This is needed for the following two reasons:
1. To be able to remove the northbound HACK in if_update_to_new_vrf. It
is totally wrong to rewrite the configuration datastore when some
operational state changes. It is a hard blocker for storing a
configuration data in a management daemon which knows nothing about
the operational state.
2. To allow changing the VRF of the interface using FRR CLI or any other
frontend in the future. If the VRF is a part of the key, it can't be
changed. If the VRF is a simple leaf, it becomes possible to change
it and thus move the interface between VRFs. For now I mark the leaf
as a "config false" as it's not yet possible to control it from FRR.
But we can't simply remove the VRF from the key, because it is needed to
distinguish interfaces when using netns based VRFs, as it is possible to
have multiple interfaces with the same name in different namespaces. To
handle this, I came up with an idea to store both VRF and an interface
name in the "name" leaf using the pattern "vrfname:ifname". For example,
if there's an interface "eth0" in VRF "red" then its "name" leaf will be
"red:eth0".
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
No functional difference, but `length "0"` is more comprehensible.
Suggested-by: Christian Hopps <chopps@labn.net>
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
While defaults are good picks for "reasonable" guesses, min and max
range values really aren't. Operators and experimenters often like to
configure "unreasonable" values to stress test, tests boundary
conditions and explore innovations.
With that in mind, change all ranges to 1..max (of type).
While we're here add optional ignored values in the "no" CLI forms.
Signed-off-by: Christian Hopps <chopps@labn.net>
The code assumes that these leafs always exist when their complementary
leafs exist. For example, when processing `ipv4-exact-match`, the code
always expects to have access to `ipv4-prefix`. If those leafs are not
provided, code crashes. It doesn't happen when using the CLI because it
always does the right thing, but it can happen when using other
frontends.
Also fix incorrect description for prefix-list sequence leaf.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Allow the join-prune interval to be as small as 5 seconds instead
of limiting the value to 60.
This can and will come at a price of being able to converge less
mroutes.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Will be handy to filter BGP prefixes by using BGP community alias
instead of numerical community values.
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
Making the interface holdtime range to 3.5 times the hello-time
As per 7761, Section 4.11:
The Holdtime in a Hello message should be set to
(3.5 * Hello_Period), giving a default value of 105 seconds.
Therefore providing the user also to configure max upto 3.5 times
the hello timer interval.
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
Make the source address mandatory since it doesn't work without it. The
CLI already mandated it before so it makes sense to change this here as
well.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
- Add following set clause for route-maps
"set evpn gateway-ip <ipv4|ipv6 >A.B.C.D|X:X::X:X"
- When this route-map is applied as outboubd policy in BGP, it will set the
gateway-ip in BGP attribute For EVPN type-5 routes.
Example configuration:
route-map RMAP-EVPN_GWIP permit 5
set evpn gateway-ip ipv4 50.0.2.12
set evpn gateway-ip ipv6 50:0:2::12
router bgp 101
bgp router-id 10.100.0.1
neighbor 10.0.1.2 remote-as 102
!
address-family l2vpn evpn
neighbor 10.0.1.2 activate
neighbor 10.0.1.2 route-map RMAP-EVPN_GWIP out
advertise-all-vni
exit-address-family
Signed-off-by: Ameya Dharkar <adharkar@vmware.com>
The default for extended-nexthop-capability is true for
unnumbered (interface) neighbors, false for other types. Break the inner
grouping out of the outer neighbor-parameters grouping so that we can
refine the default in that uses case.
Signed-off-by: Christian Hopps <chopps@gmail.com>
Fix many of the commands in the `address-family ipv4 multicast` to use
the proper type to avoid wrong YANG model validation failures.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
The leaf is called "no-replace-as" in the model but is used reversed in
all the code. Let's rename it to comply with the actual behavior.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Compile with v2.0.0 tag of `libyang2` branch of:
https://github.com/CESNET/libyang
staticd init load time of 10k routes now 6s vs ly1 time of 150s
Signed-off-by: Christian Hopps <chopps@labn.net>
- Explicit segment list nai will be resolved to corresponded sid.
- Dynamic segment list (from pce) will be validated.
- If segment list could not be resolved or validated won't be used.
