Merge pull request #18417 from AndriiFullroot/VyOS_T7226

ldpd: Option for disabled LDP hello message during TCP
2025-04-30 13:37:17 +02:00 · 2025-04-29 11:11:35 -04:00 · 2025-04-29 11:11:35 -04:00 · a710f4bdb7
parent 14267741aa 887bbf91fe
commit a710f4bdb7
17 changed files with 422 additions and 2 deletions
--- a/doc/user/ldpd.rst
+++ b/doc/user/ldpd.rst
@ -141,6 +141,19 @@ LDP Configuration
   If GTSM is enabled, multi-hop neighbors should have either GTSM disabled
   individually or configured with an appropriate ttl-security hops distance.
 .. clicmd:: disable-establish-hello
   Located under the MPLS address-family interface node. By default,
   the ldpd service sends additional LDP multicast hello messages on TCP
   session establishment. This should speed up the connection time, so
   the "passive" service would receive the "hello" earlier and would "accept"
   TCP without waiting for the UDP message on interval. This behaviour can
   produce massive traffic with multicast packets if there are a lot of ldpd
   services in one local network, essentially each "addition hello" may trigger
   attempt for connection and sending "additional hello" from other ldpd
   services. This option allows to disable that behaviour. LDP hello multicast
   messages would be sent only by interval.
 .. clicmd:: neighbor A.B.C.D password PASSWORD
   The following command located under MPLS router node configures the router
--- a/docker/ubuntu-ci/Dockerfile
+++ b/docker/ubuntu-ci/Dockerfile
@ -33,6 +33,7 @@ RUN apt update && apt upgrade -y && \
            screen \
            texinfo \
            tmux \
            iptables \
    && \
    # Protobuf build requirements
    apt-get install -y \
--- a/ldpd/interface.c
+++ b/ldpd/interface.c
@ -63,11 +63,13 @@ if_new(const char *name)
 	iface->ipv4.af = AF_INET;
 	iface->ipv4.iface = iface;
 	iface->ipv4.enabled = 0;
 	iface->ipv4.disable_establish_hello = 0;
 	/* ipv6 */
 	iface->ipv6.af = AF_INET6;
 	iface->ipv6.iface = iface;
 	iface->ipv6.enabled = 0;
 	iface->ipv6.disable_establish_hello = 0;
 	return (iface);
 }
--- a/ldpd/ldp_vty.h
+++ b/ldpd/ldp_vty.h
@ -24,6 +24,7 @@ int	 ldp_vty_allow_broken_lsp(struct vty *, const char *);
 int	 ldp_vty_address_family (struct vty *, const char *, const char *);
 int	 ldp_vty_disc_holdtime(struct vty *, const char *, enum hello_type, long);
 int	 ldp_vty_disc_interval(struct vty *, const char *, enum hello_type, long);
 int	 ldp_vty_disable_establish_hello(struct vty *, const char *);
 int	 ldp_vty_targeted_hello_accept(struct vty *, const char *, const char *);
 int	 ldp_vty_nbr_session_holdtime(struct vty *, const char *, struct in_addr, long);
 int	 ldp_vty_af_session_holdtime(struct vty *, const char *, long);
--- a/ldpd/ldp_vty_cmds.c
+++ b/ldpd/ldp_vty_cmds.c
@ -122,6 +122,15 @@ DEFPY  (ldp_discovery_link_interval,
 	return (ldp_vty_disc_interval(vty, no, HELLO_LINK, interval));
 }
 DEFPY  (ldp_disable_establish_hello,
 	ldp_disable_establish_hello_cmd,
 	"[no] disable-establish-hello",
 	NO_STR
 	"Disable sending additional LDP hello message on establishing LDP tcp connection\n")
 {
