zebra: support for MAC-IP sync routes

MAC-IP routes are used for syncing local entries across redundant switches in an EVPN-MH setup. A path from a peer that has a local ES as destination is tagged as a SYNC path. The SYNC path results in the addition of local MAC and/or local neigh entry in zebra and in the dataplane. Implementation overview ======================= 1. Three new flags "local-inactive", "peer-active" and "peer-proxy" are maintained per-local-MAC and per-local-Neigh entry. 2. The "peer-XXX" flags are set and cleared via SYNC path updates from BGP. Proxy sync paths result in the setting of "peer-proxy" flag (and non-proxies result in the "peer-active"). 3. A neigh entry that has a "peer-XXX" flag set is programmed as "static" in the dataplane. 4. A MAC entry that has a "peer-XXX" flag set or is referenced by a sync-neigh entry (that has a "peer-XXX" flags set) is programmed as "static" in the dataplane. 5. The sync-seq number is used to normalize the MM seq number across all the redundant switches i.e. the max MM seq number across all switches is used by each of the switches. This commit also includes the changes needed for extended MM seq syncing. 6. A MAC/neigh entry has to be local-active or peer-active to sent to BGP. An entry that is NOT local-active is sent with the proxy flag (so BGP can "proxy" advertise it). 7. The "peer-active" flag is aged out by zebra by using a hold_timer (this is instead of being abruptly dropped on SYNC path delete). This age-out is needed to handle peer-switch restart (procedures are specified in draft-rbickhart-evpn-ip-mac-proxy-adv). The holdtime needs to be sufficiently long to allow an external neighmgr daemon or the dataplane component to independently probe and establish local reachability of a host. The MAC and neigh hold time values are configurable. PS: In the future this probing may happen in FRR itself. CLI changes to display sync info ================================ MAC === >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> root@torm-11:mgmt:~# net show evpn mac vni 1000 Number of MACs (local and remote) known for this VNI: 6 Flags: N=sync-neighs, I=local-inactive, P=peer-active, X=peer-proxy MAC Type Flags Intf/Remote ES/VTEP VLAN Seq #'s 00:02:00:00:00:25 local vlan1000 1000 0/0 02:02:00:00:00:02 local PI hostbond1 1000 0/0 02:02:00:00:00:06 remote 03:00:00:00:00:02:11:00:00:01 0/0 02:02:00:00:00:01 local X hostbond1 1000 0/0 00:00:00:00:00:11 local PI hostbond1 1000 0/0 02:02:00:00:00:05 remote 03:00:00:00:00:02:11:00:00:01 0/0 root@torm-11:mgmt:~# root@torm-11:mgmt:~# net show evpn mac vni 1000 mac 00:00:00:00:00:11 MAC: 00:00:00:00:00:11 ESI: 03:00:00:00:00:01:11:00:00:01 Intf: hostbond1(58) VLAN: 1000 Sync-info: neigh#: 0 local-inactive peer-active >>>>>>>>>>>> Local Seq: 0 Remote Seq: 0 Neighbors: No Neighbors root@torm-11:mgmt:~# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> neigh ===== >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> root@torm-11:mgmt:~# net show evpn arp vni 1003 Number of ARPs (local and remote) known for this VNI: 4 Flags: I=local-inactive, P=peer-active, X=peer-proxy Neighbor Type Flags State MAC Remote ES/VTEP Seq #'s 2001:fee1:0:3::6 local active 00:02:00:00:00:25 0/0 45.0.3.66 local P active 00:02:00:00:00:66 0/0 45.0.3.6 local active 00:02:00:00:00:25 0/0 fe80::202:ff:fe00:25 local active 00:02:00:00:00:25 0/0 root@torm-11:mgmt:~# root@torm-11:mgmt:~# net show evpn arp vni 1003 ip 45.0.3.66 IP: 45.0.3.66 Type: local State: active MAC: 00:02:00:00:00:66 Sync-info: peer-active >>>>>>>>>>>>>>>> Local Seq: 0 Remote Seq: 0 root@torm-11:mgmt:~# >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> Signed-off-by: Anuradha Karuppiah <anuradhak@cumulusnetworks.com>
2025-06-18 01:48:51 +00:00 · 2020-03-29 08:43:55 -07:00 · 2020-03-29 08:43:55 -07:00 · b169fd6fd5
commit b169fd6fd5
parent f188e68e5c
7 changed files with 2097 additions and 267 deletions
--- a/zebra/rt_netlink.c
+++ b/zebra/rt_netlink.c
@ -2733,7 +2733,7 @@ static ssize_t netlink_neigh_update_msg_encode(
 			return 0;
 	}
 	if (nfy) {
-		if (!nl_attr_put32(&req->n, datalen, NDA_NOTIFY,
+		if (!nl_attr_put(&req->n, datalen, NDA_NOTIFY,
 				&nfy_flags, sizeof(nfy_flags)))
 			return 0;
 	}
--- a/zebra/zebra_dplane.h
+++ b/zebra/zebra_dplane.h
@ -543,8 +543,7 @@ void dplane_mac_init(struct zebra_dplane_ctx *ctx,
 		     const struct ethaddr *mac,
 		     struct in_addr vtep_ip,
 		     bool sticky,
-		     uint32_t nhg_id,
-		     uint32_t update_flags);
+		     uint32_t nhg_id, uint32_t update_flags);

