diff options
| author | Mikhail Sokolovskiy <sokolmish@gmail.com> | 2024-09-24 19:00:11 +0300 |
|---|---|---|
| committer | David Lamparter <equinox@opensourcerouting.org> | 2024-10-29 12:19:48 +0100 |
| commit | 4c8e4bc1541d92206f6d2e649ac2ddcfde340cc9 (patch) | |
| tree | 0e6b9dafc8ca24b66a75a20c0a7f535f349dfcbe | |
| parent | c7f55e189bad3671fea8d0867dc9496b09845f97 (diff) | |
bgpd: add `bgp ipv6-auto-ra` command
Introduce a command to stop bgpd from enabling IPv6 router advertisement
messages sending on interfaces.
Signed-off-by: Mikhail Sokolovskiy <sokolmish@gmail.com>
| -rw-r--r-- | bgpd/bgp_nht.c | 14 | ||||
| -rw-r--r-- | bgpd/bgp_vty.c | 35 | ||||
| -rw-r--r-- | bgpd/bgp_zebra.c | 3 | ||||
| -rw-r--r-- | bgpd/bgpd.c | 3 | ||||
| -rw-r--r-- | bgpd/bgpd.h | 5 | ||||
| -rw-r--r-- | doc/user/bgp.rst | 7 | ||||
| -rw-r--r-- | doc/user/ipv6.rst | 3 |
7 files changed, 63 insertions, 7 deletions
diff --git a/bgpd/bgp_nht.c b/bgpd/bgp_nht.c index 7274bcdb21..2afb43d64e 100644 --- a/bgpd/bgp_nht.c +++ b/bgpd/bgp_nht.c @@ -552,11 +552,12 @@ static void bgp_process_nexthop_update(struct bgp_nexthop_cache *bnc, * we receive from bgp. This is to allow us * to work with v4 routing over v6 nexthops */ - if (peer && !peer->ifp - && CHECK_FLAG(peer->flags, - PEER_FLAG_CAPABILITY_ENHE) - && nhr->prefix.family == AF_INET6 - && nexthop->type != NEXTHOP_TYPE_BLACKHOLE) { + if (peer && !peer->ifp && + CHECK_FLAG(peer->flags, PEER_FLAG_CAPABILITY_ENHE) && + !CHECK_FLAG(bnc->bgp->flags, + BGP_FLAG_IPV6_NO_AUTO_RA) && + nhr->prefix.family == AF_INET6 && + nexthop->type != NEXTHOP_TYPE_BLACKHOLE) { struct interface *ifp; ifp = if_lookup_by_index(nexthop->ifindex, @@ -1293,6 +1294,9 @@ void bgp_nht_reg_enhe_cap_intfs(struct peer *peer) return; bgp = peer->bgp; + if (CHECK_FLAG(bgp->flags, BGP_FLAG_IPV6_NO_AUTO_RA)) + return; + if (!sockunion2hostprefix(&peer->su, &p)) { zlog_warn("%s: Unable to convert sockunion to prefix for %s", __func__, peer->host); diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c index 4bcb17714a..19828018be 100644 --- a/bgpd/bgp_vty.c +++ b/bgpd/bgp_vty.c @@ -4528,6 +4528,27 @@ DEFUN(no_bgp_fast_convergence, no_bgp_fast_convergence_cmd, return CMD_SUCCESS; } +DEFPY (bgp_ipv6_auto_ra, + bgp_ipv6_auto_ra_cmd, + "[no] bgp ipv6-auto-ra", + NO_STR + BGP_STR + "Allow enabling IPv6 ND RA sending\n") +{ + if (vty->node == CONFIG_NODE) { + struct listnode *node, *nnode; + struct bgp *bgp; + + COND_FLAG(bm->flags, BM_FLAG_IPV6_NO_AUTO_RA, no); + for (ALL_LIST_ELEMENTS(bm->bgp, node, nnode, bgp)) + COND_FLAG(bgp->flags, BGP_FLAG_IPV6_NO_AUTO_RA, no); + } else { + VTY_DECLVAR_CONTEXT(bgp, bgp); + COND_FLAG(bgp->flags, BGP_FLAG_IPV6_NO_AUTO_RA, no); + } + return CMD_SUCCESS; +} + static int peer_conf_interface_get(struct vty *vty, const char *conf_if, int v6only, const char *peer_group_name, @@ -17508,6 +17529,9 @@ int bgp_config_write(struct vty *vty) if (bm->tcp_dscp != IPTOS_PREC_INTERNETCONTROL) vty_out(vty, "bgp session-dscp %u\n", bm->tcp_dscp >> 2); + if (CHECK_FLAG(bm->flags, BM_FLAG_IPV6_NO_AUTO_RA)) + vty_out(vty, "no bgp ipv6-auto-ra\n"); + /* BGP configuration. */ for (ALL_LIST_ELEMENTS(bm->bgp, mnode, mnnode, bgp)) { @@ -17846,6 +17870,11 @@ int bgp_config_write(struct vty *vty) if (CHECK_FLAG(bgp->flags, BGP_FLAG_SHUTDOWN)) vty_out(vty, " bgp shutdown\n"); + /* Automatic RA enabling by BGP */ + if (!CHECK_FLAG(bm->flags, BM_FLAG_IPV6_NO_AUTO_RA)) + if (CHECK_FLAG(bgp->flags, BGP_FLAG_IPV6_NO_AUTO_RA)) + vty_out(vty, " no