zebra: avoid initialising more than one the l3vni hash structure
the l3vni structure is allocated only once, since that structure is only
used for default netns. For that, move the initialisation part is moved
to a proper place, where there is no risk of attempting to initialise it
more than once, even when vrf backend is netns.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Donald Sharp [Sat, 15 Dec 2018 15:49:59 +0000 (10:49 -0500)]
topotests: Cleanup diagnose_env to allow thought about multi-platforms
Start the cleanup of diagnose_env to allow the running of topotests
on platforms besides linux.
So we split up diagnose_env into linux and freebsd variants.
At this point in time freebsd doesn't have any special code.
To be determined in the future.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Mark Stapp [Thu, 13 Dec 2018 19:15:27 +0000 (14:15 -0500)]
zebra: use a small retry timeout for the rib workqueue
In the zebra rib processing workqueue, set a small timeout
so that we will wait a short time if the queue into the
async dataplane is full. This helps avoid a situation where
the zebra main pthread constantly retries rib work without
giving the dataplane pthread a chance to make progress.
Mark Stapp [Tue, 11 Dec 2018 19:56:08 +0000 (14:56 -0500)]
libs: support timeout for workqueue retries
Support an optional timeout/delay for use when a workqueue
determines that it is blocked, instead of retrying immediately.
Also, schedule as an 'event' instead of a 'timer' when using
a zero timeout value.
Donald Sharp [Thu, 13 Dec 2018 14:21:26 +0000 (09:21 -0500)]
zebra: Allow zebra to only mark up to multipath_num nexthops as ACTIVE
NEXTHOP_FLAG_ACTIVE currently means that the nexthop is considered
good enough to be installed. With current ecmp restrictions this
translation from multipath_num is enforced in the data plane.
The problem with this is of course that every data plane now
becomes concerned about the multipath num and must enforce it
independently. Currently *bsd does not honor multipath_num at
all and linux marks all nexthops as being installed even when
it honors a multipath_num that is less than the total.
This code change moves the multipath_num enforcement from a dataplane
decision to a zebra nexthop decision. Thus dataplanes now can
just install those nexthops marked as NEXTHOP_FLAG_ACTIVE
without having to worry about multipath_num.
*BSD will now respect multipath_num and Linux now properly notes
which routes are actually installed or not:
donna.cumulusnetworks.com(config)# do show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route
K>* 0.0.0.0/0 [0/106] via 10.0.2.2, enp0s3, 00:00:45
S>* 4.4.4.4/32 [1/0] via 10.0.2.1, enp0s3, 00:00:02
* via 192.168.209.1, enp0s8, 00:00:02
via 192.168.210.1, enp0s9 inactive, 00:00:02
C>* 10.0.2.0/24 is directly connected, enp0s3, 00:00:45
C>* 192.168.209.0/24 is directly connected, enp0s8, 00:00:45
C>* 192.168.210.0/24 is directly connected, enp0s9, 00:00:45
donna.cumulusnetworks.com(config)#
sharpd@donna ~/f/t/topotests> ip route show
default via 10.0.2.2 dev enp0s3 proto dhcp metric 106
4.4.4.4 proto 196 metric 20
nexthop via 10.0.2.1 dev enp0s3 weight 1
nexthop via 192.168.209.1 dev enp0s8 weight 1
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 106
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
192.168.209.0/24 dev enp0s8 proto kernel scope link src 192.168.209.2 metric 105
192.168.210.0/24 dev enp0s9 proto kernel scope link src 192.168.210.2 metric 103 Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Mark Stapp [Tue, 11 Dec 2018 19:17:42 +0000 (14:17 -0500)]
zebra: make incoming zserv message-processing a singleton event
Stop creating individual, one-time events as each batch of
incoming zserv/zapi messages is processed - use a singleton
event so that the incoming message activity is more fair if
the zebra main pthread has other events to run.
Donald Sharp [Wed, 12 Dec 2018 15:18:13 +0000 (10:18 -0500)]
zebra: Make v4 and v6 code paths for rib_XXX calls in kernel_socket the same
Make the v4 and v6 code paths for rib_XXX calls in kernel_socket
as similiar as we can possibly make them. There is no need
for code duplication at this point in time.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 12 Dec 2018 15:15:27 +0000 (10:15 -0500)]
zebra: Remove rib_lookup_ipv4_route
The rib_lookup_ipv4_route function is only used in a debug path.
