bgpd: new vpn-policy CLI#1913
Merged
donaldsharp merged 3 commits intoFRRouting:masterfrom Mar 20, 2018
Merged
Conversation
Collaborator
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-FRRPULLREQ-2944/ This is a comment from an EXPERIMENTAL automated CI system. Warnings Generated during build:Checkout code: Successful with additional warnings:CLANG Static Analyzer Summary
19 Static Analyzer issues remaining.See details at |
Collaborator
💚 Basic BGPD CI results: SUCCESS, 0 tests failedResults table
For details, please contact louberger |
Collaborator
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-FRRPULLREQ-2945/ This is a comment from an EXPERIMENTAL automated CI system. Warnings Generated during build:Checkout code: Successful with additional warnings:CLANG Static Analyzer Summary
No Changes in Static Analysis warnings compared to base19 Static Analyzer issues remaining.See details at |
Closed
Contributor
|
Hi @paulzlabn - the changes look fine in general from a "vpn" perspective. I have a couple of comments inline. |
| @@ -107,11 +107,8 @@ static inline int vpn_leak_to_vpn_active(struct bgp *bgp_vrf, afi_t afi, | |||
| } | |||
Contributor
There was a problem hiding this comment.
In this function (vpn_leak_to_vpn_active), there is no check on instance type. Of course, that is not changed in this commit, but I happened to compare with its counterpart below (vpn_leak_from_vpn_active) which has the check.
| @@ -107,11 +107,8 @@ static inline int vpn_leak_to_vpn_active(struct bgp *bgp_vrf, afi_t afi, | |||
| } | |||
Contributor
There was a problem hiding this comment.
Again, not modified by this commit, but isn't there a repetition in function vpn_leak_postchange() for the TOVPN case - vpn_leak_from_vrf_update_all() called twice?
Contributor
Author
There was a problem hiding this comment.
Removed duplicate call, not sure how that sneaked in there. Thanks!
| "rt <fromvpn|tovpn|both> RTLIST...", | ||
| DEFPY (af_rt_vpn_imexport, | ||
| af_rt_vpn_imexport_cmd, | ||
| "[no] <rt|route-target> vpn <import|export|both>$direction_str RTLIST...", |
Contributor
There was a problem hiding this comment.
It appears that an add/configure operation will replace RTs and a no/delete operation will remove all RTs. Is that correct? If yes, I need to think about it because I think we'll want "additive" capability and selective delete. Of course, could be added subsequently, but IIRC, we support it now for EVPN.
Contributor
Author
There was a problem hiding this comment.
Yes, current behavior is to replace.
Maybe "add rt vpn ... RTLIST..." or "rt vpn ... + RTLIST..."? It would probably be good to make "add" vs. "replace" semantics explicit.
Are there other parts of the FRR CLI that support additive vs. replacement behavior?
| @@ -6477,10 +6418,18 @@ DEFUN (vpn_policy_rt, | |||
|
|
|||
| vpn_leak_prechange(dir, afi, bgp_get_default(), bgp); | |||
Contributor
There was a problem hiding this comment.
I don't see a check on whether import or export is enabled for this VRF or not. Without that, the pre and post change operations may walk routing tables before they bail out. Or maybe it is there some place that I missed? This comment may apply to other handlers too.
| bgp->vpn_policy[afi].rtlist[dir] = NULL; | ||
| } | ||
|
|
||
| vpn_leak_postchange(dir, afi, bgp_get_default(), bgp); |
Contributor
There was a problem hiding this comment.
If the no/delete removes all RTs, isn't postchange operation unnecessary? It bails out if RT is not there way into the code.
Contributor
Author
There was a problem hiding this comment.
I'm wary of removing this call here because it would not be obvious (to someone working on the code later) that this optimization can be or has been done. In the interest of avoiding future confusion by preserving a consistent design pattern of "prechange; change; postchange" I would prefer to leave this call in.
Contributor
|
One general comment. RD_SET is currently used to denote both presence of RD and configuration of RD. When auto-RD supported is added later on, these two notions need to be separated out (or the presence checks removed). |
Collaborator
💚 Basic BGPD CI results: SUCCESS, 0 tests failedResults table
For details, please contact louberger |
Contributor
Author
|
@vivek-cumulus wrote:
Maybe we could indicate auto-RD via RD_SET + tovpn_rd.family = AF_UNSPEC. |
Collaborator
Continuous Integration Result: FAILEDSee below for issues. This is a comment from an EXPERIMENTAL automated CI system. Get source and apply patch from patchwork: SuccessfulBuilding Stage: FailedOmniOS amd64 build: Successful OpenBSD60 amd64 build: FailedMake failed for OpenBSD60 amd64 build Warnings Generated during build:Checkout code: Successful with additional warnings:OpenBSD60 amd64 build: FailedMake failed for OpenBSD60 amd64 build |
Contributor
Author
|
NetDEF-CI wrote: Artifact of new doc organization? |
Member
|
So this is the VTY for configuring RD/RT per BGP instance. |
donaldsharp
reviewed
Mar 19, 2018
bgpd/bgp_vty.c
Outdated
| bgp_imexport_vpn_cmd, | ||
| "[no] <import|export>$direction_str vpn", | ||
| "Export routes to another routing protocol\n" | ||
| "to VPN RIB per vpn-policy") |
Member
There was a problem hiding this comment.
