| Age | Commit message (Collapse) | Author |
|---|
|
The VRF must be marked as configured when user enters "vrf NAME" command.
Otherwise, the following problem occurs:
`ip link add red type vrf table 1`
VRF structure is allocated.
`vtysh -c "conf t" -c "vrf red"`
`lib_vrf_create` is called, and pointer to the VRF structure is stored
to the nb_config_entry.
`ip link del red`
VRF structure is freed (because it is not marked as configured), but
the pointer is still stored in the nb_config_entry.
`vtysh -c "conf t" -c "no vrf red"`
Nothing happens, because VRF structure doesn't exist. It means that
`lib_vrf_destroy` is not called, and nb_config_entry still exists in
the running config with incorrect pointer.
`ip link add red type vrf table 1`
New VRF structure is allocated.
`vtysh -c "conf t" -c "vrf red"`
`lib_vrf_create` is NOT called, because the nb_config_entry for that
VRF name still exists in the running config.
After that all NB commands for this VRF will use incorrect pointer to
the freed VRF structure.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
|
|
Description: When we get a new vrf add and vrf with same name, but different vrf-id already
exists in the database, we should treat vrf add as update.
This happens mostly when there are lots of vrf and other configuration being replayed.
There may be a stale vrf delete followed by new vrf add. This
can cause timing race condition where vrf delete could be missed and
further same vrf add would get rejected instead of treating last arrived
vrf add as update.
Treat vrf add for existing vrf as update.
Implicitly disable this VRF to cleanup routes and other functions as part of vrf disable.
Update vrf_id for the vrf and update vrf_id tree.
Re-enable VRF so that all routes are freshly installed.
Above 3 steps are mandatory since it can happen that with config reload
stale routes which are installed in vrf-1 table might contain routes from
older vrf-0 table which might have got deleted due to missing vrf-0 in new configuration.
Signed-off-by: sudhanshukumar22 <sudhanshu.kumar@broadcom.com>
|
|
Code was added in the past to support a value of VRF_DEFAULT different
from 0. This option was abandoned, the default vrf id is always 0.
Remove this code, this will simplify the code and improve performance
(use a constant value instead of a function that performs tests).
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
|
|
vrf_id_to_name() looks up in a RB_TREE to find the VRF entry, then
reads the name.
Avoid it for VRF_DEFAULT, which always exists and for which the
translation is straightforward.
Signed-off-by: Christophe Gouault <christophe.gouault@6wind.com>
|
|
Netns refactor
|
|
The vrf_get function is called throughout the code base
so much so that when you turn on vrf debugging it eclipses
everything else to a degree that is completely unreasonable.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
The vrf name was not being printed out in some vrf debugs. Add
this data in so people don't have to remember the vrf id.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
When the nexthop-groups were added to FRR for some
reason the call to nexthop_group_disable_vrf was
not added although it was written.
Add it in.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
|
|
to be able to retrieve the network namespace identifier for each
namespace, the ns id is stored in each ns context. For default
namespace, the netns id is the same as that value.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|
Revert "zebra: support for macvlan interfaces"
This reverts commit bf69e212fd053af3298fc3cba38458b396467849.
Revert "doc: add some documentation about bgp evpn netns support"
This reverts commit 89b97c33d7a6d9dc427d56fea52fa27334dde81d.
Revert "zebra: dynamically detect vxlan link interfaces in other netns"
This reverts commit de0ebb25404fe984f084a0d57b7f873618423876.
Revert "bgpd: sanity check when updating nexthop from bgp to zebra"
This reverts commit ee9633ed87f0ff5da1373a42d6c044f0a682c8d3.
Revert "lib, zebra: reuse and adapt ns_list walk functionality"
This reverts commit c4d466c830083e8ba58881d7ad03a90f6baf0754.
Revert "zebra: local mac entries populated in correct netnamespace"
This reverts commit 40424548910887f3bbbf544ce964d3b736048ae5.
Revert "zebra: when parsing local entry against dad, retrieve config"
This reverts commit 3acc394bc5e5c225e9258fd0d57a6cebea0c0ccd.
Revert "bgpd: evpn nexthop can be changed by default"
This reverts commit a2342a241253c41b798845cae155b4caab4bcda5.
Revert "zebra: zvni_map_to_vlan() adaptation for all namespaces"
This reverts commit db81d18647bbd81a2c335620c9a03e32e4a5b2be.
Revert "zebra: add ns_id attribute to mac structure"
This reverts commit 388d5b438e22cddc6740e362763c0922edbb242a.
Revert "zebra: bridge layer2 information records ns_id where bridge is"
This reverts commit b5b453a2d6af58692bee0e256fe1dffe99824801.
Revert "zebra, lib: new API to get absolute netns val from relative netns val"
This reverts commit b6ebab34f664ba1cc9479fc1287f127c12077509.
Revert "zebra, lib: store relative default ns id in each namespace"
This reverts commit 9d3555e06ccc68fe37e0a00100029ac4bad8dee2.
