From 744d8394057aa7fa4e08168d3ef4ca48566d4ddb Mon Sep 17 00:00:00 2001 From: Christopher Dziomba Date: Wed, 20 Nov 2024 17:41:50 +0100 Subject: [PATCH 1/4] Detect if community based drop mechanism is used and act accordingly --- pkg/frr/configure.go | 14 ++++++++------ pkg/frr/manager.go | 12 ++++++++++-- pkg/frr/templates.go | 10 ++++++++++ pkg/frr/tpl/bgp-neighbor-v4.tpl | 2 +- pkg/frr/tpl/bgp-neighbor-v6.tpl | 2 +- pkg/frr/tpl/bgp-neighbor.tpl | 2 +- pkg/frr/tpl/prefix-list.tpl | 2 +- pkg/frr/tpl/route-map.tpl | 6 +++++- pkg/frr/tpl/vrf.tpl | 2 +- 9 files changed, 38 insertions(+), 14 deletions(-) diff --git a/pkg/frr/configure.go b/pkg/frr/configure.go index 7b0e175b..c2a39df4 100644 --- a/pkg/frr/configure.go +++ b/pkg/frr/configure.go @@ -69,6 +69,8 @@ func (m *Manager) Configure(in Configuration, nm *nl.Manager, nwopCfg *config.Co targetConfig = fixRouteTargetReload(targetConfig) targetConfig = applyCfgReplacements(targetConfig, nwopCfg.Replacements) + in.HasCommunityDrop = m.hasCommunityDrop + if !bytes.Equal(currentConfig, targetConfig) { err = os.WriteFile(m.ConfigPath, targetConfig, frrPermissions) if err != nil { @@ -99,27 +101,27 @@ func (m *Manager) renderSubtemplates(in Configuration, nlManager *nl.Manager) (* return nil, fmt.Errorf("error getting node's name") } - vrfs, err := render(vrfTpl, in.VRFs) + vrfs, err := render(vrfTpl, in) if err != nil { return nil, err } - neighbors, err := render(neighborTpl, in.VRFs) + neighbors, err := render(neighborTpl, in) if err != nil { return nil, err } - neighborsV4, err := render(neighborV4Tpl, in.VRFs) + neighborsV4, err := render(neighborV4Tpl, in) if err != nil { return nil, err } - neighborsV6, err := render(neighborV6Tpl, in.VRFs) + neighborsV6, err := render(neighborV6Tpl, in) if err != nil { return nil, err } - prefixlists, err := render(prefixListTpl, in.VRFs) + prefixlists, err := render(prefixListTpl, in) if err != nil { return nil, err } - routemaps, err := render(routeMapTpl, in.VRFs) + routemaps, err := render(routeMapTpl, in) if err != nil { return nil, err } diff --git a/pkg/frr/manager.go b/pkg/frr/manager.go index ffe31008..ad29f44b 100644 --- a/pkg/frr/manager.go +++ b/pkg/frr/manager.go @@ -26,6 +26,7 @@ type Manager struct { ipv4MgmtRouteMapIn *string ipv6MgmtRouteMapIn *string mgmtVrf string + hasCommunityDrop bool ConfigPath string TemplatePath string @@ -61,8 +62,9 @@ type VRFConfiguration struct { } type Configuration struct { - ASN int - VRFs []VRFConfiguration + ASN int + VRFs []VRFConfiguration + HasCommunityDrop bool } func NewFRRManager() *Manager { @@ -105,6 +107,12 @@ func (m *Manager) Init(mgmtVrf string) error { } m.ipv6MgmtRouteMapIn = routeMap + communityDrop, err := hasCommunityDrop(m.ConfigPath) + if err != nil { + return fmt.Errorf("error checking for community drop in FRR config: %w", err) + } + m.hasCommunityDrop = communityDrop + return nil } diff --git a/pkg/frr/templates.go b/pkg/frr/templates.go index c29dabde..7c5efa4a 100644 --- a/pkg/frr/templates.go +++ b/pkg/frr/templates.go @@ -6,6 +6,7 @@ import ( "fmt" "os" "regexp" + "strings" "text/template" ) @@ -103,6 +104,15 @@ func getRouteMapName(file, addressFamily, mgmtVrfName string) (*string, error) { return &matches[1], nil } +func hasCommunityDrop(file string) (bool, error) { + fileContent, err := os.ReadFile(file) + if err != nil { + return false, fmt.Errorf("error reading frr config file %s: %w", file, err) + } + content := string(fileContent) + return strings.Contains(content, "cm-received-fabric"), nil +} + func generateTemplateConfig(tplFile, original string) error { fileContent, err := os.ReadFile(original) if err != nil { diff --git a/pkg/frr/tpl/bgp-neighbor-v4.tpl b/pkg/frr/tpl/bgp-neighbor-v4.tpl index f44ec2fc..d7650b40 100644 --- a/pkg/frr/tpl/bgp-neighbor-v4.tpl +++ b/pkg/frr/tpl/bgp-neighbor-v4.tpl @@ -1,4 +1,4 @@ -{{range $vrf := .}} +{{range $vrf := .VRFs}} {{if and $vrf.ShouldTemplateVRF (not $vrf.IsTaaS)}} neighbor dv.{{$vrf.Name}} activate neighbor dv.{{$vrf.Name}} allowas-in origin diff --git a/pkg/frr/tpl/bgp-neighbor-v6.tpl b/pkg/frr/tpl/bgp-neighbor-v6.tpl index 824b7de6..ffafe2c9 100644 --- a/pkg/frr/tpl/bgp-neighbor-v6.tpl +++ b/pkg/frr/tpl/bgp-neighbor-v6.tpl @@ -1,4 +1,4 @@ -{{range $vrf := .}} +{{range $vrf := .VRFs}} {{if and $vrf.ShouldTemplateVRF (not $vrf.IsTaaS)}} neighbor dv.{{$vrf.Name}} activate neighbor dv.{{$vrf.Name}} allowas-in origin diff --git a/pkg/frr/tpl/bgp-neighbor.tpl b/pkg/frr/tpl/bgp-neighbor.tpl index d6bf58ab..21485c90 100644 --- a/pkg/frr/tpl/bgp-neighbor.tpl +++ b/pkg/frr/tpl/bgp-neighbor.tpl @@ -1,4 +1,4 @@ -{{range $vrf := .}} +{{range $vrf := .VRFs}} {{if and $vrf.ShouldTemplateVRF (not $vrf.IsTaaS)}} neighbor dv.{{$vrf.Name}} interface remote-as internal {{end}} diff --git a/pkg/frr/tpl/prefix-list.tpl b/pkg/frr/tpl/prefix-list.tpl index a232e4eb..3e481eda 100644 --- a/pkg/frr/tpl/prefix-list.tpl +++ b/pkg/frr/tpl/prefix-list.tpl @@ -1,4 +1,4 @@ -{{range $vrf := .}} +{{range $vrf := .VRFs}} {{if not $vrf.IsTaaS}} {{range $i, $pl := $vrf.Import}} {{range $item := $pl.Items}} diff --git a/pkg/frr/tpl/route-map.tpl b/pkg/frr/tpl/route-map.tpl index 11a42926..7ffec9b9 100644 --- a/pkg/frr/tpl/route-map.tpl +++ b/pkg/frr/tpl/route-map.tpl @@ -1,4 +1,4 @@ -{{range $vrf := .