jaydom [Mon, 23 Jan 2017 02:45:30 +0000 (10:45 +0800)]
bgpd: add flowspec feature
This work is derived from a work done by China-Telecom.
That initial work can be found in [0].
As the gap between frr and quagga is important, a reworks has been
done in the meantime.
The initial work consists of bringing the following:
- Bringing the client side of flowspec.
- the enhancement of address-family ipv4/ipv6 flowspec
- partial data path handling at reception has been prepared
- the support for ipv4 flowspec or ipv6 flowspec in BGP open messages,
and the internals of BGP has been done.
- the memory contexts necessary for flowspec has been provisioned
In addition to this work, the following has been done:
- the complement of adaptation for FS safi in bgp code
- the code checkstyle has been reworked so as to match frr checkstyle
- the processing of IPv6 FS NLRI is prevented
- the processing of FS NLRI is stopped ( temporary)
Philippe Guibert [Wed, 10 Jan 2018 18:13:27 +0000 (19:13 +0100)]
lib: prefix support for flowspec
prefix structure is used to handle flowspec prefixes. A new AFI is
introduced: AF_FLOWSPEC. A sub structure named flowspec_prefix is
used in prefix to host the flowspec entry.
Reason to introduce that new kind is that prefixlen from prefix
structure is too short to all the flowspec needs, since NLRI can go over
0xff bytes.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
bgpd: add API to allocate a range of table identifiers
In BGP, doing policy-routing requires to use table identifiers.
Flowspec protocol will need to have that. 1 API from bgp zebra has been
done to get the table chunk.
Internally, onec flowspec is enabled, the BGP engine will try to
connect smoothly to the table manager. If zebra is not connected, it
will try to connect 10 seconds later. If zebra is connected, and it is
success, then a polling mechanism each 60 seconds is put in place. All
the internal mechanism has no impact on the BGP process.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
zebra: add the handling of table ids from remote daemons
This commit is connecting the table manager with remote daemons by
handling the queries.
As the function is similar in many points with label allocator, a
function has been renamed.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
The range is given from table manager from zebra daemon.
There are 2 ranges available for table identifier:
- [1;252] and [256;0xffffffff]
If the wished size enters in the first range, then the start and end
range of table identifier is given within the first range.
Otherwise, the second range is given, and an appropriate range is given.
Note that for now, the case of the VRF table identifier used is not
taken into account. Meaning that there may be overlapping. There are two
cases to handle:
- case a vrf lite is allocated after the zebra and various other daemons
started.
- case a vrf lite is initialised and the daemons then start
The second case is easy to handle. For the former case, I am not so
sure.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
lib: add framework for allocating routing table identifier IDs
The library changes add 3 new messages to exchange between daemons and
ZEBRA.
- ZEBRA_TABLE_MANAGER_CONNECT,
- ZEBRA_GET_TABLE_CHUNK,
- ZEBRA_RELEASE_TABLE_CHUNK,
the need is that routing tables identifier are shared by various
services. For the current case, policy routing enhancements are planned
to be used in FRR. Poliy routing relies on routing tables identifiers
from kernels. It will be mainly used by the future policy based routing
daemon, but not only. In the flowspec case, the BGP will need also to
inject policy routing information into specific routing tables.
For that, the proposal is made to let zebra give the appropriate range
that is needed for all daemons.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Quentin Young [Mon, 19 Mar 2018 16:35:48 +0000 (12:35 -0400)]
tools, doc: update checkpatch for u_int_*
* Checkpatch.pl now checks for nonstandard integral types
* Add shell script to replace all nonstandard types with their standard
counterparts in C source files
* Document usage of types, mention conversion script
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Philippe Guibert [Tue, 23 Jan 2018 17:09:12 +0000 (18:09 +0100)]
bgpd: add an API to get incoming VRF from a RT
This commit is relying on bgp vpn-policy. It is needed to configure
several bgp vrf instances, and in each of the bgp instance, configure
the following command under address-family ipv4 unicast node:
[no] rt redirect import RTLIST
Then, a function is provided, that will parse the BGP instances.
The incoming ecommunity will be compared with the configured rt redirect
import ecommunity list, and return the VRF first instance of the matching
route target.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Quentin Young [Mon, 26 Mar 2018 05:24:41 +0000 (01:24 -0400)]
bgpd: actually suppress coalesce-time
Previous patches to suppress display of automatically calculated
coalesce-time did not fully work because the flag indicating whether the
value was automatically calculated was not set properly upon creation.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Chirag Shah [Mon, 12 Mar 2018 23:37:06 +0000 (16:37 -0700)]
ospf6d: retain inter area border router type-4
During Intra area border router calculation, all
border routers are marked for remove from brouter table.
Once SPF calculation is done, retain inter area
border router if the adv. intra border router (abr)
is present in SPF table.
Ticket:CM-20171
Testing Done:
Validated inter area ASBR (L1) is retained at
R1 and R2 post intra border router calculation.
L1 -- (area 1)-- L2 -- (area 0) -- R1 --- R2
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
vivek [Wed, 1 Nov 2017 20:36:46 +0000 (13:36 -0700)]
bgpd: Use BGP instance to derive the VRF for route uninstall
When uninstalling routes from zebra, ensure that the BGP instance for
which processing is being done is used to derive the VRF. It is incorrect
to derive the VRF from the peer when dealing with scenarios like VRF route
leaking, EVPN symmetric/external routing etc., where the peer which sourced
the route could belong to a different VRF.
Donald Sharp [Tue, 20 Mar 2018 13:18:01 +0000 (09:18 -0400)]
bgpd: Fix peer withdrawal and route leaking for vpn's and vrf's
When a peer is removed the routes are withdrawn via bgp_process_main_one
As such we need to put a bit of code in to handle this situation
for the vpn/vrf route leaking code.
