json_no));
1996 json_object_free(json_no);
1997 } else
1998 vty_out(vty,
1999 "%% No such neighbor or address family\n");
2000 return CMD_WARNING;
2001 }
2002
2003 return bgp_show_mpls_vpn(vty, afi, NULL, bgp_show_type_neighbor,
2004 &su, 0, uj);
2005 }
2006 return CMD_SUCCESS;
2007 }
2008
2009 DEFUN (show_ip_bgp_vpn_rd_neighbor_routes,
2010 show_ip_bgp_vpn_rd_neighbor_routes_cmd,
2011 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D routes [json]",
2012 SHOW_STR
2013 IP_STR
2014 BGP_STR
2015 BGP_VPNVX_HELP_STR
2016 "Display information for a route distinguisher\n"
2017 "VPN Route Distinguisher\n"
2018 "Detailed information on TCP and BGP neighbor connections\n"
2019 "Neighbor to display information about\n"
2020 "Display routes learned from neighbor\n"
2021 JSON_STR)
2022 {
2023 int idx_ext_community = 5;
2024 int idx_ipv4 = 7;
2025 int ret;
2026 union sockunion su;
2027 struct peer *peer;
2028 struct prefix_rd prd;
2029 bool uj = use_json(argc, argv);
2030 afi_t afi;
2031 int idx = 0;
2032
2033 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2034 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2035 if (!ret) {
2036 if (uj) {
2037 json_object *json_no = NULL;
2038 json_no = json_object_new_object();
2039 json_object_string_add(
2040 json_no, "warning",
2041 "Malformed Route Distinguisher");
2042 vty_out(vty, "%s\n",
2043 json_object_to_json_string(json_no));
2044 json_object_free(json_no);
2045 } else
2046 vty_out(vty,
2047 "%% Malformed Route Distinguisher\n");
2048 return CMD_WARNING;
2049 }
2050
2051 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2052 if (ret < 0) {
2053 if (uj) {
2054 json_object *json_no = NULL;
2055 json_no = json_object_new_object();
2056 json_object_string_add(json_no, "warning",
2057 "Malformed address");
2058 vty_out(vty, "%s\n",
2059 json_object_to_json_string(json_no));
2060 json_object_free(json_no);
2061 } else
2062 vty_out(vty, "Malformed address: %s\n",
2063 argv[idx_ext_community]->arg);
2064 return CMD_WARNING;
2065 }
2066
2067 peer = peer_lookup(NULL, &su);
2068 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2069 if (uj) {
2070 json_object *json_no = NULL;
2071 json_no = json_object_new_object();
2072 json_object_string_add(
2073 json_no, "warning",
2074 "No such neighbor or address family");
2075 vty_out(vty, "%s\n",
2076 json_object_to_json_string(json_no));
2077 json_object_free(json_no);
2078 } else
2079 vty_out(vty,
2080 "%% No such neighbor or address family\n");
2081 return CMD_WARNING;
2082 }
2083
2084 return bgp_show_mpls_vpn(vty, afi, &prd, bgp_show_type_neighbor,
2085 &su, 0, uj);
2086 }
2087 return CMD_SUCCESS;
2088 }
2089
2090 DEFUN (show_ip_bgp_vpn_all_neighbor_advertised_routes,
2091 show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd,
2092 "show [ip] bgp <vpnv4|vpnv6> all neighbors A.B.C.D advertised-routes [json]",
2093 SHOW_STR
2094 IP_STR
2095 BGP_STR
2096 BGP_VPNVX_HELP_STR
2097 "Display information about all VPNv4/VPNv6 NLRIs\n"
2098 "Detailed information on TCP and BGP neighbor connections\n"
2099 "Neighbor to display information about\n"
2100 "Display the routes advertised to a BGP neighbor\n"
2101 JSON_STR)
2102 {
2103 int idx_ipv4 = 6;
2104 int ret;
2105 struct peer *peer;
2106 union sockunion su;
2107 bool uj = use_json(argc, argv);
2108 afi_t afi;
2109 int idx = 0;
2110