- Now this new config is supported
segment-list sl-1
index 10 nai prefix 10.1.2.1/32 iface 1
index 30 nai adjacency 10.2.5.2 10.2.5.5
index 40 nai prefix 10.10.10.5/32 algorithm 0
Signed-off-by: Javier Garcia <javier.garcia@voltanet.io>
The current implementation of TI-LFA computes link-protecting
repair paths (even when node protection is enabled) to have repair
paths to all destinations when no node-protecting repair has been
found. This may be desired or not. E.g. the link-protecting paths
may use the protected node and be, therefore, useless if the node
fails. Also, computing link-protecting repairs incurs extra
calculations.
With this patch, when node protection is enabled, link protecting
repair paths are only computed if "link-fallback" is specified in
the configuration, on a per interface and IS-IS level.
Signed-off-by: Fredi Raspall <fredi@voltanet.io>
YANG model and CLI commands allow user to configure LDP-sync per area.
But the actual implementation is incorrect - all commands are changing
the config for the whole VRF instead of a single area. This commit fixes
this issue by actually implementing per area configuration.
Fixes#8578.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
increase the maximum number of neighbors in a bgp group.
Set the maximum value to 50000 instead of 5000.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
This commit includes the following:
1) Modifications to the frr-route-map.yang to enable addition of
bgpd, ospfd, ospf6d and zebra specific route map match/set clauses.
2) Yang definitions for bgpd match/set clauses.
3) Yang definitions for ospfd and ospf6d match/set clauses.
4) Yang definitions for zebra match/set clauses.
Signed-off-by: NaveenThanikachalam <nthanikachal@vmware.com>
Signed-off-by: Sarita Patra <saritap@vmware.com>
Also included display of hold time in CLI 'show ip pim int <intf>' cmd
and json commands.
Issue:
PIM neighbor not coming up if hold time is less than hello timer
since hello is sent every 4 sec and hold is 1 sec,
because of this nbr is flapping
Fix:
Do not allow configuration of hold timer less than hello timer
Also reset the value of hold timer to 3.5 times to hello whenever
only hello is modified so that the relationship holds good.
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
Currently there is a single interval for both RX and TX echo functions.
This commit introduces separate RX and TX timers for echo packets.
The main advantage is to be able to set the receive interval to zero
when we don't want to receive echo packets from the remote system.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Zebra routing tables are not controlled by the user and can not be
created/deleted manually. Current NB create/destroy callbacks are
incorrectly implemented because instead of creating/deleting the RIB
they are only checking for it's existence. YANG model should reflect
the real situation.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Current behavior is inconsistent. When the session is created by another
daemon, it is up by default. When we later configure peer in bfdd, the
session is still up, but the NB layer thinks that it is down.
More than that, even when the session is created in bfdd using peer
command, it is created in DOWN state, not ADM_DOWN. And it actually
starts sending and receiving packets. The sessions is marked with
SHUTDOWN flag only when we try to reconfigure some parameter. This
behavior is also very unexpected.
Fixes#7780.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
when changing both ranges at the same time the order of the commands
matters, as we need to make sure that the intermediate state is valid.
This represents a problem when pushing configuration via frr-reload.
To fix this, the global-block command was extended to optionally
allow setting the local-block range as well. The local-block command
is deprecated with a 1-year notice.
Signed-off-by: Emanuele Di Pascale <emanuele@voltanet.io>
Remove when statements from prefix-list yang OM,
and do the same check in frr validation phase.
This helps a bit in perfomance of prefix-lists
scale config.
Ticket:CM-32035
Reviewed By:CCR-11096
Testing Done:
Signed-off-by: Chirag Shah <chirag@nvidia.com>
The purpose of the Attach-bit is to accomplish inter-area routing. In other
venders, the Attached-bit is automatically set when a router is configured
as a L1|L2 router and has two adjacencies. When a L1 router receives a LSP
with the Attached-bit set it is supposed to create a default route pointing
toward the neighbor to provide a default path out of the L1 area.
ISIS implementation has been fixed to support the above definition:
Setting the Attach-bit is now the default behavior and we allow the user to
turn it off.
We will only set the Default Attach-bit when creating a L1 LSP, if we are
a L1|L2 router and have a L2 adjacency up.
When a L1 router receives a LSP with the Attach-bit set, we will create a
default route pointing to the L1|L2 router as the nexthop.
The default route will be removed if the LSP is received with the Attach-bit
cleared.
Signed-off-by: Lynne Morrison <lynne@voltanet.io>
Remove when conditions from the yang OM as it degrades
the performance in libyang.
