Pat Ruddy [Fri, 26 Jun 2020 16:37:30 +0000 (17:37 +0100)]
bgpd: do not unregister for prefix nexthop updates if nh exists
since the addition of srte_color to the comparison for bgp nexthops
it is possible to have several nexthops per prefix but since zebra
only sores a per prefix registration we should not unregister for
nh notifications for a prefix unti all the nexthops for that prefix
have been deleted. Otherwise we can get into a deadlock situation
where BGP thinks we have registered but we have unregistered from zebra.
Sebastien Merle [Tue, 28 Jan 2020 11:59:57 +0000 (11:59 +0000)]
bgpd: Add support for SR-TE Policies in route-maps
Example configuration:
route-map SET_SR_POLICY permit 10
set sr-te color 1
!
router bgp 1
bgp router-id 1.1.1.1
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source lo
address-family ipv4 unicast
neighbor 2.2.2.2 next-hop-self
neighbor 2.2.2.2 route-map SET_SR_POLICY in
exit-address-family
!
!
Learned BGP routes from 2.2.2.2 are mapped to the SR-TE Policy
which is uniquely determined by the BGP nexthop (2.2.2.2 in this
case) and the SR-TE color in the route-map.
bgpd: convert NHT code to use rb-trees instead of routing tables
Fist, routing tables aren't the most appropriate data structure
to store nexthops and imported routes since we don't need to do
longest prefix matches with that information.
Second, by converting the NHT code to use rb-trees, we can index
the nexthops using additional information, not only the destination
address. This will be useful later to index bgpd's nexthops by
both destination and SR-TE color.
Mark Stapp [Tue, 25 Aug 2020 14:52:17 +0000 (10:52 -0400)]
tests: fix router stop logic
Change the public router stop method to always do a two-phase
shutdown - once without waiting and a second time with a wait.
Ordinary callers need to use this approach when stopping routers.
Move the detailed internal details to a private method that tests
should not call directly.
bgpd: reset session if ebgp-multihop is set and no session established
If you configure eBGP on loopbacks, you might miss setting the
ebgp-multihop option. Given that, the session will not be established
because of this. Now, the session is in Active state. When you update
your config afterwards and set the ebgp-multihop option to the
appropriate value, the session will still be in Active state. In fact,
it will be stuck in Active state and only services restart will help.
With this change, when set the ebgp-multihop option and no session was
established, reset the session.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
bgpd: withdraw default route when route-map has no match
If you advertise a default route (via default-originate) only if some
prefix is present in the BGP RIB (route-map specified) and this prefix
becomes unavailable, the default route keeps being advertised.
With this change, when we iterate over the BGP RIB to check if we can
advertise the default route, skip unavailable prefixes.
Signed-off-by: Alexander Chernavin <achernavin@netgate.com>
David Schweizer [Mon, 24 Aug 2020 16:16:49 +0000 (18:16 +0200)]
bgpd: alias for bgp no shutdown cmd
* Reverted back to using an ALIAS definition for the negated bgp
shutdown command with a concatenated message string.
* Unified cli command descriptions for bgp shutdown commands.
Signed-off-by: David Schweizer <dschweizer@opensourcerouting.org>
lib, tools: fix reloading of key sub-context in key chains
When you add a key chain in the RIP configuration file and reload the
configurations via the frr-reload.py script, the script will fail and
the key chain will not appear in the running configuration. The reason
is that frr-reload.py doesn't recognize key as a sub-context.
David Schweizer [Mon, 24 Aug 2020 06:12:16 +0000 (08:12 +0200)]
bgpd: additional no bgp shutdown cli command
* Added a "no bgp shutdown message MSG..." cli command for ease of use
with copy/paste. Because of current limitations with DEFPY/ALIAS and
the message string concatenation, a new command instead of an ALIAS
had to be implemented.
