diff options
| author | Donald Sharp <sharpd@cumulusnetworks.com> | 2018-01-23 13:11:36 -0500 |
|---|---|---|
| committer | Donald Sharp <sharpd@cumulusnetworks.com> | 2018-04-06 13:22:43 -0400 |
| commit | e5c83d9b314cb513e78707de5d29ec655dbdca7e (patch) | |
| tree | 0ede3af459164c589f9892e7f6c93e82f08ad208 /lib | |
| parent | 52483fa6ff0957032f73c6b6c4aa3402476a5b90 (diff) | |
pbrd: Add PBR to FRR
This is an implementation of PBR for FRR.
This implemenation uses a combination of rules and
tables to determine how packets will flow.
PBR introduces a new concept of 'nexthop-groups' to
specify a group of nexthops that will be used for
ecmp. Nexthop-groups are specified on the cli via:
nexthop-group DONNA
nexthop 192.168.208.1
nexthop 192.168.209.1
nexthop 192.168.210.1
!
PBR sees the nexthop-group and installs these as a default
route with these nexthops starting at table 10000
robot# show pbr nexthop-groups
Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1
Valid: 1 nexthop 192.168.209.1
Valid: 1 nexthop 192.168.210.1
Valid: 1 nexthop 192.168.208.1
I have also introduced the ability to specify a table
in a 'show ip route table XXX' to see the specified tables.
robot# show ip route table 10001
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR,
> - selected route, * - FIB route
F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25
* via 192.168.209.1, enp0s9, 00:14:25
* via 192.168.210.1, enp0s10, 00:14:25
PBR tracks PBR-MAPS via the pbr-map command:
!
pbr-map EVA seq 10
match src-ip 4.3.4.0/24
set nexthop-group DONNA
!
pbr-map EVA seq 20
match dst-ip 4.3.5.0/24
set nexthop-group DONNA
!
pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>'
to affect decisions about incoming packets. Additionally if you
only have one nexthop to use for a pbr-map you do not need
to setup a nexthop-group and can specify 'set nexthop XXXX'.
To apply the pbr-map to an incoming interface you do this:
interface enp0s10
pbr-policy EVA
!
When a pbr-map is applied to interfaces it can be installed
into the kernel as a rule:
[sharpd@robot frr1]$ ip rule show
0: from all lookup local
309: from 4.3.4.0/24 iif enp0s10 lookup 10001
319: from all to 4.3.5.0/24 iif enp0s10 lookup 10001
1000: from all lookup [l3mdev-table]
32766: from all lookup main
32767: from all lookup default
[sharpd@robot frr1]$ ip route show table 10001
default proto pbr metric 20
nexthop via 192.168.208.1 dev enp0s8 weight 1
nexthop via 192.168.209.1 dev enp0s9 weight 1
nexthop via 192.168.210.1 dev enp0s10 weight 1
The linux kernel now will use the rules and tables to properly
apply these policies.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
Signed-off-by: Don Slice <dslice@cumulusnetworks.com>
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/command.c | 3 | ||||
| -rw-r--r-- | lib/command.h | 1 | ||||
| -rw-r--r-- | lib/route_types.txt | 2 | ||||
| -rw-r--r-- | lib/vty.c | 2 |
4 files changed, 8 insertions, 0 deletions
diff --git a/lib/command.c b/lib/command.c index f244d67e86..2bff3b17a2 100644 --- a/lib/command.c +++ b/lib/command.c @@ -105,6 +105,7 @@ const char *node_names[] = { "as list", // AS_LIST_NODE, "community list", // COMMUNITY_LIST_NODE, "routemap", // RMAP_NODE, + "pbr-map", // PBRMAP_NODE, "smux", // SMUX_NODE, "dump", // DUMP_NODE, "forwarding", // FORWARDING_NODE, @@ -1312,6 +1313,7 @@ void cmd_exit(struct vty *vty) case ISIS_NODE: case KEYCHAIN_NODE: case RMAP_NODE: + case PBRMAP_NODE: case VTY_NODE: vty->node = CONFIG_NODE; break; @@ -1409,6 +1411,7 @@ DEFUN (config_end, case BGP_EVPN_VNI_NODE: case BGP_IPV6L_NODE: case RMAP_NODE: + case PBRMAP_NODE: case OSPF_NODE: case OSPF6_NODE: case LDP_NODE: diff --git a/lib/command.h b/lib/command.h index 8d88ea1902..4bb57c77a3 100644 --- a/lib/command.h +++ b/lib/command.h @@ -128,6 +128,7 @@ enum node_type { AS_LIST_NODE, /* AS list node. */ COMMUNITY_LIST_NODE, /* Community list node. */ RMAP_NODE, /* Route map node. */ + PBRMAP_NODE, /* PBR map node. */ SMUX_NODE, /* SNMP configuration node. */ DUMP_NODE, /* Packet dump node. */ FORWARDING_NODE, /* IP forwarding node. */ diff --git a/lib/route_types.txt b/lib/route_types.txt index 310a993c38..91eaf94d95 100644 --- a/lib/route_types.txt +++ b/lib/route_types.txt @@ -78,6 +78,7 @@ ZEBRA_ROUTE_BGP_DIRECT, bgp-direct, NULL, 'b', 0, 0, "BGP-Direct" ZEBRA_ROUTE_BGP_DIRECT_EXT, bgp-direct-to-nve-groups, NULL, 'e', 0, 0, "BGP2VNC" ZEBRA_ROUTE_BABEL, babel, babeld, 'A', 1, 1, "Babel" ZEBRA_ROUTE_SHARP, sharp, sharpd, 'D', 1, 1, "SHARP" +ZEBRA_ROUTE_PBR, pbr, pbrd, 'F', 1, 1, "PBR" ZEBRA_ROUTE_ALL, wildcard, none, '-', 0, 0, "-" @@ -103,3 +104,4 @@ ZEBRA_ROUTE_LDP, "Label Distribution Protocol (LDP)" ZEBRA_ROUTE_VNC_DIRECT, "VNC direct (not via zebra) routes" ZEBRA_ROUTE_BABEL, "Babel routing protocol (Babel)" ZEBRA_ROUTE_SHARP, "Super Happy Advanced Routing Protocol (sharpd)" +ZEBRA_ROUTE_PBR, "Policy Based Routing (PBR)" @@ -719,6 +719,7 @@ static void vty_end_config(struct vty *vty) case BGP_EVPN_NODE: case BGP_IPV6L_NODE: case RMAP_NODE: + case PBRMAP_NODE: case OSPF_NODE: case OSPF6_NODE: case LDP_NODE: @@ -1115,6 +1116,7 @@ static void vty_stop_input(struct vty *vty) case EIGRP_NODE: case BGP_NODE: case RMAP_NODE: + case PBRMAP_NODE: case OSPF_NODE: case OSPF6_NODE: case LDP_NODE: |