-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
zebra: Check both IPv4 and IPv6 NH before removing RMAC #14808
Conversation
BTW, the nexthop IP of EVPN type 5 route is an intermediate value to resolve to L2 neighbor (RMAC + VTEP) in VxLAN domain, thus not necessarily the same as VTEP IP. Linux rtnetlink also has RTA_VIA, so it's possible to use IPv4 nexthop in IPv6 route. Not sure if there's a way to specify L2 nexthop directly. |
struct ipaddr *ipv4_vtep, *ipv6_nh; | ||
|
||
memset(&tmp_ip, 0, sizeof(tmp_ip)); | ||
if (vtep_ip->ipa_type == IPADDR_V6) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we check if IPv4 is REALLY mapped? Like using IS_MAPPED_IPV6()
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Theoretically, yes. But currently only IPv4 VTEP is supported, and the nexthop is either IPv4 or IPv4-mapped. I think we can keep this assumption for now (like in zebra_vxlan_evpn_vrf_route_add), and handle other cases when adding support for IPv6 VTEP.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but at some level it's a bit safer (when VTEPs could be IPv6?) and more understandable looking at the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Regarding IPv6 VTEPs, things are different because the addresses can't be simply taken as nexthops of IPv4 routes. We should either allocate intermediate v4 addresses or use dataplane-dependent mechanisms like RTA_VIA (see my comment above).
Anyway, I'm adding this validation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we also have a topotest for this behavior?
Will add a topotest. |
7378f43
to
15acbc6
Compare
logger.info("==== Remove IPv6 network on R2") | ||
result = apply_raw_config(tgen, config_no_ipv6) | ||
assert result is True, "Failed to remove IPv6 network on R2, Error: {} ".format(result) | ||
topotest.sleep(4, "waiting 4 seconds for bgp convergence") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nah, sleep is not an acceptable option, can we use something here with retries?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Replaced sleep
with verify_bgp_rib
.
9d56e94
to
9cb30d1
Compare
output = tgen.gears["r1"].vtysh_cmd("show bgp vrf r1-vrf-101", isjson=False) | ||
logger.info("==== result from show bgp vrf r1-vrf-101 ") | ||
logger.info(output) | ||
output = tgen.gears["r1"].vtysh_cmd("show ip route vrf r1-vrf-101", isjson=False) | ||
logger.info("==== result from show ip route vrf r1-vrf-101") | ||
logger.info(output) | ||
output = tgen.gears["r1"].vtysh_cmd("show ipv6 route vrf r1-vrf-101", isjson=False) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It would be best to check json form output against the static collected json output
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ok
output = tgen.gears["r1"].vtysh_cmd("show evpn vni detail", isjson=False) | ||
logger.info("==== result from show evpn vni detail") | ||
logger.info(output) | ||
output = tgen.gears["r1"].vtysh_cmd("show evpn next-hops vni all", isjson=False) | ||
logger.info("==== result from show evpn next-hops vni all") | ||
logger.info(output) | ||
output = tgen.gears["r1"].vtysh_cmd("show evpn rmac vni all", isjson=False) | ||
logger.info("==== result from show evpn next-hops vni all") | ||
logger.info("==== result from show evpn rmac vni all") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can you check show specific rmac json output can compare number remote vteps:
Example:
show evpn rmac vni 8888 mac 44:38:39:ff:ff:33 json
{
"routerMac":"44:38:39:ff:ff:33",
"vtepIp":"27.0.0.7",
"nexthops":[
"27.0.0.7", <<<<<
"::ffff:1b00:7" <<<<<ipv6mappedv4 address
]
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The IPv4-mapped IPv6 address is used as next-hop of overlay IPv6 route, not VTEP, so it won't be shown here.
} else { | ||
ipv4_vtep = vtep_ip; | ||
ipv6_nh = &tmp_ip; | ||
ipv6_nh->ipa_type = IPADDR_V6; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why convert v4 vtep/nh address to v6 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When installing EVPN overlay routes, VTEP address is used as v4 next-hop, while v4-mapped v6 address is used as v6 next-hop. So should check for both v4 and v6 next-hops when deleting.
IPv4 and IPv4-mapped IPv6 address of a VTEP is used as nexthops of EVPN routes. Thus should check for both IPv4 and IPv6 before removing RMAC. Otherwise, withdrawing the last route in one address family breaks the other. Signed-off-by: Xiao Liang <[email protected]>
9cb30d1
to
e745e7d
Compare
Note that withdrawing IPv6 route should not affect IPv4. Signed-off-by: Xiao Liang <[email protected]>
e745e7d
to
279a917
Compare
@leonshaw Is there any issue file explaining the situation where RMAC is removed? If there are more data available along with some of the show commands outputs assist to shade light on the problem. |
@chiragshah6
When the IPv6 route is withdrawn, without the changes of this PR, the RMAC will be deleted because the IPv6 next-hop is gone and the RMAC is considered unreferenced.
With this change, zebra will find there's still an IPv4 next-hop, thus the RMAC is preserved.
|
This PR is stale because it has been open 180 days with no activity. Comment or remove the |
@chiragshah6 What to do with this PR now? |
Superseded by #16341. |
IPv4 and IPv4-mapped IPv6 address of a VTEP is used as nexthops of EVPN routes. Thus should check for both IPv4 and IPv6 before removing RMAC. Otherwise, withdrawing the last route in one address family breaks the other.