Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

bgpd: fix VRF leaking with 'no bgp network import-check' #15233

Merged
merged 2 commits into from
Jan 26, 2024
Merged

bgpd: fix VRF leaking with 'no bgp network import-check' #15233

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
45bf464
bgpd: fix VRF leaking with 'no bgp network import-check'
louis-6wind Apr 28, 2022
4bbfade
topotests: vpnv4 route leaking with no import-check
louis-6wind Jan 25, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion bgpd/bgp_mplsvpn.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1011,9 +1011,11 @@ static bool leak_update_nexthop_valid(struct bgp *to_bgp, struct bgp_dest *bn,
{
struct bgp_path_info *bpi_ultimate;
struct bgp *bgp_nexthop;
struct bgp_table *table;
bool nh_valid;

bpi_ultimate = bgp_get_imported_bpi_ultimate(source_bpi);
table = bgp_dest_table(bpi_ultimate->net);

if (bpi->extra && bpi->extra->vrfleak && bpi->extra->vrfleak->bgp_orig)
bgp_nexthop = bpi->extra->vrfleak->bgp_orig;
Expand All @@ -1029,7 +1031,17 @@ static bool leak_update_nexthop_valid(struct bgp *to_bgp, struct bgp_dest *bn,
is_pi_family_evpn(bpi_ultimate) ||
CHECK_FLAG(bpi_ultimate->flags, BGP_PATH_ACCEPT_OWN))
nh_valid = true;
else
else if (bpi_ultimate->type == ZEBRA_ROUTE_BGP &&
bpi_ultimate->sub_type == BGP_ROUTE_STATIC && table &&
(table->safi == SAFI_UNICAST ||
table->safi == SAFI_LABELED_UNICAST) &&
!CHECK_FLAG(bgp_nexthop->flags, BGP_FLAG_IMPORT_CHECK)) {
/* if the route is defined with the "network <prefix>" command
* and "no bgp network import-check" is set,
* then mark the nexthop as valid.
*/
nh_valid = true;
} else
/*
* TBD do we need to do anything about the
* 'connected' parameter?
Expand Down
9 changes: 9 additions & 0 deletions tests/topotests/bgp_l3vpn_to_bgp_vrf/customize.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,15 @@ def ltemplatePreRouterStartHook():
logger.info(
"setup {0} vrf {0}-cust1, {0}-eth4. enabled mpls input.".format(rtr)
)
# configure cust4 VRFs & MPLS
cmds = [
"ip link add {0}-cust4 type vrf table 30",
"ip link set dev {0}-cust4 up",
]
rtr = "r1"
for cmd in cmds:
cc.doCmd(tgen, rtr, cmd.format(rtr))
logger.info("setup {0} vrf {0}-cust3 and{0}-cust4.".format(rtr))
# configure cust2 VRFs & MPLS
rtrs = ["r4"]
cmds = [
Expand Down
13 changes: 13 additions & 0 deletions tests/topotests/bgp_l3vpn_to_bgp_vrf/r1/bgpd.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,19 @@ router bgp 5227 vrf r1-cust1
export vpn
exit-address-family

router bgp 5227 vrf r1-cust4
no bgp network import-check

bgp router-id 192.168.1.1

address-family ipv4 unicast
network 172.16.0.0/24

rd vpn export 10:14
rt vpn export 52:100

import vpn
export vpn
exit-address-family
!
end
16 changes: 12 additions & 4 deletions tests/topotests/bgp_l3vpn_to_bgp_vrf/scripts/check_routes.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,12 +59,20 @@
{"p": "5.1.1.0/24", "n": "99.0.0.1"},
{"p": "6.0.1.0/24", "n": "99.0.0.1"},
{"p": "6.0.2.0/24", "n": "99.0.0.1"},
{"p": "172.16.0.0/24", "n": "0.0.0.0", "bp": True},
{"p": "99.0.0.1/32", "n": "192.168.1.2"},
]
bgpribRequireUnicastRoutes(
"r1", "ipv4", "r1-cust1", "Customer 1 routes in r1 vrf", want_r1_cust1_routes
)

want_r1_cust4_routes = [
{"p": "172.16.0.0/24", "n": "0.0.0.0", "bp": True},
]
bgpribRequireUnicastRoutes(
"r1", "ipv4", "r1-cust4", "Customer 4 routes in r1 vrf", want_r1_cust4_routes
)

want_r3_cust1_routes = [
{"p": "5.1.0.0/24", "n": "99.0.0.2"},
{"p": "5.1.1.0/24", "n": "99.0.0.2"},
Expand Down Expand Up @@ -667,7 +675,7 @@
luCommand(
"ce1",
'vtysh -c "show bgp ipv4 uni"',
"12 routes and 12",
"13 routes and 13",
"wait",
"Local and remote routes",
10,
Expand All @@ -689,7 +697,7 @@
luCommand(
"ce2",
'vtysh -c "show bgp ipv4 uni"',
"12 routes and 15",
"13 routes and 16",
"wait",
"Local and remote routes",
10,
Expand Down Expand Up @@ -721,7 +729,7 @@
luCommand(
"ce3",
'vtysh -c "show bgp ipv4 uni"',
"12 routes and 13",
"13 routes and 14",
"wait",
"Local and remote routes",
10,
Expand All @@ -743,7 +751,7 @@
luCommand(
"ce4",
'vtysh -c "show bgp vrf ce4-cust2 ipv4 uni"',
"12 routes and 14",
"13 routes and 15",
"wait",
"Local and remote routes",
10,
Expand Down
2 changes: 1 addition & 1 deletion tests/topotests/bgp_l3vpn_to_bgp_vrf/scripts/scale_down.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@
luCommand(
rtr,
'vtysh -c "show bgp ipv4 uni" | grep Display',
" 12 route",
" 13 route",
"wait",
"BGP routes removed",
wait,
Expand Down
Loading