zebra: install EVPN gateway MAC as static/sticky

SVI interface ip/hw address is advertised by the GW VTEP (say TORC11) with
the default-GW community. And the rxing VTEP (say TORC21) installs the GW
MAC as a dynamic FDB entry. The problem with this is a rogue packet from a
server with the GW MAC as source can cause a station move resulting in
TORC21 hijacking the GW MAC address and blackholing all inter rack traffic.

Fix is to make the GW MAC "sticky" pinning it to the GW VTEP (TORC11). This
commit does it by installing the FDB entry as static if the MACIP route is
received with the default-GW community (mimics handling of
mac-mobility-with-sticky community)

Sample output with from TORC12 with TORC11 setup as gateway -
root@TORC21:~# net show evpn mac vni 1004 mac 00:00:5e:00:01:01
MAC: 00:00:5e:00:01:01
 Remote VTEP: 36.0.0.11 Remote-gateway Mac
 Neighbors:
    45.0.4.1
    fe80::200:5eff:fe00:101
    2001:fee1:0:4::1

root@TORC21:~# bridge fdb show |grep 00:00:5e:00:01:01|grep 1004
00:00:5e:00:01:01 dev vx-1004 vlan 1004 master bridge static
00:00:5e:00:01:01 dev vx-1004 dst 36.0.0.11 self static
root@TORC21:~#

Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
Ticket: CM-21508

diff --git a/zebra/zebra_vxlan.c b/zebra/zebra_vxlan.c
index 59f0cf52f0a1b46664f472442b23090663d568c3..a3b1c7d62e79db11103efad2b859e827edfacfc9 100644 (file)
--- a/zebra/zebra_vxlan.c
+++ b/zebra/zebra_vxlan.c
@@ -581,6 +581,9 @@ static void zvni_print_mac(zebra_mac_t *mac, void *ctxt)
        if (CHECK_FLAG(mac->flags, ZEBRA_MAC_DEF_GW))
                vty_out(vty, " Default-gateway Mac ");
 
+       if (CHECK_FLAG(mac->flags, ZEBRA_MAC_REMOTE_DEF_GW))
+               vty_out(vty, " Remote-gateway Mac ");
+
        vty_out(vty, "\n");
        /* print all the associated neigh */
        vty_out(vty, " Neighbors:\n");
@@ -2534,7 +2537,8 @@ static int zvni_mac_install(zebra_vni_t *zvni, zebra_mac_t *mac)
                return -1;
        vxl = &zif->l2info.vxl;
 
-       sticky = CHECK_FLAG(mac->flags, ZEBRA_MAC_STICKY) ? 1 : 0;
+       sticky = CHECK_FLAG(mac->flags,
+                        (ZEBRA_MAC_STICKY | ZEBRA_MAC_REMOTE_DEF_GW)) ? 1 : 0;
 
        return kernel_add_mac(zvni->vxlan_if, vxl->access_vlan, &mac->macaddr,
                              mac->fwd_info.r_vtep_ip, sticky);
@@ -5152,6 +5156,7 @@ void zebra_vxlan_remote_macip_add(ZAPI_HANDLER_ARGS)
        char buf[ETHER_ADDR_STRLEN];
        char buf1[INET6_ADDRSTRLEN];
        uint8_t sticky = 0;
+       u_char remote_gw = 0;
        uint8_t flags = 0;
        struct interface *ifp = NULL;
        struct zebra_if *zif = NULL;
@@ -5193,6 +5198,7 @@ void zebra_vxlan_remote_macip_add(ZAPI_HANDLER_ARGS)
                /* Get flags - sticky mac and/or gateway mac */
                STREAM_GETC(s, flags);
                sticky = CHECK_FLAG(flags, ZEBRA_MACIP_TYPE_STICKY);
+               remote_gw = CHECK_FLAG(flags, ZEBRA_MACIP_TYPE_GW);
                l++;
 
                if (IS_ZEBRA_DEBUG_VXLAN)
@@ -5266,6 +5272,8 @@ void zebra_vxlan_remote_macip_add(ZAPI_HANDLER_ARGS)
                if (!mac || !CHECK_FLAG(mac->flags, ZEBRA_MAC_REMOTE)
                    || (CHECK_FLAG(mac->flags, ZEBRA_MAC_STICKY) ? 1 : 0)
                               != sticky
+                   || (CHECK_FLAG(mac->flags, ZEBRA_MAC_REMOTE_DEF_GW) ? 1 : 0)
+                              != remote_gw
                    || !IPV4_ADDR_SAME(&mac->fwd_info.r_vtep_ip, &vtep_ip))
                        update_mac = 1;
 
@@ -5297,6 +5305,11 @@ void zebra_vxlan_remote_macip_add(ZAPI_HANDLER_ARGS)
                        else
                                UNSET_FLAG(mac->flags, ZEBRA_MAC_STICKY);
 
+                       if (remote_gw)
+                               SET_FLAG(mac->flags, ZEBRA_MAC_REMOTE_DEF_GW);
+                       else
+                               UNSET_FLAG(mac->flags, ZEBRA_MAC_REMOTE_DEF_GW);
+
                        zvni_process_neigh_on_remote_mac_add(zvni, mac);
 
                        /* Install the entry. */

diff --git a/zebra/zebra_vxlan_private.h b/zebra/zebra_vxlan_private.h
index fa7075f2de875ccaea81645178f32336e10d28a6..354126ca5d0f5db8dbde4615ebb5eccfee7f671b 100644 (file)
--- a/zebra/zebra_vxlan_private.h
+++ b/zebra/zebra_vxlan_private.h
@@ -247,6 +247,8 @@ struct zebra_mac_t_ {
 #define ZEBRA_MAC_STICKY  0x08  /* Static MAC */
 #define ZEBRA_MAC_REMOTE_RMAC  0x10  /* remote router mac */
 #define ZEBRA_MAC_DEF_GW  0x20
+/* remote VTEP advertised MAC as default GW */
+#define ZEBRA_MAC_REMOTE_DEF_GW        0x40
 
        /* Local or remote info. */
        union {