Donald Sharp [Fri, 13 Apr 2018 14:02:32 +0000 (10:02 -0400)]
pbrd: Allow PBR to ignore Access List commands
PBR is hooked up to receive access-list commands automatically,
as are all daemons, add the bit of code to allow the PBR
daemon to safely receive the command and ignore it for the
moment.
Ticket: CM-20569 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Fri, 13 Apr 2018 13:39:23 +0000 (09:39 -0400)]
lib: Restrict redistribution cli a bit
The PBR and PIM daemons, needed the ability to connect
to zebra. Unfortunately this connection also implied
an ability to redistribute to other valid protocols.
Add a additional hook to the route_types.pl script
to allow us to specify if the client type should
be redistributed at all.
Additionally cleanup the PIM code to not show up
as a protocol under the header for a 'show ip route'
command
Ticket: CM-20568 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
[zebra/zebra_vxlan.c:5779] -> [zebra/zebra_vxlan.c:5778]:
(warning) Either the condition 'if(svi_if_zif&&svi_if_link)'
is redundant or there is possible null pointer dereference: svi_if_zif.
[ripd/rip_snmp.c:208] -> [ripd/rip_snmp.c:207]: (warning) Either the condition
'if(rn&&!strncmp(i->name,ifp->name,INTERFACE_NAMSIZ))' is redundant or there is
possible null pointer dereference: rn.
Quentin Young [Tue, 10 Apr 2018 19:26:56 +0000 (15:26 -0400)]
doc: gracefully handle missing config.status
The docs extract various configuration values from config.status and
substitute them into placeholders throughout the docs. Add the ability
to build the docs with some reasonable defaults set instead of failing
when config.status doesn't exist.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Arthur Jones [Fri, 6 Apr 2018 00:52:15 +0000 (17:52 -0700)]
alpine packaging: use a more standard packaging format
Currently, we just package the frr daemons, but we don't run
them. This is fine for basic tests, but it is inconvenient to
orchestrate the daemons from downstream test environments.
Here, we follow the redhat and debianpkg formats more closely,
putting the daemons in /usr/lib/frr and including the frr user
and groups in the package. We also include a docker specific
startup script and a sysvinit link in /etc/init.d/frr for
openrc based alpine installs.
Testing done:
Built packages, built base images, everything seems to work fine.
Uninstalled the package, all the daemons stopped.
Issue: https://github.com/FRRouting/frr/issues/2030 Signed-off-by: Arthur Jones <arthur.jones@riverbed.com>
Quentin Young [Mon, 9 Apr 2018 20:18:05 +0000 (16:18 -0400)]
doc: add frr.conf syntax highlighting
Vincent Bernat has written a small Pygments lexer for IOS / Quagga
config files that works just as well on FRR stuff. Pulled that into our
docs with his blessing.
Also changed the background color on our code blocks away from that
kinda ugly green to gray, which looks way better with the syntax
highlighting changes that are about to happen in the next commit.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Quentin Young [Fri, 6 Apr 2018 22:17:31 +0000 (18:17 -0400)]
doc: cleanup daemon option flags
Short and long form options can be written on the same line, Sphinx
understands how to cross-reference using either one of them. Also
replace some - with _ where appropriate.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Donald Sharp [Mon, 9 Apr 2018 18:16:00 +0000 (14:16 -0400)]
zebra: Only send down pertinent information on RTM_DELROUTE
Background:
v6 does not have route replace semantics. If you want to add a nexthop
to an existing route, you just send RTM_NEWROUTE and the new nexthop.
If you want to delete a nexthop you should just send RTM_DELROUTE
with the removed nexthop.
This leads to situations where if zebra is processing a route
and has lost track of intermediate nexthops( yes this sucks )
then v6 routes will get out of sync when we try to implement
route replace semantics.
So notice when we are doing a route delete and the route is
not being updated, just send the prefix and tell it too delete.
Ticket: CM-20391 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 9 Apr 2018 18:09:35 +0000 (14:09 -0400)]
zebra: Cleanup debugs and add a bit more info
This commit does 2 things:
1) When receiving a route from the kernel, display the incoming
table as part of the debug, to facilatate knowing what we are
talking about as part of the debug.