Signed-off-by: David Schweizer <dschweizer@opensourcerouting.org>
Philippe Guibert [Tue, 22 Oct 2019 07:21:28 +0000 (09:21 +0200)]
bgpd: fill in local ecommunity context with ecom unit length
because the same extended community can be used for storing ipv6 and
ipv4 et communities, the unit length must be stored. do not forget to
set the standard value in bgp evpn.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Mon, 21 Oct 2019 09:12:25 +0000 (11:12 +0200)]
bgpd: fallback proto icmp/v6 to appropriate l3 filter
if match protocol is icmp, then this protocol will be filtered with afi
= ipv4. however, if afi = ipv6, then the icmp protocol will fall back to
icmpv6.
note that this patch has also been done to simplify the policy routing,
as BGP will only handle TCP/UDP/ICMP(v4 or v6) protocols.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Mon, 21 Oct 2019 09:05:44 +0000 (11:05 +0200)]
bgpd: limit policy routing with flowlabel, fragment, and prefix offset
the following 3 options are not supported in current implementation of
policy routing. for that, inform the user that the flowspec entry is
invalid when attempting to use :
- prefix offset with src, or dst ipv6 address ( see [1])
- flowlabel value - limitation due to [0]
- fragment ( implementation not done today).
Philippe Guibert [Thu, 17 Oct 2019 14:11:57 +0000 (16:11 +0200)]
bgpd: support for flowspec interface list per address-family
in addition to ipv4 flowspec, ipv6 flowspec address family can configure
its own list of interfaces to monitor. this permits filtering the policy
routing only on some interfaces.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Thu, 17 Oct 2019 14:08:16 +0000 (16:08 +0200)]
bgpd: support for bgp ipv6 ext community, and flowspec redirect ipv6
rfc 5701 is supported. it is possible to configure in bgp vpn, a list of
route target with ipv6 external communities to import. it is to be noted
that this ipv6 external community has been developed only for matching a
bgp flowspec update with same ipv6 ext commmunity.
adding to this, draft-ietf-idr-flow-spec-v6-09 is implemented regarding
the redirect ipv6 option.
Practically, under bgp vpn, under ipv6 unicast, it is possible to
configure : [no] rt6 redirect import <IPV6>:<AS> values.
An incoming bgp update with fs ipv6 and that option matching a bgp vrf,
will be imported in that bgp vrf.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 16 Oct 2019 09:07:41 +0000 (11:07 +0200)]
bgp, zebra: add family attribute to ipset and iptable context
in order to create appropriate policy route, family attribute is stored
in ipset and iptable zapi contexts. This commit also adds the flow label
attribute in iptables, for further usage.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 16 Oct 2019 08:05:36 +0000 (10:05 +0200)]
bgpd: support for redirect ipv6 simpson method
this commit supports [0] where ipv6 address is encoded in nexthop
attribute of nlri, and not in bgp redirect ip extended community. the
community contains only duplicate information or not.
Adding to this, because an action or a rule needs to apply to either
ipv4 or ipv6 flow, modify some internal structures so as to be aware of
which flow needs to be filtered. This work is needed when an ipv6
flowspec rule without ip addresses is mentioned, we need to know which
afi is served. Also, this work will be useful when doing redirect VRF.
[0] draft-simpson-idr-flowspec-redirect-02.txt
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 16 Oct 2019 06:44:20 +0000 (08:44 +0200)]
bgpd, lib: support for flow_label flowspec type
in ipv6 flowspec, a new type is defined to be able to do filtering rules
based on 20 bits flow label field as depicted in [0]. The change include
the decoding by flowspec, and the addition of a new attribute in policy
routing rule, so that the data is ready to be sent to zebra.
The commit also includes a check on fragment option, since dont fragment
bit does not exist in ipv6, the value should always be set to 0,
otherwise the flowspec rule becomes invalid.
Philippe Guibert [Wed, 16 Oct 2019 06:42:30 +0000 (08:42 +0200)]
bgpd: ipv6 flowspec address decoding and validation
as per [0], ipv6 adress format introduces an ipv6 offset that needs to
be extracted too. The change include the validation, decoding for
further usage with policy-routing and decoding for dumping.
