This command did not allow the operator to display neighbor information
related to graceful-restart when used inside of a vrf.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The minimum and maximum values for BFD timers and multiplier settings
have been updated to align with RFC 5880 requirements.
Since the values inputted via VTY are in milliseconds, the maximum
permissible value on the VTY interface is 4,294,967 milliseconds.
For the multiplier setting, the minimum value is now restricted to be
greater than zero, as zero is not allowed.
The minimum transmit interval has been set to 10 milliseconds to ensure
reliable service performance.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
It was using `-v` which is actually a _version_.
Fixes: 0435b31bb8 ("bgpd: Allow bgp to specify if it will allow v6 routing with v4 nexthops")
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Introduce a command to stop bgpd from enabling IPv6 router advertisement
messages sending on interfaces.
Signed-off-by: Mikhail Sokolovskiy <sokolmish@gmail.com>
Clean up several sphinx warnings in the dev docs:
add bmp to bgp TOC; fix some indenting; escape some asterisks.
Signed-off-by: Mark Stapp <mjs@cisco.com>
With lots of update-groups, subgroups, this could be very tricky and the timer
is spawned even if it's totally unnecessary (default-originate is not enabled).
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
The nhrp tests skip tests that do not have iptables installed.
As such we have ended up with a situation where the nrhp test
is now failing locally for me because I have iptables installed
and if the CI system had iptables installed it would have detected
the problem as well.
Let's document that iptables is needed to do testing.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Read The Docs made some changes that require us to add some
configuration in our build config files.
Signed-off-by: Quentin Young <qlyoung@qlyoung.net>
In order to run the XXXX Sanitizers over the code as a developer
modern linux distro's require a specific sysctl. Let's document
that so that people are aware of it.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
When using a regex (or anything that uses `\?` escapes) in python, raw
strings (`r"content"`) should be used so python doesn't consume the
escapes itself. Otherwise we get either broken behavior and/or
`SyntaxWarning: invalid escape sequence '\['`
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
Document 'router pim[6] [vrf NAME]' configuration.
All the commands are basically the same, just dropped the
'ip pim[6]' prefix and document them under the router pim block.
Signed-off-by: Nathan Bahr <nbahr@atcorp.com>
In some cases (large scale) it's desired to avoid changing configurations, but
let the BGP to automatically handle ASN changes.
`auto` means the peering can be iBGP or eBGP. It will be automatically detected
and adjusted from the OPEN message.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Add a new start option "-K" to libfrr to denote a graceful start,
and use it in zebra and bgpd.
zebra will use this option to denote a planned FRR graceful restart
(supporting only bgpd currently) to wait for a route sync completion
from bgpd before cleaning up old stale routes from the FIB. An optional
timer provides an upper-bounds for this cleanup.
bgpd will use this option to denote either a planned FRR graceful
restart or a bgpd-only graceful restart, and this will drive the BGP
GR restarting router procedures.
Signed-off-by: Vivek Venkatraman <vivek@nvidia.com>
Multiple daemons have the same CLI commands defined, but the current
directive used to document CLI commands only takes the command
definition string. Since CLI command objects can be cross-referenced
using the :clicmd: directive, and are placed in the index, each object
needs to be unique.
To accomplish this, add a custom directive. This directive extends the
directive class used by sphinx's add_object_type to add a :daemon:
option. By specifying this option where needed, the object name becomes
"(<daemon>) <definition>", disambiguating it.
Signed-off-by: Quentin Young <qlyoung@qlyoung.net>
The current TOC organization is not really following Sphinx best
practices and is resulting in a jumble of articles showing up in the
sidebar.
This change primarily organizes existing articles into three major
sections:
* Introduction
- Contains system requirements, architecture & design, installation,
basic setup
* Basics
- Covers basic commands, concepts, and some random things that don't
fit elsewhere
* Protocols
- Contains all protocol documentation, and other miscellaneous daemon
docs such as those on Zebra, watchfrr, mgmtd, etc.
The appendix has been left as is, but the TOC now has a caption which
has the effect of adding a section separator in the nav sidebar.
In order to make the new structure make sense:
* Some content has been lifted up from the "Overview" page into the
index page
* Most content has been pushed down from the "Overview" page into the
"About" page (new)
* BFD's page is now titled "BFD" for consistencty; it was the only one
that had the full protocol name written out in the title
And a couple drivebys:
* BFD's intro description paragraph was rewritten to make more sense
* Old language stating that we publish platform packages on the Github
releases page was removed
* References to source building instructions were consolidated into that
section
Signed-off-by: Quentin Young <qlyoung@qlyoung.net>
The current OSPF neighbor retransmission operates on a single per-neighbor
periodic timer that sends all LSAs on the list when it expires.
