Donald Sharp [Fri, 5 Oct 2018 15:31:29 +0000 (11:31 -0400)]
bgpd: Allow registration of nexthops after zebra connection
If we attempt to register nexthops before we have the zebra
connection, they will not be installed. After we have noticed
that we are up, re-install them.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
zebra: set remoteseq to 0 when remote mac is deleted by bgpd
When the remote mac is deleted by bgpd we can end up with an auto mac
entry in zebra if there are neighs referring to the mac. The remote sequence
number in the auto mac entry needs to be reset to 0 as the mac entry may
have been removed on all VTEPs (including the originating one).
Now if the MAC comes back on a remote VTEP it may be added with MM=0 which
will NOT be accepted if the remote seq was not reset in the previous step.
zebra: make neigh active when it is modified from local to remote
This is a fixup to commit - f32ea5c07 - zebra: act on kernel notifications for remote neighbors
The original commit handled a race condition between kernel and zebra
that would result in an inconsistent state i.e.
kernel has an offload/remote neigh
zebra has a local neigh
The original commit missed setting the neigh to active when zebra
tried to resolve the inconsistency by modifying the local neigh to
remote neigh on hearing back its own kernel update. Fixed here.
bgpd: use IP address as tie breaker if the MM seq number is the same
Same sequence number handling is specified by RFC 7432 -
[
If two (or more) PEs advertise the same MAC address with the same
sequence number but different Ethernet segment identifiers, a PE that
receives these routes selects the route advertised by the PE with the
lowest IP address as the best route.
If the PE is the originator of the MAC route and it receives the same
MAC address with the same sequence number that it generated, it will
compare its own IP address with the IP address of the remote PE and
will select the lowest IP. If its own route is not the best one, it
will withdraw the route.
]
To implement that specification this commit uses nexthop IP as a tie
breaker between two paths of equal seq number with lower IP winning.
Now if a local path already exists with the same sequence number but higher
(local-VTEP) IP it is evicted (deleted and withdrawn from the peers) and
the winning new remote path is installed in zebra. This is existing code
and handled implicitly via evpn_route_select_install.
If a local path is rxed from zebra with the same sequence as the
current remote winner it is rejected (not installed in the bgp
routing tables) and zebra is asked to re-install the older/remote winner.
This is a race condition that can only happen if bgp's add and zebra's add
cross paths. Additional handling has been added in this commit via
evpn_cleanup_local_non_best_route to take care of the race condition.
zebra: send a local-mac del to bgpd on mac mod to remote
When events cross paths between bgp and zebra bgpd could end up with a
dangling local MAC entry. Consider the following sequence of events on
rack-1 -
1. MAC1 has MM sequence number 1 and points to rack-3
2. Now a packet is rxed locally on rack-1 and rack-2 (simultaneously) with
source-mac=MAC1.
3. This would cause rack-1 and rack-2 to set the MM seq to 2 and
simultaneously report the MAC as local.
4. Now let's say on rack-1 zebra's MACIP_ADD is in bgpd's queue. bgpd
accepts rack-3's update and sends a remote MACIP add to zebra with MM=2.
5. zebra updates the MAC entry from local=>remote.
6. bgpd now processes zebra's "stale local" making it the best path.
However zebra no longer has a local MAC entry.
At this point bgpd and zebra are effectively out of sync i.e. bgpd has a
local-MAC which is not present in the kernel or in zebra.
To handle this window zebra should send a local MAC delete to bgpd on
modifying its cache to remote.
Don Slice [Fri, 20 Jul 2018 15:02:15 +0000 (15:02 +0000)]
bgpd: make name of default vrf/bgp instance consistent
Problems were reported with the name of the default vrf and the
default bgp instance being different, creating confusion. This
fix changes both to "default" for consistency.
Ticket: CM-21791 Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Reviewed-by: CCR-7658
Testing: manual testing and automated tests before pushing
Mark Stapp [Tue, 30 Oct 2018 18:05:47 +0000 (14:05 -0400)]
zebra: temporary workaround for a clang issue with atomics
Current clang has an issue with the pointer/target argument
to at least one atomic/intrinsic. A variable with '_Atomic'
generates a compile-time error. Use a cast as a workaround
here to allow use of clang for now.
Mark Stapp [Tue, 30 Oct 2018 13:41:55 +0000 (09:41 -0400)]
zebra: only uninstall once, when closing rib table
When the rib code is informed that a table is closing/
going away, only try once to uninstall associated routes from
the fib/dataplane. The close path can be called multiple times
in some cases - zebra shutdown, e.g.
David Lamparter [Sat, 27 Oct 2018 17:06:22 +0000 (19:06 +0200)]
build: crop excessive net-snmp library list
This fixes the longstanding GPL vs. OpenSSL licensing issue in our SNMP
code (and cuts down on its other dependencies a wee bit.)