}} +{{range $vrf := .VRFs}} {{if not $vrf.IsTaaS}} {{range $i, $pl := $vrf.Import}} route-map rm_{{$vrf.Name}}_import {{if $vrf.ShouldTemplateVRF}}permit{{else}}deny{{end}} {{$pl.Seq}} @@ -10,7 +10,11 @@ exit {{- end}} route-map rm_{{$vrf.Name}}_export deny 1 +{{if .HasCommunityDrop}} + match community cm-received-fabric +{{else}} match tag 20000 +{{- end}} exit route-map rm6_{{$vrf.Name}}_export deny 1 diff --git a/pkg/frr/tpl/vrf.tpl b/pkg/frr/tpl/vrf.tpl index 2bbad902..6260a441 100644 --- a/pkg/frr/tpl/vrf.tpl +++ b/pkg/frr/tpl/vrf.tpl @@ -1,4 +1,4 @@ -{{range $vrf := .}} +{{range $vrf := .VRFs}} {{if and $vrf.ShouldTemplateVRF (not $vrf.IsTaaS)}} vrf vr.{{$vrf.Name}} vni {{$vrf.VNI}} From fd3c25a3441b629e2635302ddaf3c351c4f0a3b4 Mon Sep 17 00:00:00 2001 From: Marcel Fest Date: Wed, 20 Nov 2024 17:54:47 +0100 Subject: [PATCH 2/4] also do it for IPv6? ^^ --- pkg/frr/tpl/route-map.tpl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/frr/tpl/route-map.tpl b/pkg/frr/tpl/route-map.tpl index 7ffec9b9..a7b90263 100644 --- a/pkg/frr/tpl/route-map.tpl +++ b/pkg/frr/tpl/route-map.tpl @@ -18,7 +18,11 @@ route-map rm_{{$vrf.Name}}_export deny 1 exit route-map rm6_{{$vrf.Name}}_export deny 1 +{{if .HasCommunityDrop}} + match community cm-received-fabric +{{else}} match tag 20000 +{{- end}} exit {{range $i, $pl := $vrf.Export}} From 8fd0d2539bb3508cd4f811ac8619aa0932975ed8 Mon Sep 17 00:00:00 2001 From: Marcel Fest Date: Wed, 20 Nov 2024 19:16:58 +0100 Subject: [PATCH 3/4] use root ref instead of context ref --- pkg/frr/tpl/route-map.tpl | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/frr/tpl/route-map.tpl b/pkg/frr/tpl/route-map.tpl index a7b90263..3d7c72c8 100644 --- a/pkg/frr/tpl/route-map.tpl +++ b/pkg/frr/tpl/route-map.tpl @@ -1,3 +1,4 @@ +{{$root .= .}} {{range $vrf := .VRFs}} {{if not $vrf.IsTaaS}} {{range $i, $pl := $vrf.Import}} @@ -10,7 +11,7 @@ exit {{- end}} route-map rm_{{$vrf.Name}}_export deny 1 -{{if .HasCommunityDrop}} +{{if $.HasCommunityDrop}} match community cm-received-fabric {{else}} match tag 20000 @@ -18,7 +19,7 @@ route-map rm_{{$vrf.Name}}_export deny 1 exit route-map rm6_{{$vrf.Name}}_export deny 1 -{{if .HasCommunityDrop}} +{{if $.HasCommunityDrop}} match community cm-received-fabric {{else}} match tag 20000 From a2864e18f554bed04bb1891cdbf31c8d58daa617 Mon Sep 17 00:00:00 2001 From: Marcel Fest Date: Wed, 20 Nov 2024 22:34:25 +0100 Subject: [PATCH 4/4] too late --- pkg/frr/tpl/route-map.tpl | 1 - 1 file changed, 1 deletion(-) diff --git a/pkg/frr/tpl/route-map.tpl b/pkg/frr/tpl/route-map.tpl index 3d7c72c8..4d869761 100644 --- a/pkg/frr/tpl/route-map.tpl +++ b/pkg/frr/tpl/route-map.tpl @@ -1,4 +1,3 @@ -{{$root .= .}} {{range $vrf := .VRFs}} {{if not $vrf.IsTaaS}} {{range $i, $pl := $vrf.Import}}