Instead do the same when conditional check in frr northbound
validate phase. Reject the config if condiion do not meet.
Ticket:CM-32530
Testing Done:
Co-developed-by: VishalDhingra <vdhingra@vmware.com>
Signed-off-by: Chirag Shah <chirag@nvidia.com>
modified the yang model for path-list.
table-id should be a key, as one route can have
multiple table-ids.
Signed-off-by: vishaldhingra <vdhingra@vmware.com>
This new daemon manages Segment-Routing Traffic-Engineering
(SR-TE) Policies and installs them into zebra. It provides
the usual yang support and vtysh commands to define or change
SR-TE Policies.
In a nutshell SR-TE Policies provide the possibility to steer
traffic through a (possibly dynamic) list of Segment Routing
segments to the endpoint of the policy. This list of segments
is part of a Candidate Path which again belongs to the SR-TE
Policy. SR-TE Policies are uniquely identified by their color
and endpoint. The color can be used to e.g. match BGP
communities on incoming traffic.
There can be multiple Candidate Paths for a single
policy, the active Candidate Path is chosen according to
certain conditions of which the most important is its
preference. Candidate Paths can be explicit (fixed list of
segments) or dynamic (list of segment comes from e.g. PCEP, see
below).
Configuration example:
segment-routing
traffic-eng
segment-list SL
index 10 mpls label 1111
index 20 mpls label 2222
!
policy color 4 endpoint 10.10.10.4
name POL4
binding-sid 104
candidate-path preference 100 name exp explicit segment-list SL
candidate-path preference 200 name dyn dynamic
!
!
!
There is an important connection between dynamic Candidate
Paths and the overall topic of Path Computation. Later on for
pathd a dynamic module will be introduced that is capable
of communicating via the PCEP protocol with a PCE (Path
Computation Element) which again is capable of calculating
paths according to its local TED (Traffic Engineering Database).
This dynamic module will be able to inject the mentioned
dynamic Candidate Paths into pathd based on calculated paths
from a PCE.
https://tools.ietf.org/html/draft-ietf-spring-segment-routing-policy-06
Co-authored-by: Sebastien Merle <sebastien@netdef.org>
Co-authored-by: Renato Westphal <renato@opensourcerouting.org>
Co-authored-by: GalaxyGorilla <sascha@netdef.org>
Co-authored-by: Emanuele Di Pascale <emanuele@voltanet.io>
Signed-off-by: Sebastien Merle <sebastien@netdef.org>
Reference: https://www.cmand.org/communityexploration
--y2--
/ | \
c1 ---- x1 ---- y1 | z1
\ | /
--y3--
1. z1 announces 192.168.255.254/32 to y2, y3.
2. y2 and y3 tags this prefix at ingress with appropriate
communities 65004:2 (y2) and 65004:3 (y3).
3. x1 filters all communities at the egress to c1.
4. Shutdown the link between y1 and y2.
5. y1 will generate a BGP UPDATE message regarding the next-hop change.
6. x1 will generate a BGP UPDATE message regarding community change.
To avoid sending duplicate BGP UPDATE messages we should make sure
we send only actual route updates. In this example, x1 will skip
BGP UPDATE to c1 because the actual route is the same
(filtered communities - nothing changes).
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
shorten prefix-limit's option name in yang model.
change restart timer to uint16.
Stubbed northbound callbacks with above changes.
Signed-off-by: Chirag Shah <chirag@nvidia.com>
Add the "n-flag-clear" option to the "segment-routing prefix"
command. The only thing that option does is to clear the node
flag of the Prefix-SID, even if it corresponds to a local loopback
address. No changes are necessary other than that in order to fully
support Anycast-SIDs. isisd already supports multiple routers
advertising the same route with the same Prefix-SID after the recent
refactoring. Clearing the node flag for such anycast routes isn't
strictly required, but failure to do so can lead to problems like
TI-LFA picking the wrong Prefix-SID when calculating repair paths.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Fix the following libyang error when trying to load the "frr-nexthop"
module explicitly (e.g. using the 'gen_northbound_callbacks' tool):
libyang: A circular chain of leafrefs detected. (/frr-nexthop:frr-nexthop-group/nexthop-groups/name)
libyang: Invalid value "frr-nexthop-grouping" of "uses". (/frr-nexthop:frr-nexthop-group/frr-nexthop-grouping)
libyang: Copying data from grouping failed. (/frr-nexthop:frr-nexthop-group/frr-nexthop-grouping)
libyang: Module "frr-nexthop" parsing failed.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Don't attempt to put the wildcard information into a 1 byte field
otherwise we'll lose information.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
move `router bgp` nb callback at `bgp` node level
to have access to bgp context at neighbor and peer-group
level and align create/destroy callbacks call during
no router bgp.