Revert "zebra, lib: add an internal API to get relative default nsid in other ns"
This reverts commit 97c9e7533bd22029ac19838c043cfca82d2f6eb3.
Revert "zebra: map vxlan interface to bridge interface with correct ns id"
This reverts commit 7c990878f20efff335c1211deda3ec50071ae2b5.
Revert "zebra: fdb and neighbor table are read for all zns"
This reverts commit f8ed2c5420106314a940cb67264494e0110fc4c0.
Revert "zebra: zvni_map_to_svi() adaptation for other network namespaces"
This reverts commit 2a9dccb6475bfc11af2b855c4c8ff9e500ba21f4.
Revert "zebra: display interface slave type"
This reverts commit fc3141393ad95651d31fccd144b5c029d00e5f3a.
Revert "zebra: zvni_from_svi() adaptation for other network namespaces"
This reverts commit 6fe516bd4b85569b3b8b4bcc2910afc5569aa026.
Revert "zebra: importation of bgp evpn rt5 from vni with other netns"
This reverts commit 28254125d06f65cc4344b6156eec76a37ec6aede.
Revert "lib, zebra: update interface name at netlink creation"
This reverts commit 1f7a68a2ff0ba1424131f30112e0cc1572f0bee3.
Signed-off-by: Pat Ruddy <pat@voltanet.io>
|
|
When using the default CLI mode, the northbound layer needs to create
a separate transaction to process each YANG-modeled command since
they are supposed to be applied immediately (there's no candidate
configuration nor the "commit" command like in the transactional
CLI). The problem is that configuration transactions have an overhead
associated to them, in big part because of the use of some heavy
libyang functions like `lyd_validate()` and `lyd_diff()`. As of
now this overhead is substantial and doesn't scale well when large
numbers of transactions need to be performed in sequence.
As an example, loading 50k prefix-lists using a single transaction
takes about 2 seconds on a modern CPU. Loading the same 50k
prefix-lists using 50k transactions can take more than an hour
to complete (which is unacceptable by any standard). To fix this
problem, some heavy optimization work needs to be done on libyang and
on the FRR northbound itself too (e.g. perform partial configuration
diffs whenever possible). This, however, should be a long term
effort since these optimizations shouldn't be trivial to implement
and we're far from having the performance numbers we need.
In the meanwhile, this commit introduces a simple but efficient
workaround to alleviate the issue. In short, a new back-off timer
was introduced in the CLI to monitor and detect when too many
YANG-modeled commands are being received at the same time. When
a certain threshold is reached (100 YANG-modeled commands within
one second), the northbound starts to group all subsequent commands
into a single large transaction, which allows them to be processed
much faster (e.g. seconds and not hours). It's essentially a
protection mechanism that creates dynamically-sized transactions
when necessary to prevent performance issues from happening. This
mechanism is enabled both when parsing configuration files and when
reading commands from a terminal.
The downside of this optimization is that, if several YANG-modeled
commands are grouped into the same transaction and at least one of
them fails, the whole transaction is rejected. This is undesirable
since users don't expect transactional behavior when that's not
enabled explicitly. To minimize this issue, the CLI will log all
commands that were rejected whenever that happens, to make the
user aware of what happened and have enough information to fix
the problem. Commands that fail due to parsing errors or CLI-level
validations in general are rejected separately.
Again, this proposed workaround is intended to be temporary. The
goal is to provided a quick fix to issues like #6658 while we work
on better long-term solutions.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
|
|
DEFPY_YANG will allow the CLI to identify which commands are
YANG-modeled or not before executing them. This is going to be
useful for the upcoming configuration back-off timer work that
needs to commit pending configuration changes before executing a
command that isn't YANG-modeled.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
|
|
vtysh: return success from "no vrf" when VRF doesn't exist
|
|
Remove mid-string line breaks, cf. workflow doc:
.. [#tool_style_conflicts] For example, lines over 80 characters are allowed
for text strings to make it possible to search the code for them: please
see `Linux kernel style (breaking long lines and strings)
<https://www.kernel.org/doc/html/v4.10/process/coding-style.html#breaking-long-lines-and-strings>`_
and `Issue #1794 <https://github.com/FRRouting/frr/issues/1794>`_.
Scripted commit, idempotent to running:
```
python3 tools/stringmangle.py --unwrap `git ls-files | egrep '\.[ch]$'`
```
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
It is possible that the same VRF exists in one daemon and doesn't exist
in another. In this case, "no vrf NAME" command execution will stop on
the first daemon without the VRF and it won't be possible to delete the
VRF from other daemons.
Such behavior can be reproduced with the following steps:
```
# ip link add test type vrf table 1
# vtysh -c "conf t" -c "vrf test" -c "ip route 1.1.1.1/32 blackhole"
# vtysh -c "show run"
...
vrf test
ip route 1.1.1.1/32 blackhole
exit-vrf
!
...
# ip link del test
# vtysh -c "conf t" -c "no vrf test"
% VRF test does not exist
# vtysh -c "show run"
...
vrf test
ip route 1.1.1.1/32 blackhole
exit-vrf
!
