bgpd: Strip Route Targets during VRF-to-VRF route leak

During VRF-to-VRF route leaking, strip any extraneous route targets. This ensures that source-VRF-specific route targets or route targets that are internally assigned for the VRF-to-VRF route leaking don't get attached to the route in the target VRF. Signed-off-by: Vivek Venkatraman <vivek@cumulusnetworks.com> Reviewed-by: Donald Sharp <sharpd@cumulusnetworks.com> Reviewed-by: Don Slice <dslice@cumulusnetworks.com>
2025-08-05 11:48:50 +00:00 · 2020-03-17 20:36:05 -07:00 · 2020-03-17 20:36:05 -07:00 · e8bfa90eaa
commit e8bfa90eaa
parent 003bc27547
2 changed files with 30 additions and 2 deletions
--- a/bgpd/bgp_ecommunity.h
+++ b/bgpd/bgp_ecommunity.h
@ -202,4 +202,13 @@ extern void bgp_remove_ecomm_from_aggregate_hash(
 					struct ecommunity *ecommunity);
 extern void bgp_aggr_ecommunity_remove(void *arg);

+
+static inline void ecommunity_strip_rts(struct ecommunity *ecom)
+{
+	uint8_t subtype = ECOMMUNITY_ROUTE_TARGET;
+
+	ecommunity_strip(ecom, ECOMMUNITY_ENCODE_AS, subtype);
+	ecommunity_strip(ecom, ECOMMUNITY_ENCODE_IP, subtype);
+	ecommunity_strip(ecom, ECOMMUNITY_ENCODE_AS4, subtype);
+}
 #endif /* _QUAGGA_BGP_ECOMMUNITY_H */
--- a/bgpd/bgp_mplsvpn.c
+++ b/bgpd/bgp_mplsvpn.c
@ -744,10 +744,15 @@ void vpn_leak_from_vrf_update(struct bgp *bgp_vpn,	    /* to */
 	struct ecommunity *old_ecom;
 	struct ecommunity *new_ecom;

+	/* Export with the 'from' instance's export RTs. */
+	/* If doing VRF-to-VRF leaking, strip existing RTs first. */
 	old_ecom = static_attr.ecommunity;
 	if (old_ecom) {
-		new_ecom = ecommunity_merge(
-			ecommunity_dup(old_ecom),
+		new_ecom = ecommunity_dup(old_ecom);
+		if (CHECK_FLAG(bgp_vrf->af_flags[afi][SAFI_UNICAST],
+				BGP_CONFIG_VRF_TO_VRF_EXPORT))
+			ecommunity_strip_rts(new_ecom);
+		new_ecom = ecommunity_merge(new_ecom,
 			bgp_vrf->vpn_policy[afi]
 				.rtlist[BGP_VPN_POLICY_DIR_TOVPN]);
 		if (!old_ecom->refcnt)
@ -1087,6 +1092,20 @@ vpn_leak_to_vrf_update_onevrf(struct bgp *bgp_vrf,	    /* to */
 	/* shallow copy */
 	static_attr = *path_vpn->attr;

+	struct ecommunity *old_ecom;
+	struct ecommunity *new_ecom;
+
+	/* If doing VRF-to-VRF leaking, strip RTs. */
+	old_ecom = static_attr.ecommunity;
+	if (old_ecom && CHECK_FLAG(bgp_vrf->af_flags[afi][safi],
+				BGP_CONFIG_VRF_TO_VRF_IMPORT)) {
+		new_ecom = ecommunity_dup(old_ecom);
+		ecommunity_strip_rts(new_ecom);
+		static_attr.ecommunity = new_ecom;
+		if (!old_ecom->refcnt)
+			ecommunity_free(&old_ecom);
+	}
+
 	/*
 	 * Nexthop: stash and clear
 	 *