git.puffer.fish Git - mirror/frr.git/commit

author	Ryoga Saito <ryoga.saito@linecorp.com>
	Thu, 27 Oct 2022 01:17:50 +0000 (10:17 +0900)
committer	Ryoga Saito <ryoga.saito@linecorp.com>
	Thu, 27 Oct 2022 01:38:05 +0000 (10:38 +0900)
commit	5b786189bc60b07c62569a324754b4b49fe61f8e
tree	23691c4b89d16e61bacd763b2a3bf801973c11b1	tree \| snapshot
parent	0f926d91416be5cb874a2af4a733f116013bd93b	commit \| diff

bgpd: Fix the condition whether nexthop is changed

Given that the following topology, route server MUST not modify NEXT_HOP
attribute because route server isn't in the actual routing path. This
behavior is required to comply RFC7947

(Router A) <-(eBGP peer)-> (Route Server) <-(eBGP peer)-> (Router B)

RFC7947 says as follows:

> As the route server does not participate in the actual routing of
> traffic, the NEXT_HOP attribute MUST be passed unmodified to the route
> server clients, similar to the "third-party" next-hop
> feature described in Section 5.1.3. of [RFC4271].

However, current FRR is violating RFC7947 in some cases. If routers and
route server established BGP peer over IPv6 connection and routers
advertise ipv4-vpn routes through route server, route server will modify
NEXT_HOP attribute in these advertisements.

This is because the condition to check whether NEXT_HOP attribute should
be changed or not is wrong. We should use (afi, safi) as the key to
check, but (nhafi, safi) is actually used. This causes the RFC7947
violation.

Signed-off-by: Ryoga Saito <ryoga.saito@linecorp.com>