Mirror/frr
0
0
Fork 1
mirror of https://github.com/FRRouting/frr.git synced 2025-04-30 21:47:15 +02:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Merge pull request #15233 from louis-6wind/bgp-leak-no-network

Browse source 
bgpd: fix VRF leaking with 'no bgp network import-check'
This commit is contained in:
Donatas Abraitis 2024-01-26 13:09:33 +02:00 committed by GitHub
parent 9b9abe1659 4bbfade7d6
commit d48b99ad4f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 48 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
bgpd/bgp_mplsvpn.c
View file

@ -1011,9 +1011,11 @@ static bool leak_update_nexthop_valid(struct bgp *to_bgp, struct bgp_dest *bn,
{ {
struct bgp_path_info *bpi_ultimate; struct bgp_path_info *bpi_ultimate;
struct bgp *bgp_nexthop; struct bgp *bgp_nexthop;
struct bgp_table *table;
bool nh_valid; bool nh_valid;
bpi_ultimate = bgp_get_imported_bpi_ultimate(source_bpi); bpi_ultimate = bgp_get_imported_bpi_ultimate(source_bpi);
table = bgp_dest_table(bpi_ultimate->net);
if (bpi->extra && bpi->extra->vrfleak && bpi->extra->vrfleak->bgp_orig) if (bpi->extra && bpi->extra->vrfleak && bpi->extra->vrfleak->bgp_orig)
bgp_nexthop = bpi->extra->vrfleak->bgp_orig; bgp_nexthop = bpi->extra->vrfleak->bgp_orig;
@ -1029,7 +1031,17 @@ static bool leak_update_nexthop_valid(struct bgp *to_bgp, struct bgp_dest *bn,
is_pi_family_evpn(bpi_ultimate) || is_pi_family_evpn(bpi_ultimate) ||
CHECK_FLAG(bpi_ultimate->flags, BGP_PATH_ACCEPT_OWN)) CHECK_FLAG(bpi_ultimate->flags, BGP_PATH_ACCEPT_OWN))
nh_valid = true; nh_valid = true;
else else if (bpi_ultimate->type == ZEBRA_ROUTE_BGP &&
bpi_ultimate->sub_type == BGP_ROUTE_STATIC && table &&
(table->safi == SAFI_UNICAST ||
table->safi == SAFI_LABELED_UNICAST) &&
!CHECK_FLAG(bgp_nexthop->flags, BGP_FLAG_IMPORT_CHECK)) {
/* if the route is defined with the "network <prefix>" command
* and "no bgp network import-check" is set,
* then mark the nexthop as valid.
*/
nh_valid = true;
} else
/* /*
* TBD do we need to do anything about the * TBD do we need to do anything about the
* 'connected' parameter? * 'connected' parameter?

9
tests/topotests/bgp_l3vpn_to_bgp_vrf/customize.py
View file

@ -161,6 +161,15 @@ def ltemplatePreRouterStartHook():
logger.info( logger.info(
"setup {0} vrf {0}-cust1, {0}-eth4. enabled mpls input.".format(rtr) "setup {0} vrf {0}-cust1, {0}-eth4. enabled mpls input.".format(rtr)
) )
# configure cust4 VRFs & MPLS
cmds = [
"ip link add {0}-cust4 type vrf table 30",
"ip link set dev {0}-cust4 up",
]
rtr = "r1"
for cmd in cmds:
cc.doCmd(tgen, rtr, cmd.format(rtr))
logger.info("setup {0} vrf {0}-cust3 and{0}-cust4.".format(rtr))
# configure cust2 VRFs & MPLS # configure cust2 VRFs & MPLS
rtrs = ["r4"] rtrs = ["r4"]
cmds = [ cmds = [

13
tests/topotests/bgp_l3vpn_to_bgp_vrf/r1/bgpd.conf
View file

@ -50,6 +50,19 @@ router bgp 5227 vrf r1-cust1
export vpn export vpn
exit-address-family exit-address-family
router bgp 5227 vrf r1-cust4
no bgp network import-check
bgp router-id 192.168.1.1
address-family ipv4 unicast
network 172.16.0.0/24
rd vpn export 10:14
rt vpn export 52:100
import vpn
export vpn
exit-address-family
! !
end end

