From 5cb7712b3edb88ff43fce464d67a1548f183d410 Mon Sep 17 00:00:00 2001 From: Chirag Shah Date: Tue, 23 Jan 2024 21:52:34 -0800 Subject: [PATCH] bgpd:aggr summary-only remove suppressed from evpn Ticket: #3534718 #3720960 Testing Done: Config: router bgp 65564 vrf sym_2 bgp router-id 27.0.0.9 ! address-family ipv4 unicast redistribute static exit-address-family vrf sym_2 vni 8889 ip route 63.2.1.0/24 blackhole ip route 63.2.1.2/32 blackhole ip route 63.2.1.3/32 blackhole exit-vrf tor-1:# vtysh -c "show bgp l2vpn evpn route" | grep -A3 63.2 *> [5]:[0]:[24]:[63.2.1.0] RD 27.0.0.9:19 27.0.0.9 (tor-1) 0 32768 ? ET:8 RT:28:8889 Rmac:44:38:39:ff:ff:29 -- *> [5]:[0]:[32]:[63.2.1.2] RD 27.0.0.9:19 27.0.0.9 (tor-1) 0 32768 ? ET:8 RT:28:8889 Rmac:44:38:39:ff:ff:29 *> [5]:[0]:[32]:[63.2.1.3] RD 27.0.0.9:19 27.0.0.9 (tor-1) 0 32768 ? ET:8 RT:28:8889 Rmac:44:38:39:ff:ff:29 tor-1(config)# router bgp 65564 vrf sym_2 tor-1(config-router)# address-family ipv4 unicast tor-1(config-router-af)# aggregate-address 63.2.0.0/16 summary-only tor-1(config-rou-f)# end tor-1:# vtysh -c "show bgp l2vpn evpn route" | grep -A3 63.2.1 tor-1:# vtysh -c "show bgp l2vpn evpn route" | grep -A3 63.2 *> [5]:[0]:[16]:[63.2.0.0] RD 27.0.0.9:19 27.0.0.9 (tor-1) 0 32768 ? ET:8 RT:28:8889 Rmac:44:38:39:ff:ff:29 Signed-off-by: Chirag Shah --- bgpd/bgp_evpn.c | 83 ++++++++++++++++++++++++++++++++++++++++++++---- bgpd/bgp_evpn.h | 3 ++ bgpd/bgp_route.c | 3 ++ 3 files changed, 83 insertions(+), 6 deletions(-) diff --git a/bgpd/bgp_evpn.c b/bgpd/bgp_evpn.c index 1a4364bb7460..a846484f0e41 100644 --- a/bgpd/bgp_evpn.c +++ b/bgpd/bgp_evpn.c @@ -315,18 +315,13 @@ static int is_vni_present_in_irt_vnis(struct list *vnis, struct bgpevpn *vpn) * This would be following category: * Non-imported route, * Non-EVPN imported route, - * Non Aggregate suppressed route. */ -bool is_route_injectable_into_evpn(struct bgp_path_info *pi) +bool is_route_injectable_into_evpn_non_supp(struct bgp_path_info *pi) { struct bgp_path_info *parent_pi; struct bgp_table *table; struct bgp_dest *dest; - /* do not import aggr suppressed routes */ - if (bgp_path_suppressed(pi)) - return false; - if (pi->sub_type != BGP_ROUTE_IMPORTED || !pi->extra || !pi->extra->vrfleak || !pi->extra->vrfleak->parent) return true; @@ -344,6 +339,21 @@ bool is_route_injectable_into_evpn(struct bgp_path_info *pi) return true; } +/* Flag if the route is injectable into EVPN. + * This would be following category: + * Non-imported route, + * Non-EVPN imported route, + * Non Aggregate suppressed route. + */ +bool is_route_injectable_into_evpn(struct bgp_path_info *pi) +{ + /* do not import aggr suppressed routes */ + if (bgp_path_suppressed(pi)) + return false; + + return is_route_injectable_into_evpn_non_supp(pi); +} + /* * Compare Route Targets. */ @@ -7711,3 +7721,64 @@ bool bgp_evpn_mpath_has_dvni(const struct bgp *bgp_vrf, return false; } + +/* Upon aggregate set trigger unimport suppressed routes + * from EVPN + */ +void bgp_aggr_supp_withdraw_from_evpn(struct bgp *bgp, afi_t afi, safi_t safi) +{ + struct bgp_dest *agg_dest, *dest, *top; + const struct prefix *aggr_p; + struct bgp_aggregate *bgp_aggregate; + struct bgp_table *table; + struct bgp_path_info *pi; + + if (!bgp_get_evpn() && !advertise_type5_routes(bgp, afi)) + return; + + /* Aggregate-address table walk. */ + table = bgp->rib[afi][safi]; + for (agg_dest = bgp_table_top(bgp->aggregate[afi][safi]); agg_dest; + agg_dest = bgp_route_next(agg_dest)) { + bgp_aggregate = bgp_dest_get_bgp_aggregate_info(agg_dest); + + if (bgp_aggregate == NULL) + continue; + + aggr_p = bgp_dest_get_prefix(agg_dest); + + /* Look all nodes below the aggregate prefix in + * global AFI/SAFI table (IPv4/IPv6). + * Trigger withdrawal (this will be Type-5 routes only) + * from EVPN Global table. + */ + top = bgp_node_get(table, aggr_p); + for (dest = bgp_node_get(table, aggr_p); dest; + dest = bgp_route_next_until(dest, top)) { + const struct prefix *dest_p = bgp_dest_get_prefix(dest); + + if (dest_p->prefixlen <= aggr_p->prefixlen) + continue; + + for (pi = bgp_dest_get_bgp_path_info(dest); pi; + pi = pi->next) { + if (pi->sub_type == BGP_ROUTE_AGGREGATE) + continue; + + /* Only Suppressed route remove from EVPN */ + if (!bgp_path_suppressed(pi)) + continue; + + if (BGP_DEBUG(zebra, ZEBRA)) + zlog_debug("%s aggregated %pFX remove suppressed route %pFX", + __func__, aggr_p, dest_p); + + if (!is_route_injectable_into_evpn_non_supp(pi)) + continue; + + bgp_evpn_withdraw_type5_route(bgp, dest_p, afi, + safi); + } + } + } +} diff --git a/bgpd/bgp_evpn.h b/bgpd/bgp_evpn.h index 840389758723..c641a64f627a 100644 --- a/bgpd/bgp_evpn.h +++ b/bgpd/bgp_evpn.h @@ -182,5 +182,8 @@ extern vni_t bgp_evpn_path_info_get_l3vni(const struct bgp_path_info *pi); extern bool bgp_evpn_mpath_has_dvni(const struct bgp *bgp_vrf, struct bgp_path_info *mpinfo); extern bool is_route_injectable_into_evpn(struct bgp_path_info *pi); +extern bool is_route_injectable_into_evpn_non_supp(struct bgp_path_info *pi); +extern void bgp_aggr_supp_withdraw_from_evpn(struct bgp *bgp, afi_t afi, + safi_t safi); #endif /* _QUAGGA_BGP_EVPN_H */ diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 45951e9ea88c..520185e60f22 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -7799,6 +7799,9 @@ bool bgp_aggregate_route(struct bgp *bgp, const struct prefix *p, afi_t afi, lcommunity = lcommunity_dup(aggregate->lcommunity); } + /* Unimport suppressed routes from EVPN */ + bgp_aggr_supp_withdraw_from_evpn(bgp, afi, safi); + bgp_aggregate_install(bgp, afi, safi, p, origin, aspath, community, ecommunity, lcommunity, atomic_aggregate, aggregate);