Philippe Guibert [Mon, 14 Oct 2019 16:02:22 +0000 (18:02 +0200)]
bgpd: flowspec code support for ipv6
until now, the assumption was done in bgp flowspec code that the
information contained was an ipv4 flowspec prefix. now that it is
possible to handle ipv4 or ipv6 flowspec prefixes, that information is
stored in prefix_flowspec attribute. Also, some unlocking is done in
order to process ipv4 and ipv6 flowspec entries.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Tue, 15 Oct 2019 13:01:39 +0000 (15:01 +0200)]
lib: add family attribute for flowspec prefix structure
to recognize whether a flowspec prefix has been carried out by
ipv4 flowspec or ipv6 flowspec ( actually, the hypothesis is that only
ipv4 flowspec is supported), then a new attribute should contain the
family value: AF_INET or AF_INET6. That value will be further used in
the BGP flowspec code.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Sarita Patra [Fri, 21 Aug 2020 06:33:09 +0000 (23:33 -0700)]
bgpd: Fix BGP session stuck in OpenConfirm state
Issue:
1. Initially BGP start listening to socket.
2. Start timer expires and BGP tries to connect to peer and moved
to Idle->connect (lets say peer datastructre X)
3. Connect for X succeeds and hence moved from idle ->connect with
FD-x.
4. A incoming connection is accepted and a new peer datastructure Y
is created with FD-y moves from idle->Active state.
5. Peer datastercture Y FD-y sends out OPEN and moves to
Active->Opensent state.
6. Peer datastrcture Y FD-y receives OPEN and moved from Opensent->
Openconfirm state.
7. Meanwhile on peer datastrcture X FD-x sends out a OPEN message
and moved from connect->Opensent.
8. For peer datastrcture Y FD-y keep alive is received and it is
moved from OpenConfirm->Established.
9. In this case peer datastructure Y FD-y is a accepted connection
so we try to copy all its parameter to peer datastructure X and
delete Y.
10. During this process TCP connection for the accepted connection
(FD-y) goes down and hence get remote address and port fails.
11. With this failure bgp_stop function for both peer datastrure X
and peer datastructure Y is called.
12. By this time all the parameters include state for datastrcture
for X and Y are exchanged. Peer Y FD-y when it entered this
function had state OpenConfirm still which has been moved to peer
datastrcture X.
13. In bgp_stop it will stop all the timers and take action only if
peer is in established state. Now that peer datastrcture X and Y
are not in established state (in this function) it will simply
close all timers and close the socket and assigns socket for both
the peer datastrcture to -1.
14. Peer datastrcture Y will be deleted as it is a datastrcture created
due to accept of connection where as peer datastrcture X will be held
as it is created with configuration.
15. Now peer datastrcture X now holds a state of OpenConfirm without any
timers running.
16. With this any new incoming connection will never be able to establish
as there is config connection X which is stuck in OpenConfirm.
Fix:
While transferring the peer datastructure Y FD-y (accepted connection)
to the peer datastructure X, if TCP connection for FD-y goes down, then
1. Call fsm event bgp_stop for X (do cleanup with bgp_stop and move the
state to Idle) and
2. Call fsm event bgp_stop for Y (do cleanup with bgp_stop and gets deleted
since it is an accept connection).
Sarita Patra [Fri, 21 Aug 2020 06:29:08 +0000 (23:29 -0700)]
bgpd: Don't stop hold timer in OpenConfirm State
Issue:
1. Initially BGP start listening to socket.
2. Start timer expires and BGP tries to connect to peer and moved
to Idle->connect (lets say peer datastructre X)
3. Peer datastrcture Y FD-X receives OPEN and moved from Opensent->
Openconfirm state and start the hold timer.
4. In the OpenConfirm state, the hold timer is stopped. So peer X
waits for Keepalive message from peer. If the Keepalive message
is not received, then it will be in OpenConfirm state for
indefinite time.
5. Due to this it neither close the existing connection nor it will
accept any connection from peer.
Fix:
In the OpenConfirm state, don't stop the hold timer.
