zebra: adapt the vrf and logical router initialisation
The zebra daemon introduces the logical router initialisation.
Because right now, the usage of logical router and vrf NETNS is
exclusive, then the logical router and VRF are initialised accordingly.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This split is introducing logicalrouter.[ch] as the file that contains
the vty commands to configure logical router feature. The split has as
consequence that the backend of logical router is linux_netns.c formerly
called ns.c. The same relationship exists between VRF and its backend
which may be linux_netns.c file.
The split is adapting ns and vrf fiels so as to :
- clarify header
- ensure that the daemon persepctive, the feature VRF or logical router
is called instead of calling directly ns.
- this implies that VRF will call NS apis, as logical router does.
Also, like it is done for default NS and default VRF, the associated VRF
is enabled first, before NETNS is enabled, so that zvrf->zns pointer is
valid when NETNS discovery applies.
Also, other_netns.c file is a stub handler that will be used for non
linux systems. As NETNS feature is only used by Linux, some BSD systems
may want to use the same backend API to benefit from NETNS. This is what
that file has been done.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Thu, 22 Feb 2018 18:10:32 +0000 (19:10 +0100)]
zebra: handle some ioctl operations for VRF
A new API is available for interface ioctl operations on Linux:
vrf_if_ioctl. This is the unified API that permits doing ioctl
operations on a per interface basis.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Mon, 29 Jan 2018 15:14:46 +0000 (16:14 +0100)]
zebra: speed ioctl read() with interfaces from various NETNS
When interfaces are located on different NETNS ( different VRF), then a
switch from netns context is necessary when calling setns(). The VRF
apis to switch and switch back are called, so that the ioctl will work
accordingly.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Tue, 30 Jan 2018 14:30:10 +0000 (15:30 +0100)]
bgpd: do not start BGP VRF peer connection, if VRF not unknown
Upon starting a BGP VRF instance, the server socket is not created,
because the VRF ID is not known, and then underlying VRF backend is not
ready yet. Because of that, the peer connection attempt will not be
started before.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Fri, 26 Jan 2018 11:25:34 +0000 (12:25 +0100)]
bgpd: server socket is created for all enabled VRF
Upon creation of BGP instances, server socket may or may not be created.
In the case of VRF instances, if the VRF backend relies on NETNS, then
a new server socket will be created for each BGP VRF instance. If the
VRF backend relies on VRF LITE, then only one server socket will be
enough. Moreover, At startup, with BGP VRF configuration, a server
socket may not be created if VRF is not the default one or VRF is not
recognized yet.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 20 Dec 2017 11:37:18 +0000 (12:37 +0100)]
bgpd: bgp support for netns
The change contained in this commit does the following:
- discovery of vrf id from zebra daemon, and adaptation of bgp contexts
with BGP.
The list of network addresses contain a reference to the bgp context
supporting the vrf.
The bgp context contains a vrf pointer that gives information about
the netns path in case the vrf is a netns path.
Only some contexts are impacted, namely socket creation, and retrieval
of local IP settings. ( this requires vrf identifier).
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Fri, 26 Jan 2018 11:28:27 +0000 (12:28 +0100)]
lib: add two APIs to handle socket operations with VRF NETNS
The vrf_sockunion_socket() wraps sockunion_socket() with vrf_id as
additional parameter. The creation of socket forces the user to
transparently move to new NETNS for doing the operation.
The vrf_getaddr_info() wraps getaddr_info() with vrf_id as additional
parameter. That API relies on the underlying system. Then there may be
need to switch to an other netns in that case too.
Also, the vrf_socket() implementation is simplified.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 24 Jan 2018 18:06:06 +0000 (19:06 +0100)]
zebra: fix assert mpls when terminating zebra
The assert appears in zebra_mpls.c when checking default zebra_vrf.
It appears that when the mpls entries are flushed, it gets the default
vrf which is already flushed by vrf_terminate() function. In order to
avoid that assert to trigger a crash, the mpls flush is called before
vrf termination.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Tue, 19 Dec 2017 11:44:44 +0000 (12:44 +0100)]
lib: create interface even if name is the same
For supporting vrf based on namespaces, it is possible that an interface
with the same index is present. This is the case for loopback
interfaces. For that, for each query, if the interface is not found
, matching the vrf identifier, then a new interface is created, when the
backens for VRF is NETNS.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Tue, 16 Jan 2018 12:59:58 +0000 (13:59 +0100)]
zebra: upon startup, a NSID is assigned to default netns
when the netns backend is selected for VRF, the default VRF is being
assigned a NSID. This avoids the need to handle the case where if the
incoming NSID was 0 for a non default VRF, then a specific handling had
to be done to keep 0 value for default VRF.