 /*
 * Enqueue evpn neighbor updates for the dataplane.
--- a/zebra/zebra_evpn_mh.c
+++ b/zebra/zebra_evpn_mh.c
@ -1085,6 +1085,10 @@ static struct zebra_evpn_es *zebra_evpn_es_new(esi_t *esi)
 	listset_app_node_mem(es->es_vtep_list);
 	es->es_vtep_list->cmp = zebra_evpn_es_vtep_cmp;

+	/* mac entries associated with the ES */
+	es->mac_list = list_new();
+	listset_app_node_mem(es->mac_list);
+
 	/* reserve a NHG  */
 	es->nhg_id = zebra_evpn_nhid_alloc(true);

@ -1098,15 +1102,15 @@ static struct zebra_evpn_es *zebra_evpn_es_new(esi_t *esi)
 * This just frees appropriate memory, caller should have taken other
 * needed actions.
 */
-static void zebra_evpn_es_free(struct zebra_evpn_es *es)
+static struct zebra_evpn_es *zebra_evpn_es_free(struct zebra_evpn_es *es)
 {
 	/* If the ES has a local or remote reference it cannot be freed.
 	 * Free is also prevented if there are MAC entries referencing
 	 * it.
 	 */
 	if ((es->flags & (ZEBRA_EVPNES_LOCAL | ZEBRA_EVPNES_REMOTE)) ||
-			es->mac_cnt)
-		return;
+			listcount(es->mac_list))
+		return es;

 	if (IS_ZEBRA_DEBUG_EVPN_MH_ES)
 		zlog_debug("es %s free", es->esi_str);
@ -1121,11 +1125,14 @@ static void zebra_evpn_es_free(struct zebra_evpn_es *es)
 	/* cleanup resources maintained against the ES */
 	list_delete(&es->es_evi_list);
 	list_delete(&es->es_vtep_list);
+	list_delete(&es->mac_list);

 	/* remove from the VNI-ESI rb tree */
 	RB_REMOVE(zebra_es_rb_head, &zmh_info->es_rb_tree, es);

 	XFREE(MTYPE_ZES, es);
+
+	return NULL;
 }

 /* Inform BGP about local ES addition */
@ -1278,6 +1285,21 @@ static void zebra_evpn_es_setup_evis(struct zebra_evpn_es *es)
 	}
 }

+static void zebra_evpn_es_local_mac_update(struct zebra_evpn_es *es,
+		bool force_clear_static)
+{
+	zebra_mac_t *mac;
+	struct listnode	*node;
+
+	for (ALL_LIST_ELEMENTS_RO(es->mac_list, node, mac)) {
+		if (CHECK_FLAG(mac->flags, ZEBRA_MAC_ES_PEER_ACTIVE)) {
+			zebra_vxlan_sync_mac_dp_install(mac,
+					false /* set_inactive */,
+					force_clear_static, __func__);
+		}
+	}
+}
+
 static void zebra_evpn_es_local_info_set(struct zebra_evpn_es *es,
 		struct zebra_if *zif)
 {
@ -1314,6 +1336,12 @@ static void zebra_evpn_es_local_info_set(struct zebra_evpn_es *es,
 	 * the zif
 	 */
 	zebra_evpn_es_setup_evis(es);
+	/* if there any local macs referring to the ES as dest we
+	 * need to set the static reference on them if the MAC is
+	 * synced from an ES peer
+	 */
+	zebra_evpn_es_local_mac_update(es,
+			false /* force_clear_static */);
 }

 static void zebra_evpn_es_local_info_clear(struct zebra_evpn_es *es)
@ -1324,6 +1352,12 @@ static void zebra_evpn_es_local_info_clear(struct zebra_evpn_es *es)
 		return;

 	es->flags &= ~ZEBRA_EVPNES_LOCAL;
+	/* if there any local macs referring to the ES as dest we
+	 * need to clear the static reference on them
+	 */
+	zebra_evpn_es_local_mac_update(es,
+			true /* force_clear_static */);
+
 	/* clear the es from the parent interface */
 	zif = es->zif;
 	zif->es_info.es = NULL;
@ -1539,11 +1573,11 @@ void zebra_evpn_es_mac_deref_entry(zebra_mac_t *mac)
 	struct zebra_evpn_es *es = mac->es;

 	mac->es = NULL;
-	if (!es || !es->mac_cnt)
+	if (!es)
 		return;