I think this code path is also called for when a vrf's route is
changed and I believe we will end up putting a bit more code
here to handle the nexthop changes.
I've also started trying to document the bgp_process_main_one
function a bit better.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
lyq140 [Wed, 21 Mar 2018 11:46:36 +0000 (07:46 -0400)]
ripd: considering a interface with 2 or more IP
This commit fixes these three issues:
1) rinfo is used for rip packet sending not tmp_rinfo
2) With RIP_SPLIT_HORIZON and an interface with more than 1 ip addresses
we will not send the routes out an interface that they originate on
3) With RIP_SPLIT_HORIZON_POISONED_REVERSE and an interface with
more than 1 ip address we will not send out ipA with a metric of 16
and ipb with a metric of 1. Both will be 16 now.
Quentin Young [Tue, 20 Mar 2018 19:07:36 +0000 (15:07 -0400)]
watchfrr, vtysh: do not write config during crash
If a daemon is restarting, crashed, or otherwise in the process of
reconnecting to watchfrr and a user issues "write memory" or "write
file" the resulting config will not include the configuration of that
daemon. This is problematic because this output will overwrite the
previous config, potentially causing unintentional loss of configuration
stored only in the config file based upon timing.
This patch remedies that by making watchfrr check that all daemons are
up before attempting a configuration write, and updating vtysh so that
its failsafe respects this condition as well.
Note that this issue only manifests when using integrated config.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Quentin Young [Wed, 14 Mar 2018 18:56:03 +0000 (14:56 -0400)]
doc: cleanup some misc files
* Translate plaintext stub documenting bgpd preprocessor constants for
attributes into a RST file and include it in the doctree
* Remove the Markdown version of the OSPF-API document, as I've already
translated it into RST
* Remove the Markdown version of the modules document, as I've already
translated it into RST
* Rename the various "Building_FRR_*" documents to match standard RST
file conventions
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Quentin Young [Wed, 14 Mar 2018 20:36:14 +0000 (16:36 -0400)]
doc: cligraph.svg -> cligraph.png, misc cleanup
LaTeX doesn't know how to typeset SVG images, so use a png. Sphinx has a
plugin to automatically convert images to the right format for every
builder but it depends on imagemagick and God only knows what plugin
support is like on Centos 6...
Also correct the name of the BGP typecodes doc in its index file.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Quentin Young [Wed, 14 Mar 2018 18:56:03 +0000 (14:56 -0400)]
doc: cleanup some misc files
* Translate plaintext stub documenting bgpd preprocessor constants for
attributes into a RST file and include it in the doctree
* Remove the Markdown version of the OSPF-API document, as I've already
translated it into RST
* Remove the Markdown version of the modules document, as I've already
translated it into RST
* Rename the various "Building_FRR_*" documents to match standard RST
file conventions
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
- vpn_leak_to_vpn_active(): check instance type
- vpn_leak_prechange(): qualify with test for active
- vpn_leak_postchange(): remove duplicated call to
vpn_leak_from_vrf_update_all()
- bgp_vty.c: Avoid null-pointer dereference for command "no rt vpn import"
G. Paul Ziemba [Fri, 16 Mar 2018 18:11:37 +0000 (11:11 -0700)]
bgpd: new vpn-policy CLI
PR #1739 added code to leak routes between (default VRF) VPN safi and unicast RIBs in any VRF. That set of changes included temporary CLI including vpn-policy blocks to specify RD/RT/label/&c. After considerable discussion, we arrived at a consensus CLI shown below.
The code of this PR implements the vpn-specific parts of this syntax:
Arthur Jones [Mon, 12 Mar 2018 19:24:26 +0000 (12:24 -0700)]
docker build: build Alpine Linux dev packages in docker
Building alpine packages in a "standard" distro can be
complicated due to the limited scope of the distro (embedded
and small docker images). Building in a VM is one possibility,
but docker support for alpine is very good (default docker images
come in alpine due to the very small size).
Here, we want to package up the current git repo into apk packages
that can be easily installed in alpine linux using the apk tool.
This support is not intended to package released versions of
apk packages, that, if it comes to be, should be done here:
git://git.alpinelinux.org/aports
We're content here to build packages that can be used by developers
to try out frr in docker and other alpine environments.
This is a very minimal environment, we don't support importing
keys (so, installing the packages with apk requires the
--allow-untrusted option). In addition, we can't use the
git commit id in hex as version tag, as alpine doesn't support hex
digits in the version string. So, we need to convert the git hash
to decimal before tagging the package with the extra version.
This is yucky, but I can't think of another way to get a
unique version per package. The alpine way (using a numeric date),
only works for released packages, not for dev packages.
Issue: https://github.com/FRRouting/frr/issues/1859 Signed-off-by: Arthur Jones <arthur.jones@riverbed.com>
Arthur Jones [Mon, 19 Mar 2018 17:04:00 +0000 (10:04 -0700)]
redhat: enable dist tarball to build in a chroot
When building the rpms, we can use a chroot (in my case docker) to
ensure that the BuildRequires are complete. This test failed with
errors like:
checking for CARES... no
configure: error: trying to build nhrpd, but libcares not found. install c-ares and its -dev headers.
error: Bad exit status from /var/tmp/rpm-tmp.FewvLf (%build)
This is due to a couple missing BuildRequires in the spec file. Here, we
add those in for all RPM builds.
Testing done:
Ran a docker build on CentOS7 which succeeded. Loaded the modules onto
CentOS6 to make sure they were at least valid there, that succeeded.
Issue: https://github.com/FRRouting/frr/issues/1930 Signed-off-by: Arthur Jones <arthur.jones@riverbed.com>
projects / mirror / frr.git / log