bgpd: Prevent vrf 2 vrf route leaking from going offbox.

The vrf 2 vrf route leaking auto-derives RD and RT and
installs the routes into the appropriate vpn table.
These routes when a operator configured ipv[4|6] vpn
neighbors were showing up off box.  The RD and RT
values choosen are localy significant but globaly
useless and may cause confusion.

Put a special bit of code in to notice that we
should not be advertising these routes off box.

Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>

diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c
index 1380c9cd09694c2bfb8ea30cf4d8c0179a9ccd77..b6e9ee3cb233e85730b8dde983e0b96c544982cc 100644 (file)
--- a/bgpd/bgp_attr.c
+++ b/bgpd/bgp_attr.c
@@ -597,9 +597,9 @@ static void attr_show_all_iterator(struct hash_backet *backet, struct vty *vty)
 
        vty_out(vty, "attr[%ld] nexthop %s\n", attr->refcnt,
                inet_ntoa(attr->nexthop));
-       vty_out(vty, "\tflags: %" PRIu64 " med: %u local_pref: %u origin: %u weight: %u\n",
+       vty_out(vty, "\tflags: %" PRIu64 " med: %u local_pref: %u origin: %u weight: %u label: %u\n",
                attr->flag, attr->med, attr->local_pref, attr->origin,
-               attr->weight);
+               attr->weight, attr->label);
 }
 
 void attr_show_all(struct vty *vty)

diff --git a/bgpd/bgp_label.h b/bgpd/bgp_label.h
index 01bf8b372b651aac4a6c6dafbc3510cf2bee4e97..2b2525dd0e3439a7551c6107842febf9572e4e8d 100644 (file)
--- a/bgpd/bgp_label.h
+++ b/bgpd/bgp_label.h
@@ -24,6 +24,7 @@
 #define BGP_LABEL_BYTES 3
 #define BGP_LABEL_BITS 24
 #define BGP_WITHDRAW_LABEL 0x800000
+#define BGP_PREVENT_VRF_2_VRF_LEAK 0xFFFFFFFE
 
 struct bgp_node;
 struct bgp_info;

diff --git a/bgpd/bgp_mplsvpn.c b/bgpd/bgp_mplsvpn.c
index fdef7ba561b2dae2b13c065378a3584b9fdcd8f9..64d12cf6078540c26bbc42938d60a5bde3a10d6b 100644 (file)
--- a/bgpd/bgp_mplsvpn.c
+++ b/bgpd/bgp_mplsvpn.c
@@ -87,6 +87,10 @@ void encode_label(mpls_label_t label, mpls_label_t *label_pnt)
        uint8_t *pnt = (uint8_t *)label_pnt;
        if (pnt == NULL)
                return;
+       if (label == BGP_PREVENT_VRF_2_VRF_LEAK) {
+               *label_pnt = label;
+               return;
+       }
        *pnt++ = (label >> 12) & 0xff;
        *pnt++ = (label >> 4) & 0xff;
        *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */
@@ -1497,6 +1501,8 @@ void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
                        ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0);
                SET_FLAG(from_bgp->af_flags[afi][safi],
                         BGP_CONFIG_VRF_TO_VRF_EXPORT);
+               from_bgp->vpn_policy[afi].tovpn_label =
+                       BGP_PREVENT_VRF_2_VRF_LEAK;
        }
        ecom = from_bgp->vpn_policy[afi].rtlist[edir];
        if (to_bgp->vpn_policy[afi].rtlist[idir])
@@ -1612,6 +1618,8 @@ void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp,
                       sizeof(struct prefix_rd));
                UNSET_FLAG(from_bgp->vpn_policy[afi].flags,
                           BGP_VPN_POLICY_TOVPN_RD_SET);
+               from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE;
+
        }
 }
 

diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index a71f5ac95659e9be650c53a307458d305b8c304a..90fa39b44543ba50eff6f4a4769359c25f6003ba 100644 (file)
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -1418,6 +1418,16 @@ int subgroup_announce_check(struct bgp_node *rn, struct bgp_info *ri,
                        return 0;
                }
 
+       /*
+        * If we are doing VRF 2 VRF leaking via the import
+        * statement, we want to prevent the route going
+        * off box as that the RT and RD created are localy
+        * significant and globaly useless.
+        */
+       if (safi == SAFI_MPLS_VPN && ri->extra && ri->extra->num_labels
+           && ri->extra->label[0] == BGP_PREVENT_VRF_2_VRF_LEAK)
+               return 0;
+
        /* If it's labeled safi, make sure the route has a valid label. */
        if (safi == SAFI_LABELED_UNICAST) {
                mpls_label_t label = bgp_adv_label(rn, ri, peer, afi, safi);

diff --git a/bgpd/rfapi/rfapi_vty.c b/bgpd/rfapi/rfapi_vty.c
index 5fb44bb492cadd1c8b5a17d173335ef48ad79113..ccaa472092d37e3c3b1873b13ef34c712c15016d 100644 (file)
--- a/bgpd/rfapi/rfapi_vty.c
+++ b/bgpd/rfapi/rfapi_vty.c
@@ -46,6 +46,7 @@
 #include "bgpd/bgp_aspath.h"
 #include "bgpd/bgp_community.h"
 #include "bgpd/bgp_vnc_types.h"
+#include "bgpd/bgp_label.h"
 
 #include "bgpd/rfapi/rfapi_import.h"
 #include "bgpd/rfapi/rfapi_private.h"
@@ -431,8 +432,13 @@ void rfapi_vty_out_vncinfo(struct vty *vty, struct prefix *p,
                XFREE(MTYPE_ECOMMUNITY_STR, s);
        }
 
-       if (bi->extra != NULL)
-               vty_out(vty, " label=%u", decode_label(&bi->extra->label[0]));
+       if (bi->extra != NULL) {
+               if (bi->extra->label[0] == BGP_PREVENT_VRF_2_VRF_LEAK)
+                       vty_out(vty, " label=VRF2VRF");
+               else
+                       vty_out(vty, " label=%u",
+                               decode_label(&bi->extra->label[0]));
+       }
 
        if (!rfapiGetVncLifetime(bi->attr, &lifetime)) {
                vty_out(vty, " life=%d", lifetime);