Don Slice [Tue, 12 Jan 2021 16:05:23 +0000 (11:05 -0500)]
tools: ignore missing seq nums in prefix and access lists in frr-reload.py
If frr.conf contains a prefix-list or access-list without a seq number,
frr-reload needs to be aware that it should not delete/add if the running
config contains a seq number.
Ticket: CM-32623 Signed-off-by: Don Slice <dslice@nvidia.com>
Don Slice [Tue, 12 Jan 2021 15:41:17 +0000 (10:41 -0500)]
tools: apply black formatting changes to frr-reload.py
Since new workflow instructions state to run black against
python change and it found formatting changes required that
were not part of my change set, committing those changes
separately.
Carlos Goncalves [Mon, 11 Jan 2021 09:42:19 +0000 (10:42 +0100)]
doc: fix reference links
The current securing BGP and resource certification reference links lead
to a page not found. This patch fixes that by pointing to their
corresponding PDF format resources.
Signed-off-by: Carlos Goncalves <cgoncalves@redhat.com>
in the nortbound callback for the boolean leaf multi-path-as-set, the
actual value of the leaf was being ignored. As a result, going from
as-set to no-as-set was having no effect.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
tests: tests for bgpd listing on multiple addresses
* Added a new topotest to test bgpd listening on multiple addresses.
* Updated the existing bgpd tests according to the parameter added to
bgp_master_init.
Signed-off-by: "Adriano Marto Reis" <adrianomarto@gmail.com>
Currently the transition metric style is redundant because isis will
always read both reachability TLVs regardless of the configured
metric style. Correct this by only considering TLVs matching our
configuration.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
make sure that the order in which the pcep-related commands are
removed by frr-reload.py is the correct one, i.e., pce followed
by pce-config followed by pcc.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
on one hand, the default value for a peer preference was always being
displayed, and on the other there was some code in frr-reload.py which
was attempting to add a default value to match this behavior, and which
was incorrectly overriding a specified preference. Fix this by removing
this code and making pathd behave like other daemons in this respect,
i.e. not displaying the default value.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Donald Sharp [Fri, 8 Jan 2021 21:52:41 +0000 (16:52 -0500)]
tests: Wait for bgp convergence *after* we re-add the interfaces
In test_bgp_mutli_vrf_topo2.py it's clear that we remove then
re-add the vrf interfaces. Then the test was immediately
checking to ensure that the routes were available.
BGP needs time to reconverge. Let's ensure that first.
Donald Sharp [Fri, 8 Jan 2021 12:44:42 +0000 (07:44 -0500)]
tools: Cleanup some zebra section of the support bundle
a) Add some useful commands
b) Remove `show error all` this just dumps the error codes. If
we know the version we don't need this. Additionally this is
rather large.
Donald Sharp [Fri, 8 Jan 2021 12:42:08 +0000 (07:42 -0500)]
tools: Cleanup bgp commands in the support bundle
Add some missing commands ( I am sure that there are more useful ones to )
Cleanup to use the modern non-deprecated syntax in case anyone runs across
this.
Renato Westphal [Thu, 10 Dec 2020 23:43:11 +0000 (20:43 -0300)]
isisd: remove two overly verbose LFA debug messages
These two debug messages are so verbose to a point they impact
performance when testing RLFA/TI-LFA on large-scale networks. Remove
them since they aren't really useful.
Renato Westphal [Tue, 8 Dec 2020 14:54:32 +0000 (11:54 -0300)]
isisd: fix logging of uninitialized data in the TI-LFA code
Always call vid2string() whenever necessary instead of trying to be
too clever and call it only once. The original assumption was that
"buf" only needed to be initialized when LFA debugging was enabled,
but we also need that buffer when logging one error message.
Renato Westphal [Mon, 7 Dec 2020 16:17:42 +0000 (13:17 -0300)]
tests: add IS-IS RLFA topotest
Add new RLFA topotest that tests all RLFA configuration knobs and
how isisd and ldpd react to various configuration changes that can
occur in the network.
Renato Westphal [Tue, 1 Dec 2020 03:12:08 +0000 (00:12 -0300)]
tests: add remote LFA unit tests
Extend the existing SPF unit testing infrastructure so that it can
test RLFA as well.
These new unit tests are useful to test the RLFA PQ node
computation on several different network topologies in a timely
manner. Artificial LDP labels (starting from 50000) are used to
activate the computed RLFAs.
It's worth mentioning that the computed backup routing tables
contain both local LFAs and remote LFAs, as running RLFA separately
isn't possible.
Renato Westphal [Thu, 26 Nov 2020 02:39:09 +0000 (23:39 -0300)]
isisd: implement Remote LFA
Remote LFA (RFC 7490) is an extension to the base LFA mechanism
that uses dynamically determined tunnels to extend the IP-FRR
protection coverage.
