From f7a0eb6a1736e85b5991ffc919805b812a6d7576 Mon Sep 17 00:00:00 2001 From: Philippe Guibert Date: Mon, 23 Jan 2023 16:27:45 +0100 Subject: [PATCH 1/2] bgpd: encode properly vpnv6 nexthop This change updates the nexthop attribute length accordingly to the safi used. Actually, with the previous commit, the length calculated was not aligned with the real nexthop length. Such packet received by remote peer was malformed, and this was resulting in breaking vpnv6 peering. Fix this by updating appropriately the real nexthop length. Fixes: 35ac9b53f2e2 ("bgpd: fix vpnv6 nexthop encoding") Signed-off-by: Philippe Guibert --- bgpd/bgp_route.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/bgpd/bgp_route.c b/bgpd/bgp_route.c index 59d8544953..3f07e53bb6 100644 --- a/bgpd/bgp_route.c +++ b/bgpd/bgp_route.c @@ -2273,8 +2273,12 @@ bool subgroup_announce_check(struct bgp_dest *dest, struct bgp_path_info *pi, && peer->shared_network && (from == bgp->peer_self || peer->sort == BGP_PEER_EBGP))) { - attr->mp_nexthop_len = - BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL; + if (safi == SAFI_MPLS_VPN) + attr->mp_nexthop_len = + BGP_ATTR_NHLEN_VPNV6_GLOBAL_AND_LL; + else + attr->mp_nexthop_len = + BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL; } /* Clear off link-local nexthop in source, whenever it is not From 9795e9f23465f26628a75be15771a01427336dad Mon Sep 17 00:00:00 2001 From: Philippe Guibert Date: Mon, 23 Jan 2023 16:31:12 +0100 Subject: [PATCH 2/2] bgpd: fix when route-map changes the link local nexthop for vpnv6 This fix updates the nexthop length of a bgp update to be transmitted to a remote peer. Before the previous commit, the ipv6 nexthop length was internally set to 32 bytes which was not correct, as it should be 48 bytes which is conform to the vpnv6 encoding format. However, without the previous match, even if internally, the nexthop length was set to 32, the real nexthop length was set to 48 bytes, and everything was operating ok. Now, if we use the following route-map, and attach it to outgoing for vpnv6 address family, then we have a malformed packet detected, and the peering breaks. > route-map rmap permit 1 > set ipv6 next-hop global 5:5::3:6 > set ipv6 next-hop local fe80:55::333:222 Maintain the mp_nexthop_len to 48 bytes if it was already set to 48 previously. Fixes: 35ac9b53f2e2 ("bgpd: fix vpnv6 nexthop encoding") Signed-off-by: Philippe Guibert --- bgpd/bgp_routemap.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/bgpd/bgp_routemap.c b/bgpd/bgp_routemap.c index 1ce2eb4352..d00bdd2571 100644 --- a/bgpd/bgp_routemap.c +++ b/bgpd/bgp_routemap.c @@ -3585,7 +3585,8 @@ route_set_ipv6_nexthop_local(void *rule, const struct prefix *p, void *object) path->attr->mp_nexthop_local = *address; /* Set nexthop length. */ - if (path->attr->mp_nexthop_len != BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL) + if (path->attr->mp_nexthop_len != BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL && + path->attr->mp_nexthop_len != BGP_ATTR_NHLEN_VPNV6_GLOBAL_AND_LL) path->attr->mp_nexthop_len = BGP_ATTR_NHLEN_IPV6_GLOBAL_AND_LL; SET_FLAG(path->attr->rmap_change_flags,