| Age | Commit message (Collapse) | Author |
|---|
|
If we have IPv6-only network and no IPv4 addresses at all, then by default
0.0.0.0 is created which is treated as malformed according to RFC 6286.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
Before this fix, if rpki_sync_socket_rtr socket returns EAGAIN, then ALL routes
in the RIB are revalidated which takes lots of CPU and some unnecessary traffic,
e.g. if using BMP servers. With a full feed it would waste 50-80Mbps.
Instead we should try to drain an existing pipe (another end), and revalidate
only affected prefixes.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
Introduce a command to stop bgpd from enabling IPv6 router advertisement
messages sending on interfaces.
Signed-off-by: Mikhail Sokolovskiy <sokolmish@gmail.com>
|
|
opensourcerouting/feature/bgpd_announce_rpki_state_knob
bgpd: Add neighbor X send-community extended rpki command
|
|
```
struct peer_connection {
struct peer * peer; /* 0 8 */
enum bgp_fsm_status status; /* 8 4 */
enum bgp_fsm_status ostatus; /* 12 4 */
int fd; /* 16 4 */
uint32_t thread_flags; /* 20 4 */
pthread_mutex_t io_mtx; /* 24 40 */
/* --- cacheline 1 boundary (64 bytes) --- */
struct stream_fifo * ibuf; /* 64 8 */
struct stream_fifo * obuf; /* 72 8 */
struct ringbuf * ibuf_work; /* 80 8 */
struct event * t_read; /* 88 8 */
struct event * t_write; /* 96 8 */
struct event * t_connect; /* 104 8 */
struct event * t_delayopen; /* 112 8 */
struct event * t_start; /* 120 8 */
/* --- cacheline 2 boundary (128 bytes) --- */
struct event * t_holdtime; /* 128 8 */
struct event * t_connect_check_r; /* 136 8 */
struct event * t_connect_check_w; /* 144 8 */
struct event * t_gr_restart; /* 152 8 */
struct event * t_gr_stale; /* 160 8 */
struct event * t_generate_updgrp_packets; /* 168 8 */
struct event * t_pmax_restart; /* 176 8 */
struct event * t_routeadv; /* 184 8 */
/* --- cacheline 3 boundary (192 bytes) --- */
struct event * t_process_packet; /* 192 8 */
struct event * t_process_packet_error; /* 200 8 */
union sockunion su; /* 208 128 */
/* size: 336, cachelines: 6, members: 25 */
/* last cacheline: 16 bytes */
}; /* saved 8 bytes! */
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
By default, iBGP and eBGP-OAD peers exchange RPKI extended community by default.
Add a command to disable sending RPKI extended community if needed.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
bgpd: add [no]neighbor capability fqdn
|
|
cisco routers are not dealing fairly whith unsupported capabilities.
When a cisco router receive an unsupported capabilities it reset the
negociation without notifying the unmatching capability as described in
RFC2842.
Cisco suggest the use of
neighbor x.x.x.x capability fqdn
to avoid the use of fqdn in open message.
this new command is to remove the use of fqdn capability in the
open message with the peer "x.x.x.x".
Link: https://www.cisco.com/c/en/us/support/docs/ip/border-gateway-protocol-bgp/116189-problemsolution-technology-00.pdf
Signed-off-by: Francois Dumontet <francois.dumontet@6wind.com>
|
|
*: create a single registry of daemons' default port values
|
|
Create a single registry of default port values that daemons
are using. Most of these are vty ports, but there are some
others for features like ospfapi and zebra FPM.
Signed-off-by: Mark Stapp <mjs@labn.net>
|
|
```
struct bgp_nlri {
uint16_t afi; /* 0 2 */
uint8_t safi; /* 2 1 */
/* XXX 1 byte hole, try to pack */
bgp_size_t length; /* 4 2 */
/* XXX 2 bytes hole, try to pack */
uint8_t * nlri; /* 8 8 */
/* size: 16, cachelines: 1, members: 4 */
/* sum members: 13, holes: 2, sum holes: 3 */
/* last cacheline: 16 bytes */
}; /* saved 8 bytes! */
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
```
struct bgp_notify {
uint8_t code; /* 0 1 */
uint8_t subcode; /* 1 1 */
bgp_size_t length; /* 2 2 */
_Bool hard_reset; /* 4 1 */
/* XXX 3 bytes hole, try to pack */
char * data; /* 8 8 */
uint8_t * raw_data; /* 16 8 */
/* size: 24, cachelines: 1, members: 6 */
/* sum members: 21, holes: 1, sum holes: 3 */
/* last cacheline: 24 bytes */
}; /* saved 16 bytes! */
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
Approaching the limits of uint32.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
Use enum instead of int, and make the compiler happy when using -format-overflow.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
Show per VRF RPKI configuration in "show run".