In most cases, as the first NETNS to get a NSID will be the default VRF,
most probably the default VRF will be assigned to 0, while the other
ones will have their value incremented. On some cases, where the NSID is
already assigned for NETNS, including default VRF, then the default VRF
value will be the one derived from the NSID of default VRF, thus keeping
consistency between VRF IDs and NETNS IDs.
Default NS is attempted to be created. Actually, some VMs may have the
netns feature, but the NS initialisation fails because that folder is
not present.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 13 Dec 2017 10:04:31 +0000 (11:04 +0100)]
zebra: collect and get netnamespaces information
upon zebra initialisation, and upon further netnamespace creation, the
the netnamespaces are created and a vrf associated to the netnamespace
is created. By convention, the name of the netns will be the same as the
VRF.
Add a stub routine that returns a fake ns identifier, in case netlink (
linux machines) is not available.
Also, upon each newly discovered NETNS, a NSID id being generated,
either by relying on kernel NSID feature, or by generating locally the
NSID ( see previous commit for more information).
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
zebra: upon NS creation, collect the NSID via netlink
A NS identifier is collected by netlink. This identifier is a 32 bit
identifier that is either generated by the kernel (if not set) or
manually set by a set netlink command. The commit here is getting the
NSID from the newly created NS. If the linux option to create or get a
new NSID from the kernel does not exist, then the NSID is locally
genrated.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 20 Dec 2017 11:29:21 +0000 (12:29 +0100)]
lib: provide an API to switch from one netns to an other
Two apis are provided so that the switch from one netns to an other one
is taken care.
Also an other API to know if the VRF has a NETNS backend or a VRF Lite
backend.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Fri, 22 Dec 2017 15:02:51 +0000 (16:02 +0100)]
lib: add namespace name structure in zebra message
The addition of the name of the netns in the vrf message introduces also
a limitation when the size of the netns is bigger than 15 bytes. Then
the netns are ignored by the library.
In addition to this, some sanity checks have been introduced. some
functions to create the netns from a call not coming from the vty is
being added with traces.
Also, the ns vty function is reentrant, if the context is already
created.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com> Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Show vrf command displays information on the vrf, if it is related to
vrf kernel or if it is related to netns.
When a vrf from kernel is detected, before creating a new vrf, a check
is done against an already present vrf, and if that vrf is not a vrf
mapped with a netns. If that is that case, then the creation is
rejected.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The zebra netnamespace contexts are initialised, based on the callback
coming from the NS. Reversely, the list of ns is parsed to disable the
ns contexts.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
If vrf backend is netns, then the zebra will create its own
zebra_ns context for each new netns discovered. As consequence,
a routing table, and other contexts will be created for each
new namespace discovered. When it is enabled, a populate process
will be done, consisting in learning new interfaces and routes, and
addresses from other NETNS.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Wed, 13 Dec 2017 10:04:31 +0000 (11:04 +0100)]
lib: externalise vrf and ns creation
In addition to have the possibility to create from vty vrf based on a
netns backend, the API will be made accessible from external, especially
for zebra that will handle the netns discovery part. This commit is
externalising following functions:
- netns_pathname
- ns_handler_create
- vrf_handler_create
Also, the VRF initialisation case when under NETNS backend is changed,
since the NS identifier may not be known at the configuration time,but
may be known later, under discovery process.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Fri, 22 Dec 2017 15:21:09 +0000 (16:21 +0100)]
zebra: zns context is filled in when vrf is enabled
This commit is also a fix that avoids a VRF to be attached to the wrong
namespace context, at creation time. Because the VRF, at creation time
does not know yet the namespace where it will get its information.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Mon, 11 Dec 2017 14:19:15 +0000 (15:19 +0100)]
zebra: route configuration fix for vrf when applied to namespaces
For each route to be added or deleted, instead of applying directly to
default namespaces, when a vrf is mapped to a namespace, then the
correct zns must be found out.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
zebra: socket operations stick to namespace if necessary
Upon following calls: interface poll, address poll, route poll, and
ICMPv6 handling, each new Namespace is being parsed. For that, the
socket operations need to switch from one NS to one other, to get the
necessary information.
As of now, there is a crash when dumping interfaces, through show
running-config.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
zebra: copy logical-router-command under vrf subnode
a vty command is added:
in addition to this command ( kept for future usage):
- [no] logical-router-id <ID> netns <NETNSNAME>
a new command is being placed under vrf subnode
- vrf <NAME>
[no] netns <NETNSNAME>
exit
This command permits to map a VRF with a Netnamespace.