Earlier `no router bgp` is performed first global destroy
callback is called which essentially removes `bgp context`
then it calls to remove (parallel nodes) neighbor and peer-group
which does not have access to bgp context.
Moving router bgp at bgp solves this destroy callback ordering issue.
Signed-off-by: Chirag Shah <chirag@nvidia.com>
The "set metric" command wasn't processing metric additions and
subtractions (using + and -) correctly. Fix those problems.
Also, remove the "+metric" and "-metric" options since they don't
work and don't make any sense (they could be interpreted as unitary
increments/decrements but that was never supported).
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
1. Added isis with different vrf and it's dependecies.
2. Added new vrf leaf in yang.
3. A minor change for IF_DOWN_FROM_Z passing argrument is
replaced with ifp pointer in api "isis_if_delete_hook()".
4. Minor fix in the isisd spf unit test.
Co-authored-by: Kaushik <kaushik@niralnetworks.com>"
Signed-off-by: harios_niral <hari@niralnetworks.com>
The extended value must be a part of the cisco choice otherwise it will
be possible to create a destination only part which will cause a crash
when trying to access the assumed mandatory source.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
OSPFD sends ARP proactively to speed up convergence for /32 networks
on a p2p connection. It is only an optimization, so it can be disabled.
It is enabled by default.
Signed-off-by: Jakub Urbańczyk <xthaid@gmail.com>
Yang files for bgpd to use northbound APIs
Co-authored-by: Santosh P K <sapk@vmware.com>
Co-authored-by: vishaldhingra <vdhingra@vmware.com>
Signed-off-by: vishaldhingra <vdhingra@vmware.com>
Configuration example:
ip route 9.9.9.9/32 6.6.6.6 color 123
The SR Policy to be chosen is uniquely identified by the policy
endpoint (6.6.6.6) and the SR-TE color (123). Traffic will be
augmented with an MPLS label stack according to the active
candidate path of that particular policy.
Co-authored-by: GalaxyGorilla <sascha@netdef.org>
Signed-off-by: Sebastien Merle <sebastien@netdef.org>
It's time to say good bye to libyang 0.16.105. The recently
released libyang 1.0.184 includes numerous bug fixes and performance
improvements that we need.
Despite the major version bump from 0.x to 1.x, the libyang API is
the same except for a single backward-incompatible change in the
user types interface (which we're currently not using). Hence no
code changes were necessary to adapt FRR to libyang 1.x.
This commit also reintroduces some leafrefs that needed to be
removed from our YANG modules due to a bug that was present on
libyang 0.16.105.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
Initial version of OSPF configuration Yang.
Raised new PR with review comment fixes on top of PR
https://github.com/FRRouting/frr/pull/6055
Revision History:
1. Fixed review comments.
2. Removed ospf list with id as key, name can be used as key
3. Corrected the alignment
Co-authored-by : Santosh P K <sapk@vmware.com>
Co-authored-by : Mobashshera Rasool <mrasool@vmware.com>
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
BGP Yang is using sub modules and at present FRR is not processing
submodules in embedded framework yang
Signed-off-by: VishalDhingra <vdhingra@vmware.com>
Move pim and igmp yang files registery to appropriate makefiles.
In yang directory makefile move under `PIMD`
Remove pimd yang files from library makefile instead move them
to pimd makefile.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Merge the cisco style access list with zebra's logic so we can mix both
types of rules while keeping the commands.
With this the cisco style limitation of having 'destination-*' only for
specific number ranges no longer exist for users of YANG/northbound (the
CLI still has this limitation).
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
To address the ip mroute command there is a need to add
safi as a key. So adding the afi-safi-type identityref
as a key.
Signed-off-by: VishalDhingra <vdhingra@vmware.com>
staticd yang has been modified to support below use cases
1. src-table for IPV6 address family.
2. distance,tag and table-id would be the key for a given prefix.
Signed-off-by: VishalDhingra <vdhingra@vmware.com>
BFD profiles can now be used on the interface level like this:
interface eth1
ip router isis 1
isis bfd
isis bfd profile default
Here the 'default' profile needs to be specified as usual in the
bfdd configuration.