2111 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2112 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2113 if (ret < 0) {
2114 if (uj) {
2115 json_object *json_no = NULL;
2116 json_no = json_object_new_object();
2117 json_object_string_add(json_no, "warning",
2118 "Malformed address");
2119 vty_out(vty, "%s\n",
2120 json_object_to_json_string(json_no));
2121 json_object_free(json_no);
2122 } else
2123 vty_out(vty, "Malformed address: %s\n",
2124 argv[idx_ipv4]->arg);
2125 return CMD_WARNING;
2126 }
2127 peer = peer_lookup(NULL, &su);
2128 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2129 if (uj) {
2130 json_object *json_no = NULL;
2131 json_no = json_object_new_object();
2132 json_object_string_add(
2133 json_no, "warning",
2134 "No such neighbor or address family");
2135 vty_out(vty, "%s\n",
2136 json_object_to_json_string(json_no));
2137 json_object_free(json_no);
2138 } else
2139 vty_out(vty,
2140 "%% No such neighbor or address family\n");
2141 return CMD_WARNING;
2142 }
2143 return show_adj_route_vpn(vty, peer, NULL, AFI_IP,
2144 SAFI_MPLS_VPN, uj);
2145 }
2146 return CMD_SUCCESS;
2147 }
2148
2149 DEFUN (show_ip_bgp_vpn_rd_neighbor_advertised_routes,
2150 show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd,
2151 "show [ip] bgp <vpnv4|vpnv6> rd ASN:NN_OR_IP-ADDRESS:NN neighbors A.B.C.D advertised-routes [json]",
2152 SHOW_STR
2153 IP_STR
2154 BGP_STR
2155 BGP_VPNVX_HELP_STR
2156 "Display information for a route distinguisher\n"
2157 "VPN Route Distinguisher\n"
2158 "Detailed information on TCP and BGP neighbor connections\n"
2159 "Neighbor to display information about\n"
2160 "Display the routes advertised to a BGP neighbor\n"
2161 JSON_STR)
2162 {
2163 int idx_ext_community = 5;
2164 int idx_ipv4 = 7;
2165 int ret;
2166 struct peer *peer;
2167 struct prefix_rd prd;
2168 union sockunion su;
2169 bool uj = use_json(argc, argv);
2170 afi_t afi;
2171 int idx = 0;
2172
2173 if (argv_find_and_parse_vpnvx(argv, argc, &idx, &afi)) {
2174 ret = str2sockunion(argv[idx_ipv4]->arg, &su);
2175 if (ret < 0) {
2176 if (uj) {
2177 json_object *json_no = NULL;
2178 json_no = json_object_new_object();
2179 json_object_string_add(json_no, "warning",
2180 "Malformed address");
2181 vty_out(vty, "%s\n",
2182 json_object_to_json_string(json_no));
2183 json_object_free(json_no);
2184 } else
2185 vty_out(vty, "Malformed address: %s\n",
2186 argv[idx_ext_community]->arg);
2187 return CMD_WARNING;
2188 }
2189 peer = peer_lookup(NULL, &su);
2190 if (!peer || !peer->afc[afi][SAFI_MPLS_VPN]) {
2191 if (uj) {
2192 json_object *json_no = NULL;
2193 json_no = json_object_new_object();
2194 json_object_string_add(
2195 json_no, "warning",
2196 "No such neighbor or address family");
2197 vty_out(vty, "%s\n",
2198 json_object_to_json_string(json_no));
2199 json_object_free(json_no);
2200 } else
2201 vty_out(vty,
2202 "%% No such neighbor or address family\n");
2203 return CMD_WARNING;
2204 }
2205
2206 ret = str2prefix_rd(argv[idx_ext_community]->arg, &prd);
2207 if (!ret) {
2208 if (uj) {
2209 json_object *json_no = NULL;
2210 json_no = json_object_new_object();
2211 json_object_string_add(
2212 json_no, "warning",
2213 "Malformed Route Distinguisher");
2214 vty_out(vty, "%s\n",
2215 json_object_to_json_string(json_no));
2216 json_object_free(json_no);
2217 } else
2218 vty_out(vty,
2219 "%% Malformed Route Distinguisher\n");
2220 return CMD_WARNING;
