bgpd: bmp: force 32-bit ASN encoding for BMP route monitoringBMP route-monitoring messages need a stable AS_PATH ASN encoding width:
the per-peer header's A flag (RFC 7854 4.2) tells the collector whether
AS_PATH ASNs are 2-byte or 4-byte. FRR's BMP code never sets the A flag
(only V and L are ever set in bgp_bmp.c), so every BMP message
advertises A=0 (4-byte AS_PATH format).
However, the AS_PATH bytes that bgp_packet_attribute() actually writes
to the...
bgpd: bmp: don't prepend local-AS to AS_PATH in BMP updatesBMP Route Monitoring messages for monitored routes carried an AS_PATH
with the local AS prepended, as if the route were being re-advertised
outbound. Observed with a peer in AS 40001 advertising 100.100.100.1/32
to a router in AS 40002:
"as_path":[40002,40001], "as_path_count":2, "peer_asn":40001
The collector expected AS_PATH=[40001] -- the value as received from
the peer -- but saw [400...
pimd: defer AutoRP default discovery until config is appliedDo not start AutoRP discovery from VRF enable. Apply default-on
discovery from northbound apply_finish callbacks on the auto-rp
container and pim address-family once configuration is committed,
and track when discovery-enabled is explicitly configured so
"no autorp discovery" is honored before any join is attempted.
Runtime VRFs created after initial config load still receive
default discovery...
docs: document AutoRP discovery purge and mapping agentDocument immediate removal of learned RPs when discovery is disabled
and add user guide coverage for autorp send-rp-discovery.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
pimd: join AutoRP multicast groups based on active roleJoin 224.0.1.40 only for discovery and 224.0.1.39 only for mapping
agents, instead of always joining both groups.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
tests: verify AutoRP RPs are purged when discovery is disabledAdd a topotest that learns an AutoRP RP, disables discovery, and
checks that only static RP entries remain in rp-info.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
pimd: purge learned AutoRP RPs when discovery is disabledRemove AutoRP-installed RPs immediately on `no autorp discovery`
instead of waiting for the discovery hold timer to expire.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
tests: harden bgp_conditional_advertisement_track_peer convergence waitsbgp_conditional_advertisement_track_peer.test_bgp_conditional_advertisement_track_peer
fails intermittently on loaded CI hosts (e.g. AddressSanitizer Debian 12 amd64):
AssertionError: R1 SHOULD receive 172.16.255.2/32 from R2
After enabling the R2-R3 session, R1 must learn 172.16.255.2/32 only once R2
receives the exist-map prefix 172.16.255.3/32 from R3 and the conditional
advertisement sc...
tests: PIM join prune test topologyNetwork topology with three routers simulating a big number of IGMP
joins to stress test the PIM join prune code path.
The router 3 sends 2000 IGMP joins to router 1, router 1 sends PIM join
prune to router 2.
The test checks if all the IGMP joins are learned by router 1 (and if
they successfully were sent to router 2) and then check if router 2
received all the PIM joins.
Signed-off-by: Raf...
pimd: refactor PIM join prune packet generationThe previous version of the code had three problems:
1. There was no upper limit on the amount of sources a group could have
and when that number was too high it would cause a buffer overflow
2. When the first group had too many sources an empty group would be
generated
3. When a group have too many sources there was no code to split them
into multiple packets
The refactor addr...
Merge pull request #22021 from opensourcerouting/fix/bgp_move_otc_attribute_to_extrabgpd: Move OTC and IPv6 extended community attributes to attr_extra
bgpd: Use stream_new_expandable() for BMP code to avoid overflowAlso, validate and drop packets later exceeding 65k.
Reported-by: Qifan Zhang, Palo Alto Networks
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
tests: fix flaky IGMP source checks in pim_boundary_acltest_pim_asm_igmp_join_acl intermittently failed at its opening check
with "expected has key 'r1-eth0' which is not present in output". The
test intent was correct (verify no IGMP source for the ASM/SSM group
before sending joins), but the assertion did not match how FRR reports
IGMP sources.
"show ip igmp sources json" only emits interface keys when that interface
has at least one source entr...
tests: fix multicast_pim_sm_topo2 TC_15/TC_7 mroute flakinessTC_15 was no-shutting the wrong interface after shut/no-shut of the
upstream links, leaving l1-r2-eth4 and f1-r2-eth3 down and breaking
(S,G) verification in the following test. Reset PIM state at TC_15
teardown and restart traffic in TC_7 after all receivers join.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
tests: add DM->SM transition coverage to pim_dense topotestAdd helpers and an end-to-end test that verifies an existing dense (S,G)
transitions to sparse mode when an RP is added for its group range.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
pimd: move dense (S,G) to sparse mode when an RP is addedRe-evaluate existing dense upstreams when RP mappings change, clear
stale DM OIF state before syncing the kernel MFC, and treat groups as
sparse once an RP is configured on sparse-dense interfaces.