 	return ldp_vty_disable_establish_hello(vty, no);
 }
 DEFPY  (ldp_discovery_targeted_interval,
 	ldp_discovery_targeted_interval_cmd,
 	"[no] discovery targeted-hello interval (1-65535)$interval",
@ -866,9 +875,11 @@ ldp_vty_init (void)
 	install_element(LDP_IPV4_IFACE_NODE, &ldp_discovery_link_holdtime_cmd);
 	install_element(LDP_IPV4_IFACE_NODE, &ldp_discovery_link_interval_cmd);
 	install_element(LDP_IPV4_IFACE_NODE, &ldp_disable_establish_hello_cmd);
 	install_element(LDP_IPV6_IFACE_NODE, &ldp_discovery_link_holdtime_cmd);
 	install_element(LDP_IPV6_IFACE_NODE, &ldp_discovery_link_interval_cmd);
 	install_element(LDP_IPV6_IFACE_NODE, &ldp_disable_establish_hello_cmd);
 	install_element(LDP_L2VPN_NODE, &ldp_bridge_cmd);
 	install_element(LDP_L2VPN_NODE, &ldp_mtu_cmd);
--- a/ldpd/ldp_vty_conf.c
+++ b/ldpd/ldp_vty_conf.c
@ -119,6 +119,8 @@ ldp_af_iface_config_write(struct vty *vty, int af)
 		    ia->hello_interval != 0)
 			vty_out (vty, "   discovery hello interval %u\n",
 			    ia->hello_interval);
 		if (ia->disable_establish_hello)
 			vty_out (vty, "   disable-establish-hello\n");
 		vty_out (vty, "  exit\n");
 	}
@ -632,6 +634,36 @@ ldp_vty_disc_interval(struct vty *vty, const char *negate,
 	return (CMD_SUCCESS);
 }
 int
 ldp_vty_disable_establish_hello(struct vty *vty,
 	const char *negate)
 {
 	struct iface		*iface;
 	struct iface_af		*ia;
 	int			 af;
 	switch (vty->node) {
 	case LDP_IPV4_IFACE_NODE:
 	case LDP_IPV6_IFACE_NODE:
 		af = ldp_vty_get_af(vty);
 		iface = VTY_GET_CONTEXT(iface);
 		VTY_CHECK_CONTEXT(iface);
 		ia = iface_af_get(iface, af);
 		if (negate)
 			ia->disable_establish_hello = 0;
 		else
 			ia->disable_establish_hello = 1;
 		ldp_config_apply(vty, vty_conf);
 		break;
 	default:
 		fatalx("ldp_vty_disable_establish_hello: unexpected node");
 	}
 	return (CMD_SUCCESS);
 }
 int
 ldp_vty_targeted_hello_accept(struct vty *vty, const char *negate,
    const char *acl_from_str)
--- a/ldpd/ldpd.c
+++ b/ldpd/ldpd.c
@ -1603,6 +1603,7 @@ merge_iface_af(struct iface_af *ia, struct iface_af *xi)
 	}
 	ia->hello_holdtime = xi->hello_holdtime;
 	ia->hello_interval = xi->hello_interval;
 	ia->disable_establish_hello = xi->disable_establish_hello;
 }
 static void
--- a/ldpd/ldpd.h
+++ b/ldpd/ldpd.h
@ -332,6 +332,7 @@ struct iface_af {
 	struct event *hello_timer;
 	uint16_t		 hello_holdtime;
 	uint16_t		 hello_interval;
 	int disable_establish_hello;
 };
 struct iface_ldp_sync {
--- a/ldpd/neighbor.c
+++ b/ldpd/neighbor.c
@ -630,8 +630,9 @@ nbr_establish_connection(struct nbr *nbr)
 	 * an adjacency as well.
 	 */
 	RB_FOREACH(adj, nbr_adj_head, &nbr->adj_tree)
-		send_hello(adj->source.type, adj->source.link.ia,
+		if (!(adj->source.type == HELLO_LINK && adj->source.link.ia->disable_establish_hello))
-		    adj->source.target);
+			send_hello(adj->source.type, adj->source.link.ia,
 				adj->source.target);
 	if (connect(nbr->fd, &remote_su.sa, sockaddr_len(&remote_su.sa)) == -1) {
 		if (errno == EINPROGRESS) {
--- a/tests/topotests/ldp_establish_hello_topo1/r1/ldpd.conf
+++ b/tests/topotests/ldp_establish_hello_topo1/r1/ldpd.conf
@ -0,0 +1,21 @@
 hostname r1
 log file ldpd.log
 !