Please add the correct help strings, we are missing some here.
Contributor
Author
There was a problem hiding this comment.
Thanks for catching; fixed.
Member
|
The first commit really needs a bit more explanation of what it is implementing instead of assuming the person knows what it is. Have we updated the doc/XXX with these cli changes yet? I do not see it yet. |
9347540 to
dc767ba
Compare
Collaborator
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-FRRPULLREQ-2992/ This is a comment from an EXPERIMENTAL automated CI system. Warnings Generated during build:Checkout code: Successful with additional warnings:CLANG Static Analyzer Summary
No Changes in Static Analysis warnings compared to base19 Static Analyzer issues remaining.See details at |
Collaborator
💚 Basic BGPD CI results: SUCCESS, 0 tests failedResults table
For details, please contact louberger |
Collaborator
💚 Basic BGPD CI results: SUCCESS, 0 tests failedResults table
For details, please contact louberger |
Contributor
Author
|
@pguibert6WIND wrote:
I might misunderstand what you are asking, so if I did not answer your question, please let me know. vrf-policy should no longer be needed. The code in this PR supports multiple VRFs per bgpd. Here is an example from bgpd.conf: |
Collaborator
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-FRRPULLREQ-2993/ This is a comment from an EXPERIMENTAL automated CI system. Warnings Generated during build:Checkout code: Successful with additional warnings:CLANG Static Analyzer Summary
No Changes in Static Analysis warnings compared to base19 Static Analyzer issues remaining.See details at |
PR FRRouting#1739 added code to leak routes between (default VRF) VPN safi and unicast RIBs in any VRF. That set of changes included temporary CLI including vpn-policy blocks to specify RD/RT/label/&c. After considerable discussion, we arrived at a consensus CLI shown below. The code of this PR implements the vpn-specific parts of this syntax: router bgp <as> [vrf <FOO>] address-family <afi> unicast rd (vpn|evpn) export (AS:NN | IP:nn) label (vpn|evpn) export (0..1048575) rt (vpn|evpn) (import|export|both) RTLIST... nexthop vpn (import|export) (A.B.C.D | X:X::X:X) route-map (vpn|evpn|vrf NAME) (import|export) MAP [no] import|export [vpn|evpn|evpn8] [no] import|export vrf NAME User documentation of the vpn-specific parts of the above syntax is in PR FRRouting#1937 Signed-off-by: G. Paul Ziemba <paulz@labn.net>
…h fix
- vpn_leak_to_vpn_active(): check instance type
- vpn_leak_prechange(): qualify with test for active
- vpn_leak_postchange(): remove duplicated call to
vpn_leak_from_vrf_update_all()
- bgp_vty.c: Avoid null-pointer dereference for command "no rt vpn import"
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
Signed-off-by: G. Paul Ziemba <paulz@labn.net>
b4984b2 to
c7109e0
Compare
Contributor
Author
|
@donaldsharp wrote:
Updated message of first commit with more detail. Documentation of new CLI now in PR #1937 |
Collaborator
💚 Basic BGPD CI results: SUCCESS, 0 tests failedResults table
For details, please contact louberger |
Collaborator
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-FRRPULLREQ-2996/ This is a comment from an EXPERIMENTAL automated CI system. Warnings Generated during build:Checkout code: Successful with additional warnings:CLANG Static Analyzer Summary
No Changes in Static Analysis warnings compared to base19 Static Analyzer issues remaining.See details at |
Collaborator
Continuous Integration Result: SUCCESSFULCongratulations, this patch passed basic tests Tested-by: NetDEF / OpenSourceRouting.org CI System CI System Testrun URL: https://ci1.netdef.org/browse/FRR-FRRPULLREQ-2997/ This is a comment from an EXPERIMENTAL automated CI system. Warnings Generated during build:Checkout code: Successful with additional warnings:CLANG Static Analyzer Summary
No Changes in Static Analysis warnings compared to base19 Static Analyzer issues remaining.See details at |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR #1739 added code to leak routes between (default VRF) VPN safi and unicast RIBs in any VRF. That set of changes included temporary CLI including
vpn-policyblocks to specify RD/RT/label/&c. After considerable discussion, we arrived at a consensus CLI shown below.The code of this PR implements the vpn-specific parts of this syntax:
User documentation of the vpn-specific parts of the above syntax is in PR #1937