2221 }
2222
2223 return show_adj_route_vpn(vty, peer, &prd, AFI_IP,
2224 SAFI_MPLS_VPN, uj);
2225 }
2226 return CMD_SUCCESS;
2227 }
2228 #endif /* KEEP_OLD_VPN_COMMANDS */
2229
2230 void bgp_mplsvpn_init(void)
2231 {
2232 install_element(BGP_VPNV4_NODE, &vpnv4_network_cmd);
2233 install_element(BGP_VPNV4_NODE, &vpnv4_network_route_map_cmd);
2234 install_element(BGP_VPNV4_NODE, &no_vpnv4_network_cmd);
2235
2236 install_element(BGP_VPNV6_NODE, &vpnv6_network_cmd);
2237 install_element(BGP_VPNV6_NODE, &no_vpnv6_network_cmd);
2238
2239 install_element(VIEW_NODE, &show_bgp_ip_vpn_all_rd_cmd);
2240 install_element(VIEW_NODE, &show_bgp_ip_vpn_rd_cmd);
2241 #ifdef KEEP_OLD_VPN_COMMANDS
2242 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_cmd);
2243 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_cmd);
2244 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_tags_cmd);
2245 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_tags_cmd);
2246 install_element(VIEW_NODE, &show_ip_bgp_vpn_all_neighbor_routes_cmd);
2247 install_element(VIEW_NODE, &show_ip_bgp_vpn_rd_neighbor_routes_cmd);
2248 install_element(VIEW_NODE,
2249 &show_ip_bgp_vpn_all_neighbor_advertised_routes_cmd);
2250 install_element(VIEW_NODE,
2251 &show_ip_bgp_vpn_rd_neighbor_advertised_routes_cmd);
2252 #endif /* KEEP_OLD_VPN_COMMANDS */
2253 }
2254
2255 vrf_id_t get_first_vrf_for_redirect_with_rt(struct ecommunity *eckey)
2256 {
2257 struct listnode *mnode, *mnnode;
2258 struct bgp *bgp;
2259
2260 for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) {
2261 struct ecommunity *ec;
2262
2263 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2264 continue;
2265
2266 ec = bgp->vpn_policy[AFI_IP].import_redirect_rtlist;
2267
2268 if (ecom_intersect(ec, eckey))
2269 return bgp->vrf_id;
2270 }
2271 return VRF_UNKNOWN;
2272 }
2273
2274 /*
2275 * The purpose of this function is to process leaks that were deferred
2276 * from earlier per-vrf configuration due to not-yet-existing default
2277 * vrf, in other words, configuration such as:
2278 *
2279 * router bgp MMM vrf FOO
2280 * address-family ipv4 unicast
2281 * rd vpn export 1:1
2282 * exit-address-family
2283 *
2284 * router bgp NNN
2285 * ...
2286 *
2287 * This function gets called when the default instance ("router bgp NNN")
2288 * is created.
2289 */
2290 void vpn_leak_postchange_all(void)
2291 {
2292 struct listnode *next;
2293 struct bgp *bgp;
2294 struct bgp *bgp_default = bgp_get_default();
2295
2296 assert(bgp_default);
2297
2298 /* First, do any exporting from VRFs to the single VPN RIB */
2299 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2300
2301 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2302 continue;
2303
2304 vpn_leak_postchange(
2305 BGP_VPN_POLICY_DIR_TOVPN,
2306 AFI_IP,
2307 bgp_default,
2308 bgp);
2309
2310 vpn_leak_postchange(
2311 BGP_VPN_POLICY_DIR_TOVPN,
2312 AFI_IP6,
2313 bgp_default,
2314 bgp);
2315 }
2316
2317 /* Now, do any importing to VRFs from the single VPN RIB */
2318 for (ALL_LIST_ELEMENTS_RO(bm->bgp, next, bgp)) {
2319
2320 if (bgp->inst_type != BGP_INSTANCE_TYPE_VRF)
2321 continue;
2322
2323 vpn_leak_postchange(
2324 BGP_VPN_POLICY_DIR_FROMVPN,
2325 AFI_IP,
2326 bgp_default,
2327 bgp);
2328
2329 vpn_leak_postchange(
2330 BGP_VPN_POLICY_DIR_FROMVPN,
2331 AFI_IP6,
2332 bgp_default,
2333 bgp);
2334 }
2335 }
FRRouting mirror