diff options
| author | Donald Sharp <sharpd@cumulusnetworks.com> | 2018-04-25 10:23:22 -0400 |
|---|---|---|
| committer | Donald Sharp <sharpd@cumulusnetworks.com> | 2018-04-25 12:41:17 -0400 |
| commit | 13b7e7f007833c4e2942f40cbd2c2f93a2767e78 (patch) | |
| tree | 7bd1c832e7f7e8d3f2d619443eca276c526de5b5 | |
| parent | e967a1d0c093a80f5f73156b20f03a1111c79c24 (diff) | |
bgpd: Prevent vrf 2 vrf route leaking from going offbox.
The vrf 2 vrf route leaking auto-derives RD and RT and
installs the routes into the appropriate vpn table.
These routes when a operator configured ipv[4|6] vpn
neighbors were showing up off box. The RD and RT
values choosen are localy significant but globaly
useless and may cause confusion.
Put a special bit of code in to notice that we
should not be advertising these routes off box.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
| -rw-r--r-- | bgpd/bgp_attr.c | 4 | ||||
| -rw-r--r-- | bgpd/bgp_label.h | 1 | ||||
| -rw-r--r-- | bgpd/bgp_mplsvpn.c | 8 | ||||
| -rw-r--r-- | bgpd/bgp_route.c | 10 | ||||
| -rw-r--r-- | bgpd/rfapi/rfapi_vty.c | 10 |
5 files changed, 29 insertions, 4 deletions
diff --git a/bgpd/bgp_attr.c b/bgpd/bgp_attr.c index 1380c9cd09..b6e9ee3cb2 100644 --- a/bgpd/bgp_attr.c +++ b/bgpd/bgp_attr.c @@ -597,9 +597,9 @@ static void attr_show_all_iterator(struct hash_backet *backet, struct vty *vty) vty_out(vty, "attr[%ld] nexthop %s\n", attr->refcnt, inet_ntoa(attr->nexthop)); - vty_out(vty, "\tflags: %" PRIu64 " med: %u local_pref: %u origin: %u weight: %u\n", + vty_out(vty, "\tflags: %" PRIu64 " med: %u local_pref: %u origin: %u weight: %u label: %u\n", attr->flag, attr->med, attr->local_pref, attr->origin, - attr->weight); + attr->weight, attr->label); } void attr_show_all(struct vty *vty) diff --git a/bgpd/bgp_label.h b/bgpd/bgp_label.h index 01bf8b372b..2b2525dd0e 100644 --- a/bgpd/bgp_label.h +++ b/bgpd/bgp_label.h @@ -24,6 +24,7 @@ #define BGP_LABEL_BYTES 3 #define BGP_LABEL_BITS 24 #define BGP_WITHDRAW_LABEL 0x800000 +#define BGP_PREVENT_VRF_2_VRF_LEAK 0xFFFFFFFE struct bgp_node; struct bgp_info; diff --git a/bgpd/bgp_mplsvpn.c b/bgpd/bgp_mplsvpn.c index fdef7ba561..64d12cf607 100644 --- a/bgpd/bgp_mplsvpn.c +++ b/bgpd/bgp_mplsvpn.c @@ -87,6 +87,10 @@ void encode_label(mpls_label_t label, mpls_label_t *label_pnt) uint8_t *pnt = (uint8_t *)label_pnt; if (pnt == NULL) return; + if (label == BGP_PREVENT_VRF_2_VRF_LEAK) { + *label_pnt = label; + return; + } *pnt++ = (label >> 12) & 0xff; *pnt++ = (label >> 4) & 0xff; *pnt++ = ((label << 4) + 1) & 0xff; /* S=1 */ @@ -1497,6 +1501,8 @@ void vrf_import_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp, ecommunity_str2com(buf, ECOMMUNITY_ROUTE_TARGET, 0); SET_FLAG(from_bgp->af_flags[afi][safi], BGP_CONFIG_VRF_TO_VRF_EXPORT); + from_bgp->vpn_policy[afi].tovpn_label = + BGP_PREVENT_VRF_2_VRF_LEAK; } ecom = from_bgp->vpn_policy[afi].rtlist[edir]; if (to_bgp->vpn_policy[afi].rtlist[idir]) @@ -1612,6 +1618,8 @@ void vrf_unimport_from_vrf(struct bgp *to_bgp, struct bgp *from_bgp, sizeof(struct prefix_rd)); UNSET_FLAG(from_bgp->vpn_policy[afi].flags, BGP_VPN_POLICY_TOVPN_RD_SET); + from_bgp->vpn_policy[afi].tovpn_label = MPLS_LABEL_NONE; + } } diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index a71f5ac956..90fa39b445 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -1418,6 +1418,16 @@ int subgroup_announce_check(struct bgp_node *rn, struct bgp_info *ri, return 0; } + /* + * If we are doing VRF 2 VRF leaking via the import + * statement, we want to prevent the route going + * off box as that the RT and RD created are localy + * significant and globaly useless. + */ + if (safi == SAFI_MPLS_VPN && ri->extra && ri->extra->num_labels + && ri->extra->label[0] == BGP_PREVENT_VRF_2_VRF_LEAK) + return 0; + /* If it's labeled safi, make sure the route has a valid label. */ if (safi == SAFI_LABELED_UNICAST) { mpls_label_t label = bgp_adv_label(rn, ri, peer, afi, safi); diff --git a/bgpd/rfapi/rfapi_vty.c b/bgpd/rfapi/rfapi_vty.c index 5fb44bb492..ccaa472092 100644 --- a/bgpd/rfapi/rfapi_vty.c +++ b/bgpd/rfapi/rfapi_vty.c @@ -46,6 +46,7 @@ #include "bgpd/bgp_aspath.h" #include "bgpd/bgp_community.h" #include "bgpd/bgp_vnc_types.h" +#include "bgpd/bgp_label.h" #include "bgpd/rfapi/rfapi_import.h" #include "bgpd/rfapi/rfapi_private.h" @@ -431,8 +432,13 @@ void rfapi_vty_out_vncinfo(struct vty *vty, struct prefix *p, XFREE(MTYPE_ECOMMUNITY_STR, s); } - if (bi->extra != NULL) - vty_out(vty, " label=%u", decode_label(&bi->extra->label[0])); + if (bi->extra != NULL) { + if (bi->extra->label[0] == BGP_PREVENT_VRF_2_VRF_LEAK) + vty_out(vty, " label=VRF2VRF"); + else + vty_out(vty, " label=%u", + decode_label(&bi->extra->label[0])); + } if (!rfapiGetVncLifetime(bi->attr, &lifetime)) { vty_out(vty, " life=%d", lifetime); |