Adds a generalized martian reimport function used for triggering a
relearn/reimport of EVPN routes that were previously filtered/deleted
as a result of a "self" check (either during import or by a martian
change handler). The MAC-VRF SoO is the first consumer of this function,
but can be expanded for use with Martian Tunnel-IPs, Interface-IPs,
Interface-MACs, and RMACs.
Signed-off-by: Trey Aspelund <taspelund@nvidia.com>
Currently we have a handler function that will walk the global EVPN
rib and unimport/remove routes matching a local IP/TIP. This generalizes
this function so that it can be re-used for other BGP Martian entry
types. Now this can be used to unimport routes when the MAC-VRF SoO is
reconfigured.
Signed-off-by: Trey Aspelund <taspelund@nvidia.com>
For whatever reason, we were only updating tip_hash when we processed an
L2VNI add/del. This adds tip_hash updates to the L3VNI add/del codepaths
so that their VTEP-IPs are also used when when considering martian
addresses, e.g. bgp_nexthop_self().
Signed-off-by: Trey Aspelund <taspelund@nvidia.com>
All uses of struct bgp_addrv6 were removed in a prior commit that made
struct bgp_addr reusable for both v4 and v6. This cleans up the last
remnants of the old v6 struct.
Signed-off-by: Trey Aspelund <taspelund@nvidia.com>
Initial support for configuring an SoO for all MAC-VRFs (EVIs/L2VNIs).
This provides a topology-independent method of preventing EVPN routes
from one MAC-VRF "site" (an L2 domain) from being imported by other PEs
in the same MAC-VRF "site", similar to how SoO is traditionally used in
L3VPN to identify and break loops for an L3/IP-VRF "site".
One example of where a MAC-VRF SoO can be used to avoid an L2 control
plane loop is with Active/Active MLAG VTEPs. For a given L2 site only
one control plane should be active. SoO can be used to ID/ignore entries
originated from the local MAC-VRF site so that EVPN will not attempt to
manage entries that are already handled by MLAG.
Signed-off-by: Trey Aspelund <taspelund@nvidia.com>
bgp_create() and bgp_free() already call EVPN-specific handlers,
so there's no need to XCALLOC/XFREE BGP_EVPN_INFO directly. Let's move
all the references to MTYPE_BGP_EVPN_INFO into the EVPN specific files.
Signed-off-by: Trey Aspelund <taspelund@nvidia.com>
When processing an interface up/create event from zebra, we insert that
interface's MAC address into the self_mac_hash used for dropping EVPN
routes carrying a 'self mac' (RMAC ext-comm or MAC in Type-2 NLRI).
However, we were unconditionally triggering a "rescan" of the EVPN RIB
to ensure we handle routes that match the MAC - even if the MAC already
existed in self_mac_hash (i.e. the change wasn't actionable).
This adds logic to only kick off a "rescan" if the MAC learned from
zebra is not already in the self_mac_hash.
Signed-off-by: Trey Aspelund <taspelund@nvidia.com>
- always use IDs not a mix of IDs and pointers.
- always use PRIu64 not a mix of hex and decimal for IDs
Signed-off-by: Christian Hopps <chopps@labn.net>
- Previously was substituting a pointer to local allocated session for the
session_id returned from the FE adapter. This complexity isn't needed.
- Get rid of "%llu" format and the casts that came with it, instead use PRIu64
and the actual (uint64_t) type.
Signed-off-by: Christian Hopps <chopps@labn.net>
Code was was written where the pam error message put out
was the result from a previous call to the pam modules
instead of the current call to the pam module.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
- Allow selecting results using a regexp
- Allow selecting results using commasep range specs
- Add support for getting and saving results from a docker/podman
container.
- update docs
Signed-off-by: Christian Hopps <chopps@labn.net>
fixes#13584
The test had the ospf client injecting multiple opaque LSAs on 5s pace,
but the test itself verified and advanced on an LSA in the middle of
that sequence and not the last one. Then the test reset the ospf client
and originating router. If a later injected LSA managed to get in to the
router and flooded prior to the client/router reset then the opaque data
or sequence number could differ from the expected value.
Signed-off-by: Christian Hopps <chopps@labn.net>
