summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* pbrd: Add PBR to FRRDonald Sharp2018-04-0635-20/+3861
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is an implementation of PBR for FRR. This implemenation uses a combination of rules and tables to determine how packets will flow. PBR introduces a new concept of 'nexthop-groups' to specify a group of nexthops that will be used for ecmp. Nexthop-groups are specified on the cli via: nexthop-group DONNA nexthop 192.168.208.1 nexthop 192.168.209.1 nexthop 192.168.210.1 ! PBR sees the nexthop-group and installs these as a default route with these nexthops starting at table 10000 robot# show pbr nexthop-groups Nexthop-Group: DONNA Table: 10001 Valid: 1 Installed: 1 Valid: 1 nexthop 192.168.209.1 Valid: 1 nexthop 192.168.210.1 Valid: 1 nexthop 192.168.208.1 I have also introduced the ability to specify a table in a 'show ip route table XXX' to see the specified tables. robot# show ip route table 10001 Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, P - PIM, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, > - selected route, * - FIB route F>* 0.0.0.0/0 [0/0] via 192.168.208.1, enp0s8, 00:14:25 * via 192.168.209.1, enp0s9, 00:14:25 * via 192.168.210.1, enp0s10, 00:14:25 PBR tracks PBR-MAPS via the pbr-map command: ! pbr-map EVA seq 10 match src-ip 4.3.4.0/24 set nexthop-group DONNA ! pbr-map EVA seq 20 match dst-ip 4.3.5.0/24 set nexthop-group DONNA ! pbr-maps can have 'match src-ip <prefix>' and 'match dst-ip <prefix>' to affect decisions about incoming packets. Additionally if you only have one nexthop to use for a pbr-map you do not need to setup a nexthop-group and can specify 'set nexthop XXXX'. To apply the pbr-map to an incoming interface you do this: interface enp0s10 pbr-policy EVA ! When a pbr-map is applied to interfaces it can be installed into the kernel as a rule: [sharpd@robot frr1]$ ip rule show 0: from all lookup local 309: from 4.3.4.0/24 iif enp0s10 lookup 10001 319: from all to 4.3.5.0/24 iif enp0s10 lookup 10001 1000: from all lookup [l3mdev-table] 32766: from all lookup main 32767: from all lookup default [sharpd@robot frr1]$ ip route show table 10001 default proto pbr metric 20 nexthop via 192.168.208.1 dev enp0s8 weight 1 nexthop via 192.168.209.1 dev enp0s9 weight 1 nexthop via 192.168.210.1 dev enp0s10 weight 1 The linux kernel now will use the rules and tables to properly apply these policies. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com> Signed-off-by: Don Slice <dslice@cumulusnetworks.com> Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* Merge pull request #2029 from cdwertmann/patch-1Donald Sharp2018-04-063-3/+3
|\ | | | | add libpython-dev to 16.04 build dependencies
| * debianpkg: add libpython-dev to 17.10 & 18.04 build dependenciesChristoph Dwertmann2018-04-062-2/+2
| | | | | | | | Signed-off-by: Christoph Dwertmann <cdwertmann@gmail.com>
| * debianpkg: add libpython-dev to 16.04 build dependenciesChristoph Dwertmann2018-04-061-1/+1
|/ | | | Signed-off-by: Christoph Dwertmann <cdwertmann@gmail.com>
* Merge pull request #2028 from qlyoung/cleanup-static-route-consistent-orderingRuss White2018-04-051-7/+7
|\ | | | | zebra: consistently order static route attributes
| * zebra: consistently order static route attributesQuentin Young2018-04-041-7/+7
| | | | | | | | | | | | Everyone else displays them with nexthop-vrf last. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* | Merge pull request #2022 from qlyoung/warn-vtysh-u-securityRuss White2018-04-052-1/+13
|\ \ | | | | | | doc: warn users about vtysh / telnet security
| * | doc: warn users about vtysh / telnet securityQuentin Young2018-04-032-1/+13
| |/ | | | | | | Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* | Merge pull request #2013 from qlyoung/docuserRuss White2018-04-053-375/+506
|\ \ | | | | | | doc: add more CLI documentation
| * | doc: add more CLI documentationQuentin Young2018-04-023-375/+506
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Document modes & nodes * Document walkup behavior * Document struct cmd_node * Add graph of node relationships * Reorder sections to make more logical sense * Rewrap sections to 80 lines * Fix code block indent * Specify language for code blocks in order to get syntax highlighting Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* | | Merge pull request #2006 from qlyoung/remove-irdp-nodeRuss White2018-04-052-2/+0
|\ \ \ | | | | | | | | lib: remove IRDP_NODE
| * | | lib: remove IRDP_NODEQuentin Young2018-04-032-2/+0
| | | | | | | | | | | | | | | | | | | | | | | | Unused Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* | | | Merge pull request #2002 from qlyoung/remove-undebugRuss White2018-04-054-14/+62
|\ \ \ \ | | | | | | | | | | bgpd, pim: remove undebug
| * | | | bgpd, pim: remove undebugQuentin Young2018-04-024-14/+62
| | |/ / | |/| | | | | | | | | | | | | | | | | | | | | | This 'undebug' syntax is only used in 5 commands and serves no apparent purpose. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* | | | Merge pull request #1998 from qlyoung/fix-vrf-keyword-walkupRuss White2018-04-052-1/+27
|\ \ \ \ | | | | | | | | | | lib, vtysh: vrf walkup bugfix