2) When displaying nexthop information for routes we were sending
to the kernel, no need to display the route information every time
Display the route then the individual nexthops for what we are doing.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 9 Apr 2018 12:04:39 +0000 (08:04 -0400)]
zebra: Notice when our neighbor entry is removed and fight back
Notice when someone deletes a neighbor entry we've put in for
rfc-5549 gets deleted by some evil evil person. When this happens
notice and push it back in, immediately.
Ticket: CM-18612 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Sat, 31 Mar 2018 21:08:21 +0000 (17:08 -0400)]
zebra: Notice when our route is deleted and re-install.
The code to reinstall self originated routes was not behaving
correctly. For some reason we were looking for self originated
routes from the kernel to be of type KERNEL. This was probably
missed when we started installing the route types. We should
depend on the self originated flag that we determine from
the callback from the kernel.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com.
Don Slice [Mon, 26 Mar 2018 19:16:09 +0000 (19:16 +0000)]
pbrd: adjust/remove the rule correctly when dst and/or src removed
When the last match criteria was removed (dst-ip or src-ip), we were
not deleting the rule correctly for ipv6. This fix retains the
needed src-ip/dst-ip during the pbr_send_pbr_map process so the
appropriate information is available for the rule delete.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Donald Sharp [Mon, 26 Mar 2018 17:32:41 +0000 (13:32 -0400)]
pbrd: Remove table and rule range commands
Since PBR is meant to be for small deployments, allowing
end users to arbitrarily change rule and table ranges
without some more careful thought on what is going on
and how to do it, sets us up for issues.
At this time remove these knobs.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 26 Mar 2018 15:05:52 +0000 (11:05 -0400)]
zebra: Add code to notice nexthop changes for pbr tables
When we have a PBR installed as a table, we need to notice
when a nexthop changes and rethink the routes for the pbr
tables.
Add code to nexthop tracking to notice the pbr watched
nexthop has changed in some manner. If it is a pbr route
that depends on the nexthop then just enqueue it for
rethinking.
This is a bit of a hammer, we know that only pbr routes
are going to be installing routes in weird non-standard
tables as such we need to only handle nexthop changes
for nexthops that are actually changing that we care
about and to only requeue for route nodes we have
route entries for from PBR
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Mon, 26 Mar 2018 01:18:56 +0000 (21:18 -0400)]
pbrd: Do not use vrf_frame for pbrms display
When displaying a pbr map sequence for a show run do not use the
vty_frame construct. We should display the config even if we
do not have much to display.
Ticket: CM-20196 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Don Slice [Thu, 22 Mar 2018 13:56:56 +0000 (13:56 +0000)]
pbrd: fix deletion of match or src of valid pbr-map
When removing either the match dst or match src of a previously
valid pbr map, we would just try to re-install the rule which
was rejected. This fix deletes the old rule before we re-apply
the new rule.
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Donald Sharp [Mon, 19 Mar 2018 13:04:17 +0000 (09:04 -0400)]
pbrd: Remove pbr_events
The pbr_events.c file was a mistake in that it overly complicated
the code and made it hard to think about what was happening.
Remove all the events and just do the work where needed.
Additionally rethink the sending of the pbr map to
zebra and only send one notification at a time instead
of having the sending function attempt to figure out
what to do.
Clean up some of the no form of commands to make them
work properly.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com> Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Quentin Young [Mon, 19 Mar 2018 13:01:52 +0000 (09:01 -0400)]
lib: Add hash and use const a bit more intelligently
This commit adds code to notify the compiler that we
will not be changing the arguments to nexthop2str
and we expect thre return to be treated the same.
Additionally we add some code to allow nexthops to
be hashed to be used in a hash.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Donald Sharp [Tue, 23 Jan 2018 18:11:36 +0000 (13:11 -0500)]
pbrd: Add PBR to FRR
This is an implementation of PBR for FRR.
This implemenation uses a combination of rules and
tables to determine how packets will flow.
PBR introduces a new concept of 'nexthop-groups' to
specify a group of nexthops that will be used for
ecmp. Nexthop-groups are specified on the cli via:
nexthop-group DONNA
nexthop 192.168.208.1
nexthop 192.168.209.1
nexthop 192.168.210.1
!
