summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDonatas Abraitis <donatas@opensourcerouting.org>2024-02-02 10:47:46 +0200
committerDonatas Abraitis <donatas@opensourcerouting.org>2024-02-07 22:35:21 +0200
commit4d7975ee5917e57943ed517bcb4c229e6e736617 (patch)
treec92b5a3406fae0a606dbabb104b9bfb6e9c11a68
parentf6463dab85241e252527de91aff193ab066d8c59 (diff)
bgpd: Add `neighbor X send-community extended rpki` command
By default, iBGP and eBGP-OAD peers exchange RPKI extended community by default. Add a command to disable sending RPKI extended community if needed. Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Diffstat
-rw-r--r--bgpd/bgp_route.c14
-rw-r--r--bgpd/bgp_updgrp.h21
-rw-r--r--bgpd/bgp_vty.c45
-rw-r--r--bgpd/bgp_vty.h2
-rw-r--r--bgpd/bgpd.c5
-rw-r--r--bgpd/bgpd.h1
6 files changed, 70 insertions, 18 deletions
diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c
index 46f7f9b22f..d702936255 100644
--- a/bgpd/bgp_route.c
+++ b/bgpd/bgp_route.c
@@ -2670,16 +2670,20 @@ bool subgroup_announce_check(struct bgp_dest *dest, struct bgp_path_info *pi,
* defined as non-transitive in [RFC8097], can be advertised to
* peers in the same OAD.
*/
- if (peer->sort == BGP_PEER_IBGP || peer->sub_sort == BGP_PEER_EBGP_OAD) {
+ if ((peer->sort == BGP_PEER_IBGP ||
+ peer->sub_sort == BGP_PEER_EBGP_OAD) &&
+ peergroup_af_flag_check(peer, afi, safi,
+ PEER_FLAG_SEND_EXT_COMMUNITY_RPKI)) {
enum rpki_states rpki_state = RPKI_NOT_BEING_USED;
rpki_state = hook_call(bgp_rpki_prefix_status, peer, attr, p);
if (rpki_state != RPKI_NOT_BEING_USED)
- bgp_attr_set_ecommunity(
- attr, ecommunity_add_origin_validation_state(
- rpki_state,
- bgp_attr_get_ecommunity(attr)));
+ bgp_attr_set_ecommunity(attr,
+ ecommunity_add_origin_validation_state(
+ rpki_state,
+ bgp_attr_get_ecommunity(
+ attr)));
}
/*
diff --git a/bgpd/bgp_updgrp.h b/bgpd/bgp_updgrp.h
index 7a0d328c6a..d4c6ecfdbb 100644
--- a/bgpd/bgp_updgrp.h
+++ b/bgpd/bgp_updgrp.h
@@ -40,17 +40,16 @@
(PEER_FLAG_LOCAL_AS_NO_PREPEND | PEER_FLAG_LOCAL_AS_REPLACE_AS)
#define PEER_UPDGRP_AF_FLAGS \
- (PEER_FLAG_SEND_COMMUNITY | PEER_FLAG_SEND_EXT_COMMUNITY \
- | PEER_FLAG_SEND_LARGE_COMMUNITY \
- | PEER_FLAG_DEFAULT_ORIGINATE | PEER_FLAG_REFLECTOR_CLIENT \
- | PEER_FLAG_RSERVER_CLIENT | PEER_FLAG_NEXTHOP_SELF \
- | PEER_FLAG_NEXTHOP_UNCHANGED | PEER_FLAG_FORCE_NEXTHOP_SELF \
- | PEER_FLAG_AS_PATH_UNCHANGED | PEER_FLAG_MED_UNCHANGED \
- | PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED | PEER_FLAG_REMOVE_PRIVATE_AS \
- | PEER_FLAG_REMOVE_PRIVATE_AS_ALL \
- | PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE \
- | PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE \
- | PEER_FLAG_AS_OVERRIDE)
+ (PEER_FLAG_SEND_COMMUNITY | PEER_FLAG_SEND_EXT_COMMUNITY | \