| * | | | lib, vtysh: vrf walkup bugfixQuentin Young2018-03-302-1/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Static route commands are now installed inside the VRF nodes. This has quietly broken top-level static routes in certain scenarios due to walkup logic resolving a static route configuration command inside VRF_NODE first if the command is issued while in a CLI node lower than VRF_NODE. To fix this VRF_NODE needs a special exit command, as has been done for many other nodes with the same issue, to explicitly change the vrf context to the default VRF so that when walkup resolves against the VRF node it will configure against the default VRF as desired. Of course this is a hack on top of a hack and the CLI walkup implementation needs to be rewritten. Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* | | | | Merge pull request #1979 from LabNConsulting/working/master/bgp-nht-labelsRuss White2018-04-0518-107/+360
|\ \ \ \ \ | | | | | | | | | | | | bgpd: nexthop tracking with labels for vrf-vpn leaking
| * | | | | bgpd: nexthop tracking with labels for vrf-vpn leakingG. Paul Ziemba2018-04-0415-107/+319
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Routes that have labels must be sent via a nexthop that also has labels. This change notes whether any path in a nexthop update from zebra contains labels. If so, then the nexthop is valid for routes that have labels. If a nexthop update has no labeled paths, then any labeled routes referencing the nexthop are marked not valid. Add a route flag BGP_INFO_ANNC_NH_SELF that means "advertise myself as nexthop when announcing" so that we can track our notion of the nexthop without revealing it to peers. Signed-off-by: G. Paul Ziemba <paulz@labn.net>
| * | | | | bgpd: simplify bgp instance name printingG. Paul Ziemba2018-04-042-0/+25
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: G. Paul Ziemba <paulz@labn.net>
| * | | | | lib/prefix.[ch]: add family2str()G. Paul Ziemba2018-04-042-0/+16
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: G. Paul Ziemba <paulz@labn.net>
* | | | | | Merge pull request #2023 from LabNConsulting/working/master/confdate+releaseMartin Winter2018-04-059-12/+20
|\ \ \ \ \ \ | | | | | | | | | | | | | | Use new way of avoiding deprecated related warnings in non-dev branches
| * | | | | | Makefile.am: change verstion type detection, if just numbers = _RELEASE, ↵Lou Berger2018-04-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | _DEV otherwise Signed-off-by: Lou Berger <lberger@labn.net>
| * | | | | | doc: add note and example on use of VERSION_TYPE_DEV and CONFDATELou Berger2018-04-031-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Lou Berger <lberger@labn.net>
| * | | | | | *: Only test CONFDATE when VERSION_TYPE_DEV definedLou Berger2018-04-037-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Lou Berger <lberger@labn.net>
| * | | | | | Makefile.am: add automatic defintion of VERSION_TYPE_(DEV_|RELEASE) CPP typeLou Berger2018-04-031-1/+2
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | Signed-off-by: Lou Berger <lberger@labn.net>
* | | | | | Merge pull request #2026 from ajones-rvbd/ajones-issue-2024Quentin Young2018-04-045-20/+31
|\ \ \ \ \ \ | |_|/ / / / |/| | | | | alpine packaging: build packages and base image directly from git
| * | | | | alpine packaging: build packages and base image directly from gitArthur Jones2018-04-045-20/+31
|/ / / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, we tar up the git repo before building alpine packages. This ensures that the packages we're building are exactly what is checked in. But, in practice, this restriction causes us to not be able to build off of git contexts, which is a convenient feature especially when using docker-compose. So, here, we build the alpine packages directly from the contents of the current directory and we install the packages into a base image to ease downstream consumption. There is still work to be done in that area, as we need to package up the daemons, frr user and all the rest, but that's for later... Testing-done: Built directly from the git repo, built from a reference to the git repo and built using docker-compose, all seemed to work. Also, tested by @leleobhz and seems to build fine. Thanks to Leonardo Amaral (@leleobhz) for reporting the issue and for the original idea for a fix. Issue: https://github.com/FRRouting/frr/issues/2024 Signed-off-by: Arthur Jones <arthur.jones@riverbed.com>
* | | | | Merge pull request #1993 from vivek-cumulus/evpn-fixesLou Berger2018-04-044-11/+36
|\ \ \ \ \ | | | | | | | | | | | | Evpn fixes
| * | | | | bgpd: Fix use of ROUTE_IMPORTED for EVPNvivek2018-03-303-11/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ensure that only EVPN routes are flagged as such when installing into or withdrawing from zebra, the earlier check broke L3VPN or VRF route-leaked routes. Also, fix an incorrect check related to imported routes in path selection. Updates: bgpd: Use BGP_ROUTE_IMPORTED for EVPN [vivek] Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com>
