tests: Check if old paths are flushed when import/export RT list was changed

Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>

tests/topotests/bgp_vrf_leaking_rt_change_route_maps/r1/bgpd.conf

@@ -0,0 +1,31 @@
+!
+router bgp 65500
+exit
+!
+router bgp 65500 vrf vrf1
+ bgp router-id 10.0.0.1
+ no bgp network import-check
+ address-family ipv4 unicast
+  network 192.168.100.100/32 route-map rm
+  rd vpn export 65500:10001
+  rt vpn import 65500:10000 65500:10990
+  rt vpn export 65500:10000
+  export vpn
+  import vpn
+ exit-address-family
+exit
+!
+router bgp 65500 vrf vrf2
+ address-family ipv4 unicast
+  rd vpn export 65500:11001
+  rt vpn import 65500:11000 65500:11990
+  rt vpn export 65500:11000
+  export vpn
+  import vpn
+ exit-address-family
+exit
+!
+route-map rm permit 10
+ set extcommunity rt 65500:10100 65500:11990
+exit
+!

tests/topotests/bgp_vrf_leaking_rt_change_route_maps/r1/zebra.conf

@@ -0,0 +1,6 @@
+!
+interface r1-eth0
+ ip address 10.0.0.1/24
+!
+ip forwarding
+!

tests/topotests/bgp_vrf_leaking_rt_change_route_maps/test_bgp_vrf_leaking_rt_change_route_maps.py

@@ -0,0 +1,104 @@
+#!/usr/bin/env python
+
+#
+# Copyright (c) 2022 by
+# Donatas Abraitis <donatas@opensourcerouting.org>
+#
+# Permission to use, copy, modify, and/or distribute this software
+# for any purpose with or without fee is hereby granted, provided
+# that the above copyright notice and this permission notice appear
+# in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND NETDEF DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NETDEF BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY
+# DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
+# WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
+# OF THIS SOFTWARE.
+#
+
+"""
+If we overwrite import/export RT list via route-maps or even flush by using
+`set extcommunity none`, then we must withdraw old paths from VRFs to avoid
+stale paths.
+"""
+
+import os
+import sys
+import json
+import pytest
+import functools
+
+CWD = os.path.dirname(os.path.realpath(__file__))
+sys.path.append(os.path.join(CWD, "../"))
+
+# pylint: disable=C0413
+from lib import topotest
+from lib.topogen import Topogen, TopoRouter, get_topogen
+from lib.common_config import step
+
+pytestmark = [pytest.mark.bgpd]
+
+
+def build_topo(tgen):
+    tgen.add_router("r1")
+
+
+def setup_module(mod):
+    tgen = Topogen(build_topo, mod.__name__)
+    tgen.start_topology()
+
+    router = tgen.gears["r1"]
+    router.cmd_raises("ip link add vrf1 type vrf table 10")
+    router.cmd_raises("ip link set up dev vrf1")
+    router.cmd_raises("ip link add vrf2 type vrf table 20")
+    router.cmd_raises("ip link set up dev vrf2")
+    router.load_config(TopoRouter.RD_ZEBRA, os.path.join(CWD, "r1/zebra.conf"))
+    router.load_config(TopoRouter.RD_BGP, os.path.join(CWD, "r1/bgpd.conf"))
+    router.start()
+
+
+def teardown_module(mod):
+    tgen = get_topogen()
+    tgen.stop_topology()
+
+
+def test_bgp_vrf_leaking_rt_change_route_maps():
+    tgen = get_topogen()
+
+    router = tgen.gears["r1"]
+
+    if tgen.routers_have_failure():
+        pytest.skip(tgen.errors)
+
+    def _bgp_check_path():
+        output = json.loads(router.vtysh_cmd("show bgp vrf vrf2 ipv4 unicast json"))
+        expected = {"routes": {"192.168.100.100/32": [{"nhVrfName": "vrf1"}]}}
+        return topotest.json_cmp(output, expected)
+
+    step("Initial converge")
+    test_func = functools.partial(_bgp_check_path)
+    _, result = topotest.run_and_expect(test_func, None, count=60, wait=0.5)
+    assert result is None, "Can't see 192.168.100.100/32 leaked from vrf1 into vrf2."
+
+    step("Overwrite RT list (remove rt 65500:11990 from route-map)")
+    router.vtysh_cmd(
+        """
+        config terminal
+        route-map rm permit 10
+         set extcommunity rt 65500:10100
+        exit
+        """
+    )
+
+    step("Check if 192.168.100.100/32 was removed from vrf2")
+    test_func = functools.partial(_bgp_check_path)
+    _, result = topotest.run_and_expect(test_func, not None, count=20, wait=0.5)
+    assert result is not None, "192.168.100.100/32 still exists in vrf2 as stale."
+
+
+if __name__ == "__main__":
+    args = ["-s"] + sys.argv[1:]
+    sys.exit(pytest.main(args))