In a way, net-snmp is really buggy here in what it says that we should
link against, but I don't know their application scenarios well enough
to say it should be changed at their end.
Signed-off-by: David Lamparter <equinox@diac24.net>
Quentin Young [Tue, 9 Oct 2018 20:12:21 +0000 (20:12 +0000)]
zebra: force neighbor entry reinstallation
Even if the neighbor entry we want already exists, force its
reinstallation to ensure that it's valid. This will now take place when
we request an update of the neighbor entry.
Ticket: CM-22604 Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Renato Westphal [Sat, 20 Oct 2018 14:37:39 +0000 (11:37 -0300)]
tools: update checkpatch to allow indented labels
clang-format always indent labels by default and that can't be changed
with any configuration option. Also, indented labels tend to improve
code readability, especially in long functions.
Renato Westphal [Wed, 9 May 2018 04:35:04 +0000 (01:35 -0300)]
ripd: implement the 'clear-rip-route' YANG RPC
This command deletes all received routes from the RIP routing table.
It should be used with caution as it can create black holes in the
network until RIP reconverges. Very useful to make automated testing
(e.g. ANVL) more predictable, since the internal state of ripd can be
cleared after each test.
Implement the command using a YANG RPC so that it can be executed by
other northbound clients in addition to the CLI.
Renato Westphal [Wed, 9 May 2018 04:35:03 +0000 (01:35 -0300)]
ripd: implement northbound callbacks to fetch route information
Support for fetching operational data is experimental at this point.
Locks must be introduced to ensure the rip->table routing table won't
be modified while we're iterating asynchronously over it (or iterating
from a separate pthread).
Renato Westphal [Wed, 9 May 2018 04:35:03 +0000 (01:35 -0300)]
ripd: implement northbound callbacks to fetch neighbor information
Support for fetching operational data is experimental at this point.
Locks must be introduced to ensure the peer_list global variable won't
be modified while we're iterating asynchronously over it (or iterating
from a separate pthread).
Renato Westphal [Mon, 28 May 2018 13:18:37 +0000 (10:18 -0300)]
ripd: remove vty configuration lock
The vty configuration lock is used to prevent inconsistencies when
multiple users are editing the configuration at the same time. The
pointer stored in vty->index might become invalid if the associated
configuration object is removed by another user in another CLI session.
Commands converted to the new northbound model don't use vty->index,
but vty->xpath_index and the vty->xpath array. The nb_cli_cfg_change()
function uses the VTY_CHECK_XPATH macro to check if the configuration
object being edited still exists and returns an error if it doesn't.
Now that all ripd commands were converted to the new northbound model,
remove the ripd vty lock because it's not necessary anymore.
We can now leverage the new northbound API to perform a full configuration
reload in ripd without the need for external help (i.e. frr-reload.py).
When vty_read_config() is called with the 'config' parameter set to
NULL, it performs a new configuration transaction where the running
configuration is *replaced* by the provided configuration file. With that
said, we don't need to do anything other than calling this function in
the SIGHUP handler of all FRR daemons. If a daemon hasn't been converted
to the new northbound model, vty_read_config() will simply *merge*
the configuration file into the running configuration.
The calls to rip_clean() and rip_reset() in the SIGUP handler were
changing configuration variables directly, bypassing the northbound
layer. Configuration variables should be changed only by the northbound
callbacks, and failure to respect that inevitably leads to inconsistencies
and crashes. Fix this.
Renato Westphal [Wed, 9 May 2018 04:35:02 +0000 (01:35 -0300)]
ripd: no need to use qobj anymore to keep track of "router rip"
Now that "router rip" and all underlying commands were converted to the
new northbound model, there's no need to use the qobj infrastructure to
keep track of the 'rip' global variable anymore.
Renato Westphal [Wed, 9 May 2018 04:35:01 +0000 (01:35 -0300)]
ripd: retrofit the 'timer basic' command to the new northbound model
Trivial conversion. Use the northbound 'apply_finish()' callback so
we'll call rip_event() only once even if we change the three RIP timers
at the same time.
Convert the timers to uint32_t to match their representation in the
YANG model.
Renato Westphal [Wed, 9 May 2018 04:35:01 +0000 (01:35 -0300)]
ripd: retrofit the 'redistribute' commands to the new northbound model
Trivial conversion. As usual, combine multiple DEFUNs into a single
DEFPY for simplicity.
As a bonus of the northbound conversion, this commit fixes the
redistribution of certain protocols into ripd. The 'redist_type' array
used by the "redistribute" commands was terribly outdated, which was
preventing the CLI to parse correctly certain protocols like isis
and babel.