| * | | | | bgpd: Cleanup linkage between L2 VNIs and L3 VNIvivek2018-03-301-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When an L3 VNI is deleted, cleanup linkage to it from associated L2 VNIs. Updates: bgpd: keep a backpointer to vrf instance in struct bgpevpn [Mitesh Kanjariya] Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com> Reviewed-by: Mitesh Kanjariya <mitesh@cumulusnetworks.com>
* | | | | | Merge pull request #2015 from pguibert6WIND/issue_1999Lou Berger2018-04-041-1/+3
|\ \ \ \ \ \ | | | | | | | | | | | | | | bgpd: Flowspec client failed to update `exit-address-family`
| * | | | | | bgpd: Flowspec client failed to update `exit-address-family`Philippe Guibert2018-04-031-1/+3
| | |_|_|_|/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Flowspec client failed to update `exit-address-family`. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* | | | | | Merge pull request #1927 from pguibert6WIND/issue_1926Renato Westphal2018-04-043-0/+80
|\ \ \ \ \ \ | |_|_|/ / / |/| | | | | zebra: delete interface that disappeared
| * | | | | zebra: delete interface that disappearedPhilippe Guibert2018-03-263-0/+80
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When moving interfaces to an other place, like other netns, the remaining interface is still present, with inactive status. Now, that interface is deleted from the list, if the interface appears on an other netns. If not, the interface is kept. Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* | | | | | Merge pull request #1894 from LabNConsulting/working/master/vtysh-not-enabledQuentin Young2018-04-034-9/+35
|\ \ \ \ \ \ | | | | | | | | | | | | | | vtysh: add -u/--user flag to run commands without enable
| * | | | | | manpages: vtysh.rst add description of -u/--user flagsLou Berger2018-03-281-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Lou Berger <lberger@labn.net>
| * | | | | | vtysh: move user_mode to header file, keep checkpatch happyLou Berger2018-03-283-3/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Lou Berger <lberger@labn.net>
| * | | | | | vtysh: add -u/--user flag to run commands without enableLou Berger2018-03-282-9/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Lou Berger <lberger@labn.net>
* | | | | | | Merge pull request #2010 from donaldsharp/ns_fixesPhilippe Guibert2018-04-031-5/+5
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | lib: Namespaces should only complain about failure if we have it
| * | | | | | | lib: Namespaces should only complain about failure if we have itDonald Sharp2018-03-311-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Do not complain about failure to create a namespace if we do not have any such thing going on. Signed-off-by: Donald Sharp <sharpd@cumulusnetworks.com>
* | | | | | | | Merge pull request #2016 from pguibert6WIND/issue_2000Quentin Young2018-04-031-1/+1
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | bgpd: `logical-router` netns vtysh configuration comparison incorrect
| * | | | | | | | bgpd: `logical-router` netns vtysh configuration comparison incorrectPhilippe Guibert2018-04-031-1/+1
| | |_|_|/ / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `logical-router` netns vtysh configuration comparison incorrect Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
* | | | | | | | Merge pull request #2014 from qlyoung/draft-bz-v4goawayflag-00Russ White2018-04-033-34/+0
|\ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | Revert "zebra: implement draft-bz-v4goawayflag-00"
| * | | | | | | | Revert "zebra: implement draft-bz-v4goawayflag-00"Quentin Young2018-04-023-34/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This reverts commit 3fec765a8d986664a555c161b814b4bf3332cdf0. April fools! Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* | | | | | | | | Merge pull request #1882 from LabNConsulting/working/master/community-dismissMartin Winter2018-04-031-1/+9
|\ \ \ \ \ \ \ \ \ | |_|/ / / / / / / |/| | | | | | | | workflow.rst: add note that author's shouldn't delete a comment or review
| * | | | | | | | developer: workflow.rst - fix typoLou Berger2018-03-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Lou Berger <lberger@labn.net>
| * | | | | | | | developer: workflow.rst - add text on how to respond to reviews/commentsLou Berger2018-03-271-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | add note that author's shouldn't remove a comment or review. also add a note that automatically generated comments can be deleted by authors and others when such comments are not the most results from that automated comment source. Signed-off-by: Lou Berger <lberger@labn.net>
* | | | | | | | | Merge pull request #2005 from qlyoung/remove-masc-nodeRafael Zalamena2018-04-024-7/+0
|\ \ \ \ \ \ \ \ \ | | | | | | | | | | | | | | | | | | | | lib: remove MASC_NODE
| * | | | | | | | | lib: remove MASC_NODEQuentin Young2018-03-304-7/+0
| | |_|/ / / / / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Unused Signed-off-by: Quentin Young <qlyoung@cumulusnetworks.com>
* | | | | | | | | Merge pull request #2003 from qlyoung/remove-service-nodeRafael Zalamena2018-04-023-7/+3
|\ \ \ \ \ \ \ \ \ | |_|_|_|_|_|_|_|/ |/| | | | | | | | lib: remove SERVICE_NODE
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-13 08:50:45 +0100