1. Upon receipt of a neighbor’s Keepalive, the state is moved to
Established.
2. But If the hold timer expires, a stop event occurs, the state
is moved to Idle.
This is as per RFC.
Chirag Shah [Thu, 20 Aug 2020 19:09:53 +0000 (12:09 -0700)]
*: record transaction based on control flag
In case of config rollback is enabled,
record northbound transaction based on a control flag.
The actual frr daemons would set the flag to true via
nb_init from frr_init.
This will allow test daemon to bypass recording
transacation to db.
Mark Stapp [Thu, 20 Aug 2020 18:50:38 +0000 (14:50 -0400)]
lib: zapi nexthop sort fixes
The sorting for zapi nexthops in zapi routes needs to match
the sorting of nexthops done in zebra. Ensure all zapi_nexthop
attributes are included in the sort.
Renato Westphal [Wed, 19 Aug 2020 23:33:40 +0000 (20:33 -0300)]
lib: adapt plugin to use new Sysrepo version
Sysrepo recently underwent a complete rewrite, where some substantial
architectural changes were made (the most important one being the
extinction of the sysrepod daemon). While most of the existing API
was preserved, quite a few backward-incompatible changes [1] were
introduced (mostly simplifications). This commit adapts our sysrepo
northbound plugin to those API changes in order for it to be compatible
with the latest Sysrepo version.
Additional notes:
* The old Sysrepo version is EOL and not supported anymore.
* The new Sysrepo version requires libyang 1.x.
PR #6416 that solves opsf crash when segment routing is restarted, introduce a
regression in Extended Prefix flooding: when segment routing prefix is modified
or removed, new segment routing prefix is no more flooded. This patch correct
this regression.
Add new option to `segment-routing prefix` command to set the
Explcit Null flag in addition to the No-PHP flag. MPLS LFIB configuration
has been also updated to take into account the Explicit Null flag.
Olivier Dugeon [Thu, 18 Jun 2020 17:46:28 +0000 (19:46 +0200)]
ospfd: Add Segment Routing Local Block
RFC 8665 defines a Segment Routing Local Block for Adjacency SID.
This patch provides the possibility to modify the SRLB as well as
reserved the block range from the Label Manager.
- Introduce new CLI 'segment-routing local-block'
- Add local block to SRDB structure
- Parse / Serialize SRLB in Router Information LSA
- Update OSPF-SR topotest
- Update documentation
Olivier Dugeon [Tue, 16 Jun 2020 14:49:38 +0000 (16:49 +0200)]
ospfd: Add Label Manager for Segment Routing
Segment Routing Global Block is now using the Label Manager to reserved
label range. Label Manager connection uses the synchronous mode and dedicated
thread timer is used to establish the connection in safe manner without
blocking OSPFd is the Label Manager is not available.
Renato Westphal [Wed, 19 Aug 2020 22:48:21 +0000 (19:48 -0300)]
staticd: fix warning when creating routes without SR-TE colors
The SR-TE color YANG leaf is optional so it shouldn't be created
unconditionally (it doesn't have a default value).
Fixes warnings like this when routes are created without specifying
a SR-TE color:
STATIC: libyang: Invalid value "" in "srte-color" element.
(/frr-routing:routing/control-plane-protocols/control-plane-protocol[type='frr-s
taticd:staticd'][name='staticd'][vrf='default']/frr-staticd:staticd/route-list[p
refix='99.0.0.1/32'][afi-safi='frr-routing:ipv4-unicast']/path-list[distance='1'
]/frr-nexthops/nexthop[nh-type='ip4'][vrf='default'][gateway='192.168.1.2'][inte
rface='(null)']/srte-color)
Donald Sharp [Wed, 19 Aug 2020 14:11:06 +0000 (10:11 -0400)]
zebra: Add table id to debug output
There are a bunch of places where the table id is not being outputed
in debug messages for routing changes. Add in the table id we
are operating on. This is especially useful for the case where
pbr is working.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
projects / mirror_frr.git / log