Is only used for v4 and only checks to make sure that the rib
and fib are in sync( which is not needed/used/supported on other
platforms ). So let's just remove it.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Wed, 12 Dec 2018 13:02:08 +0000 (08:02 -0500)]
zebra: For rnh handling use actual resolved nexthop
For nexthop handling use the actual resolved nexthop.
Nexthops are stored as a `special` list:
Suppose we have 3 way ecmp A, B, C:
nhop A -> resolves to nhop D
|
nhop B
|
nhop C -> resolves to nhop E
A and C are typically NEXTHOP_TYPE_IPV4( or 6 ) if they recursively resolve
We do not necessarily store the ifindex that this resolves to.
Current nexthop code only loops over A,B and C and uses those for
the zebra_rnh.c handling. So interested parties might receive non-fully
resolved nexthops( and they assume they are! ).
Let's convert the looping to go over all nexthops and only deal with
the resolved ones, so we will look at and use D,B and E.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Donald Sharp [Sat, 8 Dec 2018 19:13:55 +0000 (14:13 -0500)]
topotests: Add a basic route leak vrf test
A recent commit broke this functionality, so add a very basic
route leak vrf test.
router bgp 99 vrf DONNA
address-family ipv4 uni
redistribute connected
import vrf EVA
router bgp 99 vrf EVA
address-family ipv4 uni
redistribute connected
import vrf DONNA
Routes should be leaked between the two vrf's. Ensure that it does.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Christian Franke [Mon, 10 Dec 2018 17:01:34 +0000 (18:01 +0100)]
tests/topotests: Pull docker image from registry
We have set up automated builds for the topotest images at dockerhub.
Therefore, people don't need to perform a local build to run the
topotests on docker, but can use the image built by dockerhub.
As there is not much benefit in building locally, but the disadvantage
of weird errors if using an outdated image, change the topotests target
to always pull the most recent image from dockerhub.
Add an environment variable to disable this, e.g. for local development.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
Renato Westphal [Sat, 8 Dec 2018 19:31:16 +0000 (17:31 -0200)]
lib, tests: add support for keyless YANG lists
YANG allows lists without keys for operational data, in which case
the list elements are uniquely identified using a positional index
(starting from one).
This commit does the following:
* Remove the need to implement the 'get_keys' and 'lookup_entry'
callbacks for keyless lists.
* Extend nb_oper_data_iter_list() so that it special-cases keyless
lists appropriately. Since both the CLI and the sysrepo plugin
use nb_oper_data_iterate() to fetch operational data, both these
northbound clients automatically gain the ability to understand
keyless lists without additional changes.
* Extend the confd plugin to special-case keyless lists as well. This
was a bit painful to implement given ConfD's clumsy API, but
keyless lists should work ok now.
* Update the "test_oper_data" unit test to test keyless YANG lists in
addition to regular lists.
Christian Franke [Fri, 23 Nov 2018 00:12:24 +0000 (01:12 +0100)]
fabricd: Populate NL from adjdb, not spf
We should really populate the neighbor list for the flooding
optimization from our local adjacency database and not from
a one-hop SPF.
If we use SPF, we may end up never exchanging information with
some neighbors since the bidirectional connection check for spf
fails, since LSPs did not get exchanged.
Signed-off-by: Christian Franke <chris@opensourcerouting.org>
David Lamparter [Tue, 30 Oct 2018 01:02:00 +0000 (02:02 +0100)]
build: fix reproducibility re. -fdebug-prefix-map
If CFLAGS contains something like `-fdebug-prefix-map=/build/path=.`, we
need to remove it from CONFIG_ARGS so it doesn't get baked into `show
version`. Otherwise, build becomes non-reproducible if the build path
changes. To avoid other things creeping in, let's just remove *FLAGS in
their entirety. (Not really reliable information anyway.)
With this commit, FRR build should be 100% reproducible.
Signed-off-by: David Lamparter <equinox@diac24.net>
Renato Westphal [Fri, 7 Dec 2018 17:27:34 +0000 (15:27 -0200)]
lib: fix NETCONF network-wide transactions for confd and sysrepo
ConfD and Sysrepo implement configuration transactions using a
two-phase commit protocol (prepare + abort/apply). For network-wide
transactions to work, ConfD and Sysrepo move to the second phase of
the commit protocol only after receiving the results of the first
phase from all devices involved in the transaction. If all devices
succeed in the 'prepare' phase, then all of them move to the 'apply'
phase and the transaction is committed. On the other hand, if any
device fails in the 'prepare' phase, all of them move to 'abort'
phase and the transaction is aborted.