-	--es->mac_cnt;
-	if (!es->mac_cnt)
+	list_delete_node(es->mac_list, &mac->es_listnode);
+	if (!listcount(es->mac_list))
 		zebra_evpn_es_free(es);
 }

@ -1562,11 +1596,13 @@ bool zebra_evpn_es_mac_ref_entry(zebra_mac_t *mac, struct zebra_evpn_es *es)
 		return true;

 	mac->es = es;
-	++es->mac_cnt;
+	listnode_init(&mac->es_listnode, mac);
+	listnode_add(es->mac_list, &mac->es_listnode);
+
 	return true;
 }

-void zebra_evpn_es_mac_ref(zebra_mac_t *mac, esi_t *esi)
+bool zebra_evpn_es_mac_ref(zebra_mac_t *mac, esi_t *esi)
 {
 	struct zebra_evpn_es *es;

@ -1577,7 +1613,7 @@ void zebra_evpn_es_mac_ref(zebra_mac_t *mac, esi_t *esi)
 			zlog_debug("auto es %s add on mac ref", es->esi_str);
 	}

-	zebra_evpn_es_mac_ref_entry(mac, es);
+	return zebra_evpn_es_mac_ref_entry(mac, es);
 }

 /* Inform BGP about local ES-EVI add or del */
@ -1769,7 +1805,7 @@ static void zebra_evpn_es_show_entry_detail(struct vty *vty,
 				(es->flags & ZEBRA_EVPNES_READY_FOR_BGP) ?
 				"yes" : "no");
 		vty_out(vty, " VNI Count: %d\n", listcount(es->es_evi_list));
-		vty_out(vty, " MAC Count: %d\n", es->mac_cnt);
+		vty_out(vty, " MAC Count: %d\n", listcount(es->mac_list));
 		vty_out(vty, " Nexthop group: 0x%x\n", es->nhg_id);
 		vty_out(vty, " VTEPs:\n");
 		for (ALL_LIST_ELEMENTS_RO(es->es_vtep_list, node, zvtep))
@ -2037,6 +2073,39 @@ static void zebra_evpn_es_get_one_base_vni(void)
 }

 /*****************************************************************************/
+void zebra_evpn_mh_config_write(struct vty *vty)
+{
+	if (zmh_info->mac_hold_time != EVPN_MH_MAC_HOLD_TIME_DEF)
+		vty_out(vty, "evpn mh mac-holdtime %ld\n",
+			zmh_info->mac_hold_time);
+
+	if (zmh_info->neigh_hold_time != EVPN_MH_NEIGH_HOLD_TIME_DEF)
+		vty_out(vty, "evpn mh neigh-holdtime %ld\n",
+			zmh_info->neigh_hold_time);
+}
+
+int zebra_evpn_mh_neigh_holdtime_update(struct vty *vty,
+		uint32_t duration, bool set_default)
+{
+	if (set_default)
+		zmh_info->neigh_hold_time = EVPN_MH_NEIGH_HOLD_TIME_DEF;
+
+	zmh_info->neigh_hold_time = duration;
+
+	return 0;
+}
+
+int zebra_evpn_mh_mac_holdtime_update(struct vty *vty,
+		uint32_t duration, bool set_default)
+{
+	if (set_default)
+		duration = EVPN_MH_MAC_HOLD_TIME_DEF;
+
+	zmh_info->mac_hold_time = duration;
+
+	return 0;
+}
+
 void zebra_evpn_interface_init(void)
 {
 	install_element(INTERFACE_NODE, &zebra_evpn_es_id_cmd);
@ -2047,6 +2116,8 @@ void zebra_evpn_mh_init(void)
 {
 	zrouter.mh_info = XCALLOC(MTYPE_ZMH_INFO, sizeof(*zrouter.mh_info));