Signed-off-by: GalaxyGorilla <sascha@netdef.org>
Segment Routing Local Block (SRLB) is part of RFC8667. This change introduces
the possibility for isisd to advertize SRLB in LSP. Base and Range of SRLB
could be configured through CLI or Yang.
Adjacency-SID are now using this SRLB for label allocation. SRLB could also
be used for SID-Binding (e.g. LDP to SR).
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
Separate out nexthop config and operational models.
nexthop-group config model has list of nexthop-groups
where else operational nexthop group is single entity
underneath list of nexthops.
The common code is fectored into grouping to use among
config and operational model.
nexthop operational model caters to RIB operational model.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Changes:
- Use `description` on CLI but `remark` on YANG like access-list (also
because `description` is a reserved word).
- Rename YANG model field and northbound code.
- Fix wrong sequence type get.
- Fix wrong action XPath in action callback.
- Fix wrong concat in (ipv6|mac) access-list.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Important changes:
* Limit the access-list name length according to header definition;
* Add another list (sequence) inside instances to avoid repeated fields;
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Allow sessions to use BFD profile configurations instead of having to
clone the configuration per peer.
If using a profile and setting a peer configuration, the peer
configuration will take precedence over the profile.
Signed-off-by: Rafael Zalamena <rzalamena@opensourcerouting.org>
Now that the "frr-interface" list has a "state" container, move the
IS-IS interface state nodes underneath it using a new augmentation.
Also, update the IS-IS SR topotest to account for this change. Make
use of symlinks where possible to avoid having multiple files with
the same content.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
This commit implements:
RIB operational list create/destroy.
Walk over RIB tables using keys.
The first RIB table will be IPV4/unicast (table-id 254)
will be fetched.
Create a new api to fetch RIB table based on
afi-safi and table id as the keys.
remove mandatory true statement from the leaf which
is part of the list key.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Most definitions were borrowed from the IETF IS-IS SR YANG module,
with a few adaptations. Of particular notice are the following:
* No support for the configuration of multiple SRGBs.
* No distinction between local and connected Prefix-SIDs, both are
configured the same way.
Signed-off-by: Renato Westphal <renato@opensourcerouting.org>
add weight field to operational model.
add leafref to nexthopgroup.
format according to yanglint.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Defined frr-igmp.yang file for IGMP protocol.
Co-authored-by: Sarita Patra <saritap@vmware.com>
Co-authored-by: Santosh P K <sapk@vmware.com>
Signed-off-by: Sarita Patra <saritap@vmware.com>
Grouping is referencing leaves outside the grouping
from where it is used. Removing it and defining leaves
at the used place.
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
Unable to access interface command:
root@bharat:~/stash/libyang/build# dpkg-query -W | grep libyang
libyang-dev 0.16.105-3~ubuntu18.04.1
libyang0.16 0.16.105-3~ubuntu18.04.1
root@bharat:~/stash/libyang/build# vtysh
bharat# config t
bharat(config)# interface lo
% Configuration failed: validation error.
Please check the logs for more details.
Logfile:
2020/03/21 16:48:55 ZEBRA: libyang: Leafref
"/frr-vrf:lib/frr-vrf:vrf/frr-vrf:name" of value "default"
points to a non-existing leaf.
(/frr-interface:lib/interface[name='lo'][vrf='default']/vrf)
2020/03/21 16:48:55 ZEBRA: [EC 100663337]
nb_candidate_commit_prepare: failed to validate
candidate configuration
CI system failure:
2020/03/21 18:53:18 ZEBRA: libyang: Leafref
"/frr-vrf:lib/frr-vrf:vrf/frr-vrf:name" of value "default"
points to a non-existing leaf.
(/frr-interface:lib/interface[name='r1-eth0'][vrf='default']/vrf)
2020/03/21 18:53:18 ZEBRA: [EC 100663337] nb_candidate_commit_prepare:
failed to validate candidate configuration
2020/03/21 18:53:18 ZEBRA: libyang: Leafref
"/frr-vrf:lib/frr-vrf:vrf/frr-vrf:name" of value "default"
points to a non-existing leaf.
(/frr-interface:lib/interface[name='r1-eth1'][vrf='default']/vrf)
Signed-off-by: Chirag Shah <chirag@cumulusnetworks.com>