 ! debug mpls ldp zebra
 ! debug mpls ldp event
 ! debug mpls ldp errors
 ! debug mpls ldp messages recv
 ! debug mpls ldp messages sent
 ! debug mpls ldp discovery hello recv
 ! debug mpls ldp discovery hello sent
 !
 mpls ldp
 router-id 1.1.1.1
 !
 address-family ipv4
  discovery transport-address 1.1.1.1
  !
 !
 !
 line vty
 !
--- a/tests/topotests/ldp_establish_hello_topo1/r1/zebra.conf
+++ b/tests/topotests/ldp_establish_hello_topo1/r1/zebra.conf
@ -0,0 +1,17 @@
 log file zebra.log
 !
 hostname r1
 !
 interface lo
 ip address 1.1.1.1/32
 !
 interface r1-eth0
 description to sw0
 ip address 10.0.1.1/24
 no link-detect
 !
 ip forwarding
 !
 !
 line vty
 !
--- a/tests/topotests/ldp_establish_hello_topo1/r2/ldpd.conf
+++ b/tests/topotests/ldp_establish_hello_topo1/r2/ldpd.conf
@ -0,0 +1,21 @@
 hostname r2
 log file ldpd.log
 !
 ! debug mpls ldp zebra
 ! debug mpls ldp event
 ! debug mpls ldp errors
 ! debug mpls ldp messages recv
 ! debug mpls ldp messages sent
 ! debug mpls ldp discovery hello recv
 ! debug mpls ldp discovery hello sent
 !
 mpls ldp
 router-id 2.2.2.2
 !
 address-family ipv4
  discovery transport-address 2.2.2.2
  !
 !
 !
 line vty
 !
--- a/tests/topotests/ldp_establish_hello_topo1/r2/zebra.conf
+++ b/tests/topotests/ldp_establish_hello_topo1/r2/zebra.conf
@ -0,0 +1,17 @@
 log file zebra.log
 !
 hostname r2
 !
 interface lo
 ip address 2.2.2.2/32
 !
 interface r2-eth0
 description to sw0
 ip address 10.0.1.2/24
 no link-detect
 !
 ip forwarding
 !
 !
 line vty
 !
--- a/tests/topotests/ldp_establish_hello_topo1/r3/ldpd.conf
+++ b/tests/topotests/ldp_establish_hello_topo1/r3/ldpd.conf
@ -0,0 +1,21 @@
 hostname r3
 log file ldpd.log
 !
 ! debug mpls ldp zebra
 ! debug mpls ldp event
 ! debug mpls ldp errors
 ! debug mpls ldp messages recv
 ! debug mpls ldp messages sent
 ! debug mpls ldp discovery hello recv
 ! debug mpls ldp discovery hello sent
 !
 mpls ldp
 router-id 3.3.3.3
 !
 address-family ipv4
  discovery transport-address 3.3.3.3
  !
 !
 !
 line vty
 !
--- a/tests/topotests/ldp_establish_hello_topo1/r3/zebra.conf
+++ b/tests/topotests/ldp_establish_hello_topo1/r3/zebra.conf
@ -0,0 +1,17 @@
 log file zebra.log
 !
 hostname r3
 !
 interface lo
 ip address 3.3.3.3/32
 !
 interface r3-eth0
 description to sw0
 ip address 10.0.1.3/24
 no link-detect
 !
 ip forwarding
 !
 !
 line vty
 !
