Currently, "vrf default" modifier is not processed correctly and we get
the `% Can't find BGP instance` error.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
Problem Statement :
===================
LSA with InitialSequenceNumber is not originated
after MaxSequenceNumber.
ANVL Test case 25.33 states:
============================
As soon as this flooding of a LSA with LS sequence number
MaxSequenceNumber has been acknowledged by all adjacent neighbors,
a new instance can be originated with sequence number of InitialSequenceNumber.
RCA :
=====
DUT did not originated LSA with INITIAL_SEQUENCE number even
after receiving ACK for max sequence LSA.
Code is not present to handle this situation in the lsa ack flow.
Fix :
=====
Add code to originate LSA with initial sequence number in the
LSA ack flow in case of wrap around sequence number.
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
ANVL Test case 28.11
If the database copy has LS age equal to MaxAge and LS sequence number
equal to MaxSequenceNumber, simply discard the received LSA
without acknowledging it.
ANVL Test Case 25.22
When an attempt is made to increment the sequence number past the maximum
value of N - 1 (0x7fffffff; also referred to as MaxSequenceNumber),
the current instance of the LSA must first be flushed from the routing domain.
ANVL Test Case 25.23
As soon as this flooding of a LSA with LS sequence number MaxSequenceNumber
has been acknowledged by all adjacent neighbors, a new instance can be
originated with sequence number of InitialSequenceNumber.
RCA:
When IXIA sent LS Seq num as MAX and LS Age as (MAX - 3),
DUT dropped the packet instead of sending ACK.
In function ospf_ls_upd, at Line 2106 the code is there to drop the LSA.
Hence its failing.
Fix:
LSAs ACK must be sent when received LSA is having max sequence number
but not max-aged.
Considering /* CVE-2017-3224 */ issue, have corrected the existing
code to prevent attacker from sending LSAs with max sequence number
and higher checksum and blocking the flooding of the Max-sequence numbered LSAs.
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
Problem Statement:
===================
DUT selecting itself as DR when RR goes for reload.
Test Case 7.2
DUT (GR Helper) receives the Hello packet from the OSPF GR RESTARTER
(ANVL here) with DR and BDR set to 0.0.0.0 and DUT in its hello
neighbor list. DUT triggers the DR and BDR election although it is
in the Helper mode for that neighbor.
Root Cause Analysis:
====================
When hello packet is received with self router ID in the neighbor list,
there is no check in the code to handle this scenario. Hence the DR/BDR
election happens and it changes the DR although it is helper.
Fix:
===================
As per RFC 3623 Section 3. Operation of Helper Neighbor, below point,
we need to maintain the DR relationship.
Also, if X was the Designated Router on network segment S when the
helping relationship began, Y maintains X as the Designated Router
until the helping relationship is terminated.
Adding the check when DUT is under neighbor helper mode, we need to avoid
ISM state change when hello packet is received with DR/BDR set to 0.0.0.0.
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
The idea is to disable addpath-rx capability to avoid unnecessary additional
routes installed.
Signed-off-by: Donatas Abraitis <donatas.abraitis@gmail.com>
BGP can experience a bunch of errors associated with sockets
being manipulated which would prevent the peer from coming up.
Let's add some additional debug information here so that
our operators can do a bit more for themselves.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Problem Statement:
==================
Memory Leak seen at show_ip_ospf_neighbor_all_common (ospf_vty.c:4635)
RCA:
=================
In function show_ip_ospf_neighbor_all_common, one child json object is not
added to the parent child object when there is no nbma neighbor. Hence
the memory leak.
Fix:
=================
Add the child object to the parent json object.
Fixes: #9548
Signed-off-by: Mobashshera Rasool <mrasool@vmware.com>
if advertisement with SID structure Sub-Sub-TLV, we need to transpose
SID, so added transpose operation into bgp_update.
Signed-off-by: Ryoga Saito <contact@proelbtn.com>
draft-ietf-bess-srv6-services-07 defines new SID structure Sub-Sub-TLV.
This patch adds SID structure information to bgp_attr_srv6_l3vpn. This
patch also defines default SID stucture used by following patches.
Signed-off-by: Ryoga Saito <contact@proelbtn.com>
Current implementation of SRv6 SID allocation algorithm sets most least
2 bytes. But, according to RFC8986, function bits is located in the next
to locator. New allocation alogirithm respects this format.
Signed-off-by: Ryoga Saito <contact@proelbtn.com>
The BGP configuration for BGP EVPN RT5 setup consists in mainly
2 bgp instances (eventually one is enough) and L3VNI config.
When L3VNI is configured before BGP instances, and BGP route
targets are auto derived as per rfc8365, then, the obtained
route targets are wrong. For instance, the following can be
obtained:
=> show bgp vrf cust1 vni
BGP VRF: cust1
Local-Ip: 10.209.36.1
L3-VNI: 1000
Rmac: da:85:42:ba:2a:e9
VNI Filter: none
L2-VNI List:
Export-RTs:
RT:12757:1000
Import-RTs:
RT:12757:1000
RD: 65000:1000
whereas the derived route targets should be the below
ones:
=> show bgp vrf cust1 vni
BGP VRF: cust1
Local-Ip: 10.209.36.1
L3-VNI: 1000
Rmac: 72:f3:af:a0:98:80
VNI Filter: none
L2-VNI List:
Export-RTs:
RT:12757:268436456
Import-RTs:
RT:12757:268436456
RD: 65000:1000
There is an update handler that updates appropriately L2VNIs.
But this is not the case for L3VNIs. Add the missing code.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
Add the ability to configure the source address of rpki
connection. Proposed vty command is to add below parameter:
rpki cache <address> source <bindaddr> <port> preference <pref>
rpki cache <address> source <bindaddr> <port> <usernamessh> ...
This works for both tcp and ssh connections. In case the source
address is not available yet, the rpki retry interval will retry
in a defined amount of time.
Rtrlib library is the library in charge of the binding of the
tcp/ssh connection, and applies the getaddrinfo() and bind()
operations to the passed parameter bindaddr to the respective
tcp_config/ssh_config structures.
Signed-off-by: Philippe Guibert <philippe.guibert@6wind.com>
There were some tests where we were turning on mpls on
interface names that don't exist for certain `machines`
in the topology. Fix.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
As it stands there are cases where FRR is silently handling
error events and not giving any log output to say what is
going wrong. This should be fixed.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
The vrf socket code needs a interface/vrf name to be passed
in, in order for it to properly bind to the correct vrf.
In the case where bgp is using a view based instance
the bgp_get_bound_name should handle views better and
not return anything to be bound to.
Fixes#9519.
Signed-off-by: Igor Ryzhov <iryzhov@nfware.com>
When FRR added the -Z parameter the bgp daemon was setting
a vrf identifier based upon a number starting at 1. This
caused issues when we upgraded the code to the outgoing
sockets to use vrf_bind always.
FRR should never just randomly select a vrf identifier.
Let's just use VRF_DEFAULT when we are in a -Z environment.
It's a safe bet.
Fixes: #9519
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