+ PEER_FLAG_SEND_EXT_COMMUNITY_RPKI | PEER_FLAG_SEND_LARGE_COMMUNITY | \
+ PEER_FLAG_DEFAULT_ORIGINATE | PEER_FLAG_REFLECTOR_CLIENT | \
+ PEER_FLAG_RSERVER_CLIENT | PEER_FLAG_NEXTHOP_SELF | \
+ PEER_FLAG_NEXTHOP_UNCHANGED | PEER_FLAG_FORCE_NEXTHOP_SELF | \
+ PEER_FLAG_AS_PATH_UNCHANGED | PEER_FLAG_MED_UNCHANGED | \
+ PEER_FLAG_NEXTHOP_LOCAL_UNCHANGED | PEER_FLAG_REMOVE_PRIVATE_AS | \
+ PEER_FLAG_REMOVE_PRIVATE_AS_ALL | \
+ PEER_FLAG_REMOVE_PRIVATE_AS_REPLACE | \
+ PEER_FLAG_REMOVE_PRIVATE_AS_ALL_REPLACE | PEER_FLAG_AS_OVERRIDE)
#define PEER_UPDGRP_CAP_FLAGS (PEER_CAP_AS4_RCV)
diff --git a/bgpd/bgp_vty.c b/bgpd/bgp_vty.c
index 33884d0452..31524e2221 100644
--- a/bgpd/bgp_vty.c
+++ b/bgpd/bgp_vty.c
@@ -6473,6 +6473,32 @@ ALIAS_HIDDEN(
"Send Standard Community attributes\n"
"Send Large Community attributes\n")
+DEFPY (neighbor_ecommunity_rpki,
+ neighbor_ecommunity_rpki_cmd,
+ "[no$no] neighbor <A.B.C.D|X:X::X:X|WORD>$neighbor send-community extended rpki",
+ NO_STR
+ NEIGHBOR_STR
+ NEIGHBOR_ADDR_STR2
+ "Send Community attribute to this neighbor\n"
+ "Send Extended Community attributes\n"
+ "Send RPKI Extended Community attributes\n")
+{
+ struct peer *peer;
+ afi_t afi = bgp_node_afi(vty);
+ safi_t safi = bgp_node_safi(vty);
+
+ peer = peer_and_group_lookup_vty(vty, neighbor);
+ if (!peer)
+ return CMD_WARNING_CONFIG_FAILED;
+
+ if (no)
+ return peer_af_flag_unset_vty(vty, neighbor, afi, safi,
+ PEER_FLAG_SEND_EXT_COMMUNITY_RPKI);
+ else
+ return peer_af_flag_set_vty(vty, neighbor, afi, safi,
+ PEER_FLAG_SEND_EXT_COMMUNITY_RPKI);
+}
+
/* neighbor soft-reconfig. */
DEFUN (neighbor_soft_reconfiguration,
neighbor_soft_reconfiguration_cmd,
@@ -17665,8 +17691,8 @@ bool peergroup_flag_check(struct peer *peer, uint64_t flag)
return !!CHECK_FLAG(peer->flags_override, flag);
}
-static bool peergroup_af_flag_check(struct peer *peer, afi_t afi, safi_t safi,
- uint64_t flag)
+bool peergroup_af_flag_check(struct peer *peer, afi_t afi, safi_t safi,
+ uint64_t flag)
{
if (!peer_group_active(peer)) {
if (CHECK_FLAG(peer->af_flags_invert[afi][safi], flag))
@@ -18442,6 +18468,12 @@ static void bgp_config_write_peer_af(struct vty *vty, struct bgp *bgp,
if (flag_slcomm)
vty_out(vty, " no neighbor %s send-community large\n",
addr);
+
+ if (peergroup_af_flag_check(peer, afi, safi,
+ PEER_FLAG_SEND_EXT_COMMUNITY_RPKI))
+ vty_out(vty,
+ " no neighbor %s send-community extended rpki\n",
+ addr);
}
/* Default information */
@@ -20327,6 +20359,15 @@ void bgp_vty_init(void)
install_element(BGP_VPNV6_NODE, &neighbor_send_community_type_cmd);
install_element(BGP_VPNV6_NODE, &no_neighbor_send_community_cmd);
install_element(BGP_VPNV6_NODE, &no_neighbor_send_community_type_cmd);
+ install_element(BGP_NODE, &neighbor_ecommunity_rpki_cmd);