The commit only handles the relationship between vrf and ns structures.
It adds 2 attributes to vrf structure:
- one defines the kind of vrf ( mapped under netns or vrf from kernel)
- the other is the opaque pointer to ns
The show running-config is handled by zebra daemon.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Philippe Guibert [Mon, 22 Jan 2018 08:42:53 +0000 (09:42 +0100)]
zebra: add a runtime flag to enable vrf with netns
The netns backend is chosen by VRF if a runtime flag named vrfwnetns is
selected when running zebra.
In the case the NETNS backend is chosen, in some case the VRFID value is
being assigned the value of the NSID. Within the perimeter of that work,
this is why the vrf_lookup_by_table function is extended with a new
parameter.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Quentin Young [Fri, 23 Feb 2018 15:58:17 +0000 (10:58 -0500)]
tools: finer-grained error codes for checkpatch
* 2 for errors
* 1 for warnings
* 0 for clean
* Suppress all report text for a clean result
* Remove check for const structs from perl script
* Remove grep suppression for that check from shell script
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Quentin Young [Fri, 23 Feb 2018 15:11:19 +0000 (10:11 -0500)]
tools: ignore FSF warning, fn macros in checkpatch
* Unlike Linux we do require the GPL file header
* When checking for spaces between function names and parentheses,
ignore all-uppercase function names as these are likely to be macros,
and function-like macros may have that space
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Philippe Guibert [Fri, 23 Feb 2018 15:16:30 +0000 (16:16 +0100)]
tools: fix that filters issues on resulting file only
Because checkpatch result is applied to original and new file, the
analysis also parses what may be wrong with the original file.
Whereas the script should limit to analyse only what is wrong on new
file.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Donald Sharp [Fri, 16 Feb 2018 02:33:22 +0000 (21:33 -0500)]
zebra: On shutdown don't count removals
Some of the tables are no longer stored in the zvrf
and in the zns now. On shutdown zns is cleaned up
after vrf( and rightly so!) As such we should not
attempt to count the information if we don't have
a zvrf.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 14 Feb 2018 01:25:11 +0000 (20:25 -0500)]
zebra: Move zvrf->other_tables into zns
The other_tables data structure does not belong to a vrf.
It belongs to the zns. This is because each vrf does not
need to have copies of each of other_tables.
Additionally move the array into a RB_TREE. This will allow
us to sort quickly and easily expand the number of tables
we can support to beyond the ZEBRA_KERNEL_TABLE_MAX define.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Mladen Sablic [Mon, 12 Feb 2018 22:41:33 +0000 (23:41 +0100)]
pimd: Multicast traceroute client and router
This commit is the implementation of weak multicast traceroute.
It consists of IGMP module dealing with mtrace type IGMP messages
and client program mtrace/mtracebis for initiating mtrace queries.
When a BGP-labeled route is resolved into an LDP-labeled IGP route,
zebra would install it with no labels in the kernel. This patch implements
recursive MPLS labels, i.e. make zebra install all labels from the route's
nexthop chain (the labels from the top-level nexthop being installed in
the top of the MPLS label stack). Multiple recursion levels are supported.
Philippe Guibert [Fri, 16 Feb 2018 10:00:01 +0000 (11:00 +0100)]
bgpd: prevent from configuring vrf-policy when in BGP VRF instance
Under a BGP VRF instance, prevent from entering in vrf-policy mode. This
mode is reserved for non VRF instances that want to handle several VRF
at the same time.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Daniel Walton [Thu, 15 Feb 2018 20:55:43 +0000 (20:55 +0000)]
bgpd: "no neighbor 10.13.0.12 peer-group ibgp" does not remove peer
Signed-off-by: Daniel Walton <dwalton@cumulusnetworks.com>
This worked for unnumbered peers but not for numbered peers. This is
before the fix:
router bgp 100
coalesce-time 1000
neighbor FOO peer-group
neighbor FOO remote-as external
neighbor swp1 interface peer-group FOO
neighbor 1.1.1.1 peer-group FOO
!
line vty
exec-timeout 0 0
!
end
cel-redxp-10# wr
Note: this version of vtysh never writes vtysh.conf
Building Configuration...
Integrated configuration saved to /etc/frr/frr.conf
[OK]
cel-redxp-10# conf t
cel-redxp-10(config)# router bgp
cel-redxp-10(config-router)# no neighbor swp1 interface peer-group FOO
cel-redxp-10(config-router)# no neighbor 1.1.1.1 peer-group FOO
cel-redxp-10(config-router)# do show run
Building configuration...