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
|
|
Add a hook to call a future callback function when bgpd knows from zebra
about the activation of de-activation of a VRF. It will be used by the
RPKI module in next commits.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
|
|
When a peer has come up and already started installing
routes into the rib and `suppress-fib-pending` is either
turned on or off. BGP is left with some routes that
may need to be withdrawn from peers and routes that
it does not know the status of. Clear the BGP peers
for the interesting parties and let's let us come
up to speed as needed.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
Implement proper memory cleanup for SRv6 functions and locator chunks to prevent potential memory leaks.
The list callback deletion functions have been set.
The ASan leak log for reference:
```
***********************************************************************************
Address Sanitizer Error detected in bgp_srv6l3vpn_to_bgp_vrf.test_bgp_srv6l3vpn_to_bgp_vrf/r2.asan.bgpd.4180
=================================================================
==4180==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 544 byte(s) in 2 object(s) allocated from:
#0 0x7f8d176a0d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f8d1709f238 in qcalloc lib/memory.c:105
#2 0x55d5dba6ee75 in sid_register bgpd/bgp_mplsvpn.c:591
#3 0x55d5dba6ee75 in alloc_new_sid bgpd/bgp_mplsvpn.c:712
#4 0x55d5dba6f3ce in ensure_vrf_tovpn_sid_per_af bgpd/bgp_mplsvpn.c:758
#5 0x55d5dba6fb94 in ensure_vrf_tovpn_sid bgpd/bgp_mplsvpn.c:849
#6 0x55d5dba7f975 in vpn_leak_postchange bgpd/bgp_mplsvpn.h:299
#7 0x55d5dba7f975 in vpn_leak_postchange_all bgpd/bgp_mplsvpn.c:3704
#8 0x55d5dbbb6c66 in bgp_zebra_process_srv6_locator_chunk bgpd/bgp_zebra.c:3164
#9 0x7f8d1716f08a in zclient_read lib/zclient.c:4459
#10 0x7f8d1713f034 in event_call lib/event.c:1974
#11 0x7f8d1708242b in frr_run lib/libfrr.c:1214
#12 0x55d5db99d19d in main bgpd/bgp_main.c:510
#13 0x7f8d160c5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
Direct leak of 296 byte(s) in 1 object(s) allocated from:
#0 0x7f8d176a0d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
#1 0x7f8d1709f238 in qcalloc lib/memory.c:105
#2 0x7f8d170b1d5f in srv6_locator_chunk_alloc lib/srv6.c:135
#3 0x55d5dbbb6a19 in bgp_zebra_process_srv6_locator_chunk bgpd/bgp_zebra.c:3144
#4 0x7f8d1716f08a in zclient_read lib/zclient.c:4459
#5 0x7f8d1713f034 in event_call lib/event.c:1974
#6 0x7f8d1708242b in frr_run lib/libfrr.c:1214
#7 0x55d5db99d19d in main bgpd/bgp_main.c:510
#8 0x7f8d160c5c86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
***********************************************************************************
```
Signed-off-by: Keelan Cannoo <keelan.cannoo@icloud.com>
|
|
When exporting BGP prefixes, it is necessary to configure
the route target extended communities with the following
command:
> rt vpn export <RouteTarget>
But the customer may need to configure the route-target to
apply to bgp updates, solely based on a route-map criterium.
by using the below route-map configured like that:
> route-map vpn export <routemapname>
Fix this by allowing to export bgp updates based on the
presence of route-targets on either route-map or vpn
configured rt. the exportation process is stopped
if no route target is available in the ecommunity list.
Fixes: ddb5b4880ba8 ("bgpd: vpn-vrf route leaking")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|
|
|
opensourcerouting/feature/enable_enforce_first_as_by_default
bgpd: Enable `enforce-first-as` by default
|
|
bgpd: combine import_check_table and nexthop_check_table
|
|
Bgp label manual allocate label mgr
|
|
It's been for a while disabled by default, but this seems reasonable to flip it.
We had `bgp enforce-first-as` as a global BGP knob to enable/disable this
behavior globally, later we introduced `enforce-first-as` per neighbor, with disabled
by default. Now let's enable this by default by bringing a global `bgp enforce-first-as`
command back.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
In zebra, the import check table and the nexthop check tables
were combined. This leaves an issue where when bgp happens
to have a tracked address in both the import check table
and the nexthop track table that are the same address.
When the the item is removed from one table the call
to remove it from zebra removes tracking for the other
table.