+ install_element(BGP_IPV4_NODE, &neighbor_ecommunity_rpki_cmd);
+ install_element(BGP_IPV4M_NODE, &neighbor_ecommunity_rpki_cmd);
+ install_element(BGP_IPV4L_NODE, &neighbor_ecommunity_rpki_cmd);
+ install_element(BGP_IPV6_NODE, &neighbor_ecommunity_rpki_cmd);
+ install_element(BGP_IPV6M_NODE, &neighbor_ecommunity_rpki_cmd);
+ install_element(BGP_IPV6L_NODE, &neighbor_ecommunity_rpki_cmd);
+ install_element(BGP_VPNV4_NODE, &neighbor_ecommunity_rpki_cmd);
+ install_element(BGP_VPNV6_NODE, &neighbor_ecommunity_rpki_cmd);
/* "neighbor route-reflector" commands.*/
install_element(BGP_NODE, &neighbor_route_reflector_client_hidden_cmd);
diff --git a/bgpd/bgp_vty.h b/bgpd/bgp_vty.h
index a105b6de3f..4955e4c3df 100644
--- a/bgpd/bgp_vty.h
+++ b/bgpd/bgp_vty.h
@@ -171,5 +171,7 @@ extern int bgp_show_summary_vty(struct vty *vty, const char *name, afi_t afi,
safi_t safi, const char *neighbor, int as_type,
as_t as, uint16_t show_flags);
extern bool peergroup_flag_check(struct peer *peer, uint64_t flag);
+extern bool peergroup_af_flag_check(struct peer *peer, afi_t afi, safi_t safi,
+ uint64_t flag);
#endif /* _QUAGGA_BGP_VTY_H */
diff --git a/bgpd/bgpd.c b/bgpd/bgpd.c
index b8517199af..a8f00945ed 100644
--- a/bgpd/bgpd.c
+++ b/bgpd/bgpd.c
@@ -1513,6 +1513,8 @@ struct peer *peer_new(struct bgp *bgp)
SET_FLAG(peer->af_flags[afi][safi],
PEER_FLAG_SEND_EXT_COMMUNITY);
SET_FLAG(peer->af_flags[afi][safi],
+ PEER_FLAG_SEND_EXT_COMMUNITY_RPKI);
+ SET_FLAG(peer->af_flags[afi][safi],
PEER_FLAG_SEND_LARGE_COMMUNITY);
SET_FLAG(peer->af_flags_invert[afi][safi],
@@ -1520,6 +1522,8 @@ struct peer *peer_new(struct bgp *bgp)
SET_FLAG(peer->af_flags_invert[afi][safi],
PEER_FLAG_SEND_EXT_COMMUNITY);
SET_FLAG(peer->af_flags_invert[afi][safi],
+ PEER_FLAG_SEND_EXT_COMMUNITY_RPKI);
+ SET_FLAG(peer->af_flags_invert[afi][safi],
PEER_FLAG_SEND_LARGE_COMMUNITY);
peer->addpath_type[afi][safi] = BGP_ADDPATH_NONE;
peer->addpath_best_selected[afi][safi] = 0;
@@ -4608,6 +4612,7 @@ static const struct peer_flag_action peer_af_flag_action_list[] = {
{PEER_FLAG_DISABLE_ADDPATH_RX, 0, peer_change_none},
{PEER_FLAG_SOO, 0, peer_change_reset},
{PEER_FLAG_ACCEPT_OWN, 0, peer_change_reset},
+ {PEER_FLAG_SEND_EXT_COMMUNITY_RPKI, 1, peer_change_reset_out},
{0, 0, 0}};
/* Proper action set. */
diff --git a/bgpd/bgpd.h b/bgpd/bgpd.h
index a0360525a8..c95991a6f1 100644
--- a/bgpd/bgpd.h
+++ b/bgpd/bgpd.h
@@ -1527,6 +1527,7 @@ struct peer {
#define PEER_FLAG_MAX_PREFIX_FORCE (1ULL << 26)
#define PEER_FLAG_DISABLE_ADDPATH_RX (1ULL << 27)
#define PEER_FLAG_SOO (1ULL << 28)
+#define PEER_FLAG_SEND_EXT_COMMUNITY_RPKI (1ULL << 29)
#define PEER_FLAG_ACCEPT_OWN (1ULL << 63)
enum bgp_addpath_strat addpath_type[AFI_MAX][SAFI_MAX];