From c479b28e51bedd8d5be25d32bf9fbd1e42ee02ba Mon Sep 17 00:00:00 2001 From: Donatas Abraitis Date: Fri, 13 Jan 2023 12:04:01 +0200 Subject: [PATCH] bgpd: Allow importing local routes with accept-own mechanism Before this patch we allowed importing routes between VRFs in the same node, only for external routes, but not for local (e.g.: redistribute). Relax here a bit, and allow importing local routes between VRFs when the RT list is modified using route reflectors. Signed-off-by: Donatas Abraitis --- bgpd/bgp_mplsvpn.c | 49 +++++++++++++++++++++++++++------------------- 1 file changed, 29 insertions(+), 20 deletions(-) diff --git a/bgpd/bgp_mplsvpn.c b/bgpd/bgp_mplsvpn.c index c92d678eff..ddc9a525f9 100644 --- a/bgpd/bgp_mplsvpn.c +++ b/bgpd/bgp_mplsvpn.c @@ -1070,12 +1070,14 @@ static bool leak_update_nexthop_valid(struct bgp *to_bgp, struct bgp_dest *bn, bgp_nexthop = bgp_orig; /* - * No nexthop tracking for redistributed routes or for - * EVPN-imported routes that get leaked. + * No nexthop tracking for redistributed routes, for + * EVPN-imported routes that get leaked, or for routes + * leaked between VRFs with accept-own community. */ if (bpi_ultimate->sub_type == BGP_ROUTE_REDISTRIBUTE || - is_pi_family_evpn(bpi_ultimate)) - nh_valid = 1; + is_pi_family_evpn(bpi_ultimate) || + CHECK_FLAG(bpi_ultimate->flags, BGP_PATH_ACCEPT_OWN)) + nh_valid = true; else /* * TBD do we need to do anything about the @@ -1875,6 +1877,22 @@ static bool vpn_leak_to_vrf_update_onevrf(struct bgp *to_bgp, /* to */ return false; } + /* + * For VRF-2-VRF route-leaking, + * the source will be the originating VRF. + * + * If ACCEPT_OWN mechanism is enabled, then we SHOULD(?) + * get the source VRF (BGP) by looking at the RD. + */ + struct bgp *src_bgp = bgp_lookup_by_rd(path_vpn, prd, afi); + + if (path_vpn->extra && path_vpn->extra->bgp_orig) + src_vrf = path_vpn->extra->bgp_orig; + else if (src_bgp) + src_vrf = src_bgp; + else + src_vrf = from_bgp; + /* Check for intersection of route targets */ if (!ecommunity_include( to_bgp->vpn_policy[afi].rtlist[BGP_VPN_POLICY_DIR_FROMVPN], @@ -1940,6 +1958,13 @@ static bool vpn_leak_to_vrf_update_onevrf(struct bgp *to_bgp, /* to */ memset(&nexthop_orig, 0, sizeof(nexthop_orig)); nexthop_orig.family = nhfamily; + /* If the path has accept-own community and the source VRF + * is valid, reset next-hop to self, to allow importing own + * routes between different VRFs on the same node. + */ + if (src_bgp) + subgroup_announce_reset_nhop(nhfamily, &static_attr); + switch (nhfamily) { case AF_INET: /* save */ @@ -2051,22 +2076,6 @@ static bool vpn_leak_to_vrf_update_onevrf(struct bgp *to_bgp, /* to */ zlog_debug("%s: pfx %pBD: num_labels %d", __func__, path_vpn->net, num_labels); - /* - * For VRF-2-VRF route-leaking, - * the source will be the originating VRF. - * - * If ACCEPT_OWN mechanism is enabled, then we SHOULD(?) - * get the source VRF (BGP) by looking at the RD. - */ - struct bgp *src_bgp = bgp_lookup_by_rd(path_vpn, prd, afi); - - if (path_vpn->extra && path_vpn->extra->bgp_orig) - src_vrf = path_vpn->extra->bgp_orig; - else if (src_bgp) - src_vrf = src_bgp; - else - src_vrf = from_bgp; - leak_update(to_bgp, bn, new_attr, afi, safi, path_vpn, pLabels, num_labels, src_vrf, &nexthop_orig, nexthop_self_flag, debug); -- 2.39.5