16
tests/topotests/bgp_l3vpn_to_bgp_vrf/scripts/check_routes.py
View file

@ -59,12 +59,20 @@ want_r1_cust1_routes = [
{"p": "5.1.1.0/24", "n": "99.0.0.1"}, {"p": "5.1.1.0/24", "n": "99.0.0.1"},
{"p": "6.0.1.0/24", "n": "99.0.0.1"}, {"p": "6.0.1.0/24", "n": "99.0.0.1"},
{"p": "6.0.2.0/24", "n": "99.0.0.1"}, {"p": "6.0.2.0/24", "n": "99.0.0.1"},
{"p": "172.16.0.0/24", "n": "0.0.0.0", "bp": True},
{"p": "99.0.0.1/32", "n": "192.168.1.2"}, {"p": "99.0.0.1/32", "n": "192.168.1.2"},
] ]
bgpribRequireUnicastRoutes( bgpribRequireUnicastRoutes(
"r1", "ipv4", "r1-cust1", "Customer 1 routes in r1 vrf", want_r1_cust1_routes "r1", "ipv4", "r1-cust1", "Customer 1 routes in r1 vrf", want_r1_cust1_routes
) )
want_r1_cust4_routes = [
{"p": "172.16.0.0/24", "n": "0.0.0.0", "bp": True},
]
bgpribRequireUnicastRoutes(
"r1", "ipv4", "r1-cust4", "Customer 4 routes in r1 vrf", want_r1_cust4_routes
)
want_r3_cust1_routes = [ want_r3_cust1_routes = [
{"p": "5.1.0.0/24", "n": "99.0.0.2"}, {"p": "5.1.0.0/24", "n": "99.0.0.2"},
{"p": "5.1.1.0/24", "n": "99.0.0.2"}, {"p": "5.1.1.0/24", "n": "99.0.0.2"},
@ -667,7 +675,7 @@ bgpribRequireUnicastRoutes(
luCommand( luCommand(
"ce1", "ce1",
'vtysh -c "show bgp ipv4 uni"', 'vtysh -c "show bgp ipv4 uni"',
"12 routes and 12", "13 routes and 13",
"wait", "wait",
"Local and remote routes", "Local and remote routes",
10, 10,
@ -689,7 +697,7 @@ bgpribRequireUnicastRoutes(
luCommand( luCommand(
"ce2", "ce2",
'vtysh -c "show bgp ipv4 uni"', 'vtysh -c "show bgp ipv4 uni"',
"12 routes and 15", "13 routes and 16",
"wait", "wait",
"Local and remote routes", "Local and remote routes",
10, 10,
@ -721,7 +729,7 @@ luCommand("r4", 'vtysh -c "show ip route vrf r4-cust2"')
luCommand( luCommand(
"ce3", "ce3",
'vtysh -c "show bgp ipv4 uni"', 'vtysh -c "show bgp ipv4 uni"',
"12 routes and 13", "13 routes and 14",
"wait", "wait",
"Local and remote routes", "Local and remote routes",
10, 10,
@ -743,7 +751,7 @@ bgpribRequireUnicastRoutes(
luCommand( luCommand(
"ce4", "ce4",
'vtysh -c "show bgp vrf ce4-cust2 ipv4 uni"', 'vtysh -c "show bgp vrf ce4-cust2 ipv4 uni"',
"12 routes and 14", "13 routes and 15",
"wait", "wait",
"Local and remote routes", "Local and remote routes",
10, 10,

2
tests/topotests/bgp_l3vpn_to_bgp_vrf/scripts/scale_down.py
View file

@ -49,7 +49,7 @@ if ret != False and found != None:
luCommand( luCommand(
rtr, rtr,
'vtysh -c "show bgp ipv4 uni" | grep Display', 'vtysh -c "show bgp ipv4 uni" | grep Display',
" 12 route", " 13 route",
"wait", "wait",
"BGP routes removed", "BGP routes removed",
wait, wait,