...
```
This commit fixes the issue by returning success from "no vrf" command
when VRF doesn't exist.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
|
|
The northbound configuration callbacks should now print error
messages to the provided buffer (args->errmsg) instead of logging
them directly. This will allow the northbound layer to forward the
error messages to the northbound clients in addition to logging them.
NOTE: many callbacks are returning errors without providing any
error message. This needs to be fixed long term.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
|
|
to be able to retrieve the network namespace identifier for each
namespace, the ns id is stored in each ns context. For default
namespace, the netns id is the same as that value.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|
All custom "exit-*" commands that exit from a YANG-modeled
CLI node need to use cmd_exit() to ensure the CLI xpath index
(vty->xpath_index) will be updated accordingly.
Fixes #6316.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
|
|
Having a fixed set of parameters for each northbound callback isn't a
good idea since it makes it difficult to add new parameters whenever
that becomes necessary, as several hundreds or thousands of existing
callbacks need to be updated accordingly.
To remediate this issue, this commit changes the signature of all
northbound callbacks to have a single parameter: a pointer to a
'nb_cb_x_args' structure (where x is different for each type
of callback). These structures encapsulate all real parameters
(both input and output) the callbacks need to have access to. And
adding a new parameter to a given callback is as simple as adding
a new field to the corresponding 'nb_cb_x_args' structure, without
needing to update any instance of that callback in any daemon.
This commit includes a .cocci semantic patch that can be used to
update old code to the new format automatically.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
|
|
Merge nb_converions branch to master
|
|
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
|
|
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
|
|
And again for the name. Why on earth would we centralize this, just so
people can forget to update it?
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
Same as before, instead of shoving this into a big central list we can
just put the parent node in cmd_node.
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
There is really no reason to not put this in the cmd_node.
And while we're add it, rename from pointless ".func" to ".config_write".
[v2: fix forgotten ldpd config_write]
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
The only nodes that have this as 0 don't have a "->func" anyway, so the
entire thing is really just pointless.
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
... and use named assignments everywhere (so I can change the struct.)
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
zebra: Add vrf name and id to debugs
|
|
I'd like to keep the explicit check here, but since underlying type of
enum is implementation defined, theres some inconsistency using -Wall
-Werror in older compilers here
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
|
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
|
And use an enum...
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
|
In some places we log the interface but not the vfr the
interface is in. In others we only output the vrf id, which
can be difficult for human to read. This commit makes zebra
debugs more vrf aware.
Signed-off-by: Jakub Urbańczyk <xthaid@gmail.com>
|
|
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
|
|
Just keep the code cool.
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
|
|
VRRP VRF support
|
|
These two don't really do what you might expect, document them
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
|
Signed-off-by: David Lamparter <equinox@diac24.net>
|
|
Current autocompletion works only for simple "vrf NAME" case.
This commit expands it also for the following cases:
- "nexthop-vrf NAME" in staticd
- usage of $varname in many daemons
All daemons are updated to use single varname "$vrf_name".
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
|
|
Misc vrf update name
|
|
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
|
|
this is a call done whenever vrf name changes. This is useful on remote
daemons.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|
|
|
Field vrf_id is replaced by the pointer of the struct vrf *.
For that all other code referencing to (interface)->vrf_id is replaced.
This work should not change the behaviour.
It is just a continuation work toward having an interface API handling
vrf pointer only.
some new generic functions are created in vrf:
vrf_to_id, vrf_to_name,
a zebra function is also created:
zvrf_info_lookup
an ospf function is also created:
ospf_lookup_by_vrf
it is to be noted that now that interface has a vrf pointer, some more
optimisations could be thought through all the rest of the code. as
example, many structure store the vrf_id. those structures could get
the exact vrf structure if inherited from an interface vrf context.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|
there may be cases where the vrf is yet allocated from the vty, and the
discovery process did not make the relationship between the vrf_id and
the name of the vrf. For instance, by parsing an interface belonging to
vrf-id X, it is not sure that vrf-id X and vrfname XX are talking about
the same vrf. For that, lets allocate the vrf, and lets try to detect
there is a duplicate case in vrf, so that the merge can be done without
any impact for the user.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|
It doesn't make much sense for a hash function to modify its argument,
so const the hash input.
BGP does it in a couple places, those cast away the const. Not great but
not any worse than it was.
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
|
This is an extension to previous behavior, where the bind() operation
was performed only when vrf was not a netns backend kind. This was done
like that because usually the bind parameter is the vrf name itself, and
having an interface name with vrf name is an expectation so that the
bind operation works.
the bind() operation can be performed on whatever device provided that
that name is not null and there is an interface in the vrf that has the
same name as the parameter.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
|
|
The vrf_with_default_name vrf variable is set to NULL
and then tested to see if it is valid. Removing the
dead code.
Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
|
|
lib: Allow bgp to always create a listen socket for the vrf
|
|
rip(ng)d: add VRF support
|
|
Don't need these in our DSO tables
Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
|