+	zmh_info->mac_hold_time = EVPN_MH_MAC_HOLD_TIME_DEF;
+	zmh_info->neigh_hold_time = EVPN_MH_NEIGH_HOLD_TIME_DEF;
 	/* setup ES tables */
 	RB_INIT(zebra_es_rb_head, &zmh_info->es_rb_tree);
 	zmh_info->local_es_list = list_new();
--- a/zebra/zebra_evpn_mh.h
+++ b/zebra/zebra_evpn_mh.h
@ -69,8 +69,8 @@ struct zebra_evpn_es {
 	/* [!EVPNES_LOCAL] List of remote VTEPs (zebra_evpn_es_vtep) */
 	struct list *es_vtep_list;

-	/* zebra_mac_t entries using this ES as destination */
-	uint32_t mac_cnt;
+	/* list of zebra_mac entries using this ES as destination */
+	struct list *mac_list;

 	/* Nexthop group id */
 	uint32_t nhg_id;
@ -171,6 +171,12 @@ struct zebra_evpn_mh_info {
 */
 #define EVPN_NH_ID_TYPE_BIT  (1 << EVPN_NH_ID_TYPE_POS)
 #define EVPN_NHG_ID_TYPE_BIT (2 << EVPN_NH_ID_TYPE_POS)
+
+	/* XXX - re-visit the default hold timer value */
+#define EVPN_MH_MAC_HOLD_TIME_DEF (18 * 60)
+	long mac_hold_time;
+#define EVPN_MH_NEIGH_HOLD_TIME_DEF (18 * 60)
+	long neigh_hold_time;
 };

 static inline bool zebra_evpn_mac_is_es_local(zebra_mac_t *mac)
@ -215,7 +221,7 @@ extern void zebra_evpn_es_evi_show_vni(struct vty *vty, bool uj,
 extern void zebra_evpn_es_mac_deref_entry(zebra_mac_t *mac);
 extern bool zebra_evpn_es_mac_ref_entry(zebra_mac_t *mac,
 		struct zebra_evpn_es *es);
-extern void zebra_evpn_es_mac_ref(zebra_mac_t *mac, esi_t *esi);
+extern bool zebra_evpn_es_mac_ref(zebra_mac_t *mac, esi_t *esi);
 extern struct zebra_evpn_es *zebra_evpn_es_find(esi_t *esi);
 extern void zebra_evpn_interface_init(void);
 extern int zebra_evpn_mh_if_write(struct vty *vty, struct interface *ifp);
@ -224,5 +230,10 @@ extern void zebra_evpn_acc_vl_show_detail(struct vty *vty, bool uj);
 extern void zebra_evpn_acc_vl_show_vid(struct vty *vty, bool uj, vlanid_t vid);
 extern void zebra_evpn_if_es_print(struct vty *vty, struct zebra_if *zif);
 extern void zebra_evpn_es_cleanup(void);
+extern int zebra_evpn_mh_mac_holdtime_update(struct vty *vty,
+		uint32_t duration, bool set_default);
+void zebra_evpn_mh_config_write(struct vty *vty);
+int zebra_evpn_mh_neigh_holdtime_update(struct vty *vty,
+		uint32_t duration, bool set_default);

 #endif /* _ZEBRA_EVPN_MH_H */
--- a/zebra/zebra_vxlan.c
+++ b/zebra/zebra_vxlan.c
--- a/zebra/zebra_vxlan.h
+++ b/zebra/zebra_vxlan.h
@ -165,14 +165,15 @@ extern int zebra_vxlan_svi_down(struct interface *ifp,
 extern int zebra_vxlan_handle_kernel_neigh_update(
 	struct interface *ifp, struct interface *link_if, struct ipaddr *ip,
 	struct ethaddr *macaddr, uint16_t state, bool is_ext,
-	bool is_router);
+	bool is_router, bool local_inactive, bool dp_static);
 extern int zebra_vxlan_handle_kernel_neigh_del(struct interface *ifp,
 				       struct interface *link_if,
 				       struct ipaddr *ip);
 extern int zebra_vxlan_local_mac_add_update(struct interface *ifp,
 					    struct interface *br_if,
 					    struct ethaddr *mac, vlanid_t vid,
-					    bool sticky);
+					    bool sticky, bool local_inactive,
+						bool dp_static);
 extern int zebra_vxlan_local_mac_del(struct interface *ifp,
 				     struct interface *br_if,
 				     struct ethaddr *mac, vlanid_t vid);
--- a/zebra/zebra_vxlan_private.h
+++ b/zebra/zebra_vxlan_private.h
@ -315,6 +315,23 @@ struct zebra_mac_t_ {
 #define ZEBRA_MAC_REMOTE_DEF_GW	0x40
 #define ZEBRA_MAC_DUPLICATE 0x80
 #define ZEBRA_MAC_FPM_SENT  0x100 /* whether or not this entry was sent. */
+/* MAC is locally active on an ethernet segment peer */
+#define ZEBRA_MAC_ES_PEER_ACTIVE 0x200
+/* MAC has been proxy-advertised by peers. This means we need to
+ * keep the entry for forwarding but cannot advertise it
+ */
+#define ZEBRA_MAC_ES_PEER_PROXY 0x400
+/* We have not been able to independently establish that the host is
+ * local connected but one or more ES peers claims it is.
+ * We will maintain the entry for forwarding purposes and continue
+ * to advertise it as locally attached but with a "proxy" flag
+ */
+#define ZEBRA_MAC_LOCAL_INACTIVE 0x800
+
+#define ZEBRA_MAC_ALL_LOCAL_FLAGS (ZEBRA_MAC_LOCAL |\
+		ZEBRA_MAC_LOCAL_INACTIVE)
+#define ZEBRA_MAC_ALL_PEER_FLAGS (ZEBRA_MAC_ES_PEER_PROXY |\
+		ZEBRA_MAC_ES_PEER_ACTIVE)