Combine the two tables together and keep track where
they came from for processing in bgpd.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
bgpd: add support of traps for bgp4-mibv2
|
|
Signed-off-by: Francois Dumontet <francois.dumontet@6wind.com>
|
|
There is no command to choose to send or not the bgp4-mibv2 traps.
Since the MIB bgp4-mibv2 notification are redundant with MIB RFC4273
we added a command:
- [no] bgp snmp traps bgp4-mibv2
By default, the bgp4-mibv2 traps will be disabled, to prevent from
redundancy.
Signed-off-by: Francois Dumontet <francois.dumontet@6wind.com>
|
|
There is no cli command to prevent the router to send traps
implemented in the rfc4273. If not done, when introducing
the traps from bgp4v2mib, traps will be send for each of
the two mibs: there will be redundancy in the sent information.
Add a new command:
- [no] bgp snmp traps rfc4273
Using this command will allow or not the notification of
the following traps:
- bgpEstablishedNotification
- bgpBackwardTransNotification
Signed-off-by: Francois Dumontet <francois.dumontet@6wind.com>
|
|
For instance, it's not possible to resend FQDN capability without resetting
the session, so let's create some more elegant way to do that.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
Today, when configuring BGP L3VPN mpls, the operator may
use that command to hardset a label value:
> router bgp 65500 vrf vrf1
> address-family ipv4 unicast
> label vpn export <hardset_label_value>
Today, BGP uses this value without checks, leading to potential
conflicts with other control planes like LDP. For instance, if
LDP initiates with a label chunk of [16;72] and BGP also uses the
50 label value, a conflict arises.
The 'label manager' service in zebra oversees label allocations.
While all the control plane daemons use it, BGP doesn't when a
hardset label is in place.
This update fixes this problem. Now, when a hardset label is set for
l3vpn export, a request is made to the label manager for approval,
ensuring no conflicts with other daemons. But, this means some existing
BGP configurations might become non-operational if they conflict with
labels already allocated to another daemon but not used.
note: Labels below 16 are reserved and won't be checked for consistency
by the label manager.
Fixes: ddb5b4880ba8 ("bgpd: vpn-vrf route leaking")
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|
bgpd: Implement EBGP-OAD peering type
|
|
This reverts commit 1642a68d60cfade4b2fce72aaef58dea700c65c3.
|
|
This reverts commit ae2f3bb5b4eed01df1f7a69c7710c9be519390f6.
|
|
This reverts commit 8b531b110756bf8627b5716f433190a0748b5e76.
|
|
At each EBGP boundary, BGP path attributes are modified as per [RFC4271], which includes stripping any IBGP-only attributes.
Some networks span more than one autonomous system and require more flexibility in the propagation of path attributes. It is worth noting that these multi-AS networks have a common or single administrative entity. These networks are said to belong to One Administrative Domain (OAD). It is desirable to carry IBGP-only attributes across EBGP peerings when the peers belong to an OAD.
This document defines a new EBGP peering type known as EBGP-OAD, which is used between two EBGP peers that belong to an OAD. This document also defines rules for route announcement and processing for EBGP-OAD peers.
https://datatracker.ietf.org/doc/html/draft-uttaro-idr-bgp-oad
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
bgpd: add basic support of BGP Link-State RFC7752
|
|
Don't return a local - caller needs to pass in a buffer.
Signed-off-by: Mark Stapp <mjs@labn.net>
|
|
No ctime, use ctime_r.
Signed-off-by: Mark Stapp <mjs@labn.net>
|
|
Add the ability to store a raw copy of the incoming BGP Link-State
attributes and to redistribute them as is to other routes.
New types of data BGP_ATTR_LS and BGP_ATTR_LS_DATA are defined.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
|
|
Add the bgp link-state configuration context cli:
> router bgp 65001
> address-family link-state link-state
> neighbor 192.0.2.2 activate
> exit-address-family
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
|
|
Register BGP Link-State AFI/SAFI values from RFC7752.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
|
|
bgpd: BGP_ATTR_MAX can be 255, allow using it for path attr
|
|
cmds
https://www.rfc-editor.org/rfc/rfc2042.html
says: 255 reserved for development
In FRR, 255 is kinda used too BGP_ATTR_VNC, even more we allow setting 255 in CLI.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
|
|
The sockunion is per connection. So let's move it over.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
The bgp_peer_connection_free function should be exposed outside of
bgpd.c so that it can be used.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
The peer_established function should be connection oriented.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
The t_pmax_restart event pointer belongs in the peer_connection
pointer.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
The t_generate_updgrp_packets event pointer belongs in the
peer_connection pointer.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
The t_gr_restart and t_gr_stale event pointers belong
into the peer_connection pointer.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
