bgpd: add VRF support to RPKI #15052
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
louis-6wind
force-pushed
the
rpki-vrf-92
branch
4 times, most recently
from
9445cb7 to
a73037b
Compare
louis-6wind
force-pushed
the
rpki-vrf-92
branch
2 times, most recently
from
0b2ecdb to
795677e
Compare
louis-6wind
force-pushed
the
rpki-vrf-92
branch
2 times, most recently
from
0a490c6 to
35d58e6
Compare
|
This pull request has conflicts, please resolve those before we can evaluate the pull request. |
louis-6wind
force-pushed
the
rpki-vrf-92
branch
from
35d58e6 to
07df593
Compare
louis-6wind
force-pushed
the
rpki-vrf-92
branch
from
07df593 to
a7a24be
Compare
louis-6wind
force-pushed
the
rpki-vrf-92
branch
from
a7a24be to
e7c3df6
Compare
|
Could you add before and after CLI examples here? I'm wondering if there's an issue with configuring RPKI per vrf? |
ton31337
reviewed
Jan 18, 2024
doc/user/rpki.rst
Outdated
| router bgp 60001 vrf vrf_connect | ||
| bgp router-id 141.22.28.223 | ||
| network 192.168.0.0/16 | ||
| neighbor 123.123.123.0 remote-as 60002 |
There was a problem hiding this comment.
Use documentation ranges, please.
doc/user/rpki.rst
Outdated
| ! | ||
| exit-vrf | ||
| router bgp 60001 vrf vrf_connect | ||
| bgp router-id 141.22.28.223 |
There was a problem hiding this comment.
Use documentation ranges, please.
bgpd/bgp_rpki.c
Outdated
|
|
||
| for (ALL_LIST_ELEMENTS_RO(rpki_vrf_list, rpki_vrf_nnode, rpki_vrf)) { | ||
| if ((!vrfname && rpki_vrf->vrfname) || | ||
| (vrfname && !rpki_vrf->vrfname) || |
There was a problem hiding this comment.
!rpki_vrf->vrfname means this is a default VRF?
There was a problem hiding this comment.
Yes. I have clarified that with a small rework and some comments
bgpd/bgp_rpki.c
Outdated
| else | ||
| rpki_vrf = VTY_GET_CONTEXT(rpki_vrf); | ||
|
|
||
| if (!rpki_vrf->cache_list) |
There was a problem hiding this comment.
rpki_vrf can be NULL, and we should check before dereferencing it.
bgpd/bgp_rpki.c
Outdated
| return reset(true, rpki_vrf) == SUCCESS ? CMD_SUCCESS : CMD_WARNING; | ||
| } | ||
|
|
||
| DEFUN (rpki_reset_config_mode, |
bgpd/bgp_rpki.c
Outdated
| rpki_vrf = get_rpki_vrf(vrfname); | ||
|
|
||
| if (!rpki_vrf) | ||
| return CMD_SUCCESS; |
There was a problem hiding this comment.
I'm wondering if this really should be treated as SUCCESS...
There was a problem hiding this comment.
CMD_WARNING instead
RPKI stores its data in global variables. It does not allow specific date per VRF. Move global variable to a new structure named rpki_vrf and maintain a per VRF list of rpki_vrf. The changes are cosmetic because only the default VRF is supported yet. Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Remove rpki config command from enable node. It cannot work. Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Add a hook to call a future callback function when bgpd knows from zebra about the activation of de-activation of a VRF. It will be used by the RPKI module in next commits. Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Start or stop a RPKI cache servers in VRF when they are created or deleted. Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Create cache server socket in vrf Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Add a "vrf <vrfname>" argument to "show rpki" and "rpki" commands in enable mode Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Add support of RPKI commands in the VRF configure context. Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Show per VRF RPKI configuration in "show run". Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Set the RPKI validation state in the VRF BGP table. It allows applying a route-maps with "match rpki <state>" on a VRF neighbor. Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Add VRF name to some rpki logs Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Use documentation range in rpki manual Signed-off-by: Louis Scalbert <[email protected]>
Fix RPKI IPv4 address family example. Signed-off-by: Louis Scalbert <[email protected]>
It is not used anymore. Fixes: 2a5f5ec ("bgpd: Drop SSH public key for RPKI CLI option") Signed-off-by: Louis Scalbert <[email protected]>
Add documentation for per VRF RPKI commands Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Add "show bgp rpki prefix-count" command to show the number of received prefixes from RPKI cache servers. Signed-off-by: Philippe Guibert <[email protected]> Signed-off-by: Louis Scalbert <[email protected]>
Add vrf test to bgp_rpki_topo1 Signed-off-by: Louis Scalbert <[email protected]>
louis-6wind
force-pushed
the
rpki-vrf-92
branch
from
e7c3df6 to
2b30c4a
Compare
ton31337
approved these changes
Jan 21, 2024
|
ci:rerun CI successful, but github check (hook) missed |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add VRF support to RPKI
Re-Add #5015 that got reverted in #6740 due to rtlib lacking the required support (rtrlib/rtrlib#252).
Mentioned in #14220
This PR is not actually a draft but the topotest has a GPL-3 depedancy that needs to be solved. See #15034 (comment)