Additionally, since it skips the first retransmission of received LSAs so
that at least the retransmission interval (resulting in a delay of between
the retransmission interval and twice the interval. In environments where
the links are lossy on P2MP networks with "delay-reflood" configured (which
relies on neighbor retransmission in partial meshs), the implementation
is sub-optimal (to say the least).
This commit reimplements OSPF neighbor retransmission as follows:
1. A new data structure making use the application managed
typesafe.h doubly linked list implements an OSPF LSA
list where each node includes a timestamp.
2. The existing neighbor LS retransmission LSDB data structure
is augmented with a pointer to the list node on the LSA
list to faciliate O(1) removal when the LSA is acknowledged.
3. The neighbor LS retransmission timer is set to the expiration
timer of the LSA at the top of the list.
4. When the timer expires, LSAs are retransmitted that within
the window of the current time and a small delta (50 milli-secs
default). The LSAs that are retransmited are given an updated
retransmission time and moved to the end of the LSA list.
5. Configuration is added to set the "retransmission-window" to a
value other than 50 milliseconds.
6. Neighbor and interface LSA retransmission counters are added
to provide insight into the lossiness of the links. However,
these will increment quickly on non-fully meshed P2MP networks
with "delay-reflood" configured.
7. Added a topotest to exercise the implementation on a non-fully
meshed P2MP network with "delay-reflood" configured. The
alternative was to use existing mechanisms to instroduce loss
but these seem less determistic in a topotest.
Signed-off-by: Acee Lindem <acee@lindem.com>
Taking over this development from https://github.com/FRRouting/frr/pull/14788
This commit addresses 4 issues found in the previous PR
1) FRR would accept messages from a spoke without authentication when FRR NHRP had auth configured.
2) The error indication was not being sent in network byte order
3) The debug print in nhrp_connection_authorized was not correctly printing the received password
4) The addresses portion of the mandatory part of the error indication was invalid on the wire (confirmed in wireshark)
Signed-off-by: Dave LeRoy <dleroy@labn.net>
Co-authored-by: Volodymyr Huti <volodymyr.huti@gmail.com>
The default DSCP used for BGP connections is CS6. The DSCP value is
not part of the TCP header.
When setting the IP_TOS or IPV6_TCLASS socket options, the argument
is not the 6-bit DSCP value, but an 8-bit value for the former IPv4
Type of Service field or IPv6 Traffic Class field, respectively.
Fixes: 425bd64be8 ("bgpd: Allow bgp to control the DSCP session TOS value")
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Current command (bundled two into one) is absolutely wrong.
When you configure TCP session with the source, the command thinks, that
it's a SSH session with a username.
It's much better to split this into two separate commands where it's much
easier to do the changes in the future (if more options comes in).
Yes, this is a breaking change, but there is no other proper way to overcome
this.
Bonus note how it looks, which also can lead to crashes (due to port 0x0):
```
(gdb) p *cache->tr_config.ssh_config
$11 = {host = 0x5555562f9cd0 "1.1.1.1", port = 0, bindaddr = 0x0,
username = 0x55555629ad00 "",
server_hostkey_path = 0x7ffff53667a0 <rpki_create_socket> "Uf\017\357\300H\211\345AWAVAUATSH\201", <incomplete sequence \354\230>, client_privkey_path = 0x0,
data = 0x0, new_socket = 0x51, connect_timeout = 4143762592,
password = 0x7ffff6fccca0 <main_arena+96> "\300\"0VUU"}
(gdb) p *cache->tr_config.tcp_config
$12 = {host = 0x5555562f9cd0 "1.1.1.1", port = 0x0, bindaddr = 0x0,
data = 0x55555629ad00, new_socket = 0x7ffff53667a0 <rpki_create_socket>,
connect_timeout = 0}
```
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
In route-map: `match tag untagged`.
E.g. Cisco/Juniper allows that, but they use `match tag 0` instead.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
Changes update the user documentation to include a description of the
now available commands to enable/disable route-flap dampening for peers
and peer groups.
Signed-off-by: David Schweizer <dschweizer@opensourcerouting.org>
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
There is no support for option 8, as per RFC7854.
Add the 64 bit counter in the peer structure.
Add the missing per peer statistic.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Some wireshark versions can not decode the experimental
bmp stat code. This may also be the case for some collectors.
Add a vty command to be able to disable bmp to sending
those values.
> [no] bmp stat send-experimental
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
There is no support for option 7, as per RFC7854.
Add the 64 bit counter in the peer structure.