 	/* back pointer to zvni */
 	zebra_vni_t     *zvni;
@ -331,6 +348,8 @@ struct zebra_mac_t_ {

 	/* Local or remote ES */
 	struct zebra_evpn_es *es;
+	/* memory used to link the mac to the es */
+	struct listnode es_listnode;

 	/* Mobility sequence numbers associated with this entry. */
 	uint32_t rem_seq;
@ -350,6 +369,14 @@ struct zebra_mac_t_ {
 	struct timeval detect_start_time;

 	time_t dad_dup_detect_time;
+
+	/* used for ageing out the PEER_ACTIVE flag */
+	struct thread *hold_timer;
+
+	/* number of neigh entries (using this mac) that have
+	 * ZEBRA_MAC_ES_PEER_ACTIVE or ZEBRA_NEIGH_ES_PEER_PROXY
+	 */
+	uint32_t sync_neigh_cnt;
 };

 /*
@ -381,6 +408,17 @@ struct rmac_walk_ctx {
 	struct json_object *json;
 };

+/* temporary datastruct to pass info between the mac-update and
+ * neigh-update while handling mac-ip routes
+ */
+struct sync_mac_ip_ctx {
+	bool ignore_macip;
+	bool mac_created;
+	bool mac_inactive;
+	bool mac_dp_update_deferred;
+	zebra_mac_t *mac;
+};
+
 #define IS_ZEBRA_NEIGH_ACTIVE(n) (n->state == ZEBRA_NEIGH_ACTIVE)

 #define IS_ZEBRA_NEIGH_INACTIVE(n) (n->state == ZEBRA_NEIGH_INACTIVE)
@ -423,6 +461,18 @@ struct zebra_neigh_t_ {
 #define ZEBRA_NEIGH_ROUTER_FLAG 0x10
 #define ZEBRA_NEIGH_DUPLICATE 0x20
 #define ZEBRA_NEIGH_SVI_IP 0x40
+/* rxed from an ES peer */
+#define ZEBRA_NEIGH_ES_PEER_ACTIVE 0x80
+/* rxed from an ES peer as a proxy advertisement */
+#define ZEBRA_NEIGH_ES_PEER_PROXY 0x100
+/* We have not been able to independently establish that the host
+ * is local connected
+ */
+#define ZEBRA_NEIGH_LOCAL_INACTIVE 0x200
+#define ZEBRA_NEIGH_ALL_LOCAL_FLAGS (ZEBRA_NEIGH_LOCAL |\
+		ZEBRA_NEIGH_LOCAL_INACTIVE)
+#define ZEBRA_NEIGH_ALL_PEER_FLAGS (ZEBRA_NEIGH_ES_PEER_PROXY |\
+		ZEBRA_NEIGH_ES_PEER_ACTIVE)

 	enum zebra_neigh_state state;

@ -450,6 +500,9 @@ struct zebra_neigh_t_ {
 	struct timeval detect_start_time;

 	time_t dad_dup_detect_time;
+
+	/* used for ageing out the PEER_ACTIVE flag */
+	struct thread *hold_timer;
 };

 /*
@ -527,5 +580,7 @@ typedef struct zebra_vxlan_sg_ {
 } zebra_vxlan_sg_t;

 extern zebra_vni_t *zvni_lookup(vni_t vni);
+extern void zebra_vxlan_sync_mac_dp_install(zebra_mac_t *mac, bool set_inactive,
+		bool force_clear_static, const char *caller);

 #endif /* _ZEBRA_VXLAN_PRIVATE_H */