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
tools: add show neigh to support bundle generationAdd show neighbor to support bundle generation
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
zebra: fix neighbor entries ns_idNeighbor entries may not be removed from zebra neighbor tables due to a
wrong ns_id when they were created.
ns_id = 0 in netlink_neigh_table() but is changed to 48 in
netlink_neigh_change().
> #0 dplane_ctx_set_ns_id (ctx=0x61900010a980, nsid=48) at zebra/zebra_dplane.c:1387
> #1 0x00005555557625f0 in netlink_ipneigh_change (h=0x62d000096400, len=48, ns_id=48) at zebra/rt_netlink.c:4556
> #...
bgpd: Move ipv6_community attribute from attr to attr_extraIt's not very common usage with IPv6 extended communities yet(?), only something
like extended link-bandwith is used or so, hence move it to extra, by saving
extra 8-bytes and one cacheline (because the last one was 4-bytes).
Signed-off-by: Donatas Abraitis <donatas@opensourcerouting.org>
ospfd: prevent stale LSA from corrupting local OSPF DB after rebootEnsure local LSA's have the highest sequence number and neighbors
are refreshed in the event a stale LSA is detected.
Current behavior assuming we have two ospf routers: R1 <–> R2
- R1 and R2 are ospf neighbors
- R1 has a summary route being advertised to R2
This summary route has some LSA sequence number that is higher than 1
At this point everything is working fine. But then:
- R1 reboo...
Revert "bgpd: Move attr->srte_color to attr->extra->srte_color"This reverts commit 036032c3b59da4ca389d9936e2a4034db4c07d1d.
SRTE color is fundamentally broken to be lived in attr at all...
It's just an extended community, and not a separate BGP attribute.
Let's revert this and move it later to bgp_path_info or somewhere else...
tests: verify SSM delivery to h3 with collect_receiver_sourcesAdd test_ssm_r1_to_h3_multicast_traffic: r1 sends (192.168.1.1,
230.0.0.100) on the shared LAN, r3's static join-group on eth0 pulls the
(S,G) to r3, and h3 receives on r3-eth1 after joining the same source on
h3-eth0. Assert per-source RX counts via mcast-tester --report-sources
JSON instead of only checking MFC state.
Extend McastTesterHelper.run_join() with an optional source= argument
for ...
tests: verify SSM mroute split horizon in multicast_ssm_topo1Add test_ssm_mroute_no_iif_oif_loop to ensure (192.168.1.1, 230.0.0.100)
does not install a kernel MFC that lists the incoming interface as an OIF
when the source and r3's join-group are both on the shared LAN (rX-eth0).
The test sends traffic from r1-eth0, waits for an installed mroute on r3,
then checks show ip mroute json on r1–r3 so outboundInterface never equals
iif. This guards against t...
pceplib: Validate lengths during object decodingSanity-check embedded object header lengths before continuing
to decode message objects.
Signed-off-by: Mark Stapp <mjs@cisco.com>
Reported-by: Luke Geier <seabreeze11971220@gmail.com>
lib: warn once when process fd limit is very largeEach event_master_create() logged the same fd limit warning (e.g. zebra
main plus dplane pthreads).
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
tests: Remove key-0 from acceptable on rt2The test is this: rt1 ---- rt2
Both rt1 and rt2 have a key 0 at first,
then the test removes key 0 and adds
key40 on rt1 and checks that the session
is down. Then on rt2 the code is adding
key40 but leaving key0. So rt2 continues
to transmit with key 0 and the session does
not come up. This is because there is no
test of the lifecycle part of key start/end
times. Modify the test to remove ...
*: Fix keychain acceptance of any keyIn bfd if you have this keychain configed on 2 routers, r1 and r2:
keychain a
key 0
cryptographic-algorithm hmac-sha-1
key-string mysecret123
end
And you have bfdd Configured to use keychain's between the two.
Then if you do this on rt1:
keychain a
no key 0
key 40
cryptographic-algoritm hmac-sha-1
key-string mysecret123
end
Notice that the key-string is the same for key 0 ...
tests: Use `show module` to get bgp's pidThe topotest is using `pidof bgpd` which is ok
when you run a test by itself, but when you
are running the topotests in parallel, this
is a bit of a problem. Fix.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
Donald Sharp
Kalash Nainwal
Rafael Zalamena
Louis Scalbert
Mark Stapp
Donald Sharp