RLFA is similar to TI-LFA in that it computes a post-convergence
SPT (with the protected interface pruned from the network topology)
and the P/Q spaces based on that SPT. There are a few differences
however:
* RLFAs can push at most one label, so the P/Q spaces need to
intersect otherwise the destination can't be protected (the
protection coverage is topology dependent).
* isisd needs to interface with ldpd to obtain the labels it needs to
create a tunnel to the PQ node. That interaction needs to be done
asynchronously to prevent blocking the daemon for too long. With
TI-LFA all required labels are already available in the LSPDB.
RLFA and TI-LFA have more similarities than differences though,
and thanks to that both features share a lot of code.
Limitations:
* Only RLFA link protection is implemented. The algorithm used
to find node-protecting RLFAs (RFC 8102) is too CPU intensive and
doesn't always work. Most vendors implement RLFA link protection
only.
* RFC 7490 says it should be a local matter whether the repair path
selection policy favors LFA repairs over RLFA repairs. It might be
desirable, for instance, to prefer RLFAs that satisfy the downstream
condition over LFAs that don't. In this implementation, however,
RLFAs are only computed for destinations that can't be protected
by local LFAs.
Renato Westphal [Sun, 6 Dec 2020 01:10:54 +0000 (22:10 -0300)]
isisd: fix LFA command to use correct operations
The "load-sharing" node is a boolean leaf that has a default
value. As such, it doesn't make sense to either create or delete
it. That node always exists in the configuration tree. Its value
should only be modified. Change the corresponding CLI wrapper
command to reflect that fact.
This commit doesn't introduce any change of behavior as the NB API
maps create/destroy edit operations to modify operations whenever
that makes sense. However it's better to not rely on that behavior
and always use the correct operations in the CLI commands.
Renato Westphal [Sun, 6 Dec 2020 00:45:52 +0000 (21:45 -0300)]
ldpd: add support for RLFA clients
Add an API that allows IGP client daemons to register/unregister
RLFAs with ldpd.
IGP daemons need to be able to query the LDP labels needed by RLFAs
and monitor label updates that might affect those RLFAs. This is
similar to the NHT mechanism used by bgpd to resolve and monitor
recursive nexthops.
This API is based on the following ZAPI opaque messages:
* LDP_RLFA_REGISTER: used by IGP daemons to register an RLFA with ldpd.
* LDP_RLFA_UNREGISTER_ALL: used by IGP daemons to unregister all of
their RLFAs with ldpd.
* LDP_RLFA_LABELS: used by ldpd to send RLFA labels to the registered
clients.
For each RLFA, ldpd needs to return the following labels:
* Outer label(s): the labels advertised by the adjacent routers to
reach the PQ node;
* Inner label: the label advertised by the PQ node to reach the RLFA
destination.
For the inner label, ldpd automatically establishes a targeted
neighborship with the PQ node if one doesn't already exist. For that
to work, the PQ node needs to be configured to accept targeted hello
messages. If that doesn't happen, ldpd doesn't send a response to
the IGP client daemon which in turn won't be able to activate the
previously computed RLFA.
Renato Westphal [Sat, 5 Dec 2020 20:10:04 +0000 (17:10 -0300)]
ldpd: detect when route received from zebra hasn't changed
Add some code to detect when a route received from zebra hasn't
changed and ignore the notification in that case, preventing ldpd
from sending unnecessary label mappings.
Donald Sharp [Fri, 8 Jan 2021 00:24:13 +0000 (19:24 -0500)]
bgpd: Move afi indepedent code outside of checks for it
In bgp_zebra_announce we do work to apply the table map.
This is the same for both v4 and v6 but we have the code
duplicated in both v4 and v6 if statements. Move outside
to reduce the duplications.
Wesley Coakley [Tue, 5 Jan 2021 09:22:57 +0000 (04:22 -0500)]
bgpd: separate lcommunity validation from tokenizer
`lcommunity_gettoken` expects a space-delimeted list of 0 or more large
communities. `lcommunity_list_valid` can perform this check.
`lcommunity_list_valid` now validates large community lists more
accurately based on the following condition: Each quantity in a standard bgp
large community must:
1. Contain at least one digit
2. Fit within 4 octets
3. Contain only digits unless the lcommunity is "expanded"
4. Contain a valid regex if the lcommunity is "expanded"
Moreover we validate that each large community list contains exactly 3
such values separated by a single colon each.
One quirk of our validation which is worth documenting is:
The first line will throw an error complaining about a "malformed community-list
value". The second line will be accepted because the each value is each treated as
a regex when matching large communities, it simply will never match anything so
it's rather useless.
Pat Ruddy [Tue, 5 Jan 2021 17:18:39 +0000 (17:18 +0000)]
tests: add test for labelmanager plugin
An external label manager plugin may want to use the following
functions:
- create_label_chunk
- assign_label_chunk
- delete_label_chunk
- release_label_chunk
This test ensures that they are externally visible.
projects / mirror / frr.git / log