Add the 64 bit bmp value write api.
Add the missing per peer statistic.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit include OSPFAPI Server options to:
1. Allow specification of the OSPFAPI server local address.
2. Allow different OSPFAPI server TCP ports to be specified for different
OSPF instances in /etc/services.
Signed-off-by: Acee Lindem <acee@lindem.com>
use the new recommendation from cmake:
--install-prefix <directory>
New in version 3.21.
Specify the installation directory, used by the
CMAKE_INSTALL_PREFIX variable. Must be an
absolute path.
reminder: the default path is /usr/local instead of /usr
Signed-off-by: Vincent Jardin <vjardin@free.fr>
use the new recommendation from cmake:
--install-prefix <directory>
New in version 3.21.
Specify the installation directory, used by the
CMAKE_INSTALL_PREFIX variable. Must be an
absolute path.
reminder: the default path is /usr/local instead of /usr
Signed-off-by: Vincent Jardin <vjardin@free.fr>
use the new recommendation from cmake:
--install-prefix <directory>
New in version 3.21.
Specify the installation directory, used by the
CMAKE_INSTALL_PREFIX variable. Must be an
absolute path.
reminder: the default path is /usr/local instead of /usr
Signed-off-by: Vincent Jardin <vjardin@free.fr>
This commit adds the capabiity to filter OSPF neighbors using a
prefix-list with rules matching the neighbor's IP source address.
Configuration, filtering, immediate neighbor pruning, topo-tests,
and documentation are included. The command is:
ip ospf neighbor-filter <prefix-list> [A.B.C.D]
Signed-off-by: Acee Lindem <acee@lindem.com>
RFC-7607 specifically calls out the allowed usage
of AS 0 to signal that the a particular address is
not in use and should be guarded against. Add
the ability to specify this special AS in the rpki
commands.
eva# show rpki as-number 0
RPKI/RTR prefix table
Prefix Prefix Length Origin-AS
2.57.180.0 22 - 24 0
2.58.144.0 22 - 22 0
2.59.116.0 24 - 24 0
4.42.228.0 22 - 22 0
5.57.80.0 22 - 22 0
<snip>
2a13:df87:b400:: 38 - 38 0
2a13:df84:: 32 - 32 0
2630:: 16 - 16 0
Number of IPv4 Prefixes: 1166
Number of IPv6 Prefixes: 617
eva# show rpki prefix 2630::/16 0
Prefix Prefix Length Origin-AS
2630:: 16 - 16 0
eva#
Fixes: #15778
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The usage of the `bgp bestpath med missing-as-worst` command
was being accepted and applied during bestpath, but during output
of the routes affected by this it would not give any indication
that this was happening or what med value was being used.
Fixes: #15718
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
This extends non-broadcast support to point-to-multipoint networks.
Neighbors will be explicitly configured and polled in lieu of multicast
dicovery. Toptotests and documentation updates are included.
Additionally, the ospf neighbor commands have been greatly simplified taking
advantage of DEFPY() capabilities.
The AllOSPFRouters (224.0.0.5) is still joined for non-broadcast networks
since it is joined for NBMA networks. It seems this could be removed but
it should done be in a separate commit.
Signed-off-by: Acee Lindem <acee@lindem.com>
lib: don't define a `fallthrough` in c++ to avoid conflict with protobuf c++
check: add link libs required by some versions of grpc++ or it's dependent
linked libs
tests: don't fail the test due to known at exit memleaks
Signed-off-by: Christian Hopps <chopps@labn.net>
Dynamic capability provides more value without resetting the sessions for some
important other capabilities to exchange, like: graceful-restart, addpath, orf,
fqdn, etc.
Since we support it already, enable it by default.
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
When building FRR with `--enable-dev-build`. Add a bit of
code to include the pointer value as part of the output.
Helps with tracking down issues and let's us see more data
when using the dev build option.
New output:
2024/03/08 19:48:56 BGP: [V0J1J-W5RHA] 11.0.20.1/32(0x5759ddf8d7c0) for 11.0.20.1/32
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The new `%w99d` fixed-width modifier still needs work in `frr-format`,
which unfortunately is not as trivial as `%b` was.
Signed-off-by: David Lamparter <equinox@opensourcerouting.org>
checkpatch.pl wants you to use ARRAY_SIZE in a kernel
header file. We don't have access to this kernel header
file for normal compilation. I'm just going to remove it.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
While checking the code, we can notice that they are already converted.
Suggested-by: Igor Ryzhov <iryzhov@nfware.com>
Signed-off-by: Vincent Jardin <vjardin@free.fr>