Remove the route_map hooks installed by rip_route_map_init() since they
were redundant (rip_init() already takes care of that).
Renato Westphal [Wed, 9 May 2018 04:35:00 +0000 (01:35 -0300)]
ripd: retrofit the 'passive-interface' command to the new northbound model
In ripd, the "passive-interface default" command has the following
behavior:
* All interfaces are converted to the passive mode;
* The "passive-interface IFNAME" command becomes a no-operation and
"passive-interface IFNAME" statements are removed from the running
configuration.
* The "no passive-interface IFNAME" can be used to remove interfaces
from the passive mode.
This command was modeled using the following YANG data nodes in the
frr-ripd module:
leaf passive-default {
type boolean;
default "false";
description
"Control whether interfaces are in the passive mode
by default or not.";
}
leaf-list passive-interface {
when "../passive-default = 'false'";
type string {
length "1..16";
}
description
"A list of interfaces where the sending of RIP packets
is disabled.";
}
leaf-list non-passive-interface {
when "../passive-default = 'true'";
type string {
length "1..16";
}
description
"A list of interfaces where the sending of RIP packets
is enabled.";
}
The 'when' statements guarantee that the list of passive interfaces
is cleared when the "passive-interface default" command is entered
(likewise, they guarantee that the list of non-passive interfaces is
cleared when the "passive-interface default" command is removed). This
matches exactly the behavior we want to model.
Finally, move the 'passive_default' global variable into the
'rip' structure where it belongs. This fixed the bug where the
"passive-interface default" command was being retained after a "no router
rip" + "router rip".
Renato Westphal [Wed, 9 May 2018 04:35:00 +0000 (01:35 -0300)]
ripd: retrofit the 'offset-list' command to the new northbound model
Remove the rip_offset_list_set() and rip_offset_list_unset() functions
since they set/unset multiple configuration options at the same time. The
northbound callbacks need to set/unset configuration options individually.
The frr-ripd YANG module models the "offset-list" command using a list
keyed by the 'interface' and 'direction' leafs. One important detail is
that the IFNAME parameter is optional, and when it's not present it means
we want to match all interfaces. This is modeled using an interface name
of '*' since key lists are mandatory by definition in YANG.
Renato Westphal [Wed, 9 May 2018 04:35:00 +0000 (01:35 -0300)]
ripd: retrofit the 'network' command to the new northbound model
The frr-ripd YANG module models the ripd "network" command using two
separate leaf-lists for simplicity: one leaf-list for interfaces and
another leaf-list for actual networks. In the 'cli_show' callbacks,
display the "network" command for entries of both leaf-lists.
Renato Westphal [Wed, 9 May 2018 04:34:59 +0000 (01:34 -0300)]
ripd: retrofit the 'neighbor' command to the new northbound model
Make rip_neighbor_add() and rip_neighbor_delete() return northbound
error codes since their return values are used as the return value of
some northbound callbacks.
These functions shouldn't fail in normal conditions because the northbound
layer guarantees it will never call the 'create' or 'delete' callback
more than once for the same object. Hence any failure in those functions
would indicate an internal inconsistency that needs to be investigated
(by returning NB_ERR the northbound will log a detailed error message
indicating the xpath of the object, the event and the callback where
the error happened).
Renato Westphal [Wed, 9 May 2018 04:34:59 +0000 (01:34 -0300)]
ripd: retrofit the 'distance source' commands to the new northbound model
The "distance (1-255) A.B.C.D/M [WORD]" command was modeled using a
YANG list, which makes it a little bit more complicated to convert to
the new northbound model.
The rip_distance_set() and rip_distance_unset() functions were removed
since they set/unset multiple configuration options at the same time. The
northbound callbacks need to set/unset configuration options individually.
When a distance list is created, use yang_dnode_set_entry() to store
a pointer in the configuration node, and retrieve this pointer in the
other callbacks using yang_dnode_get_entry().
The 'rip_distance' structure was moved to ripd.h so that it can be used
in the rip_northbound.c file.
Renato Westphal [Wed, 9 May 2018 04:34:58 +0000 (01:34 -0300)]
ripd: retrofit the 'router rip' command to the new northbound model
* Implement the northbound callbacks associated to the
'/frr-ripd:ripd/instance' YANG path (the code is mostly a copy and paste
from the original "router rip" DEFUNs);
* Move rip_create_socket() out of rip_create() since creating a socket
is an error-prone operation and thus needs to be performed separately
during the NB_EV_PREPARE phase;
* On rip_create(), fetch the defaults from the frr-ripd YANG model;
* Convert the "[no] router rip" CLI commands to be dumb wrappers around
the northbound callbacks;
* On config_write_rip(), write logic to call all 'cli_show' northbound
callbacks defined under the '/frr-ripd:ripd/instance' YANG path.