Current configuration:
!
frr version 4.1-dev
frr defaults datacenter
hostname cel-redxp-10
!
service integrated-vtysh-config
!
password cn321
!
log syslog
!
router bgp 100
coalesce-time 1000
neighbor FOO peer-group
neighbor FOO remote-as external
neighbor 1.1.1.1 remote-as external
!
address-family ipv4 unicast
no neighbor 1.1.1.1 activate
exit-address-family
!
line vty
exec-timeout 0 0
!
end
cel-redxp-10(config-router)#
After the fix "no neighbor 1.1.1.1 peer-group FOO" removes the 1.1.1.1
neighbor.
Chirag Shah [Mon, 12 Feb 2018 21:22:04 +0000 (13:22 -0800)]
ospf6d: router-id change notify to restart ospf6d
Notify user to store config and restart ospf6d
as part of router-id change cli if any of
the area active.
Store zebra router-id under ospf6, when static
router-id removed restore zebra router-id, ask
to restart ospf6d.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Chirag Shah [Fri, 26 Jan 2018 22:53:43 +0000 (14:53 -0800)]
ospf6d: Handle Premature Aging of LSAs
RFC 2328 (14.1) Premature aging of LSAs from
routing domain :
When ospf6d is going away (router going down),
send MAXAGEd self originated LSAs to all
neighbors in routing domain to trigger
Premature aging to remove from resepective LSDBs.
Neighbor Router Reboot:
Upon receiving Self-originate MAXAGEd LSA, simply
discard, Current copy could be non maxaged latest.
For neighbor advertised LSA's (current copy in LSDB)
is set to MAXAGE but received new LSA with Non-MAXAGE
(with current age), discard the current MAXAGE LSA,
Send latest copy of LSA to neighbors and update the
LSDB with new LSA.
When a neighbor transition to FULL, trigger AS-External
LSAs update from external LSDB to new neighbor.
Testing:
R1 ---- DUT --- R5
| \
R2 R3
|
R4
Area 1: R5 and DUT
Area 0: DUT, R1, R2, R3
Area 2: R2 R4
Add IPv6 static routes at R5
Redistribute kernel routes at R5,
Validate routes at R4, redistributed via backbone
to area 2.
Stop n start frr.service at R5 and validated
MAXAGE LSAs then recent age LSAs in Database at DUT-R4.
Validated external routes installed DUT to R4.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Donald Sharp [Sat, 10 Feb 2018 19:03:09 +0000 (14:03 -0500)]
isisd: Free up some memory allocated.
The v4 and v6 prefixes were created but not deleted on
shutdown properly.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
(cherry picked from commit 25b1001dc9c46bbfcb9e1af8231e0fa63a7d3bd3) Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Donald Sharp [Wed, 14 Feb 2018 06:11:09 +0000 (01:11 -0500)]
lib, sharpd, zebra: Update the zapi_vrf_label call to add afi
Add the ability to pass in an afi to zebra. zebra_vrf keeps
track of the afi/label tuple and then does the right thing
before we call down. AF_MPLS does not care about v4 or v6
it just knows label and what device to use for lookup.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 14 Feb 2018 04:37:08 +0000 (23:37 -0500)]
ospfd: Fix some new SA issues found by coverity
Fix a || && mixup.
Add an assert for area to show we expect it to be non-null
going forward.
When memory is allocated if it fails we abort then
no need to check for null.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 14 Feb 2018 04:34:52 +0000 (23:34 -0500)]
ospf6d: Fix a possible deref by null found in SA
There exists a possibility that rtr_lsa may be null.
Add an assert that shows we actually expect it to
be non-null at this point in time going forward.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
bgpd: Policy to control which RIB routes are injected into EVPN
FRR/CL provides the means for injecting regular (IPv4) routes
from the BGP RIB into EVPN as type-5 routes.
This needs to be enhanced to allow selective injection.
This can be achieved by adding a route-map option
for the "advertise ipv4/ipv6 unicast" command.
zebra, bgp: Support type-5 routes with asymmetric routing
Asymmetric routing is an ideal choice when all VLANs are cfged on all leafs.
It simplifies the routing configuration and
eliminates potential need for advertising subnet routes.
However, we need to reach the Internet or global destinations
or to do subnet-based routing between PODs or DCs.
This requires EVPN type-5 routes but those routes require L3 VNI configuration.
This task is to support EVPN type-5 routes for prefix-based routing in
conjunction with asymmetric routing within the POD/DC.
It is done by providing an option to use the L3 VNI only for prefix routes,
so that type-2 routes (host routes) will only use the L2 VNI.
projects / mirror_frr.git / log