The confd and sysrepo plugins were implementing the full
two-phase commit protocol upon receiving a request to validate
the configuration changes and allocate all resources required to
apply them (first phase). The notifications to abort or apply the
changes (second phase) were being ignored since everything was being
done in the first phase for simplicity. This wasn't a problem for
single-device transactions, but it is for transactions involving
multiple devices. Rework the code a bit to do things properly and
fix this problem.
Donald Sharp [Fri, 7 Dec 2018 14:01:59 +0000 (09:01 -0500)]
bgpd: Convert adj_out to a RB tree
The adj_out data structure is a linked list of adjacencies
1 per update group. In a large scale env where we are
not using peer groups, this list lookup starts to become
rather costly. Convert to a better data structure for this.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Renato Westphal [Fri, 7 Dec 2018 12:35:16 +0000 (10:35 -0200)]
lib: implement the "show" command
The "show" command will be available in the configuration mode and
all configuration subnodes. It's used to display the section of
the candidate configuration being edited, instead of displaying
the entire candidate configuration like when "show configuration
candidate" is used. The goal is to add more convenience when editing
huge configurations.
When the transactional CLI mode is not used, the candidate
configuration and the running configuration are identical, hence in
this case we can say that the "show" command displays the section
of the running configuration being edited.
Example:
ripd(config)# show
Configuration:
!
frr version 6.1-dev
frr defaults traditional
!
interface eth0
ip rip split-horizon poisoned-reverse
ip rip authentication mode md5
ip rip authentication string supersecret
!
interface eth1
ip rip receive version 1
ip rip send version 1
!
router rip
allow-ecmp
route 10.0.1.0/24
route 10.0.2.0/24
!
end
ripd(config)#
ripd(config)#
ripd(config)# interface eth0
ripd(config-if)# show
!
interface eth0
ip rip split-horizon poisoned-reverse
ip rip authentication mode md5
ip rip authentication string supersecret
!
ripd(config-if)# exit
ripd(config)#
ripd(config)#
ripd(config)# router rip
ripd(config-router)# show
!
router rip
allow-ecmp
route 10.0.1.0/24
route 10.0.2.0/24
!
ripd(config-router)#
The "show" command only works for daemons converted to the new
northbound model. vtysh support will be implemented at a later
time as it will require some level of coordination between vtysh
and the FRR daemons.
Renato Westphal [Thu, 6 Dec 2018 22:37:05 +0000 (20:37 -0200)]
lib: add support for confirmed commits
Confirmed commits allow the user to request an automatic rollback to
the previous configuration if the commit operation is not confirmed
within a number of minutes. This is particularly useful when the user
is accessing the CLI through the network (e.g. using SSH) and any
configuration change might cause an unexpected loss of connectivity
between the user and the managed device (e.g. misconfiguration of a
routing protocol). By using a confirmed commit, the user can rest
assured the connectivity will be restored after the given timeout
expires, avoiding the need to access the router physically to fix
the problem.
When "commit confirmed TIMEOUT" is used, a new "commit" command is
expected to confirm the previous commit before the given timeout
expires. If "commit confirmed TIMEOUT" is used while there's already
a confirmed-commit in progress, the confirmed-commit timeout is
reset to the new value.
In the current implementation, if other users perform commits while
there's a confirmed-commit in progress, all commits are rolled back
when the confirmed-commit timeout expires. It's recommended to use
the "configure exclusive" configuration mode to prevent unexpected
outcomes when using confirmed commits.
When an user exits from the configuration mode while there's a
confirmed-commit in progress, the commit is automatically rolled
back and the user is notified about it. In the future we might
want to prompt the user if he or she really wants to exit from the
configuration mode when there's a pending confirmed commit.
Needless to say, confirmed commit only work for configuration
commands converted to the new northbound model. vtysh support will
be implemented at a later time.
David Lamparter [Thu, 8 Nov 2018 05:50:13 +0000 (06:50 +0100)]
vtysh: rework/straighten pager handling
- no longer try to special-case a custom terminal length; the OS has
procedures for that (SIGWINCH & TIOCGWINSZ)
- only use a pager if requested by CLI command or VTYSH_PAGER. The
behaviour with VTYSH_PAGER set should be compatible to previous
versions.
Signed-off-by: David Lamparter <equinox@diac24.net>
projects / matthieu / frr.git / log