Renato Westphal [Wed, 9 May 2018 04:34:57 +0000 (01:34 -0300)]
yang, ripd: add 'frr-ripd.yang' and associated stub callbacks
Introduce frr-ripd.yang, which defines a model for managing the FRR
ripd daemon. Also add frr-route-types.yang which defines typedefs for
FRR route types.
Update the 'frr_yang_module_info' array of ripd with the new 'frr-ripd'
module.
Add two new files (rip_cli.[ch]) which should contain all ripd commands
converted to the new northbound model. Centralizing all commands in a
single place will facilitate the process of moving the CLI to a separate
program in the future.
Add automatically generated stub callbacks in rip_northbound.c. These
callbacks will be implemented gradually in the following commits.
Add example JSON/XML ripd configurations in yang/examples/.
Add the confd.frr-ripd.yang YANG module with annotations specific to
the ConfD daemon.
Renato Westphal [Wed, 9 May 2018 04:34:57 +0000 (01:34 -0300)]
lib: retrofit interface commands to the new northbound model
The frr-interface YANG module models interfaces using a YANG list keyed
by the interface name and the interface VRF. Interfaces can't be keyed
only by their name since interface names might not be globally unique
when the netns VRF backend is in use. When using the VRF-Lite backend,
however, interface names *must* be globally unique. In this case, we need
to validate the uniqueness of interface names inside the appropriate
northbound callback since this constraint can't be expressed in the
YANG language. We must also ensure that only inactive interfaces can be
removed, among other things we need to validate in the northbound layer.
Renato Westphal [Wed, 23 May 2018 23:12:29 +0000 (20:12 -0300)]
lib: add a new northbound plugin for Sysrepo
This plugin leverages the northbound API to integrate FRR with Sysrepo,
a YANG-based configuration and operational state data store.
The plugin is linked to the libsysrepo library and communicates with
the sysrepod daemon using GPB (Google Protocol Buffers) over AF_UNIX
sockets. The integration consists mostly of glue code that calls the
appropriate FRR northbound callbacks in response to events triggered
by the sysrepod daemon (e.g. request to change the configuration or to
fetch operational data).
To build the sysrepo plugin, provide the --enable-sysrepo option to the
configure script while building FRR (the libsysrepo library needs to be
installed in the system).
When installed, the sysrepo plugin will be available for all FRR daemons
and can be loaded using the -M (or --module) command line option.
Renato Westphal [Wed, 23 May 2018 23:11:59 +0000 (20:11 -0300)]
lib: add a new northbound plugin for ConfD
This plugin leverages the northbound API to integrate FRR with the ConfD
management agent.
The plugin is linked to the libconfd library and communicates with the
confd daemon using local TCP sockets. The integration consists mostly
of glue code that calls the appropriate FRR northbound callbacks in
response to events triggered by the confd daemon (e.g. request to change
the configuration or to fetch operational data).
By integrating FRR with the libconfd library, FRR can be managed using
all northbound interfaces provided by ConfD, including NETCONF, RESTCONF
and their Web API.
The ConfD CDB API is used to handle configuration changes and the ConfD
Data Provider API is used to provide operational data, process RPCs and
send notifications. Support for configuration management using the ConfD
Data Provider API is not available at this point.
The ConfD optional 'get_object()' and 'get_next_object()' callbacks were
implemented for optimal performance when fetching operational data.
This plugins requires ConfD 6.5 or later since it uses the new leaf-list
API introduced in ConfD 6.5.
To install the plugin, the --enable-confd option should be given to the
configure script, specifying the location where ConfD is installed.
Mark Stapp [Mon, 15 Oct 2018 15:14:07 +0000 (11:14 -0400)]
zebra: only perform shutdown signal processing once
Avoid running the shutdown/sigint handler code more than once. With
the async dataplane, once shutdown has been initiated, the completion
of all async updates triggers final shutdown of the zebra main
pthread. During that time, avoid taking and processing a second
signal, such as SIGINT or SIGTERM.
Mark Stapp [Mon, 27 Aug 2018 20:03:37 +0000 (16:03 -0400)]
zebra: support zebra shutdown and cleanup
Dplane support for zebra's route cleanup during shutdown (clean
shutdown via SIGINT, anyway.) The dplane has the opportunity to
process incoming updates, and then triggers final cleanup
in zebra's main thread.
Mark Stapp [Fri, 17 Aug 2018 19:50:09 +0000 (15:50 -0400)]
zebra: add dplane show commands
Add first pass at show commands for the zebra dplane. Add some stats
counters to show. Start prep for correct shutdown processing, and for
multiple providers.
projects / mirror_frr.git / log