--- a/tests/topotests/ldp_establish_hello_topo1/test_establish_hello_topo1.dot
+++ b/tests/topotests/ldp_establish_hello_topo1/test_establish_hello_topo1.dot
@ -0,0 +1,51 @@
 ## Color coding:
 #########################
 ##  Main FRR: #f08080  red
 ##  Switches: #d0e0d0  gray
 ##  RIP:      #19e3d9  Cyan
 ##  RIPng:    #fcb314  dark yellow
 ##  OSPFv2:   #32b835  Green
 ##  OSPFv3:   #19e3d9  Cyan
 ##  ISIS IPv4 #fcb314  dark yellow
 ##  ISIS IPv6 #9a81ec  purple
 ##  BGP IPv4  #eee3d3  beige
 ##  BGP IPv6  #fdff00  yellow
 ##### Colors (see http://www.color-hex.com/)
 graph template {
 	label="Test Topology - LDP-ESTABLISH-HELLO 1";
 	# Routers
 	r1 [
 		shape=doubleoctagon,
 		label="1.1.1.1",
 		fillcolor="#f08080",
 		style=filled,
 	];
 	r2 [
 		shape=doubleoctagon
 		label="2.2.2.2",
 		fillcolor="#f08080",
 		style=filled,
 	];
 	r3 [
 		shape=doubleoctagon
 		label="3.3.3.3",
 		fillcolor="#f08080",
 		style=filled,
 	];
 	# Switches
 	sw0 [
 		shape=oval,
 		label="10.0.1.0/24",
 		fillcolor="#d0e0d0",
 		style=filled,
 	];
 	# Connections
 	r1 -- sw0 [label="r1-eth0"];
 	r2 -- sw0 [label="r2-eth0"];
 	r3 -- sw0 [label="r3-eth0"];
 }
--- a/tests/topotests/ldp_establish_hello_topo1/test_establish_hello_topo1.py
+++ b/tests/topotests/ldp_establish_hello_topo1/test_establish_hello_topo1.py
@ -0,0 +1,192 @@
 #!/usr/bin/env python
 # SPDX-License-Identifier: ISC
 #
 # test_establish_hello_topo1.py
 #
 # Copyright (c) 2025 by VyOS Networks
 # Andrii Melnychenko (a.melnychenko@vyos.io)
 #
 r"""
 test_establish_hello_topo1.py: Simple FRR LDP Test
                            +-------------+
                            |     r1      |
                            |   1.1.1.1   |
                            +-------------+
                              |
                              | .1 r1-eth0
                              |
 +---------+                 ~~~~~~~~~~~~~
 |   r2    |  .2 r2-eth0   ~~     sw0     ~~
 | 2.2.2.2 | ------------- ~~ 10.0.1.0/24 ~~
 +---------+                 ~~~~~~~~~~~~~
                              |
                              | .3 r3-eth0
                              |
                            +-------------+
                            |     r3      |
                            |   3.3.3.3   |
                            +-------------+
 """
 import os
 import re
 import sys
 import pytest
 from time import sleep
 from lib.topogen import Topogen, get_topogen
 fatal_error = ""
 pytestmark = [pytest.mark.ldpd]
 def build_topo(tgen):
    # Setup Routers
    for router in ["r1", "r2", "r3"]:
        tgen.add_router(router)
    # Switch
    switch = tgen.add_switch("sw0")
    switch.add_link(tgen.gears["r1"])
    switch.add_link(tgen.gears["r2"])
    switch.add_link(tgen.gears["r3"])
 def setup_module(module):
    thisDir = os.path.dirname(os.path.realpath(__file__))
    tgen = Topogen(build_topo, module.__name__)
    tgen.start_topology()
    net = tgen.net
    # Starting Routers
    for router in ["r1", "r2", "r3"]:
        net[router].loadConf("zebra", "%s/%s/zebra.conf" % (thisDir, router))
        net[router].loadConf("ldpd", "%s/%s/ldpd.conf" % (thisDir, router))
        tgen.gears[router].start()
    # For debugging after starting FRR daemons, uncomment the next line
    # tgen.mininet_cli()
 def teardown_module(module):
    tgen = get_topogen()
    tgen.stop_topology()
 def test_default_behaviour():
    global fatal_error
    # Skip if previous fatal error condition is raised
    if fatal_error != "":
        pytest.skip(fatal_error)
    tgen = get_topogen()
    # Setup counters
    tgen.gears["r3"].run("""
            iptables -t filter -A INPUT -s 10.0.1.1 -p udp --dport 646 -j ACCEPT