PBR sees the nexthop-group and installs these as a default
route with these nexthops starting at table 10000
robot# show pbr nexthop-groups
Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1
Valid: 1 nexthop 192.168.209.1
Valid: 1 nexthop 192.168.210.1
Valid: 1 nexthop 192.168.208.1
I have also introduced the ability to specify a table
in a 'show ip route table XXX' to see the specified tables.
robot# show ip route table 10001
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route
F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25
* via 192.168.209.1, enp0s9, 00:14:25
* via 192.168.210.1, enp0s10, 00:14:25
PBR tracks PBR-MAPS via the pbr-map command:
!
pbr-map EVA seq 10
match src-ip 4.3.4.0/24
set nexthop-group DONNA
!
pbr-map EVA seq 20
match dst-ip 4.3.5.0/24
set nexthop-group DONNA
!
pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>'
to affect decisions about incoming packets. Additionally if you
only have one nexthop to use for a pbr-map you do not need
to setup a nexthop-group and can specify 'set nexthop XXXX'.
To apply the pbr-map to an incoming interface you do this:
interface enp0s10
pbr-policy EVA
!
When a pbr-map is applied to interfaces it can be installed
into the kernel as a rule:
[sharpd@robot frr1]$ ip rule show
0: from all lookup local
309: from 4.3.4.0/24 iif enp0s10 lookup 10001
319: from all to 4.3.5.0/24 iif enp0s10 lookup 10001
1000: from all lookup [l3mdev-table]
32766: from all lookup main
32767: from all lookup default
[sharpd@robot frr1]$ ip route show table 10001
default proto pbr metric 20
nexthop via 192.168.208.1 dev enp0s8 weight 1
nexthop via 192.168.209.1 dev enp0s9 weight 1
nexthop via 192.168.210.1 dev enp0s10 weight 1
The linux kernel now will use the rules and tables to properly
apply these policies.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Chirag Shah [Mon, 2 Apr 2018 21:37:10 +0000 (14:37 -0700)]
ospf6d: ECMP for Intra Area Prefix routes
Handle ECMP for Intra Area Prefix LSAs routes.
Ticket:CM-16139
Testing Done:
Configure ospf6 passive interface R2 and R3 with
same prefix address.
Check Intra Area Prefix LSA update at R1 and R3
which would have ECMP paths with effective two
paths and two nexthops (from R2 and R4).
stop frr at R3 and R1 and R4 route changes back to
one nexthop and one paht.
R1 ---- R2
| |
R3 ---- R4
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Quentin Young [Wed, 4 Apr 2018 18:20:25 +0000 (14:20 -0400)]
zebra: display holdem statics correctly
Holdem statics display the dest (and mask, if present) string that the
user entered instead of converting to CIDR notation and applying the
mask. They need to do the latter.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Arthur Jones [Wed, 4 Apr 2018 02:15:11 +0000 (19:15 -0700)]
alpine packaging: build packages and base image directly from git
Currently, we tar up the git repo before building alpine packages.
This ensures that the packages we're building are exactly what is
checked in. But, in practice, this restriction causes us to not
be able to build off of git contexts, which is a convenient feature
especially when using docker-compose.
So, here, we build the alpine packages directly from the contents
of the current directory and we install the packages into a base
image to ease downstream consumption. There is still work to be
done in that area, as we need to package up the daemons, frr user
and all the rest, but that's for later...
Testing-done:
Built directly from the git repo, built from a reference to the
git repo and built using docker-compose, all seemed to work. Also,
tested by @leleobhz and seems to build fine.
Thanks to Leonardo Amaral (@leleobhz) for reporting the issue and for
the original idea for a fix.
Issue: https://github.com/FRRouting/frr/issues/2024 Signed-off-by: Arthur Jones <arthur.jones@riverbed.com>
G. Paul Ziemba [Fri, 23 Mar 2018 23:57:03 +0000 (16:57 -0700)]
bgpd: nexthop tracking with labels for vrf-vpn leaking
Routes that have labels must be sent via a nexthop that also has labels.
This change notes whether any path in a nexthop update from zebra contains
labels. If so, then the nexthop is valid for routes that have labels.
If a nexthop update has no labeled paths, then any labeled routes
referencing the nexthop are marked not valid.
Add a route flag BGP_INFO_ANNC_NH_SELF that means "advertise myself
as nexthop when announcing" so that we can track our notion of the
nexthop without revealing it to peers.
projects / matthieu / frr.git / log