bgp ipv6-auto-ra\n"); + if (bgp->allow_martian) vty_out(vty, " bgp allow-martian-nexthop\n"); @@ -18276,6 +18305,12 @@ void bgp_vty_init(void) install_element(BGP_NODE, &bgp_fast_convergence_cmd); install_element(BGP_NODE, &no_bgp_fast_convergence_cmd); + /* global bgp ipv6-auto-ra command */ + install_element(CONFIG_NODE, &bgp_ipv6_auto_ra_cmd); + + /* bgp ipv6-auto-ra command */ + install_element(BGP_NODE, &bgp_ipv6_auto_ra_cmd); + /* global bgp update-delay command */ install_element(CONFIG_NODE, &bgp_global_update_delay_cmd); install_element(CONFIG_NODE, &no_bgp_global_update_delay_cmd); diff --git a/bgpd/bgp_zebra.c b/bgpd/bgp_zebra.c index 57a859c61d..829dc981a7 100644 --- a/bgpd/bgp_zebra.c +++ b/bgpd/bgp_zebra.c @@ -2145,6 +2145,9 @@ void bgp_zebra_initiate_radv(struct bgp *bgp, struct peer *peer) { uint32_t ra_interval = BGP_UNNUM_DEFAULT_RA_INTERVAL; + if (CHECK_FLAG(bgp->flags, BGP_FLAG_IPV6_NO_AUTO_RA)) + return; + /* Don't try to initiate if we're not connected to Zebra */ if (zclient->sock < 0) return; diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c index 3dbd373f12..7835f5d45f 100644 --- a/bgpd/bgpd.c +++ b/bgpd/bgpd.c @@ -1240,6 +1240,9 @@ int bgp_global_gr_init(struct bgp *bgp) bgp->global_gr_present_state = GLOBAL_HELPER; bgp->present_zebra_gr_state = ZEBRA_GR_DISABLE; + if (CHECK_FLAG(bm->flags, BM_FLAG_IPV6_NO_AUTO_RA)) + SET_FLAG(bgp->flags, BGP_FLAG_IPV6_NO_AUTO_RA); + return BGP_GR_SUCCESS; } diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h index f6162f33e4..b413304571 100644 --- a/bgpd/bgpd.h +++ b/bgpd/bgpd.h @@ -169,6 +169,7 @@ struct bgp_master { uint32_t flags; #define BM_FLAG_GRACEFUL_SHUTDOWN (1 << 0) #define BM_FLAG_SEND_EXTRA_DATA_TO_ZEBRA (1 << 1) +#define BM_FLAG_IPV6_NO_AUTO_RA (1 << 8) bool terminating; /* global flag that sigint terminate seen */ @@ -495,7 +496,9 @@ struct bgp { /* Indicate Graceful Restart support for BGP NOTIFICATION messages */ #define BGP_FLAG_GRACEFUL_NOTIFICATION (1 << 30) /* Send Hard Reset CEASE Notification for 'Administrative Reset' */ -#define BGP_FLAG_HARD_ADMIN_RESET (1 << 31) +#define BGP_FLAG_HARD_ADMIN_RESET (1ULL << 31) +/* Prohibit BGP from enabling IPv6 RA on interfaces */ +#define BGP_FLAG_IPV6_NO_AUTO_RA (1ULL << 40) /* BGP default address-families. * New peers inherit enabled afi/safis from bgp instance. diff --git a/doc/user/bgp.rst b/doc/user/bgp.rst index bd5767beba..86c6a75fc1 100644 --- a/doc/user/bgp.rst +++ b/doc/user/bgp.rst @@ -1142,6 +1142,13 @@ IPv6 Support address family is enabled by default for all new neighbors. +.. clicmd:: bgp ipv6-auto-ra + + By default, bgpd can ask Zebra to enable sending IPv6 router advertisement + messages on interfaces. For example, this happens for unnumbered peers + support or when extended-nexthop capability is used. The ``no`` form of this + command disables such behaviour. + .. _bgp-route-aggregation: Route Aggregation diff --git a/doc/user/ipv6.rst b/doc/user/ipv6.rst index 4f01061e7b..18aae00bdb 100644 --- a/doc/user/ipv6.rst +++ b/doc/user/ipv6.rst @@ -25,7 +25,8 @@ Router Advertisement .. clicmd:: ipv6 nd suppress-ra Don't send router advertisement messages. The ``no`` form of this command - enables sending RA messages. + enables sending RA messages. Note that while being suppressed, RA messages + might still be enabled by other daemons, such as bgpd or vrrpd. .. clicmd:: ipv6 nd prefix ipv6prefix [valid-lifetime] [preferred-lifetime] [off-link] [no-autoconfig] [router-address] |