            iptables -t filter -A INPUT -s 10.0.1.2 -p udp --dport 646 -j ACCEPT
            iptables -t filter -A OUTPUT -s 10.0.1.3 -p udp --dport 646 -j ACCEPT
            """)
    # Setup the LDP service
    for router in ["r3", "r2", "r1"]:
        tgen.gears[router].vtysh_multicmd([
                            "configure terminal",
                            "mpls ldp",
                            "address-family ipv4",
                            f"interface {router}-eth0",
                            "end"])
    sleep(7)
    # Get values from counters
    output = tgen.gears["r3"].run("iptables -t filter -L -v -n")
    # Disable the LDP service
    for router in ["r3", "r2", "r1"]:
        tgen.gears[router].vtysh_multicmd([
                            "configure terminal",
                            "mpls ldp",
                            "address-family ipv4",
                            f"no interface {router}-eth0",
                            "end"])
    # Remove counter
    tgen.gears["r3"].run("iptables -t filter -F")
    pattern = r"\n\s+(\d+)"
    matches = re.findall(pattern, output)
    # Each router should send at least 2 packets of LDP hello,
    # one at the start and one after the "interval"(default 5 sec)
    # So, router 10.0.1.1(1.1.1.1) should send only 2 packets
    # Router 10.0.1.2(2.2.2.2) sent 2 packets plus 2 packets for each attempt to connect to the 1.1.1.1 - in total 4
    # Router 10.0.1.3(3.3.3.3) sent 2 packets plus 2 packets to the 1.1.1.1 and 4 packets to the 2.2.2.2 - in total 8
    assert matches == ['2', '4', '8'], "Wrong count of the LDP hello messages"
 def test_disable_establish_hello():
    global fatal_error
    # Skip if previous fatal error condition is raised
    if fatal_error != "":
        pytest.skip(fatal_error)
    tgen = get_topogen()
    # Setup counters
    tgen.gears["r3"].run("""
            iptables -t filter -A INPUT -s 10.0.1.1 -p udp --dport 646 -j ACCEPT
            iptables -t filter -A INPUT -s 10.0.1.2 -p udp --dport 646 -j ACCEPT
            iptables -t filter -A OUTPUT -s 10.0.1.3 -p udp --dport 646 -j ACCEPT
            """)
    # Setup the LDP service with disable-establish-hello option
    for router in ["r3", "r2", "r1"]:
        tgen.gears[router].vtysh_multicmd([
                            "configure terminal",
                            "mpls ldp",
                            "address-family ipv4",
                            f"interface {router}-eth0",
                            "disable-establish-hello",
                            "end"])
    sleep(7)
    # Get values from counters
    output = tgen.gears["r3"].run("iptables -t filter -L -v -n")
    # Disable the LDP service
    for router in ["r3", "r2", "r1"]:
        tgen.gears[router].vtysh_multicmd([
                            "configure terminal",
                            "mpls ldp",
                            "address-family ipv4",
                            f"no interface {router}-eth0",
                            "end"])
    # Remove counter
    tgen.gears["r3"].run("iptables -t filter -F")
    pattern = r"\n\s+(\d+)"
    matches = re.findall(pattern, output)
    # With disabled sending LDP hello message on attempt to establish TCP connection
    # Each router should only send 2 packets, at start and after 5 seconds(default interval)
    assert matches == ['2', '2', '2'], "Wrong count of the LDP hello messages"
 if __name__ == "__main__":
    # To suppress tracebacks, either use the following pytest call or add "--tb=no" to cli
    # retval = pytest.main(["-s", "--tb=no"])
    retval = pytest.main(["-s"])
    sys.exit(retval)